You are on page 1of 119

Victims of Cybercrimes

( Presented in the 3rd International ISV


Conference 6-8th January 2011

Dr. Tabrez Ahmad


Associate Professor of Law
www.site.technolexindia.com
technolexindia.blogspot.com
12/8/21
Agenda

1.Background of Cybercrimes
2.The categories of cybercrimes
3.Combating Cybercrimes
4.Phishing
5.Liability of ISPs and Govt.
6.The prosecution in cybercrimes
7.Admissibility of digital evidence in courts
8.Possible defense by an accused in a computer
related crime
9.Criminological theories and cybercrimes
10.Cyberforensics
11.The possible reliefs to a cybercrime victim and
strategy adoption
3 12. Future course of action Wednesday, December 08,
2021
Digital Revolution Internet Infra in INDIA
Internet
INDIA Internet
Infrastructure:2008.5 1Mil. Domains
(0.5 Mil. “.in”)

Bharti
BSNL NIC

130+ IDCs 134 Major Mail Servers


ISPs
ERNET

Reliance
TATA
Communications

4.8 Mil. High DNS


Speed Internet
Enterprise
IT /
65 Mil. Internet Govt. ITES
Users BPO
Home
248 Mil. Mobile Academia
Phones
8 Mil. Mobile Phones being added
per month
`

Tele Density 24 per 1000 person


Targetted Broadband connection = 10 Mil. VOIP, IPTV
(2010) 4
Background of Cybercrime

Real-world & Virtual- world

Current approaches evolved to deal with


real-world crime

Cybercrime occurs in a virtual-world and


therefore presents different issues

www.site.technolexindia.com,
5 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Background of Cybercrime Cont…
Real-world theft:
Possession of property shifts completely
from A to B, i.e., A had it now B has it

Theft in Virtual-world (Cyber-theft):


Property is copied, so A “has” it and so does B

www.site.technolexindia.com,
6 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Background of Cybercrime Cont…

Internet for Security USA ARPANET


Internet for Research
Internet for e-commerce UNCITRAL Model Law 1996
I.T Act 2000
Internet for e-governance
Internet regulation – serious matter after 9/11 attack on
World Trade Centre
US Patriot Act
I.T Amendment Act 2008

www.site.technolexindia.com,
7 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Categories of Cyber crimes

Crime against
Government

Crime against property

Crime against persons

www.site.technolexindia.com,
Wednesday, December 8
08, 2021 http://technolexindia.blogspot.com
Categories of Cybercrimes
Cyber Stealing Contents from Breach of Cyberte Flowing
trespass Cyberlibel
Websites Privacy rrorism Pornograph
Trespass y
Trespass to
to person Cookies, webcrawl Online Magic
Property
Viruses ing survellianc LanternTec
Identit e hnique
y Theft Cybersquating

Phising
Software Piracy
Cybers
talking Data Theft

Spammin Breach of Confidential


g Information- Wikileaks

Hacking
www.site.technolexindia.com,
Wednesday, December 08, 2
021 http://technolexindia.blogspot.com
9
What is India inc’s biggest threat?
 Cyber crime is now a bigger threat to India Inc than physical
crime. In a recent survey by IBM, a greater number of companies
(44%) listed cyber crime as a bigger threat to their profitability
than physical crime (31%).

The cost of cyber crime stems primarily from loss of revenue, loss
of market capitalisation, damage to the brand, and loss of
customers, in that order.

About 67% local Chief Information Officers (CIOs) who took part
in the survey perceived cyber crime
as more costly, compared to the global
benchmark of 50%.

www.site.technolexindia.com,
10 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Combating cyber crimes
 Legal framework-laws & enforcement

 Technological measures-Public key cryptography,


Electronic signatures ,Firewalls, honey pots

 Cyber investigation- Computer forensics is the


process of identifying, preserving, analyzing and
presenting digital evidence in a manner that is
legally acceptable in courts of law.
 These rules of evidence include admissibility (in
courts), authenticity (relation to incident),
completeness, reliability and believability.

www.site.technolexindia.com,
Wednesday, December 11
08, 2021 http://technolexindia.blogspot.com
Legal Framework-Laws & Enforcement
Information Technology Act, 2000-came into force on 17 October 2000
Information Technology ( Amendment) Act, 2008-came into force on 27
October 2009
The Information Technology ( Use of Electronic Records and Digital
Signatures) Rules, 2004
The Information Technology (Security Procedure) Rules, 2004
The Information Technology ( Procedure and Safeguards for Interception,
Monitoring, and Decryption of Information ) Rules, 2009
The Information Technology ( Procedure and Safeguards, for Blocking for
Access of Information by Public ), Rules, 2009
The Information Technology ( Proced
ure and Safeguards for Monitoring
and Collecting Traffic Data or
Information ) Rules, 2009.
www.site.technolexindia.com,
12 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
International initiatives
 Representatives from the 26 Council of
Europe members, the United States, Canada,
Japan and South Africa in 2001 signed a  Main objectives-
convention on cybercrime in efforts to
 Create effective cyber crime
enhance international cooperation in
combating computer-based crimes. laws
 Handle jurisdiction issues
The Convention on Cybercrime, drawn up by  Cooperate in international
experts of the Council of Europe, is designed
to coordinate these countries' policies and investigations
laws on penalties on crimes in cyberspace,  Develop acceptable practices
define the formula guaranteeing the efficient for search and seizure
operation of the criminal and judicial
authorities, and establish an efficient  Establish effective
mechanism for international cooperation. public/private sector
 In 1997, The G-8 Ministers agreed to ten interaction
"Principles to Combat High-Tech Crime" and
an "Action Plan to Combat High-Tech
Crime."

www.site.technolexindia.com,
13 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Combating Cyber crime-Indian legal framework
 Information Technology Act, 2000-came into force on 17 October
2000
 Extends to whole of India and also applies to any offence or
contravention there under committed outside India by any person
{section 1 (2)}
 read with Section 75- Act applies to offence or contravention
committed outside India by any person irrespective of his
nationality, if such act involves a computer, computer system or
network located in India
 Section 2 (1) (a) –”Access” means gaining entry into ,instructing
or communicating with the logical, arithmetic or memory function
resources of a computer, computer resource or network
 IT Act confers legal recognition to electronic records and digital
signatures (section 4,5 of the IT Act,2000)

www.site.technolexindia.com,
14 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Cyber contravention
The IT Act prescribes provisions for contraventions in Ch

IX of the Act, particularly Sec. 43 of the Act, which covers


unauthorised access, downloading, introduction of virus,
denial of access and Internet time theft committed by any
person. It prescribes punishment by way of damages not
exceeding Rs 1 crore to the affected party.

www.site.technolexindia.com,
15 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Section 46 IT Act
 Section 46 of the IT Act states that an adjudicating officer
shall be adjudging whether a person has committed a
contravention of any of the provisions of the said Act, by holding
an inquiry. Principles of audi alterum partum and natural justice
are enshrined in the said section which stipulates that a
reasonable opportunity of making a representation shall be granted
to the concerned person who is alleged to have violated the
provisions of the IT Act. The said Act stipulates that the inquiry
will be carried out in the manner as prescribed by the Central
Government
 All proceedings before him are deemed to be judicial proceedings,
every Adjudicating Officer has all powers conferred on civil courts
 Appeal to cyber Appellate Tribunal- from decision of Controller,
Adjudicating Officer {section 57 IT act}

www.site.technolexindia.com,
16 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Section 47, IT Act
Section 47 of the Act lays down that while adjudging the
quantum of compensation under this Act, the adjudicating
officer shall have due regard to the following factors,
namely-
(a) the amount of gain of unfair advantage, wherever
quantifiable, made as a result of the default;

 (b) the amount of loss caused to any person as a result


of the default;
(c) the repetitive nature of the default

www.site.technolexindia.com,
17 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
 Chapter XI of the IT Act 2000 discusses the cyber crimes and

offences inter alia, tampering with computer source documents (s


65), hacking (s 66), publishing of obscene information (s 67),
unauthorised access to protected system (s 70), breach of
confidentiality (s 72), publishing false digital signature certificate
(s 73).

www.site.technolexindia.com,
18 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
 Whereas cyber contraventions are ‘civil wrongs’ for which

compensation is payable by the defaulting party, ‘cyber


offences’ constitute cyber frauds and crimes which are criminal
wrongs for which punishment of imprisonment and/or fine is
prescribed by the Information Technology Act 2000.

www.site.technolexindia.com,
19 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Section 65: Source Code
Most important asset of software companies
“Computer Source Code" means the listing of
programmes, computer commands, design and
layout
Ingredients
Knowledge or intention
Concealment, destruction, alteration
computer source code required to be kept or maintained
by law
Punishment
imprisonment up to three years and / or
 fine up to Rs. 2 lakh

www.site.technolexindia.com,
20 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Hacking
 Section 66 of the IT Act 2000 deals with the offence of computer
hacking.
 In simple words, hacking is accessing of a computer system
without the express or implied permission of the owner of that
computer system.
 Examples of hacking may include unauthorised input or alteration
of input, destruction or misappropriation of output, misuse of
programs or alteration of computer data.
 Punishment for hacking is imprisonment upto 3years or fine
which may extend to 2 lakh rupees or both

www.site.technolexindia.com,
21 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Publishing obscene information
 Section 67 of the IT Act lays down punishment for the offence of
publishing of obscene information in electronic form
 Recently, the Supreme Court in Ajay Goswami v Union of India
considered the issue of obscenity on Internet and held that
restriction on freedom of speech on ground of curtailing obscenity
amounts to reasonable restriction under art 19(2) of the
Constitution. The court observed that the test of community mores
and standards has become obsolete in the Internet age.
 punishment on first conviction with imprisonment for a term
which may extend to 5 years and with fine which may extend to 1
lakh rupees. In the event of second conviction or subsequent
conviction imprisonment of description for a term which may
extend to 10 years and fine which may extend to2 lakh rupees.

www.site.technolexindia.com,
22 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Phishing

• Phishing is a type of deception designed to steal


your valuable personal data, such as credit card
numbers, passwords, account data, or other
information.
• Con artists might send millions of fraudulent e-mail
messages that appear to come from Web sites you
trust, like your bank or credit card company, and
request that you provide personal information.
History of Phishing
 Phreaking + Fishing = Phishing
- Phreaking = making phone calls for free back in 70’s
- Fishing = Use bait to lure the target

 Phishing in 1995
Target: AOL users
Purpose: getting account passwords for free time
Threat level: low
Techniques: Similar names ( www.ao1.com for www.aol.com ), social
engineering

 Phishing in 2001
Target: Ebayers and major banks
Purpose: getting credit card numbers, accounts
Threat level: medium
Techniques: Same in 1995, keylogger
 Phishing in 2007
Target: Paypal, banks, ebay
Purpose: bank accounts
Threat level: high
Techniques: browser vulnerabilities, link obfuscation
Phishing: A Growing Problem

• Over 28,000 unique phishing attacks reported in Dec.


2006, about double the number from 2005, Now so
many millions in 2010.
• Estimates suggest phishing affected 2 million US
citizens and cost businesses billions of dollars in
2010
• Additional losses due to consumer fears
Phishing Scams
• As scam artists become more sophisticated, so do their
phishing e-mail messages and pop-up windows.
• They often include official-looking logos from real
organizations and other identifying information taken directly
from legitimate Web sites.
• Socially aware attacks
 Mine social relationships from public data
 Phishing email appears to arrive from someone known to the victim
 Use spoofed identity of trusted organization to gain trust
 Urge victims to update or validate their account
 Threaten to terminate the account if the victims not reply
 Use gift or bonus as a bait
 Security promises
• Context-aware attacks
 “Your bid on eBay has won!”
 “The books on your Amazon wish list are on sale!”
Another Example:
But wait…

WHOIS 210.104.211.21:

Location: Korea, Republic Of

Even bigger problem:

I don’t have an account with US Bank!


Fraudulent E-mail Messages

Here are a few phrases to look for if you think an e-mail message is a
phishing scam.
• "Verify your account."Businesses should not ask you to send
passwords, login names, Social Security numbers, or other personal
information through e-mail. If you receive an e-mail from anyone
asking you to update your credit card information, do not respond: this
is a phishing scam.
• "If you don't respond within 48 hours, your account will be
closed."These messages convey a sense of urgency so that you'll
respond immediately without thinking. Phishing e-mail might even
claim that your response is required because your account might have
been compromised.
Fraudulent E-mail Messages (cont’d)

• "Dear Valued Customer."Phishing e-mail messages are usually


sent out in bulk and often do not contain your first or last name.
• "Click the link below to gain access to your account."HTML-
formatted messages can contain links or forms that you can fill out
just as you'd fill out a form on a Web site. The links that you are urged
to click may contain all or part of a real company's name and are
usually "masked," meaning that the link you see does not take you to
that address but somewhere different, usually a phony Web site.
• Notice in the following example that resting the mouse pointer on the
link reveals the real Web address, as shown in the box with the yellow
background. The string of cryptic numbers looks nothing like the
company's Web address, which is a suspicious sign.
Fraudulent E-mail Messages (cont’d)

Con artists also use Uniform Resource Locators (URLs)


that resemble the name of a well-known company but are
slightly altered by adding, omitting, or transposing letters.

For example, the URL "www.microsoft.com" could appear


instead as:
www.micosoft.com
www.mircosoft.com
www.verify-microsoft.com
Fraudulent E-mail Messages (cont’d)

• Never respond to an email asking for personal information


• Always check the site to see if it is secure. Call the phone
number if necessary
• Never click on the link on the email. Retype the address in a
new window
• Keep your browser updated
• Keep antivirus definitions updated
• Use a firewall
Install the Microsoft Phishing Filter Using
Internet Explorer 7 or Windows Live Toolbar

Phishing Filter
(http://www.microsoft.com/athome/security/online/phishing
_filter.mspx) helps protect you from Web fraud and the risks of
personal data theft by warning or blocking you from reported
phishing Web sites.
• Install up-to-date antivirus and antispyware software.
Some phishing e-mail contains malicious or unwanted
software (like keyloggers) that can track your activities or
simply slow your computer.
• Numerous antivirus programs exist as well as comprehensive
computer maintenance services like Norton Utilities. To help
prevent spyware or other unwanted software, download
Windows Defender.
The Information Technology (Amendment) Act, 2008 has
come into force on 27th October, 2009.

Almost Nine years and 10 days after the birth of


cyber laws in India, the new improved cyber law
regime in India has become a reality.

There are around 17 changes and out of that most of


the changes relate to cyber crimes.

www.site.technolexindia.com,
34 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Some of the major modifications  are:

1. A special liability has been imposed on call centers, BPOs, banks
and others who hold or handle sensitive personal data. If they are
negligent in "implementing and maintaining reasonable security
practices and procedures", they will be liable to pay compensation. It
may be recalled that India's first major BPO related scam was the
multi crore MphasiS-Citibank funds siphoning case in 2005. Under
the new law, in such cases, the BPOs and call centers could also be
made liable if they have not implemented proper security measures.
2. Compensation on cyber crimes like spreading viruses, copying
data, unauthorised access, denial of service etc is not restricted to Rs
1 crore anymore. The Adjudicating Officers will have jurisdiction for
cases where the claim is upto Rs. 5 crore. Above that the case will
need to be filed before the civil courts.
www.site.technolexindia.com,
35 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
3.The offence of cyber terrorism has been specially
included in the law. A cyber terrorist can be punished with
life imprisonment.
4. Sending threatening emails and sms are punishable
with jail upto 3 years.
5. Publishing sexually explicit acts in the electronic form
is punishable with jail upto 3 years.  This would apply to
cases like the Delhi MMS scandal where a video of a
young couple having sex was spread through cell phones
around the country.

www.site.technolexindia.com,
36 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
6.Voyeurism is now specifically covered. Acts like hiding
cameras in changing rooms, hotel rooms etc is punishable
with jail upto 3 years. This would apply to cases like the
infamous Pune spycam incident where a 58-year old man was
arrested for installing spy cameras in his house to 'snoop' on
his young lady tenants.
7. Cyber crime cases can now be investigated by Inspector
rank police officers. Earlier such offences could not be
investigated by an officer below the rank of a deputy
superintendent of police.
8. Collecting, browsing, downloading etc of child
pornography is punishable with jail upto 5 years for the first
conviction. For a subsequent conviction, the jail term can
extend to 7 years. A fine of upto Rs 10 lakh can also be levied.
www.site.technolexindia.com,
37 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
9. The punishment for spreading obscene material by
email, websites, sms has been reduced from 5 years jail to
3 years jail. This covers acts like sending 'dirty' jokes and
pictures by email or sms.
10. Refusing to hand over passwords to an authorized
official could land a person in prison for upto 7 years.
 11. Hacking into a Government computer or website,
or even trying to do so in punishable with imprisonment
upto 10 years.
12. Rules pertaining to section 52 (Salary, Allowances and
Other Terms and Conditions of Service of Chairperson
and Members),

www.site.technolexindia.com,
38 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
13. Rules pertaining to section 69 (Procedure and
Safeguards for Interception, Monitoring and Decryption of
Information),
14. Rules pertaining to section 69A (Procedure and
Safeguards for Blocking for Access of Information by
Public),
15. Rules pertaining to section 69B (Procedure and
safeguard for Monitoring and Collecting Traffic Data or
Information) and
16. Notification under section 70B for appointment of the
Indian Computer Emergency Response Team.
17. Rules Rules pertaining to section 54 (Procedure for
Investigation of Misbehaviour or Incapacity of Chairperson
and Members),
www.site.technolexindia.com,
39 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Computer Related Crimes under IPC
and Special Laws
Sending threatening messages by email Sec 503 IPC

Sending defamatory messages by email Sec 499, 500 IPC

Forgery of electronic records Sec 463, 470, 471 IPC

Bogus websites, cyber frauds Sec 420 IPC

Email spoofing Sec 416, 417, 463 IPC

Online sale of Drugs NDPS Act

Web - Jacking Sec. 383 IPC

Online sale of Arms Arms Act


40
Special and General statutes applicable to
cybercrimes
 While the IT Act 2000, provides for the specific offences it has to be read with

the Indian Penal Code 1860 (IPC) and the Code of Criminal Procedure 1973 (Cr
PC)

IT Act is a special law, most IT experts are of common consensus that it does not
cover or deal specifically with every kind of cyber crime
 for instance, for defamatory emails reliance is placed on Sec. 500 of IPC, for

threatening e-mails, provisions of IPC applicable thereto are criminal


intimidation (ch XXII), extortion (ch XVII), for e-mail spoofing, provisions of
IPC relating to frauds, cheating by personation (ch XVII) and forgery (ch XVIII)
are attracted.
www.site.technolexindia.com,
41 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
 Likewise, criminal breach of trust and fraud (SS 405, 406, 408,

409) of the IPC are applicable and for false electronic evidence,
Sec. 193 of IPC applies.

 For cognisability and bailability, reliance is placed on Code of

Criminal Procedure which also lays down the specific provisions


relating to powers of police to investigate.

www.site.technolexindia.com,
42 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Liability of ISPs and Govt.
GOVERNMENT –NSP??
Governments Providing Services On The Network

Governments Are Intermediaries. Sec 79 IT Act.

Under The It Act, 2000, All Governments, Central

And State, All Governmental Bodies Are “Network


Service Providers”

www.site.technolexindia.com,
43 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Liability of ISPs and Govt.

Section 79 of I T Act 200


For the removal of doubts, it is hereby declared that no
person providing any service as a network service provider
shall be liable under this Act, rules or regulations made
there under for any third party information or data made
available by him if he proves that the offence or
contravention was committed without his knowledge or
that he had exercised all due diligence to prevent the
commission of such offence or contravention.

www.site.technolexindia.com,
44 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Liability of ISPs and Govt. (Contd.)

Network Service Providers: When Not Liable


Explanation.—For the purposes of this section, —

(a) "network service provider" means an intermediary;


(b) "third party information" means any information dealt
with by a network service provider in his capacity as an
intermediary.

www.site.technolexindia.com,
45 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Liability of ISPs and Govt.
TRANSPARENCY
Need For Transparent E-governance

Right To Information Act

Government Would Now Not Be Able To Hide Records

Concerning E-governance

www.site.technolexindia.com,
46 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Government Initiative
 The Cyber Crime Investigation cell (CCIC) of
the CBI, notified in September 1999, started
functioning from 3 March 2000.
 It is located in New Delhi, Mumbai, Chennai
and Bangalore.
 Jurisdiction of the cell is all over India.
 Any incident of the cyber crime can be
reported to a police station, irrespective of
whether it maintains a separate cell or not.
www.site.technolexindia.com,
47 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
The Indian Computer Emergency Response
Team (CERT-In)
IT Amendment ACT 2008.
“70A. (1) The Indian Computer Emergency Response Team (CERT-In) shall
serve as the national nodal agency in respect of Critical Information
Infrastructure for coordinating all actions relating to information security
practices, procedures, guidelines, incident prevention, response and report.

(2) For the purposes of sub-section (1), the Director of the Indian Computer
Emergency Response Team may call for information pertaining to cyber
security from the service providers, intermediaries or any other person.

www.site.technolexindia.com,
48 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Amendments- Indian Evidence Act
1872
 Section 3 of the Evidence Act amended to take care of
admissibility of ER as evidence along with the paper based
records as part of the documents which can be produced before
the court for inspection.
 Section 4 of IT Act confers legal recognition to electronic
records

www.site.technolexindia.com,
Wednesday, Decemb 49
er 08, 2021 http://technolexindia.blogspot.com
AUTHENTICATION OF ELECTRONIC
RECORDS
Any subscriber may authenticate an electronic record
Authentication by affixing his digital signature.
Any person by the use of a public key of the subscriber
can verify the electronic record

www.site.technolexindia.com,
50 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
LEGALITY OF ELECTRONIC SIGNATURES
Legal recognition of digital signatures.

Certifying Authorities for Digital Signatures.

Scheme for Regulation of Certifying Authorities for

Digital Signatures

www.site.technolexindia.com,
51 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
CONTROLLER OF CERTIFYING
AUTHORITIES

Shall exercise supervision over the activities of Certifying

Authorities
Lay down standards and conditions governing Certifying

Authorities
 Specify various forms and content of Digital Signature

Certificates

www.site.technolexindia.com,
52 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
DIGITAL SIGNATURES & ELECTRONIC
RECORDS

Use of Electronic Records and Electronic Signatures

in Government Agencies.

 Publications of rules and regulations in the Electronic

Gazette.

MCA –21 Project- Usage of Digital Signatures

www.site.technolexindia.com,
53 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Presumptions in law- Section 85 B Indian
Evidence Act
 The law also presumes that in any proceedings, involving secure digital
signature, the court shall presume, unless the contrary is proved, that
the secure digital signature is affixed by the subscriber with the
intention of signing or approving the electronic record

 In any proceedings involving a secure electronic record, the court shall


presume, unless contrary is proved, that the secure electronic record
has not been altered since the specific point of time, to which the
secure status relates

www.site.technolexindia.com,
54 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Presumption as to electronic messages-
Section 88A of Evidence Act
 The court may treat electronic messages received as if they
were sent by the originator, with the exception that a
presumption is not to be made as to the person by whom
such message was sent.
 It must be proved that the message has been forwarded
from the electronic mail server to the person ( addressee )
to whom such message purports to have been addressed
 An electronic message is primary evidence of the fact that
the same was delivered to the addressee on date and time
indicated.

www.site.technolexindia.com,
55 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
IT Amendment Act 2008-Section 79A
 Section 79A empowers the Central govt to appoint any
department, body or agency as examiner of electronic evidence
for proving expert opinion on electronic form evidence before
any court or authority.
 Till now, government forensic lab of hyderabad was considered
of evidentiary value in courts- CFSIL
 Statutory status to an agency as per Section 79A will be of vital
importance in criminal prosecution of cybercrime cases in India

www.site.technolexindia.com,
56 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Sec. 69, 69 A, 69 B
Decryption of information
Ingredients
Controller issues order to Government agency to intercept
any information transmitted through any computer resource.
Order is issued in the interest of the
 sovereignty or integrity of India,
 the security of the State,
 friendly relations with foreign States,
 public order or
 preventing incitement for commission of a cognizable offence
Person in charge of the computer resource fails to extend all
facilities and technical assistance to decrypt the
information-punishment upto 7 years.

www.site.technolexindia.com,
57 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Sec 70 Protected System
Ingredients
Securing unauthorised access or attempting to secure
unauthorised access
to ‘protected system’
Acts covered by this section:
Switching computer on / off
Using installed software / hardware
Installing software / hardware
Port scanning
Punishment
Imprisonment up to 10 years and fine
 Cognizable, Non-Bailable, Court of Sessions

www.site.technolexindia.com,
58 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Criminological Theories & Cyber Crime

Space Transition Theory


Routine Activity Theory
Displacement Theory
Opportunity Theory
Space Transition Theory
1)Persons with repressed criminal behavior (in the
physical space) have a propensity to commit crime in
cyberspace, which otherwise they would not commit
in physical space, due to their status and position.
 Concern for status in physical space does not
transition to cyber space.
 Behavior repressed in physical space are not in cyber
space.
Space Transition Theory
2) Identity flexibility, dissociative anonymity, and lack of
deterrence factor in the cyberspace provides the offenders
the choice to commit cyber crime.
 Disinhibiting effect allows individuals:
 Open honesty about personal issues
 To act out on unpleasant needs
 Deinidividualization - inner restraints are lost when
individuals not seen as individuals
 Leads to behavior that is
 Less altruistic
 More selfish
 More aggressive
Space Transition Theory
2) Identity flexibility, dissociative anonymity, and lack of
deterrence factor in the cyberspace provides the
offenders the choice to commit cyber crime.
Deterrence factor changes
 Attacks can be made from a remote location
 Crime reslts not immediately apparent
Space Transition Theory
3) Criminal behavior of offenders in cyberspace is likely to
be imported to physical space which, in physical space
maybe exported to cyberspace as well.
 Cyber crime has moved from the single individual acting

for fame to professional criminals


 Huge financial gain with little risk

 Growth of e-commerce attracts criminals to the net


Space Transition Theory
4) Intermittent venture of offenders in to the cyberspace
and the dynamic spatiotemporal nature of cyberspace
provide the chance to escape
Cyber space is transient
Cyber space is dynamic
Cyber crimes have do not have spatial - temporal
restrictions of traditional crimes
Space Transition Theory
5) (a)Strangers are likely too unite together in cyberspace to
commit crime in the physical space; (b) Associates of
physical space are likely to unite to commit crime in
cyberspace.
 Cyberspace allows for recruitment and dissemination
 Cyberspace is:
 Unmoderated
 Easy to access
 Cyberspace can pose an insider threat
 Spy / mole
 Disgruntled employee
Space Transition Theory
6) Persons from closed society are more likely to commit
crimes in cyberspace than persons from open society.
Open society allows individuals to voice opinions &
vent feelings.
Cyberspace allows individuals from closed societies to
express anger & frustrations through hate messages,
web page vandalism, up to cyber terrorism attacks
Space Transition Theory
7) The conflict of norms and values of physical space
with the norms and values of cyberspace may lead to
cyber crimes.
Cyberspace is international
Societal differences between individuals may lead to
cyber crime
Conflicts between nations carry over into cyberspace
Routine Activity Theory
 Routine activities in conventional societies provide
opportunities for perpetrator to commit crime
 Three things must be present for crime to occur:
 Suitable target is available
 Motivated offender is present
 Lack of a suitable guardian to prevent crime from occurring

 Assessment of situation determines whether or not a crime


takes place.
Routine Activity Theory
 A suitable target can be:
 A person
 An object
 A place
 Target comes to the attention of a person searching for a
criminal opportunity
 Targets behavior may place target in contact with
perpetrator
 No significant deterring mechanism is present
Routine Activity Theory
Motivated Perpetrator
Predatory crime is a method for the perpetrator to
secure basic needs of desires
Actions of perpetrator are intentional and illegal
Routine Activity Theory
A capable guardian
Police patrol, Security guards
Neighbors, neighborhood watch, dogs
Locks, fences, CCTV systems
Passwords, tokens, biometric measures
Guardians can be formal or informal
Guardians can be human or machine
Guardians MUST be capable of acting as a deterrent
Opportunity Theory
Opportunity to commit a crime is a root cause of crime
No crime can occur without the physical opportunity
Opportunity plays a role in all crimes, not just those
involving physical property
Reducing opportunity reduces crime
Displacement Theory
Reductions in opportunity will not reduce crime
because crime will be displaced to another location
Opportunity is so compelling that removing
perpetrators will not reduce crime because other
perpetrators will step in
Research on displacement theory has shown crime is
not always displaced
Routine Activity Theory & the Internet
Opportunity to commit crime is multiplied
Target and perpetrator are much more likely to come in
contact with each other
Victim has to keep returning to scene of the crime
Deterrence comes shifting either events or
circumstances
Neither are easily altered
Routine Activity Theory & the Internet
Cybercrime has more to do with the effectiveness of
indirect guardianship
Internet is open & unmoderated
Mechanisms of the Internet designed to transfer data,
not to examine the data
Internet guardianships are all mechanical
Reactive, respond to some action - IDS
Cannot respond to new, previously untried activity
Hacker Neutralization Techniques
Allows for temporary neutralization of values, beliefs,

and attitudes so illegal behaviors can be performed.


Justification of an act requires the need to assert its

positive values
Used by different types of deviants
Hacker Neutralization Techniques
Denial of Injury
No harm or insignificant harm done to victim

No physical information stolen, information in an

electronic form
Belief that downloading is copying not stealing

As long as no one knows their information is being

perused, no harm is done


Hacker Neutralization Techniques
Denial of Victim
Victim is deserving of punishment
Four categories of victims
 Close enemies who have harmed offender directly
 People who do not conform to normative social roles
 Groups with tribal stigmas
 Remote enemies who hold positions perceived as questionable or
corrupt
Offender may assume role of “avenger” or “crusader for
justice”
May justify actions as revenge
Hacker Neutralization Techniques
Condemnation of the Condemners
Divert attention from offenders actions to the motives
and behaviors of those condemning offender’s actions
Mistrust of authority
Promote decentralization
Price charged by software companies too high and unfair
Victim failed to protect their computer system
Hacker Neutralization Techniques
Appeal to higher loyalties
Offender doesn’t deny damage, act was done to protect

higher loyalties
 Loyalty to group

 Responsibility to family or spouse

 Employer (Corporate crimes)

Claim actions were done to acquire knowledge


Hacker Neutralization Techniques
Self-fulfillment
Illegal activity done for
 Fun
 Excitement or thrill
 Computer virtuosity
Offender achieves feelings of superiority & control
Voyeurism
Demonstration of ability
Hacker Neutralization Techniques
Hackers do not use all neutralization techniques
Denial of responsibility
Sad story
Both external forms of neutralization
Only use techniques based on internal neutralization
Hackers take pride in what they do
Hackers feel in shame or guilt
Computer Hackers & Social Organization
Mutual Association
Clear interpersonal relationship
No strong or deep interpersonal relationships on or off
line
Social connections relatively shallow
Multiple identities and multiple forum use may limit
ability to form interpersonal connections
Utilize social networks to exchange knowledge and
information
Computer Hackers & Social Organization
Mutual Participation
Groups are stratified rather than centrally controlled
Participation in groups did not lead to group attacks
Many do not want an group affiliation
Computer Hackers & Social Organization
Division of labor
Some specialization in group forums does exist
Stratification & division of labor
 Small group of moderators
 Larger group of users exchanging knowledge & information
Loose set of rules
 Give respect, get respect
 No flaming
Large population of users enforcing the rules
Computer Hackers & Social Organization
Extended duration

No group with extended history

Relationships appear transitory

Relationships within forums weak & short-lived


Incident Response – a precursor to Techniques of Cyber
investigation & forensic tools
 ‘Incident response’ could be defined as a precise set of actions to
handle any security incident in a responsible ,meaningful and
timely manner.
 Goals of incident response-
 To confirm whether an incident has occurred
 To promote accumulation of accurate information
 Educate senior management
 Help in detection/prevention of such incidents in the future,
 To provide rapid detection and containment
 Minimize disruption to business and network
operations
 To facilitate for criminal action against
perpetrators
www.site.technolexindia.com,
87 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Handling of Evidences by Cyber Analysts

Collect, Analyze
Identify Observe and Verify
& Organize
Preserve
Four major tasks for working with digital evidence
Identify: Any digital information or artifacts that can be
used as evidence.
Collect, observe and preserve the evidence
Analyze, identify and organize the evidence.
Rebuild the evidence or repeat a situation to verify the
same results every time. Checking the hash value.

www.site.technolexindia.com,
88 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Techniques of cyber investigation- Cyber
forensics
 Computer forensics, also called cyber forensics, is the application of computer
investigation and analysis techniques to gather evidence suitable for
presentation in a court of law.

 The goal of computer forensics is to perform a structured investigation while


maintaining a documented chain of evidence to find out exactly what
happened on a computer and who was responsible for it.

www.site.technolexindia.com,
89 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Computer Forensic Tools
Forensic Tool Kit:

FTK is developed by
Access Data Corporation
(USA); it enables law
enforcement and
corporate security
professionals to perform
complete and in-depth
computer forensic
analysis.
90
www.site.technolexindia.com, Main Window of FTK
Wednesday, December 08, 2
http://technolexindia.blogspot.com
021
TYPICAL TOOLS
EMAIL TRACER
TRUEBACK
CYBERCHECK
MANUAL

www.site.technolexindia.com,
91 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Current and Emerging Cyber Forensic Tools of Law Enforcement

www.site.technolexindia.com,
92 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Land Mark Cases
9/11 Attack on WTC
Afzal Guru Parliament attack Case
Mumbai Attack on Tajmahal etc.
Firos vs. State of Kerala
Syyed Asifuddin Case
Bazee Case
State of Tamilnadu v. Suhas Katti
Balasore ATM Fraud, 2010

www.site.technolexindia.com,
93 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Case Study (contd.)
 The crime was obviously committed using "Unauthorized
Access" to the "Electronic Account Space" of the customers.
It is therefore firmly within the domain of "Cyber Crimes".
 ITA-2000 is versatile enough to accommodate the aspects
of crime not covered by ITA-2000 but covered by other
statutes since any IPC offence committed with the use of
"Electronic Documents" can be considered as a crime with
the use of a "Written Documents". "Cheating", "Conspiracy",
"Breach of Trust" etc are therefore applicable in the above
case in addition to section in ITA-2000.
 Under ITA-2000 the offence is recognized both under
Section 66 and Section 43. Accordingly, the persons
involved are liable for imprisonment and fine as well as a
liability to pay damage to the victims to the maximum extent
of Rs 1 crore per victim for which the "Adjudication Process"
can be invoked.
www.site.technolexindia.com,
94 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Case Study (contd.)
 The BPO is liable for lack of security that enabled the commission of the
fraud as well as because of the vicarious responsibility for the ex-employee's
involvement. The process of getting the PIN number was during the tenure of
the persons as "Employees" and hence the organization is responsible for the
crime.
 Some of the persons who have assisted others in the commission of the crime
even though they may not be directly involved as beneficiaries will also be
liable under Section 43 of ITA-2000.
 Under Section 79 and Section 85 of ITA-2000, vicarious responsibilities are
indicated both for the BPO and the Bank on the grounds of "Lack of Due
Diligence".
 At the same time, if the crime is investigated in India under ITA-2000, then
the fact that the Bank was not using digital signatures for authenticating the
customer instructions is a matter which would amount to gross negligence on
the part of the Bank. (However, in this particular case since the victims appear
to be US Citizens and the Bank itself is US based, the crime may come under
the jurisdiction of the US courts and not Indian Courts).

www.site.technolexindia.com,
95 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Baazee case

www.site.technolexindia.com,
96 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Baazee case
Obscene MMS clipping listed for sale on
27th November, 2004 - “DPS Girl having fun".

Some copies sold through Baazee.com

Avnish Bajaj (CEO) arrested and his bail application


was rejected by the trial court.

www.site.technolexindia.com,
97 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Points of the prosecution
The accused did not stop payment through banking
channels after learning of the illegal nature of the
transaction.

The item description "DPS Girl having fun" should


have raised an alarm.

www.site.technolexindia.com,
98 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Points of the defence
 Section 67 relates to publication of obscene material
and not transmission.

 Remedial steps were taken within 38 hours, since


the intervening period was a weekend.

www.site.technolexindia.com,
99 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Findings of the Court
It has not been established from the evidence that
any publication took place by the accused, directly
or indirectly.

The actual obscene recording/clip could not be


viewed on the portal of Baazee.com.

The sale consideration was not routed through the


accused.

www.site.technolexindia.com,
100 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Findings of the Court
Prima facie Baazee.com had endeavored to plug
the loophole.

The accused had actively participated in the


investigations.

The nature of the alleged offence is such that the


evidence has already crystallized and may even be
tamper proof.

www.site.technolexindia.com,
101 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Findings of the Court
Even though the accused is a foreign citizen, he is
of Indian origin with family roots in India.

The evidence indicates


only that the obscene material may have been
unwittingly offered for sale on the website.

the heinous nature of the alleged crime may be


attributable to some other person.

www.site.technolexindia.com,
102 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Court order
 The court granted bail to Mr. Bajaj subject to
furnishing two sureties of Rs. 1 lakh each.

 The court ordered Mr. Bajaj to


 surrender his passport
 not to leave India without Court permission
 to participate and assist in the investigation.

www.site.technolexindia.com,
103 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Case of- BPO Data Theft
The recently reported case of a Bank Fraud in Pune in
which some ex employees of  BPO arm of MPhasis
Ltd MsourcE, defrauded US Customers of Citi Bank to
the tune of RS 1.5 crores has raised concerns of many
kinds including the role of "Data Protection".

www.site.technolexindia.com,
104 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
State v Navjot Sandhu
(2005)11 SCC 600
 Held, while examining Section 65 B Evidence Act, it may
be that certificate containing details of subsection 4 of
Section 65 is not filed, but that does not mean that
secondary evidence cannot be given.

 Section 63 & 65 of the Indian Evidence Act enables


secondary evidence of contents of a document to be
adduced if original is of such a nature as not to be easily
movable.

www.site.technolexindia.com,
105 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
State of Tamil Nadu Vs Suhas Katti
 This Case is notable for the fact that the conviction was achieved
successfully within a relatively quick time of 7 months from the filing
of the FIR .
 The case related to posting of obscene, defamatory and annoying
message about a divorcee woman in the yahoo message group.
Additional Chief Metropolitan Magistrate, delivered the judgment on
5-11-04 as follows:

 “The accused is found guilty of offences under section 469, 509 IPC
and 67 of IT Act 2000 and the accused is convicted and is sentenced
for the offence to undergo RI for 2 years under 469 IPC and to pay
fine of Rs.500/- and for the offence u/s 509 IPC sentenced to
undergo 1 year Simple imprisonment and to pay fine of Rs.500/-
and for the offence u/s 67 of IT Act 2000 to undergo RI for 2 years
and to pay fine of Rs.4000/- All sentences to run concurrently.”

 This is considered the first case convicted under section 67 of


Information Technology Act 2000 in India
www.site.technolexindia.com,
106 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Firos vs. State of Kerala
Govt of Kerala declared the FRIENDS application
software as a protected system.

The author of the application software challenged the


notification and the constitutional validity of section
70.

The Court upheld the validity of both

www.site.technolexindia.com,
107 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Syed Asifuddin case
Tata Indicom employees were arrested for
manipulation of the electronic 32-bit number
(ESN) programmed into cell phones that were
exclusively franchised to Reliance Infocomm.

The court held that such manipulation amounted to


tampering with computer source code as envisaged
by section 65.

www.site.technolexindia.com,
108 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Societe Des products Nestle SA case 2006 (33 ) PTC 469

 By virtue of provision of Section 65A, the contents of electronic records may be proved
in evidence by parties in accordance with provision of 65B.
 Held- Sub section (1) of section 65B makes admissible as a document, paper print out of
electronic records stored in optical or magnetic media produced by a computer subject to
fulfillment of conditions specified in subsection 2 of Section 65B .
a) The computer from which the record is generated was regularly used to store or process
information in respect of activity regularly carried on by person having lawful control
over the period, and relates to the period over which the computer was regularly used.
b) Information was fed in the computer in the ordinary course of the activities of the person
having lawful control over the computer.
c) The computer was operating properly, and if not, was not such as to affect the electronic
record or its accuracy.
d) Information reproduced is such as is fed into computer in the ordinary course of activity.
 State v Mohd Afzal, 2003 (7) AD (Delhi)1

www.site.technolexindia.com,
109 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Parliament attack case

Several terrorists attacked Parliament House on 13-


Dec-01

Digital evidence played an important role during their


prosecution.

The accused had argued that computers and digital


evidence can easily be tampered and hence should not
be relied upon.

www.site.technolexindia.com,
110 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Parliament attack case
A laptop, several smart media storage disks and
devices were recovered from a truck intercepted at
Srinagar pursuant to information given by two of the
suspects.

These articles were deposited in the police “malkhana”


on 16-Dec-01 but some files were written onto the
laptop on 21-Dec-01.

www.site.technolexindia.com,
111 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Parliament attack case
Evidence found on the laptop included:
fake identity cards,
video files containing clippings of political leaders with
Parliament in background shot from TV news channels,
scanned images of front and rear of a genuine identity
card,

www.site.technolexindia.com,
112 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Parliament attack case
image file of design of Ministry of Home Affairs car
sticker,

the game 'wolf pack' with the user name 'Ashiq'. Ashiq
was the name in one of the fake identity cards used by
the terrorists.

www.site.technolexindia.com,
113 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
The possible reliefs to a cybercrime victim
and strategy adoption

www.site.technolexindia.com,
114 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Possible reliefs to a cybercrime victim- strategy
adoption
 A victim of cybercrime needs to immediately report the matter to
his local police station and to the nearest cybercrime cell
 Depending on the nature of crime there may be civil and criminal
remedies.
 In civil remedies , injunction and restraint orders may be sought,
together with damages, delivery up of infringing matter and/or
account for profits.
 In criminal remedies, a cybercrime case will be registered by police
if the offence is cognisable and if the same is non cognisable, a
complaint should be filed with metropolitan magistrate
 For certain offences, both civil and criminal remedies may be
available to the victim

www.site.technolexindia.com,
115 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Preparation for prosecution
 Collect all evidence available & saving snapshots of evidence
 Seek a cyberlaw expert’s immediate assistance for advice on preparing for
prosecution
 Prepare a background history of facts chronologically as per facts
 Pen down names and addresses of suspected accused.
 Form a draft of complaint and remedies a victim seeks
 Cyberlaw expert & police could assist in gathering further evidence e.g tracing
the IP in case of e-mails, search & seizure or arrest as appropriate to the situation
 A cyber forensic study of the hardware/equipment/ network server related to the
cybercrime is generally essential
 Preparation of chain of events table
 Probing where evidence could be traced? E-mail inbox/files/folders/ web history.
 Accused may use erase evidence software/tools
 Forensically screening the hardware/data/files /print outs / camera/mobile/pen
drives of evidentiary value.

www.site.technolexindia.com,
116 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Future Course of Action
 Mumbai Cyber lab is a joint initiative of Mumbai police and
NASSCOM –more exchange and coordination of this kind
 More Public awareness campaigns
 Training of police officers to effectively combat cyber crimes
 More Cyber crime police cells set up across the country
 Effective E-surveillance
 Websites aid in creating awareness and encouraging
reporting of cyber crime cases.
 Specialised Training of forensic investigators and experts
 Active coordination between police and other law
enforcement agencies and authorities is required.
 Re-interpretation of criminological theories and development
of cyber jurisprudence

www.site.technolexindia.com,
117 http://technolexindia.blogspot.com Wednesday, December 08, 2
021
Do you have any question?
Thanks

www.site.technolexindia.com,
119 http://technolexindia.blogspot.com 12/8/21

You might also like