Upload
drishti-chhabra
View
220
Download
0
Embed Size (px)
Citation preview
8/3/2019 15681 Cyber Crime
1/73
1
Cyber Crimes
8/3/2019 15681 Cyber Crime
2/73
The transformation
Today, we shouldbe aware of
software
destroyingrockets and
missiles!
Two years ago,
we were afraid of
rockets
destroying
buildings andcomputer
centres...
8/3/2019 15681 Cyber Crime
3/73
April 28, 2012
IT Act 2000
Cyber Cases
Investigation & Forensics
8/3/2019 15681 Cyber Crime
4/73
IT Act 2000
Objectives Legal Recognition for E-Commerce
Digital Signatures and Regulatory Regime Electronic Documents at par with paper
documents E-Governance
Electronic Filing of Documents
Amend certain Acts
Define Civil wrongs, Offences,punishments Investigation, Adjudication Appellate Regime
April 28, 2012
8/3/2019 15681 Cyber Crime
5/73
Wrongs
Moral Wrongs
Feeling ofguilt
Civil Wrongs
Aggrievedapproachesthe STATE
Compensation
Police has a verylimited role to
play
Legal Wrongs
CrimesPunishmentFine
Or bothCriminal Court
Police has a
defined roleto play
8/3/2019 15681 Cyber Crime
6/73
Crimes
Non-Cognizable Offences
Minor offencesAggrieved seeksredressal
Cognizable Offences
Serious onesResponsibility of theSTATE to to get the
offender punished
April 28, 2012
6
Police has a verylimited role to
play
8/3/2019 15681 Cyber Crime
7/73
Cognizability and Bailability
Not mentioned in the Act
Rely on Part II of Schedule I of CrPC
If punishable with death, imprisonment for life or
imprisonment for more than 7 years: Cognizable,Non-Bailable, Court of Session
If punishable with imprisonment for 3 years andupwards but not more than 7 years: Cognizable, Non -Bailable, Magistrate of First Class
If punishable with imprisonment of less than 3 years:Non-Cognizable, Bailable, Any Magistrate (orController of CAs)
April 28, 2012
7
8/3/2019 15681 Cyber Crime
8/73
Civil Wrongs under IT
Act Chapter IX of IT Act, Section 43 Whoever without permission of owner of the
computer
Secures access (mere U/A access) Not necessarily through a network
Downloads, copies, extracts any data Introduces or causes to be introduced any viruses or
contaminant
Damages or causes to be damaged any computerresource Destroy, alter, delete, add, modify or rearrange
Change the format of a file
Disrupts or causes disruption of any computerresource Preventing normal continuance of
8/3/2019 15681 Cyber Crime
9/73
Denies or causes denial of access by anymeans Denial of service attacks
Assists any person to do any thing above Rogue Websites, Search Engines, Insiders
providing vulnerabilities
Charges the services availed by a person to
the account of another person by tamperingor manipulating any computer resource Credit card frauds, Internet time thefts
Liable to pay damages not exceedingone crore to the affected party
Investigation of ADJUDICATING OFFICER Powers of a civil court
8/3/2019 15681 Cyber Crime
10/73
Section 65: Source Code
Most important asset of softwarecompanies
Computer Source Code" means thelisting of programmes, computercommands, design and layout
8/3/2019 15681 Cyber Crime
11/73
Section 65.. Contd.
Ingredients Knowledge or intention Concealment, destruction, alteration
computer source code required to be kept ormaintained by law
Punishment imprisonment fine up to Rs 2 lakh up to three years, and / or
Cognizable, Non Bailable, JMIC
8/3/2019 15681 Cyber Crime
12/73
Section 66: Hacking
Ingredients Intention or Knowledge to cause wrongful loss
or damage to the public or any person
Destruction, deletion, alteration, diminishing
value or utility or injuriously affectinginformation residing in a computer resource
Punishment imprisonment up to three years, and / or
fine up to Rs 2 lakh Cognizable, Non Bailable, JMFC
April 28, 2012
12
8/3/2019 15681 Cyber Crime
13/73
Hacking (contd.)
Covers crimes like
Trojan, Virus, worm attacks
Logic bombs and Salami attacks Internet time theft
Analysis of electromagnetic waves generatedby computers
13
April 28, 2012
8/3/2019 15681 Cyber Crime
14/73
Examples State versus Amit Pasari and Kapil Juneja
Delhi Police M/s Softweb Solutions
Website www.go2nextjob.com hosted
Complaint of hacking by web hosting service
State versus Joseph Jose Delhi Police
Hoax Email - Planting of 6 bombs in Connaught place State vesus Aneesh Chopra
Delhi Police Three company websites hacked
Accused: An ex -employee
State versus K R Vijayakumar
Bangalore Cyber Crime Police Station, 2001 Criminal intimidation of employers and crashing the companys
server
Phoenix Global solutions
April 28, 2012
1414
8/3/2019 15681 Cyber Crime
15/73
Sec. 67. Pornography Ingredients
Publishing or transmitting or causing to be published in the electronic form, Obscene material
Punishment On first conviction
imprisonment of either description up to five yearsand
fine up to Rs 1 lakh On subsequent conviction
imprisonment of either description up to ten years
and fine up to Rs 2 lakh
Section covers Internet Service Providers,
Search engines, Pornographic websites
8/3/2019 15681 Cyber Crime
16/73
Sec 69: Decryption ofinformation Ingredients
Controller issues order to Governmentagency to intercept any informationtransmitted through any computer resource.
Order is issued in the interest of the sovereignty or integrity of India,
the security of the State,
friendly relations with foreign States,
public order or
preventing incitement for commission of acognizable offence
Person in charge of the computer resourcefails to extend all facilities and technical
assistance to decrypt the information.
8/3/2019 15681 Cyber Crime
17/73
Decryption of
information (contd.) Applicability
Email messages (If encrypted)
Encrypted messages
Steganographic images
Password protected files (?)
Punishment
Imprisonment up to 7 years Cognizable, Non-Bailable, JMIC
8/3/2019 15681 Cyber Crime
18/73
Sec 70 Protected System
Ingredients Securing unauthorised access or attempting
to secure unauthorised access to protected system
Acts covered by this section: Switching computer on / off Using installed software / hardware Installing software / hardware
Port scanning Punishment
Imprisonment up to 10 years and fine
Cognizable, Non-Bailable, Court of Sessions
8/3/2019 15681 Cyber Crime
19/73
BUT..
All cyber crimes do not come under the
Information Technology Act, 2000.
Many cyber crimes come under the IndianPenal Code
April 28, 2012
1919
8/3/2019 15681 Cyber Crime
20/73
Arms ActOnline sale of Arms
Sec. 383 IPCWeb-Jacking
NDPS ActOnline sale of Drugs
Sec 463 IPCEmail spoofing
Sec 420 IPCBogus websites, cyber frauds
Sec 463 IPCForgery of electronic records
Sec 499 IPCSending defamatory messages by email
Sec 503 IPCSending threatening messages by email
Computer Related Crimes under IPC
and Special Laws
April 28, 2012
20
8/3/2019 15681 Cyber Crime
21/73
COMPUTER CRIME
STATISTICSq Average Computer Crime - $500K
Average Bank Robbery - $13K
q 80% of computer crime involvesInternet
q - Internet is in 70 countries
- over 25 million users
- 10%/month growth rate
April 28, 2012
8/3/2019 15681 Cyber Crime
22/73
Frequency of incidents
Source: Survey conducted by ASCL
Denial of Service: Section43
Virus: Section: 66, 43
Data Alteration: Sec. 66
U/A Access: Section 43
Email Abuse: Sec. 67,500, Other IPC Sections
Data Theft: Sec 66, 65
2222
8/3/2019 15681 Cyber Crime
23/73
23
April 28, 2012
No. of Indian web-sites defaced
Not very serious-some one has just pasted a poster over
my poster
4411002
2219
7039
0
1000
2000
3000
4000
5000
6000
7000
8000
1998 1999 2000 2001
8/3/2019 15681 Cyber Crime
24/73
24
April 28, 2012
Number of Indian sites hacked
Site of BARC-panic all around
0
6
12
25
0
5
10
15
20
25
1998 1999 2000 2001
A il 28 2012
8/3/2019 15681 Cyber Crime
25/73
2001 CSI/FBI Computer Crime and Security Survey
Of the organizations suffering security compromises in the lastyear 95% had Firewalls and 61%had IDSs!
981009896Anti-virussoftware
90929389AccessControl
%%%%SECURITY TECHNOLOGIESUSED
64626150Encrypted Files
95789181Firewalls
61504235Intrusion Detection Systems
2001200019991998
False sense of security We already have a Firewall
April 28, 2012
25
8/3/2019 15681 Cyber Crime
26/73
8/3/2019 15681 Cyber Crime
27/73
April 28 2012
8/3/2019 15681 Cyber Crime
28/73
COMPUTERS CAN PLAY
THREE ROLES IN A CRIMEWeapon/Target Storage Facility
Tool
28
April 28, 2012
April 28 2012
8/3/2019 15681 Cyber Crime
29/73
CASE - ICASE - I
29
April 28, 2012
April 28 2012
8/3/2019 15681 Cyber Crime
30/73
FAKE E-MAIL IDFAKE E-MAIL ID
FAKE E-MAILS
SMS MESSAGES THROUGH NET.
30
April 28, 2012
April 28 2012
8/3/2019 15681 Cyber Crime
31/73
31
April 28, 2012
April 28 2012
8/3/2019 15681 Cyber Crime
32/73
CASE 2CASE 2
32
April 28, 2012
April 28 2012
8/3/2019 15681 Cyber Crime
33/73
FAKE POLICE CONSTABLESFAKE POLICE CONSTABLES
CASE: A PERSON CAUGHT WITH FAKE
MOTOR VEHICLE LICENCE
POLICE SEIZED TWO HARD DISKS
33
April 28, 2012
April 28 2012
8/3/2019 15681 Cyber Crime
34/73
34
April 28, 2012
April 28, 2012
8/3/2019 15681 Cyber Crime
35/73
35
April 28, 2012
April 28, 2012
8/3/2019 15681 Cyber Crime
36/73
36
April 28, 2012
April 28, 2012
8/3/2019 15681 Cyber Crime
37/73
CASE 3CASE 3
37
April 28, 2012
April 28, 2012
8/3/2019 15681 Cyber Crime
38/73
SPECIAL CELL, NEW DELHISPECIAL CELL, NEW DELHI
DELHI POLICE ARRESTED
PRESS REPORTER CHANGED IN TO ISIAGENT
SEIZED A LAPTOP AND WRIST WATCH
38
p ,
April 28, 2012
8/3/2019 15681 Cyber Crime
39/73
CASE 4CASE 4
39
p ,
April 28, 2012
8/3/2019 15681 Cyber Crime
40/73
A VICTIM OF WORLD CUP?A VICTIM OF WORLD CUP?
Ms. MANDIRA BEDI POOR KNOWLEDGE IN CRICKET
A SHOW PIECE
CRICKET LOVERS ARE AGAINST FORHER COMMENTRY , BUT LOVES HER------
PHOTO APPEARED IN SITEWWW,INDIANSEX4U.COM
40
p ,
April 28, 2012
8/3/2019 15681 Cyber Crime
41/73
CASE 5CASE 5
41
p
April 28, 2012
8/3/2019 15681 Cyber Crime
42/73
NOT SAFE TO GIVE VISITING
CARD
NOT SAFE TO GIVE VISITING
CARD IS IT SAFE TO GIVE VISITING CARDTO SOME BODY?
DETAILS KEPT UNDERINDIATIMES.COM UNDER ROMANCECOLUMN:
THE ACCUSED HER FORMERCOLLEAGUE
THE MISTAKE SHE HAS DONEGIVING VISITING CARD
42
April 28, 2012
8/3/2019 15681 Cyber Crime
43/73
CASE 6CASE 6
43
April 28, 2012
8/3/2019 15681 Cyber Crime
44/73
FIR.NO 581/2001 PS
KOTWALI SPECIAL CELL
FIR.NO 581/2001 PS
KOTWALI SPECIAL CELL
WASIM AHMED LILY@WASIM ASRAFARRESTED ON 12/10/01ALONG WITH A TWOSUIT CASES CONTAINGFAKE CURRENCYTO THETUNE OF 18.3 LAKHS(1000, 500DENOMINATIONS)
POLICE SEIZED ACOMPUTER, SCANNER,PRINTER FROM THE
ACCUSED.
44
April 28, 2012
8/3/2019 15681 Cyber Crime
45/73
CONTD.CONTD.
FORENSIC ANALYSIS REVEALED HOW THE COMPUTER WAS USED IN
THE PRODUCTION OF COUNTERFEITCURRENCY
CURRENCY NOTES OFDENOMINATION OFNOT ONLY500,1000 BUT ALSO RS 50, 100.
FAKE POSTAL STAMPS
THE ADDRESSES OF THE AGENTSWHO ARE CIRCULATING
45
April 28, 2012
8/3/2019 15681 Cyber Crime
46/73
CASE 7CASE 7
46
April 28, 2012
8/3/2019 15681 Cyber Crime
47/73
A CASE OF A PLASTIC
COMPANY
A CASE OF A PLASTIC
COMPANY THE DIRECTORATE OF CENTRAL
EXCISE INTELLIGENCE PERSONSRAIDED A PLASTIC COMPANYOWNER RESIDENCE ON 10/11/2001
AND SEIZED AN AMOUNT OF RS.2CRORE.
PRODUCED 6000 CASH BILLS DATED
PRIOR TO DATE OF RAID. THE BILLS WERE DATED TO APRIL-
OCTOBER 2001
47
April 28, 2012
8/3/2019 15681 Cyber Crime
48/73
CONTD.CONTD.
THE DGCEI OFFICILS SEIZED 12COMPUTERS WITH THE HELP OFCOMPUTER FORENSIC EXPERTS
FORENSIC EXAMINATION OFCOMPUTER SYSTEMS REVALED EXCISE EVASION TO THE TUNE OF 26
CRORES FROM 2000 ONWARDS
BACK MONEY DETAILS THE BRIBES PAID TO THE EXCISE
OFFICILS
48
8/3/2019 15681 Cyber Crime
49/73
April 28, 2012
8/3/2019 15681 Cyber Crime
50/73
FIR NO 76/02 PS
PARLIAMENT STREET
FIR NO 76/02 PS
PARLIAMENT STREET Mrs. SONIA GANDHI RECEIVEDTHREATING E-MAILS
E- MAIL FROM
[email protected] [email protected]
THE CASE WAS REFERRED
ACCUSED PERSON LOST HISPARENTS DURING 1984 RIOTS
50
April 28, 2012
8/3/2019 15681 Cyber Crime
51/73
CASE - 9
51
8/3/2019 15681 Cyber Crime
52/73
PARLIAMENT ATTACK CASE
- Delhi police seized a laptop where theystored the incriminating material.
ON FORENSIC ANALYSIS: ROLE OF Lo e T IP ADDRESSES OF PAKISTAN TELEPHONE NUMBERS CODED MESSAGES
8/3/2019 15681 Cyber Crime
53/73
8/3/2019 15681 Cyber Crime
54/73
April 28, 2012
8/3/2019 15681 Cyber Crime
55/73
CASE-10
55
April 28, 2012
8/3/2019 15681 Cyber Crime
56/73
KARNATAKA MEDICAL
EXAM(K- CET) SCAM- OCR BASED ANSWERED SHEET.
- MODIFIED THE computer
(ANSWERS) PROGRAM AS PERTHE STUDENT ANSWERS SHEET.
- MADE FAILED CANDIDATES
SUCCESSFUL.- --- THE AP INTERMEDIATE BOARD
MARKS SCANDAL.
56
April 28, 2012
8/3/2019 15681 Cyber Crime
57/73
President CLINTONS
IMPEACHMENT TRIAL
57
April 28, 2012
8/3/2019 15681 Cyber Crime
58/73
CLINTONS IMPEACHMENT
TRIAL
Forensic experts recovered deleteddata from Monica Lewinskyshomecomputer as well as her computer atthe pentagon
Computer examinations of deleted
White House e- mail records exposedthe Clinton-Monica Lewinsky scandal
58
8/3/2019 15681 Cyber Crime
59/73
April 28, 2012
8/3/2019 15681 Cyber Crime
60/73
60
Cyber Crimes ?
Any crime that involves computers and networks
Includes crimes that do not rely heavily on computers
Alibi
Harassment
Black mail
Extortion
Frauds
Murder
etc....
April 28, 2012
8/3/2019 15681 Cyber Crime
61/73
61
What are we looking for ?
Hardware as contraband or fruits of crime.
Stolen computer system
Hardware as in instrumentality
Hardware designed exclusively to commit crime-sniffer
Hardware as evidence.
CD Writer to copy blue movies PornographyInformation as contraband or fruits of crime.
Pirated software
Information as an instrumentality
Hacking program
Information as evidence.
Key of investigation- we are searching this
April 28, 2012
H t P d ?
8/3/2019 15681 Cyber Crime
62/73
62
How to Proceed ?
Pre-investigation intelligence.
A must
Visualize and access what you would encounter.
Prepare accordingly..
Computer may be on / off
Blank screen does not indicate a off computer
If computer is on
Note what all is on the screen
If the screen saver is operational, move the mouse slightly..
Map all the connections & mark the matching ends
Find out whether it is connected to the network.
Decide on the next course of action..
April 28, 2012
8/3/2019 15681 Cyber Crime
63/73
63
StrategyIf you shut down the computer in the usual way
Fall in a trap
If you pull out the chord
Loose vital information on the RAM
Good documentation of the Screen (photograph) will help resolve
some of the discrepancies.
Recommended strategy
Ensure that all drives are emptyPullout the Chord from the computer (not from the electric
board as it may be connected to a UPS)
April 28, 2012
8/3/2019 15681 Cyber Crime
64/73
Seizing the computerComputers do not have unique identity
It will not help also
Contents have to be seized uniquely.
Hashing
Only solution
Requirements are
Algorithm should run in an trusted environmentSuspect disk should be write-blocked
No time stamps should be altered
INVESTIGATION OF SEIZED
8/3/2019 15681 Cyber Crime
65/73
MATERIAL
In a 'simple' case ofhacking it would be
possible to trace out theIP address by the 'whois' query.
The IP address may befound in the " pageSource " head(Netscape)and "source"head in Internet Explorer
Confirm identity ofsuspect by running the"who is' query".
The "who isdetailsgenerated may begenuine or that of a"compromised" machine.
INTERNET CRIMEINTERNET CRIME WEBSITE RELEATED CRIMEWEBSITE RELEATED CRIME
E-MAIL CRIMES
8/3/2019 15681 Cyber Crime
66/73
E MAIL CRIMES
The header will give the IP address. Run "who is"
to ascertain the details of the service provider,whose Mail service was used by the suspect.
If by analyzing circumstances, it is felt that the"who is "result is genuine, the location of suspectcan be traced with the help of ISP.
In case of forged/bogus or disguised/numberletter mix-up e-mail identities, the ISP can help inidentifying, the suspect with the help of the E-mail header by analyzing its contents and"message ID "(see boxes for forged/bogus,
disguised senders details). The ISP will be able to help in locating a suspect,
because when a person dials up to connect withan ISP, he/she is logged on to one of the Serversof the ISP. This server assigns ( depending on the
port of entry) a specific IP address to the user.This IP address tem oraril becomes the IP
April 28, 2012
8/3/2019 15681 Cyber Crime
67/73
CARDINAL RULES OF
COMPUTER FORENSICS- NEVER TRUST THE SUBJECT
OPERATING SYSTEM
- NEVER MISHANDLE EVIDENCE- NEVER WORK ON ORIGINAL
EVIDENCE
- USE PROPER SOFTWAREUTILITIES
- DOCUMENT EVERYTHING
67
April 28, 2012
8/3/2019 15681 Cyber Crime
68/73
NEVER TRUST THE
SUBJECT SYSTEM- DONOT BOOT FROM SUSPECT
SYSTEM
-
DONOT USE SUSPECT OS
- CRIMANALS MAY MODIFY ROUTINEOPERATING SYSTEM COMMANDS TOPERFORM DESTRUCTIVE COMMANDS.
- DISCONNECT HARD DRIVE & BOOTFROM FLOPPY (THE BIOS MAYMODIFIED TO ALLOW BOOT FROM AFLOPPY
68
STEPS TAKEN BYApril 28, 2012
8/3/2019 15681 Cyber Crime
69/73
STEPS TAKEN BYCOMPUTER FORENSIC
EXPERT- PROTECT THE SUBJECT SYSTEM DURING
EXAMINATION FROM ALTERATION,DAMAGE, DATA CORRUPTION OR VIRUS
INTRODUCTION- DISCOVER & RECOVER ALL FILES (active &
deleted)
- ACCESS THE CONTENTS OF PROTECTED OR
ENCRYPTED FILES- ANALYZE ALL RELEVANT DATA
- PRINTOUT AN OVERALL ANALYSIS
- PROVIDE TESTIMONY IN COURT OF LAW
69
April 28, 2012
Wh d fi d E id ?
8/3/2019 15681 Cyber Crime
70/73
70
Where do we find Evidence ?
In
The ComputerSuspect
Victim
The Server
Suspect
Victim
ISPs
Who logged from where & when ?
Computers visited
Backbone Computers
April 28, 2012
I t dd
8/3/2019 15681 Cyber Crime
71/73
71
Issues to address
We cannot be masters of all trade
Law enforcement agencies
Handle cyber evidence
Use it to generate investigate trails
Know when to call an expert for assistance
Computer expertHow to handle cyber evidence
Generate investigative leads
Call enforcement agencies for assistance
AttorneysHow to defend cyber evidence
Determine whether it is admissible
Forensic Scientists
How to process it
Fighting cyber crimes has to be a team effort involving
April 28, 2012
8/3/2019 15681 Cyber Crime
72/73
QUESTIONSQUESTIONS
72
8/3/2019 15681 Cyber Crime
73/73