legal aspects of handling cyber frauds
TRANSCRIPT
![Page 1: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/1.jpg)
Legal aspects of Handling Cyber Frauds
IT ACT
LEGAL
LAW
LIABILITY
![Page 2: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/2.jpg)
What is a Cyber Crime?
An unlawful act wherein the “Cyberspace” is used either as:-
– a tool or – a target or
– both
![Page 3: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/3.jpg)
“CYBERSPACE”
![Page 4: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/4.jpg)
Cyber Laws
![Page 5: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/5.jpg)
Recent Rules under IT Act
![Page 6: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/6.jpg)
Aims behind enactment
![Page 7: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/7.jpg)
Jurisdiction
![Page 8: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/8.jpg)
Virtual World Population Explosion : 1 Billion
Leading to Changing Face of Crime……
Affecting….
Individuals Governments Organisations
![Page 9: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/9.jpg)
1 Dirty SMS = 3 Years of Jail
Case Study 1
WHY r u sending me DIRTY SMS ?
----------------------Don’t lie UR cell no has flashed on my
screen
SORRY !!! But I don’t know you.
You are lying!!!
![Page 10: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/10.jpg)
Threatening email was sent from this cyber café.
Cyber Café has 100 machines & so many customers.
HOW do I Investigate. ?
1 Threatening Email = 3 Years of Jail
Case Study 2
![Page 11: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/11.jpg)
Accounting Software worth crores is stolen.
Interested in buying Accounting Software at a cheap cost ?
Call 100-999-9999-22Location :India
SALE!! SALE !! SALE!!Accounting Software
Location: Finland
Case Study 3
![Page 12: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/12.jpg)
Case Study 4
Stake Holders
Fake complaint via E-mailEmployee upset with
management
Demand an Immediate Demand an Immediate Explanation ?????Explanation ?????
![Page 13: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/13.jpg)
Case Study 5
LOSS LOSS LOSS ?????I am losing all my tenders.
SERVER
CRIME SERVERCRIME SERVER
Scenario at the officeScenario at the office
![Page 14: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/14.jpg)
Where is the evidence ?
Mobile Tower / Phones
Finland OR Indian Server
Cloud
Internet
How to Investigate ?
Employees / People
How to PROVE the CRIME?
How to decipher 010101 ?Can I submit the media in Court ?
VEXING Questions
![Page 15: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/15.jpg)
Forensics is the process of using scientific knowledge for collecting, analyzing, and presenting evidence to the courts. (The word forensics means “to bring to the court.” )
Computer Forensics as the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law.
Source : http://www.us-cert.gov/reading_room/forensics.pdf
Forensics & Computer Forensics
![Page 16: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/16.jpg)
Digital Evidence
Digital evidence is information and data of value to an investigation that is stored on, received, or transmitted by an electronic device. This evidence is acquired when data or electronic devices are seized and secured for examination.
Computer Forensics process
Subjected To
Storage MediaDIGITAL EVIDENCE
Acquires
Sample illustration
![Page 17: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/17.jpg)
May be found in:
Can be hidden in:
Can relate to :
Digital Evidence
![Page 18: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/18.jpg)
Office Setup
Cyber Cafe
Home PC
Scene of Acquisition
![Page 19: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/19.jpg)
Computer Forensics process would involve…..
Forensic analysis of digital information
Identifying network computer
intrusion evidence
Identifying & examining malicious files.
Employing techniques to crack file & system
passwords.
Detecting steganography
Recovering deleted, fragmented & corrupted
data
Maintaining evidencecustody procedures
Courtroom Presentation
![Page 20: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/20.jpg)
Steps in Computer Forensics
1.Identification of Digital Evidence
2.Acquisition of Media
3.Forensic Analysis of Media
4.Documentation & Reporting
![Page 21: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/21.jpg)
THE A TEAM
Domain Expert
Computer Forensics expert
Forensics Accounting expert
Software expert
Lawyer
![Page 22: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/22.jpg)
Acquisition of Media
Authenticate the confiscated media
Hash value of the suspect
media
Hash value of the cloned image file
If acquisition hash equals verification hash, image is authentic.
SHA 1/256
![Page 23: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/23.jpg)
DOCUMENTATION….
![Page 24: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/24.jpg)
Documentation & Reporting
Broad outline of Computer Forensic Report
1.Introduction to the case
2.Background of the issue
3.Details of forensic analysis carried out
4.Certification
![Page 25: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/25.jpg)
Evidence Forms
A detailed sheet about each evidence item
Item serial number Item detailed description
Type Make Model Date and time collected Notes Any serial numbers, labels
![Page 26: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/26.jpg)
Chain of Custody
The movement and location of physical evidence from the time it is obtained until the time it is presented in court
Logs all evidence moves HANDED BY HANDED TO DATE & TIME Item serial number Reason
![Page 27: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/27.jpg)
Creating an Image of Media
Image is a bit-for-bit copy of the original
If a disk has 5000 sectors, then the image created will have an exact copy of all 5000 sectors in the same order
Media (evidence) must be protected from accidental writes / alterations
Hard disk (media)Write-blocker
Device Imaging workstation
![Page 28: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/28.jpg)
Write blockers & alternatives
Write-blocker is a device that sits in between the computer and the media
Blocks all write commandsLets through all read commands
Prevents accidental alteration / deletion / addition or data
Alternatives include using a forensic live boot CD or a drive duplicator
![Page 29: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/29.jpg)
Indian Evidence Act
Sec. 3 (a) – Scope of definition of evidence
expanded to include electronic records
![Page 30: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/30.jpg)
Sec. 65B - Admissibility of electronic records
The person owning or in-charge of the computer
from which the evidence is taken has to give
certificate as to the genuineness of electronic
record.
INDIAN EVIDENCE ACT
![Page 31: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/31.jpg)
Sec. 88A - Presumption as to electronic messages
The Court may presume that an electronic message
forwarded by the originator through an electronic mail
server to the addressee to whom the message
purports to be addressed corresponds with the
message as fed into his computer for transmission; but
the Court shall not make any presumption as to the
person by whom such message was sent.
INDIAN EVIDENCE ACT
![Page 32: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/32.jpg)
The Information Technology Act Sec. 79A - Central Government to notify
Examiner of Electronic Evidence
The Central Government may, for the purposes of providing expert opinion on electronic evidence before any court or other authority specify, by notification in the Official Gazette, any Department, body or agency of the Central Government or a State Government as an Examiner of Electronic Evidence
![Page 33: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/33.jpg)
CIVIL OFFENCES
![Page 34: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/34.jpg)
Section 43
Unauthorised Access Remedy – Damages by the way of compensation Amount – Unlimited What needs to be proved – Amount of damages
suffered
![Page 35: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/35.jpg)
Adjudication
![Page 36: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/36.jpg)
![Page 37: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/37.jpg)
Shri. Thomas Raju Vs ICICI Bank
Case decided by – the Adjudicating officer, Government of Tamilnadu Petitioner suffered a loss of Rs. 1,62,800/- as a result of the phishing
attack Amount was supposed to have been transferred on the account of
another customer of ICICI Bank Petitioner claimed that he had suffered a loss due to unauthorised access
to his account Petitioner further claimed that he had suffered a loss as bank has failed
to establish a due diligence and in providing adequate checks and safeguards to prevent unauthorised access into his account. Bank had also not adhered to the KYC norms given by the RBI.
![Page 38: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/38.jpg)
Section 66
Removal of definition of “hacking”
Section renamed as Computer related offences
All the acts referred under Section 43, are covered
u/Sec. 66 if they are done “dishonestly” or
“fraudulently”
![Page 39: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/39.jpg)
Section 43(A) – Compensation for failure toprotect data
If body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person
Liability – Damages by the way of Compensation
![Page 40: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/40.jpg)
HSBC - Nadeem Kashmiri case
Based on complaints from customers - HSBC carried internal investigation - registers case
Involvement of Call centre employee (Nadeem Kashmiri)
He was arrested U/Sec. 66 & 72
HSBC also sued Call centre for the loss
![Page 41: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/41.jpg)
Who is liable?
![Page 42: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/42.jpg)
Issues
What is Sensitive Personal Information?
What are Reasonable Security Practices and Procedures?
![Page 43: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/43.jpg)
SENSITIVEPERSONAL DATA OR INFORMATION
Rule 8 - Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011.
![Page 44: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/44.jpg)
Reasonable Security Practices
![Page 45: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/45.jpg)
Auditing
![Page 46: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/46.jpg)
COMPLIANCE POLICIES
![Page 47: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/47.jpg)
Collection of Information
Rule 5 - IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
![Page 48: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/48.jpg)
Collection of Information
![Page 49: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/49.jpg)
Privacy and Disclosure of Information policy
Rule 4 - IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
![Page 50: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/50.jpg)
Contents of Privacy policy
![Page 51: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/51.jpg)
Disclosure
Rule 6 - IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
![Page 52: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/52.jpg)
Transfer of information
Rule 7 - IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011
![Page 53: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/53.jpg)
Sec 72(A) (Criminal offence)
Punishment for Disclosure of information in breach of
lawful contract -
Knowingly or intentionally disclosing “Personal
Information" in breach of lawful contract
Imprisonment up to 3 years or fine up to 5 lakh or with
both (Cognizable but Bailable)
![Page 54: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/54.jpg)
CRIMINAL OFFENCES
![Page 55: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/55.jpg)
Section 66 A
• Sending of offensive or false messages
• Covers following sent by sms / email:-
grossly offensive messages menacing messages false information sent for causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will.. phishing, email spoofing, Spam mails, Threat mails
• Punishment – imprisonment upto 3 years and fine
![Page 56: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/56.jpg)
Section 66 B
• Dishonestly receiving stolen computer
resource or communication device
• Covers use of stolen Computers,
mobile phones, SIM Cards, etc
• Punishment – imprisonment upto 3 years
and fine
![Page 57: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/57.jpg)
Section 66 C
• Identity theft
• Fraudulently or dishonestly using someone
else’s electronic signature, password or any
other unique identification feature
• Punishment - imprisonment
upto 3 years and fine
![Page 58: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/58.jpg)
Section 66 D
• Cheating by Personation
• Cheating by pretending to be some other person
• To create an e-mail account, Social networking a/c
on someone else's name
• Punishment – imprisonment upto 3 years and fine
![Page 59: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/59.jpg)
Investigation Powers
Section 78
Cyber crime cases can now be investigated by
Inspector rank police officers (PI)
Earlier such powers were with the “DYSP/ACP”
![Page 60: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/60.jpg)
Sec. 79Liability of Intermediary
Intermediary is not liable for any third party information, data, or
communication link made available or hosted by him –
if his function is limited to providing access to such link
the intermediary does not— initiate the transmission,
select the receiver of the transmission, and
select or modify the information contained in the transmission;
![Page 61: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/61.jpg)
Sec. 79Liability of Intermediary
Observing due diligence –
The Information Technology (Intermediaries guidelines) Rules, 2011
![Page 62: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/62.jpg)
Compounding of Offences
Section 77 (A)
Compounding – “Out of court settlement”
Offences -
for which less than three years imprisonment
has been provided and
Which are not committed against women or children
can be compounded
![Page 63: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/63.jpg)
Issues
![Page 64: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/64.jpg)
Possible Solutions
![Page 65: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/65.jpg)
![Page 66: Legal aspects of handling cyber frauds](https://reader036.vdocuments.us/reader036/viewer/2022070520/58f9c056760da32f4b8b51d3/html5/thumbnails/66.jpg)