Isaca june 19, 2010


Published on

Published in: Education, Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Isaca june 19, 2010

  1. 1. Emerging Trends in Cyber Crime Vicky Shah, Digitally signed by Vicky Shah Vicky Date: 2010.06.20 14:49:30 Z Reason: Presented for Founder – THE EAGLE EYE Shah Educational Purpose Signature Location: Mumbai Not Verified - India YOUR INFORMATION SECURITY IS OUR BUSINESS
  2. 2. Is this Reality? • Computers and internet changed our lives so much that now if we don't have access to e-mail for a day or two, we feel uncomfortable. • Computer and Information security has become a crucial legal and a technical issue. • Is the internet taking over our lives? • We are on the Net 24x7, whether it’s our PCs, Laptops or Mobiles. • Have we started relating more to virtual world than real world?
  3. 3. What we do Online?  Email: Love it for speed and hate it for SPAM.  Chat: Instant Messaging and real time communication  Google Maharaja: GOD of Search  Social Networking: Facebook, Orkut and Twitter have become our clone  Reading Blogs: Research, Education, etc..  You Tube: Free Videos  Downloading: Changed the definition of Free Food.
  4. 4. Cyber Crime Challenges - Global  Perpetrator  Easy to learn techniques and acquire tools  Small investments that cause massive economic damage  No need for physical contact with the victims  When done subtly it leaves few or no traces  Easy for players to hide – Anonymity  Service Providers  Many network operators are involved  Many countries may be involved – No boundary  Different policy of different companies  Inadequate cyberspace legislation  No common law for the entire world  No effective regulatory body for content
  5. 5. India – Growing Challenges • Exponential growth of Internet use • Interconnected business and government • E-governance growth has implications for Information Security, Privacy and Cyber Security – Income Tax, Excise, Customs, Sales tax networks connected – Smart cards, UID being issued – Land records computerized – Police networks – Defense is no longer arms & ammunition but GPS & networks
  6. 6. Transformation  In 2001, we were afraid of rockets destroying buildings and computer centers... 9/11  Today, we should be aware of software destroying rockets and missiles!
  7. 7. Case Statistics IT ACT (2004 – 2007) Source: Chapter 18: GOI
  8. 8. Case Statistics IPC (2004 – 2007) Source: Chapter 18: GOI
  9. 9. Cyber Incidents (Wireless) • September 13, 2008: Indian Mujahideen militants used unsecured WiFi system of a company in Chembur • August 2008: A stray terror e-mail was traced to the Khalsa College, Matunga, Mumbai. • July 2008: E-mails were sent before and after the Ahmedabad blasts. One was traced to Navi Mumbai and the other to an IP address in Vadodara. • May 2008: A terror e-mail was sent before the Jaipur Incidents blasts from a cyber cafe in Ghaziabad. • November 2007: Serial blasts in Lucknow, Varanasi, and Faizabad courts in UP. The terror e-mail was sent by Indian Mujahideen (IM) from a cyber café in Laxmi Nagar, Delhi.
  10. 10. Mumbai Terror Attack 26/11 • Use of technology by the attackers Terrorists are using – Global Positioning Satellite sophisticated technology devices. systems – Blackberry It is complicated and difficult to develop – CDs with high resolution and coordinate satellite images necessary security measures to counter – Multiple cell phones with such threats switchable SIM cards – Satellite phones
  11. 11. Source: March 21, 2020 Times of India
  12. 12. Source: April 20, 2010 HT Cafe
  13. 13. Lack of Cyber Knowledge  Hampers a parent’s ability to raise their children  appropriate amount of teaching and ethical foundation.  Creates a greater differences in families  Culture of Security and Respectability in Question  Raises children with no cyber ethical guidance: bad for business and society as a whole.
  14. 14. Cyber Security & Computer Related Offense
  15. 15. What is Cyber Security? • Security deals with three primary issues, called the CIA triad. – Confidentiality • Assurance that only authorized user may access a resource – Integrity • Assurance that resource has not been modified – Availability • Assurance that authorized user may access a resource when requested • Cyber Security is concerned with the risk of malpractices in the cyberspace which involves the people, process and technology.
  16. 16. Cyber Crime/Computer Related Offense  Crimes performed or resorted to by abuse of electronic media or otherwise, with the purpose of influencing the functioning of computer or computer system  In simple words,  Cyber/Computer Crime is any crime where:  Computer is a target  Computer is a tool of crime  Computer is incidental to crime.
  17. 17. Computer Related Offense  Common types of Crimes may be broadly classified in the following groups: 1)Against Individual 2)Against Organization 3)Against Society
  18. 18. Crime Against Individual  Against Person: i. Harassment Through e-mails ii. Cyber-Stalking iii. Dissemination of obscene material on the Internet iv. Defamation v. Hacking/Cracking vi. Indecent Exposure  Against property of an individual: i. Computer vandalism (damage) ii. Transmitting virus iii. Internet Intrusion iv. Unauthorized control over computer system v. Hacking /Cracking
  19. 19. Crime Against Organization  Against Government, Private Firm, Company, Group of Individuals: i. Hacking & Cracking ii. Possession of unauthorized Information iii. Cyber terrorism against the government organization iv. Identity Theft/Impersonation v. Distribution of pirated software, etc…
  20. 20. Crime Against Society  At large, i. Pornography (specially child pornography) ii. Polluting the youth through Indecent Exposure iii. Trafficking iv. Hate Speech, Anti Communities, v. Discrimination and Derogatory remarks on Religion/Caste on online platform
  21. 21. Email Crimes • Spamming and Unsolicited Mail • Blackmailing/Defamatory Mail • Extortion/Threatening/Obscene/Abusive Mail • Transmission of Malwares (Virus/Worm/Trojan) • Advance Fee Schemes – Lottery Schemes – Nigerian Scams – Job Opportunities, Mule • Phishing Scams, Identity Theft
  22. 22. Cyber Incidents  Mobile Phone based  Forgery, illegal interception & ID Theft  Payment card fraud & e-funds transfer fraud  On-line Gaming/Betting  Theft of Internet & Telephone services  IP offences: illegal software; copyright breaches etc.  Misuse of Technology: Mobile and Wi-Fi  Commercial/Corporate Espionage  On-line Securities Fraud  Extortion & Criminal conspiracy
  23. 23. Emerging Trends and Threats for 2010 - 2011  Spamdexing - Many types of businesses use search engine optimization to be listed more prominently in searches conducted on Google and other sites.  In Spamdexing a Web site with relevant keywords or search terms, is being increasingly used by cybercriminals seeking to disguise malware as legitimate software.  Because so many consumers tend to trust rankings on leading search engines, they may readily download one of the fake software packages.
  24. 24. Contd…  Cloud Computing:  Jumping in the cloud - the expense to maintain a physical IT infrastructure, the thought of replacing server rooms and haphazardly configured appliances with cloud services is simply too hard for many companies to resist.  But rushing into the cloud without a security strategy is a recipe for risk.
  25. 25. Contd…  Social Engineering: Public Enemy Number One:  less than two years, social networking has gone from an abstract curiosity to a way of life for many people.  Cabinet Minister Lost his Job recently  Vulnerabilities: OS Versus Application  Trends are shifting from OS now the applications are being targeted.
  26. 26. Contd…  Advertising replaced by Malvertising  rogue software - Malware as a Service (MaaS)  Web Content Filters
  27. 27. Resourse: Cybercrime Scenario, Investigation Lifecycle, Cybercrime Analysis Categories: North Virginia Technology Council, aV. Lillard Cyber Crime Investigation Lifecycle Incident Expert Witness Awareness / Testimony Preliminary Analysis Consultation Prevention Technologies Improved Processes Image New Security Policies Acquisition/ Improved Configurations Recovery Preliminary/ Detailed Containment Final Report Analysis Presentation
  28. 28. Resourse: Cybercrime Scenario, Investigation Lifecycle, Cybercrime Analysis Categories: North Virginia Technology Council, Terrence V. Lillard Cyber Crime Analysis Categories Cybercrime Scene Cybercrime Investigation Lifecycle Cyber Offender Characteristics Cybercrime Offender Signatures Cybercrime Motivations Cybercrime Reconstruction Deductive Analysis Cyber-Victimology Cybercrime Scene Characteristics Cybercrime Modus Operandi Cyber-Geographical Mapping Equivocal Forensics Digital Evidence Analysis
  29. 29. Profile of People Involved  Insider - Disgruntled employees and ex-employees, spouses, lovers  Crackers - Crack into networks with malicious intent, Setting traps, etc…  Virus Writer - Pose serious threats to networks and systems worldwide  Foreign Intelligence - Use cyber tools as part of their services, For espionage activities, Can pose the biggest threat to the security of another country  Terrorists - Use to formulate plans, to raise funds, propaganda  Script Kiddies - Use tools available on the net
  30. 30. Case Study
  31. 31. © DSCI
  32. 32. Important Case - MMS  CEO of was arrested in December 2004 because a CD with objectionable material was being sold on the website. The CD was also being sold in the markets in Delhi.  The Mumbai city police and the Delhi Police got into action. The CEO was later released on bail.  THIS OPENED UP THE QUESTION AS TO WHAT KIND OF DISTINCTION DO WE DRAW BETWEEN INTERNET SERVICE PROVIDER AND CONTENT PROVIDER. RESULTED IN AMENDMENTS OF IT ACT 2000.  The burden rests on the accused that he was the Service Provider and not the Content Provider. It also raises a lot of issues regarding how the police should handle the cyber crime cases and a lot of education is required.
  33. 33. Source Working of Money Mule
  34. 34. PLEASE If a stranger came up to you on the street would You give him/her your Name, You give him/her your Date of Birth, You give him/her your Likes/Dislikes, You give him/her your Email Id, You give him/her your Contact Number ? You give him/her your Photograph? NO ! NO ! NO ! NO! NO! THEN WHY DO YOU PUBLISH THE SAME ON SOCIAL NETWORKING WEBSITES?????
  35. 35. How you should handle and approach?  Don’t Panic  Call in your incident response team.  Contain the problem and avoid the “quick fix.”  Take good notes of the entire situation.  Have your backup facilities ready.  Get rid of the problem.  Use trusted, uncompromised communications.  Know what to say, to whom and when.  Know when to involve Crime Investigator.
  36. 36. Investigations
  37. 37. Electronic Information & Investigations  Today’s litigious and regulatory environments mean organizations are obligated to electronically store information to support discovery and disclosure requests.  Organizations that archive email risk losing control and may struggle to produce evidential-quality email evidence.  Email is a technological issue, this requires technological solutions.
  38. 38. Sample Header 1. Return-Path: <> 2. Received: from ([]) by for <>;Fri, 18 Feb 2000 11:46:07 -0500 3. Received: from ([]) smtpd (for []) with SMTP; 18 Feb 2000 16:55:44 4. Received: from ( []) by for <>; Fri, 18 Feb 2000 11:55:44 –0500 (EST) 5. Message-ID: <> 6. Received: from by with HTTP; Fri, 18 Feb 2000 08:55:43 7. X-Originating-IP: [] 8. From: “Secret" <> 9. To: 10. CC:
  39. 39.  1. Return-Path: <>  Line (1) tells other computers who really sent the message, and where to send error messages (bounces and warnings).
  40. 40. 2. Received: from ([]) by for <>;Fri, 18 Feb 2000 11:46:07 -0500 3. Received: from ([]) by via smtpd (for []) with SMTP; 18 Feb 2000 16:55:44 4. Received: from ( []) by mx for <>; Fri, 18 Feb 2000 11:55:44 -0500 (EST)  Lines (2), (3) and (4)show the route the message took from sending to delivery.  Each computer that receives this message adds a Received: field with its complete address and time stamp; this helps in tracking delivery problems.
  41. 41.  5. Message-ID: 20000218165543.56965.qmail@hotm  Line (5) is the Message-ID, a unique identifier for this specific message. This ID is logged, and can be traced through computers on the message route if there is a need to track the mail.
  42. 42. Trace This  6. Received: from by with HTTP; Fri, 15 Feb 2004 08:55:43  Line (6) shows where the email was first received from with the IP address of the sender  Also show the date and time when the message was sent.
  43. 43. 7. X-Originating-IP: []  Line (7) shows the originating IP address of the sender, but without the date and time the IP address will not allow you to identify the specific user.  This may or may not be present in Headers  If the IP Address is a “Static” Address you WILL be able to identify the specific user. (most IP Address are “dynamically” assigned)
  44. 44.  8. From: “Secret"  Line (8) tells the name and e-mail address of the message originator (the "sender").  Generally this is the domain name we want to trace
  45. 45. 9. To:  Line (9) shows the name and e-mail address of the primary recipient; the address may be for a  mailing list, (  system-wide alias, (  a personal username.
  46. 46. 10. CC:  Line (10) lists the names and e-mail addresses of the "courtesy copy" recipients of the message.  There may be "Bcc:" recipients as well; these "blind carbon copy" recipients get copies of the message, but their names and addresses are not visible in the headers.
  47. 47. Email as Evidence Copyright 1. Ensure the use of email is subject to agreed procedures, which are supported and enforced by management at a high level. Acceptable use policies must prescribe good usage and identify bad usage. 2. Train users of email in acceptable use, and their rights and the obligations expected of them. 3. Implement access control mechanisms to computer systems – so that use can be attributed to a person, a terminal, a date and a time. 4. Ensure computer systems are kept safe and secure, so that the systems and the data within are protected from unauthorized access and accidental or deliberate loss and damage. 5. Retention and deletion of email should be organization-defined, not user defined. Individual users should not have any discretion as to the categories of emails that should be retained or deleted. 6. Implement a solution that archives and stores emails centrally. The archive should support all the main file formats and also retain metadata. 7. The archive should classify emails entering the archive at the point-of-entry. The archive should prevent the entry of duplicates. 8. Ensure the archiving platform facilitates the exporting of evidence as files as a part of the e- discovery process. 9. Implement an archiving solution that allows full search and retrieval. Metadata should be searchable as should content. 10. Enable logging of all events acting on the archive. The logs should be retained as part of the archive, for auditing and verification purposes. 11. Provide contingency for continuity of both archiving and discovery in the event of an outage. 12. Ensure the archiving platform supports the marking-up of files, so that privileged materials can be withheld and/or redacted during e-discovery.
  48. 48. IT Act 2008 (xiii) Data Protection (Sections 43 & 66) (xiv) Various types of computer crimes defined and stringent penalties provided under the Act (Section 43 and Sections 66, 67, 72) (xv) Appointment of Adjudicating officer for holding inquiries under the Act (Sections 46 & 47) (xvi) Establishment of Cyber Appellate Tribunal under the Act (Sections 48-56) (xvii) Appeal from order of Adjudicating Officer to Cyber Appellate Tribunal and not to any Civil Court (Section 57) (xviii) Appeal from order of Cyber Appellate Tribunal to High Court (Section 62) (xix) Interception of information from computer to computer (Section 69) (xx) Protection System (Section 70) (xxi) Act to apply for offences or contraventions committed outside India (Section 75) (xxii) Investigation of computer crimes to be investigated by officer at the PI (xxiii) Network service providers not to be liable in certain cases (Section 79) (xxiv) Power of police officers and other officers to enter into any public place and search and arrest without warrant (Section 80) (xxv) Offences by the Companies (Section 85) (xxvi) Constitution of Cyber Regulations Advisory Committee who will advice the Central Government and Controller (Section 88)
  49. 49. IT Act 2008 • New Section to address promotion of e-Governance Section 6A & other IT application – Delivery of Service – Outsourcing – Public Private Partnership • New Section to address electronic contract Section 10A • New Section to address data protection and privacy Section 43 • Body corporate to implement best security practices Sections 43A & 72A • Preservation and Retention of Data/Information Section 67C • Revision of existing Section 69 to empower Central Section 69 Government to designate agencies and issue direction for interception and safeguards for monitoring and decryption • Blocking of Information for public access Section 69A Monitoring of Traffic Data and Information for Section 69B Cyber Security • New section for designating agency for protection Section 70A of Critical Information Infrastructure • New Section for power to CERT-In to call and Section 70B analyse information relating to breach in cyber space and cyber security
  50. 50. Legal Scenario - India • Section 65 - Tampering with computer source code • Section 66 – Computer Related Offence Indian IT • Section 66 A – Obscene Communication • Section 66 B – Stolen Resource Act, 2000 • Section 66 C – Identity Theft • Section 66 D – Cheating by Personation • Section 66 E – Violation of Privacy • Section 66 F – Cyber Terrorism • Section 67 A– Pornography • Section 67 B – Child Pornography • Section 72 - Breach of confidentiality and Privacy • Section 72 A – Disclosure of information in breach of lawful contract Indian • States any person who knowingly makes use of an illegal copy of computer program shall be punishable. Copyright • Computer programs have copyright protection, but no Act patent protection. • Section 406 - Punishment for criminal breach of trust Indian Penal • Section 420 - Cheating and dishonestly inducing delivery Code of property • Sectio 417, 419, 467, 509, etc… applicable as per the case Indian Offers following remedies in case of breach of contract: • Damages Contract Act, • Specific performance of the contract 1872
  51. 51. Way Forward  Shifting from a reactive to a proactive posture  Focus on more strategic approach  Get the right people together  Established a CISO or CSO position if not done yet  Engage Business and IT decision-makers in addressing security.  Embed security awareness more deeply across the enterprise  Plan for better security, earlier in development
  52. 52.  Strengthen incident response planning: (1) ensure that you have an integrated approach to security breaches, staffed by a skilled, interdisciplinary team; (2) have a consistent response procedure for incidents; (3) review security policies and align them with your incident response procedures; &
  53. 53. Recommendations • Awareness is important and any incident should be reported at once • Users must try and save any electronic information trail on their computers • Avoid giving out unnecessary information about yourself • Use the licensed, latest & updated anti-virus software, operating systems, web browsers and email programs • Check out the site you are doing business with thoroughly • Send credit card information only to secure sites • Protect your Website and Maintain Backups
  54. 54. Summary • 99% of the problem lies between the keyboard and chair i.e. the user • Every one a target; Every system a challenge • Cyber Security is not just a technical problem – everyone has a role to play in it • You cannot “fix” security – you can only manage it • AWARENESS OF THE THREAT IS ITSELF A KEY CONTROL
  55. 55. About Me Educational Qualifications:  B.Sc. Information Technology,  P.G.D. Information Technology,  P.G.D. Cyber Laws,  Master of Computer Applications Certifications:  Forensic Examiner: AccessData Certified Examiner,  Audit: ISO27001 Lead Auditor (IRCA) Founder – The Eagle Eye Founder - Co-Founder – Open Security Alliance Former Manager – DSCI & Senior Associate – Cyber Security NASSCOM.
  56. 56. Contact Details Questions Thank You for your patient listening! Email: Discussion Forum: Cell: +91-98201-05011 “Human Behaviour is the Biggest Risk in Security – Vicky Shah” “Cyber Space: Safe to Use; Unsafe to Misuse – NASSCOM”
  57. 57. Disclaimer  This presentation is prepared for knowledge sharing and awareness for ISACA Mumbai Chapter Members on June 19, 2010. You can use the information provided here with proper credits. I have tried not to hide original credits as far as possible, nor am I using this presentation for any personal financial gain. Information available in this presentation is not enforceable by law; however these are my view about the topic which I feel should be shared. Any errors, omissions, misstatements, and misunderstandings set forth in the presentation are sincerely apologized. Relying on the contents will be sole responsibility of the users. - Vicky Shah -