View
112
Download
2
Category
Tags:
Preview:
Citation preview
11
GUJARAT POLICE
MANOJ AGARWAL
IPS
1
April 7, 2023
Cyber Crimes
The transformation
GUJARAT POLICE
MANOJ AGARWAL
IPS
2
• Today, we should be aware of software destroying rockets and missiles!
• Two years ago, we were afraid of rockets destroying buildings and computer centres...
April 7, 2023
GUJARAT POLICE
MANOJ AGARWAL
IPS
3
April 7, 2023
IT Act 2000
Cyber Cases
Investigation & Forensics
Issues to ponder
IT Act 2000Objectives
• Legal Recognition for E-Commerce– Digital Signatures and Regulatory Regime– Electronic Documents at par with paper documents
• E-Governance– Electronic Filing of Documents
• Amend certain Acts• Define Civil wrongs, Offences, punishments
– Investigation, Adjudication– Appellate Regime
GUJARAT POLICE
MANOJ AGARWAL
IPS
4
April 7, 2023
Wrongs
Moral Wrongs
Feeling of guilt
Civil Wrongs
Aggrieved approaches the STATECompensation
Police has a very limited role to
play
Legal Wrongs
Crimes PunishmentFineOr both
Criminal Court
Police has a defined role
to play
GUJARAT POLICE
MANOJ AGARWAL
IPS
5
April 7, 2023
Crimes
Non-Cognizable Offences
Minor offencesAggrieved seeks redressal
Cognizable Offences
Serious onesResponsibility of the STATE to to get the offender punished
April 7, 2023
6
Police has a very limited role to
play
GUJARAT POLICE
MANOJ AGARWAL
IPS
6
Cognizability and Bailability
• Not mentioned in the Act– Rely on Part II of Schedule I of CrPC
• If punishable with death, imprisonment for life or imprisonment for more than 7 years: Cognizable, Non-Bailable, Court of Session
• If punishable with imprisonment for 3 years and upwards but not more than 7 years: Cognizable, Non -Bailable, Magistrate of First Class
• If punishable with imprisonment of less than 3 years: Non-Cognizable, Bailable, Any Magistrate (or Controller of CAs)
April 7, 2023
7
GUJARAT POLICE
MANOJ AGARWAL
IPS
7
Civil Wrongs under IT Act
• Chapter IX of IT Act, Section 43• Whoever without permission of owner of the computer
– Secures access (mere U/A access)• Not necessarily through a network
– Downloads, copies, extracts any data– Introduces or causes to be introduced any viruses or contaminant– Damages or causes to be damaged any computer resource
• Destroy, alter, delete, add, modify or rearrange• Change the format of a file
– Disrupts or causes disruption of any computer resource• Preventing normal continuance of
GUJARAT POLICE
MANOJ AGARWAL
IPS
8
– Denies or causes denial of access by any means• Denial of service attacks
– Assists any person to do any thing above• Rogue Websites, Search Engines, Insiders providing
vulnerabilities
– Charges the services availed by a person to the account of another person by tampering or manipulating any computer resource
• Credit card frauds, Internet time thefts
• Liable to pay damages not exceeding one crore to the affected party
• Investigation of– ADJUDICATING OFFICER– Powers of a civil court
GUJARAT POLICE
MANOJ AGARWAL
IPS
9
Section 65: Source Code
• Most important asset of software companies
• “Computer Source Code" means the listing of programmes, computer commands, design and layout
GUJARAT POLICE
MANOJ AGARWAL
IPS
10
Section 65.. Contd.
• Ingredients– Knowledge or intention – Concealment, destruction, alteration– computer source code required to be kept or maintained
by law• Punishment
– imprisonment fine up to Rs 2 lakh– up to three years, and / or
• Cognizable, Non Bailable, JMIC
GUJARAT POLICE
MANOJ AGARWAL
IPS
11
Section 66: Hacking
• Ingredients– Intention or Knowledge to cause wrongful loss
or damage to the public or any person– Destruction, deletion, alteration, diminishing
value or utility or injuriously affecting information residing in a computer resource
• Punishment– imprisonment up to three years, and / or – fine up to Rs 2 lakh
• Cognizable, Non Bailable, JMFC
April 7, 2023
12
GUJARAT POLICE
MANOJ AGARWAL
IPS
12
Hacking (contd.)
• Covers crimes like – Trojan, Virus, worm attacks
– Logic bombs and Salami attacks
– Internet time theft
– Analysis of electromagnetic waves generated by computers
13
GUJARAT POLICE
MANOJ AGARWAL
IPS
13
April 7, 2023
Examples• State versus Amit Pasari and Kapil Juneja• Delhi Police
– M/s Softweb Solutions– Website www.go2nextjob.com hosted– Complaint of hacking by web hosting service
• State versus Joseph Jose– Delhi Police
• Hoax Email - Planting of 6 bombs in Connaught place
• State vesus Aneesh Chopra– Delhi Police
• Three company websites hacked• Accused: An ex -employee
• State versus K R Vijayakumar– Bangalore Cyber Crime Police Station, 2001
• Criminal intimidation of employers and crashing the company’s server
• Phoenix Global solutions
–
April 7, 2023
1414
GUJARAT POLICE
MANOJ AGARWAL
IPS
14
Sec. 67. Pornography• Ingredients
– Publishing or transmitting or causing to be published – in the electronic form, – Obscene material
• Punishment– On first conviction
• imprisonment of either description up to five years and • fine up to Rs 1 lakh
– On subsequent conviction • imprisonment of either description up to ten years and • fine up to Rs 2 lakh
• Section covers– Internet Service Providers,– Search engines, – Pornographic websites
• Cognizable, Non-Bailable, JMIC/ Court of Sessions
Sec 69: Decryption of information• Ingredients
– Controller issues order to Government agency to intercept any information transmitted through any computer resource.
– Order is issued in the interest of the• sovereignty or integrity of India, • the security of the State, • friendly relations with foreign States, • public order or • preventing incitement for commission of a cognizable offence
– Person in charge of the computer resource fails to extend all facilities and technical assistance to decrypt the information.
GUJARAT POLICE
MANOJ AGARWAL
IPS
16
Decryption of information (contd.)
• Applicability– Email messages (If encrypted)
– Encrypted messages
– Steganographic images
– Password protected files (?)
• Punishment– Imprisonment up to 7 years
• Cognizable, Non-Bailable, JMIC
GUJARAT POLICE
MANOJ AGARWAL
IPS
17
Sec 70 Protected System• Ingredients
– Securing unauthorised access or attempting to secure unauthorised access
– to ‘protected system’
• Acts covered by this section:– Switching computer on / off – Using installed software / hardware– Installing software / hardware– Port scanning
• Punishment– Imprisonment up to 10 years and fine
• Cognizable, Non-Bailable, Court of Sessions
GUJARAT POLICE
MANOJ AGARWAL
IPS
18
BUT……..
• All cyber crimes do not come under the Information Technology Act, 2000.
• Many cyber crimes come under the Indian Penal Code
April 7, 2023
1919
GUJARAT POLICE
MANOJ AGARWAL
IPS
19
Arms ActOnline sale of Arms
Sec. 383 IPCWeb-Jacking
NDPS ActOnline sale of Drugs
Sec 463 IPCEmail spoofing
Sec 420 IPCBogus websites, cyber frauds
Sec 463 IPCForgery of electronic records
Sec 499 IPCSending defamatory messages by email
Sec 503 IPC Sending threatening messages by email
Computer Related Crimes under IPC and Special Laws
April 7, 2023
20
GUJARAT POLICE
MANOJ AGARWAL
IPS
20
COMPUTER CRIME STATISTICS
Average Computer Crime - $500K
Average Bank Robbery - $13K
80% of computer crime involves Internet
- Internet is in 70 countries
- over 25 million users
- 10%/month growth rate
April 7, 2023
GUJARAT POLICE
MANOJ AGARWAL
IPS
21
Frequency of incidents
Source: Survey conducted by ASCL
Denial of Service: Section 43
Virus: Section: 66, 43
Data Alteration: Sec. 66
U/A Access: Section 43
Email Abuse: Sec. 67, 500, Other IPC Sections
Data Theft: Sec 66, 65
2222
GUJARAT POLICE
MANOJ AGARWAL
IPS
22
23
April 7, 2023
23
GUJARAT POLICE
MANOJ AGARWAL
IPS
23
No. of Indian web-sites defaced
“Not very serious-some one has just pasted a poster over
my poster”
4411002
2219
7039
0
1000
2000
3000
4000
5000
6000
7000
8000
1998 1999 2000 2001
2424
GUJARAT POLICE
MANOJ AGARWAL
IPS
24
April 7, 2023
Number of Indian sites hacked
Site of BARC-panic all around
0
6
12
25
0
5
10
15
20
25
1998 1999 2000 2001
2001 CSI/FBI Computer Crime and Security Survey
Of the organizations suffering security compromises in the last year – 95% had Firewalls and 61%had IDSs!
981009896Anti-virus software
90929389Access Control
%%%%SECURITY TECHNOLOGIES USED
64626150Encrypted Files
95789181Firewalls
61504235Intrusion Detection Systems
2001200019991998
•False sense of security – “We already have a Firewall
April 7, 2023
25
GUJARAT POLICE
MANOJ AGARWAL
IPS
25
COMPUTER CRIME STATISTICS
2002 Computer Crime and Security Survey (CSI)
– 91% of respondents detected breaches of their computer security policy.
– 64% of respondents acknowledged financial losses due to the breaches.
– 35% of respondents quantified financial losses amounting to $377M (up 41% from $266M).
– 60% may not have sufficient instrumentation to detect breaches.
April 7, 2023
26
GUJARAT POLICE
MANOJ AGARWAL
IPS
26
WHY CRIMES WERE NOT REPORTED
56% of crimes NOT REPORTED– Embarrassment.
– loss of public confidence.
– False arrest concerns .
April 7, 2023
27
GUJARAT POLICE
MANOJ AGARWAL
IPS
27
COMPUTERS CAN PLAY THREE ROLES IN A CRIME
Weapon/Target • Storage Facility
• Tool
28
GUJARAT POLICE
MANOJ AGARWAL
IPS
28
April 7, 2023
CASE - ICASE - I
29
GUJARAT POLICE
MANOJ AGARWAL
IPS
29
April 7, 2023
FAKE E-MAIL IDFAKE E-MAIL ID
• FAKE E-MAILS
• SMS MESSAGES THROUGH NET.
30
GUJARAT POLICE
MANOJ AGARWAL
IPS
30
April 7, 2023
31
GUJARAT POLICE
MANOJ AGARWAL
IPS
31
April 7, 2023
CASE 2CASE 2
32
GUJARAT POLICE
MANOJ AGARWAL
IPS
32
April 7, 2023
FAKE POLICE CONSTABLESFAKE POLICE CONSTABLES
• CASE: – A PERSON CAUGHT WITH FAKE
MOTOR VEHICLE LICENCE– POLICE SEIZED TWO HARD DISKS
33
GUJARAT POLICE
MANOJ AGARWAL
IPS
33
April 7, 2023
34
GUJARAT POLICE
MANOJ AGARWAL
IPS
34
April 7, 2023
35
GUJARAT POLICE
MANOJ AGARWAL
IPS
35
April 7, 2023
36
GUJARAT POLICE
MANOJ AGARWAL
IPS
36
April 7, 2023
CASE 3CASE 3
37
GUJARAT POLICE
MANOJ AGARWAL
IPS
37
April 7, 2023
SPECIAL CELL, NEW DELHI SPECIAL CELL, NEW DELHI
• DELHI POLICE ARRESTED– PRESS REPORTER CHANGED IN TO ISI
AGENT– SEIZED A LAPTOP AND WRIST WATCH
38
GUJARAT POLICE
MANOJ AGARWAL
IPS
38
April 7, 2023
CASE 4CASE 4
39
GUJARAT POLICE
MANOJ AGARWAL
IPS
39
April 7, 2023
A VICTIM OF WORLD CUP?A VICTIM OF WORLD CUP?
• Ms. MANDIRA BEDI – POOR KNOWLEDGE IN CRICKET– A SHOW PIECE– CRICKET LOVERS ARE AGAINST FOR
HER COMMENTRY , BUT LOVES HER ------
• PHOTO APPEARED IN SITE WWW,INDIANSEX4U.COM
40
GUJARAT POLICE
MANOJ AGARWAL
IPS
40
April 7, 2023
CASE 5 CASE 5
41
GUJARAT POLICE
MANOJ AGARWAL
IPS
41
April 7, 2023
NOT SAFE TO GIVE VISITING CARD
NOT SAFE TO GIVE VISITING CARD
• IS IT SAFE TO GIVE VISITING CARD TO SOME BODY?
– DETAILS KEPT UNDER INDIATIMES.COM UNDER ROMANCE COLUMN:
• THE ACCUSED HER “FORMER COLLEAGUE “
• THE MISTAKE SHE HAS DONE GIVING VISITING CARD
42
GUJARAT POLICE
MANOJ AGARWAL
IPS
42
April 7, 2023
CASE 6CASE 6
43
GUJARAT POLICE
MANOJ AGARWAL
IPS
43
April 7, 2023
FIR.NO 581/2001 PS KOTWALI SPECIAL CELL
FIR.NO 581/2001 PS KOTWALI SPECIAL CELL
• WASIM AHMED LILY@ WASIM ASRAF ARRESTED ON 12/10/01 ALONG WITH A TWO SUIT CASES CONTAING FAKE CURRENCYTO THE TUNE OF 18.3 LAKHS (1000, 500 DENOMINATIONS)
• POLICE SEIZED A COMPUTER, SCANNER, PRINTER FROM THE ACCUSED.
44
GUJARAT POLICE
MANOJ AGARWAL
IPS
44
April 7, 2023
CONTD….CONTD….• FORENSIC ANALYSIS REVEALED
– HOW THE COMPUTER WAS USED IN THE PRODUCTION OF COUNTERFEIT CURRENCY
– CURRENCY NOTES OF DENOMINATION OFNOT ONLY 500,1000 BUT ALSO RS 50, 100.
• FAKE POSTAL STAMPS
• THE ADDRESSES OF THE AGENTS WHO ARE CIRCULATING
45
GUJARAT POLICE
MANOJ AGARWAL
IPS
45
April 7, 2023
CASE 7CASE 7
46
GUJARAT POLICE
MANOJ AGARWAL
IPS
46
April 7, 2023
A CASE OF A PLASTIC COMPANY
A CASE OF A PLASTIC COMPANY
• THE DIRECTORATE OF CENTRAL EXCISE INTELLIGENCE PERSONS RAIDED A PLASTIC COMPANY OWNER RESIDENCE ON 10/11/2001 AND SEIZED AN AMOUNT OF RS.2 CRORE.
• PRODUCED 6000 CASH BILLS DATED PRIOR TO DATE OF RAID.
• THE BILLS WERE DATED TO APRIL- OCTOBER 2001
47
GUJARAT POLICE
MANOJ AGARWAL
IPS
47
April 7, 2023
CONTD….CONTD….• THE DGCEI OFFICILS SEIZED 12
COMPUTERS WITH THE HELP OF COMPUTER FORENSIC EXPERTS
• FORENSIC EXAMINATION OF COMPUTER SYSTEMS REVALED– EXCISE EVASION TO THE TUNE OF 26
CRORES FROM 2000 ONWARDS – BACK MONEY DETAILS– THE BRIBES PAID TO THE EXCISE
OFFICILS
48
GUJARAT POLICE
MANOJ AGARWAL
IPS
48
April 7, 2023
CASE 8CASE 8
49
GUJARAT POLICE
MANOJ AGARWAL
IPS
49
April 7, 2023
FIR NO 76/02 PS PARLIAMENT STREET FIR NO 76/02 PS PARLIAMENT STREET
• Mrs. SONIA GANDHI RECEIVED THREATING E-MAILS
• E- MAIL FROM – missonrevenge84@khalsa.com– missionrevenge84@hotmail.com
• THE CASE WAS REFERRED
• ACCUSED PERSON LOST HIS PARENTS DURING 1984 RIOTS
50
GUJARAT POLICE
MANOJ AGARWAL
IPS
50
April 7, 2023
CASE - 9
April 7, 2023
51
GUJARAT POLICE
MANOJ AGARWAL
IPS
51
PARLIAMENT ATTACK CASE
• - Delhi police seized a laptop where they stored the incriminating material.
• ON FORENSIC ANALYSIS:– ROLE OF Lo e T– IP ADDRESSES OF PAKISTAN– TELEPHONE NUMBERS– CODED MESSAGES
GUJARAT POLICE
MANOJ AGARWAL
IPS
52
GUJARAT POLICE
MANOJ AGARWAL
IPS
53
GUJARAT POLICE
MANOJ AGARWAL
IPS
54
CASE-10
April 7, 2023
55
GUJARAT POLICE
MANOJ AGARWAL
IPS
55
KARNATAKA MEDICAL EXAM(K- CET) SCAM
OCR BASED ANSWERED SHEET.
MODIFIED THE computer (ANSWERS) PROGRAM AS PER THE STUDENT ANSWERS SHEET.
MADE FAILED CANDIDATES SUCCESSFUL.
--- THE AP INTERMEDIATE BOARD MARKS SCANDAL.
April 7, 2023
56
GUJARAT POLICE
MANOJ AGARWAL
IPS
56
President CLINTONS IMPEACHMENT TRIAL
April 7, 2023
57
GUJARAT POLICE
MANOJ AGARWAL
IPS
57
CLINTONS IMPEACHMENT TRIAL
– Forensic experts recovered deleted data from Monica Lewinsky’shome computer as well as “her” computer at the pentagon
– Computer examinations of deleted White House e-mail records exposed the Clinton-MonicaLewinsky scandal
April 7, 2023
58
GUJARAT POLICE
MANOJ AGARWAL
IPS
58
INVESTIGATION
The general approach to investigating the technical aspects of any computer related crime is:
• Eliminate the obvious.• Hypothesize the attack.• Collect evidence, including, possibly, the computer themselves.• Reconstruct the crime.• Perform a trace back to the source computer.• Analyze the source, target, and intermediate computer.• Turn your finding and evidentiary material over corporate
investigators or law enforcement for follow-up.
A good investigation need network forensic, hardware forensic and software forensic.
GUJARAT POLICE
MANOJ AGARWAL
IPS
59
April 7, 2023
60
GUJARAT POLICE
MANOJ AGARWAL
IPS
60
Cyber Crimes ?
Any crime that involves computers and networks
Includes crimes that do not rely heavily on computers
Alibi
Harassment
Black mail
Extortion
Frauds
Murder
etc....
April 7, 2023
61
GUJARAT POLICE
MANOJ AGARWAL
IPS
61
What are we looking for ? Hardware as contraband or fruits of crime.
Stolen computer system
Hardware as in instrumentality
Hardware designed exclusively to commit crime-sniffer
Hardware as evidence.
CD Writer to copy blue movies – Pornography
Information as contraband or fruits of crime.
Pirated software
Information as an instrumentality
Hacking program
Information as evidence.
Key of investigation- we are searching this
April 7, 2023
62
GUJARAT POLICE
MANOJ AGARWAL
IPS
62
How to Proceed ?
Pre-investigation intelligence.
A must
Visualize and access what you would encounter.
Prepare accordingly..
Computer may be on / off
Blank screen does not indicate a off computer
If computer is on
Note what all is on the screen
If the screen saver is operational, move the mouse slightly..
Map all the connections & mark the matching ends
Find out whether it is connected to the network.Decide on the next course of action..
April 7, 2023
63
GUJARAT POLICE
MANOJ AGARWAL
IPS
63
StrategyIf you shut down the computer in the usual way
Fall in a trap
If you pull out the chord
Loose vital information on the RAM
Good documentation of the Screen (photograph) will help resolve
some of the discrepancies.
Recommended strategy
Ensure that all drives are empty
Pullout the Chord from the computer (not from the electric
board as it may be connected to a UPS)
April 7, 2023
64
GUJARAT POLICE
MANOJ AGARWAL
IPS
64
Seizing the computerComputers do not have unique identity
It will not help also
Contents have to be seized uniquely.
Hashing
Only solution
Requirements are
Algorithm should run in an trusted environment
Suspect disk should be write-blocked
No time stamps should be altered
INVESTIGATION OF SEIZED MATERIAL
• In a 'simple' case of hacking it would be possible to trace out the IP address by the 'who is' query.
• The IP address may be found in the " page Source " head (Netscape)and "source" head in Internet Explorer
• Confirm identity of suspect by running the "who is' query".
• The "who is”details generated may be genuine or that of a "compromised" machine.
INTERNET CRIMEINTERNET CRIME WEBSITE RELEATED CRIMEWEBSITE RELEATED CRIME
GUJARAT POLICE
MANOJ AGARWAL
IPS
65
E-MAIL CRIMES
• The header will give the IP address. Run "who is" to ascertain the details of the service provider, whose Mail service was used by the suspect.
• If by analyzing circumstances, it is felt that the "who is "result is genuine, the location of suspect can be traced with the help of ISP.
• In case of forged/bogus or disguised/number letter mix-up e-mail identities, the ISP can help in identifying, the suspect with the help of the E-mail header by analyzing its contents and "message ID "(see boxes for forged/bogus, disguised senders details).
• The ISP will be able to help in locating a suspect, because when a person dials up to connect with an ISP, he/she is logged on to one of the Servers of the ISP. This server assigns ( depending on the port of entry) a specific IP address to the user. This IP address temporarily becomes the IP address of the user for that specific session.
GUJARAT POLICE
MANOJ AGARWAL
IPS
66
CARDINAL RULES OF COMPUTER FORENSICS NEVER TRUST THE SUBJECT
OPERATING SYSTEM
NEVER MISHANDLE EVIDENCE
NEVER WORK ON ORIGINAL EVIDENCE
USE PROPER SOFTWARE UTILITIES
DOCUMENT EVERYTHING
April 7, 2023
67
GUJARAT POLICE
MANOJ AGARWAL
IPS
67
NEVER TRUST THE SUBJECT SYSTEM
DONOT BOOT FROM SUSPECT SYSTEM
DONOT USE SUSPECT OS
CRIMANALS MAY MODIFY ROUTINE OPERATING SYSTEM COMMANDS TO PERFORM DESTRUCTIVE COMMANDS.
DISCONNECT HARD DRIVE & BOOT FROM FLOPPY (THE BIOS MAY MODIFIED TO ALLOW BOOT FROM A FLOPPY
April 7, 2023
68
GUJARAT POLICE
MANOJ AGARWAL
IPS
68
STEPS TAKEN BY COMPUTER FORENSIC
EXPERT PROTECT THE SUBJECT SYSTEM DURING
EXAMINATION FROM ALTERATION, DAMAGE, DATA CORRUPTION OR VIRUS INTRODUCTION
DISCOVER & RECOVER ALL FILES (active & deleted)
ACCESS THE CONTENTS OF PROTECTED OR ENCRYPTED FILES
ANALYZE ALL RELEVANT DATA
PRINTOUT AN OVERALL ANALYSIS
PROVIDE TESTIMONY IN COURT OF LAW
April 7, 2023
69
GUJARAT POLICE
MANOJ AGARWAL
IPS
69
April 7, 2023
70
GUJARAT POLICE
MANOJ AGARWAL
IPS
70
Where do we find Evidence ?
In
The Computer
Suspect
Victim
The Server
Suspect
Victim
ISP’s
Who logged from where & when ?
Computers visited
Backbone Computers
April 7, 2023
71
GUJARAT POLICE
MANOJ AGARWAL
IPS
71
Issues to addressWe cannot be masters of all trade
Law enforcement agencies
Handle cyber evidence
Use it to generate investigate trails
Know when to call an expert for assistanceComputer expert
How to handle cyber evidence
Generate investigative leads
Call enforcement agencies for assistance
Attorneys
How to defend cyber evidence
Determine whether it is admissible
Forensic Scientists
How to process it
Fighting cyber crimes has to be a team effort involving
QUESTIONSQUESTIONS
72
GUJARAT POLICE
MANOJ AGARWAL
IPS
72
April 7, 2023
THANK YOU
73
GUJARAT POLICE
MANOJ AGARWAL
IPS
73
April 7, 2023
Recommended