1 / 47

Launching Investigation, prosecution and defending of a computer related crime Karnika Seth Cyberlaw & IP expert Man

New Age Cybercrime conference Novotel, Mumbai 29& 30th Oct 2009. Launching Investigation, prosecution and defending of a computer related crime Karnika Seth Cyberlaw & IP expert Managing Partner, Seth Associates Chairperson, Cyberlaws Consulting Centre . Introduction.

liam
Télécharger la présentation

Launching Investigation, prosecution and defending of a computer related crime Karnika Seth Cyberlaw & IP expert Man

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. New Age Cybercrime conference Novotel, Mumbai29& 30th Oct 2009 Launching Investigation, prosecution and defending of a computer related crime Karnika Seth Cyberlaw & IP expert Managing Partner,Seth Associates Chairperson, Cyberlaws Consulting Centre

  2. Introduction • Seth Associates is a leading full service Indian law firm that is internationally networked to provide spectrum of legal services to its domestic and international clients • Network of 2000 associate offices of Association of European lawyers (AEA alliance) as foreign associates • We maintain one of the strongest Cyberlaws practice in India today. With more than a decade's experience in Cyberlaws Practice, Seth Associates recently established the World's first integrated 'Cyberlaws Consulting Centre' at Seth Associates

  3. CCC- Cyberlaws Consulting Centre • CCC renders cyber legal consultancy, cyber law analytics and forensic services to its clients world wide. • Work experience of handling cybercrime matters with Delhi Police • Delivered training workshops to Delhi police on dealing with cybercrime investigation cases • Recently authored a book titled ‘Cyberlaws in the Information Technology age’ published by Lexis Nexis Butterworths that elucidates the key developments in the field of Cyberlaws across many important jurisdictions—India, United States and European nations

  4. ‘Cyberlaws in the Information Technology Age’ by Karnika Seth

  5. Presentation plan • The categories of cybercrimes • The techniques of cyber investigation and forensic tools • Analysis of the cybercrime & Indian legal position • The possible reliefs to a cybercrime victim and strategy adoption • The preparation for prosecution • Admissibility of digital evidence in courts • Defending an accused in a computer related crime

  6. Cyber Threats in 2009 and BeyondReport of Georgia Tech Information Security Center (GTISC)

  7. Vectors & trends for cyber threats

  8. Striking facts! • According to a report compiled by Panda Labs, in 2008, 10 million bot computers were used to distribute spam and malware across the Internet each day. • Annual take by theft-oriented cyber criminals is estimated to be as high as 100 billion dollars and 97 per cent of these offences go undetected,-CBI's Conference on International Police Cooperation against Cyber Crime, March 2009 .

  9. Source: Government Accountability Office (GAO), Department of Homeland Security's (DHS's) Role in Critical Infrastructure Protection (CIP) Cybersecurity, GAO-05-434 (Washington, D.C.: May, 2005).

  10. Glaring Examples – Data thefts • The incidents in the recent past involving Cyber Space have highlighted the issues of privacy and data protection in India • The Pune scam was the first among the many BPO frauds that made international headlines. In April 2005, five employees of MsourcE in Pune were arrested for allegedly pulling off a fraud worth nearly 2.5 crore rupees from the Citibank accounts of four New York-based account holders. • In June 2005, the British tabloid Sun, in a sting operation, purchased the bank account details of 1,000 Britons from Karan Bahree, an employee of Gurgaon-based BPO company Infinity E-Search.

  11. MMS scandals • In 2004 a DPS (Delhi Public School) student filmed a sexually explicit video clip of his classmate in a compromising position on his cell phone, forwarded the video via MMS to his friends. The clip was then put up on Bazee.com and widely circulated. • Case of the State of Tamil Nadu Vs Suhas Katti is notable for the fact that the conviction was achieved successfully within a relatively quick time of 7 months from the filing of the FIR . • The case related to posting of obscene, defamatory and annoying message about a divorcee woman in the yahoo message group. Additional Chief Metropolitan Magistrate, delivered the judgment on 5-11-04 as follows: • “The accused is found guilty of offences under section 469, 509 IPC and 67 of IT Act 2000 and the accused is convicted and is sentenced for the offence to undergo RI for 2 years under 469 IPC and to pay fine of Rs.500/- and for the offence u/s 509 IPC sentenced to undergo 1 year Simple imprisonment and to pay fine of Rs.500/- and for the offence u/s 67 of IT Act 2000 to undergo RI for 2 years and to pay fine of Rs.4000/- All sentences to run concurrently.” • This is considered the first case convicted under section 67 of Information Technology Act 2000 in India

  12. Incident Response – a precursor to Techniques of Cyber investigation & forensic tools • ‘Incident response’ could be defined as a precise set of actions to handle any security incident in a responsible ,meaningful and timely manner. • Goals of incident response- • To confirm whether an incident has occurred • To promote accumulation of accurate information • Educate senior management • Help in detection/prevention of such incidents in the future, • To provide rapid detection and containment • Minimize disruption to business and network operations • To facilitate for criminal action against perpetrators

  13. Six steps of Incident response • Detection of incidents Pre incident preparation Initial response Investigate the incident

  14. Techniques of cyber investigation- Cyber forensics • Computer forensics, also called cyber forensics, is the application of computer investigation and analysis techniques to gather evidence suitable for presentation in a court of law. • The goal of computer forensics is to perform a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a computer and who was responsible for it.

  15. 6 A’s of digital forensics

  16. The Digital Investigation Process:Source: Forensics Guru.

  17. Rules of evidence • Computer forensic components- • Identifying • Preserving • Analysing • Presenting evidence in a legally admissible manner Admissible chain of custody Relevant Complete Reliable

  18. FBI handbook of forensic investigation-techniques for computer forensics

  19. Sources of Evidence • Existing Files • Deleted Files • Logs • Special system files (registry etc.) • Email archives, printer spools • Administrative settings • Internet History • Chat archives • Misnamed Files • Encrypted Files / Password Protected files etc.

  20. Cyberforensics in accounting frauds • Use of CAAT –computer assisted audit techniques-spreadsheets, excel, MS access • Generalized audit software-PC based file interrogation software- IDEA,ACL • Help detect fictitious suppliers, duplicate payments, theft of inventory • Tender manipulation, secret commissions • False financial reporting • Expense account misuse • Insider trading

  21. Establishment and maintenance of ‘Chain of Custody • Tools required: • - Evidence notebook • - Tamper evident labels • - Permanent ink pen • - Camera • Document the following: • - Who reported the incident along with critical date and times • - Details leading up to formal investigation • - Names of all people conducting investigation • - Establish and maintain detailed ‘activity log’

  22. Maintaining Chain Of Custody • Take pictures of the evidence • - Document ‘crime scene’ details • Document identifiable markings on evidence • Catalog the system contents • Document serial numbers, model numbers, asset tags • “Bag” it! • Maintain Chain Of Custody on tamperproof • evidence bag • Take a picture!

  23. Classification of computer forensics • Disk based forensics • Network based forensics • Disk imaging and analysis- • Tool must have the ability to image every bit of data on storage medium, tool must not make any changes to the source medium. • Examples- DD-www.gnu.org • DCFLDD-www.prdownloads.sourceforge.net/biatchux • ODD-open data duplicator • ODESSA-creating a qualified duplicate image with Encase-www.odessa.sourceforge.net

  24. Recovering deleted data • Encase • FTK • Stelar Phoenix • PCI file recovery • Undelete • Recover4allGet data back • Fast file recovery • Active undelete

  25. E-mail forensics • E-mail composed of two parts- header and body • Examine headers • Request information from ISP • Trace the IP • Tools-Encase,FTK,Final email • Sawmill groupwise • Audimation for logging • Cracking the password- brute force attack, smart search, dictionary search, date search, customised search, guaranteed decryption, plaintext attack • Passware, ultimate zip cracker,office recovery enterprise,etc

  26. Live demo- sending fake e-mails and reading headers ,phising attacks • Use of www.fakemailer.net • Use of Who is • Dissecting header and body of an e-mail • message digest, • IP address • Return path • Sender’s address • Live demo phising- www.noodlebank.com, www.nood1ebank.com • www.whois.sc • www.readnotify.com

  27. The Information Technology Act,2000 and cybercrimes • The Information Technology Act 2000 came into force in India on 17 October 2000. It extends to whole of India and also applies to any offence or contraventions committed outside India by any person (s 1(2),IT Act 2000). • According to s 75 of the Act, the Act applies to any offence or contravention committed outside India by any person irrespective of his nationality, if such act involves a computer, computer system or network located in India.

  28. Cybercrime vs Cyber contravention • The IT Act prescribes provisions for contraventions in ch IX of the Act, particularly s 43 of the Act, which covers unauthorised access, downloading, introduction of virus, denial of access and Internet time theft committed by any person. It prescribes punishment by way of damages not exceeding Rs 1 crore to the affected party. • Chapter XI of the IT Act 2000 discusses the cyber crimes and offences inter alia, tampering with computer source documents (s 65), hacking (s 66), publishing of obscene information (s 67), unauthorised access to protected system (s 70), breach of confidentiality (s 72), publishing false digital signature certificate (s 73). • Whereas cyber contraventions are ‘civil wrongs’ for which compensation is payable by the defaulting party, ‘cyber offences’ constitute cyber frauds and crimes which are criminal wrongs for which punishment of imprisonment and/or fine is prescribed by the Information Technology Act 2000.

  29. Special and General statutes applicable to cybercrimes • While the IT Act 2000, provides for the specific offences it has to be read with the Indian Penal Code 1860 (IPC) and the Code of Criminal Procedure 1973 (Cr PC) IT Act is a special law, most IT experts are of common consensus that it does not cover or deal specifically with every kind of cyber crime • for instance, for defamatory emails reliance is placed on s 500 of IPC, for threatening e-mails, provisions of IPC applicable theretoare criminal intimidation (ch XXII), extortion (ch XVII), for e-mail spoofing, provisions of IPC relating to frauds, cheating by personation (ch XVII) and forgery (ch XVIII) are attracted. • Likewise, criminal breach of trust and fraud(ss 405, 406, 408, 409) of the IPC are applicable and for false electronic evidence, s 193 of IPC applies. • For cognisability and bailability, reliance is placed on Code of Criminal Procedure which also lays down the specific provisions relating to powers of police to investigate.

  30. Tampering of source code • According to s 65 of the IT Act- • a person who intentionally conceals or destroys or alters or intentionally or knowingly causes another to conceal, destroy or alter any computer source code used for a computer, computer program, computer system or network when the computer source code is required to be maintained by law is punishable with imprisonment upto 3 years or with fine that may extend upto 2 lakh rupees or with both.

  31. Hacking • Section 66 of the IT Act 2000 deals with the offence of computer hacking. • In simple words, hacking is accessing of a computer system without the express or implied permission of the owner of that computer system. • Examples of hacking may include unauthorised input or alteration of input, destruction or misappropriation of output, misuse of programs or alteration of computer data. • Punishment for hacking is imprisonment upto 3years or fine which may extend to 2 lakh rupees or both

  32. Publishing obscene information • Section 67 of the IT Act lays down punishment for the offence of publishing of obscene information in electronic form • Recently, the Supreme Court in Ajay Goswami v Union of India considered the issue of obscenity on Internet and held that restriction on freedom of speech on ground of curtailing obscenity amounts to reasonable restriction under art 19(2) of the Constitution. The court observed that the test of community mores and standards has become obsolete in the Internet age. • punishment on first conviction with imprisonment for a term which may extend to 5 years and with fine which may extend to 1 lakh rupees. In the event of second conviction or subsequent conviction imprisonment of description for a term which may extend to 10 years and fine which may extend to2 lakh rupees.

  33. New offences defined under IT Amendment Bill 2008 • Many cybercrimes for which no express provisions existed in the IT Act 2000 now stand included by the IT Amendment Bill 2008. • Sending of offensive or false messages (s 66A),receiving stolen computer resource (s 66C), identity theft (s 66C), (s 66D) cheating by personation, violation of privacy (s 66E). Barring the offence of cyber terrorism (s 66F ) punishment prescribed is generally upto three years and fine of one/two lakhs rupees has been prescribed and these offences are cognisable and bailable. This will not prove to play a deterrent factor for the cyber criminals. • Further, as per new s 84B,abetment to commit an offence is made punishable with the punishment provided for the offence under the Act and the new s 84C makes attempt to commit an offence also a punishable offence with imprisonment for a term which may extend to one-half of the longest term of imprisonment provided for that offence

  34. The IT Amendment Bill 2008 • In certain offences, such as hacking (s 66) punishment is enhanced from 3 years of imprisonment and fine of 2 lakhs to fine of 5 lakhs rupees. In s 67, for publishing of obscene information imprisonment term has been reduced from five years to three years (and five years for subsequent offence instead of earlier ten years) and fine has been increased from one lakh to five lakhs rupees (ten lakhs on subsequent conviction). • Section 67A adds an offence of publishing material containing sexually explicit conduct punishable with imprisonment for a term that may extend to 5 years with fine upto ten lakhs rupees.

  35. The IT Amendment Bill 2008 • Section 67B punishes offence of child pornography, child’s sexually explicit act or conduct with imprisonment on first conviction for a term upto 5 years and fine upto 10 lakhs rupees.

  36. Possible reliefs to a cybercrime victim- strategy adoption • A victim of cybercrime needs to immediately report the matter to his local police station and to the nearest cybercrime cell • Depending on the nature of crime there may be civil and criminal remedies. • In civil remedies , injunction and restraint orders may be sought, together with damages, delivery up of infringing matter and/or account for profits. • In criminal remedies, a cybercrime case will be registered by police if the offence is cognisable and if the same is non cognisable, a complaint should be filed with metropolitan magistrate • For certain offences, both civil and criminal remedies may be available to the victim

  37. Before lodging a cybercrime case • Important parameters- • Gather ample evidence admissible in a court of law • Fulfill the criteria of the pecuniary ,territorial and subject matter jurisdiction of a court. • Determine jurisdiction – case may be filed where the offence is committed or where effect of the offence is felt ( S. 177 to 179, Crpc)

  38. The criminal prosecution pyramid

  39. Preparation for prosecution • Collect all evidence available & saving snapshots of evidence • Seek a cyberlaw expert’s immediate assistance for advice on preparing for prosecution • Prepare a background history of facts chronologically as per facts • Pen down names and addresses of suspected accused. • Form a draft of complaint and remedies a victim seeks • Cyberlaw expert & police could assist in gathering further evidence e.g tracing the IP in case of e-mails, search & seizure or arrest as appropriate to the situation • A cyber forensic study of the hardware/equipment/ network server related to the cybercrime is generally essential

  40. Amendments- Indian Evidence Act 1872 • Section 3 of the Evidence Act amended to take care of admissibility of ER as evidence along with the paper based records as part of the documents which can be produced before the court for inspection. • Section 4 of IT Act confers legal recognition to electronic records

  41. Societe Des products Nestle SA case2006 (33 ) PTC 469 • By virtue of provision of Section 65A, the contents of electronic records may be proved in evidence by parties in accordance with provision of 65B. • Held- Sub section (1) of section 65B makes admissible as a document, paper print out of electronic records stored in optical or magnetic media produced by a computer subject to fulfillment of conditions specified in subsection 2 of Section 65B . • The computer from which the record is generated was regularly used to store or process information in respect of activity regularly carried on by person having lawful control over the period, and relates to the period over which the computer was regularly used. • Information was fed in the computer in the ordinary course of the activities of the person having lawful control over the computer. • The computer was operating properly, and if not, was not such as to affect the electronic record or its accuracy. • Information reproduced is such as is fed into computer in the ordinary course of activity. • State v Mohd Afzal,2003 (7) AD (Delhi)1

  42. State v Navjot Sandhu (2005)11 SCC 600 • Held, while examining Section 65 B Evidence Act, it may be that certificate containing details of subsection 4 of Section 65 is not filed, but that does not mean that secondary evidence cannot be given. • Section 63 & 65 of the Indian Evidence Act enables secondary evidence of contents of a document to be adduced if original is of such a nature as not to be easily movable.

  43. Presumptions in law- Section 85 B Indian Evidence Act • The law also presumes that in any proceedings, involving secure digital signature, the court shall presume, unless the contrary is proved, that the secure digital signature is affixed by the subscriber with the intention of signing or approving the electronic record • In any proceedings involving a secure electronic record, the court shall presume, unless contrary is proved, that the secure electronic record has not been altered since the specific point of time, to which the secure status relates

  44. Presumption as to electronic messages- Section 88A of Evidence Act • The court may treat electronic messages received as if they were sent by the originator, with the exception that a presumption is not to be made as to the person by whom such message was sent. • It must be proved that the message has been forwarded from the electronic mail server to the person ( addressee ) to whom such message purports to have been addressed • An electronic message is primary evidence of the fact that the same was delivered to the addressee on date and time indicated.

  45. IT Amendment Bill 2008-Section 79A • Section 79A empowers the Central govt to appoint any department, body or agency as examiner of electronic evidence for proving expert opinion on electronic form evidence before any court or authority. • Till now, government forensic lab of hyderabad was considered of evidentiary value in courts- CFSIL • Statutory status to an agency as per Section 79A will be of vital importance in criminal prosecution of cybercrime cases in India

  46. Defending an accused in a cybercrime • Preparation of chain of events table • Probing where evidence could be traced? E-mail inbox/files/folders/ web history • Has the accused used any erase evidence software/tools • Forensically screening the hardware/data/files /print outs / camera/mobile/pendrives of evidentiary value • Formatting may not be a solution • Apply for anticipatory bail • Challenge evidence produced by opposite party and look for loopholes • Filing of a cross complaint if appropriate

  47. SETH ASSOCIATES ADVOCATES AND LEGAL CONSULTANTS New Delhi Law Office: C-1/16, Daryaganj, New Delhi-110002, India Tel:+91 (11) 65352272, +91 9868119137 Corporate Law Office: B-10, Sector 40, NOIDA-201301, N.C.R ,India Tel: +91 (120) 4352846, +91 9810155766 Fax: +91 (120) 4331304 E-mail: mail@sethassociates.com Thank you!

More Related