73
1 GUJARAT POLICE MANOJ AGARWAL 1 July 20, 2015 Cyber Crimes

ppt04

Embed Size (px)

DESCRIPTION

t&d

Citation preview

  • **Cyber Crimes

  • The transformation Today, we should be aware of software destroying rockets and missiles!

    Two years ago, we were afraid of rockets destroying buildings and computer centres...*

  • *IT Act 2000Cyber CasesInvestigation & ForensicsIssues to ponder

  • IT Act 2000ObjectivesLegal Recognition for E-CommerceDigital Signatures and Regulatory RegimeElectronic Documents at par with paper documentsE-GovernanceElectronic Filing of DocumentsAmend certain ActsDefine Civil wrongs, Offences, punishmentsInvestigation, AdjudicationAppellate Regime

    *

  • *

  • **

  • Cognizabilityand BailabilityNot mentioned in the ActRely on Part II of Schedule I of CrPCIf punishable with death, imprisonment for life or imprisonment for more than 7 years: Cognizable, Non-Bailable, Court of SessionIf punishable with imprisonment for 3 years and upwards but not more than 7 years: Cognizable, Non-Bailable, Magistrate of First ClassIf punishable with imprisonment of less than 3 years: Non-Cognizable, Bailable, Any Magistrate (or Controller of CAs)**

  • Civil Wrongs under IT ActChapter IX of IT Act, Section 43Whoever without permission of owner of the computerSecures access (mere U/A access)Not necessarily through a networkDownloads, copies, extracts any dataIntroduces or causes to be introduced any viruses or contaminantDamages or causes to be damaged any computer resourceDestroy, alter, delete, add, modify or rearrangeChange the format of a fileDisrupts or causes disruption of any computer resourcePreventing normal continuance of

  • Denies or causes denial of access by any meansDenial of service attacksAssists any person to do any thing aboveRogue Websites, Search Engines, Insiders providing vulnerabilitiesCharges the services availed by a person to the account of another person by tampering or manipulating any computer resourceCredit card frauds, Internet time theftsLiable to pay damages not exceeding one crore to the affected partyInvestigation ofADJUDICATING OFFICERPowers of a civil court

  • Section 65: Source CodeMost important asset of software companiesComputer Source Code" means the listing of programmes, computer commands, design and layout

  • Section 65.. Contd.IngredientsKnowledge or intention Concealment, destruction, alterationcomputer source code required to be kept or maintained by lawPunishmentimprisonment fine up to Rs 2 lakhup to three years, and / orCognizable, Non Bailable, JMIC

  • Section 66: HackingIngredientsIntention or Knowledge to cause wrongful loss or damage to the public or any personDestruction, deletion, alteration, diminishing value or utility or injuriously affecting information residing in a computer resourcePunishmentimprisonment up to three years, and / or fine up to Rs 2 lakhCognizable, Non Bailable, JMFC**

  • Hacking (contd.)Covers crimes like Trojan, Virus, worm attacksLogic bombs and Salami attacksInternet time theftAnalysis of electromagnetic waves generated by computers**

  • ExamplesState versus Amit Pasari and Kapil JunejaDelhi PoliceM/s Softweb SolutionsWebsite www.go2nextjob.comhostedComplaint of hacking by web hosting serviceState versus Joseph JoseDelhi PoliceHoax Email-Planting of 6 bombs in Connaught placeState vesus Aneesh ChopraDelhi PoliceThree company websites hackedAccused: An ex-employeeState versus K R VijayakumarBangalore Cyber Crime Police Station, 2001Criminal intimidation of employers and crashing the companys serverPhoenix Global solutions***

  • Sec. 67. Pornography

    IngredientsPublishing or transmitting or causing to be published in the electronic form, Obscene materialPunishmentOn first conviction imprisonment of either description up to five years and fine up to Rs 1 lakhOn subsequent conviction imprisonment of either description up to ten years and fine up to Rs 2 lakhSection coversInternet Service Providers,Search engines, Pornographic websitesCognizable, Non-Bailable, JMIC/ Court of Sessions

  • Sec 69: Decryption of informationIngredientsController issues order to Government agency to intercept any information transmitted through any computer resource. Order is issued in the interest of thesovereignty or integrity of India, the security of the State, friendly relations with foreign States, public order or preventing incitement for commission of a cognizable offencePerson in charge of the computer resource fails to extend all facilities and technical assistance to decrypt the information.

  • Decryption of information (contd.)ApplicabilityEmail messages (If encrypted)Encrypted messagesSteganographic imagesPassword protected files (?)PunishmentImprisonment up to 7 yearsCognizable, Non-Bailable, JMIC

  • Sec 70 Protected SystemIngredientsSecuring unauthorised access or attempting to secure unauthorised accessto protected systemActs covered by this section:Switching computer on / off Using installed software / hardwareInstalling software / hardwarePort scanningPunishmentImprisonment up to 10 years and fineCognizable, Non-Bailable, Court of Sessions

  • BUT..All cyber crimes do not come under the Information Technology Act, 2000.Many cyber crimes come under the Indian Penal Code ***

  • Computer Related Crimes under IPC and Special Laws**

  • *GUJARAT POLICE

  • Frequency of incidentsSource: Survey conducted by ASCLDenial of Service:Section 43Virus: Section: 66, 43Data Alteration: Sec. 66U/A Access: Section 43Email Abuse: Sec. 67, 500, Other IPC SectionsData Theft: Sec 66, 65**

  • **No. of Indian web-sites defacedNot very serious-some one has just pasted a poster over my poster

  • **Number of Indian sites hackedSite of BARC-panic all around

  • 2001 CSI/FBI Computer Crime and Security SurveyOf the organizations suffering security compromises in the last year 95% had Firewalls and 61%had IDSs! 981009896Anti-virus software90929389Access Control%%%%SECURITY TECHNOLOGIES USED64626150Encrypted Files95789181Firewalls61504235Intrusion Detection Systems2001200019991998False sense of security We already have a Firewall**

  • COMPUTER CRIME STATISTICS**

  • WHY CRIMES WERE NOT REPORTED**

  • COMPUTERS CAN PLAY THREE ROLES IN A CRIMEWeapon/Target Storage Facility Tool**

  • CASE - I

    **

  • FAKE E-MAIL ID

    FAKE E-MAILS SMS MESSAGES THROUGH NET.**

  • **

  • CASE 2**

  • FAKE POLICE CONSTABLESCASE: A PERSON CAUGHT WITH FAKE MOTOR VEHICLE LICENCEPOLICE SEIZED TWO HARD DISKS

    **

  • **

  • **

  • **

  • CASE 3**

  • SPECIAL CELL, NEW DELHIDELHI POLICE ARRESTEDPRESS REPORTER CHANGED IN TO ISI AGENTSEIZED A LAPTOP AND WRIST WATCH**

  • CASE 4**

  • A VICTIM OF WORLD CUP?Ms. MANDIRA BEDI POOR KNOWLEDGE IN CRICKETA SHOW PIECECRICKET LOVERS ARE AGAINST FOR HER COMMENTRY , BUT LOVES HER ------PHOTO APPEARED IN SITE WWW,INDIANSEX4U.COM**

  • CASE 5**

  • NOT SAFE TO GIVE VISITING CARDIS IT SAFE TO GIVE VISITING CARD TO SOME BODY?

    DETAILS KEPT UNDER INDIATIMES.COM UNDER ROMANCE COLUMN:THE ACCUSED HER FORMER COLLEAGUE THE MISTAKE SHE HAS DONE GIVING VISITING CARD**

  • CASE 6**

  • FIR.NO 581/2001 PS KOTWALI SPECIAL CELLWASIM AHMED LILY@ WASIM ASRAF ARRESTED ON 12/10/01 ALONG WITH A TWO SUIT CASES CONTAING FAKE CURRENCYTO THE TUNE OF 18.3 LAKHS (1000, 500 DENOMINATIONS)POLICE SEIZED A COMPUTER, SCANNER, PRINTER FROM THE ACCUSED.

    **

  • CONTD.FORENSIC ANALYSIS REVEALED HOW THE COMPUTER WAS USED IN THE PRODUCTION OF COUNTERFEIT CURRENCYCURRENCY NOTES OF DENOMINATION OFNOT ONLY 500,1000 BUT ALSO RS 50, 100.FAKE POSTAL STAMPSTHE ADDRESSES OF THE AGENTS WHO ARE CIRCULATING

    **

  • CASE 7

    **

  • A CASE OF A PLASTIC COMPANYTHE DIRECTORATE OF CENTRAL EXCISE INTELLIGENCE PERSONS RAIDED A PLASTIC COMPANY OWNER RESIDENCE ON 10/11/2001 AND SEIZED AN AMOUNT OF RS.2 CRORE.PRODUCED 6000 CASH BILLS DATED PRIOR TO DATE OF RAID.THE BILLS WERE DATED TO APRIL- OCTOBER 2001

    **

  • CONTD.THE DGCEI OFFICILS SEIZED 12 COMPUTERS WITH THE HELP OF COMPUTER FORENSIC EXPERTSFORENSIC EXAMINATION OF COMPUTER SYSTEMS REVALEDEXCISE EVASION TO THE TUNE OF 26 CRORES FROM 2000 ONWARDS BACK MONEY DETAILSTHE BRIBES PAID TO THE EXCISE OFFICILS**

  • CASE 8**

  • FIR NO 76/02 PS PARLIAMENT STREET

    Mrs. SONIA GANDHI RECEIVED THREATING E-MAILSE- MAIL FROM [email protected]@hotmail.comTHE CASE WAS REFERRED ACCUSED PERSON LOST HIS PARENTS DURING 1984 RIOTS**

  • CASE - 9**

  • PARLIAMENT ATTACK CASE- Delhi police seized a laptop where they stored the incriminating material. ON FORENSIC ANALYSIS:ROLE OF Lo e TIP ADDRESSES OF PAKISTANTELEPHONE NUMBERSCODED MESSAGES

  • CASE-10**

  • KARNATAKA MEDICAL EXAM(K-CET) SCAMOCR BASED ANSWERED SHEET.MODIFIED THE computer (ANSWERS) PROGRAM AS PER THE STUDENT ANSWERS SHEET.MADE FAILED CANDIDATES SUCCESSFUL.---THE APINTERMEDIATE BOARD MARKS SCANDAL.**

  • President CLINTONS IMPEACHMENT TRIAL**

  • CLINTONS IMPEACHMENT TRIALForensic experts recovered deleted datafrom MonicaLewinskyshome computer as well as her computer at the pentagonComputer examinations of deleted White House e-mail records exposed the Clinton-MonicaLewinsky scandal**

  • INVESTIGATION The general approach to investigating the technical aspects of any computer related crime is:

    Eliminate the obvious.Hypothesize the attack.Collect evidence, including, possibly, the computer themselves.Reconstruct the crime.Perform a trace back to the source computer.Analyze the source, target, and intermediate computer.Turn your finding and evidentiary material over corporate investigators or law enforcement for follow-up.

    A good investigation need network forensic, hardware forensic and software forensic.

  • **Cyber Crimes ? Any crime that involves computers and networksIncludes crimes that do not rely heavily on computersAlibiHarassment Black mailExtortion FraudsMurder etc....

  • **What are we looking for ? Hardware as contraband or fruits of crime. Stolen computer system Hardware as in instrumentalityHardware designed exclusively to commit crime-sniffer Hardware as evidence.CD Writer to copy blue movies Pornography Information as contraband or fruits of crime. Pirated software Information as an instrumentality Hacking program Information as evidence. Key of investigation- we are searching this

  • **How to Proceed ? Pre-investigation intelligence.A must Visualize and access what you would encounter.Prepare accordingly.. Computer may be on / offBlank screen does not indicate a off computerIf computer is onNote what all is on the screenIf the screen saver is operational, move the mouse slightly..Map all the connections & mark the matching ends Find out whether it is connected to the network.Decide on the next course of action..

  • **StrategyIf you shut down the computer in the usual wayFall in a trapIf you pull out the chordLoose vital information on the RAMGood documentation of the Screen (photograph) will help resolve some of the discrepancies.Recommended strategy

  • *Seizing the computerComputers do not have unique identityIt will not help alsoContents have to be seized uniquely.

  • INVESTIGATION OF SEIZED MATERIAL In a 'simple' case of hacking it would be possible to trace out the IP address by the 'who is' query.

    The IP address may be found in the " page Source " head (Netscape)and "source" head in Internet Explorer Confirm identity of suspect by running the "who is' query".

    The "who isdetails generated may be genuine or that of a "compromised" machine. INTERNET CRIMEWEBSITE RELEATED CRIME

  • E-MAIL CRIMESThe header will give the IP address. Run "who is" to ascertain the details of the service provider, whose Mail service was used by the suspect.If by analyzing circumstances, it is felt that the "who is "result is genuine, the location of suspect can be traced with the help of ISP.In case of forged/bogus or disguised/number letter mix-up e-mail identities, the ISP can help in identifying, the suspect with the help of the E-mail header by analyzing its contents and "message ID "(see boxes for forged/bogus, disguised senders details).The ISP will be able to help in locating a suspect, because when a person dials up to connect with an ISP, he/she is logged on to one of the Servers of the ISP. This server assigns ( depending on the port of entry) a specific IP address to the user. This IP address temporarily becomes the IP address of the user for that specific session.

  • CARDINAL RULES OF COMPUTER FORENSICSNEVER TRUST THE SUBJECT OPERATING SYSTEM NEVER MISHANDLE EVIDENCENEVER WORK ON ORIGINAL EVIDENCEUSE PROPER SOFTWARE UTILITIESDOCUMENT EVERYTHING**

  • NEVER TRUST THE SUBJECT SYSTEMDONOT BOOT FROM SUSPECT SYSTEM DONOT USE SUSPECT OSCRIMANALS MAY MODIFY ROUTINE OPERATING SYSTEM COMMANDS TO PERFORM DESTRUCTIVE COMMANDS.DISCONNECT HARD DRIVE & BOOT FROM FLOPPY (THE BIOS MAY MODIFIED TO ALLOW BOOT FROM A FLOPPY**

  • STEPS TAKEN BY COMPUTER FORENSIC EXPERTPROTECT THE SUBJECT SYSTEM DURING EXAMINATION FROM ALTERATION, DAMAGE, DATA CORRUPTION OR VIRUS INTRODUCTIONDISCOVER & RECOVER ALL FILES (active & deleted)ACCESS THE CONTENTS OF PROTECTED OR ENCRYPTED FILESANALYZE ALL RELEVANT DATAPRINTOUT AN OVERALL ANALYSISPROVIDE TESTIMONY IN COURT OF LAW**

  • **Where do we find Evidence ?In The ComputerSuspectVictim The ServerSuspectVictim ISPsWho logged from where & when ?Computers visited Backbone Computers

  • **Issues to addressWe cannot be masters of all tradeLaw enforcement agenciesHandle cyber evidenceUse it to generate investigate trailsKnow when to call an expert for assistanceComputer expertHow to handle cyber evidenceGenerate investigative leadsCall enforcement agencies for assistanceAttorneysHow to defend cyber evidenceDetermine whether it is admissibleForensic ScientistsHow to process itFighting cyber crimes has to be a team effort involving

  • QUESTIONS**

  • THANK YOU **


Ppt04 (PS8), Thermodynamics energy changes (heat flows) Very global (“the universe”) Applies to all fields of science Led to creation of heat engines/refrigerators/air

Ppt04 (PS8), Thermodynamics energy changes (heat flows) Very global (“the universe”) Applies to all fields of science Led to creation of heat engines/refrigerators/air

Documents
4 M4 Inhale PPT04 Inhale_PPT04.pdfModule 4 Substance use, HIV and MARA A special focus: solvents, inhalants M4 /PPT04 Module 4 Why are we focusing on Non-injecting drugs and HIV? •

4 M4 Inhale PPT04 Inhale_PPT04.pdfModule 4 Substance use, HIV and MARA A special focus: solvents, inhalants M4 /PPT04 Module 4 Why are we focusing on Non-injecting drugs and HIV? •

Documents
Laudon Mis12 Ppt04 GE - ZZ

Laudon Mis12 Ppt04 GE - ZZ

Documents
Case study report prepared for UNAPCAEM by Mr. … Files/A0704/PPT04.pdfImpact of China’s Science and Technology System Reform on Rural Development and Poverty Reduction Case study

Case study report prepared for UNAPCAEM by Mr. … Files/A0704/PPT04.pdfImpact of China’s Science and Technology System Reform on Rural Development and Poverty Reduction Case study

Documents
PPT04.eANP FR.pptx [Read-Only] October 2013 Page 1 Plan régional de navigation aérienne virtuelle –Outil Web harmonisé Bureau de la navigation aérienne WKSP/ASBU/NAIROBI/2013-PPT/04

PPT04.eANP FR.pptx [Read-Only] October 2013 Page 1 Plan régional de navigation aérienne virtuelle –Outil Web harmonisé Bureau de la navigation aérienne WKSP/ASBU/NAIROBI/2013-PPT/04

Documents
Sumner Ppt04

Sumner Ppt04

Documents
Laudon mis12 ppt04

Laudon mis12 ppt04

Education
Robbins Fom9 Ppt04

Robbins Fom9 Ppt04

Documents
Robbins mgmt11 ppt04

Robbins mgmt11 ppt04

Business
Scarborough eesbm11e ppt04 Strategic Managementand the Entrepreneur

Scarborough eesbm11e ppt04 Strategic Managementand the Entrepreneur

Engineering
Chapter 4 Managing In A Global Environmen Ppt04

Chapter 4 Managing In A Global Environmen Ppt04

Business
Esbm8 Ppt04 Notes

Esbm8 Ppt04 Notes

Documents
Consumer and Firm Behavior: The Work-Leisure Decision …huihe/TEACHING/UHECON300/ppt04.pdf · Chapter 4 Consumer and Firm Behavior: The Work-Leisure Decision and Profit Maximization

Consumer and Firm Behavior: The Work-Leisure Decision …huihe/TEACHING/UHECON300/ppt04.pdf · Chapter 4 Consumer and Firm Behavior: The Work-Leisure Decision and Profit Maximization

Documents
Mishkin Ppt04

Mishkin Ppt04

Documents
THE USE OF VETIVER SYSTEM IN AFRICA Workshop PPT/KUW-PPT04.pdfThe Vetiver System or Vetiver Grass Hedge RowINTRODUCTION technique (VGHR) as it is often referred to, is based on the

THE USE OF VETIVER SYSTEM IN AFRICA Workshop PPT/KUW-PPT04.pdfThe Vetiver System or Vetiver Grass Hedge RowINTRODUCTION technique (VGHR) as it is often referred to, is based on the

Documents
Robbins9 ppt04

Robbins9 ppt04

Business
Management Robbins PPT04

Management Robbins PPT04

Documents
Hrm10 ppt04 (gary dessler - human resource management)

Hrm10 ppt04 (gary dessler - human resource management)

Business
Ae bc ppt04

Ae bc ppt04

Documents
Att_2_fpl2012 Wks Par Ppt04 Ifps Update

Att_2_fpl2012 Wks Par Ppt04 Ifps Update

Documents
ISO 9001 PPT04

ISO 9001 PPT04

Documents
Strauss emktg7 ppt04

Strauss emktg7 ppt04

Business
0131389033 ppt04

0131389033 ppt04

Education
IEM Bachelor Integration Project Semester II / 2015-2016 PPT01 · Febr-2016 IEM Bachelor Integration Project Semester II / 2015-2016 Polymeric surfactants 4 PPT04 Project Description

IEM Bachelor Integration Project Semester II / 2015-2016 PPT01 · Febr-2016 IEM Bachelor Integration Project Semester II / 2015-2016 Polymeric surfactants 4 PPT04 Project Description

Documents
Nahavandi Leadership6 Ppt04[1]

Nahavandi Leadership6 Ppt04[1]

Documents