Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Investigating Cyber Crime: The Role & Limits of Service Providers Felix Mohan CISO
Service Providers <ul><li>Unified Access Service Licensees (Mobile, Fixed, Broadband & IPTV) </li></ul><ul><li>Internet Se...
Operations Voice Data Mobile Fixed Line Voice Data Service Provider GSM/CDMA GPRS PSTN Broadband
Interception Points Mobile –Voice & Data(GPRS)  Fixed Line – Voice & Data (Broadband) National Long Distance Landing Stati...
Information provided by Service Providers Voice Interception Data Interception/Preservation <ul><li>Call Content - Voice <...
LEA-Service Provider Interface Service Providers Designated Agencies <ul><li>All service Providers have appointed: </li></...
Requests for Interception Categories of Requests Regular Requests Emergent Requests <ul><li>Has to be approved by Union / ...
Issues Emergent Requests <ul><ul><li>Being sent as per procedure, but some not being followed up by the Approval from Comp...
Issues IT (Amendment) Act 2008 <ul><ul><li>Section 43A  – Mandates protection of customers’ sensitive information. One Cro...
Way Forward Guidelines for Cooperation between LEAs and Service Providers <ul><ul><li>Majority of the recommended guidelin...
Thank you
Upcoming SlideShare
Loading in …5
×

Service Provider Role and Limits

362 views

Published on

  • Be the first to comment

  • Be the first to like this

Service Provider Role and Limits

  1. 1. Investigating Cyber Crime: The Role & Limits of Service Providers Felix Mohan CISO
  2. 2. Service Providers <ul><li>Unified Access Service Licensees (Mobile, Fixed, Broadband & IPTV) </li></ul><ul><li>Internet Service Provider </li></ul><ul><li>National Long Distance Service Provider </li></ul><ul><li>International Long Distance Service Provider </li></ul>
  3. 3. Operations Voice Data Mobile Fixed Line Voice Data Service Provider GSM/CDMA GPRS PSTN Broadband
  4. 4. Interception Points Mobile –Voice & Data(GPRS) Fixed Line – Voice & Data (Broadband) National Long Distance Landing Station International Long Distance Voice Interception & CRI Voice and Data Interception & CRI Voice Interception & CRI Voice and Data interception & CRI Data Interception BTS MS Mobile Station BSC MSC Serving GPRS Support Node Gateway GPRS Support Node SGSN GGSN HLR MDF Pillar CPE CT 3 RSU DLC RSU DLU Access Transmission Network SDH SDH SDH SDH Copper Network MSU DSLAM Access & Aggregator Ring BRAS Backhaul Transmission Network POI 1 POI 3 POI 2 NOC NLD Switch ATM Cloud MPLS Cloud
  5. 5. Information provided by Service Providers Voice Interception Data Interception/Preservation <ul><li>Call Content - Voice </li></ul><ul><li>Location Details </li></ul><ul><li>Data-related </li></ul><ul><li>Call Content - VOIP </li></ul><ul><li>Information exchange, download, upload </li></ul><ul><ul><li>Files, messages, email </li></ul></ul><ul><li>Browsing details </li></ul><ul><ul><li>URLs </li></ul></ul><ul><li>Activity details </li></ul><ul><ul><li>IP addresses, fixed/mobile number </li></ul></ul><ul><li>Call Related Information (CRI) </li></ul><ul><ul><li>Details of Home Network </li></ul></ul><ul><ul><li>Details of Roaming Network </li></ul></ul><ul><ul><li>CDR by Tower location (Cell-ID) </li></ul></ul><ul><ul><li>CDR by Calling/Called Number </li></ul></ul><ul><ul><li>Location details of subscriber </li></ul></ul><ul><ul><li>Location details of roamer </li></ul></ul><ul><ul><li>Called ID Location </li></ul></ul><ul><ul><li>Application form and ID Proof Post Paid </li></ul></ul><ul><ul><li>Application form and ID Proof Prepaid </li></ul></ul><ul><ul><li>Subscriber’s Details Prepaid & Postpaid </li></ul></ul><ul><ul><li>Subscriber’s Details with Original Photographs </li></ul></ul><ul><ul><li>Subscriber details by SIM number </li></ul></ul><ul><ul><li>Subscriber details by IMSI number </li></ul></ul><ul><ul><li>Recharge History of a particular prepaid number </li></ul></ul><ul><ul><li>Mobile number recharged by a particular recharge coupon </li></ul></ul><ul><ul><li>IMEI Number of Subscriber </li></ul></ul>
  6. 6. LEA-Service Provider Interface Service Providers Designated Agencies <ul><li>All service Providers have appointed: </li></ul><ul><ul><li>Nodal Officers, and </li></ul></ul><ul><ul><li>Alternate Nodal Officers </li></ul></ul><ul><li>in all 23 Telecom Circles for interaction with Designated Agencies. </li></ul><ul><li>The details of CEO/COO, Nodal Officers and Alternate Nodal Officers are shared with all Designated Agencies </li></ul><ul><li>TERM, DoT </li></ul><ul><li>Intelligence Bureau </li></ul><ul><li>Narcotics Control Bureau </li></ul><ul><li>Directorate of Enforcement </li></ul><ul><li>Central Economic Intelligence Bureau </li></ul><ul><li>Directorate of Revenue Intelligence </li></ul><ul><li>Income Tax Department </li></ul><ul><li>Central Bureau of Investigations </li></ul><ul><li>Police of the respective States/UT </li></ul><ul><li>Directorate of Signal Intelligence (in J&K and North East only) </li></ul>Service Provider Nodal Organization Nodal Officer of respective Agency
  7. 7. Requests for Interception Categories of Requests Regular Requests Emergent Requests <ul><li>Has to be approved by Union / State Home Secretary </li></ul><ul><li>Has to be approved by the Head or second senior most officer not below the rank of IG </li></ul><ul><li>Has to be confirmed by Union / State Home Secretary within 7 days </li></ul><ul><li>Provisioned for 60 days </li></ul><ul><li>Provisioned for 7 days. If confirmed by Home Secretary, can be extended up to 60 days </li></ul>Extension of Interception <ul><li>Can be extended for a maximum period of 180 days with the approval of Union / State Home Secretary </li></ul>Delivery of Requests <ul><li>Officer not below the rank of SP has to convey the request for interception </li></ul><ul><li>It should be delivered in a sealed envelope. </li></ul><ul><li>No Request through Telephone, SMS, Fax and email. </li></ul><ul><li>Request should be delivered by an officer not below the rank of Sub Inspector. </li></ul>
  8. 8. Issues Emergent Requests <ul><ul><li>Being sent as per procedure, but some not being followed up by the Approval from Competent Authority </li></ul></ul>Approvals <ul><ul><li>Delegation of powers </li></ul></ul>Jurisdiction <ul><ul><li>State Police-related </li></ul></ul>Multiple-record requests <ul><ul><li>Not as per DOT letter No 16-1/2006-BS.II(Pt.)/771 dated 18 Sep 2006 </li></ul></ul><ul><ul><li>Customer privacy </li></ul></ul>Receipt <ul><ul><li>Fax, Public Email IDs </li></ul></ul><ul><ul><li>Non-standard request formats </li></ul></ul><ul><ul><li>Despite LEAs having Nodal Officers, some requests come in from other officers </li></ul></ul>Delivery <ul><ul><li>Delivery requests to public email IDs (Gmail, Yahoo etc) </li></ul></ul><ul><ul><li>No encryption / secure channel for communication </li></ul></ul>Prioritization of Requests
  9. 9. Issues IT (Amendment) Act 2008 <ul><ul><li>Section 43A – Mandates protection of customers’ sensitive information. One Crore penalty for breach per customer </li></ul></ul><ul><ul><li>Subscriber details (containing sensitive PII) shared monthly with LEAs needs to be accorded due security classification in view of above </li></ul></ul><ul><ul><li>Section 67C – Mandates preservation and “retention” of information as specified by Govt. </li></ul></ul><ul><ul><li>Need to workout an optimized sub-set of information for retention. </li></ul></ul><ul><ul><li>Section 79 – Liability of Intermediaries </li></ul></ul><ul><ul><li>Expeditiously remove the information/data, or disable the communication link used for the unlawful activity </li></ul></ul><ul><ul><li>Ensure no vitiation of evidence in any way </li></ul></ul>
  10. 10. Way Forward Guidelines for Cooperation between LEAs and Service Providers <ul><ul><li>Majority of the recommended guidelines are already being followed by Service Providers – especially with regards to: </li></ul></ul><ul><ul><ul><li>Verification of source of request </li></ul></ul></ul><ul><ul><ul><li>Documented processes </li></ul></ul></ul><ul><ul><ul><li>Designated contacts </li></ul></ul></ul><ul><ul><ul><li>Confidentiality of requests received </li></ul></ul></ul><ul><ul><ul><li>Earmarked resources </li></ul></ul></ul><ul><ul><ul><li>Training of personnel, and </li></ul></ul></ul><ul><ul><ul><li>Response & provisioning time </li></ul></ul></ul><ul><ul><ul><li>Periodic audit of the interception process </li></ul></ul></ul>Enhanced Cooperation <ul><ul><li>Service Providers increasingly becoming victims of cybercrime. </li></ul></ul><ul><ul><ul><li>Need for better and enhanced cooperation with LEAs, through a formal Forum for sharing of cybercrime trends & incidents; and sharing of techniques and mechanisms deployed for combating cybercrime </li></ul></ul></ul><ul><ul><ul><li>Standardized documentation, tools, and processes across LEAs and Service Providers </li></ul></ul></ul>
  11. 11. Thank you

×