Cyber Crime -Study Cases In World WidePrepared by : Maruti Nandan PandyaB.Tech 8th semCS-A, 48 (09EARCS051)
Index Introduction Cyber Crime Cyber Law Information Technology Act, 2000 Amendments in Information Technology Act Case Study : Credit Card Fraud Case Study : Phishing Conclusion
Computer CrimeCyber crime encompasses any criminal act dealingwith computers and networks (called hacking).Additionally, cyber crime also includes traditional crimesconducted through the internet. For example; hatecrimes, telemarketing and Internet fraud, identity theft,and credit card account thefts are considered to be cybercrimes when the illegal activities are committed throughthe use of a computer on Internet.
Cyber LawCyber Law is the law governing cyber space. Cyberspace is a wide term and includes computers, networks,software, data storage devices (such as hard disks, USBdisks), the Internet, websites, emails and even electronicdevices such as cell phones, ATM machines etc.Law encompasses the rules of conduct: 1. that have been approved by the government, and 2. which are in force over a certain territory, and 3. which must be obeyed by all persons on that territory.
Cyber Law (Cont.)Violation of these rules could lead to government actionsuch as imprisonment or fine or an order to paycompensation.Cyber law encompasses laws relating to: 1. Cyber Crimes 2. Electronic and Digital Signatures 3. Intellectual Property 4. Data Protection and Privacy
Cyber Law In India• Primary source is Information Technology Act, 2000 (IT Act), which came into force on Oct 17th, 2000. • Purpose: To provide legal recognition to electric commerce and to facilitate filing of electronic records. • Provides Strict punishments (imprisonment up to 10yrs and compensation up to Rs 1 crore ).• Information Technology (Certifying Authorities) Rules, 2000 also came into force that day. • Prescribe the eligibility, appointment and working of Certifying Authorities (CA).
Amendments in IT Act• Indian Penal Code penalizes forgery of electronic records, cyber frauds, destroying electronic evidence etc.• Digital Evidence is to be collected and proven in court as per the provisions of the Indian Evidence Act.• Order relating to blocking of websites was passed on 27th February, 2003.• Bankers’ Book Evidence Act was introduced to attain bank frauds.• The Reserve Bank of India Act was also amended by the IT Act.
1. Credit Car Fraud• Credit card fraud is a wide-ranging term for theft and fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account.• Credit card fraud is also an adjunct to identity theft.• The cost of card fraud in 2006 were 7 cents per 100 dollars worth of transactions
The ScenariosThe assistant manager (the complainant) with the fraud control unitof a large business process outsourcing (BPO) organization filed acomplaint alleging that two of its employees had conspired with acredit card holder to manipulate the credit limit and as a resultcheated the company of INR 0.72 million.The BPO facility had about 350 employees. Their primary functionwas to issue the banks credit cards as well as attend to customerand merchant queries. Each employee was assigned to a specifictask and was only allowed to access the computer system for thatspecific task. The employees were not allowed to make anychanges in the credit-card holders account unless they receivedspecific approvals.
InvestigationThe investigating team visited the premises of the BPO andconducted detailed examination of various persons to understandthe computer system used. They learnt that in certain situations thesystem allowed the user to increase the financial limits placed on acredit card. The system also allowed the user to change thecustomers address, blocking and unblocking of the address,authorisations for cash transactions etc.The team analysed the attendance register which showed that theaccused was present at all the times when the fraudulent entrieshad been entered in the system. They also analysed the systemlogs that showed that the accusers ID had been used to make thechanges in the system.
The Law• Section of Law: 66 of Information Technology Act 2000 & 120(B), 420,467, 468, 471 IPC.• Depending upon the case, provisions of the Information Act and Prevention of Money Laundering Act will apply.
Current Status & ResultThe BPO was informed of the security lapse in thesoftware utilized. Armed with this evidence theinvestigating team arrested all the accused andrecovered, on their confession, six mobile phones,costly imported wrist watches, Jewells, electronic items,leather accessories, credit cards, all worth INR 0. 3million and cash INR 25000.The investigating team informed the company of thesecurity lapses in their software so that instances likethis could be avoided in the future
2. Phishing•With the tremendous increase in the use of onlinebanking, online share trading and ecommerce, there hasbeen a corresponding growth in the incidents of phishingbeing used to carryout financial frauds.•Phishing involves fraudulently acquiring sensitiveinformation (e.g. passwords, credit card details etc.) bymasquerading as a trusted entity.
The ScenariosThe complainant approached the police stating that she had beenreceiving obscene and pornographic material at her e-mail addressand mobile phone. She stated that this person appeared to know alot about her and her family and believed that her e-mail accounthad been hacked.
InvestigationThe investigating team using a different e-mail ID tried to chat withthe accused using the complainant’s e-mail ID. Subsequently theinvestigating team was able to identify the ISP address of thecomputer system being used and it was tracked to an organizationin Delhi.The investigating team visited the company and through its serverlogs was able to identify the system from which the obscenematerial was sent. Using forensic disk imaging and analysis toolsthe e-mails were retrieved from the system. The residence of theaccused was located and the hard disk of his personal computerwas seized. On the basis of the evidence gathered the accusedwas arrested.
The LawSections 43 and 66 of Information Technology Act andsections 419, 420 and 468 of Indian Penal Code.
Current Status & ResultThe case has been finalized and is currently pending administrative approval.
Conclusion• Every minute, 232 computers are infected by malware.• The lightning speed at which cybercriminals develop attacks and new malware code is making it harder for global organizations to manage fraud risk. One of the most important lines of defense is intelligence and awareness of the potential risks.• As we move into 2012, the combined efforts by law enforcement . and industry to improve information sharing and collaboration along with the move towards intelligence-driven security will help drive response to cyber threats in near real-time and further narrow the window of opportunity for cybercriminals