210 likes | 445 Vues
Workshop on “Cyber Crime”. Wednesday, 18th June 2010 - Hotel Bristol, M.G. Road, Gurgaon Session IV- Incident Response and Reporting Cyber Crimes By Karnika Seth Managing Partner, SETH ASSOCIATES. Presentation plan. Incident Response and Reporting Cyber Crimes:
E N D
Workshop on “Cyber Crime” Wednesday, 18th June 2010 - Hotel Bristol, M.G. Road, Gurgaon Session IV- Incident Response and Reporting Cyber Crimes By Karnika Seth Managing Partner, SETH ASSOCIATES
Presentation plan • Incident Response and Reporting Cyber Crimes: • How to handle a cybercrime scenario • Importance of Corporate training in cyberlaws • How to report Cyber Crime • Legal recourse available in cybercrime cases • Role of forensic expert & cyberlawyer. • Steps that lead to effective prosecution & conviction
Incident Response – a precursor to Techniques of Cyber investigation & forensic tools • ‘Incident response’ could be defined as a precise set of actions to handle any security incident in a responsible ,meaningful and timely manner. • Goals of incident response- • To confirm whether an incident has occurred • To promote accumulation of accurate information • Educate senior management • Help in detection/prevention of such incidents in the future, • To provide rapid detection and containment • Minimize disruption to business and network operations • To facilitate for criminal action against perpetrators
Possible reliefs to a cybercrime victim- strategy adoption • A victim of cybercrime needs to immediately report the matter to his local police station and to the nearest cybercrime cell • Depending on the nature of crime there may be civil and criminal remedies. • In civil remedies , injunction and restraint orders , blocking of websites, may be sought, together with damages, delivery up of infringing matter and/or account for profits. • In criminal remedies, a cybercrime case will be registered by police if the offence is cognisable and if the same is non cognisable, a complaint should be filed with metropolitan magistrate • For certain offences, both civil and criminal remedies may be available to the victim
Before lodging a cybercrime case • Important parameters- • Gather ample evidence admissible in a court of law • Fulfill the criteria of the pecuniary ,territorial and subject matter jurisdiction of a court. • Determine jurisdiction – case may be filed where the offence is committed or where effect of the offence is felt ( S. 177 to 179, Crpc)
Preparation for prosecution • Collect all evidence available & saving snapshots of evidence • Seek a cyberlaw expert’s immediate assistance for advice on preparing for prosecution • Prepare a background history of facts chronologically as per facts • Pen down names and addresses of suspected accused. • Form a draft of complaint and remedies a victim seeks • Cyberlaw expert & police could assist in gathering further evidence e.g tracing the IP in case of e-mails, search & seizure or arrest as appropriate to the situation • A cyber forensic study of the hardware/equipment/ network server related to the cybercrime is generally essential
Defending an accused in a cybercrime • Preparation of chain of events table • Probing where evidence could be traced? E-mail inbox/files/folders/ web history • Has the accused used any erase evidence software/tools • Forensically screening the hardware/data/files /print outs / camera/mobile/pendrives of evidentiary value • Formatting may not be a solution • Apply for anticipatory bail • Challenge evidence produced by opposite party and look for loopholes • Filing of a cross complaint if appropriate
Amendments- Indian Evidence Act 1872 • Section 3 of the Evidence Act amended to take care of admissibility of ER as evidence along with the paper based records as part of the documents which can be produced before the court for inspection. • Section 4 of IT Act confers legal recognition to electronic records
Societe Des products Nestle SA case2006 (33 ) PTC 469 • By virtue of provision of Section 65A, the contents of electronic records may be proved in evidence by parties in accordance with provision of 65B. • Held- Sub section (1) of section 65B makes admissible as a document, paper print out of electronic records stored in optical or magnetic media produced by a computer subject to fulfillment of conditions specified in subsection 2 of Section 65B . • The computer from which the record is generated was regularly used to store or process information in respect of activity regularly carried on by person having lawful control over the period, and relates to the period over which the computer was regularly used. • Information was fed in the computer in the ordinary course of the activities of the person having lawful control over the computer. • The computer was operating properly, and if not, was not such as to affect the electronic record or its accuracy. • Information reproduced is such as is fed into computer in the ordinary course of activity. • State v Mohd Afzal,2003 (7) AD (Delhi)1
State v Navjot Sandhu (2005)11 SCC 600 • Held, while examining Section 65 B Evidence Act, it may be that certificate containing details of subsection 4 of Section 65 is not filed, but that does not mean that secondary evidence cannot be given. • Section 63 & 65 of the Indian Evidence Act enables secondary evidence of contents of a document to be adduced if original is of such a nature as not to be easily movable.
Presumptions in law- Section 85 B Indian Evidence Act • The law also presumes that in any proceedings, involving secure digital signature, the court shall presume, unless the contrary is proved, that the secure digital signature is affixed by the subscriber with the intention of signing or approving the electronic record • In any proceedings involving a secure electronic record, the court shall presume, unless contrary is proved, that the secure electronic record has not been altered since the specific point of time, to which the secure status relates
Live demo- sending fake e-mails and reading headers ,phising attacks • Use of www.fakemailer.net • Use of Who is • Dissecting header and body of an e-mail • message digest, • IP address • Return path • Sender’s address • Live demo phising- www.noodlebank.com, www.nood1ebank.com • www.whois.sc • www.readnotify.com
Internet headers - example • Return-Path: <jburden@indilaw.com> • Delivered-To: karnika@sethassociates.com • Received: (qmail 14805 invoked by uid 399); 14 Jun 2010 10:06:26 -0000 • X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on • cp.mysticaconsultancy.com • X-Spam-Level: ** • X-Spam-Status: No, score=2.2 required=5.0 tests=AWL,DEAR_SOMETHING, • HTML_MESSAGE,RDNS_NONE autolearn=disabled version=3.2.5 • X-Virus-Scan: Scanned by ClamAV 0.94.2 (no viruses); • Mon, 14 Jun 2010 15:36:27 +0530 • Received: from unknown (HELO nwt201.smartinfo.com.hk) (58.64.135.201) • by mail.mysticaconsultancy.com with ESMTP; 14 Jun 2010 10:06:26 -0000 • X-Originating-IP: 58.64.135.201 • Received-SPF: none (mail.mysticaconsultancy.com: domain at indilaw.com does not designate permitted sender hosts) • identity=mailfrom; client-ip=58.64.135.201; • envelope-from=<jburden@indilaw.com>; • Received: from [202.155.235.123] (helo=Jamesz17) • by nwt201.smartinfo.com.hk with esmtp (Exim 4.69) • (envelope-from <jburden@indilaw.com>) • id 1OO6fd-0007ti-HO • for karnika@sethassociates.com; Mon, 14 Jun 2010 18:13:33 +0800 • From: "James Burden" <jburden@indilaw.com> • To: "'Karnika Seth'" <karnika@sethassociates.com> • References: <019701cadbb6$790ebbe0$6b2c33a0$@com> <!&!AAAAAAAAAAAYAAAAAAAAAPOg2rbT7EZBvR1yEZiTNb3CgAAAEAAAAMwSmJZkO0ZEhmOq1ziIk4UBAAAAAA==@sethassociates.com> <047701cadc97$57b829e0$07287da0$@com> <!&!AAAAAAAAAAAYAAAAAAAAAPOg2rbT7EZBvR1yEZiTNb3CgAAAEAAAAACtRFRrSaVJgPc/B/JUFgMBAAAAAA==@sethassociates.com> • In-Reply-To: <!&!AAAAAAAAAAAYAAAAAAAAAPOg2rbT7EZBvR1yEZiTNb3CgAAAEAAAAACtRFRrSaVJgPc/B/JUFgMBAAAAAA==@sethassociates.com>
Subject: RE: A story of interest from India Business Law Journal • Date: Mon, 14 Jun 2010 18:18:18 +0800 • Message-ID: <009101cb0baa$ea0541b0$be0fc510$@com> • MIME-Version: 1.0 • Content-Type: multipart/alternative; • boundary="----=_NextPart_000_0092_01CB0BED.F82881B0" • X-Mailer: Microsoft Office Outlook 12.0 • Thread-Index: AcrbtlhfkWh1MrOJSyWK5i/aRRropAA1ZBKQAALOomAAAJ4NYAvEM6+w • Content-Language: en-us • X-AntiAbuse: This header was added to track abuse, please include it with any abuse report • X-AntiAbuse: Primary Hostname - nwt201.smartinfo.com.hk
SETH ASSOCIATES ADVOCATES AND LEGAL CONSULTANTS New Delhi Law Office: C-1/16, Daryaganj, New Delhi-110002, India Tel:+91 (11) 65352272, +91 9868119137 Corporate Law Office: B-10, Sector 40, NOIDA-201301, N.C.R ,India Tel: +91 (120) 4352846, +91 9810155766 Fax: +91 (120) 4331304 E-mail: mail@sethassociates.com Thank you!