March 19, 2012

Cyber Crimes
GUJARAT POLICE

MANOJ AGARWAL IPS

March 19, 2012

The transformation Two years ago, we were afraid of rockets destroying Today, we should buildings and be aware of computer software centres... destroying rockets and missiles!
GUJARAT POLICE

MANOJ AGARWAL IPS

March 19, 2012

IT Act 2000
Cyber Cases Investigation & Forensics

Issues to ponder
GUJARAT POLICE

MANOJ AGARWAL IPS

IT Act 2000 Objectives

Legal Recognition for E-Commerce

March 19, 2012

Digital Signatures and Regulatory Regime Electronic Documents at par with paper documents

E-Governance
Electronic Filing of Documents

Amend certain Acts Define Civil wrongs, Offences, punishments

Investigation, Adjudication Appellate Regime
GUJARAT POLICE

MANOJ AGARWAL IPS

March 19, 2012

Wrongs

Moral Wrongs

Civil Wrongs

Legal Wrongs Crimes Police has a Punishment defined role Fine to play Or both Criminal Court

Feeling of Aggrieved guilt approaches Police has a very limited role the STATE to play Compensation

GUJARAT POLICE

MANOJ AGARWAL IPS

March 19, 2012

Crimes

Non-Cognizable Offences
Police has Minor offencesa very limited role Aggrieved seeks to redressal play

Cognizable Offences
Serious ones Responsibility of the STATE to to get the offender punished

GUJARAT POLICE

MANOJ AGARWAL IPS

March 19, 2012

Cognizability and Bailability

Not mentioned in the Act
Rely on Part II of Schedule I of CrPC
If punishable with death, imprisonment for life or imprisonment for more than 7 years: Cognizable, Non-Bailable, Court of Session If punishable with imprisonment for 3 years and upwards but not more than 7 years: Cognizable, Non Bailable, Magistrate of First Class If punishable with imprisonment of less than 3 years: Non-Cognizable, Bailable , Any Magistrate (or Controller of CAs)
GUJARAT POLICE

MANOJ AGARWAL IPS

Civil Wrongs under IT Act

Chapter IX of IT Act, Section 43 Whoever without permission of owner of the computer
Secures access (mere U/A access)
Not necessarily through a network

Downloads, copies, extracts any data Introduces or causes to be introduced any viruses or contaminant Damages or causes to be damaged any computer resource
Destroy, alter, delete, add, modify or rearrange Change the format of a file

Disrupts or causes disruption of any computer resource

Preventing normal continuance of
GUJARAT POLICE

MANOJ AGARWAL IPS

 Denies or causes denial of access by any means

Denial of service attacks

Assists any person to do any thing above

Rogue Websites, Search Engines, Insiders providing vulnerabilities

Charges the services availed by a person to the account of another person by tampering or manipulating any computer resource
Credit card frauds, Internet time thefts

Liable to pay damages not exceeding one crore to the affected party Investigation of
ADJUDICATING OFFICER Powers of a civil court
GUJARAT POLICE

MANOJ AGARWAL IPS

Section 65: Source Code

Most important asset of software companies Computer Source Code" means the listing of programmes, computer commands, design and layout

GUJARAT POLICE

10

MANOJ AGARWAL IPS

Section 65.. Contd.

Ingredients
Knowledge or intention Concealment, destruction, alteration computer source code required to be kept or maintained by law

Punishment
imprisonment fine up to Rs 2 lakh up to three years, and / or

Cognizable, Non Bailable, JMIC

GUJARAT POLICE

11

MANOJ AGARWAL IPS

March 19, 2012

Section 66: Hacking

Ingredients
Intention or Knowledge to cause wrongful loss or damage to the public or any person Destruction, deletion, alteration, diminishing value or utility or injuriously affecting information residing in a computer resource

Punishment
imprisonment up to three years, and / or fine up to Rs 2 lakh

Cognizable, Non Bailable, JMFC

GUJARAT POLICE

12

MANOJ AGARWAL IPS

March 19, 2012

Hacking (contd.)
Covers crimes like
Trojan, Virus, worm attacks Logic bombs and Salami attacks Internet time theft Analysis of electromagnetic waves generated by computers

GUJARAT POLICE

13

MANOJ AGARWAL IPS

March 19, 2012

Examples
State versus Amit Pasari and Kapil Juneja Delhi Police
M/s Softweb Solutions Website www.go2nextjob.com hosted Complaint of hacking by web hosting service

State versus Joseph Jose

Delhi Police
Hoax Email - Planting of 6 bombs in Connaught place

State vesus Aneesh Chopra Delhi Police

Three company websites hacked Accused: An ex -employee State versus K R Vijayakumar
Bangalore Cyber Crime Police Station, 2001

Criminal intimidation of employers and crashing the companys server Phoenix Global solutions

GUJARAT POLICE

14

MANOJ AGARWAL IPS

Sec. 67. Pornography

Ingredients
Publishing or transmitting or causing to be published in the electronic form, Obscene material

Punishment
On first conviction imprisonment of either description up to five years and fine up to Rs 1 lakh On subsequent conviction imprisonment of either description up to ten years and fine up to Rs 2 lakh

Section covers
Internet Service Providers, Search engines, Pornographic websites

Cognizable, Non-Bailable, JMIC/ Court of Sessions

Sec 69: Decryption of information

Ingredients
Controller issues order to Government agency to intercept any information transmitted through any computer resource. Order is issued in the interest of the
sovereignty or integrity of India, the security of the State, friendly relations with foreign States, public order or preventing incitement for commission of a cognizable offence

Person in charge of the computer resource fails to extend all facilities and technical assistance to decrypt the information. GUJARAT POLICE
16
MANOJ AGARWAL IPS

Decryption of information (contd.)

Applicability
Email messages (If encrypted) Encrypted messages Steganographic images Password protected files (?)

Punishment
Imprisonment up to 7 years

Cognizable, Non-Bailable, JMIC

GUJARAT POLICE

17

MANOJ AGARWAL IPS

Sec 70 Protected System

Ingredients
Securing unauthorised access or attempting to secure unauthorised access to protected system

Acts covered by this section:

Switching computer on / off Using installed software / hardware Installing software / hardware Port scanning

Punishment
Imprisonment up to 10 years and fine Cognizable, Non-Bailable, Court of Sessions GUJARAT POLICE
18
MANOJ AGARWAL IPS

March 19, 2012

BUT..
All cyber crimes do not come under the Information Technology Act, 2000. Many cyber crimes come under the Indian Penal Code

GUJARAT POLICE

19

MANOJ AGARWAL IPS

March 19, 2012

Computer Related Crimes under IPC and Special Laws

Sending threatening messages by email Sec 503 IPC

Sending defamatory messages by email

Forgery of electronic records Bogus websites, cyber frauds Email spoofing Online sale of Drugs

Sec 499 IPC

Sec 463 IPC Sec 420 IPC Sec 463 IPC NDPS Act

Web-Jacking
Online sale of Arms
GUJARAT POLICE

Sec. 383 IPC

Arms Act

20

MANOJ AGARWAL IPS

March 19, 2012

COMPUTER CRIME STATISTICS

l Average Computer Crime - $500K

Average Bank Robbery - $13K

l 80% of computer crime involves

Internet l - Internet is in 70 countries - over 25 million users - 10%/month growth rate

GUJARAT POLICE

21

MANOJ AGARWAL IPS

Frequency of incidents
Denial of Service: Section 43 Virus: Section: 66, 43 Data Alteration: Sec. 66 U/A Access : Section 43 Email Abuse : Sec. 67, 500, Other IPC Sections Data Theft : Sec 66, 65

Source: Survey conducted by ASCL

GUJARAT POLICE

22

MANOJ AGARWAL IPS

March 19, 2012

No. of Indian web-sites defaced

8000 7000 6000 5000 4000 3000 2000 1000 0 1998 1999 2000 2001 441 1002 2219 7039

GUJARAT POLICE

Not very serious-some one has just pasted a poster over my poster
23
MANOJ AGARWAL IPS

March 19, 2012

Number of Indian sites hacked

25 20 15 10 6 5 0 0 1998 25

12

1999

2000

2001

Site of BARC-panic all around

GUJARAT POLICE

24

MANOJ AGARWAL IPS

March 19, 2012

2001 CSI/FBI Computer Crime and Security Survey Of the organizations suffering security compromises in the last year 95% had Firewalls and 61%had IDSs !

1998 1999 2000 2001

SECURITY TECHNOLOGIES USED Intrusion Detection Systems Firewalls Encrypted Files Anti-virus software
Access Control

%
35 81 50 96 89

%
42 91 61 98 93

%
50 78 62 100 92

%
61 95 64 98 90

False sense of security

GUJARAT POLICE

We already have a Firewall

25

MANOJ AGARWAL IPS

March 19, 2012

COMPUTER CRIME STATISTICS

2002 Computer Crime and Security Survey (CSI) 91% of respondents detected breaches of their computer security policy. 64% of respondents acknowledged financial losses due to the breaches. 35% of respondents quantified financial losses amounting to $377M (up 41% from $266M). 60% may not have sufficient instrumentation to detect breaches.
GUJARAT POLICE

26

MANOJ AGARWAL IPS

March 19, 2012

WHY CRIMES WERE NOT REPORTED

56% of crimes NOT REPORTED

Embarrassment. loss of public confidence. False arrest concerns .

GUJARAT POLICE

27

MANOJ AGARWAL IPS

March 19, 2012

COMPUTERS CAN PLAY THREE ROLES IN A CRIME

Weapon/Target

Storage Facility

Tool

GUJARAT POLICE

28

MANOJ AGARWAL IPS

March 19, 2012

CASE - I

GUJARAT POLICE

29

MANOJ AGARWAL IPS

March 19, 2012

FAKE E-MAIL ID

FAKE E-MAILS SMS MESSAGES THROUGH NET.

GUJARAT POLICE

30

MANOJ AGARWAL IPS

March 19, 2012

GUJARAT POLICE

31

MANOJ AGARWAL IPS

March 19, 2012

CASE 2

GUJARAT POLICE

32

MANOJ AGARWAL IPS

March 19, 2012

FAKE POLICE CONSTABLES

CASE:
A PERSON CAUGHT WITH FAKE MOTOR VEHICLE LICENCE POLICE SEIZED TWO HARD DISKS

GUJARAT POLICE

33

MANOJ AGARWAL IPS

March 19, 2012

GUJARAT POLICE

34

MANOJ AGARWAL IPS

March 19, 2012

GUJARAT POLICE

35

MANOJ AGARWAL IPS

March 19, 2012

GUJARAT POLICE

36

MANOJ AGARWAL IPS

March 19, 2012

CASE 3

GUJARAT POLICE

37

MANOJ AGARWAL IPS

March 19, 2012

SPECIAL CELL, NEW DELHI

DELHI POLICE ARRESTED
PRESS REPORTER CHANGED IN TO ISI AGENT SEIZED A LAPTOP AND WRIST WATCH

GUJARAT POLICE

38

MANOJ AGARWAL IPS

March 19, 2012

CASE 4

GUJARAT POLICE

39

MANOJ AGARWAL IPS

March 19, 2012

A VICTIM OF WORLD CUP?

Ms. MANDIRA BEDI
POOR KNOWLEDGE IN CRICKET A SHOW PIECE CRICKET LOVERS ARE AGAINST FOR HER COMMENTRY , BUT LOVES HER -----

PHOTO APPEARED IN SITE WWW,INDIANSEX4U.COM

GUJARAT POLICE

40

MANOJ AGARWAL IPS

March 19, 2012

CASE 5

GUJARAT POLICE

41

MANOJ AGARWAL IPS

NOT SAFE TO GIVE VISITING CARD

March 19, 2012

IS IT SAFE TO GIVE VISITING CARD TO SOME BODY?

DETAILS KEPT UNDER INDIATIMES.COM UNDER ROMANCE COLUMN:

GUJARAT POLICE

THE ACCUSED HER FORMER COLLEAGUE THE MISTAKE SHE HAS DONE GIVING VISITING CARD 42

MANOJ AGARWAL IPS

March 19, 2012

CASE 6

GUJARAT POLICE

43

MANOJ AGARWAL IPS

March 19, 2012

FIR.NO 581/2001 PS KOTWALI SPECIAL CELL

WASIM AHMED LILY@ WASIM ASRAF ARRESTED ON 12/10/01 ALONG WITH A TWO SUIT CASES CONTAING FAKE CURRENCYTO THE TUNE OF 18.3 LAKHS (1000, 500 DENOMINATIONS) POLICE SEIZED A COMPUTER, SCANNER, PRINTER FROM THE ACCUSED.
44
MANOJ AGARWAL IPS

GUJARAT POLICE

March 19, 2012

CONTD.
FORENSIC ANALYSIS REVEALED
HOW THE COMPUTER WAS USED IN THE PRODUCTION OF COUNTERFEIT CURRENCY CURRENCY NOTES OF DENOMINATION OFNOT ONLY 500,1000 BUT ALSO RS 50, 100.

GUJARAT POLICE

FAKE POSTAL STAMPS THE ADDRESSES OF THE AGENTS WHO ARE CIRCULATING
45
MANOJ AGARWAL IPS

March 19, 2012

CASE 7

GUJARAT POLICE

46

MANOJ AGARWAL IPS

March 19, 2012

THE DIRECTORATE OF CENTRAL EXCISE INTELLIGENCE PERSONS RAIDED A PLASTIC COMPANY OWNER RESIDENCE ON 10/11/2001 AND SEIZED AN AMOUNT OF RS.2 CRORE. PRODUCED 6000 CASH BILLS DATED PRIOR TO DATE OF RAID. THE BILLS WERE DATED TO APRILOCTOBER 2001
GUJARAT POLICE

A CASE OF A PLASTIC COMPANY

47

MANOJ AGARWAL IPS

March 19, 2012

CONTD.
THE DGCEI OFFICILS SEIZED 12 COMPUTERS WITH THE HELP OF COMPUTER FORENSIC EXPERTS FORENSIC EXAMINATION OF COMPUTER SYSTEMS REVALED
EXCISE EVASION TO THE TUNE OF 26 CRORES FROM 2000 ONWARDS BACK MONEY DETAILS THE BRIBES PAID TO THE EXCISE OFFICILS
48
MANOJ AGARWAL IPS

GUJARAT POLICE

March 19, 2012

CASE 8

GUJARAT POLICE

49

MANOJ AGARWAL IPS

FIR NO 76/02 PS PARLIAMENT STREET

Mrs. SONIA GANDHI RECEIVED THREATING E-MAILS E- MAIL FROM
missonrevenge84@khalsa.com missionrevenge84@hotmail.com

March 19, 2012

THE CASE WAS REFERRED ACCUSED PERSON LOST HIS PARENTS DURING 1984 RIOTS
GUJARAT POLICE

50

MANOJ AGARWAL IPS

March 19, 2012

CASE - 9

GUJARAT POLICE

51

MANOJ AGARWAL IPS

PARLIAMENT ATTACK CASE

- Delhi police seized a laptop where they

stored the incriminating material. ON FORENSIC ANALYSIS: ROLE OF Lo e T IP ADDRESSES OF PAKISTAN TELEPHONE NUMBERS CODED MESSAGES
GUJARAT POLICE

52

MANOJ AGARWAL IPS

GUJARAT POLICE

53

MANOJ AGARWAL IPS

GUJARAT POLICE

54

MANOJ AGARWAL IPS

March 19, 2012

CASE-10

GUJARAT POLICE

55

MANOJ AGARWAL IPS

March 19, 2012

KARNATAKA MEDICAL EXAM(K- CET) SCAM

OCR BASED ANSWERED SHEET. MODIFIED THE computer (ANSWERS) PROGRAM AS PER THE STUDENT ANSWERS SHEET. MADE FAILED CANDIDATES SUCCESSFUL. --- THE AP INTERMEDIATE BOARD MARKS SCANDAL.
GUJARAT POLICE

56

MANOJ AGARWAL IPS

March 19, 2012

President CLINTONS IMPEACHMENT TRIAL

GUJARAT POLICE

57

MANOJ AGARWAL IPS

March 19, 2012

CLINTONS IMPEACHMENT TRIAL

Forensic experts recovered deleted data from Monica Lewinskyshome computer as well as her computer at the pentagon Computer examinations of deleted White House e - mail records exposed the Clinton- Monica Lewinsky scandal
GUJARAT POLICE

58

MANOJ AGARWAL IPS

INVESTIGATION
A good investigation need network forensic, hardware forensic and software forensic.

The general approach to investigating the technical aspects of any computer related crime is:
Eliminate the obvious. Hypothesize the attack. Collect evidence, including, possibly, the computer themselves. Reconstruct the crime. Perform a trace back to the source computer. Analyze the source, target, and intermediate computer. Turn your finding and evidentiary material over corporate investigators or law enforcement for follow-up. GUJARAT POLICE
59
MANOJ AGARWAL IPS

Cyber Crimes ?

March 19, 2012

Any crime that involves computers and networks Includes crimes that do not rely heavily on computers

Alibi Harassment

Black mail
Extortion Frauds Murder

etc....
GUJARAT POLICE

60

MANOJ AGARWAL IPS

What are we looking for ?

March 19, 2012

Hardware as contraband or fruits of crime. Stolen computer system Hardware as in instrumentality Hardware designed exclusively to commit crime-sniffer Hardware as evidence. CD Writer to copy blue movies Pornography Information as contraband or fruits of crime. Pirated software Information as an instrumentality Hacking program Information as evidence. Key of investigation- we are searching this
GUJARAT POLICE

61

MANOJ AGARWAL IPS

How to Proceed ?

March 19, 2012

GUJARAT POLICE

Pre-investigation intelligence. A must Visualize and access what you would encounter. Prepare accordingly.. Computer may be on / off Blank screen does not indicate a off computer If computer is on Note what all is on the screen If the screen saver is operational, move the mouse slightly.. Map all the connections & mark the matching ends Find out whether it is connected to the network. Decide on the next course of action..
62
MANOJ AGARWAL IPS

March 19, 2012

Strategy
If you shut down the computer in the usual way Fall in a trap If you pull out the chord Loose vital information on the RAM Good documentation of the Screen (photograph) will help resolve some of the discrepancies. Recommended strategy Ensure that all drives are empty Pullout the Chord from the computer (not from the electric board as it may be connected to a UPS)
GUJARAT POLICE

63

MANOJ AGARWAL IPS

March 19, 2012

Seizing the computer

Computers do not have unique identity It will not help also Contents have to be seized uniquely. Hashing Only solution Requirements are Algorithm should run in an trusted environment Suspect disk should be write-blocked No time stamps should be altered
GUJARAT POLICE

64

MANOJ AGARWAL IPS

INVESTIGATION OF SEIZED MATERIAL

INTERNET CRIME In a 'simple' case of hacking it would be possible to trace out the IP address by the 'who is' query. The IP address may be found in the " page Source " head (Netscape)and "source" head in Internet Explorer
GUJARAT POLICE

WEBSITE RELEATED CRIME Confirm identity of suspect by running the "who is' query".

The "who isdetails generated may be genuine or that of a "compromised" machine.

65

MANOJ AGARWAL IPS

E-MAIL CRIMES
The header will give the IP address. Run "who is" to ascertain the details of the service provider, whose Mail service was used by the suspect. If by analyzing circumstances, it is felt that the "who is "result is genuine, the location of suspect can be traced with the help of ISP. In case of forged/bogus or disguised/number letter mix-up e-mail identities, the ISP can help in identifying, the suspect with the help of the E-mail header by analyzing its contents and "message ID "(see boxes for forged/bogus, disguised senders details). The ISP will be able to help in locating a suspect, because when a person dials up to connect with an ISP, he/she is logged on to one of the Servers of the ISP. This server assigns ( depending on the port of entry) a specific IP address to the user. This IP address temporarily becomes the IP address of the user for that specific GUJARAT POLICE session. MANOJ AGARWAL
66
IPS

March 19, 2012

CARDINAL RULES OF COMPUTER FORENSICS

NEVER TRUST THE SUBJECT OPERATING SYSTEM NEVER MISHANDLE EVIDENCE NEVER WORK ON ORIGINAL EVIDENCE USE PROPER SOFTWARE UTILITIES DOCUMENT EVERYTHING
GUJARAT POLICE

67

MANOJ AGARWAL IPS

March 19, 2012

NEVER TRUST THE SUBJECT SYSTEM

DONOT BOOT FROM SUSPECT SYSTEM DONOT USE SUSPECT OS CRIMANALS MAY MODIFY ROUTINE OPERATING SYSTEM COMMANDS TO PERFORM DESTRUCTIVE COMMANDS. DISCONNECT HARD DRIVE & BOOT FROM FLOPPY (THE BIOS MAY MODIFIED TO ALLOW BOOT FROM A FLOPPY
68
MANOJ AGARWAL IPS

GUJARAT POLICE

March 19, 2012

STEPS TAKEN BY COMPUTER FORENSIC EXPERT

PROTECT THE SUBJECT SYSTEM DURING EXAMINATION FROM ALTERATION, DAMAGE, DATA CORRUPTION OR VIRUS INTRODUCTION DISCOVER & RECOVER ALL FILES (active & deleted) ACCESS THE CONTENTS OF PROTECTED OR ENCRYPTED FILES ANALYZE ALL RELEVANT DATA PRINTOUT AN OVERALL ANALYSIS PROVIDE TESTIMONY IN COURT OF LAW GUJARAT POLICE
69
MANOJ AGARWAL IPS

Where do we find Evidence ?

In The Computer Suspect Victim The Server Suspect Victim ISPs Who logged from where & when ? Computers visited Backbone Computers
GUJARAT POLICE

March 19, 2012

70

MANOJ AGARWAL IPS

Issues to address

March 19, 2012

GUJARAT POLICE

We cannot be masters of all trade Fighting cyber crimes has to be a team effort involving Law enforcement agencies Handle cyber evidence Use it to generate investigate trails Know when to call an expert for assistance Computer expert How to handle cyber evidence Generate investigative leads Call enforcement agencies for assistance Attorneys How to defend cyber evidence Determine whether it is admissible Forensic Scientists How to process it
71

MANOJ AGARWAL IPS

March 19, 2012

QUESTIONS

GUJARAT POLICE

72

MANOJ AGARWAL IPS

THANK YOU

March 19, 2012

GUJARAT POLICE

73

MANOJ AGARWAL IPS