Professional Documents
Culture Documents
Cyber Crime and Digital Forensics-Unit-II
Cyber Crime and Digital Forensics-Unit-II
Cyber Crime and Digital Forensics-Unit-II
UNIT-II
Mr.V.Yuvaraj
Assistant Professor – Department of Computer Applications
Dr. N.G.P. ARTS AND SCIENCE COLLEGE
Dr. N.G.P.-KALAPATTI ROAD
COIMBATORE-641 048
Tamil Nadu, India
Mobile: +917502919891,
E-mail: yuvaraj.v@drngpasc.ac.in
Dr. NGPASC
COIMBATORE | INDIA
Unit-II
Unauthorized Access Offences
in Cyberworld
Dr. NGPASC
COIMBATORE | INDIA
Unauthorized Access Offences
in Cyberworld
Criminal Statues
United States
• The CFAA
• The CFAA is a computer security statute aimed at protecting
the computers operated by the federal government and
banking institutions, and computers linked to the Internet.
• It creates criminal liability for “trespassing, threats, damage,
espionage,” and for government computers “being corruptly
used as instruments of fraud.”
Dr. NGPASC
COIMBATORE | INDIA
Unauthorized Access Offences
in Cyberworld
• Access Device Fraud
• Section 1029 outlaws the “production, use, possession, or
trafficking of unauthorized or counterfeit access devices.”
• In relation to Cybercrime, the DOJ asserts that the statute
could be used to prosecute a cybercriminal who employs
“phishing” emails to obtain victims’ private passwords and
financial account numbers, or where the cybercriminal deals in
stolen bank account or credit card information.
• The penalties for this variety of fraud are severe, including
civil forfeiture and prison terms ranging from a maximum of
10 or 15 years for first time offenders, with repeat offenders
being subject to a potential 20 years jail sentence.
Dr. NGPASC
COIMBATORE | INDIA
Unauthorized Access Offences
in Cyberworld
• Stored Wire and Electronic Communications and
Transactional Records Access:
• This statute criminalizes the unauthorized access of email and voicemail.
The felony version of the crime has five basic elements
(1) intentional access;
(2) without or in excess of authorization;
(3) access of a facility where an electronic communication service (ECS)
was provided;
(4) the defendant obtained, altered, or revented authorized access to a wire
or electronic communication while it was in “electronic storage;”
(5) the defendant acted “for purposes of commercial advantage, malicious
destruction or damage, or private commercial gain, or in furtherance of
any criminal or tortious act…”.
Dr. NGPASC
COIMBATORE | INDIA
Unauthorized Access Offences
in Cyberworld
The intent does not have to be directed at any particular program or data, at
programs or data of a particular kind, or at programs or data held in any particular
computer.
A person guilty of an offence under this section shall be liable:
(a) on summary conviction in England and Wales, to imprisonment for a term not
exceeding 12 months, or to a fine not exceeding the statutory maximum, or to
both;
(b) on summary conviction in Scotland, to imprisonment for a term not exceeding
6 months, or to a fine not exceeding the statutory maximum, or to both;
(c) on conviction on indictment, to imprisonment for a term not exceeding
2 years, or to a fine, or to both
Dr. NGPASC
COIMBATORE | INDIA
Unauthorized Access Offences
in Cyberworld
Jurisdiction
• The international character of some cybercrimes has caused
concern about the possibility of criminals escaping
prosecution because of jurisdictional issues. In 1985 an
accused sent a telex from London intending to divert funds
from New York to the accused’s account in Geneva.
• A final requirement is that of double criminality; that is, if the
person operates from within any of the home countries, yet is
intending to commit a further offence
Dr. NGPASC
COIMBATORE | INDIA
Unit-II
Dr. NGPASC
COIMBATORE | INDIA
Unit-II
Unsolicited Emails
• Since adding data to a computer falls within the definition of modification, the
question arises as to whether a person who adds data to, for example, a
computer disk, without authorization, has the requisite intent.
• Charges were brought under s3 of the Computer Misuse Act 1990 for making
an unauthorized modification to the contents of a computer.
• In the first instance, the judge held that the emails were authorized as the
employer’s computer system was set up to receive email.
• It was also held that s3 was designed to prevent the sending of material such
as computer viruses.
• On appeal, the High Court concurred that a person who sets up a computer to
receive emails is giving consent to emails being sent to that computer.
• But the consent does not extend to emails sent not for communication
purposes but to disrupt the system.
Dr. NGPASC
COIMBATORE | INDIA
Unit-II
Dr. NGPASC
COIMBATORE | INDIA
Unit-II
The New s3 Offence as Introduced by the Police and Justice Act 2006
• The Police and Justice Act 2006 has introduced a new s3 offence with the
new title of “unauthorized acts with intent to impair, or with
recklessness as to impairing, operation of computer, etc.”
• The relevant provisions came into force on 1 October 2008. the
impairment of the operation of any computer;
• (a) the impairment of the operation of any computer;
• (b) the prevention or hindering of access to any program or data held in
any computer;
• (c) the impairment of the operation of any such program or the reliability
of any such data; or
• (d) the enablement of any of the things mentioned in paragraphs (a)–(c)
above
Dr. NGPASC
COIMBATORE | INDIA
Unit-II
Computer Viruses
• A computer virus is a self-replicating program which spreads throughout a
computer system, attaching copies of itself to ordinary programs.
• Often, by the time the virus is detected, many back-up disks also will have
been infected
• There are literally, thousands of viruses and strains of viruses; some are
relatively innocuous, like the Italian virus which causes a bouncing ball to
appear on screen, but others are more pernicious and may completely
corrupt a hard disk.
• The “AIDS” disk mentioned earlier was distributed as part of a blackmail
scheme to over 30,000 organisations world-wide.
• Other recent viruses causing havoc and considerable expense, estimated to
run into billions of dollars world-wide, were the “I Love You”, SirCam and
Melissa viruses.
Dr. NGPASC
COIMBATORE | INDIA
Unit-II
Dr. NGPASC
COIMBATORE | INDIA
Unit-II
Injection of Malicious Code in Application
Introduction
One of the biggest headaches that come along with networked and internet-
connected computers is the absolute requirement of dealing with malicious
code attacks.
The unfortunate circumstances that wired societies face can be depicted in the
following manner.
– Organizations and individuals want computing and communications
resources, and want them as cheaply as possible.
– Software and hardware manufacturers work synergistically to meet
market demands for cheap but highly functional computing and
communications resources.
– The corporate interests that drive cooperation between software and
hardware manufacturers have resulted in a marketplace that is dominated
by very few companies.
Dr. NGPASC
COIMBATORE | INDIA
Unit-II
Injection of Malicious Code in Application
Dr. NGPASC
COIMBATORE | INDIA
Unit-II
Injection of Malicious Code in Application
•This labyrinth of social, political, and economic forces have several results, many of
which are very embarrassing for modern societies :
– Very few malicious code attackers are ever caught by the police.
– • Government agencies cannot catch up with malicious code attackers, let
alone build a national defense system to stop attacks.
– • Large organizations that purchase technology are the prisoners of the
dominant technology companies and have little resource or market alternatives.
– • Elected public officials, many of whom are the recipients of campaign contri-
butions from the dominant technology companies, are strongly resisting
confronting the industry about product liability.
Dr. NGPASC
COIMBATORE | INDIA
Unit-II
Injection of Malicious Code in Application
Dr. NGPASC
COIMBATORE | INDIA
Unit-II
Injection of Malicious Code in Application
– The virus is executed first, and then the original program is opened.
– If a program or file that is infected with a file infector virus is passed
from one computer to another, over a network or via floppy disk for
example, the virus will begin infecting the “clean” computer as soon as
the file or program is opened.
Dr. NGPASC
COIMBATORE | INDIA
Unit-II
Injection of Malicious Code in Application
• Macro Viruses
– Most common type of malicious code found today.
– This is due to the popularity of software such as Microsoft Office and
others such as Corel Draw, which use macro programming languages
extensively in their products.
– Macro viruses use an application’s own macro programming language
to distribute themselves. Macro viruses do not infect programs; they
infect documents.
– Macro viruses typically arrive in an infected document, a price list
written with MS Word for example.
– When the file is opened, the virus infects the base template on the
victim computer, in this case “Normal.dot”. Normal.dot is the
“framework” that Word documents are created on.
Dr. NGPASC
COIMBATORE | INDIA
Unit-II
Injection of Malicious Code in Application
• Worms
– A worm is a piece of code that can make fully functional copies of
itself and travel through a computer network and/or across the internet
through a number of means.
– A worm does not attach itself to other programs like traditional
viruses, but creates copies of itself, which in turn creates even more
copies.
– The computer “worm” is so-called because of the way in which
“rogue” computer code was originally detected. Printouts of computer
memory locations would show random “wormhole” patterns, much
like that of the patterns on worm eaten wood
Dr. NGPASC
COIMBATORE | INDIA
Unit-II
Injection of Malicious Code in Application
– Worms are prolific due to the fact that most are created using simple
scripting languages that can be created with a text editor and become
fully functional “programs” under the right conditions.
– For example, if you were to obtain a copy of the “I Love You” worm and
changed the files extension from vbs to txt, you could safely open the file
in Notepad and view the structure of the worm.
– This makes the vbs script worm extremely popular among the script
kiddy fraternity, as it takes no (or very little) programming knowledge to
modify an existing worm and release it into the wild
– (when a virus is circulating in the computing community or throughout
•
the internet, it is said to be “in the wild”.)
Dr. NGPASC
COIMBATORE | INDIA
Unit-II
Injection of Malicious Code in Application
Dr. NGPASC
COIMBATORE | INDIA
Unit-II
Legislative Approaches
Dr. NGPASC
COIMBATORE | INDIA
Unit-II
Legislative Approaches
Dr. NGPASC
COIMBATORE | INDIA
Dr. NGPASC
COIMBATORE | INDIA 32