Legal aspects of handling cyber frauds


Published on

Published in: Law, Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Acquisition method:
    Acquired image name:
    Software with version number used for acquisition:
    The Chain of Custody file also has a running log that tracks evidence movement. Every time evidence is handed from one person to another an entry must be created here.
  • Electronic records – Sec. 2(1)(t) - "electronic record" means data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche.
  • Rule 3. Sensitive personal data or information.— Sensitive personal data or information
    of a person means such personal information which consists of information relating
    (i) password;
    (ii) financial information such as Bank account or credit card or debit card or
    other payment instrument details ;
    (iii) physical, physiological and mental health condition;
    (iv) sexual orientation;
    (v) medical records and history;
    (vi) Biometric information;
    (vii) any detail relating to the above clauses as provided to body corporate for
    providing service; and
    (viii) any of the information received under above clauses by body corporate
    for processing, stored or processed under lawful contract or otherwise:
    provided that, any information that is freely available or accessible in public
    domain or furnished under the Right to Information Act, 2005 or any other law for the
    time being in force shall not be regarded as sensitive personal data or information for
    the purposes of these rules.
  • Legal aspects of handling cyber frauds

    1. 1. Legal aspects of Handling Cyber Frauds IT ACT LEGAL LAW LIABILITY
    2. 2. What is a Cyber Crime? An unlawful act wherein the “Cyberspace” is used either as:- – a tool or – a target or – both
    3. 3. “CYBERSPACE”
    4. 4. Cyber Laws
    5. 5. Recent Rules under IT Act
    6. 6. Aims behind enactment
    7. 7. Jurisdiction
    8. 8. Virtual World Population Explosion : 1 Billion Leading to Changing Face of Crime…… Affecting…. Individuals Governments Organisations
    9. 9. 1 Dirty SMS = 3 Years of Jail Case Study 1 WHY r u sending me DIRTY SMS ? ---------------------- Don’t lie UR cell no has flashed on my screen SORRY !!! But I don’t know you. You are lying!!!
    10. 10. Threatening email was sent from this cyber café. Cyber Café has 100 machines & so many customers. HOW do I Investigate. ? 1 Threatening Email = 3 Years of Jail Case Study 2
    11. 11. Accounting Software worth crores is stolen. Interested in buying Accounting Software at a cheap cost ? Call 100-999-9999-22Location :India SALE!! SALE !! SALE!! Accounting Software Location: Finland Case Study 3
    12. 12. Case Study 4 Stake Holders Fake complaint via E-mail Employee upset with management Demand an ImmediateDemand an Immediate Explanation ?????Explanation ?????
    13. 13. Case Study 5 LOSS LOSS LOSS ????? I am losing all my tenders. SERVER CRIME SERVERCRIME SERVER Scenario at the officeScenario at the office
    14. 14. Where is the evidence ? Mobile Tower / Phones Finland OR Indian Server Cloud Internet How to Investigate ? Employees / People How to PROVE the CRIME? How to decipher 010101 ? Can I submit the media in Court ? VEXING Questions
    15. 15. Forensics is the process of using scientific knowledge for collecting, analyzing, and presenting evidence to the courts. (The word forensics means “to bring to the court.” ) Computer Forensics as the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law. Source : Forensics & Computer Forensics
    16. 16. Digital Evidence Digital evidence is information and data of value to an investigation that is stored on, received, or transmitted by an electronic device. This evidence is acquired when data or electronic devices are seized and secured for examination. Computer Forensics process Subjected To Storage Media DIGITAL EVIDENCE Acquires Sample illustrationSample illustration
    17. 17. May be found in: Can be hidden in: Can relate to : Digital Evidence
    18. 18. Office Setup Cyber Cafe Home PC Scene of Acquisition
    19. 19. Computer Forensics process would involve….. Forensic analysis of digital information Identifying network computer intrusion evidence Identifying & examining  malicious files. Employing techniques to  crack file & system passwords. Detecting  steganography Recovering deleted, fragmented & corrupted data Maintaining evidence custody procedures Courtroom Presentation
    20. 20. Steps in Computer Forensics 1.Identification of Digital Evidence 2.Acquisition of Media 3.Forensic Analysis of Media 4.Documentation & Reporting
    21. 21. THE A TEAM  Domain Expert  Computer Forensics expert  Forensics Accounting expert  Software expert  Lawyer
    22. 22. Acquisition of Media Authenticate the confiscated media Hash value of the suspect media Hash value of the cloned image file If acquisition hash equals verification hash, image is authentic. SHA 1/256
    23. 23. DOCUMENTATION….
    24. 24. Documentation & Reporting Broad outline of Computer Forensic Report 1.Introduction to the case 2.Background of the issue 3.Details of forensic analysis carried out 4.Certification
    25. 25. Evidence Forms  A detailed sheet about each evidence item  Item serial number  Item detailed description  Type  Make  Model  Date and time collected  Notes  Any serial numbers, labels
    26. 26. Chain of Custody  The movement and location of physical evidence from the time it is obtained until the time it is presented in court  Logs all evidence moves  HANDED BY  HANDED TO  DATE & TIME  Item serial number  Reason
    27. 27. Creating an Image of Media  Image is a bit-for-bit copy of the original  If a disk has 5000 sectors, then the image created will have an exact copy of all 5000 sectors in the same order  Media (evidence) must be protected from accidental writes / alterations Hard disk (media) Write-blocker Device Imaging workstation
    28. 28. Write blockers & alternatives  Write-blocker is a device that sits in between the computer and the media Blocks all write commands Lets through all read commands  Prevents accidental alteration / deletion / addition or data  Alternatives include using a forensic live boot CD or a drive duplicator
    29. 29. Indian Evidence Act  Sec. 3 (a) – Scope of definition of evidence expanded to include electronic records
    30. 30.  Sec. 65B - Admissibility of electronic records The person owning or in-charge of the computer from which the evidence is taken has to give certificate as to the genuineness of electronic record. INDIAN EVIDENCE ACT
    31. 31.  Sec. 88A - Presumption as to electronic messages  The Court may presume that an electronic message forwarded by the originator through an electronic mail server to the addressee to whom the message purports to be addressed corresponds with the message as fed into his computer for transmission; but the Court shall not make any presumption as to the person by whom such message was sent. INDIAN EVIDENCE ACT
    32. 32. The Information Technology Act  Sec. 79A - Central Government to notify Examiner of Electronic Evidence  The Central Government may, for the purposes of providing expert opinion on electronic evidence before any court or other authority specify, by notification in the Official Gazette, any Department, body or agency of the Central Government or a State Government as an Examiner of Electronic Evidence
    33. 33. CIVIL OFFENCES
    34. 34. Section 43  Unauthorised Access  Remedy – Damages by the way of compensation  Amount – Unlimited  What needs to be proved – Amount of damages suffered
    35. 35. Adjudication
    36. 36. Shri. Thomas Raju Vs ICICI Bank  Case decided by – the Adjudicating officer, Government of Tamilnadu  Petitioner suffered a loss of Rs. 1,62,800/- as a result of the phishing attack  Amount was supposed to have been transferred on the account of another customer of ICICI Bank  Petitioner claimed that he had suffered a loss due to unauthorised access to his account  Petitioner further claimed that he had suffered a loss as bank has failed to establish a due diligence and in providing adequate checks and safeguards to prevent unauthorised access into his account. Bank had also not adhered to the KYC norms given by the RBI.
    37. 37. Section 66  Removal of definition of “hacking”  Section renamed as Computer related offences  All the acts referred under Section 43, are covered u/Sec. 66 if they are done “dishonestly” or “fraudulently”
    38. 38. Section 43(A) – Compensation for failure to protect data If body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person  Liability – Damages by the way of Compensation
    39. 39. HSBC - Nadeem Kashmiri case  Based on complaints from customers - HSBC carried internal investigation - registers case  Involvement of Call centre employee (Nadeem Kashmiri)  He was arrested U/Sec. 66 & 72  HSBC also sued Call centre for the loss
    40. 40. Who is liable?
    41. 41. Issues  What is Sensitive Personal Information?  What are Reasonable Security Practices and Procedures?
    42. 42. SENSITIVE PERSONAL DATA OR INFORMATION Rule 8 - Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011.
    43. 43. Reasonable Security Practices
    44. 44. Auditing
    46. 46. Collection of Information Rule 5 - IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
    47. 47. Collection of Information
    48. 48. Privacy and Disclosure of Information policy Rule 4 - IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
    49. 49. Contents of Privacy policy
    50. 50. Disclosure Rule 6 - IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
    51. 51. Transfer of information Rule 7 - IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
    52. 52. Sec 72(A) (Criminal offence) Punishment for Disclosure of information in breach of lawful contract - Knowingly or intentionally disclosing “Personal Information" in breach of lawful contract Imprisonment up to 3 years or fine up to 5 lakh or with both (Cognizable but Bailable)
    54. 54. Section 66 A • Sending of offensive or false messages • Covers following sent by sms / email:-  grossly offensive messages  menacing messages  false information sent for causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will..  phishing, email spoofing, Spam mails, Threat mails • Punishment – imprisonment upto 3 years and fine
    55. 55. Section 66 B • Dishonestly receiving stolen computer resource or communication device • Covers use of stolen Computers, mobile phones, SIM Cards, etc • Punishment – imprisonment upto 3 years and fine
    56. 56. Section 66 C • Identity theft • Fraudulently or dishonestly using someone else’s electronic signature, password or any other unique identification feature • Punishment - imprisonment upto 3 years and fine
    57. 57. Section 66 D • Cheating by Personation • Cheating by pretending to be some other person • To create an e-mail account, Social networking a/c on someone else's name • Punishment – imprisonment upto 3 years and fine
    58. 58. Investigation Powers  Section 78 Cyber crime cases can now be investigated by Inspector rank police officers (PI)  Earlier such powers were with the “DYSP/ACP”
    59. 59. Sec. 79 Liability of Intermediary  Intermediary is not liable for any third party information, data, or communication link made available or hosted by him –  if his function is limited to providing access to such link  the intermediary does not—  initiate the transmission,  select the receiver of the transmission, and  select or modify the information contained in the transmission;
    60. 60. Sec. 79 Liability of Intermediary  Observing due diligence – The Information Technology (Intermediaries guidelines) Rules, 2011
    61. 61. Compounding of Offences Section 77 (A) Compounding – “Out of court settlement” Offences -  for which less than three years imprisonment has been provided and  Which are not committed against women or children can be compounded
    62. 62. Issues
    63. 63. Possible Solutions