ICT MODULE 1_B.pptx

8/10/2019 ICT MODULE 1_B.pptx

1/33

GALGOTIAS UNIVERSITY UTTER PRADESH, YAMUNA EXPRESSWAY, GAUTAM BUDH NAGAR, UP, INDIA

And

INSTITUTE OF ACCOUNTANCY ARUSHA, ARUSHA, TANZANIA

ITM-09331(Cyber Crimes and Computer Laws )

Mr. Khushal Singh

(Assistant Professor , School of Computing Science & Engineering)


2/33

2

Information Warfare

Any attempt to manipulate information in

pursuit of a military or political goal:

Use computers to gather information.

Use computers to disseminate propaganda.


3/33

3

Information Warfare (cont.)

Propaganda:

Any group could use what appears to be an

Internet news Web site.

Many people believe and repeat what they see on

the Internet.


4/33

4

Information Warfare (cont.)

Disinformation

Locate false information behind relatively secure

systems, but not secure enough to keep out

enemy.

The work the enemy has to do to acquire the

disinformation will convince them of its value.


5/33

5

Actual Cases

Many influential people do not believe in

cyber warfare.

These events appear to contradict them:

The Peoples Liberation Army [China] has

formulated an official cyber warfare doctrine.


6/33

6

Actual Cases (cont.)

In Tehran [Iran], the armed forces and

technical universities joined to create

independent cyber R & D centers and train

personnel in IT skills.

Tehran seeks to buy IT technical assistance

and training from Russia and India.


7/33

7

Future Trends

Positive Trends

Cyberterrorism Preparedness Act of 2002

$350,000,000 over 5 years for improving network

security

Cybersecurity Research and Education Act of 2002

$50,000,000 over 4years for training IT specialists

in IT security


8/33

INTERNATIONAL INITIATIVES To

Combat High-tech Crime

To meet the challenge posed by new kinds ofcrime made possible by computer technologyincluding telecommunication, many countrieshave also reviewed their respective domestic

criminal laws so as to prevent computer relatedcrimes.

Some of these countries are USA,Denmark,France Germany, Greece, Finland, Italy, Turkey,

Sweden, Switzerland, Australia, Canada, India,Japan, Spain, Portugal, UK, Malaysia andSingapore.


9/33


10/33

Principles to Combat High-Tech Crime

1. There must be no safe havens for those who abuseinformation technologies.

2. Investigation and prosecution of international high-tech crimes must be coordinated among all concernedStates, regardless of where harm has occurred.

3. Law enforcement personnel must be trained andequipped to address high-tech crimes.

4. Legal systems must protect the confidentiality,integrity, and availability of data and systems fromunauthorized impairment and ensure that seriousabuse is penalized.


11/33

Principles to Combat High-Tech

Crime(Contd.)5. Legal systems should permit the preservation of and quick

access to electronic data, which are often critical to thesuccessful investigation of crime.

6. Mutual assistance regimes must ensure the timelygathering and exchange of evidence in cases involvinginternational high-tech crime.

7. Trans-border electronic access by law enforcement topublicly available (open source) information does notrequire authorization from the State where the dataresides.

8. Forensic standards for retrieving and authenticatingelectronic data for use in criminal investigations andprosecutions must be developed and employed.


12/33

Principles to Combat High-Tech

Crime(Contd.)

9. To the extent practicable, information andtelecommunications systems should be

designed to help prevent and detect networkabuse, and should also facilitate the tracing ofcriminals and the collection of evidence.

10. Work in this area should be coordinated withthe work of other relevant international forato ensure against duplication of efforts.


13/33

Action Plan to Combat High-Tech

Crime

In support of the PRINCIPLES, we are directing ourofficials to:

1. Use our established network of knowledgeablepersonnel to ensure a timely, effective response totransnational high-tech cases and designate a point-of-contact who is available on a twenty-four hour basis.

2. Take appropriate steps to ensure that a sufficientnumber of trained and equipped law enforcement

personnel are allocated to the task of combating high-tech crime and assisting law enforcement agencies ofother States.


14/33


15/33


Crime(Contd.)

5. Continue to examine and develop workablesolutions regarding: the preservation of evidenceprior to the execution of a request for mutual

assistance; computer searches of data where thelocation of that data is unknown.

6. Develop expedited procedures for obtainingtraffic data from all communications carriers in

the chain of a communication and to study waysto expedite the passing of this datainternationally.


16/33


Crime(Contd.)

7. Work jointly with industry to ensure that newtechnologies facilitate our effort to combat high-tech crime by preserving and collecting critical

evidence.8. Ensure that we can, in urgent and appropriatecases, accept and respond to mutual assistancerequests relating to high-tech crime by expedited

but reliable means of communications, includingvoice, fax, or e-mail, with written confirmation tofollow where required.


17/33


18/33

Attacks

Non-Technical attacks

Example Social engineering

Pretexting

Phishing

Cause

Low user awareness or missing policies/routines

Technical attacks

Example See following slides

Cause Transitive trust

Bugs and configuration errors in apps and OS

Vulnerabilities in protocols and Network Infrastructure18


19/33


20/33

A Quote from Kevin Mitnick

You could spend a fortune purchasing

technology and services from every exhibitor,

speaker and sponsor at the RSA Conference,

and your network infrastructure could stillremain vulnerable to old-fashioned

manipulation.


21/33


22/33

Social engineering Attack

Social engineering can be broken down into foursub-groups:

Intimidation The "angry supervisor"

technique , the hacker convinces the personwho answers the phone that their job is indanger unless they help them. At this point,many people accept that the hacker is asupervisor and give them the information theyseek.


23/33

Social engineering(Contd.)

Helpfulness: The opposite of intimidation,helpfulness exploits many people's naturalinstinct to help others solve problems. Rather

than acting angry, the hacker acts distressedand concerned. The help desk is the mostvulnerable to this type of social engineering,as (a.) its general purpose is to help people;

and (b.) it usually has the authority to changeor reset passwords, which is exactly what thehacker wants.


24/33


Name-dropping: The hacker uses names of

authorized users to convince the person who

answers the phone that the hacker is a

legitimate user him or herself. Some of thesenames, such as those of webpage owners or

company officers, can easily be obtained

online. Hackers have also been known toobtain names by examining discarded

documents (so-called "dumpster diving").


25/33


Technical: Using technology is also a way to

get information. A hacker can send a fax or

email to a legitimate user, seeking a response

that contains vital information. The hackermay claim that he or she is involved in law

enforcement and needs certain data for an

investigation, or for record-keeping purposes.


26/33


So we can divided the Social Engineering Attack

into two type:

(1)Human Based

Impersonation

Important User

ThirdParty Authorization Tech-Support


27/33


(1)Human Based(Contd.)

In Person

Dumpster-diving Shoulder-Surfing

(2) Computer Based

Popup Window

Mail Attachments


28/33


29/33


30/33

Attack Model


31/33


32/33

Other Thoughts

What damage has been done? What damage

can still be done?

Has a crime actually taken place?


33/33

ICT MODULE 1_B.pptx

Documents

Transcript of ICT MODULE 1_B.pptx