Embed Size (px)
Citation preview
TOPIC : CYBER CRIME
PRESENTER : DR. SOREINGAM RAGUI
MODERATOR : PROF. H. NABACHANDRA
WHAT IS CYBER CRIME?Cyber crime refers to any crime that involves a computer/mobile and a network. The computer may have been used in the commission of a crime, or it may be the target.
INTRODUCTION
The internet in India is growing rapidly. It has given rise to new opportunities in every field we can think of – be it entertainment, business, sports or education.
There are two sides to a coin. Internet also has its own disadvantages. One of the major disadvantages is Cyber crime – illegal activity committed on the internet.
HISTORY OF CYBER CRIME In 1820, Joseph-Marie Jacquard, a textile manufacturer in France, produced the loom. This device allowed the repetition of a series of steps in the weaving of special fabrics.
This resulted in a fear amongst Jacquard's employees that their traditional employment and livelihood were being threatened.
They committed acts of sabotage to discourage Jacquard from further use of the new technology. This is the first recorded cyber crime.
INDIA STANDS 11TH IN THE RANKING FOR CYBER CRIME IN THE WORLD, CONSTITUTING 3% OF THE GLOBAL CYBER CRIME.
WHY INDIA ?A rapidly growing online user base
121 Million Internet Users
65 Million Active Internet Users, up by 28% from 51 million in 2010
50 Million users shop online on Ecommerce and Online Shopping Sites
46+ Million Social Network Users
346 million mobile users had subscribed to Data Packages. (Source: IAMAI; Juxt; we are social 2011)
Cost Of Cyber Crime In India (2010)29.9 million people fell victim to cybercrime,
$4 billion in direct financial losses,
$3.6 billion in time spent resolving the crime,
4 in 5 online adults (80%) have been a victim of Cybercrime,
17% of adults online have experienced cybercrime on their mobile phone.
Source: Norton Cybercrime Report 2011
The police have recorded 3,038 cases but made only 2,700 arrests in 3 years (between 2007 and 2010)
India registered only 1,350 cases under the IT Act and IPC in 2010
50% of cybercrimes are not even reported
A total number of 90, 119, 252 and 219 Government websites tracked by the Indian Computer Emergency Response Team (CERT-In) were hacked / defaced by various hacker groups in the year 2008, 2009, 2010 and Jan–Oct 2011 respectively
HOW IT DIFFERS FROM TERRESTRIAL CRIME? Easy to learn how to commit Require few resources relative
to the potential damage caused Can be committed in a
jurisdiction without being physically present in it
Are often not clearly illegal
TYPES
Cyber Crime refers to all activities done with criminal intent in cyberspace. These fall into three slots.
Cyberspace is the electronic medium of computer networks in which online communication takes place.
1. Those against persons.
2. Against Business and Non-business organizations.
3. Crime targeting the government.
Computer as a tool Computer as a target Computer as an
instrumentality Crime associated with
prevalence of computers
COMPUTER AS A TOOL
• When the individual is the main target of the crime the computer can be considered as a tool rather than target.
• These crimes are not done by technical experts.
• Eg: Spam, cyber stalking , cyber theft etc
COMPUTER AS A TARGET
• These crimes are committed by a selected group of people with technical knowledge.
• Destruction of information in the computer by spreading virus.
Eg : Defacement, cyber terrorism etc.
COMPUTER AS AN INSTRUMENTALITY
• The crime is committed by manipulating the contents of computer systems.
• With the advent of computer the criminal have started using the technology as an aid for its perpetuation.
Eg: Drug trafficking, money laundering etc
CRIME ASSOCIATED WITH PREVALENCE OF COMPUTERS
• Copyright violation
• Material copied from sources that are not public domain or compatibly licensed without the permission of copyright holder.
• Copyright violation causes legal issues.
CYBER CRIME VARIANTS
Hacking
"Hacking" is a crime, which entails cracking systems and gaining unauthorized access to the data stored in them.
Cyber Squatting
Cyber Squatting is the act of registering a famous Domain Name and then selling it for a fortune.
Phishing
Acquiring information such as usernames, password and credit card details by disguising as a trustworthy entity.
India is among the top 15 countries hosting "phishing" sites which aims at stealing confidential information such as passwords and credit card details.
Sale of illegal articles includes selling of narcotic drugs, weapons, wildlife etc to terrorists.
Email bombing refers to sending a large amount of e-mails to the victim resulting in crashing of victims e-mail account or mail servers.
Data diddling is a kind of an attack which involves altering of raw data just before it is processed by a computer and then changing it back after the processing is completed.
Intellectual Property Crimes includes software piracy, copyright infringement, trademarks violations etc.
Theft of information contained in electronic form-This includes information stored in computer hard disks, removable storage media etc.
Web defacement is usually the substitution of the original home page of a website with another page (usually pornographic or defamatory in nature) by a hacker.
Cyber Defamation occurs when defamation takes place with the help of computers and or the Internet e.g. e-mail containing defamatory information about that person.
What is defamation?
Defamation is the act of harming the reputation of person by making a false statement to another.
Cyber Stalking refers to the use of the Internet, e-mail, or other electronic communications devices to stalk another person.
Stalking generally involves harassing or threatening behaviour that an individual engages in repeatedly, such as following a person, appearing at a person's home or place of business, making harassing phone calls, leaving written messages or objects, or vandalizing a person's property.
Trojan Horse-A Trojan as this program is aptly called, is an unauthorized program which functions from inside what seems to be an authorized program, thereby concealing what it is actually doing.
Internet Time Theft -This connotes the usage by unauthorized persons of the Internet hours paid for by another person.
Web jacking -This occurs when someone forcefully takes control of a website (by cracking the password ). The actual owner of the website does not have any more control over what appears on that website.
Logic bombs are dependent programs. This implies that these programs are created to do something only when a certain event occurs, e.g. some viruses may be termed logic bombs because they lie dormant all through the year and become active only on a particular date.
E-Mail spoofing -A spoofed email is one that appears to originate from one source but actually has been sent from another source. This can also be termed as E-Mail forging
Salami attacks are used for the commission of financial crimes. The key here is to make the alteration so insignificant that in a single case it would go completely unnoticed e.g. A bank employee inserts a program into bank’s servers, that deducts a small amount from the account of every customer.
Click jacking is a form of cyber attack where the hacker uses an invisible layer over the embedded web content (this could be an image, video or button) to intercept and ‘hijack’ you to a mirror website and mine information from you.
Cyber terrorism is the premeditated use of disruptive activities, or the threat thereof, in cyber space, with the intention to further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives.
Eg: A simple propaganda in the Internet/SMS, that there will be bomb attacks during the holidays
Mobile pickpocketing (SMS/call fraud), or the ability to charge a phone bill via SMS billing and phone calls. Malware uses these mechanisms to steal directly from user accounts.
Keyloggers are regularly used in computers to log all the strokes a victim makes on the keyboard.
Eg: If a key logger is installed on a computer which is regularly used for online banking and other financial transactions then their passwords can be taken without the knowledge of the user
CYBER LAW
Cyber law is a generic term which refers to all the legal and regulatory aspects of Internet and the World Wide Web. Anything concerned with or related to or emanating from any legal aspects or issues concerning any activity of citizens in and concerning Cyberspace comes within the ambit of Cyber law.
Stored Communications Act which is passed in 1986 is focused on protecting the confidentiality, integrity and availability of electronic communications that are currently in some form of electronic storage
Digital Millennium Copyright Act which is passed in 1998 is a United States copyright law that criminalizes the production and dissemination of technology, devices
Electronic Communications Privacy Act of 1986 extends the government restrictions on wiretaps from telephones.
Internet Spyware Prevention Act (I-SPY) prohibits the implementation and use of spyware.
Gramm-Leach-Bliley Act (GLBA) requires financial institutions and credit agencies increase the security of systems that contain their customers’ personal information.
Identity Theft and Aggravated Identity Theft defines the conditions under which an individual has violated identity theft laws.
Under The Information
Technology Act, 2000CHAPTER XI – OFFENCES – 66. Hacking with
computer system.
Whoever with the Intent to cause or knowing
that he is likely to cause Wrongful Loss or
Damage to the public or any person Destroys or
Deletes or Alters any Information Residing in a
Computer Resource or diminishes its value or
utility or affects it injuriously by any means,
commits hack.
(2) Whoever commits hacking shall be punished with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both.
Information Technology Amendment Act, 2008
Section – 43,
Destroys, Deletes or Alters any Information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means;
Steals, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage;
“If any person, dishonestly, or fraudulently, does any act referred to in section 43, he shall be punishable with imprisonment for a term which may extend to two three years or with fine which may extend to five lakh rupees or with both.” [S.66]
S.66A - Punishment for sending offensive messages through communication service, etc
Any person who sends, by means of a computer resource or a communication device;
Any information that is grossly offensive or has menacing character; or
Any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, or ill will, persistently makes by making use of such computer resource or a communication device;
Any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages;
Shall be punishable with imprisonment for a term which may extend to three years and with fine.
S. 66C - Punishment for identity theft
“Whoever, fraudulently or dishonestly make use of the electronic signature, password or any other unique identification feature of any other person, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to rupees one lakh”
S. 66D - Punishment for cheating by personation by using computer resource
“Whoever, by means of any communication device or computer resource cheats by personation, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to one lakh rupees. “
S. 66E - Punishment for violation of privacy.
“Whoever, intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her consent, under circumstances violating the privacy of that person, shall be punished with imprisonment which may extend to three years or with fine not exceeding two lakh rupees, or with both”
S. 67 A - Punishment for publishing or transmitting of material containing sexually explicit act, etc. in electronic form
“Whoever publishes or transmits or causes to be published or transmitted in the electronic form any material which contains sexually explicit act or conduct shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to ten lakh rupees”
S. 67 C - Preservation and Retention of information by intermediaries.
“(1) Intermediary shall preserve and retain such information as may be specified for such duration and in such manner and format as the Central Government may prescribe.
(2) Any intermediary who intentionally or knowingly contravenes the provisions of sub section (1) shall be punished with an imprisonment for a term which may extend to three years and shall also be liable to fine.”
ARRESTS & REPORTS UNDER IT ACTUnder the IT Act, 966 cybercrime cases were filed in 2010
420 in 2009)
Geographic breakdown of cases reported:
153 from Karnataka,
148 from Kerala
142 from Maharashtra
105 Andhra Pradesh
52 Rajasthan
52 Punjab
233 persons were arrested in 2010
33% of the cases registered were related to hacking
Source: National Crime Records Bureau
ARRESTS & REPORTS UNDER IPCUnder the IPC,
356 cybercrime cases were registered in 2010 (276 cases in 2009)
Geographic breakdown of cases reported --
104 from Maharashtra
66 Andhra Pradesh
46 Chhattisgarh
The majority of these crimes were either forgery or fraud cases.
Source: National Crime Records Bureau
SAFETY TIPS TO AVOID CYBERCRIME• Use anti-virus software and firewalls - keep
them up to date
• Keep your operating system up to date with critical security updates and patches
• Don't open emails or attachments from unknown sources
• Use hard-to-guess passwords. Don’t use words found in a dictionary. Remember that password cracking tools exist
• Back-up your computer data on disks or CDs often
• Don't share access to your computers with strangers
• If you have a Wi-Fi network, password protect it
• Disconnect from the Internet when not in use
• Re evaluate your security on a regular basis
• Make sure your employees and family members know this info too!
FORENSICSThe use of science and technology to investigate and establish facts in criminal or civil courts of law.
Goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the information.
HISTORYMichael Anderson
“Father of computer forensics”
special agent with IRS
Meeting in 1988 (Portland, Oregon)
creation of IACIS, the International Association of Computer Investigative Specialists
the first Seized Computer Evidence Recovery Specialists (SCERS) classes held
WHY? The main task or the advantage from the computer
forensic is to catch the culprit or the criminal who is involved in the crime related to the computers.
Computer forensics has emerged as important part in the disaster recovery management
Ability to search through a massive amount of data-Quickly, Thoroughly and In any language
The importance lies mainly in handling criminal actions such as fraud, phishing, identity theft or many other criminal activities
WHAT CYBER FORENSICS AIMS AT?
Identify root cause of an event to ensure it won’t happen again
– Must understand the problem before you can be sure it won’t be exploited again.
• Who was responsible for the event?
Most computer crime cases are not prosecuted
– Consider acceptability in court of law as our standard for investigative practice.
– Ultimate goal is to conduct investigation in a manner that will stand up to legal scrutiny.
– Treat every case like a court case!
STEPS FOR COMPUTER FORENSICS
•Acquisition
• Identification
•Evaluation
•Presentation
DISADVANTAGESIt may happen in some cases that the privacy of the client is compromised.
There are also the chances of introduction of some malicious programs in the computer system that may corrupt the data at a later stage of time.
It is also possible that the data is in dispute and neither of the disputing parties can use the data. Due to this reason the business operations may also be affected.
Producing electronic records & preserving them is extremely costly
Legal practitioners must have extensive computer knowledge and vice versa
EDWARD JOSEPH SNOWDEN (BORN JUNE 21, 1983) IS AN AMERICAN COMPUTER SPECIALIST AND FORMER CIA EMPLOYEE AND NSA CONTRACTOR WHO DISCLOSED CLASSIFIED DETAILS OF SEVERAL TOP SECRET UNITED STATES, ISRAELI, AND BRITISH GOVERNMENT MASS SURVEILLANCE PROGRAMS TO THE PRESS. HE IS LIVING IN RUSSIA UNDER TEMPORARY POLITICAL ASYLUM AND IS CONSIDERED A FUGITIVE FROM JUSTICE BY AMERICAN AUTHORITIES, WHO HAVE CHARGED HIM WITH ESPIONAGE AND THEFT OF GOVERNMENT PROPERTY.
A FINAL WORD
Treat your password like you treat your tooth brush. Never give to any one else to use, and change it every few months
THANK - YOU
