Cyber Crime - Crime Investigation - Forensic Analysis - Cyber Laws
Cyber-Crime is a fast-growing area of crime. More and more criminals are exploiting the speed, convenience and anonymity of the Internet to commit a diverse range of criminal activities that know no borders, either physical or virtual.
Cyber-crime committed against people include various crime like transmission of child-pornography, cyber porn, harassment of a person using a computer such as through e-mail, fake escrow scams. The trafficking, distribution, posting, and dissemination of obscene material including pornography and indecent exposure, constitutes one of the most important Cyber-Crime known today. The potential harm of such a crime to humanity can hardly be explained. Cyber-harassment is a distinct Cyber-crime. Various kinds of harassment can and do occur in cyberspace, or through the use of cyberspace. Different types of harassment can be sexual, racial, religious, or other. Person perpetuating such harassment are also guilty of cyber-crime.
Cyber harassment as a crime also brings us to another related area of violation of privacy of citizens. Violation of privacy of online citizens is a Cyber-crime of a grave nature. No one likes any other person invading the invaluable and extremely touchy area of his or her own privacy which the medium of internet grants to the citizen. There are certain offense which affect the personality of individuals can be defined as:
Harassment via E-Mails: This is very common type of harassment through sending letters, attachments of files & folders i.e. via e-mails. At present harassment is common as usage of social sites i.e. Facebook, Twitter, LinkedIn etc. increasing day by day.
Cyber-Stalking: It is expressed or implied a physical threat that creates fear through the use to computer technology such as internet, e-mail, phones, text messages, webcam, websites or videos.
Defamation: It involves any person with intent to lower down the dignity of the person by hacking his mail account and sending some mails with using vulgar language to unknown person mail account.
Hacking: It means unauthorized control/access over computer system and act of hacking completely destroys the whole data as well as computer programs. Hacker usually attack telecommunication and mobile network.
Cracking: It is act of breaking into your computer systems without your knowledge and consent and has tampered with precious confidential data and information.
E-Mail Spoofing: A spoofed e-mail may be said to be one, which misrepresents its origin. It shows its origin to be different from which actually it originates.
SMS Spoofing: Spoofing is a blocking through spam which means the unwanted uninvited messages. Here a offender steals identity of another person in the form of mobile phone number and sending SMS via internet and receiver gets the SMS from the mobile phone number of the victim. It is very serious cyber-crime against any individual.
Carding: It means false ATM cards i.e. Debit and Credit cards used by criminals for their monetary benefits through withdrawing money from the victims bank account. There is always unauthorized use of ATM cards in this type of cyber-crime s.
Cheating & Fraud: It means the person who is doing the act of cyber-crime i.e. stealing password and data storage has done it with having guilty mind which leads to fraud and cheating.
Child Pornography: In this cyber-crime defaulters create, distribute, or access materials that sexually exploit underage children.
Assault by Threat: It refers to threatening a person with fear for their lives or lives of their families through the use of a computer network i.e. E-mail, videos or phones.
The second category of Cyber-crime is that of Cyber-Crime against all forms of property. These crime include computer vandalism (destruction of others property) and transmission of harmful viruses or programs.There are certain offense which affects personal properties which are as follows:
Intellectual Property Crime: Intellectual property consists of a bunch of rights. Any unlawful act by which the owner is deprived completely or partially of his rights is an crime. The most common type of IPR violation may be said to be software piracy, infringement of copyright, trademark, patents, designs and service mark violation, theft of computer source code, etc.
Cyber Squatting: It involves two persons claiming for the same Domain Name either by claiming that they had registered the name first on by right of using it before the other or using something similar to that previously. For example two similar names i.e. www.yahoo.com and www.yahhoo.com
Cyber Vandalism: Vandalism means deliberately damaging property of another. Thus cyber vandalism means destroying or damaging the data or information stored in computer when a network service is stopped or disrupted. It may include within its purview any kind of physical harm done to the computer of any person. These acts may take the form of the theft of a computer, some part of a computer or a peripheral or a device attached to the computer.
Hacking Computer System:Hackers attacks those included Famous Twitter, blogging platform by unauthorized access/control over the computer. Due to the hacking activity there will be loss of data as well as computer system. Also research especially indicates that those attacks were not mainly intended for financial gain too and to diminish the reputation of particular person or company.
Transmitting Virus: Viruses are programs written by programmers that attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network. They mainly affect the data on a computer, either by altering or deleting it. Worm attacks plays major role in affecting the computer system of the individuals.
Cyber Trespass: It means to access someones computer or network without the right authorization of the owner and disturb, alter, misuse, or damage data or system by using wireless internet connection.
Internet Time Thefts: Basically, Internet time theft comes under hacking. It is the use by an unauthorized person, of the Internet hours paid for by another person. The person who gets access to someone else ISP user ID and password, either by hacking or by gaining access to it by illegal means, uses it to access the Internet without the other personal knowledge. You can identify time theft if your Internet time has to be recharged often, despite infrequent usage.
The third category of Cyber-crime relates to Cyber-Crime against Government. Cyber terrorism is one distinct kind of crime in this category. The growth of internet has shown that the medium of Cyberspace is being used by individuals and groups to threaten the international governments as also to threaten the citizens of a country. This crime manifests itself into terrorism when an individual cracks into a government or defense maintained website.
An unlawful act done with the intention of causing harm to the cyberspace will affect large number of persons. These offense include:
Child Pornography: In this act there is use of computer networks to create, distribute, or access materials that sexually exploit underage children. It also includes activities concerning indecent exposure and obscenity.
Cyber Trafficking: It involves trafficking in drugs, human beings, arms weapons etc. which affects large number of person s. Trafficking in the cyber crime is also a gravest crime.
Online Gambling: Online fraud and cheating is one of the most lucrative businesses that are growing today in the cyber space. In India a lot of betting and gambling is done on the name of cricket through computer and internet. There are many cases that have come to light are those pertaining to credit card crime, contractual crime, offering jobs, etc.
Financial Crime: This type of offense is common as there is huge growth in the users of networking sites and phone networking where culprit will try to attack by sending bogus mails or messages through internet. Ex: Using credit cards by obtaining password illegally.
Forgery: It means to deceive large number of persons by sending threatening mails as online business transactions are becoming the habitual need of today life style.
We live in a world where everything seems to be getting hacked — Airplanes, ATM machines, Baby monitors, Biometric devices, Bitcoin wallets, Cars, CCTV cameras, Drones, Gaming consoles, Health trackers, Medical devices, Power plants, Self-aiming rifles, Ships, Smart-watches, Smartphones & more. The increasing global cost of cybercrime ($100 billion+ a year) has led to a massive surge in the demand for cybercrime investigators. This article explores the 22 skills every cybercrime investigator must have.
Skill 1: Web Technologies Considering the magnitude and impact of web attacks, it is necessary for a cyber crime investigator to understand some of the technologies that run the Internet and the World Wide Web. This includes practical activities including hosting a domain, creating SFTP users, setting up custom MX records, setting up, configuring & administering private email accounts, databases, and Virtual Private Servers, configuring SSL for secure websites and deploying cloud infrastructure. The investigator must also understand installing, configuring & deploying content management systems and e-commerce platforms.
Skill 2: Web Hacking Since a majority of cyber crime cases involve web-hacking or web-attacks, it is essential for cyber crime investigators to have a strong knowledge of the techniques of web hacking such as Footprinting, Bypassing Authorization Schema, SQL injection, Cross Site Scripting (XSS), Broken Authentication, Session Hijacking, Unvalidated Redirects & Forwards, and Cross-Site Request Forgery (CSRF).
Skill 3: Suspect interviewing Effective suspect interviewing is an essential skill for cybercrime investigators. The investigator must understand the difference between an interrogation and an interview and how to prepare for and conduct a suspect interview. The investigator must be able to detect deception, document an interview and get an admission from a suspect. An investigator must also know how to conduct an inquiry in an organization.
Skill 4: Documentation Even the best investigation is worthless if it is not supported by accurate and relevant documentation and that’s why a thorough understanding of documentation is essential for a cybercrime investigator.
Skill 5: Law Every step of an investigation must be in compliance with the law and that’s why a thorough understanding of the applicable law is essential for a cyber crime investigator.
Skill 6: Phishing tools, techniques, and counter-measures Phishing is one of the most popular techniques among hackers and financial cyber criminals. This makes it important for a cyber crime investigator to understand phishing tools, techniques, and counter-measures.
Skill 7: Virtual Payment Systems Virtual Payment Systems have taken the global money markets by storm. A cyber crime investigator must have a strong understanding of how these systems work.
Skill 8: Financial instruments and concepts Financial crimes are some of the most interesting cases that cyber crime investigators are called upon to solve. These include including advance-fee scam, bank frauds & carding, charge back fraud, check washing, check fraud, credit card fraud, identity theft, insider trading, insurance fraud, mortgage fraud, ponzi schemes, securities fraud, skimming, wireless identity theft and more.
Skill 9: Forensic accounting Forensic Accountants are called upon in cases involving economic damages calculations, bankruptcy, securities fraud, tax fraud, money laundering, business valuation, and e-discovery. It is important for a cyber crime investigator to have a basic understanding of forensic accounting.
Skill 10: Fraud Investigation Many times a cyber crime investigator is called upon to handle fraud investigations. An investigator must understand Fraud (its extent, patterns and causes), Fraud Risk Assessment & Management, Fraud Prevention, Detection & Reporting.
Skill 11: Bitcoin & other crypto-currencies Bitcoin is, without doubt, the most famous crypto-currency. It gained a lot of notoriety during the crackdown on Silk Road, an underground online marketplace trading in drugs, stolen financial information, weapons & more. Considering the use of bitcoin (and other cryptocurrencies) by criminals, a strong understanding of bitcoin forensics is essential for cyber crime investigators.
Skill 12: Malware incident prevention & incident response Considering the impact of malware, it is essential for a cyber crime investigator to have a strong understanding of malware incident prevention and malware incident response.
Skill 13: Dark /Deep Web The World Wide Web that the vast majority of netizens use is also referred to as the clearnet — since it primarily is unencrypted in nature. Then there is the deep web — the part of the clearnet, which is not indexed by search engines. Deep web includes data stored in password-protected pages and databases. The darkweb is a small part of the deepweb. The deepweb consists of darknets including peer-to-peer networks, Freenet, I2P, and Tor. The Tor darkweb is also called onionland, since its top level domain suffix is .onion and it uses the traffic anonymization technique of onion routing. Considering the popularity of the darkweb amongst the organized criminals groups, a cyber crime investigator must have a thorough working knowledge of the dark web.
Skill 14: Email investigation Despite the popularity of instant messengers (such as Whatsapp) and social media, email remains one of the most popular methods of online communication in the world. This makes it essential for a cyber crime investigator to have a strong knowledge of email tracking & tracing.
Skill 15: Log analysis In a large number of cyber crime cases, the investigation begins with an analysis of server logs. It is essential for a cyber crime investigator to have a sound working knowledge of server log analysis.
Skill 16: Browser forensics In many cases of cyber crime, valuable evidence can be obtained from web browsers. This makes it important for a cyber crime investigator to have a strong practical knowledge of browser forensics. These evidence points include history, bookmarks, credit card information & contact information stored in autofill, saved passwords, files in the download location. Browser forensics also involves analysis of cloud printers and other connected devices, extensions, cookies and site data, location settings and exceptions, media settings (like camera and microphone permissions) & exceptions, unsandboxed plug-in access & exceptions, automatic downloads and exceptions and more.
Skill 17: Social Media Forensics It’s probably not incorrect to say that almost every Internet user is part of at least one social media platform. This makes social media forensics an essential skill for a cyber crime investigator.
Skill 18: Google Ecosystem & its Forensics Google isn’t just a search engine anymore. The Google ecosystem is all around us — Gmail, YouTube, Google groups, Google sites, Google plus, Google keep and so much more. This makes Google forensics a must-have skill for cyber crime investigators.
Skill 19: Forensic technologies It is essential for a cyber crime investigator to have a strong working knowledge of forensic technologies, cyber forensic concepts and ISO/IEC 27037 — the most important global standard for identification, collection, acquisition and preservation of potential digital evidence.
Skill 20: Cyber security A basic working knowledge of cyber security is essential for everyone and more so for cyber crime investigators. Aspects of information security include Application Security, Cloud Computing Security, Computer Security, Cyber Security Standards, Data Security, Database Security, Information Security, Internet Security, Mobile Security, and Network Security.
Skill 21: Cryptography & Steganography Many people use cryptography and steganography. And these include criminals and terrorists. Hence a working knowledge of these is useful for cyber crime investigators.
Skill 22: Password recovery & forensics In many cases it is found that potential evidence is locked up in password protected files. This makes it essential for cyber crime investigators to have a strong practical knowledge of password recovery & forensics.
If the case is internet based, finding the internet protocol (IP) addresses is your first step in the investigation. An IP address consists of numbers and letter, and that series is attached to any data moving through the internet. In order to retrieve an IP address from some Internet Service Providers (ISP) you will need to subpoena, warrant, or court order the company for information.
All ISP are based on subscriptions to the company, these companies have records of everything their subscribers do while on the internet. The time frame that ISP retain data from subscribers varies, therefore the investigation must move quickly. As the investigator, you can make a formal request to the ISP requesting they preserve the data in question while a subpoena, warrant, or court order is made requiring the records. Even with this letter, ISP is not legally obligated to preserve the data for law enforcement.
If possible, place the device in a Faraday bag prior to turning on and examining the device. If a Faraday bag is not accessible, turn the device into airplane mode, this will prevent any reception or remote communication. A copy of the original data is needed prior to investigating its contents. Having a copy of the original data prevents the contamination of the evidence. Cell phone and other wireless devices should be examined in an isolated environment where it cannot connect to networks, internet, or other systems.
In order to begin investigating the data you will need to install a lock on the copy made of the data. This lock will allow you to manipulate the data and view it without making permanent changes. Once you have identified the make and model of the device in hand, select an extraction software that will be best suited to analyze the data or permit the investigator to view as much data as possible. (List of Data extraction software found below) When the data has been removed, the device should be sent to your evidence department, as the device might contain; traces of DNA, fingerprints, and/or other evidence. While the physical device is with the evidence department, the investigator should run the software to see all files on the drive, the software should display any data areas that might have otherwise been hidden or partially deleted. Information on the suspect participation in internet chat rooms, instant messages, emails, websites, apps and networks will become available. The software system will also assist your investigation in providing information such as:
This Test has become an increasingly, perhaps alarmingly, common term in India. This practice has also garnered support from certain State Governments as well as the Judiciary. While expert studies and court opinions available internationally have granted that there may be some use in test, but the overwhelming evidence is that it is by no means a reliable science. A scientific test is one which is based on a solid scientific principle and always give results, which are precise & accurate, reproducible and cross verifiable. Narco test basically is a test in the domain of psychology to provide functional respite from some psychological disorders. There is no direct proven relationship between the administration of so-called truth drugs and revelation of truth. Thus, under the effect of drug, the patient may say things that he wished were true and not that were necessarily true. The application of test involves the fundamental question pertaining to the judicial matters and also Human Rights. The legal position of applying this technique as an investigative technique raises genuine issues like encroachment of an individual’s rights, liberties and freedom. The right against forced self-incrimination also widely known as the right-to-silence in enshrined which state that such person shall be bound to answer truly all questions put to him by such officer, other than questions the answers to which would have a tendency to expose him to a criminal charge or to a penalty or forfeiture.
The Information Technology Act, 2000 (also known as ITA-2000, or the IT Act) is an Act of the Indian Parliament (No 21 of 2000) notified on 17 October 2000. It is the primary law in India dealing with cybercrime and electronic commerce. It is based on the United Nations Model Law on Electronic Commerce 1996 (UNCITRAL Model) recommended by the general assembly of United Nations by a resolution dated 30th January 1997.
A major amendment was made in 2008. It introduced the Section 69, which gave authorities the power of interception or monitoring or decryption of any information through any computer resource. It also introduced penalties for child porn, cyber terrorism and voyeurism. It was passed on 22 December 2008 which any debate in Lok Sabha. The next day it was passed by the Rajya Sabha. It was signed by the President of 5 February 2009.
The Information Technology Act, 2000 also aims to provide for the legal framework so that legal sanctity is accorded to all electronic records and other activities carried out by electronic means. The Act states that unless otherwise agreed, an acceptance of contract may be expressed by electronic means of communication and the same shall have legal validity and enforceability. Some highlights of the Act are listed below:
Chapter-II of the Act specifically stipulates that any subscriber may authenticate an electronic record by affixing his digital signature. It further states that any person can verify an electronic record by use of a public key of the subscriber.
Chapter-III of the Act details about Electronic Governance and provides inter alia amongst others that where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is rendered or made available in an electronic form; and accessible so as to be usable for a subsequent reference.
Chapter-IV of the said Act gives a scheme for Regulation of Certifying Authorities. The Act envisages a Controller of Certifying Authorities who shall perform the function of exercising supervision over the activities of the Certifying Authorities as also laying down standards and conditions governing the Certifying Authorities as also specifying the various forms and content of Digital Signature Certificates. The Act recognizes the need for recognizing foreign Certifying Authorities and it further details the various provisions for the issue of license to issue Digital Signature Certificates.
Chapter-V of the Act details about the scheme of things relating to Digital Signature Certificates. The duties of subscribers are also enshrined in the said Act.
Chapter-VI of the said Act talks about penalties and adjudication for various offence. The penalties for damage to computer, computer systems etc. has been fixed as damages by way of compensation not exceeding Rs. 1,00,00,000 to affected persons. The Act talks of appointment of any officers not below the rank of a Director to the Government of India or an equivalent officer of state government as an Adjudicating Officer who shall adjudicate whether any person has made a contravention of any of the provisions of the said Act or rules framed there under. The said Adjudicating Officer has been given the powers of a Civil Court.
Chapter-VII of the Act talks of the establishment of the Cyber Regulations Appellate Tribunal, which shall be an appellate body where appeals against the orders passed by the Adjudicating Officers, shall be preferred.
Chapter-VIII of the Act talks about various offence and the said offence shall be investigated only by a Police Officer not below the rank of the Deputy Superintendent of Police. These offence include tampering with computer source documents, publishing of information, which is obscene in electronic form, and hacking.
List of "Section" "Offence" and "Penalties":
|65||Tampering with computer source documents||Imprisonment up to three years, or/and with fine up to 200,000|
|66||Hacking with computer system||Imprisonment up to three years, or/and with fine up to 500,000|
|66B||Receiving stolen computer or communication device||Imprisonment up to three years, or/and with fine up to 100,000|
|66C||Using password of another person||Imprisonment up to three years, or/and with fine up to 100,000|
|66D||Cheating using computer resource||Imprisonment up to three years, or/and with fine up to 100,000|
|66E||Publishing private images of others||Imprisonment up to three years, or/and with fine up to 200,000|
|66F||Acts of cyber terrorism||Imprisonment up to life.|
|67||Publishing information which is obscene in electronic form.||Imprisonment up to five years, or/and with fine up to 1,000,000|
|67A||Publishing images containing sexual acts||Imprisonment up to seven years, or/and with fine up to 1,000,000|
|67B||Publishing child porn or predating children online||Imprisonment up to five years, or/and with fine up to 1,000,000 on first conviction. Imprisonment up to seven years, or/and with fine up to 1,000,000 on second conviction.|
|67C||Failure to maintain records||Imprisonment up to three years, or/and with fine.|
|68||Failure/refusal to comply with orders||Imprisonment up to three years, or/and with fine up to 200,000|
|69||Failure/refusal to decrypt data||Imprisonment up to seven years and possible fine.|
|70||Securing access or attempting to secure access to a protected system||Imprisonment up to ten years, or/and with fine.|
|71||Misrepresentation||Imprisonment up to three years, or/and with fine up to 100,000|