Cyber Law �& �Security Policy
REFERENCE
Cyber Security
by
Nina Godbole & Sunit Belapure
Wiley India Publication
Contents
INTRODUCTION OF CYBERCRIME
Cybercrime
What is your opinion?
Cybercrime
Two types of attacks are prevalent
Cybercrime
Techno-crime: A planned act against a system or systems, with the intent to copy, steal, prevent access, corrupt or otherwise deface or damage parts of or the complete computer system
This is possible due to 24x7 Internet connection from anywhere in the world leaving few fingerprints
Cybercrime
Techno-vandalism: These acts of “brainless” defacement of websites and other activities like copying files and publicizing their contents publicly
Tight internal security allied to strong technical safeguards should be used to prevent such incidents
Cybercrime
Examples:
Cybercrime
Examples:
Cybercrime
Cybercrime vs Terrestrial crime
Cybercrime
Associated Terms
Cyberspace
Cyberpunk
Cybersquatting
Cyberwarfare
Cyberterrorism
Cybercrime
Cyberspace
It is a worldwide network of computer networks that uses TCP/IP for communication to facilitate transmission and exchange of data
Cybercrime
It is the practice of buying “domain names” that have existing business names and selling it back to the rightful owner at much higher price
It means registering, selling, or using a domain name with the intent of profiting from the goodwill of someone else’s trademark
Cybersquatting
Cybercrime
It is defined as “anarchy via machines”
The word first appeared as the title of a short story “Cyberpunk” by Bruce Bethke published in Science fiction magazine, AMAZING ,1983
It is about a bunch of teenage hackers/crackers that expresses the combination of punk attitudes and high technology
Cyberpunk
Cybercrime
It means information warriors unleashing vicious attacks against an unsuspecting opponent’s computer networks, wreaking havoc and paralyzing nations
It is attack against information infrastructure which includes information resources and communication systems that support an industry, institution or population
Cyberwarfare
Cybercrime
Narrow Definition: It relates to deployments by known terrorist organizations, of disruption attacks against information systems for the primary purpose of creating alarm and panic
Broad Definition: The premeditated use of disruptive activities or the threat thereof against computers and or networks with the intention to cause harm or further social ideological religious political or similar objectives or to intimidate any person in furtherance of such objectives
Cyberterrorism
Cybercrime
Cybercrime
Botnet Menace
Cybercrime
Botnet Menace
Botnet refers to a group of compromised computers (zombie computers, i.e., computers secretly under the control of hackers) running malwares under a common command and control infrastructure
Cybercrime
Forgery
Hacking
Hacking
Software Piracy
Software Piracy
Computer Network Intrusion
Computer Network Intrusion
Computer Network Intrusion
CATEGORY OF CYBERCRIME
Cybercriminals
Cybercrime involves such activities as
Cybercriminals are those who perform these acts
Cybercriminals
Categories :
Cybercriminals
Categories :
Type I: Cybercriminals – hungry for recognition
Cybercriminals
Categories :
Type II: Cybercriminals – not interested in recognition
Cybercriminals
Categories :
Type III: Cybercriminals – the insiders
Classification of Cybercrimes
Classification of Cybercrimes
Cybercrime against individual
Classification of Cybercrimes
Cybercrime against property
Classification of Cybercrimes
Cybercrime against organization
Classification of Cybercrimes
Cybercrime against society
Classification of Cybercrimes
Crimes emanating from Usenet groups
Classification of Cybercrimes
Based on :
series of events
Classification of Cybercrimes
Goal is to exploit human weakness such as greed and naivety
Goal is to steal cell phones, laptops, PDAs, CDs and pendrives, transmitting harmful programs to destroy devices etc
Goal is Cyberterrorism by planting programs to get control of the network
Classification of Cybercrimes
Classification of Cybercrimes
Planning Attack
Steps:
Passive Attack
Passive Attack
Tools used during passive attacks
Active Attack
Active Attack
Tools used during active attacks
Active Attack
Tools used during active attacks
Scanning & Scrutinizing
Objectives:
Scanning & Scrutinizing
Ports
Scanning & Scrutinizing
Well-known Ports
Scanning & Scrutinizing
Scanning & Scrutinizing
Scanning & Scrutinizing
Scanning & Scrutinizing
Scanning & Scrutinizing
Usually most of the attackers consume 90% of the time in scanning scrutinizing and gathering information on a target and 10% of the time in launching the attack
Scanning & Scrutinizing
Social Engineering
Social Engineering
Social Engineering
Social engineering and dumpster diving are also considered passive information-gathering methods
Social Engineering
Social Engineering
Cyberstalking
Cyberstalking
Cyberstalking
Foursquare is a location-based social networking website for mobile devices, such as smart phones. Users "check in at venues using a mobile website, text messaging or a device-specific application by selecting from a list of venues the application locates nearby. Location is based on GPS in the mobile device or network location provided by the application, and the map is based on data from the OpenStreetMap project.
Cyberstalking
Case Study
- Mrs. Joshi of Delhi received almost 40 calls a day for 3 days at odd hours from Kuwait, Cochin, Bombay and Ahmadabad that created havoc in her personal life
- She registered a complaint with Delhi Police
- Actually a person was using her ID to chat over the Internet at www.micr.com for 4 consecutive days using obscene language and gave Mrs. Joshi’s telephone no. to other chatters encouraging them to call her at odd hours
Cyberstalking
Cyberstalking
CYBERCRIME AND CYBER SECURITY
Legal Aspects
Legal Aspects
Legal Aspects
Any illegal behavior carried out by electronic means targeting the security of computer system
Any illegal behavior carried out by means of or in relation to a computer system or network including such crimes as
computer system or network
Legal Aspects
Legal Aspects
Legal Aspects
Legal Aspects
Legal Aspects
Legal Aspects
Legal Aspects
a) deleting temporarily or permanently any computer data
b) altering, damaging or causing malfunction of a computer
Indian Cyber Laws
Indian Cyber Laws
Indian Cyber Laws
Indian Cyber Laws
Indian IT Act
Cybercrimes punishable under �Indian IT Act�
Sections of Indian IT Act Relevant to �Cybercrime in legal context��
Sections of Indian IT Act Relevant to �Cybercrime in legal context��
Digital Evidence and its Admissibility �in Courts��
Digital Evidence and its Admissibility �in Courts��
Digital Evidence and its Admissibility �in Courts��
Sources of Digital Evidence ��
Forensic Computing � Purpose��
Forensic Computing �Definition�
Forensic Computing : �Alternative Definition�
“...the application of science and engineering to the legal problem of digital evidence. It is a synthesis of science and law”
Forensic Computing�Background �
Forensic Computing�Single Source Cases ��
Forensic Computing�Single Source ��
Forensic Computing�Static Evidence��
Forensic Computing���
Standard seizure procedure
Forensic Computing���
Imaging and Checksumming
Forensic Computing���
Why image ?
Forensic Computing���
Forensically sound copy
Forensic Computing���
Checksumming
Forensic Computing���
Sources of evidence in the image
Live Files
Deleted files
Swap space
Slack space
What about edited files ?
Recovered data
Challenges
Current & Future
Challenges - Current
Hashed Data
Encryption
Steganography
Worse yet
Additional challenges
Additional challenges
Case studies
Admissibility of E-Records �Amendments made in the Indian ITA 2000���
Admissibility of E-Records �Amendments made in the Indian ITA 2000���
Admissibility of E-Records �Amendments made in the Indian ITA 2000���
Admissibility of E-Records �Amendments made in the Indian ITA 2000���
Positive Aspects of ITA 2000���
Weak Areas of ITA 2000���
Challenges to Indian Law and Cybercrime Scenario in India����
Challenges to Indian Law and Cybercrime Scenario in India����
Offences:
Challenges to Indian Law and Cybercrime Scenario in India����
So with respect to the previous discussion –
Consequences of not Addressing the Weakness in ITA 2000�����
If the weaknesses in ITA 2000 are not addressed in the near future then the dream of India ruling the world’s outsourcing market may not come true
Thank You