Legal aspects of Handling Cyber Frauds презентация

Содержание

What is a Cyber Crime? An unlawful act wherein the “Cyberspace” is used either as:- a tool or a target or

Слайд 1Legal aspects of Handling Cyber Frauds


IT ACT
LEGAL
LAW
LIABILITY

Слайд 2What is a Cyber Crime?
An unlawful act wherein the “Cyberspace” is

used either as:-





a tool or
a target or
both

Слайд 3“CYBERSPACE”


Слайд 4Cyber Laws

Слайд 5Recent Rules under IT Act

Слайд 6Aims behind enactment

Слайд 7Jurisdiction

Слайд 8Virtual World Population Explosion : 1 Billion

Leading to Changing Face of

Crime……

Affecting….

Слайд 91 Dirty SMS = 3 Years of Jail
Case Study 1

WHY

r u sending me DIRTY SMS ?
----------------------
Don’t lie UR cell no has flashed on my screen

SORRY !!! But I don’t know you.
You are lying!!!

Слайд 10Threatening email was sent from this cyber café.
POLICE
Cyber Café has

100 machines & so many customers.
HOW do I Investigate. ?

1 Threatening Email = 3 Years of Jail

Case Study 2

Слайд 11

Accounting Software worth crores is stolen.
Interested in buying Accounting Software at

a cheap cost ?
Call 100-999-9999-22

Location :India

SALE!! SALE !! SALE!!
Accounting Software

Location: Finland

Case Study 3

Слайд 12
Case Study 4

Stake Holders
Fake complaint via E-mail

Employee upset with
management


Demand

an Immediate
Explanation ?????



Disgruntled Employee

Слайд 13Case Study 5


LOSS LOSS LOSS ?????
I am losing all my

tenders.

SERVER

Data

01001 011011 11000…..

CRIME SERVER


Scenario at the office

Слайд 14Where is the
evidence ?



Mobile Tower / Phones
Finland OR Indian Server

Cloud

Internet
How

to Investigate ?

Employees / People

How to PROVE the CRIME?

How to decipher 010101 ?

Can I submit the media in Court ?

VEXING Questions

Слайд 15Forensics is the process of using scientific knowledge for collecting, analyzing,

and presenting evidence to the courts. (The word forensics means “to bring to the court.” )

Computer Forensics as the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law.

Source : http://www.us-cert.gov/reading_room/forensics.pdf

Forensics & Computer Forensics

Слайд 16Digital Evidence

Digital evidence is information and data of value to an

investigation that is stored on, received, or transmitted by an electronic device. This evidence is acquired when data or electronic devices are seized and secured for examination.



Sample illustration

Слайд 17
May be found in: 




Can be hidden in: 




Can relate to :


Digital Evidence

Слайд 18
Office Setup
Cyber Cafe
Home PC
Scene of Acquisition

Слайд 19Computer Forensics process would involve…..
Forensic analysis of
digital information

Identifying network computer


intrusion evidence

Identifying & examining 
malicious files.


Employing techniques to 
crack file & system passwords.

Detecting 
steganography

Recovering deleted,
fragmented & corrupted data

Maintaining evidence
custody procedures

Courtroom Presentation

Слайд 20Steps in Computer Forensics


Identification of Digital Evidence

Acquisition of Media

Forensic Analysis of

Media

Documentation & Reporting

Слайд 21THE A TEAM
Domain Expert
Computer Forensics expert
Forensics Accounting expert
Software expert
Lawyer

Слайд 22

Acquisition of Media

Authenticate the confiscated media

Hash value of the

suspect media




Hash value of the cloned image file

If acquisition hash equals verification hash, image is authentic.
SHA 1/256

Слайд 23DOCUMENTATION….

Слайд 24

Documentation & Reporting







Broad outline of Computer Forensic Report

Introduction to the case

Background

of the issue

Details of forensic analysis carried out

Certification


Слайд 25Evidence Forms
A detailed sheet about each evidence item

Item serial number
Item detailed

description
Type
Make
Model
Date and time collected
Notes
Any serial numbers, labels

Слайд 26Chain of Custody
The movement and location of physical evidence from the

time it is obtained until the time it is presented in court

Logs all evidence moves
HANDED BY
HANDED TO
DATE & TIME
Item serial number
Reason

Слайд 27Creating an Image of Media
Image is a bit-for-bit copy of the

original

If a disk has 5000 sectors, then the image created will have an exact copy of all 5000 sectors in the same order

Media (evidence) must be protected from accidental writes / alterations



Hard disk (media)

Write-blocker Device

Imaging workstation

Слайд 28Write blockers & alternatives
Write-blocker is a device that sits in between

the computer and the media
Blocks all write commands
Lets through all read commands

Prevents accidental alteration / deletion / addition or data

Alternatives include using a forensic live boot CD or a drive duplicator

Слайд 29Indian Evidence Act


Sec. 3 (a) – Scope of definition of evidence

expanded to include electronic records

Слайд 30Sec. 65B - Admissibility of electronic records
The person owning or in-charge

of the computer from which the evidence is taken has to give certificate as to the genuineness of electronic record.

INDIAN EVIDENCE ACT

Слайд 31Sec. 88A - Presumption as to electronic messages
The Court may presume

that an electronic message forwarded by the originator through an electronic mail server to the addressee to whom the message purports to be addressed corresponds with the message as fed into his computer for transmission; but the Court shall not make any presumption as to the person by whom such message was sent.

INDIAN EVIDENCE ACT

Слайд 32The Information Technology Act
Sec. 79A - Central Government to notify Examiner

of Electronic Evidence

The Central Government may, for the purposes of providing expert opinion on electronic evidence before any court or other authority specify, by notification in the Official Gazette, any Department, body or agency of the Central Government or a State Government as an Examiner of Electronic Evidence

Слайд 33CIVIL OFFENCES

Слайд 34Section 43
Unauthorised Access
Remedy – Damages by the way of compensation
Amount –

Unlimited
What needs to be proved – Amount of damages suffered

Слайд 35Adjudication

Слайд 37Shri. Thomas Raju Vs ICICI Bank
Case decided by – the Adjudicating

officer, Government of Tamilnadu
Petitioner suffered a loss of Rs. 1,62,800/- as a result of the phishing attack
Amount was supposed to have been transferred on the account of another customer of ICICI Bank
Petitioner claimed that he had suffered a loss due to unauthorised access to his account
Petitioner further claimed that he had suffered a loss as bank has failed to establish a due diligence and in providing adequate checks and safeguards to prevent unauthorised access into his account. Bank had also not adhered to the KYC norms given by the RBI.

Слайд 38 Section 66
Removal of definition of “hacking”
Section renamed as Computer related offences
All

the acts referred under Section 43, are covered u/Sec. 66 if they are done “dishonestly” or “fraudulently”

Слайд 39Section 43(A) – Compensation for failure to protect data
If body corporate, possessing,

dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person
Liability – Damages by the way of Compensation

Слайд 40HSBC - Nadeem Kashmiri case
Based on complaints from customers - HSBC

carried internal investigation - registers case

Involvement of Call centre employee (Nadeem Kashmiri)

He was arrested U/Sec. 66 & 72

HSBC also sued Call centre for the loss


Слайд 41Who is liable?

Слайд 42Issues
What is Sensitive Personal Information?

What are Reasonable Security Practices and Procedures?

Слайд 43SENSITIVE
PERSONAL DATA OR INFORMATION
Rule 8 - Information Technology (Reasonable security practices

and procedures and sensitive personal data or information) Rules, 2011.

Слайд 44Reasonable Security Practices

Слайд 45Auditing

Слайд 46COMPLIANCE POLICIES

Слайд 47Collection of Information
Rule 5 - IT (Reasonable security practices and procedures

and sensitive personal data or information) Rules, 2011

Слайд 48Collection of Information

Слайд 49Privacy and Disclosure of Information policy
Rule 4 - IT (Reasonable security

practices and procedures and sensitive personal data or information) Rules, 2011

Слайд 50Contents of Privacy policy

Слайд 51Disclosure
Rule 6 - IT (Reasonable security practices and procedures and sensitive

personal data or information) Rules, 2011

Слайд 52Transfer of information
Rule 7 - IT (Reasonable security practices and procedures

and sensitive personal data or information) Rules, 2011

Слайд 53Sec 72(A) (Criminal offence)
Punishment for Disclosure of information in breach of

lawful contract -
Knowingly or intentionally disclosing “Personal Information" in breach of lawful contract
Imprisonment up to 3 years or fine up to 5 lakh or with both (Cognizable but Bailable)

Слайд 54CRIMINAL OFFENCES

Слайд 55 Section 66 A
Sending of offensive or false messages

Covers

following sent by sms / email:-

grossly offensive messages
menacing messages
false information sent for causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will..
phishing, email spoofing, Spam mails, Threat mails
Punishment – imprisonment upto 3 years and fine





Слайд 56Section 66 B
Dishonestly receiving stolen computer
resource or communication

device
Covers use of stolen Computers,
mobile phones, SIM Cards, etc
Punishment – imprisonment upto 3 years
and fine


Слайд 57Section 66 C
Identity theft
Fraudulently or dishonestly using someone else’s electronic signature,

password or any other unique identification feature
Punishment - imprisonment
upto 3 years and fine


Слайд 58Section 66 D
Cheating by Personation
Cheating by pretending to be some other

person
 To create an e-mail account, Social networking a/c
on someone else's name
Punishment – imprisonment upto 3 years and fine

Слайд 59Investigation Powers
Section 78
Cyber crime cases can now be investigated by Inspector

rank police officers (PI)
Earlier such powers were with the “DYSP/ACP”

Слайд 60Sec. 79 Liability of Intermediary
Intermediary is not liable for any third

party information, data, or communication link made available or hosted by him –
if his function is limited to providing access to such link
the intermediary does not—
initiate the transmission,
select the receiver of the transmission, and
select or modify the information contained in the transmission;



Слайд 61Sec. 79 Liability of Intermediary
Observing due diligence –

The Information Technology (Intermediaries

guidelines) Rules, 2011


Слайд 62Compounding of Offences
Section 77 (A)
Compounding – “Out of court settlement”
Offences -
for

which less than three years imprisonment
has been provided and
Which are not committed against women or children
can be compounded


Слайд 64Possible Solutions

Похожие презентации

Экспертиза временной и стойкой нетрудоспособности 827
Правовий статус організатора, виконавця, учасника аукціону 316
Правові та не правові способи розв’язання конфліктів 387
Нормативный акт 288
Обвинение_Пр_следствие 277
Государственные организации. Административно-правовой статус государственных организаций 339

Обратная связь

Если не удалось найти и скачать презентацию, Вы можете заказать его на нашем сайте. Мы постараемся найти нужный Вам материал и отправим по электронной почте. Не стесняйтесь обращаться к нам, если у вас возникли вопросы или пожелания:

Email: Нажмите что бы посмотреть 

Что такое ThePresentation.ru?

Это сайт презентаций, докладов, проектов, шаблонов в формате PowerPoint. Мы помогаем школьникам, студентам, учителям, преподавателям хранить и обмениваться учебными материалами с другими пользователями.

Для правообладателей

Яндекс.Метрика