जय हिन्द !! सत्यमेव जयते !! धर्मो रक्षति रक्षितः

Cyber Security - Crime Investigation - Forensic Analysis - Cyber Laws

Cyber Crime

Cyber-Crime is a fast-growing area of crime. More and more criminals are exploiting the speed, convenience and anonymity of the Internet to commit a diverse range of criminal activities that know no borders, either physical or virtual.

  1. Cyber-Crime against People

Cyber-crime committed against people include various crime like transmission of child-pornography, cyber porn, harassment of a person using a computer such as through e-mail, fake escrow scams. The trafficking, distribution, posting, and dissemination of obscene material including pornography and indecent exposure, constitutes one of the most important Cyber-Crime known today. The potential harm of such a crime to humanity can hardly be explained. Cyber-harassment is a distinct Cyber-crime. Various kinds of harassment can and do occur in cyberspace, or through the use of cyberspace. Different types of harassment can be sexual, racial, religious, or other. Person perpetuating such harassment are also guilty of cyber-crime.

Cyber harassment as a crime also brings us to another related area of violation of privacy of citizens. Violation of privacy of online citizens is a Cyber-crime of a grave nature. No one likes any other person invading the invaluable and extremely touchy area of his or her own privacy which the medium of internet grants to the citizen. There are certain offense which affect the personality of individuals can be defined as:

Harassment via E-Mails: This is very common type of harassment through sending letters, attachments of files & folders i.e. via e-mails. At present harassment is common as usage of social sites i.e. Facebook, Twitter, LinkedIn etc. increasing day by day.

Cyber-Stalking: It is expressed or implied a physical threat that creates fear through the use to computer technology such as internet, e-mail, phones, text messages, webcam, websites or videos.

Defamation: It involves any person with intent to lower down the dignity of the person by hacking his mail account and sending some mails with using vulgar language to unknown person mail account.

Hacking: It means unauthorized control/access over computer system and act of hacking completely destroys the whole data as well as computer programs. Hacker usually attack telecommunication and mobile network.

Cracking: It is act of breaking into your computer systems without your knowledge and consent and has tampered with precious confidential data and information.

E-Mail Spoofing: A spoofed e-mail may be said to be one, which misrepresents its origin. It shows its origin to be different from which actually it originates.

SMS Spoofing: Spoofing is a blocking through spam which means the unwanted uninvited messages. Here a offender steals identity of another person in the form of mobile phone number and sending SMS via internet and receiver gets the SMS from the mobile phone number of the victim. It is very serious cyber-crime against any individual.

Carding: It means false ATM cards i.e. Debit and Credit cards used by criminals for their monetary benefits through withdrawing money from the victims bank account. There is always unauthorized use of ATM cards in this type of cyber-crime s.

Cheating & Fraud: It means the person who is doing the act of cyber-crime i.e. stealing password and data storage has done it with having guilty mind which leads to fraud and cheating.

Child Pornography: In this cyber-crime defaulters create, distribute, or access materials that sexually exploit underage children.

Assault by Threat: It refers to threatening a person with fear for their lives or lives of their families through the use of a computer network i.e. E-mail, videos or phones.

  1. Cyber-Crime against property

The second category of Cyber-crime is that of Cyber-Crime against all forms of property. These crime include computer vandalism (destruction of others property) and transmission of harmful viruses or programs.There are certain offense which affects personal properties which are as follows:

Intellectual Property Crime: Intellectual property consists of a bunch of rights. Any unlawful act by which the owner is deprived completely or partially of his rights is an crime. The most common type of IPR violation may be said to be software piracy, infringement of copyright, trademark, patents, designs and service mark violation, theft of computer source code, etc.

Cyber Squatting: It involves two persons claiming for the same Domain Name either by claiming that they had registered the name first on by right of using it before the other or using something similar to that previously. For example two similar names i.e. www.yahoo.com and www.yahhoo.com

Cyber Vandalism: Vandalism means deliberately damaging property of another. Thus cyber vandalism means destroying or damaging the data or information stored in computer when a network service is stopped or disrupted. It may include within its purview any kind of physical harm done to the computer of any person. These acts may take the form of the theft of a computer, some part of a computer or a peripheral or a device attached to the computer.

Hacking Computer System:Hackers attacks those included Famous Twitter, blogging platform by unauthorized access/control over the computer. Due to the hacking activity there will be loss of data as well as computer system. Also research especially indicates that those attacks were not mainly intended for financial gain too and to diminish the reputation of particular person or company.

Transmitting Virus: Viruses are programs written by programmers that attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network. They mainly affect the data on a computer, either by altering or deleting it. Worm attacks plays major role in affecting the computer system of the individuals.

Cyber Trespass: It means to access someones computer or network without the right authorization of the owner and disturb, alter, misuse, or damage data or system by using wireless internet connection.

Internet Time Thefts: Basically, Internet time theft comes under hacking. It is the use by an unauthorized person, of the Internet hours paid for by another person. The person who gets access to someone else ISP user ID and password, either by hacking or by gaining access to it by illegal means, uses it to access the Internet without the other personal knowledge. You can identify time theft if your Internet time has to be recharged often, despite infrequent usage.

  1. Cyber-Crime against government.

The third category of Cyber-crime relates to Cyber-Crime against Government. Cyber terrorism is one distinct kind of crime in this category. The growth of internet has shown that the medium of Cyberspace is being used by individuals and groups to threaten the international governments as also to threaten the citizens of a country. This crime manifests itself into terrorism when an individual cracks into a government or defense maintained website.

  1. Cyber-Crime Against Society

An unlawful act done with the intention of causing harm to the cyberspace will affect large number of persons. These offense include:

Child Pornography: In this act there is use of computer networks to create, distribute, or access materials that sexually exploit underage children. It also includes activities concerning indecent exposure and obscenity.

Cyber Trafficking: It involves trafficking in drugs, human beings, arms weapons etc. which affects large number of person s. Trafficking in the cyber crime is also a gravest crime.

Online Gambling: Online fraud and cheating is one of the most lucrative businesses that are growing today in the cyber space. In India a lot of betting and gambling is done on the name of cricket through computer and internet. There are many cases that have come to light are those pertaining to credit card crime, contractual crime, offering jobs, etc.

Financial Crime: This type of offense is common as there is huge growth in the users of networking sites and phone networking where culprit will try to attack by sending bogus mails or messages through internet. Ex: Using credit cards by obtaining password illegally.

Forgery: It means to deceive large number of persons by sending threatening mails as online business transactions are becoming the habitual need of today life style.

Crime Investigation

Internet based Data Retrieval

If the case is internet based, finding the internet protocol (IP) addresses is your first step in the investigation. An IP address consists of numbers and letter, and that series is attached to any data moving through the internet. In order to retrieve an IP address from some Internet Service Providers (ISP) you will need to subpoena, warrant, or court order the company for information.

  • who owns and operates the network address,
  • associated domain name/ computer name,
  • Geo location,
  • Email addresses, and
  • local service provider identifier.

All ISP are based on subscriptions to the company, these companies have records of everything their subscribers do while on the internet. The time frame that ISP retain data from subscribers varies, therefore the investigation must move quickly. As the investigator, you can make a formal request to the ISP requesting they preserve the data in question while a subpoena, warrant, or court order is made requiring the records. Even with this letter, ISP is not legally obligated to preserve the data for law enforcement.

Device based

If possible, place the device in a Faraday bag prior to turning on and examining the device. If a Faraday bag is not accessible, turn the device into airplane mode, this will prevent any reception or remote communication. A copy of the original data is needed prior to investigating its contents. Having a copy of the original data prevents the contamination of the evidence. Cell phone and other wireless devices should be examined in an isolated environment where it cannot connect to networks, internet, or other systems.

Data Investigation

In order to begin investigating the data you will need to install a lock on the copy made of the data. This lock will allow you to manipulate the data and view it without making permanent changes. Once you have identified the make and model of the device in hand, select an extraction software that will be best suited to analyze the data or permit the investigator to view as much data as possible. (List of Data extraction software found below) When the data has been removed, the device should be sent to your evidence department, as the device might contain; traces of DNA, fingerprints, and/or other evidence. While the physical device is with the evidence department, the investigator should run the software to see all files on the drive, the software should display any data areas that might have otherwise been hidden or partially deleted. Information on the suspect participation in internet chat rooms, instant messages, emails, websites, apps and networks will become available. The software system will also assist your investigation in providing information such as:

  • Time stamps,
  • Images,
  • Text documents,
  • GPS locations, and
  • Other encrypted data.

Forensic R & D

Computer Forensics
The Field of Forensics sometimes also referred as Cyber Forensics or Computer Forensic Science and also IT Forensics. The art of investigation and Evidence recovery with intention of extracting authentic information from Computers, digital media (Storage devices). This has legal implications as an expert has to certify his investigation and an opinion has to be formed based on investigation and analysis in court of law.
In recent times the information technology grew drastically and became accessible to almost every human being. The human Dependency on this technology has also increased so much that documentation, exchange and storage of ideas, expression and records (official and personal) are being stored on digital media and communicated electronically (digitally). Basically these devices have become part and parcel of our daily life. With all positive angles these devices have also become the witnesses to almost all events related to its users (Civil &Criminal), so these are to be investigated to extract the right and accurate information that is related and needed. Digital Devices are investigated in all cases these days mostly in cities and urban areas. The examples for it are Laptops, Personal Computers, PDA, CD, Pen drive, SD & MicroSD cards ETC
In court computer forensic evidence is subject to the usual requirements for digital evidence; requiring information to be authentic, reliably obtained and admissible. A Cyber expert is the person who is expected to know all aspects and legal implications related to this field. Expert investigates and coveys his analysis and output through a report that is considered his opinion legally.
It is to be taken care of that the investigation and analysis is done following a legal prescribed way preserving all evidences for future reference. As in case of every field digital devices and IT Networks also follow basic principles of functioning and digital laws.
Accuracy of analysis is maintained by the knowledge and experience of expert sometimes also by repeated analysis involving other experts for conformation and second opinion.
Document Forensic
Popularly known as Handwriting Analysis/Examination, Signature Analysis, Document Fraud Detection etc...
Anything written, drawn, indented or printed on any article such as paper, wood, wall, cardboard etc to make sense or to express something is called a document in a much broader context. However in a civilized society the general documents we use are written or printed words on paper that can be used as a official record of something if a person, group or organization, department undertakes its responsibility i.e. by signing, by seal etc..
A document can be anything like, Agreement, cheque, will, register, bill etc.. These are sometimes denied by their supposed writers, forged, questioned, claimed to be non authentic. In other case sometimes the writer himself has to prove his claim.
A questioned document is one in which a document as entirety, or in part, is subjected to question or the authenticity/origin of it is in doubt. It can be anything E.g. signature, handwriting, typewriting or other marks whose authenticity comes under doubt.
Fingerprint Forensic
Finger print is the impression of the friction ridges present on the fingers, A friction ridge is a raised portion of the epidermis on the fingers and toes, the palm of the hand or the sole of the foot, consisting of one or more connected ridge units of friction ridge skin.
When these friction ridges come in contact with any smooth surface it leaves its impression behind which is developed with the help of various developing techniques and matched with control sample (suspected fingerprint).
The person who is well versed with the science of Fingerprints with experience in all the three steps mentioned above having knowledge and experience in the field is a Fingerprint Expert or Examiner.Fingerprint examiner has to prove the genuineness of the evidence by the scientific technique which an expert uses and the relevancy of that technique for such examination in court of law. The expert has to mention the parameters based on which opinion is formed whether matching or vice versa.

Cyber Laws
IT Act & Amendment

The Information Technology Act, 2000 (also known as ITA-2000, or the IT Act) is an Act of the Indian Parliament (No 21 of 2000) notified on 17 October 2000. It is the primary law in India dealing with cybercrime and electronic commerce. It is based on the United Nations Model Law on Electronic Commerce 1996 (UNCITRAL Model) recommended by the general assembly of United Nations by a resolution dated 30th January 1997.

A major amendment was made in 2008. It introduced the Section 69, which gave authorities the power of interception or monitoring or decryption of any information through any computer resource. It also introduced penalties for child porn, cyber terrorism and voyeurism. It was passed on 22 December 2008 which any debate in Lok Sabha. The next day it was passed by the Rajya Sabha. It was signed by the President of 5 February 2009.

The Information Technology Act, 2000 also aims to provide for the legal framework so that legal sanctity is accorded to all electronic records and other activities carried out by electronic means. The Act states that unless otherwise agreed, an acceptance of contract may be expressed by electronic means of communication and the same shall have legal validity and enforceability. Some highlights of the Act are listed below:

Chapter-II of the Act specifically stipulates that any subscriber may authenticate an electronic record by affixing his digital signature. It further states that any person can verify an electronic record by use of a public key of the subscriber.

Chapter-III of the Act details about Electronic Governance and provides inter alia amongst others that where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is rendered or made available in an electronic form; and accessible so as to be usable for a subsequent reference.

Chapter-IV of the said Act gives a scheme for Regulation of Certifying Authorities. The Act envisages a Controller of Certifying Authorities who shall perform the function of exercising supervision over the activities of the Certifying Authorities as also laying down standards and conditions governing the Certifying Authorities as also specifying the various forms and content of Digital Signature Certificates. The Act recognizes the need for recognizing foreign Certifying Authorities and it further details the various provisions for the issue of license to issue Digital Signature Certificates.

Chapter-V of the Act details about the scheme of things relating to Digital Signature Certificates. The duties of subscribers are also enshrined in the said Act.

Chapter-VI of the said Act talks about penalties and adjudication for various offence. The penalties for damage to computer, computer systems etc. has been fixed as damages by way of compensation not exceeding Rs. 1,00,00,000 to affected persons. The Act talks of appointment of any officers not below the rank of a Director to the Government of India or an equivalent officer of state government as an Adjudicating Officer who shall adjudicate whether any person has made a contravention of any of the provisions of the said Act or rules framed there under. The said Adjudicating Officer has been given the powers of a Civil Court.

Chapter-VII of the Act talks of the establishment of the Cyber Regulations Appellate Tribunal, which shall be an appellate body where appeals against the orders passed by the Adjudicating Officers, shall be preferred.

Chapter-VIII of the Act talks about various offence and the said offence shall be investigated only by a Police Officer not below the rank of the Deputy Superintendent of Police. These offence include tampering with computer source documents, publishing of information, which is obscene in electronic form, and hacking.

List of offence and the corresponding penalties:

Section Offence Description Penalty
65 Tampering with computer source documents If a person knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy or alter any computer source code used for a computer, computer programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force. Imprisonment up to three years, or/and with fine up to 200,000
66 Hacking with computer system If a person with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hack. Imprisonment up to three years, or/and with fine up to 500,000
66B Receiving stolen computer or communication device A person receives or retains a computer resource or communication device which is known to be stolen or the person has reason to believe is stolen. Imprisonment up to three years, or/and with fine up to 100,000
66C Using password of another person A person fraudulently uses the password, digital signature or other unique identification of another person. Imprisonment up to three years, or/and with fine up to 100,000
66D Cheating using computer resource If a person cheats someone using a computur resource or communication. Imprisonment up to three years, or/and with fine up to 100,000
66E Publishing private images of others If a person capturee, transmits or publishes images of a persons private parts without his/her consent or knowledge. Imprisonment up to three years, or/and with fine up to 200,000
66F Acts of cyber terrorism If a person denies access to an authorised personnel to a computer resource, accesses a protected system or introduces contaminant into a system, which the intention of threatening the unity, integrity, sovereignty or security of India, then he commits cyberterrorism. Imprisonment up to life.
67 Publishing information which is obscene in electronic form. If a person publishes or transmits or causes to be published in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it. Imprisonment up to five years, or/and with fine up to 1,000,000
67A Publishing images containing sexual acts If a person publishes or transmits images containing a sexual explicit act or conduct. Imprisonment up to seven years, or/and with fine up to 1,000,000
67B Publishing child porn or predating children online If a person captures, publishes or transmits images of a child in a sexually explicit act or conduct. If a person induces a child into a sexual act. A child is defined as anyone under 18. Imprisonment up to five years, or/and with fine up to 1,000,000 on first conviction. Imprisonment up to seven years, or/and with fine up to 1,000,000 on second conviction.
67C Failure to maintain records Persons deemed as intermediatary (such as an ISP) must maintain required records for stipulated time. Failure is an offence. Imprisonment up to three years, or/and with fine.
68 Failure/refusal to comply with orders The Controller may, by order, direct a Certifying Authority or any employee of such Authority to take such measures or cease carrying on such activities as specified in the order if those are necessary to ensure compliance with the provisions of this Act, rules or any regulations made thereunder. Any person who fails to comply with any such order shall be guilty of an offence. Imprisonment up to three years, or/and with fine up to 200,000
69 Failure/refusal to decrypt data If the Controller is satisfied that it is necessary or expedient so to do in the interest of the sovereignty or integrity of India, the security of the State, friendly relations with foreign Stales or public order or for preventing incitement to the commission of any cognizable offence, for reasons to be recorded in writing, by order, direct any agency of the Government to intercept any information transmitted through any computer resource. The subscriber or any person incharge of the computer resource shall, when called upon by any agency which has been directed, must extend all facilities and technical assistance to decrypt the information. The subscriber or any person who fails to assist the agency referred is deemed to have committed a crime. Imprisonment up to seven years and possible fine.
70 Securing access or attempting to secure access to a protected system The appropriate Government may, by notification in the Official Gazette, declare that any computer, computer system or computer network to be a protected system. The appropriate Government may, by order in writing, authorise the persons who are authorised to access protected systems. If a person who secures access or attempts to secure access to a protected system, then he is committing an offence. Imprisonment up to ten years, or/and with fine.
71 Misrepresentation If anyone makes any misrepresentation to, or suppresses any material fact from, the Controller or the Certifying Authority for obtaining any license or Digital Signature Certificate. Imprisonment up to three years, or/and with fine up to 100,000

Honesty & Truth Best Policy

हमारी धडकनो में धडकता रहे,ऐ वतन तुझको नमन है हमारा,
जिए तो रक्त पर तेरा नाम,शहादत तो तिरंगा कफन हमारा ||