CYBER CRIME & FORENSICS

Presented By Saisha sukla (u112105)Samikhya Joshi (u112106)Santanu Kumar Das (u112107)Satyanarayana Das (u112108)

Introduction to Cybercrime

Computer or computer networks are used as a tool or a target or a place of criminal activity.

First recorded cyber crime took place in the year 1820 in France.

Unauthorized access to computer systems, data destruction, data alteration, theft of intellectual property.

Most important revenue sector for global organized crime.

How it differs from terrestrial crime?

easy to learn how to commit

require few resources relative to the potential damage caused

can be committed in a jurisdiction without being physically present in it

are often not clearly illegal

Types of Cybercrime

• Hacking• Phishing• Software Piracy• Cyber Stalking• Denial of Service

• Financial crimes• Sale of illegal articles• Intellectual Property crimes• Forgery• Cyber Defamation

Hacking

• The actual word is “Cracking” and not “Hacking”.

• "Deliberately gaining unauthorized access to an information system.“

• They help the government to protect national documents of strategic importance, help organizations to protect documents and company secrets,

• A Cracker breaks into someone else's computer system, often on a network, bypasses passwords or licenses in computer programs or in other ways intentionally breaches computer security.

• But with time , both the word are used interchangeably.

Phishing

Acquiring information such as usernames, password and credit card details by disguising as a trustworthy entity.

India is among the top 15 countries hosting "phishing" sites which aims at stealing confidential information such as passwords and credit card details.

Cyber Stalking

Cyber stalking is use of the Internet or other electronic means to stalk someone. This term is used interchangeably with online harassment and online abuse.

Denial of Service

•floods the bandwidth of the victim’s network•fills his e-mail box with spam mail•deprives him of the services he is entitled to access or provide•uses a technique called spoofing and buffer overflow

Software Piracy

• illegal copying of genuine programs • counterfeiting and distribution of products

Examples of software piracy

End user copying Hard disk loading Counterfeiting Illegal downloads from the Internet 

Virus Dissemination•A program that can ‘infect’ other legitimate programs by modifying them to include a possibly ‘evolved’ copy of itself. •Viruses can spread themselves, without the knowledge or permission of the users, to potentially large numbers of programs on many machines.

Typical action of a virus

•Erase files•Scramble data on a hard disk•Cause erratic screen behavior•Halt the PC•Just replicate itself!

Cybercriminals

Motivating factors for Cybercrimes

The challenge….. “because it’s there!”

Ego

Espionage

Ideology

Mischief

Money (Extortion or Theft)

Revenge

Cost of Cyber crime in India

In India in 2010

29.9 million people fell victim to cyber crime

$ 4 billion in direct losses

$ 3.6 billion in time spent to resolve crimes

80% of cyber users have been a victim of

cyber crime

17% of adults online have experienced

cybercrime on their mobile phone

Source : Nortan Cyber Crime Report2011

Why India? A rapidly growing online user

121 million internet users

65 million active internet users, up 28%

from 51 million in 2010

50 million users shop online on

ecommerce and online shopping sites

46+ million social network users

346 million mobile users had subscribed to

data packages

Source : IAMAI; Juxt; wearesocial 2011

Combating Cybercrimes

Technological measures: Public key cryptography, Digital signatures ,Firewalls, honey pots

Cyber investigation: Computer forensics is the process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally acceptable in courts of law. These rules of evidence include admissibility (in courts), authenticity (relation to incident), completeness, reliability and believability.

Legal framework-laws & enforcement

International Legislation Initiatives OECD

1983 – research in criminal law problems of computer related crimes

1992 – Guidelines for the security of information systems

G8

1997 – Subgroup of High – Tech Crime

OAS

1999 – Established a group of government experts on cyber crime

APEC

2002 – commitment to enact a comprehensive set of laws relating to cyber security and cyber crime

International Legislation Initiatives ASEAN and China

2003 – Formulate cooperative and emergency response procedures for enhancing cyber security and combating cyber crime

United Nations

1998-2000 – Resolution on developments in the field of Information and Telecommunication in the context of International security

2003 – Resolutions on combating the criminal misuse of Information Technology & on the creation of a global culture of cyber security.

Europe union

2003-2005 – Council framework decision on attacks against information system

What about the law? (Indian perspective)

Information Technology Act (Amendment) Act 2008 – Chapter XI

65 – Tempering with computer source documents 66 – Computer related offences 66A – punishment for sending offensive messages through communication services etc. 66B – Punishment for dishonestly receiving stolen computer resources or communication devices 66C – Punishment for identity theft 66D – Punishment for cheating by personation by using computer device 66E – Punishment for violation of privacy 66F – punishment for cyber terrorism 67 – punishment for publishing or transmitting obscene material in electronic form

Major Objectives

Create effective cyber crime laws

Develop acceptable practices for search and seizure

Handle jurisdiction issues

Cooperate in international investigations

Establish effective public/private sector interaction

Safety tips to avoid Cybercrime Use anti-virus software and firewalls

- keep them up to date

Keep your operating system up to date with critical security updates and patches

Don't open emails or attachments from unknown sources

Use hard-to-guess passwords. Don’t use words found in a dictionary. Remember that password cracking tools exist

Back-up your computer data on disks or CDs often

Don't share access to your computers with strangers

If you have a Wi-Fi network, password protect it

Disconnect from the Internet when not in use

Reevaluate your security on a regular basis

Make sure your employees and family members know this info too!

Prominent news for Cyber crimes

Kevin Mitnick’s (“Condor”) hacking spree cost high-tech companies at

least $ 291.8 million over a two year span before his capture

David L. Smith, a31 year old programmer ,pleaded guilty to creating the

Melissa virus and using an ex-rated web site to spread it through cyberspace,

causing $80 million damages.

Four high school Kids hacked into a Bay Area internet server and used

stolen credit card number to order computer equipment: $200k

A temporary employer broke into Forbes, computers, caused a computer crash,

that cost Forbes $100,000 to restore

Case study 1The Chennai city police have busted an international gang involved in cyber crime, with arrest of Deepak Prem Manwani (22), who was caught red handed while breaking into an ATM in the city.

The dimensions of the city cops’ achievement can be gauged from the fact that they have netted a man who is on the wanted list of formidable FBI of US.

At the time of his detention, he had with him Rs 7.5 lakhs knocked off from two ATMs in T Nagar and Abiramipuram in the city. Prior to that, he had walked away with Rs 50,000 from an ATM in Mumbai.

While investigating it was found that his audacious crime career started in the internet café. While browsing the net one day, he got attracted to a site which offered him assistance in breaking into the ATMs

Case study 1His contacts sitting some where in Europe were ready to give him credit card numbers of few American banks for $5 per card. This site also offered the magnetic codes of these cards, but charged $200 per code.

The operators of the site had devised a fascinating idea to get the PIN of the card users. They floated a new site which resembled that of a reputed telecom company. That company has millions of subscribers. The fake site offered the visitors to return $11.75 per head which, the site promoters said, had been collected in excess by mistake from them.

Believing that it was a genuine offer from the telecom company in question, several lakh subscribers logged on the site to get back the little money. But in the process parted with their PINs

Case study 1Armed with all requisite data to hack the bank ATMs, the gang started its systematic looting. Apparently Manwani and many others of his group entered into a deal with the gang behind the site and could purchase any amount of data.

Meanwhile, Manwani also managed to generate 30 plastic cards that contained necessary data to enable him to break into ATMs. He was so enterprising that he was able to sell away a few such cards to his contacts in Mumbai. On receipt of large scale complaints from the billed credit card users and banks in the US, the FBI started investigation into the affair and also alerted the CBI

Manwani has since been enlarged on bail after interrogation by CBI. But the city police believe that this is the beginning of a major cyber crime.

Case study 2

In 1988 Robert Morris, Jr. a 23 year old graduate student in computer science at Cornell and the son of a NSA computer security expert, wrote an experimental, self replicating, self-propagating program called a worm (99 lines of code) and injected into the internet. He choose to release it from MIT, to disguise the fact that the warm came from Cornell.

60,000 computer site at university sites, hospitals, research facilities, corporations and govt. institutions were affected; the estimated cost of dealing with the worms ranged from $200 to $50,000 for each site.

Morris was convicted of violating the computer fraud and Abuse Act; he received 3 years probation, 400 hours of community service and a fine of $10050

Next steps

A final word

Treat your password like you treat your tooth brush. Never give to any one else to use, and change it every few months.

CYBER FORENSICS

Forensic Science or forensic is the application of broad spectrum of sciences to answer to questions related to legal system, may be for crime or civil actions.

The use of science and technology to investigate and establish facts in criminal or civil courts of law.

FORENSICS

Goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the information.

COMPUTER FORENSICS

Michael Anderson

“Father of computer forensics”

special agent with IRS

Meeting in 1988 (Portland, Oregon)

creation of IACIS, the International Association of Computer Investigative Specialists

the first Seized Computer Evidence Recovery Specialists (SCERS) classes held

HISTORY

The main task or the advantage from the computer forensic is to catch the culprit or the criminal who is involved in the crime related to the computers.

Computer forensics has emerged as important part in the disaster recovery management

Ability to search through a massive amount of data-Quickly, Thoroughly and In any language

The importance lies mainly in handling criminal actions such as fraud, phishing, identity theft or many other criminal activities

WHY?

Criminal Prosecutors

Civil litigators

Insurance Companies

Corporations

Law Enforcement Officials

Individuals

WHO USES FORENSICS

Identify root cause of an event to ensure it won’t happen again

– Must understand the problem before you can be sure it won’t be exploited again.

• Who was responsible for the event?

• Most computer crime cases are not prosecuted

– Consider acceptability in court of law as our standard for investigative practice.

– Ultimate goal is to conduct investigation in a manner that will stand up to legal scrutiny.

– Treat every case like a court case!

What cyber forensics aims at?

Acquisition

Identification

Evaluation

Presentation

STEPS FOR COMPUTER FORENSICS:

1) Shut Down the Computer

2) Document the Hardware Configuration of The System

3) Transport the Computer System to A Secure Location

4) Make Bit Stream Backups of Hard Disks and Floppy Disks

5) Mathematically Verify Data on All Storage Devices

6) Document the System Date and Time

7) Make a List of Key Search Words

8) Evaluate the Windows Swap File

9) Evaluate File Slack

10) Evaluate Unallocated Space (Erased Files)

11) Search Files, File Slack and Unallocated Space for Key Words

12) Document File Names, Dates and Times

13) Identify File, Program and Storage Anomalies

14) Evaluate Program Functionality

15) Document Your Findings

METHEDOLOGY:

Forensics involves collection of evidences as an important part for investigation.

5 rules of evidences:

1) Admissible

Must be able to be used in court or elsewhere.

2) Authentic

Evidence relates to incident in relevant way.

3) Complete

Exculpatory evidence for alternative suspects.

4) Reliable

No question about authenticity & veracity.

5) Believable

Clear, easy to understand, and believable by a jury.

EVIDENCES:

TOP 10 LOCATION FOR EVIDENCE

1) Internet History Files

2) Temporary Internet Files

3) Slack/Unallocated Space

4) Buddy lists, personal chat room records, P2P, others saved areas

5) News groups/club lists/posting

6) Settings, folder structure, file names

7) File Storage Dates

8) Software/Hardware added

9) File Sharing ability

10) E-mails

There are two types of computer data

1. Persistent data

2. Volatile data

There are different tools used to collect data

An essential toolkit should contain-backup, authentication, decryption, disk editing, log file auditing, IP tracking, data recovery, and file examination.

Tools used depend on what data has to be analyzed

TOOLS AND TECHNIQUES

Drivespy

Encase

Forensic tool kit

I Look

Norton utilies

Xways

Some common tools:

Cross Drive Analysis

Deleted files analysis

Live analysis

TECHNIQUES:

It may happen in some cases that the privacy of the client is compromised.

There are also the chances of introduction of some malicious programs in the computer system that may corrupt the data at a later stage of time.

 It is also possible that the data is in dispute and neither of the disputing parties can use the data. Due to this reason the business operations may also be affected.

Producing electronic records & preserving them is extremely costly

Legal practitioners must have extensive computer knowledge and vice versa

DISADVANTAGES

THANK YOU