Module LIV - Law and Computer
Forensics
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Scenario
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
News: Computer Forensics:
Be...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Module Objective
• Introduct...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Module Flow
Computer Forensi...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Computer Forensics Laws
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Computer Forensics Laws
Comp...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Role of Law Enforcement Agen...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Guidelines for Law Enforceme...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Law Enforcement Policies
Law...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Internet Laws and Statutes
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Internet Laws and Statutes
C...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Federal Laws (Computer Crime...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Intellectual Property Rights...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Intellectual Property Rights...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Intellectual Property Rights...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Intellectual Property Rights...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Intellectual Property Rights...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Intellectual Property Rights...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Intellectual Property Rights...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Intellectual Property Rights...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Intellectual Property Rights...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Intellectual Property Rights...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Cyber Stalking
18 U.S.C. § 8...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Information Security Acts
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
The USA PATRIOT Act of 2001
...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Federal Information Security...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Federal Information Security...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Gramm-Leach Bliley Act
• The...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
CAN-SPAM Act
Main provisions...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
CAN-SPAM Act (cont’d)
• Each...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Personal Information Protect...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Data Protection Act 1998
 S...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Data Protection Act 1998
(co...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Criminal Damage Act 1991
(1)...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Cyber Terrorism Preparedness...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Laws Related to Information
...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Federal Records Act
• The he...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Federal Records Act (cont’d)...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Federal Managers Financial
I...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Federal Property and
Adminis...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Government Paperwork
Elimina...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Paperwork Reduction Act
• Mi...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Computer Fraud and Abuse Act...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Freedom of Information Act
T...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
E-Government Act 0f 2002
/Pu...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
E-Government Act 0f 2002
/Pu...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Implications of Public Law 1...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Information Privacy Act 2000...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Computer Crime Acts
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Australia: The Cybercrime
Ac...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Australia: The Cybercrime
Ac...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Austrian Laws
• (1) Provided...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Belgium Laws
• §1. Any perso...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Brazilian Laws
ENTRY OF FALS...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Canadian Laws
Canadian Crimi...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Denmark Laws
Penal Code Sect...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
European Laws
 SECTION 1 - ...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
France Laws
• The act of fra...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
German Laws
• (1) Any person...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Greece Laws
Criminal Code Ar...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Hong Kong Laws
 Section 27A...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Indian Laws
• (1) Whoever wi...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Italian Laws
Penal Code Arti...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Japanese Laws
 Unauthorized...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Japanese Laws (cont’d)
• (1)...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Japanese Laws (cont’d)
 Pro...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Latvian Laws
• If a person c...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Malaysian Laws
• (1) A perso...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Malta Laws
Computer Misuse: ...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Netherlands Laws
Criminal Co...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Norwegian Laws
Penal Code § ...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Philippines Laws: Electronic...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Singapore Laws:
Computer Mis...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Singapore Laws: Computer
Mis...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
United Kingdom: Police and
J...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
United States Laws
• Intenti...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Internet Crime Schemes and
P...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Internet Crime Schemes
Curre...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Internet Crime Prevention Ti...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Internet Crime Prevention Ti...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Internet Crime Prevention Ti...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Reporting a Cyber Crime
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Why You Should Report Cyberc...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Reporting Computer-Related C...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Reporting Computer-Related
C...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Person Assigned to Report th...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Person Assigned to Report th...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
When and How to Report an
In...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Who to Contact at the Law
En...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Federal Local Agents Contact...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Federal Local Agents Contact...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Federal Local Agents Contact...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Federal Local Agents Contact...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
More Contacts
FBI Local Offi...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
CIO Cyberthreat Report Form
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Crime Investigating Organiza...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Crime Investigating Organiza...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Interpol - Information
Techn...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
www.interpol.int
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Federal Bureau of Investigat...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
How the FBI Investigates
Com...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
How the FBI Investigates
Com...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Federal Statutes Investigate...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Contact FBI Form
https://tip...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
National White Collar Crime ...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Internet Crime Complaint Cen...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Department of Homeland Secur...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
National Infrastructure Prot...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
The G8 Countries: Principles...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
The G8 Countries: Principles...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
The G8 Countries: Action Pla...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
The G8 Countries: Action Pla...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Crime Legislation of EU
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Law Enforcement Interfaces
L...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Summary
Cyber crime has orig...
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Upcoming SlideShare
Loading in …5
×

File000167

290
-1

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
290
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
16
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

File000167

  1. 1. Module LIV - Law and Computer Forensics
  2. 2. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Scenario
  3. 3. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: Computer Forensics: Beyond the Magnifying Glass Source: http://www.technewsworld.com/story/63972.html?wlc=1222229169
  4. 4. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Objective • Introduction of Laws in Forensics • Security Policies • Sample Banner • Privacy Issues Involved in Investigations • Legal Issues Involved in Seizure of Computer Equipments • How the FBI Investigates Computer Crime • Crime Investigating Organizations • G8 Countries: Action Plan to Combat High-Tech Crime • The USA Patriot Act of 2001 • Gramm-Leach Bliley Act • Federal Records Act • Laws of Different Countries • Internet Crime Prevention Tips • Reporting Computer-Related Crimes • Federal Local Agents Contact This module will familiarize you with:
  5. 5. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Flow Computer Forensics Laws Privacy Issues Involved in Investigations Sample Banner G8 Countries: Action Plan to Combat High-Tech Crime Crime Investigating Organizations How the FBI Investigates Computer Crime Legal Issues Involved in Seizure of Computer Equipments Security Policies The USA Patriot Act of 2001 Gramm-Leach Bliley Act Laws of Different Countries Federal Records Act Reporting Computer- Related Crimes Internet Crime Prevention Tips Federal Local Agents Contact
  6. 6. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Computer Forensics Laws
  7. 7. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Computer Forensics Laws Computer forensics laws and legal precedents regulate the practices associated with computer forensics It aids the investigation officer to get search warrant for searching and seizing the computer involved in a crime
  8. 8. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Role of Law Enforcement Agencies in Forensics Investigation • Improve the likelihood of conducting a successful investigation by helping to establish a trusted relationship with victim, thereby improving the quality of cooperation provided by victim • Safeguard victims by reducing the likelihood that an investigation will exacerbate the damage already suffered by the victim • Establish procedures for obtaining efficient and timely assistance for victim Law enforcement helps to:
  9. 9. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Guidelines for Law Enforcement Agencies Minimize the disruption to a victim-company’s normal business operations Coordinate the release of any information to the news media about the investigation Work closely with victim on issues that will have an impact on sentencing To the extent possible, regularly update the victim on the progress of the investigation Consult with the victim-company’s information technology staff about network architecture before implementing investigative measures on the network Be aware that you may need to consult with a victim-company’s senior management before undertaking intrusive investigative measures on the company’s network Encourage ongoing relationships with businesses before an incident occurs
  10. 10. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Law Enforcement Policies Law enforcement policies protect resources and people, prevent crime, and help in carrying out investigation and apprehend criminals These policies are designed to provide organization security officers with clear definitions, direction, and guidelines for providing and promoting a reliable, efficient response to organizational crime in order to achieve the following goals: • Reduce the risk of civil liability for security officers and administrators • Make an arrest for any abuse of an Emergency Protective Order (EPO), Domestic Violence Order (DVO), and Foreign Protective Order (FPO) It helps in drafting mission statement, objective statements, rules of conduct, and ethics for organizational behavior
  11. 11. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Internet Laws and Statutes
  12. 12. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Internet Laws and Statutes California Business and Professions Code SECTION 17538 Anti cyber squatting Consumer Protection Act (ACPA), 15 USC §1125(D) Unsolicited E-mail • Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM) 15 U.S.C. §§7701-7713 • Nevada Senate Bill No. 13 • Washington House Bill 2752 (1998) (AS ENACTED) • Connecticut House Bill 6558 Communications Decency Act • 47 U.S.C. Section 230 • §230. Protection for private blocking and screening of offensive material
  13. 13. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Federal Laws (Computer Crime) • Person willfully injures or destroys any of the works, property, or material of any means of communication • Maliciously obstructs, hinders, or delays the transmission of any communication Law is applicable if: • A fine or imprisonment for not more than 10 years, or both Penalty: 18 U.S.C. § 1362. Communication Lines, Stations, or Systems
  14. 14. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Intellectual Property Rights 17 U.S.C. § 506, Criminal Offenses • Criminal Infringement • Forfeiture and Destruction • Fraudulent Copyright Notice • Fraudulent Removal of Copyright Notice • False Representation • Rights of Attribution and Integrity Copyright Offenses
  15. 15. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Intellectual Property Rights (cont’d) • Producers and sellers of legitimate works • Holders of intellectual property rights • The legal representatives of such producers, sellers, and holders Person applicable to submit victim impact statement include: • Imprisoned not more than 5 years, or fined for reproducing and distributing atleast 10 copies or phone records, of 1 or more copyrighted works • Imprisoned not more than 3 years, or fined for reproducing and distributing more than 10 copies or phone records, of 1 or more copyrighted works Penalty: 18 U.S.C. § 2319, Criminal Infringement of a Copyright
  16. 16. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Intellectual Property Rights (cont’d) • Person knowingly traffics in a counterfeit label affixed or designed to be affixed • Intentionally traffics in counterfeit documentation or packaging for a computer program Law is applicable if : • Fined or imprisoned for not more than five years, or both Penalty: 18 U.S.C. § 2318, Trafficking in counterfeit label for phone records, copies of computer programs or computer program documentation or packaging, and copies of motion pictures or other audio visual works, and trafficking in counterfeit computer program documentation or packaging
  17. 17. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Intellectual Property Rights (cont’d) • Person knowingly and for purposes of commercial advantage fixes the sounds and images or reproduces copies or phone records • Transmits the sound and images to the public without the consent of the performer Law is applicable if: • Imprisoned for not more than 5 years or fined or both Penalty: Bootlegging Offenses 18 U.S.C. § 2319A, Unauthorized fixation of and trafficking in sound recordings and music videos of live musical performances
  18. 18. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Intellectual Property Rights (cont’d) Law is applicable if: • Person intentionally traffics or attempts to traffic in goods or services • Knowingly uses a counterfeit mark Penalty: • Fined not more than $2,000,000 or imprisoned not more than 10 years, or both Trademark Offenses 18 U.S.C. § 2320, Trafficking in counterfeit goods or services
  19. 19. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Intellectual Property Rights (cont’d) • Person knowingly steals or without authorization obtains a trade secret • Without authorization copies or transmits a trade secret • Receives, buys, or possesses a trade secret Law is applicable if: • Fined not more than $10,000,000 Penalty: Trade Secret Offenses 18 U.S.C. § 1831, Economic espionage
  20. 20. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Intellectual Property Rights (cont’d) 18 U.S.C. § 1832, Theft of trade secrets Law is applicable if: • Person with a intent to covert trade secret knowingly steals or without authorization obtains information • Without authorization copies or transmits such information • Receives, buys, or possesses such information Penalty: • Fined not more than $5,000,000
  21. 21. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Intellectual Property Rights (cont’d) • Exceptions: • Lawful activity conducted by a governmental entity of the United States, a State, or a political subdivision of a State • Reporting of a suspected violation of law to any governmental entity of the United States, a State, or a political subdivision of a State 18 U.S.C. § 1833, Exceptions to prohibitions • Any property constituting, or derived from, any proceeds the person obtained, directly or indirectly, as the result of violation • Any of the person's property used, or intended to be used to commit or facilitate violation 18 U.S.C. § 1834, Criminal forfeiture
  22. 22. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Intellectual Property Rights (cont’d) • Person with malicious intent places a notice bearing copyright or words with false representation • Removes or alters any notice of copyright appearing on a copy of a copyrighted work Offense if: • Fined not more than $2,500 Penalty: Offenses Relating to the Integrity of IP Systems 17 U.S.C. § 506(c-d), Fraudulent Copyright Notice; Fraudulent Removal of Copyright Notice
  23. 23. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Intellectual Property Rights (cont’d) • Receiving, assisting in receiving, transmitting, or assisting in transmitting, any interstate or foreign communication by wire or radio • Intercepting any radio communication and divulging or publishing the existence, contents, substance, purport, effect, or meaning of such intercepted communication to any person • Scrambling of Public Broadcasting Service programming Practices prohibited • Fined not more than $2,000 or imprisoned for not more than 6 months, or both Penalty: 47 U.S.C. § 605, Unauthorized publication or use of communications
  24. 24. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Cyber Stalking 18 U.S.C. § 875, Interstate communications • Offense: • Transmitting any communication containing any demand or request for a ransom • Transmitting any communication containing any threat to kidnap any person or to injure the person 18 U.S.C. § 2261A, Interstate stalking • Offense: • Person travels in interstate or foreign commerce with an intent to kill or injure, harass, or intimidate a person in another State or tribal jurisdiction
  25. 25. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Information Security Acts
  26. 26. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited The USA PATRIOT Act of 2001 Congress passed the USA PATRIOT Act (the Act) in response to the terrorists’ attacks of September 11, 2001 The Act gives federal officials greater authority to track and intercept communications, both for law enforcement and foreign intelligence gathering purposes
  27. 27. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Federal Information Security Management Act  Title III- Information Security of the E-Government Act, entitled the Federal Information Security Management Act (FISMA) requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source  § 3541. Purposes: The purposes of this act are to • (1) Provide a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support Federal operations and assets • (2) Recognize the highly networked nature of the current Federal computing environment and provide effective government wide management and oversight of the related information security risks, including coordination of information security efforts throughout the civilian, national security, and law enforcement communities • (3) Provide for development and maintenance of minimum controls required to protect Federal information and information systems
  28. 28. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Federal Information Security Management Act (cont’d) • (4) provide a mechanism for improved oversight of Federal agency information security programs  ‘‘§ 3543. Authority and functions of the Director • (a) IN GENERAL - The Director shall oversee agency information security policies and practices, including - – (1) developing and overseeing the implementation of policies, principles, standards, and guidelines on information security, including through ensuring timely agency adoption of and compliance with standards promulgated under section 11331 of title 40 – (2) requiring agencies, consistent with the standards promulgated under such section 11331 and the requirements of this subchapter, to identify and provide information security protections commensurate with the risk and magnitude of the harm resulting from the unauthorized access, use, disclosure, disruption, modification, or destruction of— – (A) information collected or maintained by or on behalf of an agency; or – (B) information systems used or operated by an agency or by a contractor of an agency or other organization on behalf of an agency
  29. 29. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Gramm-Leach Bliley Act • The Financial Privacy Rule governs the collection and disclosure of customers' personal financial information by financial institutions Financial Privacy Rule • The Safeguards Rule requires all financial institutions to design, implement, and maintain safeguards to protect the customer’s information Safeguards Rule • The Pretexting provisions of the GLB Act protect consumers from individuals and companies that obtain their personal financial information under false pretenses Pretexting provisions The Financial Modernization Act of 1999, also known as the "Gramm-Leach-Bliley Act" or GLB Act, includes provisions to protect the consumers’ personal financial information held by financial institutions There are three principal parts to the privacy requirements:
  30. 30. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited CAN-SPAM Act Main provisions of the CAN-SPAM law are: • It bans false or misleading header information • It prohibits deceptive subject lines • It requires that your email gives recipients an opt- out method • It requires that commercial email be identified as an advertisement and include the sender's valid physical postal address The CAN-SPAM Act of 2003 (Controlling the Assault of Non-Solicited Pornography and Marketing Act) establishes requirements for those who send commercial email, spells out penalties for spammers and companies whose products are advertised in spam if they violate the law, and gives consumers the right to ask emailers to stop spamming them
  31. 31. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited CAN-SPAM Act (cont’d) • Each violation of the above provisions is subject to fines of up to $11,000. Deceptive commercial email also is subject to laws banning false or misleading advertising • Additional fines are provided for commercial emailers who not only violate the rules described above, but also: • “Harvest" email addresses from web sites or web services that have published a notice prohibiting the transfer of email addresses for the purpose of sending email • Generate email addresses using a "dictionary attack" – combining names, letters, or numbers into multiple permutations • Use scripts or other automated ways to register for multiple email or user accounts to send commercial email • Relay emails through a computer or network without permission – for example, by taking advantage of open relays or open proxies without authorization Penalties:
  32. 32. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Personal Information Protection and Electronic Documents Act (PIPEDA)  The Personal Information Protection and Electronic Documents Act (PIPEDA) is federal legislation passed in 2001 and fully implemented on January 1, 2004  The purpose of the Act is “to establish, in an era in which technology increasingly facilitates the circulation and exchange of information, rules to govern the collection, use and disclosure of personal information in a manner that recognizes the right of privacy of individuals with respect to their personal information and the need of organizations to collect, use or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances”  The Act aims to protect information about an individual, including information such as: • Age, name, income, ethnic origin, religion or blood type • Opinions, evaluation, comments, social status or disciplinary actions • Credit records, employment history and medical records
  33. 33. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Data Protection Act 1998  Section 55: Unlawful obtaining etc. of personal data • (1) A person must not knowingly or recklessly, without the consent of the data controller - – (a) Obtain or disclose personal data or the information contained in personal data, or – (b) Procure the disclosure to another person of the information contained in personal data • (2) Subsection (1) does not apply to a person who shows - – (a) That the obtaining, disclosing, or procuring - – (i) was necessary for the purpose of preventing or detecting crime – (ii) was required or authorized by or under any enactment, by any rule of law or by the order of a court
  34. 34. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Data Protection Act 1998 (cont’d) • (3) A person who contravenes subsection (1) is guilty of an offence • (4) A person who sells personal data is guilty of an offense if he has obtained the data in contravention of subsection (1) • (5) A person who offers to sell personal data is guilty of an offense if— – (a) He has obtained the data in contravention of subsection (1), or – (b) He subsequently obtains the data in contravention of that subsection • (6) For the purposes of subsection (5), an advertisement indicating that personal data are or may be for sale is an offer to sell the data • (7) Section 1(2) does not apply for the purposes of this section; and for the purposes of subsections (4) to (6), “personal data” includes information extracted from personal data
  35. 35. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Criminal Damage Act 1991 (1) A person who without lawful excuse operates a computer— • ( a ) Within the State with intent to access any data kept either within or outside the State, or • ( b ) Outside the State with intent to access any data kept within the State, shall, whether or not he accesses any data, be guilty of an offence and shall be liable on summary conviction to a fine not exceeding £500 or imprisonment for a term not exceeding 3 months or both (2) Subsection (1) applies whether or not the person intended to access any particular data or any particular category of data or data kept by any particular person Section 5: Unauthorized accessing of data
  36. 36. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Cyber Terrorism Preparedness Act of 2002 The purpose of this act is to provide protection for the information infrastructure of the United States against terrorist or other disruption or attack or other unwarranted intrusion It supports the development of appropriate cyber security best practices as well as long-term cyber security research and development, and performs functions relating to such activities The term "cybersecurity" means information assurance, including information security, information technology disaster recovery, and information privacy
  37. 37. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Laws Related to Information Assurance and Security
  38. 38. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Federal Records Act • The head of each Federal agency shall make and preserve records containing adequate and proper documentation of the organization, functions, policies, decisions, procedures, and essential transactions of the agency and designed to furnish the information necessary to protect the legal and financial rights of the Government and of persons directly affected by the agency’s activities § 3101: Records management by agency heads; general duties: • The head of each Federal agency shall establish and maintain an active, continuing program for the economical and efficient management of the records of the agency. The program, among other things, shall provide for • Effective controls over the creation and over the maintenance and use of records in the conduct of current business • Cooperation with the Administrator of General Services and the Archivist in applying standards, procedures, and techniques designed to improve the management of records, promote the maintenance and security of records deemed appropriate for preservation, and facilitate the segregation and disposal of records of temporary value § 3102: Establishment of program of management
  39. 39. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Federal Records Act (cont’d) • The head of each Federal agency shall establish safeguards against the removal or loss of records he determines to be necessary and required by regulations of the Archivist. Safeguards shall include making it known to officials and employees of the agency • that records in the custody of the agency are not to be alienated or destroyed except in accordance with sections 3301-3314 of this title, and • the penalties provided by law for the unlawful removal or destruction of records § 3105: Safeguards:
  40. 40. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Federal Managers Financial Integrity Act of 1982 The Federal Managers’ Financial Integrity Act of 1982 (Integrity Act or FMFIA) provides the statutory basis for management’s responsibility for and assessment of accounting and administrative internal controls • Such controls include program, operational, and administrative areas, as well as accounting and financial management The Integrity Act requires federal agencies to establish controls that reasonably ensure: • Obligations and costs are in compliance with applicable law • Funds, property, and other assets are safeguarded against waste, loss, unauthorized use, or misappropriation • Revenues and expenditures are properly recorded and accounted for to maintain accountability over the assets
  41. 41. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Federal Property and Administration Service Act The Federal Property and Administrative Services Act of 1949 is a United States federal law that established the general services administration (GSA) Sec. 101. [40 U.S.C. 751] General Services Administration • There is hereby established an agency in the executive branch of the Government which shall be known as the general services administration • There shall be at the head of the general services administration an administrator of general services who shall be appointed by the president by and with the advice and consent of the senate, and perform his functions subject to the direction and control of the president • There shall be in the general services administration a deputy administrator of general services who shall be appointed by the administrator of general services • The Deputy Administrator shall perform such functions as the Administrator shall designate and shall be Acting Administrator of General Services during the absence or disability of the Administrator and, unless the President shall designate another officer of the Government, in the event of a vacancy in the office of Administrator
  42. 42. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Government Paperwork Elimination Act • Maintain compatibility with standards and technology for electronic signatures generally used in commerce and industry and by State governments • Ensure that electronic signatures are as reliable as appropriate for the purpose in question • Maximize the benefits and minimize the risks and other costs • Protect the privacy of transaction partners and third parties that have information contained in the transaction GPEA policies for agencies: Government Paperwork Elimination Act (GPEA) states that electronic records and their related electronic signatures are not to be denied legal effect, validity, or enforceability merely because they are in electronic form GPEA seeks to preclude agencies or courts from systematically treating electronic documents and signatures less favorably than their paper counterparts, so that citizens can interact with the Federal government electronically
  43. 43. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Paperwork Reduction Act • Minimize the paperwork burden for individuals, small businesses, educational and nonprofit institutions, Federal contractors, State, local and tribal governments • Ensure the greatest possible public benefit from and maximize the utility of information created, collected, maintained, used, shared and disseminated by or for the Federal Government • Improve the quality and use of Federal information to strengthen decision making, accountability, and openness in Government and society • Minimize the cost to the Federal Government of the creation, collection, maintenance, use, dissemination, and disposition of information • Ensure the integrity, quality, and utility of the Federal statistical system The purposes of this act is to:
  44. 44. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Computer Fraud and Abuse Act Sec. 1030. Fraud and related activity in connection with computers • Knowingly accessed a computer without authorization or exceeding authorized access • Intentionally accesses a computer without authorization or exceeds authorized access • Intentionally, without authorization to access any nonpublic computer of a department or agency of the United States • Knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access • Knowingly and with intent to defraud traffics in any password or similar information through which a computer may be accessed without authorization Penalty: • Fine under particular title or imprisonment for not more than ten years, or both
  45. 45. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Freedom of Information Act The Freedom of Information Act deals with access to official information and gives individuals or organizations the right to request information from any public authority It gives you the right to request information held by public authorities, companies wholly owned by public authorities § 552. Public information; agency rules, opinions, orders, records, and proceedings • Each agency shall make available to the public information as follows: • Each agency shall separately state and currently publish in the Federal Register for the guidance of the public • Each agency, in accordance with published rules, shall make available for public inspection and copying • Each agency shall promulgate regulations, pursuant to notice and receipt of public comment, specifying the schedule of fees applicable to the processing of requests • Each agency having more than one member shall maintain and make available for public inspection a record of the final votes of each member in every agency proceeding
  46. 46. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited E-Government Act 0f 2002 /Public Law 107-347 • To provide effective leadership of Federal Government efforts to develop and promote electronic Government services and processes by establishing an administrator of a new office of electronic Government within the office of management and budget • To promote use of the Internet and other information technologies to provide increased opportunities for citizen participation in Government • To improve the ability of the Government to achieve agency missions and program performance goals • To reduce costs and burdens for businesses and other Government entities • To promote better informed decision making by policy makers The purposes of this Act are:
  47. 47. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited E-Government Act 0f 2002 /Public Law 107-347 (cont’d) • § 3541: Purposes: • Provide a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support Federal operations and assets • Provide for development and maintenance of minimum controls required to protect Federal information and information systems • Provide a mechanism for improved oversight of Federal agency information security programs • Recognize that the selection of specific technical hardware and software information security solutions should be left to individual agencies from among commercially developed products Title III: Section 301: Information security
  48. 48. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Implications of Public Law 107-347 Regarding Certification and Accreditation Certification and Accreditation is a process which ensures that computer systems and major applications stick to recognized and established security requirements that are well documented and authorized Title III of the E-Government Act (Public Law 107-347) titled Federal Information Security Management Act (FISMA) moderates that all federal agencies develop and implement an agency wide information security program that give detailed about its security requirement, policies, control and risk to the agency Information security program explains formally in a collection of documentation and reports which consist of: • Periodic risk assessments • Information security policies and procedures • Security policies and procedures for detecting the vulnerability • An inventory of software and hardware assets • Security awareness training and probable rules of behavior for end users • An evaluation of security controls • Processes for reporting and replying to security incidents
  49. 49. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Information Privacy Act 2000 • Establish a regime for the responsible collection and handling of personal information in the public sector • Provide individuals with rights of access to information about them held by organizations, including information held by contracted service providers • Provide individuals with the right to require an organization to correct information about them held by the organization, including information held by contracted service providers • Provide remedies for interferences with the information privacy of an individual • Provide for the appointment of a privacy commissioner The main purpose of this act is to:
  50. 50. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Computer Crime Acts
  51. 51. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Australia: The Cybercrime Act 2001 • (a) The person causes any unauthorized modification of data held in a computer • (b) The person knows the modification is unauthorized • (c) The person is reckless as to whether the modification impairs or will impair: • (i) access to that or any other data held in any computer; or • (ii) the reliability, security, or operation of any such data A person is guilty of an offence if: • 10 years imprisonment Penalty: An Act to amend the law relating to computer offences and for other purposes 477.2 Unauthorized modification of data to cause impairment
  52. 52. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Australia: The Cybercrime Act 2001 (cont’d) • (a) The person causes any unauthorized access to, or modification of, restricted data • (b) The person intends to cause the access or modification • (c) The person knows that the access or modification is unauthorized • (d) One or more of the following applies: • (i) The restricted data is held in a Commonwealth computer • (ii) The restricted data is held on behalf of the Commonwealth • (iii) The access to, or modification of, the restricted data is caused by means of a telecommunications service A person is guilty of an offence if: • 2 years imprisonment Penalty: 478.1 Unauthorized access to, or modification of, restricted data
  53. 53. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Austrian Laws • (1) Provided that the offence does not meet the statutory definition of a punishable action within the relevant jurisdiction of the court nor is threatened by a more severe punishment under a different administrative penalty clause, a minor administrative offence shall be pronounced with a fine of up to S260.000. Parties who; • Willfully obtain unlawful access to a data application or willfully maintain discernable, unlawful, and deliberate access or • Intentionally transmit data in violation of the Data Secrecy Clause (§15), especially data that were entrusted to him/her according to §46 and §47, for intentional use for other purposes or • Use data contrary to a legal judgment or decision, withhold data, fail to correct false data, fail to delete data or • Intentionally delete data contrary to §26, Section 7 § 52. Administrative Penalty Clause Privacy Act 2000: Section 10
  54. 54. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Belgium Laws • §1. Any person who, aware that he is not authorized, accesses or maintains his access to a computer system, may be sentenced to a term of imprisonment of 3 months to 1 year and to a fine of (BFr 5,200-5m) or to one of these sentences • If the offence specified in §1 above is committed with intention to defraud, the term of imprisonment may be from 6 months to 2 years • §2. Any person who, with the intention to defraud or with the intention to cause harm, exceeds his power of access to a computer system, may be sentenced to a term of imprisonment of 6 months to 2 years and to a fine of (BFr 5,200-20m) or to one of these sentences Article 550(b) of the Criminal Code: The Belgian Parliament has in November 2000 adopted new articles in the Criminal Code on computer crime, in effect from February 13, 2001. The four main problems of computer forgery, computer fraud, hacking and sabotage are made criminal offences
  55. 55. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Brazilian Laws ENTRY OF FALSE DATA INTO THE INFORMATION SYSTEM • Art. 313-A. Entry, or facilitation on the part of an authorized employee of the entry, of false data, improper alteration or exclusion of correct data with respect to the information system or the data bank of the Public Management for purposes of achieving an improper advantage for himself or for some other person, or of causing damages • Penalty-imprisonment for 2 to 12 years, and fines UNAUTHORIZED MODIFICATION OR ALTERATION OF THE INFORMATION SYSTEM • Art. 313-B. Modification or alteration of the information system or computer program by an employee, without authorization by or at the request of a competent authority • Penalty-detention for 3 months to 2 years, and fines
  56. 56. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Canadian Laws Canadian Criminal Code Section 342.1 states: (1) Every one who, fraudulently and without color of right: • (a) obtains, directly or indirectly, any computer service, • (b) by means of an electro-magnetic, acoustic, mechanical or other device, intercepts or causes to be intercepted, directly or indirectly , any function of a computer system • (c) uses or causes to be used, directly or indirectly, a computer system with intent to commit an offence under paragraph (a) or (b) or an offence under section 430 in relation to data or a computer system Person to commit an offence under paragraph (a), (b) or (c) is guilty of an indictable offence and liable to imprisonment for a term not exceeding ten years
  57. 57. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Denmark Laws Penal Code Section 263: • (2) Any person who, in an unlawful manner, obtains access to another persons information or programs which are meant to be used in a data processing system, shall be liable to a fine, to simple detention or to imprisonment for a term not exceeding 6 months • (3) If an act of the kind described in subsection 1 or 2 is committed with the intent to procure or make oneself acquainted with information concerning trade secrets of a company or under other extraordinary aggravating circumstances, the punishment shall be increased to imprisonment for a term not exceeding 2 years
  58. 58. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited European Laws  SECTION 1 - SUBSTANTIVE CRIMINAL LAW  According to this law following considered as the offenses: • Title 1 - Offenses against the confidentiality, integrity, and availability of computer data and systems • Article 2 - Illegal Access – Each party shall adopt such legislative and other measures as may be necessary to establish as criminal offenses under its domestic law, when committed intentionally, the access to the whole or any part of a computer system without right • Article 3 - Illegal Interception • Article 4 - Data Interference – Each party shall adopt such legislative and other measures as may be necessary to establish as criminal offenses under its domestic law, when committed intentionally, the damaging, deletion, determination, alteration or suppression of computer data without right
  59. 59. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited France Laws • The act of fraudulently gaining access to, or maintaining, in all or part of an automated data processing system is punishable by imprisonment not exceeding one year and a fine of up to 100.000 F Article 323-1: • The act of hindering or of distorting the functioning of an automated data processing system is punishable by imprisonment not exceeding three years and a fine up to 300.000 FF Article 323-2: Chapter III: ATTACKS ON SYSTEMS FOR AUTOMATED DATA PROCESSING
  60. 60. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited German Laws • (1) Any person who obtains without authorization, for himself or for another, data which are not meant for him and which are specially protected against unauthorized access, shall be liable to imprisonment for a term not exceeding three years or to a fine • (2) Data within the meaning of subsection 1 are only such as are stored or transmitted electronically or magnetically or in any form not directly visible Penal Code Section 202a. Data Espionage: • (1) Any person who unlawfully erases, suppresses, renders useless, or alters data (section 202a(2)) shall be liable to imprisonment for a term not exceeding two years or to a fine • (2) The attempt shall be punishable Penal Code Section 303a: Alteration of Data
  61. 61. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Greece Laws Criminal Code Article 370C§2: • Every one who obtains access to data recorded in a computer or in the external memory of a computer or transmitted by telecommunication systems shall be punished by imprisonment for up to three months or by a pecuniary penalty not less than ten thousands drachmas • If the act concerns the international relations or the security of the State, he shall be punished according to Art. 148
  62. 62. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Hong Kong Laws  Section 27A: Unauthorized access to computer by telecommunication • (1) Any person who, by telecommunication, knowingly causes a computer to perform any function to obtain unauthorized access to any program or data held in a computer commits an offence and is liable on conviction to a fine of $ 20000 • (2) For the purposes of subsection (1)- – (a) The intent of the person need not be directed at- – (i) Any particular program or data (ii) A program or data of a particular kind (iii) A program or data held in a particular computer – (b) Access of any kind by a person to any program or data held in a computer is unauthorized if he is not entitled to control access of the kind in question to the program or data held in the computer and- – (i) He has not been authorized to obtain access of the kind in question to the program or data held in the computer by any person who is so entitled (ii) He does not believe that he has been so authorized (iii) He does not believe that he would have been so authorized if he had applied for the appropriate authority
  63. 63. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Indian Laws • (1) Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or dimishes its value or utility or affects it injuriously by any means, commits hack • (2) Whoever commits hacking shall be punished with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both The Offences: 66.Hacking with computer system THE INFORMATION TECHNOLOGY ACT, 2000 (No. 21 of 2000),CHAPTER XI
  64. 64. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Italian Laws Penal Code Article 615 : Unauthorized access into a computer or telecommunication systems: • Anyone who enters unauthorized into a computer or telecommunication system protected by security measures, or remains in it against the expressed or implied will of the one who has the right to exclude him, shall be sentenced to imprisonment not exceeding three years • The imprisonment is from one until five years • If the crime is committed by a public official or by an officer of a public service, through abuse of power or through violation of the duties concerning the function or the service, or by a person who practices - even without a license - the profession of a private investigator, or with abuse of the capacity of a system operator
  65. 65. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Japanese Laws  Unauthorized Computer Access Law (Law No. 128 of 1999) • The purpose of this Law is, by prohibiting acts of unauthorized computer access as well as by stipulating penal provisions for such acts and assistance measures to be taken by the Metropolitan or Prefectural Public Safety Commissions for preventing a recurrence of such acts, to prevent computer-related crimes that are committed through telecommunication lines and to maintain the telecommunications-related order that is realized by access control functions, and, thereby, to contribute to the sound development of the advanced information and telecommunications society  Prohibition of acts of unauthorized computer access • Article 3. No person shall conduct an act of unauthorized computer access • 2. The act of unauthorized computer access mentioned in the preceding paragraph means an act that falls under one of the following items
  66. 66. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Japanese Laws (cont’d) • (1) An act of making available a specific use which is restricted by an access control function by making in operation a specific computer having that access control function through inputting into that specific computer, via telecommunication line, another person’s identification code for that access control function (to exclude such acts conducted by the access administrator who has added the access control function concerned, or conducted with the approval of the access administrator concerned or of the authorized user for that identification code) • (2) An act of making available a restricted specific use by making in operation a specific computer having that access control function through inputting into it, via telecommunication line, any information (excluding an identification code) or command that can evade the restrictions placed by that access control function on that specific use (to exclude such acts conducted by the access administrator who has added the access control function concerned, or conducted with the approval of the access administrator concerned; the same shall apply in the following item) • (3) An act of making available a restricted specific use by making in operation a specific computer, whose specific use is restricted by an access control function installed into another specific computer which is connected, via a telecommunication line, to that specific computer, through inputting into it, via a telecommunication line, any information or command that can evade the restrictions concerned
  67. 67. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Japanese Laws (cont’d)  Prohibition of acts of facilitating unauthorized computer access • Article 4. No person shall provide another person's identification code relating to an access control function to a person other than the access administrator for that access control function or the authorized user for that identification code, in indicating that it is the identification code for which specific computer's specific use, or at the request of a person who has such knowledge, excepting the case where such acts are conducted by that access administrator, or with the approval of that access administrator or of that authorized user  Penal provisions • Article 8. A person who falls under one of the following items shall be punished with penal servitude for not more than one year or a fine of not more than 500,000 yen: – (1) A person who has infringed the provision of Article 3, paragraph 1 • Article 9. A person who has infringed the provision of Article 4 shall be punished with a fine of not more than 300,000 yen
  68. 68. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Latvian Laws • If a person commits arbitrarily accessing an automated computer system • Penalty: Custodial arrest, or a fine not exceeding eighty times the minimum monthly wage Section 241: Arbitrarily accessing computer systems • If a person commits unauthorized copying of computer software, files or databases stored in the memory of a computer system • Penalty: Custodial arrest, or a fine not exceeding eighty times the minimum monthly wage Section 242: Unauthorised acquisition of computer software
  69. 69. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Malaysian Laws • (1) A person shall be guilty of an offence if - • (a) He causes a computer to perform any function with intent to secure access to any program or data held in any computer • (b) The access he intends to secure is unauthorized • (c) He knows at the time when he causes the computer to perform the function that that is the case • (2) The intent a person has to have to commit an offence under this section need not be directed at - • (a) Any particular program or data • (b) A program or data of any particular kind • (c) A program or data held in any particular computer • (3) A person guilty of an offence under this section shall on conviction be liable to a fine not exceeding fifty thousand ringgit or to imprisonment for a term not exceeding five years or to both Offences: Unauthorized access to the computer material An Act to provide for offences relating to the misuse of computers
  70. 70. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Malta Laws Computer Misuse: Unlawful access to, or use of information 337 (C) (1) A person who without authorization does any of the following acts shall be guilty of an offence– • Uses a computer or any other device or equipment to access any data • Copies any data, software, or supporting documentation to any storage medium • Impairs the operation of any system, software, or the integrity or reliability of any data • Uses another person's access code, password, user name, electronic mail address, or other means of access or identification information in a computer Penalties: • Ten thousand liri or imprisonment not exceeding four years, or both
  71. 71. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Netherlands Laws Criminal Code Article 138a: • Any person who intentionally and unlawfully accesses an automated system for the storage or processing of data, or part of such a system, shall be liable, as guilty of breach of computer peace, to term of imprisonment not exceeding six months or a fine of 10.000 guilders if he: • (a) Breaks through a security system, or • (b) Obtains access by a technical intervention, with the help of false signals or a false key or by acting in a false capacity
  72. 72. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Norwegian Laws Penal Code § 145: • Any person who unlawfully opens a letter or other closed document or in a similar manner gains access to its contents, or who breaks into another persons locked depository shall be liable to fines or to imprisonment for a term not exceeding 6 months • The same penalty shall apply to any person who by breaking a protective device or in a similar manner, unlawfully obtains access to data or programs which are stored or transferred by electronic or other technical means • If damage is caused by the acquisition or use of such unauthorized knowledge, or if the felony is committed for the purpose of obtaining for any person an unlawful gain, imprisonment for a term not exceeding 2 years may be imposed • Accomplices shall be liable to the same penalty
  73. 73. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Philippines Laws: Electronic Commerce Act of 2000 • (a) Hacking or cracking which refers to unauthorized access into or interference in a computer system/server or information and communication system; or any access in order to corrupt, alter, steal, or destroy using a computer or other similar information and communication devices, without the knowledge and consent of the owner of the computer or information and communications system, including the introduction of computer viruses and the like, resulting in the corruption, destruction, alteration, theft or loss of electronic data messages or electronic document shall be punished by a minimum fine of one hundred thousand pesos (P100,000.00) and a maximum commensurate to the damage incurred and a mandatory imprisonment of six (6) months to three (3) years SEC 33 –Penalties: An act providing for the recognition and use of electronic commercial and non-commercial transactions and documents, penalties for unlawful use thereof and for other purposes
  74. 74. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Singapore Laws: Computer Misuse Act • (1) Any person who knowingly causes a computer to perform any function for the purpose of securing access without authority to any program or data held in any computer shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $5,000 or to imprisonment for a term not exceeding 2 years or to both and, in the case of a second or subsequent conviction, to a fine not exceeding $10,000 or to imprisonment for a term not exceeding 3 years or to both • (2) If any damage is caused as a result of an offence under this section, a person convicted of the offence shall be liable to a fine not exceeding $50,000 or to imprisonment for a term not exceeding 7 years or to both Section 3: Unauthorized access to computer material
  75. 75. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Singapore Laws: Computer Misuse Act (cont’d) • (1) Any person who causes a computer to perform any function for the purpose of securing access to any program or data held in any computer with intent to commit an offence to which this section applies shall be guilty of an offence • (2) This section shall apply to an offence involving property, fraud, dishonesty or which causes bodily harm and which is punishable on conviction with imprisonment for a term of not less than 2 years • (3) Any person guilty of an offence under this section shall be liable on conviction to a fine not exceeding $50,000 or to imprisonment for a term not exceeding 10 years or to both Section 4: Access with intent to commit or facilitate commission of offence
  76. 76. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited United Kingdom: Police and Justice Act 2006 Chapter 48 amend the Computer Misuse Act. Part 5, Section 35 to 38 • 35 - Unauthorized access to computer material • 36 - Unauthorized acts with intent to impair operation of computer, etc • 37 - Making, supplying or obtaining articles for use in computer misuse offences • 38 - Transitional and saving provision Chapter 48 amend the Forfeiture of indecent photographs of children Act. Part 5, Section 39 to 40 • 39 - Forfeiture of indecent photographs of children: England and Wales • 40 - Forfeiture of indecent photographs of children: Northern Ireland
  77. 77. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited United States Laws • Intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains • Intentionally, without authorization to access any nonpublic computer of a department or agency of the United States • Knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access Law is applicable if any person: • Fine or imprisonment for not more than ten years, or both Penalty: Title 18. Crimes and criminal procedure: Part I –Crimes: Chapter 47- Fraud and false statements: Section 1030. Fraud and related activity in connection with computers
  78. 78. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Internet Crime Schemes and Prevention Tips
  79. 79. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Internet Crime Schemes Current and ongoing Internet trends and schemes identified by the Internet Crime Complaint Center along with its description: Auction Fraud Auction Fraud - Romania Counterfeit Cashier's Check Credit Card Fraud Debt Elimination Parcel Courier Email Scheme Employment/Business Opportunities Escrow Services Fraud Identity Theft Internet Extortion Investment Fraud Lotteries Nigerian Letter or "419" Phishing/Spoofing Ponzi/Pyramid Reshipping Spam Third Party Receiver of Funds
  80. 80. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Internet Crime Prevention Tips • Ask question, if you have any, to the seller before you buy • Examine the feedback of the seller regarding your questions • Be aware of refund and warranty policies of the seller Auction fraud • Inspect the cashier's check and ensures that the account number, amount, and signature is correct • Obtain the phone number of bank from the dependable source Counterfeit cashier's check • Make sure that the website is reputed and secure • Do not give the credit card information Credit card fraud
  81. 81. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Internet Crime Prevention Tips (cont’d) • Do not give the personal information to any impulsive email requests Phishing/Spoofing • Beware when dealing with other country’s company • Do not accept the package that you did not order Reshipping • Delete the spam mail without opening • Do not reply the spam mail • Do not purchase any advertisement through spam mail Spam
  82. 82. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Internet Crime Prevention Tips (cont’d) • Get the complete information about the company and ensure they are real • If company has any agreement, make sure that you understand each and every terms and conditions Debt elimination • Do not click on the given website link, always type website address manually • Be careful while filling the personal information, check the spelling and grammar mistakes Escrow services fraud • Beware of promises to make fast profits • Understand the complete deal before investing • Beware of investment that gives high return on no risk Investment fraud
  83. 83. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Reporting a Cyber Crime
  84. 84. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Why You Should Report Cybercrime Companies might be reluctant to share information regarding the impact to their business and the sensitivity of the data involved Only by sharing information with law enforcement and appropriate industry groups, cyber criminals will be identified and prosecuted, new cyber security threats will be identified, and successful attacks on critical infrastructures and economy will be prevented Law enforcement’s ability to identify coordinated threats is directly tied to the volume of reporting
  85. 85. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Reporting Computer-Related Crimes Internet-related crime, like any other crime, should be reported to appropriate law enforcement investigative authorities at the local, state, federal, or international levels, depending on the scope of the crime The primary federal law enforcement agencies that investigate domestic crime on the Internet include: • Federal Bureau of Investigation (FBI) • United States Secret Service • United States Immigration and Customs Enforcement (ICE) • United States Postal Inspection Service • Bureau of Alcohol, Tobacco and Firearms (ATF)
  86. 86. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Reporting Computer-Related Crimes (cont’d) • Department of Homeland Security's National Infrastructure Coordinating Center: (202) 282-9201 (report incidents relating to national security and infrastructure issues) • U.S. Computer Emergency Readiness Team (U.S. CERT) (online reporting for technicians) • Internet Fraud Complaint Center (IFCC) (online reporting for Internet related crime) • National Association of Attorney General's Computer Crime Point of Contact List (all state related cyber questions) Other Government Initiatives to Combat Cyber Crime:
  87. 87. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Person Assigned to Report the Crime Have a single contact to whom employees should report suspicious events and who will track changes in contacts or procedures Have a single contact who will report incidents to outside agencies, including law enforcement, regulatory bodies and information sharing organizations such as InfraGard and the industry Information Sharing and Analysis Centers (ISACs) Keep a list of the incident response team members’ names, titles and 24/7 contact information, along with their role in a security breach Have contact information for vendors contracted to help during a security emergency, as well as ISPs and other relevant technology providers
  88. 88. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Person Assigned to Report the Crime (cont’d) Keep contact information for major customers and clients who might be affected In advance, establish contacts at the relevant law enforcement agencies: typically, the national infrastructure protection and computer intrusion squad at the local FBI field office; the electronic crimes investigator at the local Secret Service field office; and the electronic crimes investigator at your local police Keep their contact information easily accessible
  89. 89. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited When and How to Report an Incident? If an attack is under way, pick up the phone and call the previously established law enforcement contact immediately and communicate the basic information that is included in the CIO Cyber threat Response Form Additional information that will help law enforcement agents in their investigation: • What are the primary systems involved? • How was the attack carried out? • What steps have you taken to mitigate or remediate? • Does a suspect exist? If so, is it a current or former employee/contractor? • What evidence is available to assist in the investigation (e.g., log files, physical evidence, etc.?) To track the status of your case once you have filed a report, contact the field office that is conducting the investigation
  90. 90. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Who to Contact at the Law Enforcement There is no single answer for which law enforcement agency to contact in the event of a cyber-security breach The FBI and U.S. Secret Service share jurisdiction for computer crimes that cross state lines However, most law enforcement agencies, including the FBI and USSS, encourage people to a) pre-establish contact with someone in law enforcement who is trained in and responsible for dealing with computer crime, and b) work with the person or people you have the best relationship with
  91. 91. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Federal Local Agents Contact FBI Field Office Call the national infrastructure protection and computer intrusion squad at the local field office U.S. Secret Service Field Office Contact the electronic crimes investigator at the local field office FEDERAL AGENCIES, WASHINGTON FBI/National Infrastructure Protection Center (NIPC) Federal Bureau of Investigation J. Edgar Hoover Building 935 Pennsylvania Avenue, NW Washington, DC 20535-0001 phone: (202) 323-3205; 888-585-9078 fax: (202) 323-2079 e-mail: nipc.watch@fbi.gov website: www.fbi.gov
  92. 92. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Federal Local Agents Contact (cont’d) • Headquarters: 950 H Street, NW, Washington, DC 20223 • phone: (202) 406-5850 • fax: (202) 406-5031 • website and reporting: www.treas.gov/usss Electronic Crimes Branch of the U.S. Secret Service • State Attorney General’s Office The website for the National Attorney Generals’ Association provides a list with contact information by state • www.naag.org/issues/20010724-cc_list.cfm State and Local Agencies • The CrisNet website offers a list of local law enforcement agencies organized by state • www.crisnet.com/locallaw/locallaw.html Local Police:
  93. 93. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Federal Local Agents Contact (cont’d) • Public/private information-sharing effort led by the FBI and the NIPC. Local chapters across the United States • Great place to develop appropriate contacts with law enforcement: www.infragard.net InfraGard • Public/private info-sharing effort led by the U.S. Secret Service. Regional task forces located across the United States, and a great place to develop computer-crime law-enforcement contacts: • www.ectaskforce.org/Regional_Locations.htm Electronic Crimes Task Force • Industry specific information sharing for critical infrastructure sectors • For general information on the ISACs, visit: https://www.it- isac.org/isacinfowhtppr.php Information Sharing and Analysis Centers (ISACs)
  94. 94. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Federal Local Agents Contact (cont’d) Department of Justice Computer Crime & Intellectual Property Section • Legal analysis and resources related to computer crime, a how- to-report section and a comprehensive list of cybercrime cases pending and resolved • www.cybercrime.gov CERT Coordination Center at Carnegie Mellon • Federally funded research center provides training, incident handling, R&D, advisories • www.cert.org
  95. 95. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited More Contacts FBI Local Office • http://www.fbi.gov/contact/fo/fo.htm Internet Fraud Complaint Center • http://www.ic3.gov/complaint/default.aspx U.S. Secret Service • http://www.treas.gov/usss/contact.shtml Federal Trade Commission (online complaint) • https://rn.ftc.gov/pls/dod/wsolcq$.startup?Z_ORG_CODE=PU01 Securities and Exchange Commission (online complaint) • http://www.sec.gov/complaint/selectconduct.shtml ATF local office • http://www.atf.gov/contact/field.htm
  96. 96. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited CIO Cyberthreat Report Form
  97. 97. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Crime Investigating Organizations
  98. 98. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Crime Investigating Organizations Interpol FBI: Federal Bureau Of Investigation NW3C: National White Collar Crime Center IC3: Internet Crime Complaint Center Homeland Security Certain organizations provide crime investigation services, while others support the investigating agencies:
  99. 99. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Interpol - Information Technology Crime Center Interpol is the world’s largest international police organization, with 186 member countries It exists to help create a safer world by supporting law enforcement agencies worldwide to combat crime Interpol investigates financial and high-tech crimes – currency counterfeiting, money laundering, intellectual property crime, payment card fraud, computer virus attacks, and cyber-terrorism
  100. 100. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited www.interpol.int
  101. 101. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Federal Bureau of Investigation www.fbi.gov
  102. 102. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited How the FBI Investigates Computer Crime FBI legal attaché stationed in 45 countries uses sophisticated methods to investigate and coordinate cyber incidents around the world In the United States, the Internet Crime Complaint Center (IC3) is a partnership between the FBI and the National White Collar Crime Center (NW3C) The FBI trains and certifies computer forensic examiners who work in FBI field offices to recover and preserve digital evidence It maintains a computer forensic laboratory in Washington, DC for advanced data recovery and for research and development It uses a number of federal statutes to investigate computer crimes
  103. 103. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited How the FBI Investigates Computer Crime (cont’d) The FBI investigates incidents when the following conditions are present: • A violation of the federal criminal code has occurred within the jurisdiction of the FBI • The United States Attorney's Office supports the investigation and agrees to prosecute the subject if the elements of the federal violation can be substantiated Federal law enforcement can only gather proprietary information concerning an incident in the following ways: • Request for voluntary disclosure of information • Court order • Federal grand jury subpoena • Search warrant
  104. 104. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Federal Statutes Investigated by the FBI FBI frequently uses statutes to investigate computer-related crimes: • 18 U.S.C. 875 Interstate Communications: Including Threats, Kidnapping, Ransom, Extortion • 18 U.S.C. 1029 Possession of Access Devices • 18 U.S.C. 1030 Fraud and related activity in connection with computers • 18 U.S.C. 1343 Fraud by wire, radio or television • 18 U.S.C. 1361 Injury to Government Property • 18 U.S.C. 1362 Government communication systems • 18 U.S.C. 1831 Economic Espionage Act • 18 U.S.C. 1832 Trade Secrets Act • Local Laws United States Codes (U.S.C.)
  105. 105. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Contact FBI Form https://tips.fbi.gov To inform FBI regarding any suspect of Criminal activity, fill the form available at: https://tips.fbi.gov/ “While the FBI continues to encourage the public to submit information regarding the September 11, 2001, terrorist attacks, this form may also be used to report any suspected criminal activity to the FBI”
  106. 106. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited National White Collar Crime Center (NW3C) http://www.nw3c.org/
  107. 107. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Internet Crime Complaint Center (IC3) http://www.ic3.gov
  108. 108. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Department of Homeland Security http://www.dhs.gov
  109. 109. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited National Infrastructure Protection Center National Infrastructure Protection Center (NIPC) was fully integrated into the Information Analysis and Infrastructure Protection Directorate of the Department of Homeland Security (DHS); as such, the responsibilities of fulfilling the mission of physical and cyber critical infrastructure assessment and protection of the former NIPC are now being addressed by two new divisions As a key component of the Infrastructure Coordination Division (ICD), the National Infrastructure Coordinating Center (NICC), serving as an extension of the Homeland Security Operations Center, provides the mission and capabilities to assess the operational status of the nation’s Critical Infrastructures and Key Resources Email nicc@dhs.gov to report issues of a physical nature that may affect or have an impact on our Nation’s Critical Infrastructures and Key Resources
  110. 110. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited The G8 Countries: Principles to Combat High-tech Crime I. There must be no safe havens for those who abuse information technologies II. Investigation and prosecution of international high-tech crimes must be coordinated among all the concerned States, regardless of where harm has occurred III. Law enforcement personnel must be trained and equipped to address high-tech crimes IV. Legal systems must protect the confidentiality, integrity, and availability of data and systems from unauthorized impairment and ensure that serious abuse is penalized V. Legal systems should permit the preservation of and quick access to electronic data, which are often critical to the successful investigation of crime U.S. Department of Justice Computer Crime and Intellectual Property Section (CCIPS)
  111. 111. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited The G8 Countries: Principles to Combat High-tech Crime (cont’d) VI. Mutual assistance regimes must ensure the timely gathering and exchange of evidence in cases involving international high-tech crime VII. Transborder electronic access by law enforcement to publicly available (open source) information does not require authorization from the State where the data resides VIII. Forensic standards for retrieving and authenticating electronic data for use in criminal investigations and prosecutions must be developed and employed IX. To the extent practicable, information and telecommunications systems should be designed to help prevent and detect network abuse, and should facilitate the tracing of criminals and the collection of evidence X. Work in this area should be coordinated with the work of other relevant international for to ensure against duplication of efforts
  112. 112. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited The G8 Countries: Action Plan to Combat High-Tech Crime (International Aspects of Computer Crime) In support of the PRINCIPLES, direct officials to: • Use established network of knowledgeable personnel to ensure a timely, effective response to transnational high-tech cases, and designate a point-of-contact who is available on a twenty-four hour basis • Take appropriate steps to ensure that a sufficient number of trained and equipped law enforcement personnel are allocated to the task of combating high-tech crime and assisting law enforcement agencies of other States • Review legal systems to ensure that they appropriately criminalize abuses of telecommunications and computer systems and promote the investigation of high- tech crimes • Consider issues raised by high-tech crimes, where relevant and when negotiating mutual assistance agreements or arrangements • Continue to examine and develop workable solutions regarding: the preservation of evidence prior to the execution of a request for mutual assistance; transborder searches; and computer searches of data where the location of that data is unknown
  113. 113. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited The G8 Countries: Action Plan to Combat High-Tech Crime (International Aspects of Computer Crime) (cont’d) In support of the PRINCIPLES, direct officials to: • Develop expedited procedures for obtaining traffic data from all communications carriers in the chain of a communication and to study ways to expedite the passing of this data internationally • Work jointly with industry to ensure that new technologies facilitate effort to combat high-tech crime by preserving and collecting critical evidence • Ensure that in emergency and appropriate cases, accept and respond to mutual assistance requests relating to high-tech crime by expedited but reliable means of communications, including voice, fax, or e-mail, with written confirmation to follow where required • Encourage internationally recognized standards-making bodies in the fields of telecommunications and information technologies to continue providing the public and private sectors with standards for reliable and secure telecommunications and data processing technologies • Develop and employ compatible forensic standards for retrieving and authenticating electronic data for use in criminal investigations and prosecutions
  114. 114. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Crime Legislation of EU
  115. 115. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Law Enforcement Interfaces Law enforcement interfaces include law enforcement agencies, and automated crime monitoring and reporting systems that work in coordination to enforce laws • Law enforcement agency • Intelligence agencies • Police • Secret police • Military police • Cyber crime reporting agencies such as Internet Crime Complaint Center (IC3) Law enforcement interfaces include:
  116. 116. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Summary Cyber crime has originated from the growing dependence on computers in modern life Federal laws related to computer crime, cyber stalking, search and seizure of computer, and intellectual property rights are discussed Various law enforcement agencies such as FBI and NIPC investigate computer facilitated crimes and help in tracking cyber criminals Building a cyber crime case and initiating investigation are crucial areas The FBI trains and certifies computer forensic examiners who work in FBI field offices to recover and preserve digital evidence Internet-related crime, like any other crime, should be reported to appropriate law enforcement investigative authorities at the local, state, federal, or international levels, depending on the scope of the crime
  117. 117. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  118. 118. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×