SlideShare uma empresa Scribd logo

Emerging Cyber Crime Trends

Vicky Shah
Vicky Shah
EducaçãoTecnologia
1 de 57
Emerging Trends in Cyber Crime Vicky Shah, Digitally signed by Vicky Shah Vicky Date: 2010.06.20 14:49:30 Z Reason: Presented for Founder – THE EAGLE EYE Shah Educational Purpose Signature Location: Mumbai Not Verified - India YOUR INFORMATION SECURITY IS OUR BUSINESS
Is this Reality? • Computers and internet changed our lives so much that now if we don't have access to e-mail for a day or two, we feel uncomfortable. • Computer and Information security has become a crucial legal and a technical issue. • Is the internet taking over our lives? • We are on the Net 24x7, whether it’s our PCs, Laptops or Mobiles. • Have we started relating more to virtual world than real world?
What we do Online?  Email: Love it for speed and hate it for SPAM.  Chat: Instant Messaging and real time communication  Google Maharaja: GOD of Search  Social Networking: Facebook, Orkut and Twitter have become our clone  Reading Blogs: Research, Education, etc..  You Tube: Free Videos  Downloading: Changed the definition of Free Food.
Cyber Crime Challenges - Global  Perpetrator  Easy to learn techniques and acquire tools  Small investments that cause massive economic damage  No need for physical contact with the victims  When done subtly it leaves few or no traces  Easy for players to hide – Anonymity  Service Providers  Many network operators are involved  Many countries may be involved – No boundary  Different policy of different companies  Inadequate cyberspace legislation  No common law for the entire world  No effective regulatory body for content
India – Growing Challenges • Exponential growth of Internet use • Interconnected business and government • E-governance growth has implications for Information Security, Privacy and Cyber Security – Income Tax, Excise, Customs, Sales tax networks connected – Smart cards, UID being issued – Land records computerized – Police networks – Defense is no longer arms & ammunition but GPS & networks
Transformation  In 2001, we were afraid of rockets destroying buildings and computer centers... 9/11  Today, we should be aware of software destroying rockets and missiles!
Case Statistics IT ACT (2004 – 2007) Source: Chapter 18: GOI
Case Statistics IPC (2004 – 2007) Source: Chapter 18: GOI
Cyber Incidents (Wireless) • September 13, 2008: Indian Mujahideen militants used unsecured WiFi system of a company in Chembur • August 2008: A stray terror e-mail was traced to the Khalsa College, Matunga, Mumbai. • July 2008: E-mails were sent before and after the Ahmedabad blasts. One was traced to Navi Mumbai and the other to an IP address in Vadodara. • May 2008: A terror e-mail was sent before the Jaipur Incidents blasts from a cyber cafe in Ghaziabad. • November 2007: Serial blasts in Lucknow, Varanasi, and Faizabad courts in UP. The terror e-mail was sent by Indian Mujahideen (IM) from a cyber café in Laxmi Nagar, Delhi.
Mumbai Terror Attack 26/11 • Use of technology by the attackers Terrorists are using – Global Positioning Satellite sophisticated technology devices. systems – Blackberry It is complicated and difficult to develop – CDs with high resolution and coordinate satellite images necessary security measures to counter – Multiple cell phones with such threats switchable SIM cards – Satellite phones
Source: March 21, 2020 Times of India
Source: April 20, 2010 HT Cafe
Lack of Cyber Knowledge  Hampers a parent’s ability to raise their children  appropriate amount of teaching and ethical foundation.  Creates a greater differences in families  Culture of Security and Respectability in Question  Raises children with no cyber ethical guidance: bad for business and society as a whole.
Cyber Security & Computer Related Offense
What is Cyber Security? • Security deals with three primary issues, called the CIA triad. – Confidentiality • Assurance that only authorized user may access a resource – Integrity • Assurance that resource has not been modified – Availability • Assurance that authorized user may access a resource when requested • Cyber Security is concerned with the risk of malpractices in the cyberspace which involves the people, process and technology.
Cyber Crime/Computer Related Offense  Crimes performed or resorted to by abuse of electronic media or otherwise, with the purpose of influencing the functioning of computer or computer system  In simple words,  Cyber/Computer Crime is any crime where:  Computer is a target  Computer is a tool of crime  Computer is incidental to crime.
Computer Related Offense  Common types of Crimes may be broadly classified in the following groups: 1)Against Individual 2)Against Organization 3)Against Society
Crime Against Individual  Against Person: i. Harassment Through e-mails ii. Cyber-Stalking iii. Dissemination of obscene material on the Internet iv. Defamation v. Hacking/Cracking vi. Indecent Exposure  Against property of an individual: i. Computer vandalism (damage) ii. Transmitting virus iii. Internet Intrusion iv. Unauthorized control over computer system v. Hacking /Cracking
Crime Against Organization  Against Government, Private Firm, Company, Group of Individuals: i. Hacking & Cracking ii. Possession of unauthorized Information iii. Cyber terrorism against the government organization iv. Identity Theft/Impersonation v. Distribution of pirated software, etc…
Crime Against Society  At large, i. Pornography (specially child pornography) ii. Polluting the youth through Indecent Exposure iii. Trafficking iv. Hate Speech, Anti Communities, v. Discrimination and Derogatory remarks on Religion/Caste on online platform
Email Crimes • Spamming and Unsolicited Mail • Blackmailing/Defamatory Mail • Extortion/Threatening/Obscene/Abusive Mail • Transmission of Malwares (Virus/Worm/Trojan) • Advance Fee Schemes – Lottery Schemes – Nigerian Scams – Job Opportunities, Mule • Phishing Scams, Identity Theft
Cyber Incidents  Mobile Phone based  Forgery, illegal interception & ID Theft  Payment card fraud & e-funds transfer fraud  On-line Gaming/Betting  Theft of Internet & Telephone services  IP offences: illegal software; copyright breaches etc.  Misuse of Technology: Mobile and Wi-Fi  Commercial/Corporate Espionage  On-line Securities Fraud  Extortion & Criminal conspiracy
Emerging Trends and Threats for 2010 - 2011  Spamdexing - Many types of businesses use search engine optimization to be listed more prominently in searches conducted on Google and other sites.  In Spamdexing a Web site with relevant keywords or search terms, is being increasingly used by cybercriminals seeking to disguise malware as legitimate software.  Because so many consumers tend to trust rankings on leading search engines, they may readily download one of the fake software packages.
Contd…  Cloud Computing:  Jumping in the cloud - the expense to maintain a physical IT infrastructure, the thought of replacing server rooms and haphazardly configured appliances with cloud services is simply too hard for many companies to resist.  But rushing into the cloud without a security strategy is a recipe for risk.
Contd…  Social Engineering: Public Enemy Number One:  less than two years, social networking has gone from an abstract curiosity to a way of life for many people.  Cabinet Minister Lost his Job recently  Vulnerabilities: OS Versus Application  Trends are shifting from OS now the applications are being targeted.
Contd…  Advertising replaced by Malvertising  rogue software - Malware as a Service (MaaS)  Web Content Filters
Resourse: Cybercrime Scenario, Investigation Lifecycle, Cybercrime Analysis Categories: North Virginia Technology Council, aV. Lillard Cyber Crime Investigation Lifecycle Incident Expert Witness Awareness / Testimony Preliminary Analysis Consultation Prevention Technologies Improved Processes Image New Security Policies Acquisition/ Improved Configurations Recovery Preliminary/ Detailed Containment Final Report Analysis Presentation
Resourse: Cybercrime Scenario, Investigation Lifecycle, Cybercrime Analysis Categories: North Virginia Technology Council, Terrence V. Lillard Cyber Crime Analysis Categories Cybercrime Scene Cybercrime Investigation Lifecycle Cyber Offender Characteristics Cybercrime Offender Signatures Cybercrime Motivations Cybercrime Reconstruction Deductive Analysis Cyber-Victimology Cybercrime Scene Characteristics Cybercrime Modus Operandi Cyber-Geographical Mapping Equivocal Forensics Digital Evidence Analysis
Profile of People Involved  Insider - Disgruntled employees and ex-employees, spouses, lovers  Crackers - Crack into networks with malicious intent, Setting traps, etc…  Virus Writer - Pose serious threats to networks and systems worldwide  Foreign Intelligence - Use cyber tools as part of their services, For espionage activities, Can pose the biggest threat to the security of another country  Terrorists - Use to formulate plans, to raise funds, propaganda  Script Kiddies - Use tools available on the net
Case Study
© DSCI
Important Case - MMS  CEO of Bazee.com was arrested in December 2004 because a CD with objectionable material was being sold on the website. The CD was also being sold in the markets in Delhi.  The Mumbai city police and the Delhi Police got into action. The CEO was later released on bail.  THIS OPENED UP THE QUESTION AS TO WHAT KIND OF DISTINCTION DO WE DRAW BETWEEN INTERNET SERVICE PROVIDER AND CONTENT PROVIDER. RESULTED IN AMENDMENTS OF IT ACT 2000.  The burden rests on the accused that he was the Service Provider and not the Content Provider. It also raises a lot of issues regarding how the police should handle the cyber crime cases and a lot of education is required.
Source Working of Money Mule
PLEASE If a stranger came up to you on the street would You give him/her your Name, You give him/her your Date of Birth, You give him/her your Likes/Dislikes, You give him/her your Email Id, You give him/her your Contact Number ? You give him/her your Photograph? NO ! NO ! NO ! NO! NO! THEN WHY DO YOU PUBLISH THE SAME ON SOCIAL NETWORKING WEBSITES?????
How you should handle and approach?  Don’t Panic  Call in your incident response team.  Contain the problem and avoid the “quick fix.”  Take good notes of the entire situation.  Have your backup facilities ready.  Get rid of the problem.  Use trusted, uncompromised communications.  Know what to say, to whom and when.  Know when to involve Crime Investigator.
Investigations
Electronic Information & Investigations  Today’s litigious and regulatory environments mean organizations are obligated to electronically store information to support discovery and disclosure requests.  Organizations that archive email risk losing control and may struggle to produce evidential-quality email evidence.  Email is a technological issue, this requires technological solutions.
Sample Header 1. Return-Path: <secret@hotmail.com> 2. Received: from mailhub-1.net.treas.gov ([10.7.14.10]) by nccmail.usss.treas.gov for <avenit@usss.treas.gov>;Fri, 18 Feb 2000 11:46:07 -0500 3. Received: from mx-relay.treas.gov ([199.196.144.6]) bytias4.net.treas.govvia smtpd (for mailhub.net.treas.gov [10.7.8.10]) with SMTP; 18 Feb 2000 16:55:44 4. Received: from hotmail.com (f7.law4.hotmail.com [216.33.149.7]) by mx-relay2.treas.gov for <avenit@usss.treas.gov>; Fri, 18 Feb 2000 11:55:44 –0500 (EST) 5. Message-ID: <20000218165543.56965.qmail@hotmail.com> 6. Received: from 199.196.144.42 by www.hotmail.com with HTTP; Fri, 18 Feb 2000 08:55:43 7. X-Originating-IP: [199.196.144.42] 8. From: “Secret" <secret@hotmail.com> 9. To: avenit@usss.treas.gov 10. CC: smith@aol.com
 1. Return-Path: <secret@hotmail.com>  Line (1) tells other computers who really sent the message, and where to send error messages (bounces and warnings).
2. Received: from mailhub-1.net.treas.gov ([10.7.14.10]) by nccmail.usss.treas.gov for <avenit@usss.treas.gov>;Fri, 18 Feb 2000 11:46:07 -0500 3. Received: from mx-relay.treas.gov ([199.196.144.6]) by tias4.net.treas.gov via smtpd (for mailhub.net.treas.gov [10.7.8.10]) with SMTP; 18 Feb 2000 16:55:44 4. Received: from hotmail.com (f7.law4.hotmail.com [216.33.149.7]) by mx relay2.treas.gov for <avenit@usss.treas.gov>; Fri, 18 Feb 2000 11:55:44 -0500 (EST)  Lines (2), (3) and (4)show the route the message took from sending to delivery.  Each computer that receives this message adds a Received: field with its complete address and time stamp; this helps in tracking delivery problems.
 5. Message-ID: 20000218165543.56965.qmail@hotm ail.com  Line (5) is the Message-ID, a unique identifier for this specific message. This ID is logged, and can be traced through computers on the message route if there is a need to track the mail.
Trace This  6. Received: from 199.196.144.42 by www.hotmail.com with HTTP; Fri, 15 Feb 2004 08:55:43  Line (6) shows where the email was first received from with the IP address of the sender  Also show the date and time when the message was sent.
7. X-Originating-IP: [199.196.144.42]  Line (7) shows the originating IP address of the sender, but without the date and time the IP address will not allow you to identify the specific user.  This may or may not be present in Headers  If the IP Address is a “Static” Address you WILL be able to identify the specific user. (most IP Address are “dynamically” assigned)
 8. From: “Secret" secret@hotmail.com  Line (8) tells the name and e-mail address of the message originator (the "sender").  Generally this is the domain name we want to trace
9. To: venit@usss.treas.gov  Line (9) shows the name and e-mail address of the primary recipient; the address may be for a  mailing list, (sales_dep@company.com)  system-wide alias, (venit@usss.treas.gov)  a personal username.
10. CC: smith@aol.com  Line (10) lists the names and e-mail addresses of the "courtesy copy" recipients of the message.  There may be "Bcc:" recipients as well; these "blind carbon copy" recipients get copies of the message, but their names and addresses are not visible in the headers.
Email as Evidence Copyright 1. Ensure the use of email is subject to agreed procedures, which are supported and enforced by management at a high level. Acceptable use policies must prescribe good usage and identify bad usage. 2. Train users of email in acceptable use, and their rights and the obligations expected of them. 3. Implement access control mechanisms to computer systems – so that use can be attributed to a person, a terminal, a date and a time. 4. Ensure computer systems are kept safe and secure, so that the systems and the data within are protected from unauthorized access and accidental or deliberate loss and damage. 5. Retention and deletion of email should be organization-defined, not user defined. Individual users should not have any discretion as to the categories of emails that should be retained or deleted. 6. Implement a solution that archives and stores emails centrally. The archive should support all the main file formats and also retain metadata. 7. The archive should classify emails entering the archive at the point-of-entry. The archive should prevent the entry of duplicates. 8. Ensure the archiving platform facilitates the exporting of evidence as files as a part of the e- discovery process. 9. Implement an archiving solution that allows full search and retrieval. Metadata should be searchable as should content. 10. Enable logging of all events acting on the archive. The logs should be retained as part of the archive, for auditing and verification purposes. 11. Provide contingency for continuity of both archiving and discovery in the event of an outage. 12. Ensure the archiving platform supports the marking-up of files, so that privileged materials can be withheld and/or redacted during e-discovery.
IT Act 2008 (xiii) Data Protection (Sections 43 & 66) (xiv) Various types of computer crimes defined and stringent penalties provided under the Act (Section 43 and Sections 66, 67, 72) (xv) Appointment of Adjudicating officer for holding inquiries under the Act (Sections 46 & 47) (xvi) Establishment of Cyber Appellate Tribunal under the Act (Sections 48-56) (xvii) Appeal from order of Adjudicating Officer to Cyber Appellate Tribunal and not to any Civil Court (Section 57) (xviii) Appeal from order of Cyber Appellate Tribunal to High Court (Section 62) (xix) Interception of information from computer to computer (Section 69) (xx) Protection System (Section 70) (xxi) Act to apply for offences or contraventions committed outside India (Section 75) (xxii) Investigation of computer crimes to be investigated by officer at the PI (xxiii) Network service providers not to be liable in certain cases (Section 79) (xxiv) Power of police officers and other officers to enter into any public place and search and arrest without warrant (Section 80) (xxv) Offences by the Companies (Section 85) (xxvi) Constitution of Cyber Regulations Advisory Committee who will advice the Central Government and Controller (Section 88)
IT Act 2008 • New Section to address promotion of e-Governance Section 6A & other IT application – Delivery of Service – Outsourcing – Public Private Partnership • New Section to address electronic contract Section 10A • New Section to address data protection and privacy Section 43 • Body corporate to implement best security practices Sections 43A & 72A • Preservation and Retention of Data/Information Section 67C • Revision of existing Section 69 to empower Central Section 69 Government to designate agencies and issue direction for interception and safeguards for monitoring and decryption • Blocking of Information for public access Section 69A Monitoring of Traffic Data and Information for Section 69B Cyber Security • New section for designating agency for protection Section 70A of Critical Information Infrastructure • New Section for power to CERT-In to call and Section 70B analyse information relating to breach in cyber space and cyber security
Legal Scenario - India • Section 65 - Tampering with computer source code • Section 66 – Computer Related Offence Indian IT • Section 66 A – Obscene Communication • Section 66 B – Stolen Resource Act, 2000 • Section 66 C – Identity Theft • Section 66 D – Cheating by Personation • Section 66 E – Violation of Privacy • Section 66 F – Cyber Terrorism • Section 67 A– Pornography • Section 67 B – Child Pornography • Section 72 - Breach of confidentiality and Privacy • Section 72 A – Disclosure of information in breach of lawful contract Indian • States any person who knowingly makes use of an illegal copy of computer program shall be punishable. Copyright • Computer programs have copyright protection, but no Act patent protection. • Section 406 - Punishment for criminal breach of trust Indian Penal • Section 420 - Cheating and dishonestly inducing delivery Code of property • Sectio 417, 419, 467, 509, etc… applicable as per the case Indian Offers following remedies in case of breach of contract: • Damages Contract Act, • Specific performance of the contract 1872
Way Forward  Shifting from a reactive to a proactive posture  Focus on more strategic approach  Get the right people together  Established a CISO or CSO position if not done yet  Engage Business and IT decision-makers in addressing security.  Embed security awareness more deeply across the enterprise  Plan for better security, earlier in development
 Strengthen incident response planning: (1) ensure that you have an integrated approach to security breaches, staffed by a skilled, interdisciplinary team; (2) have a consistent response procedure for incidents; (3) review security policies and align them with your incident response procedures; &
Recommendations • Awareness is important and any incident should be reported at once • Users must try and save any electronic information trail on their computers • Avoid giving out unnecessary information about yourself • Use the licensed, latest & updated anti-virus software, operating systems, web browsers and email programs • Check out the site you are doing business with thoroughly • Send credit card information only to secure sites • Protect your Website and Maintain Backups
Summary • 99% of the problem lies between the keyboard and chair i.e. the user • Every one a target; Every system a challenge • Cyber Security is not just a technical problem – everyone has a role to play in it • You cannot “fix” security – you can only manage it • AWARENESS OF THE THREAT IS ITSELF A KEY CONTROL
About Me Educational Qualifications:  B.Sc. Information Technology,  P.G.D. Information Technology,  P.G.D. Cyber Laws,  Master of Computer Applications Certifications:  Forensic Examiner: AccessData Certified Examiner,  Audit: ISO27001 Lead Auditor (IRCA) Founder – The Eagle Eye Founder - www.cybercrimes.in Co-Founder – Open Security Alliance Former Manager – DSCI & Senior Associate – Cyber Security NASSCOM.
Contact Details Questions Thank You for your patient listening! Email: vicky@cybercrimes.in Discussion Forum: www.cybercrimes.in/SMF Cell: +91-98201-05011 “Human Behaviour is the Biggest Risk in Security – Vicky Shah” “Cyber Space: Safe to Use; Unsafe to Misuse – NASSCOM”
Disclaimer  This presentation is prepared for knowledge sharing and awareness for ISACA Mumbai Chapter Members on June 19, 2010. You can use the information provided here with proper credits. I have tried not to hide original credits as far as possible, nor am I using this presentation for any personal financial gain. Information available in this presentation is not enforceable by law; however these are my view about the topic which I feel should be shared. Any errors, omissions, misstatements, and misunderstandings set forth in the presentation are sincerely apologized. Relying on the contents will be sole responsibility of the users. - Vicky Shah -

Recomendados

INFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENTINFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENTNi
 
Cryptography summary
Cryptography summaryCryptography summary
Cryptography summaryNi
 
INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.Ni
 
CYBERSECURITY | Why it is important?
CYBERSECURITY | Why it is important?CYBERSECURITY | Why it is important?
CYBERSECURITY | Why it is important?RONIKMEHRA
 
E Commerce security
E Commerce securityE Commerce security
E Commerce securityMayank Kashyap
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010joevest
 
Securing information systems
Securing information systemsSecuring information systems
Securing information systemsProf. Othman Alsalloum
 
E commerce Security
E commerce Security E commerce Security
E commerce Security Wisnu Dewobroto
 

Recomendados

INFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENTINFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENTNi
 
Cryptography summary
Cryptography summaryCryptography summary
Cryptography summaryNi
 
INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.Ni
 
CYBERSECURITY | Why it is important?
CYBERSECURITY | Why it is important?CYBERSECURITY | Why it is important?
CYBERSECURITY | Why it is important?RONIKMEHRA
 
E Commerce security
E Commerce securityE Commerce security
E Commerce securityMayank Kashyap
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010joevest
 
Securing information systems
Securing information systemsSecuring information systems
Securing information systemsProf. Othman Alsalloum
 
E commerce Security
E commerce Security E commerce Security
E commerce Security Wisnu Dewobroto
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerceSensePost
 
Module 3-cyber security
Module 3-cyber securityModule 3-cyber security
Module 3-cyber securitySweta Kumari Barnwal
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDumindu Pahalawatta
 
Securing information system
Securing information systemSecuring information system
Securing information systemTanjim Rasul
 
Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1newbie2019
 
E-commerce & Security
E-commerce & SecurityE-commerce & Security
E-commerce & SecurityNetstarterSL
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityEng Hasan Shamroukh CISCO Exams Author
 
Cyber Risk Quantification for Employees | Safe Security
Cyber Risk Quantification for Employees | Safe SecurityCyber Risk Quantification for Employees | Safe Security
Cyber Risk Quantification for Employees | Safe SecurityRahul Tyagi
 
Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack newbie2019
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityIllumeo
 
Computer Security
Computer SecurityComputer Security
Computer SecurityVaibhavi Patel
 
Information cyber security
Information cyber securityInformation cyber security
Information cyber securitySumanPramanik7
 
Ec2009 ch10 e commerce security
Ec2009 ch10 e commerce securityEc2009 ch10 e commerce security
Ec2009 ch10 e commerce securityNuth Otanasap
 
Information security[277]
Information security[277]Information security[277]
Information security[277]Timothy Warren
 
3 f6 security
3 f6 security3 f6 security
3 f6 securityop205
 
8 - Securing Info Systems
8 - Securing Info Systems8 - Securing Info Systems
8 - Securing Info SystemsHemant Nagwekar
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
2 Security And Internet Security
2 Security And Internet Security2 Security And Internet Security
2 Security And Internet SecurityAna Meskovska
 
C02
C02C02
C02newbie2019
 
SHA-1 OFFICIAL DEAD: Authenticity Challenge in Electronic Evidence Cases
SHA-1 OFFICIAL DEAD: Authenticity Challenge in Electronic Evidence CasesSHA-1 OFFICIAL DEAD: Authenticity Challenge in Electronic Evidence Cases
SHA-1 OFFICIAL DEAD: Authenticity Challenge in Electronic Evidence CasesNeeraj Aarora
 
1 q is-auditprocess
1 q is-auditprocess1 q is-auditprocess
1 q is-auditprocessAlamelu Babu
 

Mais conteúdo relacionado

Mais procurados

Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerceSensePost
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information SecurityDumindu Pahalawatta
 
Securing information system
Securing information systemSecuring information system
Securing information systemTanjim Rasul
 
Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1newbie2019
 
E-commerce & Security
E-commerce & SecurityE-commerce & Security
E-commerce & SecurityNetstarterSL
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Cyber Risk Quantification for Employees | Safe Security
Cyber Risk Quantification for Employees | Safe SecurityCyber Risk Quantification for Employees | Safe Security
Cyber Risk Quantification for Employees | Safe SecurityRahul Tyagi
 
Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack newbie2019
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityIllumeo
 
Information cyber security
Information cyber securityInformation cyber security
Information cyber securitySumanPramanik7
 
Ec2009 ch10 e commerce security
Ec2009 ch10 e commerce securityEc2009 ch10 e commerce security
Ec2009 ch10 e commerce securityNuth Otanasap
 
Information security[277]
Information security[277]Information security[277]
Information security[277]Timothy Warren
 
3 f6 security
3 f6 security3 f6 security
3 f6 securityop205
 
8 - Securing Info Systems
8 - Securing Info Systems8 - Securing Info Systems
8 - Securing Info SystemsHemant Nagwekar
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
2 Security And Internet Security
2 Security And Internet Security2 Security And Internet Security
2 Security And Internet SecurityAna Meskovska
 

Mais procurados (20)

Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerce
 
Module 3-cyber security
Module 3-cyber securityModule 3-cyber security
Module 3-cyber security
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
Securing information system
Securing information systemSecuring information system
Securing information system
 
Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1
 
E-commerce & Security
E-commerce & SecurityE-commerce & Security
E-commerce & Security
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Cyber Risk Quantification for Employees | Safe Security
Cyber Risk Quantification for Employees | Safe SecurityCyber Risk Quantification for Employees | Safe Security
Cyber Risk Quantification for Employees | Safe Security
 
Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Information cyber security
Information cyber securityInformation cyber security
Information cyber security
 
Ec2009 ch10 e commerce security
Ec2009 ch10 e commerce securityEc2009 ch10 e commerce security
Ec2009 ch10 e commerce security
 
Information security[277]
Information security[277]Information security[277]
Information security[277]
 
3 f6 security
3 f6 security3 f6 security
3 f6 security
 
8 - Securing Info Systems
8 - Securing Info Systems8 - Securing Info Systems
8 - Securing Info Systems
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
2 Security And Internet Security
2 Security And Internet Security2 Security And Internet Security
2 Security And Internet Security
 
C02
C02C02
C02
 

Destaque

SHA-1 OFFICIAL DEAD: Authenticity Challenge in Electronic Evidence Cases
SHA-1 OFFICIAL DEAD: Authenticity Challenge in Electronic Evidence CasesSHA-1 OFFICIAL DEAD: Authenticity Challenge in Electronic Evidence Cases
SHA-1 OFFICIAL DEAD: Authenticity Challenge in Electronic Evidence CasesNeeraj Aarora
 
1 q is-auditprocess
1 q is-auditprocess1 q is-auditprocess
1 q is-auditprocessAlamelu Babu
 
Police and crime trends
Police and crime trendsPolice and crime trends
Police and crime trendsRoel Palmaers
 
Cisa exam mock test questions-1
Cisa exam mock test questions-1Cisa exam mock test questions-1
Cisa exam mock test questions-1Hemang Doshi
 
Ethnicity and crime
Ethnicity and crimeEthnicity and crime
Ethnicity and crimesmccormac7
 
Crime and deviance complete revision
Crime and deviance complete revisionCrime and deviance complete revision
Crime and deviance complete revisionlouisamcdonald
 
Terrorism causes, effects, and solutions
Terrorism causes, effects, and solutionsTerrorism causes, effects, and solutions
Terrorism causes, effects, and solutionsSrun Sakada
 

Destaque (8)

SHA-1 OFFICIAL DEAD: Authenticity Challenge in Electronic Evidence Cases
SHA-1 OFFICIAL DEAD: Authenticity Challenge in Electronic Evidence CasesSHA-1 OFFICIAL DEAD: Authenticity Challenge in Electronic Evidence Cases
SHA-1 OFFICIAL DEAD: Authenticity Challenge in Electronic Evidence Cases
 
1 q is-auditprocess
1 q is-auditprocess1 q is-auditprocess
1 q is-auditprocess
 
Police and crime trends
Police and crime trendsPolice and crime trends
Police and crime trends
 
Cisa exam mock test questions-1
Cisa exam mock test questions-1Cisa exam mock test questions-1
Cisa exam mock test questions-1
 
Ethnicity and crime
Ethnicity and crimeEthnicity and crime
Ethnicity and crime
 
Crime and deviance complete revision
Crime and deviance complete revisionCrime and deviance complete revision
Crime and deviance complete revision
 
Religion and society revision
Religion and society revisionReligion and society revision
Religion and society revision
 
Terrorism causes, effects, and solutions
Terrorism causes, effects, and solutionsTerrorism causes, effects, and solutions
Terrorism causes, effects, and solutions
 

Semelhante a Emerging Cyber Crime Trends

Cyber Security Awareness at Dadar April 25, 2010
Cyber Security Awareness at Dadar April 25, 2010Cyber Security Awareness at Dadar April 25, 2010
Cyber Security Awareness at Dadar April 25, 2010Vicky Shah
 
Chapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxChapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxPrinceKumar851167
 
Cyber Security in Society
Cyber Security in SocietyCyber Security in Society
Cyber Security in SocietyRubal Sagwal
 
CYBER CRIME AND SECURITY
CYBER CRIME AND SECURITYCYBER CRIME AND SECURITY
CYBER CRIME AND SECURITYChaya Sorir
 
Cyber crime-140128140443-phpapp02 (1)
Cyber crime-140128140443-phpapp02 (1)Cyber crime-140128140443-phpapp02 (1)
Cyber crime-140128140443-phpapp02 (1)Anshuman Tripathi
 
Information technology art INTEGRATION project on cyber crime , Smruti Rekha ...
Information technology art INTEGRATION project on cyber crime , Smruti Rekha ...Information technology art INTEGRATION project on cyber crime , Smruti Rekha ...
Information technology art INTEGRATION project on cyber crime , Smruti Rekha ...7A34PratyushKumarBar
 
127027205 selected-case-studies-on-cyber-crime
127027205 selected-case-studies-on-cyber-crime127027205 selected-case-studies-on-cyber-crime
127027205 selected-case-studies-on-cyber-crimehomeworkping8
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber CrimeDivithC
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.pptAeman Khan
 
Cyber Crime and Security ppt by Neeraj Ahirwar
Cyber Crime and Security ppt by Neeraj AhirwarCyber Crime and Security ppt by Neeraj Ahirwar
Cyber Crime and Security ppt by Neeraj AhirwarNeeraj Ahirwar
 
cyber crime
cyber crimecyber crime
cyber crimeMukund10
 
Cybercrime
CybercrimeCybercrime
CybercrimeSERCOD
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation sweetpeace1
 

Semelhante a Emerging Cyber Crime Trends (20)

Cyber Security Awareness at Dadar April 25, 2010
Cyber Security Awareness at Dadar April 25, 2010Cyber Security Awareness at Dadar April 25, 2010
Cyber Security Awareness at Dadar April 25, 2010
 
Chapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxChapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptx
 
Cyber Security in Society
Cyber Security in SocietyCyber Security in Society
Cyber Security in Society
 
CYBER CRIME AND SECURITY
CYBER CRIME AND SECURITYCYBER CRIME AND SECURITY
CYBER CRIME AND SECURITY
 
Cyber crime-140128140443-phpapp02 (1)
Cyber crime-140128140443-phpapp02 (1)Cyber crime-140128140443-phpapp02 (1)
Cyber crime-140128140443-phpapp02 (1)
 
Information technology art INTEGRATION project on cyber crime , Smruti Rekha ...
Information technology art INTEGRATION project on cyber crime , Smruti Rekha ...Information technology art INTEGRATION project on cyber crime , Smruti Rekha ...
Information technology art INTEGRATION project on cyber crime , Smruti Rekha ...
 
127027205 selected-case-studies-on-cyber-crime
127027205 selected-case-studies-on-cyber-crime127027205 selected-case-studies-on-cyber-crime
127027205 selected-case-studies-on-cyber-crime
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.ppt
 
Cyber Crime and Security ppt by Neeraj Ahirwar
Cyber Crime and Security ppt by Neeraj AhirwarCyber Crime and Security ppt by Neeraj Ahirwar
Cyber Crime and Security ppt by Neeraj Ahirwar
 
cyber crime
cyber crimecyber crime
cyber crime
 
tejakshaya chowdary
tejakshaya chowdarytejakshaya chowdary
tejakshaya chowdary
 
ppt Cybercrime
ppt Cybercrimeppt Cybercrime
ppt Cybercrime
 
Cyber security mis
Cyber security misCyber security mis
Cyber security mis
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Cyber crime and forensic
Cyber crime and forensicCyber crime and forensic
Cyber crime and forensic
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
Cybercrimes
CybercrimesCybercrimes
Cybercrimes
 
Cybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global ThreatCybercrime: Radically Rethinking the Global Threat
Cybercrime: Radically Rethinking the Global Threat
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation
 

Último

Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Pooja Nehwal
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 

Último (20)

Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 

Emerging Cyber Crime Trends

  • 1. Emerging Trends in Cyber Crime Vicky Shah, Digitally signed by Vicky Shah Vicky Date: 2010.06.20 14:49:30 Z Reason: Presented for Founder – THE EAGLE EYE Shah Educational Purpose Signature Location: Mumbai Not Verified - India YOUR INFORMATION SECURITY IS OUR BUSINESS
  • 2. Is this Reality? • Computers and internet changed our lives so much that now if we don't have access to e-mail for a day or two, we feel uncomfortable. • Computer and Information security has become a crucial legal and a technical issue. • Is the internet taking over our lives? • We are on the Net 24x7, whether it’s our PCs, Laptops or Mobiles. • Have we started relating more to virtual world than real world?
  • 3. What we do Online?  Email: Love it for speed and hate it for SPAM.  Chat: Instant Messaging and real time communication  Google Maharaja: GOD of Search  Social Networking: Facebook, Orkut and Twitter have become our clone  Reading Blogs: Research, Education, etc..  You Tube: Free Videos  Downloading: Changed the definition of Free Food.
  • 4. Cyber Crime Challenges - Global  Perpetrator  Easy to learn techniques and acquire tools  Small investments that cause massive economic damage  No need for physical contact with the victims  When done subtly it leaves few or no traces  Easy for players to hide – Anonymity  Service Providers  Many network operators are involved  Many countries may be involved – No boundary  Different policy of different companies  Inadequate cyberspace legislation  No common law for the entire world  No effective regulatory body for content
  • 5. India – Growing Challenges • Exponential growth of Internet use • Interconnected business and government • E-governance growth has implications for Information Security, Privacy and Cyber Security – Income Tax, Excise, Customs, Sales tax networks connected – Smart cards, UID being issued – Land records computerized – Police networks – Defense is no longer arms & ammunition but GPS & networks
  • 6. Transformation  In 2001, we were afraid of rockets destroying buildings and computer centers... 9/11  Today, we should be aware of software destroying rockets and missiles!
  • 7. Case Statistics IT ACT (2004 – 2007) Source: Chapter 18: GOI
  • 8. Case Statistics IPC (2004 – 2007) Source: Chapter 18: GOI
  • 9. Cyber Incidents (Wireless) • September 13, 2008: Indian Mujahideen militants used unsecured WiFi system of a company in Chembur • August 2008: A stray terror e-mail was traced to the Khalsa College, Matunga, Mumbai. • July 2008: E-mails were sent before and after the Ahmedabad blasts. One was traced to Navi Mumbai and the other to an IP address in Vadodara. • May 2008: A terror e-mail was sent before the Jaipur Incidents blasts from a cyber cafe in Ghaziabad. • November 2007: Serial blasts in Lucknow, Varanasi, and Faizabad courts in UP. The terror e-mail was sent by Indian Mujahideen (IM) from a cyber café in Laxmi Nagar, Delhi.
  • 10. Mumbai Terror Attack 26/11 • Use of technology by the attackers Terrorists are using – Global Positioning Satellite sophisticated technology devices. systems – Blackberry It is complicated and difficult to develop – CDs with high resolution and coordinate satellite images necessary security measures to counter – Multiple cell phones with such threats switchable SIM cards – Satellite phones
  • 11. Source: March 21, 2020 Times of India
  • 12. Source: April 20, 2010 HT Cafe
  • 13. Lack of Cyber Knowledge  Hampers a parent’s ability to raise their children  appropriate amount of teaching and ethical foundation.  Creates a greater differences in families  Culture of Security and Respectability in Question  Raises children with no cyber ethical guidance: bad for business and society as a whole.
  • 15. What is Cyber Security? • Security deals with three primary issues, called the CIA triad. – Confidentiality • Assurance that only authorized user may access a resource – Integrity • Assurance that resource has not been modified – Availability • Assurance that authorized user may access a resource when requested • Cyber Security is concerned with the risk of malpractices in the cyberspace which involves the people, process and technology.
  • 16. Cyber Crime/Computer Related Offense  Crimes performed or resorted to by abuse of electronic media or otherwise, with the purpose of influencing the functioning of computer or computer system  In simple words,  Cyber/Computer Crime is any crime where:  Computer is a target  Computer is a tool of crime  Computer is incidental to crime.
  • 17. Computer Related Offense  Common types of Crimes may be broadly classified in the following groups: 1)Against Individual 2)Against Organization 3)Against Society
  • 18. Crime Against Individual  Against Person: i. Harassment Through e-mails ii. Cyber-Stalking iii. Dissemination of obscene material on the Internet iv. Defamation v. Hacking/Cracking vi. Indecent Exposure  Against property of an individual: i. Computer vandalism (damage) ii. Transmitting virus iii. Internet Intrusion iv. Unauthorized control over computer system v. Hacking /Cracking
  • 19. Crime Against Organization  Against Government, Private Firm, Company, Group of Individuals: i. Hacking & Cracking ii. Possession of unauthorized Information iii. Cyber terrorism against the government organization iv. Identity Theft/Impersonation v. Distribution of pirated software, etc…
  • 20. Crime Against Society  At large, i. Pornography (specially child pornography) ii. Polluting the youth through Indecent Exposure iii. Trafficking iv. Hate Speech, Anti Communities, v. Discrimination and Derogatory remarks on Religion/Caste on online platform
  • 21. Email Crimes • Spamming and Unsolicited Mail • Blackmailing/Defamatory Mail • Extortion/Threatening/Obscene/Abusive Mail • Transmission of Malwares (Virus/Worm/Trojan) • Advance Fee Schemes – Lottery Schemes – Nigerian Scams – Job Opportunities, Mule • Phishing Scams, Identity Theft
  • 22. Cyber Incidents  Mobile Phone based  Forgery, illegal interception & ID Theft  Payment card fraud & e-funds transfer fraud  On-line Gaming/Betting  Theft of Internet & Telephone services  IP offences: illegal software; copyright breaches etc.  Misuse of Technology: Mobile and Wi-Fi  Commercial/Corporate Espionage  On-line Securities Fraud  Extortion & Criminal conspiracy
  • 23. Emerging Trends and Threats for 2010 - 2011  Spamdexing - Many types of businesses use search engine optimization to be listed more prominently in searches conducted on Google and other sites.  In Spamdexing a Web site with relevant keywords or search terms, is being increasingly used by cybercriminals seeking to disguise malware as legitimate software.  Because so many consumers tend to trust rankings on leading search engines, they may readily download one of the fake software packages.
  • 24. Contd…  Cloud Computing:  Jumping in the cloud - the expense to maintain a physical IT infrastructure, the thought of replacing server rooms and haphazardly configured appliances with cloud services is simply too hard for many companies to resist.  But rushing into the cloud without a security strategy is a recipe for risk.
  • 25. Contd…  Social Engineering: Public Enemy Number One:  less than two years, social networking has gone from an abstract curiosity to a way of life for many people.  Cabinet Minister Lost his Job recently  Vulnerabilities: OS Versus Application  Trends are shifting from OS now the applications are being targeted.
  • 26. Contd…  Advertising replaced by Malvertising  rogue software - Malware as a Service (MaaS)  Web Content Filters
  • 27. Resourse: Cybercrime Scenario, Investigation Lifecycle, Cybercrime Analysis Categories: North Virginia Technology Council, aV. Lillard Cyber Crime Investigation Lifecycle Incident Expert Witness Awareness / Testimony Preliminary Analysis Consultation Prevention Technologies Improved Processes Image New Security Policies Acquisition/ Improved Configurations Recovery Preliminary/ Detailed Containment Final Report Analysis Presentation
  • 28. Resourse: Cybercrime Scenario, Investigation Lifecycle, Cybercrime Analysis Categories: North Virginia Technology Council, Terrence V. Lillard Cyber Crime Analysis Categories Cybercrime Scene Cybercrime Investigation Lifecycle Cyber Offender Characteristics Cybercrime Offender Signatures Cybercrime Motivations Cybercrime Reconstruction Deductive Analysis Cyber-Victimology Cybercrime Scene Characteristics Cybercrime Modus Operandi Cyber-Geographical Mapping Equivocal Forensics Digital Evidence Analysis
  • 29. Profile of People Involved  Insider - Disgruntled employees and ex-employees, spouses, lovers  Crackers - Crack into networks with malicious intent, Setting traps, etc…  Virus Writer - Pose serious threats to networks and systems worldwide  Foreign Intelligence - Use cyber tools as part of their services, For espionage activities, Can pose the biggest threat to the security of another country  Terrorists - Use to formulate plans, to raise funds, propaganda  Script Kiddies - Use tools available on the net
  • 32. Important Case - MMS  CEO of Bazee.com was arrested in December 2004 because a CD with objectionable material was being sold on the website. The CD was also being sold in the markets in Delhi.  The Mumbai city police and the Delhi Police got into action. The CEO was later released on bail.  THIS OPENED UP THE QUESTION AS TO WHAT KIND OF DISTINCTION DO WE DRAW BETWEEN INTERNET SERVICE PROVIDER AND CONTENT PROVIDER. RESULTED IN AMENDMENTS OF IT ACT 2000.  The burden rests on the accused that he was the Service Provider and not the Content Provider. It also raises a lot of issues regarding how the police should handle the cyber crime cases and a lot of education is required.
  • 33. Source Working of Money Mule
  • 34. PLEASE If a stranger came up to you on the street would You give him/her your Name, You give him/her your Date of Birth, You give him/her your Likes/Dislikes, You give him/her your Email Id, You give him/her your Contact Number ? You give him/her your Photograph? NO ! NO ! NO ! NO! NO! THEN WHY DO YOU PUBLISH THE SAME ON SOCIAL NETWORKING WEBSITES?????
  • 35. How you should handle and approach?  Don’t Panic  Call in your incident response team.  Contain the problem and avoid the “quick fix.”  Take good notes of the entire situation.  Have your backup facilities ready.  Get rid of the problem.  Use trusted, uncompromised communications.  Know what to say, to whom and when.  Know when to involve Crime Investigator.
  • 37. Electronic Information & Investigations  Today’s litigious and regulatory environments mean organizations are obligated to electronically store information to support discovery and disclosure requests.  Organizations that archive email risk losing control and may struggle to produce evidential-quality email evidence.  Email is a technological issue, this requires technological solutions.
  • 38. Sample Header 1. Return-Path: <secret@hotmail.com> 2. Received: from mailhub-1.net.treas.gov ([10.7.14.10]) by nccmail.usss.treas.gov for <avenit@usss.treas.gov>;Fri, 18 Feb 2000 11:46:07 -0500 3. Received: from mx-relay.treas.gov ([199.196.144.6]) bytias4.net.treas.govvia smtpd (for mailhub.net.treas.gov [10.7.8.10]) with SMTP; 18 Feb 2000 16:55:44 4. Received: from hotmail.com (f7.law4.hotmail.com [216.33.149.7]) by mx-relay2.treas.gov for <avenit@usss.treas.gov>; Fri, 18 Feb 2000 11:55:44 –0500 (EST) 5. Message-ID: <20000218165543.56965.qmail@hotmail.com> 6. Received: from 199.196.144.42 by www.hotmail.com with HTTP; Fri, 18 Feb 2000 08:55:43 7. X-Originating-IP: [199.196.144.42] 8. From: “Secret" <secret@hotmail.com> 9. To: avenit@usss.treas.gov 10. CC: smith@aol.com
  • 39. 1. Return-Path: <secret@hotmail.com>  Line (1) tells other computers who really sent the message, and where to send error messages (bounces and warnings).
  • 40. 2. Received: from mailhub-1.net.treas.gov ([10.7.14.10]) by nccmail.usss.treas.gov for <avenit@usss.treas.gov>;Fri, 18 Feb 2000 11:46:07 -0500 3. Received: from mx-relay.treas.gov ([199.196.144.6]) by tias4.net.treas.gov via smtpd (for mailhub.net.treas.gov [10.7.8.10]) with SMTP; 18 Feb 2000 16:55:44 4. Received: from hotmail.com (f7.law4.hotmail.com [216.33.149.7]) by mx relay2.treas.gov for <avenit@usss.treas.gov>; Fri, 18 Feb 2000 11:55:44 -0500 (EST)  Lines (2), (3) and (4)show the route the message took from sending to delivery.  Each computer that receives this message adds a Received: field with its complete address and time stamp; this helps in tracking delivery problems.
  • 41. 5. Message-ID: 20000218165543.56965.qmail@hotm ail.com  Line (5) is the Message-ID, a unique identifier for this specific message. This ID is logged, and can be traced through computers on the message route if there is a need to track the mail.
  • 42. Trace This  6. Received: from 199.196.144.42 by www.hotmail.com with HTTP; Fri, 15 Feb 2004 08:55:43  Line (6) shows where the email was first received from with the IP address of the sender  Also show the date and time when the message was sent.
  • 43. 7. X-Originating-IP: [199.196.144.42]  Line (7) shows the originating IP address of the sender, but without the date and time the IP address will not allow you to identify the specific user.  This may or may not be present in Headers  If the IP Address is a “Static” Address you WILL be able to identify the specific user. (most IP Address are “dynamically” assigned)
  • 44. 8. From: “Secret" secret@hotmail.com  Line (8) tells the name and e-mail address of the message originator (the "sender").  Generally this is the domain name we want to trace
  • 45. 9. To: venit@usss.treas.gov  Line (9) shows the name and e-mail address of the primary recipient; the address may be for a  mailing list, (sales_dep@company.com)  system-wide alias, (venit@usss.treas.gov)  a personal username.
  • 46. 10. CC: smith@aol.com  Line (10) lists the names and e-mail addresses of the "courtesy copy" recipients of the message.  There may be "Bcc:" recipients as well; these "blind carbon copy" recipients get copies of the message, but their names and addresses are not visible in the headers.
  • 47. Email as Evidence Copyright 1. Ensure the use of email is subject to agreed procedures, which are supported and enforced by management at a high level. Acceptable use policies must prescribe good usage and identify bad usage. 2. Train users of email in acceptable use, and their rights and the obligations expected of them. 3. Implement access control mechanisms to computer systems – so that use can be attributed to a person, a terminal, a date and a time. 4. Ensure computer systems are kept safe and secure, so that the systems and the data within are protected from unauthorized access and accidental or deliberate loss and damage. 5. Retention and deletion of email should be organization-defined, not user defined. Individual users should not have any discretion as to the categories of emails that should be retained or deleted. 6. Implement a solution that archives and stores emails centrally. The archive should support all the main file formats and also retain metadata. 7. The archive should classify emails entering the archive at the point-of-entry. The archive should prevent the entry of duplicates. 8. Ensure the archiving platform facilitates the exporting of evidence as files as a part of the e- discovery process. 9. Implement an archiving solution that allows full search and retrieval. Metadata should be searchable as should content. 10. Enable logging of all events acting on the archive. The logs should be retained as part of the archive, for auditing and verification purposes. 11. Provide contingency for continuity of both archiving and discovery in the event of an outage. 12. Ensure the archiving platform supports the marking-up of files, so that privileged materials can be withheld and/or redacted during e-discovery.
  • 48. IT Act 2008 (xiii) Data Protection (Sections 43 & 66) (xiv) Various types of computer crimes defined and stringent penalties provided under the Act (Section 43 and Sections 66, 67, 72) (xv) Appointment of Adjudicating officer for holding inquiries under the Act (Sections 46 & 47) (xvi) Establishment of Cyber Appellate Tribunal under the Act (Sections 48-56) (xvii) Appeal from order of Adjudicating Officer to Cyber Appellate Tribunal and not to any Civil Court (Section 57) (xviii) Appeal from order of Cyber Appellate Tribunal to High Court (Section 62) (xix) Interception of information from computer to computer (Section 69) (xx) Protection System (Section 70) (xxi) Act to apply for offences or contraventions committed outside India (Section 75) (xxii) Investigation of computer crimes to be investigated by officer at the PI (xxiii) Network service providers not to be liable in certain cases (Section 79) (xxiv) Power of police officers and other officers to enter into any public place and search and arrest without warrant (Section 80) (xxv) Offences by the Companies (Section 85) (xxvi) Constitution of Cyber Regulations Advisory Committee who will advice the Central Government and Controller (Section 88)
  • 49. IT Act 2008 • New Section to address promotion of e-Governance Section 6A & other IT application – Delivery of Service – Outsourcing – Public Private Partnership • New Section to address electronic contract Section 10A • New Section to address data protection and privacy Section 43 • Body corporate to implement best security practices Sections 43A & 72A • Preservation and Retention of Data/Information Section 67C • Revision of existing Section 69 to empower Central Section 69 Government to designate agencies and issue direction for interception and safeguards for monitoring and decryption • Blocking of Information for public access Section 69A Monitoring of Traffic Data and Information for Section 69B Cyber Security • New section for designating agency for protection Section 70A of Critical Information Infrastructure • New Section for power to CERT-In to call and Section 70B analyse information relating to breach in cyber space and cyber security
  • 50. Legal Scenario - India • Section 65 - Tampering with computer source code • Section 66 – Computer Related Offence Indian IT • Section 66 A – Obscene Communication • Section 66 B – Stolen Resource Act, 2000 • Section 66 C – Identity Theft • Section 66 D – Cheating by Personation • Section 66 E – Violation of Privacy • Section 66 F – Cyber Terrorism • Section 67 A– Pornography • Section 67 B – Child Pornography • Section 72 - Breach of confidentiality and Privacy • Section 72 A – Disclosure of information in breach of lawful contract Indian • States any person who knowingly makes use of an illegal copy of computer program shall be punishable. Copyright • Computer programs have copyright protection, but no Act patent protection. • Section 406 - Punishment for criminal breach of trust Indian Penal • Section 420 - Cheating and dishonestly inducing delivery Code of property • Sectio 417, 419, 467, 509, etc… applicable as per the case Indian Offers following remedies in case of breach of contract: • Damages Contract Act, • Specific performance of the contract 1872
  • 51. Way Forward  Shifting from a reactive to a proactive posture  Focus on more strategic approach  Get the right people together  Established a CISO or CSO position if not done yet  Engage Business and IT decision-makers in addressing security.  Embed security awareness more deeply across the enterprise  Plan for better security, earlier in development
  • 52.  Strengthen incident response planning: (1) ensure that you have an integrated approach to security breaches, staffed by a skilled, interdisciplinary team; (2) have a consistent response procedure for incidents; (3) review security policies and align them with your incident response procedures; &
  • 53. Recommendations • Awareness is important and any incident should be reported at once • Users must try and save any electronic information trail on their computers • Avoid giving out unnecessary information about yourself • Use the licensed, latest & updated anti-virus software, operating systems, web browsers and email programs • Check out the site you are doing business with thoroughly • Send credit card information only to secure sites • Protect your Website and Maintain Backups
  • 54. Summary • 99% of the problem lies between the keyboard and chair i.e. the user • Every one a target; Every system a challenge • Cyber Security is not just a technical problem – everyone has a role to play in it • You cannot “fix” security – you can only manage it • AWARENESS OF THE THREAT IS ITSELF A KEY CONTROL
  • 55. About Me Educational Qualifications:  B.Sc. Information Technology,  P.G.D. Information Technology,  P.G.D. Cyber Laws,  Master of Computer Applications Certifications:  Forensic Examiner: AccessData Certified Examiner,  Audit: ISO27001 Lead Auditor (IRCA) Founder – The Eagle Eye Founder - www.cybercrimes.in Co-Founder – Open Security Alliance Former Manager – DSCI & Senior Associate – Cyber Security NASSCOM.
  • 56. Contact Details Questions Thank You for your patient listening! Email: vicky@cybercrimes.in Discussion Forum: www.cybercrimes.in/SMF Cell: +91-98201-05011 “Human Behaviour is the Biggest Risk in Security – Vicky Shah” “Cyber Space: Safe to Use; Unsafe to Misuse – NASSCOM”
  • 57. Disclaimer  This presentation is prepared for knowledge sharing and awareness for ISACA Mumbai Chapter Members on June 19, 2010. You can use the information provided here with proper credits. I have tried not to hide original credits as far as possible, nor am I using this presentation for any personal financial gain. Information available in this presentation is not enforceable by law; however these are my view about the topic which I feel should be shared. Any errors, omissions, misstatements, and misunderstandings set forth in the presentation are sincerely apologized. Relying on the contents will be sole responsibility of the users. - Vicky Shah -