Handwritten Text Recognition for manuscripts and early printed texts
My presentation isv conference 7th jan 2011
1. Victims of Cybercrimes
( Presented in the 3rd International ISV
Conference 6-8th January 2011
Dr. Tabrez Ahmad
Professor of Law
www.technolexindia.com
Dr. Tabrez Ahmad
technolexindia.blogspot.com
1
3. Agenda
1. Background of Cybercrimes
2. The categories of cybercrimes
3. Combating Cybercrimes
4. Phishing
5. Liability of ISPs and Govt.
6. The prosecution in cybercrimes
7. Admissibility of digital evidence in courts
8. Possible defense by an accused in a
computer related crime
9. Criminological theories and cybercrimes
10. Cyberforensics
11. The possible reliefs to a cybercrime
victim and strategy adoption
3 12. Tabrez Ahmad
Dr. Future course of action
4. Digital Revolution Internet Infra in INDIA
Internet
INDIA Internet
Infrastructure:2008.5 1Mil. Domains
(0.5 Mil. “.in”)
Bharti
BSNL NIC
130+ IDCs 134 Major Mail Servers
ISPs
ERNET
Reliance
TATA
Communications
4.8 Mil. High DNS
Speed Internet
Enterprise
IT /
65 Mil. Internet Govt. ITES
Users BPO
Home
248 Mil. Mobile Academia
Phones
8 Mil. Mobile Phones being added
per month `
Tele Density 24 per 1000 person
Targetted Broadband connection = 10 Mil. VOIP, IPTV
4
(2010) Dr. Tabrez Ahmad 4
5. Background of Cybercrime
Real-world & Virtual-
world
Current approaches evolved to deal
with real-world crime
Cybercrime occurs in a virtual-world
and therefore presents different issues
5 Dr. Tabrez Ahmad
6. Background of Cybercrime Cont…
Real-world theft:
Possession of property shifts completely
from A to B, i.e., A had it now B has it
Theft in Virtual-world (Cyber-theft):
Property is copied, so A “has” it and so does B
6 Dr. Tabrez Ahmad
7. Background of Cybercrime Cont…
Internet for Security USA ARPANET
Internet for Research
Internet for e-commerce UNCITRAL Model Law
1996
I.T Act 2000
Internet for e-governance
Internet regulation – serious matter after 9/11 attack
on World Trade Centre
US Patriot Act
I.T Amendment Act 2008
7 Dr. Tabrez Ahmad
8. Categories of Cyber crimes
Crime against
Government
Crime against property
Crime against persons
Dr. Tabrez Ahmad 8
9. Categories of Cybercrimes
Cyber Stealing Contents Breach of Cyberte Flowing
trespass Cyberlibel
from Websites Privacy rrorism Pornograph
Trespass y
to person Trespass to
Property Cookies, webcrawl Online Magic
Viruses ing survellianc LanternTec
Identit e hnique
y Theft Cybersquating
Phising
Software Piracy
Cybers
talking Data Theft
Spammin Breach of Confidential
g Information- Wikileaks
Hacking
Dr. Tabrez Ahmad
9
10. What is India inc‘s biggest threat?
Cyber crime is now a bigger threat to India Inc than physical
crime. In a recent survey by IBM, a greater number of
companies (44%) listed cyber crime as a bigger threat to
their profitability than physical crime (31%).
The cost of cyber crime stems primarily from loss of
revenue, loss of market capitalisation, damage to the brand,
and loss of customers, in that order.
About 67% local Chief Information Officers (CIOs) who took
part in the survey perceived cyber crime
as more costly, compared to the global
benchmark of 50%.
10 Dr. Tabrez Ahmad
11. Combating cyber crimes
Legal framework-laws & enforcement
Technological measures-Public key
cryptography, Electronic signatures
,Firewalls, honey pots
Cyber investigation- Computer forensics is the
process of identifying, preserving, analyzing
and presenting digital evidence in a manner
that is legally acceptable in courts of law.
These rules of evidence include admissibility
(in courts), authenticity (relation to
incident), completeness, reliability and
believability.
Dr. Tabrez Ahmad 11
12. Legal Framework-Laws & Enforcement
Information Technology Act, 2000-came into force on 17
October 2000
Information Technology ( Amendment) Act, 2008-came into
force on 27 October 2009
The Information Technology ( Use of Electronic Records and
Digital Signatures) Rules, 2004
The Information Technology (Security Procedure) Rules, 2004
The Information Technology ( Procedure and Safeguards for
Interception, Monitoring, and Decryption of Information )
Rules, 2009
The Information Technology ( Procedure and Safeguards, for
Blocking for Access of Information by Public ), Rules, 2009
The Information Technology ( Proced
ure and Safeguards for Monitoring
and Collecting Traffic Data or
Information ) Rules, 2009.
12 Dr. Tabrez Ahmad
13. International initiatives
Representatives from the 26 Council of
Europe members, the United
States, Canada, Japan and South Africa Main objectives-
in 2001 signed a convention on
cybercrime in efforts to enhance Create effective cyber
international cooperation in combating crime laws
computer-based crimes. Handle jurisdiction issues
The Convention on Cybercrime, drawn Cooperate in international
up by experts of the Council of Europe, is investigations
designed to coordinate these countries' Develop acceptable
policies and laws on penalties on crimes practices for search and
in cyberspace, define the formula
guaranteeing the efficient operation of seizure
the criminal and judicial authorities, and Establish effective
establish an efficient mechanism for public/private sector
international cooperation. interaction
In 1997, The G-8 Ministers agreed to ten
"Principles to Combat High-Tech Crime"
and an "Action Plan to Combat High-
Tech Crime."
13 Dr. Tabrez Ahmad
14. Combating Cyber crime-Indian legal framework
Information Technology Act, 2000-came into force on 17
October 2000
Extends to whole of India and also applies to any offence or
contravention there under committed outside India by any
person {section 1 (2)}
read with Section 75- Act applies to offence or contravention
committed outside India by any person irrespective of his
nationality, if such act involves a computer, computer system
or network located in India
Section 2 (1) (a) –‖Access‖ means gaining entry into
,instructing or communicating with the logical, arithmetic or
memory function resources of a computer, computer
resource or network
IT Act confers legal recognition to electronic records and
digital signatures (section 4,5 of the IT Act,2000)
14 Dr. Tabrez Ahmad
15. Cyber contravention
The IT Act prescribes provisions for contraventions
in Ch IX of the Act, particularly Sec. 43 of the
Act, which covers unauthorised
access, downloading, introduction of virus, denial of
access and Internet time theft committed by any
person. It prescribes punishment by way of
damages not exceeding Rs 1 crore to the affected
15
party. Ahmad
Dr. Tabrez
16. Section 46 IT Act
Section 46 of the IT Act states that an adjudicating
officer shall be adjudging whether a person has committed a
contravention of any of the provisions of the said Act, by
holding an inquiry. Principles of audi alterum partum and
natural justice are enshrined in the said section which
stipulates that a reasonable opportunity of making a
representation shall be granted to the concerned person
who is alleged to have violated the provisions of the IT
Act. The said Act stipulates that the inquiry will be carried
out in the manner as prescribed by the Central
Government
All proceedings before him are deemed to be judicial
proceedings, every Adjudicating Officer has all powers
conferred on civil courts
Appeal to cyber Appellate Tribunal- from decision of
Controller, Adjudicating Officer {section 57 IT act}
16 Dr. Tabrez Ahmad
17. Section 47, IT Act
Section 47 of the Act lays down that while adjudging
the quantum of compensation under this Act, the
adjudicating officer shall have due regard to the
following factors, namely-
(a) the amount of gain of unfair advantage, wherever
quantifiable, made as a result of the default;
(b) the amount of loss caused to any person as a
result of the default;
(c) the repetitive nature of the default
17 Dr. Tabrez Ahmad
18. Chapter XI of the IT Act 2000 discusses the cyber crimes
and offences inter alia, tampering with computer source
documents (s 65), hacking (s 66), publishing of obscene
information (s 67), unauthorised access to protected system
(s 70), breach of confidentiality (s 72), publishing false
digital signature certificate (s 73).
18 Dr. Tabrez Ahmad
19. Whereas cyber contraventions are ‗civil wrongs‘ for which
compensation is payable by the defaulting party, ‗cyber
offences‘ constitute cyber frauds and crimes which are
criminal wrongs for which punishment of imprisonment
and/or fine is prescribed by the Information Technology Act
2000.
19 Dr. Tabrez Ahmad
20. Section 65: Source Code
Most important asset of software companies
―Computer Source Code" means the listing of
programmes, computer commands, design
and layout
Ingredients
Knowledge or intention
Concealment, destruction, alteration
computer source code required to be kept or
maintained by law
Punishment
imprisonment up to three years and / or
fine up to Rs. 2 lakh
20 Dr. Tabrez Ahmad
21. Hacking
Section 66 of the IT Act 2000 deals with the offence of
computer hacking.
In simple words, hacking is accessing of a computer system
without the express or implied permission of the owner of
that computer system.
Examples of hacking may include unauthorised input or
alteration of input, destruction or misappropriation of
output, misuse of programs or alteration of computer data.
Punishment for hacking is imprisonment upto 3years or fine
which may extend to 2 lakh rupees or both
21 Dr. Tabrez Ahmad
22. Publishing obscene information
Section 67 of the IT Act lays down punishment for the
offence of publishing of obscene information in electronic
form
Recently, the Supreme Court in Ajay Goswami v Union of
India considered the issue of obscenity on Internet and held
that restriction on freedom of speech on ground of curtailing
obscenity amounts to reasonable restriction under art 19(2)
of the Constitution. The court observed that the test of
community mores and standards has become obsolete in
the Internet age.
punishment on first conviction with imprisonment for a term
which may extend to 5 years and with fine which may
extend to 1 lakh rupees. In the event of second conviction or
subsequent conviction imprisonment of description for a
term which may extend to 10 years and fine which may
extend to2 lakh rupees.
22 Dr. Tabrez Ahmad
23. Phishing
• Phishing is a type of deception designed to steal
your valuable personal data, such as credit card
numbers, passwords, account data, or other
information.
• Con artists might send millions of fraudulent e-mail
messages that appear to come from Web sites you
trust, like your bank or credit card company, and
request that you provide personal information.
23 Dr. Tabrez Ahmad
24. History of Phishing
Phreaking + Fishing = Phishing
- Phreaking = making phone calls for free back in 70‘s
- Fishing = Use bait to lure the target
Phishing in 1995
Target: AOL users
Purpose: getting account passwords for free time
Threat level: low
Techniques: Similar names ( www.ao1.com for www.aol.com ), social
engineering
Phishing in 2001
Target: Ebayers and major banks
Purpose: getting credit card numbers, accounts
Threat level: medium
Techniques: Same in 1995, keylogger
Phishing in 2007
Target: Paypal, banks, ebay
Purpose: bank accounts
Threat level: high
24 Dr. Tabrez Ahmad
Techniques: browser vulnerabilities, link obfuscation
25. Phishing: A Growing Problem
• Over 28,000 unique phishing attacks reported in Dec.
2006, about double the number from 2005, Now so
many millions in 2010.
• Estimates suggest phishing affected 2 million US
citizens and cost businesses billions of dollars in
2010
• Additional losses due to consumer fears
25 Dr. Tabrez Ahmad
26. Phishing Scams
• As scam artists become more sophisticated, so do their
phishing e-mail messages and pop-up windows.
• They often include official-looking logos from real
organizations and other identifying information taken directly
from legitimate Web sites.
•Socially aware attacks
Mine social relationships from public data
Phishing email appears to arrive from someone known to the victim
Use spoofed identity of trusted organization to gain trust
Urge victims to update or validate their account
Threaten to terminate the account if the victims not reply
Use gift or bonus as a bait
Security promises
• Context-aware attacks
―Your bid on eBay has won!‖
―The books on your Amazon wish list are on sale!‖
26 Dr. Tabrez Ahmad
28. But wait…
WHOIS 210.104.211.21:
Location: Korea, Republic Of
Even bigger problem:
I don’t have an account with US Bank!
28 Dr. Tabrez Ahmad
Images from Anti-Phishing Working Group‘s Phishing Archive
29. Fraudulent E-mail Messages
Here are a few phrases to look for if you think an e-mail message is a
phishing scam.
• "Verify your account." Businesses should not ask you to send
passwords, login names, Social Security numbers, or other personal
information through e-mail. If you receive an e-mail from anyone asking
you to update your credit card information, do not respond: this is a
phishing scam.
• "If you don't respond within 48 hours, your account will be
closed." These messages convey a sense of urgency so that you'll
respond immediately without thinking. Phishing e-mail might even claim
that your response is required because your account might have been
compromised.
29 Dr. Tabrez Ahmad
30. Fraudulent E-mail Messages (cont‘d)
• "Dear Valued Customer." Phishing e-mail messages are usually
sent out in bulk and often do not contain your first or last name.
• "Click the link below to gain access to your account." HTML-
formatted messages can contain links or forms that you can fill out just
as you'd fill out a form on a Web site. The links that you are urged to
click may contain all or part of a real company's name and are usually
"masked," meaning that the link you see does not take you to that
address but somewhere different, usually a phony Web site.
• Notice in the following example that resting the mouse pointer on the
link reveals the real Web address, as shown in the box with the yellow
background. The string of cryptic numbers looks nothing like the
company's Web address, which is a suspicious sign.
30 Dr. Tabrez Ahmad
31. Fraudulent E-mail Messages (cont‘d)
Con artists also use Uniform Resource Locators (URLs)
that resemble the name of a well-known company but are
slightly altered by adding, omitting, or transposing letters.
For example, the URL "www.microsoft.com" could appear
instead as:
www.micosoft.com
www.mircosoft.com
www.verify-microsoft.com
31 Dr. Tabrez Ahmad
32. Fraudulent E-mail Messages (cont‘d)
• Never respond to an email asking for personal information
• Always check the site to see if it is secure. Call the phone
number if necessary
• Never click on the link on the email. Retype the address in a
new window
• Keep your browser updated
• Keep antivirus definitions updated
• Use a firewall
32 Dr. Tabrez Ahmad
33. Install the Microsoft Phishing Filter Using
Internet Explorer 7 or Windows Live Toolbar
Phishing Filter
(http://www.microsoft.com/athome/security/online/phishing
_filter.mspx) helps protect you from Web fraud and the risks of
personal data theft by warning or blocking you from reported
phishing Web sites.
• Install up-to-date antivirus and antispyware software.
Some phishing e-mail contains malicious or unwanted software
(like keyloggers) that can track your activities or simply slow
your computer.
• Numerous antivirus programs exist as well as comprehensive
computer maintenance services like Norton Utilities. To help
prevent spyware or other unwanted software, download
Windows Defender.
33 Dr. Tabrez Ahmad
34. The Information Technology (Amendment) Act,
2008 has come into force on 27th October, 2009.
Almost Nine years and 10 days after the birth of
cyber laws in India, the new improved cyber law
regime in India has become a reality.
There are around 17 changes and out of that most of
the changes relate to cyber crimes.
34 Dr. Tabrez Ahmad
35. Some of the major modifications are:
1. A special liability has been imposed on call
centers, BPOs, banks and others who hold or handle
sensitive personal data. If they are negligent in
"implementing and maintaining reasonable security practices
and procedures", they will be liable to pay compensation. It
may be recalled that India's first major BPO related scam
was the multi crore MphasiS-Citibank funds siphoning case
in 2005. Under the new law, in such cases, the BPOs and
call centers could also be made liable if they have not
implemented proper security measures.
2. Compensation on cyber crimes like spreading
viruses, copying data, unauthorised access, denial of service
etc is not restricted to Rs 1 crore anymore. The Adjudicating
Officers will have jurisdiction for cases where the claim is
upto Rs. 5 crore. Above that the case will need to be filed
before the civil courts.
35 Dr. Tabrez Ahmad
36. 3.The offence of cyber terrorism has been specially
included in the law. A cyber terrorist can be punished
with life imprisonment.
4. Sending threatening emails and sms are
punishable with jail upto 3 years.
5. Publishing sexually explicit acts in the electronic
form is punishable with jail upto 3 years. This would
apply to cases like the Delhi MMS scandal where a
video of a young couple having sex was spread
through cell phones around the country.
36 Dr. Tabrez Ahmad
37. 6.Voyeurism is now specifically covered. Acts like hiding
cameras in changing rooms, hotel rooms etc is
punishable with jail upto 3 years. This would apply to
cases like the infamous Pune spycam incident where a
58-year old man was arrested for installing spy cameras
in his house to 'snoop' on his young lady tenants.
7. Cyber crime cases can now be investigated by
Inspector rank police officers. Earlier such offences
could not be investigated by an officer below the rank of
a deputy superintendent of police.
8. Collecting, browsing, downloading etc of child
pornography is punishable with jail upto 5 years for the
first conviction. For a subsequent conviction, the jail term
can extend to 7 years. A fine of upto Rs 10 lakh can also
be levied.
37 Dr. Tabrez Ahmad
38. 9. The punishment for spreading obscene material
by email, websites, sms has been reduced from 5
years jail to 3 years jail. This covers acts like sending
'dirty' jokes and pictures by email or sms.
10. Refusing to hand over passwords to an
authorized official could land a person in prison for
upto 7 years.
11. Hacking into a Government computer or
website, or even trying to do so in punishable with
imprisonment upto 10 years.
12. Rules pertaining to section 52
(Salary, Allowances and Other Terms and Conditions
of Service of Chairperson and Members),
38 Dr. Tabrez Ahmad
39. 13. Rules pertaining to section 69 (Procedure and
Safeguards for Interception, Monitoring and
Decryption of Information),
14. Rules pertaining to section 69A (Procedure and
Safeguards for Blocking for Access of Information by
Public),
15. Rules pertaining to section 69B (Procedure and
safeguard for Monitoring and Collecting Traffic Data
or Information) and
16. Notification under section 70B for appointment of
the Indian Computer Emergency Response Team.
17. Rules Rules pertaining to section 54 (Procedure
for Investigation of Misbehaviour or Incapacity of
Chairperson and Members),
39 Dr. Tabrez Ahmad
40. Computer Related Crimes under IPC
and Special Laws
Sending threatening messages by email Sec 503 IPC
Sending defamatory messages by email Sec 499, 500 IPC
Forgery of electronic records Sec 463, 470, 471 IPC
Bogus websites, cyber frauds Sec 420 IPC
Email spoofing Sec 416, 417, 463 IPC
Online sale of Drugs NDPS Act
Web -Jacking Sec. 383 IPC
Online sale of Arms Arms Act
40 Dr. Tabrez Ahmad
40
41. Special and General statutes applicable to
cybercrimes
While the IT Act 2000, provides for the specific offences it has to be read
with the Indian Penal Code 1860 (IPC) and the Code of Criminal
Procedure 1973 (Cr PC)
IT Act is a special law, most IT experts are of common consensus that it
does not cover or deal specifically with every kind of cyber crime
for instance, for defamatory emails reliance is placed on Sec. 500 of
IPC, for threatening e-mails, provisions of IPC applicable thereto are
criminal intimidation (ch XXII), extortion (ch XVII), for e-mail
spoofing, provisions of IPC relating to frauds, cheating by personation (ch
XVII) and forgery (ch XVIII) are attracted.
41 Dr. Tabrez Ahmad
42. Likewise, criminal breach of trust and fraud (SS
405, 406, 408, 409) of the IPC are applicable and for false
electronic evidence, Sec. 193 of IPC applies.
For cognisability and bailability, reliance is placed on Code
of Criminal Procedure which also lays down the specific
provisions relating to powers of police to investigate.
42 Dr. Tabrez Ahmad
43. Liability of ISPs and Govt.
GOVERNMENT –NSP??
Governments Providing Services On The Network
Governments Are Intermediaries. Sec 79 IT Act.
Under The It Act, 2000, All Governments, Central
And State, All Governmental Bodies Are ―Network
Service Providers‖
43 Dr. Tabrez Ahmad
44. Liability of ISPs and Govt.
Section 79 of I T Act 200
For the removal of doubts, it is hereby declared that
no person providing any service as a network service
provider shall be liable under this Act, rules or
regulations made there under for any third party
information or data made available by him if he
proves that the offence or contravention was
committed without his knowledge or that he had
exercised all due diligence to prevent the commission
of such offence or contravention.
44 Dr. Tabrez Ahmad
45. Liability of ISPs and Govt. (Contd.)
Network Service Providers: When Not Liable
Explanation.—For the purposes of this section, —
(a) "network service provider" means an intermediary;
(b) "third party information" means any information
dealt with by a network service provider in his
capacity as an intermediary.
45 Dr. Tabrez Ahmad
46. Liability of ISPs and Govt.
TRANSPARENCY
Need For Transparent E-governance
Right To Information Act
Government Would Now Not Be Able To Hide
Records Concerning E-governance
46 Dr. Tabrez Ahmad
47. Government Initiative
• The Cyber Crime Investigation cell (CCIC) of
the CBI, notified in September 1999, started
functioning from 3 March 2000.
• It is located in New Delhi, Mumbai, Chennai
and Bangalore.
• Jurisdiction of the cell is all over India.
• Any incident of the cyber crime can be
reported to a police station, irrespective of
whether it maintains a separate cell or not.
47 Dr. Tabrez Ahmad
48. The Indian Computer Emergency Response
Team (CERT-In)
IT Amendment ACT 2008.
―70A. (1) The Indian Computer Emergency Response Team (CERT-In)
shall serve as the national nodal agency in respect of Critical
Information Infrastructure for coordinating all actions relating to
information security practices, procedures, guidelines, incident
prevention, response and report.
(2) For the purposes of sub-section (1), the Director of the Indian
Computer Emergency Response Team may call for information
pertaining to cyber security from the service providers, intermediaries or
any other person.
48 Dr. Tabrez Ahmad
49. Amendments- Indian Evidence
Act 1872
Section 3 of the Evidence Act amended to take care of
admissibility of ER as evidence along with the paper
based records as part of the documents which can be
produced before the court for inspection.
Section 4 of IT Act confers legal recognition to electronic
records
Dr. Tabrez Ahmad 49
50. AUTHENTICATION OF
ELECTRONIC RECORDS
Any subscriber may authenticate an electronic
record
Authentication by affixing his digital signature.
Any person by the use of a public key of the
subscriber can verify the electronic record
50 Dr. Tabrez Ahmad
51. LEGALITY OF ELECTRONIC
SIGNATURES
Legal recognition of digital signatures.
Certifying Authorities for Digital Signatures.
Scheme for Regulation of Certifying Authorities
for Digital Signatures
51 Dr. Tabrez Ahmad
52. CONTROLLER OF CERTIFYING
AUTHORITIES
Shall exercise supervision over the activities of
Certifying Authorities
Lay down standards and conditions governing Certifying
Authorities
Specify various forms and content of Digital Signature
Certificates
52 Dr. Tabrez Ahmad
53. DIGITAL SIGNATURES & ELECTRONIC
RECORDS
Use of Electronic Records and Electronic
Signatures in Government Agencies.
Publications of rules and regulations in the
Electronic Gazette.
MCA –21 Project- Usage of Digital Signatures
53 Dr. Tabrez Ahmad
54. Presumptions in law- Section 85 B
Indian Evidence Act
The law also presumes that in any proceedings, involving secure
digital signature, the court shall presume, unless the contrary is
proved, that the secure digital signature is affixed by the
subscriber with the intention of signing or approving the
electronic record
In any proceedings involving a secure electronic record, the
court shall presume, unless contrary is proved, that the secure
electronic record has not been altered since the specific point of
time, to which the secure status relates
54 Dr. Tabrez Ahmad
55. Presumption as to electronic messages-
Section 88A of Evidence Act
The court may treat electronic messages received as
if they were sent by the originator, with the exception
that a presumption is not to be made as to the person
by whom such message was sent.
It must be proved that the message has been
forwarded from the electronic mail server to the
person ( addressee ) to whom such message
purports to have been addressed
An electronic message is primary evidence of the fact
that the same was delivered to the addressee on date
and time indicated.
55 Dr. Tabrez Ahmad
56. IT Amendment Act 2008-Section 79A
Section 79A empowers the Central govt to appoint any
department, body or agency as examiner of electronic
evidence for proving expert opinion on electronic form
evidence before any court or authority.
Till now, government forensic lab of hyderabad was
considered of evidentiary value in courts- CFSIL
Statutory status to an agency as per Section 79A will be of
vital importance in criminal prosecution of cybercrime
cases in India
56 Dr. Tabrez Ahmad
57. Sec. 69, 69 A, 69 B
Decryption of information
Ingredients
Controller issues order to Government agency to
intercept any information transmitted through any
computer resource.
Order is issued in the interest of the
sovereignty or integrity of India,
the security of the State,
friendly relations with foreign States,
public order or
preventing incitement for commission of a cognizable offence
Person in charge of the computer resource fails to
extend all facilities and technical assistance to decrypt
the information-punishment upto 7 years.
57 Dr. Tabrez Ahmad
58. Sec 70 Protected System
Ingredients
Securing unauthorised access or attempting to secure
unauthorised access
to ‗protected system‘
Acts covered by this section:
Switching computer on / off
Using installed software / hardware
Installing software / hardware
Port scanning
Punishment
Imprisonment up to 10 years and fine
Cognizable, Non-Bailable, Court of Sessions
58 Dr. Tabrez Ahmad
59. Criminological Theories & Cyber Crime
Space Transition Theory
Routine Activity Theory
Displacement Theory
Opportunity Theory
59 Dr. Tabrez Ahmad
60. Space Transition Theory
1)Persons with repressed criminal behavior (in the
physical space) have a propensity to commit
crime in cyberspace, which otherwise they
would not commit in physical space, due to their
status and position.
Concern for status in physical space does not
transition to cyber space.
Behavior repressed in physical space are not in
cyber space.
60 Dr. Tabrez Ahmad
61. Space Transition Theory
2) Identity flexibility, dissociative anonymity, and lack of
deterrence factor in the cyberspace provides the
offenders the choice to commit cyber crime.
Disinhibiting effect allows individuals:
Open honesty about personal issues
To act out on unpleasant needs
Deinidividualization - inner restraints are lost when
individuals not seen as individuals
Leads to behavior that is
Less altruistic
More selfish
More aggressive
61 Dr. Tabrez Ahmad
62. Space Transition Theory
2) Identity flexibility, dissociative anonymity, and
lack of deterrence factor in the cyberspace
provides the offenders the choice to commit cyber
crime.
Deterrence factor changes
Attacks can be made from a remote location
Crime reslts not immediately apparent
62 Dr. Tabrez Ahmad
63. Space Transition Theory
3) Criminal behavior of offenders in cyberspace is likely
to be imported to physical space which, in physical
space maybe exported to cyberspace as well.
Cyber crime has moved from the single individual
acting for fame to professional criminals
Huge financial gain with little risk
Growth of e-commerce attracts criminals to the net
63 Dr. Tabrez Ahmad
64. Space Transition Theory
4) Intermittent venture of offenders in to the
cyberspace and the dynamic spatiotemporal
nature of cyberspace provide the chance to
escape
Cyber space is transient
Cyber space is dynamic
Cyber crimes have do not have spatial - temporal
restrictions of traditional crimes
64 Dr. Tabrez Ahmad
65. Space Transition Theory
5) (a)Strangers are likely too unite together in
cyberspace to commit crime in the physical space; (b)
Associates of physical space are likely to unite to
commit crime in cyberspace.
Cyberspace allows for recruitment and dissemination
Cyberspace is:
Unmoderated
Easy to access
Cyberspace can pose an insider threat
Spy / mole
Disgruntled employee
65 Dr. Tabrez Ahmad
66. Space Transition Theory
6) Persons from closed society are more likely to
commit crimes in cyberspace than persons from
open society.
Open society allows individuals to voice opinions
& vent feelings.
Cyberspace allows individuals from closed
societies to express anger & frustrations through
hate messages, web page vandalism, up to cyber
terrorism attacks
66 Dr. Tabrez Ahmad
67. Space Transition Theory
7) The conflict of norms and values of physical
space with the norms and values of cyberspace
may lead to cyber crimes.
Cyberspace is international
Societal differences between individuals may lead
to cyber crime
Conflicts between nations carry over into
cyberspace
67 Dr. Tabrez Ahmad
68. Routine Activity Theory
Routine activities in conventional societies provide
opportunities for perpetrator to commit crime
Three things must be present for crime to occur:
Suitable target is available
Motivated offender is present
Lack of a suitable guardian to prevent crime from occurring
Assessment of situation determines whether or not a
crime takes place.
68 Dr. Tabrez Ahmad
69. Routine Activity Theory
A suitable target can be:
A person
An object
A place
Target comes to the attention of a person searching
for a criminal opportunity
Targets behavior may place target in contact with
perpetrator
No significant deterring mechanism is present
69 Dr. Tabrez Ahmad
70. Routine Activity Theory
Motivated Perpetrator
Predatory crime is a method for the perpetrator to
secure basic needs of desires
Actions of perpetrator are intentional and illegal
70 Dr. Tabrez Ahmad
71. Routine Activity Theory
A capable guardian
Police patrol, Security guards
Neighbors, neighborhood watch, dogs
Locks, fences, CCTV systems
Passwords, tokens, biometric measures
Guardians can be formal or informal
Guardians can be human or machine
Guardians MUST be capable of acting as a
deterrent
71 Dr. Tabrez Ahmad
72. Opportunity Theory
Opportunity to commit a crime is a root cause of
crime
No crime can occur without the physical
opportunity
Opportunity plays a role in all crimes, not just
those involving physical property
Reducing opportunity reduces crime
72 Dr. Tabrez Ahmad
73. Displacement Theory
Reductions in opportunity will not reduce crime
because crime will be displaced to another
location
Opportunity is so compelling that removing
perpetrators will not reduce crime because other
perpetrators will step in
Research on displacement theory has shown
crime is not always displaced
73 Dr. Tabrez Ahmad
74. Routine Activity Theory & the Internet
Opportunity to commit crime is multiplied
Target and perpetrator are much more likely to
come in contact with each other
Victim has to keep returning to scene of the crime
Deterrence comes shifting either events or
circumstances
Neither are easily altered
74 Dr. Tabrez Ahmad
75. Routine Activity Theory & the Internet
Cybercrime has more to do with the effectiveness
of indirect guardianship
Internet is open & unmoderated
Mechanisms of the Internet designed to transfer
data, not to examine the data
Internet guardianships are all mechanical
Reactive, respond to some action - IDS
Cannot respond to new, previously untried activity
75 Dr. Tabrez Ahmad
76. Hacker Neutralization Techniques
Allows for temporary neutralization of
values, beliefs, and attitudes so illegal behaviors
can be performed.
Justification of an act requires the need to assert
its positive values
Used by different types of deviants
76 Dr. Tabrez Ahmad
77. Hacker Neutralization Techniques
Denial of Injury
No harm or insignificant harm done to victim
No physical information stolen, information in an
electronic form
Belief that downloading is copying not stealing
As long as no one knows their information is being
perused, no harm is done
77 Dr. Tabrez Ahmad
78. Hacker Neutralization Techniques
Denial of Victim
Victim is deserving of punishment
Four categories of victims
Close enemies who have harmed offender directly
People who do not conform to normative social roles
Groups with tribal stigmas
Remote enemies who hold positions perceived as
questionable or corrupt
Offender may assume role of ―avenger‖ or
―crusader for justice‖
May justify actions as revenge
78 Dr. Tabrez Ahmad
79. Hacker Neutralization Techniques
Condemnation of the Condemners
Divert attention from offenders actions to the
motives and behaviors of those condemning
offender‘s actions
Mistrust of authority
Promote decentralization
Price charged by software companies too high and
unfair
Victim failed to protect their computer system
79 Dr. Tabrez Ahmad
80. Hacker Neutralization Techniques
Appeal to higher loyalties
Offender doesn‘t deny damage, act was done to
protect higher loyalties
Loyalty to group
Responsibility to family or spouse
Employer (Corporate crimes)
Claim actions were done to acquire knowledge
80 Dr. Tabrez Ahmad
81. Hacker Neutralization Techniques
Self-fulfillment
Illegal activity done for
Fun
Excitement or thrill
Computer virtuosity
Offender achieves feelings of superiority & control
Voyeurism
Demonstration of ability
81 Dr. Tabrez Ahmad
82. Hacker Neutralization Techniques
Hackers do not use all neutralization techniques
Denial of responsibility
Sad story
Both external forms of neutralization
Only use techniques based on internal
neutralization
Hackers take pride in what they do
Hackers feel in shame or guilt
82 Dr. Tabrez Ahmad
83. Computer Hackers & Social Organization
Mutual Association
Clear interpersonal relationship
No strong or deep interpersonal relationships on or
off line
Social connections relatively shallow
Multiple identities and multiple forum use may limit
ability to form interpersonal connections
Utilize social networks to exchange knowledge and
information
83 Dr. Tabrez Ahmad
84. Computer Hackers & Social Organization
Mutual Participation
Groups are stratified rather than centrally controlled
Participation in groups did not lead to group attacks
Many do not want an group affiliation
84 Dr. Tabrez Ahmad
85. Computer Hackers & Social Organization
Division of labor
Some specialization in group forums does exist
Stratification & division of labor
Small group of moderators
Larger group of users exchanging knowledge & information
Loose set of rules
Give respect, get respect
No flaming
Large population of users enforcing the rules
85 Dr. Tabrez Ahmad
86. Computer Hackers & Social Organization
Extended duration
No group with extended history
Relationships appear transitory
Relationships within forums weak & short-lived
86 Dr. Tabrez Ahmad
87. Incident Response – a precursor to Techniques of
Cyber investigation & forensic tools
‗Incident response‘ could be defined as a precise set of
actions to handle any security incident in a responsible
,meaningful and timely manner.
Goals of incident response-
To confirm whether an incident has occurred
To promote accumulation of accurate information
Educate senior management
Help in detection/prevention of such incidents in the future,
To provide rapid detection and containment
Minimize disruption to business and network
operations
To facilitate for criminal action against
perpetrators
87 Dr. Tabrez Ahmad
88. Handling of Evidences by Cyber Analysts
Collect, Analyze
Identify Observe and Verify
& Organize
Preserve
Four major tasks for working with digital evidence
Identify: Any digital information or artifacts that can be
used as evidence.
Collect, observe and preserve the evidence
Analyze, identify and organize the evidence.
Rebuild the evidence or repeat a situation to verify the
same results every time. Checking the hash value.
88 Dr. Tabrez Ahmad
89. Techniques of cyber investigation-
Cyber forensics
Computer forensics, also called cyber forensics, is the application of
computer investigation and analysis techniques to gather evidence
suitable for presentation in a court of law.
The goal of computer forensics is to perform a structured investigation
while maintaining a documented chain of evidence to find out exactly
what happened on a computer and who was responsible for it.
89 Dr. Tabrez Ahmad
90. Computer Forensic Tools
Forensic Tool Kit:
FTK is developed by
Access Data Corporation
(USA); it enables law
enforcement and
corporate security
professionals to perform
complete and in-depth
computer forensic
analysis.
90 Dr. Tabrez Ahmad Main Window of FTK
91. TYPICAL TOOLS
EMAIL TRACER
TRUEBACK
CYBERCHECK
MANUAL
91 Dr. Tabrez Ahmad
92. Current and Emerging Cyber Forensic Tools of Law Enforcement
92 Dr. Tabrez Ahmad
93. Land Mark Cases
9/11 Attack on WTC
Afzal Guru Parliament attack Case
Mumbai Attack on Tajmahal etc.
Firos vs. State of Kerala
Syyed Asifuddin Case
Bazee Case
State of Tamilnadu v. Suhas Katti
Balasore ATM Fraud, 2010
93 Dr. Tabrez Ahmad
94. Case Study (contd.)
The crime was obviously committed using "Unauthorized
Access" to the "Electronic Account Space" of the customers.
It is therefore firmly within the domain of "Cyber Crimes".
ITA-2000 is versatile enough to accommodate the aspects
of crime not covered by ITA-2000 but covered by other
statutes since any IPC offence committed with the use of
"Electronic Documents" can be considered as a crime with
the use of a "Written Documents".
"Cheating", "Conspiracy", "Breach of Trust" etc are therefore
applicable in the above case in addition to section in ITA-
2000.
Under ITA-2000 the offence is recognized both under
Section 66 and Section 43. Accordingly, the persons
involved are liable for imprisonment and fine as well as a
liability to pay damage to the victims to the maximum extent
of Rs 1 crore per victim for which the "Adjudication Process"
can be invoked.
94 Dr. Tabrez Ahmad
95. Case Study (contd.)
The BPO is liable for lack of security that enabled the commission of
the fraud as well as because of the vicarious responsibility for the ex-
employee's involvement. The process of getting the PIN number was
during the tenure of the persons as "Employees" and hence the
organization is responsible for the crime.
Some of the persons who have assisted others in the commission of
the crime even though they may not be directly involved as
beneficiaries will also be liable under Section 43 of ITA-2000.
Under Section 79 and Section 85 of ITA-2000, vicarious responsibilities
are indicated both for the BPO and the Bank on the grounds of "Lack of
Due Diligence".
At the same time, if the crime is investigated in India under ITA-
2000, then the fact that the Bank was not using digital signatures for
authenticating the customer instructions is a matter which would
amount to gross negligence on the part of the Bank. (However, in this
particular case since the victims appear to be US Citizens and the
Bank itself is US based, the crime may come under the jurisdiction of
the US courts and not Indian Courts).
95 Dr. Tabrez Ahmad
97. Baazee case
Obscene MMS clipping listed for sale on
27th November, 2004 - ―DPS Girl having fun".
Some copies sold through Baazee.com
Avnish Bajaj (CEO) arrested and his bail
application was rejected by the trial court.
97 Dr. Tabrez Ahmad
98. Points of the prosecution
The accused did not stop payment through
banking channels after learning of the illegal
nature of the transaction.
The item description "DPS Girl having fun" should
have raised an alarm.
98 Dr. Tabrez Ahmad
99. Points of the defence
Section 67 relates to publication of obscene
material and not transmission.
Remedial steps were taken within 38
hours, since the intervening period was a
weekend.
99 Dr. Tabrez Ahmad
100. Findings of the Court
It has not been established from the evidence
that any publication took place by the
accused, directly or indirectly.
The actual obscene recording/clip could not
be viewed on the portal of Baazee.com.
The sale consideration was not routed
through the accused.
100 Dr. Tabrez Ahmad
101. Findings of the Court
Prima facie Baazee.com had endeavored to
plug the loophole.
The accused had actively participated in the
investigations.
The nature of the alleged offence is such that
the evidence has already crystallized and may
even be tamper proof.
101 Dr. Tabrez Ahmad
102. Findings of the Court
Even though the accused is a foreign
citizen, he is of Indian origin with family roots
in India.
The evidence indicates
only that the obscene material may have been
unwittingly offered for sale on the website.
the heinous nature of the alleged crime may be
attributable to some other person.
102 Dr. Tabrez Ahmad
103. Court order
The court granted bail to Mr. Bajaj subject to
furnishing two sureties of Rs. 1 lakh each.
The court ordered Mr. Bajaj to
surrender his passport
not to leave India without Court permission
to participate and assist in the investigation.
103 Dr. Tabrez Ahmad
104. Case of- BPO Data Theft
The recently reported case of a Bank Fraud in
Pune in which some ex employees of BPO arm
of MPhasis Ltd MsourcE, defrauded US
Customers of Citi Bank to the tune of RS 1.5
crores has raised concerns of many kinds
including the role of "Data Protection".
104 Dr. Tabrez Ahmad
105. State v Navjot Sandhu
(2005)11 SCC 600
Held, while examining Section 65 B Evidence Act, it
may be that certificate containing details of subsection
4 of Section 65 is not filed, but that does not mean
that secondary evidence cannot be given.
Section 63 & 65 of the Indian Evidence Act enables
secondary evidence of contents of a document to be
adduced if original is of such a nature as not to be
easily movable.
105 Dr. Tabrez Ahmad
106. State of Tamil Nadu Vs Suhas Katti
This Case is notable for the fact that the conviction was achieved
successfully within a relatively quick time of 7 months from the filing
of the FIR .
The case related to posting of obscene, defamatory and annoying
message about a divorcee woman in the yahoo message group.
Additional Chief Metropolitan Magistrate, delivered the judgment on
5-11-04 as follows:
―The accused is found guilty of offences under section 469, 509 IPC
and 67 of IT Act 2000 and the accused is convicted and is sentenced
for the offence to undergo RI for 2 years under 469 IPC and to pay
fine of Rs.500/- and for the offence u/s 509 IPC sentenced to
undergo 1 year Simple imprisonment and to pay fine of Rs.500/- and
for the offence u/s 67 of IT Act 2000 to undergo RI for 2 years and to
pay fine of Rs.4000/- All sentences to run concurrently.‖
This is considered the first case convicted under section 67 of
Information Technology Act 2000 in India
106 Dr. Tabrez Ahmad
107. Firos vs. State of Kerala
Govt of Kerala declared the FRIENDS application
software as a protected system.
The author of the application software challenged
the notification and the constitutional validity of
section 70.
The Court upheld the validity of both
107 Dr. Tabrez Ahmad
108. Syed Asifuddin case
Tata Indicom employees were arrested for
manipulation of the electronic 32-bit number
(ESN) programmed into cell phones that were
exclusively franchised to Reliance Infocomm.
The court held that such manipulation
amounted to tampering with computer source
code as envisaged by section 65.
108 Dr. Tabrez Ahmad
109. Societe Des products Nestle SA case 2006 (33 ) PTC 469
By virtue of provision of Section 65A, the contents of electronic records may be
proved in evidence by parties in accordance with provision of 65B.
Held- Sub section (1) of section 65B makes admissible as a document, paper
print out of electronic records stored in optical or magnetic media produced by a
computer subject to fulfillment of conditions specified in subsection 2 of Section
65B .
a) The computer from which the record is generated was regularly used to store or
process information in respect of activity regularly carried on by person having
lawful control over the period, and relates to the period over which the computer
was regularly used.
b) Information was fed in the computer in the ordinary course of the activities of the
person having lawful control over the computer.
c) The computer was operating properly, and if not, was not such as to affect the
electronic record or its accuracy.
d) Information reproduced is such as is fed into computer in the ordinary course of
activity.
State v Mohd Afzal, 2003 (7) AD (Delhi)1
109 Dr. Tabrez Ahmad
110. Parliament attack case
Several terrorists attacked Parliament House on
13-Dec-01
Digital evidence played an important role during
their prosecution.
The accused had argued that computers and
digital evidence can easily be tampered and
hence should not be relied upon.
110 Dr. Tabrez Ahmad
111. Parliament attack case
A laptop, several smart media storage disks and
devices were recovered from a truck intercepted
at Srinagar pursuant to information given by two
of the suspects.
These articles were deposited in the police
―malkhana‖ on 16-Dec-01 but some files were
written onto the laptop on 21-Dec-01.
111 Dr. Tabrez Ahmad
112. Parliament attack case
Evidence found on the laptop included:
fake identity cards,
video files containing clippings of political leaders
with Parliament in background shot from TV news
channels,
scanned images of front and rear of a genuine
identity card,
112 Dr. Tabrez Ahmad
113. Parliament attack case
image file of design of Ministry of Home Affairs car
sticker,
the game 'wolf pack' with the user name 'Ashiq'.
Ashiq was the name in one of the fake identity
cards used by the terrorists.
113 Dr. Tabrez Ahmad
114. The possible reliefs to a cybercrime
victim and strategy adoption
114 Dr. Tabrez Ahmad
115. Possible reliefs to a cybercrime victim- strategy
adoption
A victim of cybercrime needs to immediately report the matter
to his local police station and to the nearest cybercrime cell
Depending on the nature of crime there may be civil and
criminal remedies.
In civil remedies , injunction and restraint orders may be
sought, together with damages, delivery up of infringing
matter and/or account for profits.
In criminal remedies, a cybercrime case will be registered by
police if the offence is cognisable and if the same is non
cognisable, a complaint should be filed with metropolitan
magistrate
For certain offences, both civil and criminal remedies may be
available to the victim
115 Dr. Tabrez Ahmad
116. Preparation for prosecution
Collect all evidence available & saving snapshots of evidence
Seek a cyberlaw expert‘s immediate assistance for advice on
preparing for prosecution
Prepare a background history of facts chronologically as per facts
Pen down names and addresses of suspected accused.
Form a draft of complaint and remedies a victim seeks
Cyberlaw expert & police could assist in gathering further evidence e.g
tracing the IP in case of e-mails, search & seizure or arrest as
appropriate to the situation
A cyber forensic study of the hardware/equipment/ network server
related to the cybercrime is generally essential
Preparation of chain of events table
Probing where evidence could be traced? E-mail inbox/files/folders/
web history.
Accused may use erase evidence software/tools
Forensically screening the hardware/data/files /print outs /
camera/mobile/pen drives of evidentiary value.
116 Dr. Tabrez Ahmad
117. Future Course of Action
Mumbai Cyber lab is a joint initiative of Mumbai police and
NASSCOM –more exchange and coordination of this kind
More Public awareness campaigns
Training of police officers to effectively combat cyber crimes
More Cyber crime police cells set up across the country
Effective E-surveillance
Websites aid in creating awareness and encouraging
reporting of cyber crime cases.
Specialised Training of forensic investigators and experts
Active coordination between police and other law
enforcement agencies and authorities is required.
Re-interpretation of criminological theories and development
of cyber jurisprudence
117 Dr. Tabrez Ahmad
118. Do you have any question?
118 Dr. Tabrez Ahmad