Embed Size (px)
DESCRIPTION
Presentation on Cyber Crime and Cyber Laws in India including case study for Credit card fraud and Hacking crimes
Citation preview
Cyber CrimeCyber Crime - -
Study Cases In World Wide Study Cases In World Wide
Prepared by : Maruti Nandan PandyaPrepared by : Maruti Nandan PandyaB.Tech 8B.Tech 8thth sem sem CS-A, 48 (09EARCS051)CS-A, 48 (09EARCS051)
IndexIndex
IntroductionIntroductionCyber CrimeCyber CrimeCyber Law Cyber Law Information Technology Act, 2000 Information Technology Act, 2000 Amendments in Information Technology ActAmendments in Information Technology ActCase Study : Credit Card FraudCase Study : Credit Card FraudCase Study : PhishingCase Study : PhishingConclusionConclusion
Computer Crime Computer Crime
Cyber crime encompasses any criminal act dealing with computers and networks (called hacking). Additionally, cyber crime also includes traditional crimes conducted through the internet. For example; hate crimes, telemarketing and Internet fraud, identity theft, and credit card account thefts are considered to be cyber crimes when the illegal activities are committed through the use of a computer on Internet.
Cyber Law Cyber Law Cyber Law is the law governing cyber space. Cyber space is a wide term and includes Cyber Law is the law governing cyber space. Cyber space is a wide term and includes computers, networks, software, data storage devices (such as hard disks, USB disks), the computers, networks, software, data storage devices (such as hard disks, USB disks), the Internet, websites, emails and even electronic devices such as cell phones, ATM machines Internet, websites, emails and even electronic devices such as cell phones, ATM machines etc.etc.
Law encompasses the rules of conduct: Law encompasses the rules of conduct: 1. that have been 1. that have been approved approved by the government, and by the government, and 2. which are in 2. which are in force force over a certain territory, andover a certain territory, and 3. which must be 3. which must be obeyed obeyed by all persons on that territory.by all persons on that territory.
Violation of these rules could lead to government action such as imprisonment or fine or an Violation of these rules could lead to government action such as imprisonment or fine or an order to pay compensation.order to pay compensation.
Cyber law encompasses laws relating to:Cyber law encompasses laws relating to: 1. Cyber Crimes1. Cyber Crimes 2. Electronic and Digital Signatures2. Electronic and Digital Signatures 3. Intellectual Property3. Intellectual Property 4. Data Protection and Privacy4. Data Protection and Privacy
Cyber Law (Cont.) Cyber Law (Cont.)
Violation of these rules could lead to government action Violation of these rules could lead to government action such as imprisonment or fine or an order to pay such as imprisonment or fine or an order to pay compensation.compensation.
Cyber law encompasses laws relating to:Cyber law encompasses laws relating to: 1. Cyber Crimes1. Cyber Crimes 2. Electronic and Digital Signatures2. Electronic and Digital Signatures 3. Intellectual Property3. Intellectual Property 4. Data Protection and Privacy4. Data Protection and Privacy
Jurisprudence of Indian Jurisprudence of Indian Cyber LawCyber Law
Cyber Law In IndiaCyber Law In India
• Primary source is Primary source is Information Technology Act, 2000 Information Technology Act, 2000 (IT (IT Act), which came into force on Oct 17Act), which came into force on Oct 17thth, 2000., 2000.• Purpose: To provide legal recognition to electric commerce and Purpose: To provide legal recognition to electric commerce and
to facilitate filing of electronic records. to facilitate filing of electronic records. • Provides Strict punishments (imprisonment up to 10yrs and Provides Strict punishments (imprisonment up to 10yrs and
compensation up to Rs 1 crore ).compensation up to Rs 1 crore ).
• Information Technology (Certifying Authorities) Rules, Information Technology (Certifying Authorities) Rules, 2000 also came into force that day.2000 also came into force that day.
• Prescribe the eligibility, appointment and working of Certifying Prescribe the eligibility, appointment and working of Certifying Authorities (CA).Authorities (CA).
Amendments in IT ActAmendments in IT Act
• Indian Penal Code Indian Penal Code penalizes forgery of electronic penalizes forgery of electronic records, cyber frauds, destroying electronic evidence records, cyber frauds, destroying electronic evidence etc.etc.
• Digital Evidence is to be collected and proven in court as Digital Evidence is to be collected and proven in court as per the provisions of the per the provisions of the Indian Evidence ActIndian Evidence Act..
• Order relating to blocking of websitesOrder relating to blocking of websites was passed on was passed on 27th February, 2003.27th February, 2003.
• Bankers’ Book Evidence ActBankers’ Book Evidence Act was introduced to attain was introduced to attain bank frauds.bank frauds.
• The Reserve Bank of India Act The Reserve Bank of India Act was also amended by the was also amended by the IT Act.IT Act.
Some Important study cases of Some Important study cases of cyber crime cyber crime
1. Credit Car Fraud1. Credit Car Fraud
• Credit card fraud is a wide-ranging term for theft and fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account.
• Credit card fraud is also an adjunct to identity theft.• The cost of card fraud in 2006 were 7 cents per 100 dollars worth of
transactions
The ScenariosThe Scenarios
The assistant manager (the complainant) with the fraud control unit of a large business process outsourcing (BPO) organization filed a complaint alleging that two of its employees had conspired with a credit card holder to manipulate the credit limit and as a result cheated the company of INR 0.72 million.
The BPO facility had about 350 employees. Their primary function was to issue the bank's credit cards as well as attend to customer and merchant queries. Each employee was assigned to a specific task and was only allowed to access the computer system for that specific task. The employees were not allowed to make any changes in the credit-card holder's account unless they received specific approvals.
InvestigationInvestigation
The investigating team visited the premises of the BPO and conducted detailed examination of various persons to understand the computer system used. They learnt that in certain situations the system allowed the user to increase the financial limits placed on a credit card. The system also allowed the user to change the customer's address, blocking and unblocking of the address, authorisations for cash transactions etc.
The team analysed the attendance register which showed that the accused was present at all the times when the fraudulent entries had been entered in the system. They also analysed the system logs that showed that the accuser's ID had been used to make the changes in the system.
The LawThe Law
• Section of Law: 66 of Information Technology Act 2000 & 120(B), 420,467, 468, 471 IPC.
• Depending upon the case, provisions of the Information Act and Prevention of Money Laundering Act will apply.
Current Status & ResultCurrent Status & Result
The BPO was informed of the security lapse in the software utilized. Armed with this evidence the investigating team arrested all the accused and recovered, on their confession, six mobile phones, costly imported wrist watches, Jewells, electronic items, leather accessories, credit cards, all worth INR 0. 3 million and cash INR 25000.
The investigating team informed the company of the security lapses in their software so that instances like this could be avoided in the future
2. Phishing2. Phishing
•With the tremendous increase in the use of online With the tremendous increase in the use of online banking, online share trading and ecommerce, there has banking, online share trading and ecommerce, there has been a corresponding growth in the incidents of phishing been a corresponding growth in the incidents of phishing being used to carryout financial frauds.being used to carryout financial frauds.•Phishing involves fraudulently acquiring sensitive Phishing involves fraudulently acquiring sensitive information (e.g. passwords, credit card details etc.) by information (e.g. passwords, credit card details etc.) by masquerading as a trusted entity.masquerading as a trusted entity.
The ScenariosThe Scenarios
The complainant approached the police stating that she had been receiving obscene and pornographic material at her e-mail address and mobile phone. She stated that this person appeared to know a lot about her and her family and believed that her e-mail account had been hacked.
InvestigationInvestigation
The investigating team using a different e-mail ID tried to chat with the accused using the complainant’s e-mail ID. Subsequently the investigating team was able to identify the ISP address of the computer system being used and it was tracked to an organization in Delhi.
The investigating team visited the company and through its server logs was able to identify the system from which the obscene material was sent. Using forensic disk imaging and analysis tools the e-mails were retrieved from the system. The residence of the accused was located and the hard disk of his personal computer was seized. On the basis of the evidence gathered the accused was arrested.
The LawThe Law
Sections 43 and 66 of Information Technology Act and Sections 43 and 66 of Information Technology Act and sections 419, 420 and 468 of Indian Penal Code.sections 419, 420 and 468 of Indian Penal Code.
Current Status & ResultCurrent Status & Result
The case has been finalized and is currently pending administrative approval.
ConclusionConclusion• Every minute, 232 computers are infected by malware. Every minute, 232 computers are infected by malware.
• The lightning speed at which cybercriminals develop attacks and The lightning speed at which cybercriminals develop attacks and new malware code is making it harder for global organizations to new malware code is making it harder for global organizations to manage fraud risk. One of the most important lines of defense is manage fraud risk. One of the most important lines of defense is intelligence and awareness of the potential risks.intelligence and awareness of the potential risks.
• As we move into 2012, the combined efforts by law enforcement As we move into 2012, the combined efforts by law enforcement and industry to improve information sharing and collaboration and industry to improve information sharing and collaboration along with the move towards intelligence-driven security will help along with the move towards intelligence-driven security will help drive response to cyber threats in near real-time and further drive response to cyber threats in near real-time and further narrow the window of opportunity for cybercriminals narrow the window of opportunity for cybercriminals
.
Thank youThank you
Presented by: Maruti Nandan PandyaPresented by: Maruti Nandan Pandya
.
