Sri Lankan Perspective in Meeting the Cyber Crime Challenge
-
Upload
rahuldadhich87 -
Category
Documents
-
view
219 -
download
0
Transcript of Sri Lankan Perspective in Meeting the Cyber Crime Challenge
-
8/2/2019 Sri Lankan Perspective in Meeting the Cyber Crime Challenge
1/24
Sri Lankan perspectivein meeting the
Cyber crime challengeby
Lal DiasChief Operating Officer,
Sri Lanka CERT
-
8/2/2019 Sri Lankan Perspective in Meeting the Cyber Crime Challenge
2/24
Role of Cyber systems in Sri Lanka
e-Sri Lanka Development Initiative
Multi-faceted program
Objectives Bridge digital divide
Improve delivery of public services Increase competitiveness of private sector
Accelerate social development
Poverty reduction
-
8/2/2019 Sri Lankan Perspective in Meeting the Cyber Crime Challenge
3/24
e-Sri Lanka Development Initiative
Major Programs of e-Sri Lanka ICT Policy, Leadership & Institutional Development
Information Infrastructure
Re-engineering government ICT Human Resources Capacity Building
ICT Investment & Private sector Development
E-Society
ICT Agency of Sri Lanka established tospearhead the e-Sri Lanka DevelopmentInitiative
-
8/2/2019 Sri Lankan Perspective in Meeting the Cyber Crime Challenge
4/24
e-Sri Lanka Development Initiative
ICT Policy, Leadership & Institutional Development Program
Information Infrastructure
e-Laws Project
Electronic Transactions Act No. 19
Sri Lanka Computer Crimes Act No. 24
e-Leadership Development Project
Sri Lanka CERT Project
-
8/2/2019 Sri Lankan Perspective in Meeting the Cyber Crime Challenge
5/24
e-Sri Lanka Projects
e-Laws Project
Electronic Transactions Act No. 19
Law to enable validation of e-Commerce, e-Signature and e-Contracting
Sri Lanka Computer Crimes Act No. 24 Identification, Investigation and Enforcement of
computer crimes
-
8/2/2019 Sri Lankan Perspective in Meeting the Cyber Crime Challenge
6/24
e-Sri Lanka Projects
e-Leadership Development Project Develop a pool of champions to enforce security
policies, monitor fraudulent activities and promote
best practices
Sri Lanka CERT Project National CERT mandated to protect Sri Lankas ICT
infrastructure from attacks, be the single, trustedsource for information on cyber crime techniquesand coordinate efforts to handle Cyber crimeincidents
-
8/2/2019 Sri Lankan Perspective in Meeting the Cyber Crime Challenge
7/24
Conflict of Systems
e-Sri Lanka introduces new challenges infighting cyber crime:
TraditionalNew (due to e-Sri Lanka)
Police Investigation Team-CID-NIB
Existing Penal Code
Traditional Reportingmechanisms
SLCERT Forensics Team SLCERT Incident Handling
Computer Crimes Act E-Transactions Act
New reporting mechanisms
-
8/2/2019 Sri Lankan Perspective in Meeting the Cyber Crime Challenge
8/24
12%
41%
23%
12%
0%0%
12%
Hacking
Publishing Information without consent (Sexual Harrassment)
Impersonation
Hacking Addresses & Attempted cheats
Pornography
Violation of Intellectual Property ActCheating
Cyber crime in Sri Lanka: 2007
-
8/2/2019 Sri Lankan Perspective in Meeting the Cyber Crime Challenge
9/24
Cyber crime in Sri Lanka
Prosecution of Cyber crime cases
25
22
0
75
78
0
0
0
24
0
0
76
0 20 40 60 80 100 120
2005
2006
2007
Successful Dismissed Pending Uninves tigated
Total Cases: 9
Total Cases: 4
Total Cases: 17
-
8/2/2019 Sri Lankan Perspective in Meeting the Cyber Crime Challenge
10/24
Computer Crimes Act
Timeline
1995: Work started by CINTEC Law Committee
1997: Working paper on Computer crime Act submitted Decision to be made: Develop provisions for prosecution
of cyber crimes under existing penal code OR develop aSubject specific law?
2000: decision to develop Subject specific legislation
2005: Bill finalized and presented in Parliament
2006: Further review by Parliamentary committee
2007: Passing of bill in parliament
Computer Crime Act currently not enforced fully
-
8/2/2019 Sri Lankan Perspective in Meeting the Cyber Crime Challenge
11/24
Computer Crimes Act
Features
Provides clear structure for conducting of investigations andjurisdictions
Provides distinct cyber crime categories and the correspondingparameters under which a case may be prosecuted, includingmaximum or minimum applicable penalties
Use of Generic terms, so that even if technology changes, thenature of the crime will remain the same (example: phishing,vishing & phaxing)
Provision of Cross Extradition arrangement with Council ofEurope signatories. Increased ability to prosecute cases beyondSri Lankas borders
Clear statement of Resources that would be brought to bear onthe case, including, among others, experts.
-
8/2/2019 Sri Lankan Perspective in Meeting the Cyber Crime Challenge
12/24
Computer Crimes Act
Cyber crime Categories
Computer-related offenses
Computers used as tools for criminal activity
(Theft, fraud)
Hacking
Activities which affect CIA of computer system or network(includes viruses and other malware)
Content related offenses
Computers with Internet access used to distribute illegal data
(copyright infringement, pornography)
-
8/2/2019 Sri Lankan Perspective in Meeting the Cyber Crime Challenge
13/24
Computer Crimes Act
Parameters
Unauthorized Access
Unauthorized Access in order to commit an offence Causing a computer to perform functions without
lawful authority
Offenses committed against national security
Dealing with unlawfully obtained data Illegal interception of data
Use of an illegal device
Unauthorized disclosure of information
-
8/2/2019 Sri Lankan Perspective in Meeting the Cyber Crime Challenge
14/24
Computer Crimes Act: Penalties
ParameterJail Term
(Years)
Fine
(Rupees)Or Both?
Unauthorized Access 5 100K Unauthorized Access tocommit offense
5 200K Function without Lawfulauthority
5 300K Offenses Against National
Security
5 -
Unlawfully obtained data 0.5 3 100K 300K Illegal interception 0.5 3 100K 300K Use of illegal devices 0.5 3 100K 300K Unauthorized disclosure 0.5 3 100K 300K
-
8/2/2019 Sri Lankan Perspective in Meeting the Cyber Crime Challenge
15/24
Identificationof Cyber Crimes
Limited reporting of crime Lack of trust in reporting methods
No guarantee of confidentiality
Verifying reports/Authenticity of Reports Genuine report or prank?
Due diligence Reporting of crimes found at workplace. Professional
obligation vs. Personal inconvenience
CHALLENGES
-
8/2/2019 Sri Lankan Perspective in Meeting the Cyber Crime Challenge
16/24
Investigation of Cyber Crimes
Gathering of evidence Maintaining admissibility of evidence
Lack of proper structure for cooperation betweeninvestigating organizations
Poor system for maintenance of chain of custody
Weight of Digital evidence in court Lack of understanding of importance of digital evidence
Lack of Legal professionals conversant with CCA
Jurisdiction NIB, CID, other organizations (SLCERT, TechCERT, etc)
CHALLENGES
-
8/2/2019 Sri Lankan Perspective in Meeting the Cyber Crime Challenge
17/24
-
8/2/2019 Sri Lankan Perspective in Meeting the Cyber Crime Challenge
18/24
Case study 1:
A Foreign National publishedfalse information regarding thesale of DVD players online
Online payments credited to Standard Chartered Bank
Account
Funds withdrawn by offender who left country
DVD Players not delivered
Suspect arrested upon return to Sri Lanka, fined anddeported
Problem:Waiting for suspect to return to Sri Lanka. Lack of
extradition arrangements.
-
8/2/2019 Sri Lankan Perspective in Meeting the Cyber Crime Challenge
19/24
Case study 2:
Superimposing nude images on a picture of a BuddhaStatue (causing offense)
Investigated by CID Cyber Crimes Unit
NGO employee arrested
Convicted and sentenced to 3 Years imprisonment,suspended for 3 years
Problem:Leniency in sentence and enforcement of sentence.Much stronger penalties allowed for under CCA
-
8/2/2019 Sri Lankan Perspective in Meeting the Cyber Crime Challenge
20/24
Future plans for cyber crime fighting
Build a defined structure and working relationshipbetween organizations concerned with cybercrime
AGs Department
Police Force
NIB
CID
Cyber crimeReporting Centres
Sri Lanka CERT International CERT Community
International Police Community
International Judicial CommunityInter-Governmental Relationships
-
8/2/2019 Sri Lankan Perspective in Meeting the Cyber Crime Challenge
21/24
Future Plans
Identification
Building and maintenance of Cyber Crime Reporting
Centres
Additional secured reporting channels (E-mail, Web)
Protection of Confidentiality through Information
Security Measures
Raises trust
Expected Outcome: Reporting of more cases
-
8/2/2019 Sri Lankan Perspective in Meeting the Cyber Crime Challenge
22/24
Future Plans
Investigation
Develop a Digital Forensics Lab, Larger Forensics team to
handle increase in cases
Develop clear Chain of Custody procedures
Build contacts with Foreign Police forces to increase skills
available in investigating complex, cross-border cases andforensics knowledge
Expected Outcome: Increased number of successfullyprosecuted cases
-
8/2/2019 Sri Lankan Perspective in Meeting the Cyber Crime Challenge
23/24
Future Plans
Prosecution
Run Awareness Programs for the local judiciary to raiseawareness of Computer crimes (attack techniques,
potential damage, etc) and the provisions of the ComputerCrimes Act (CCA)
Build a pool of IT Savvy Legal professionals able toprosecute cases under the CCA
Increase number of countries with which Sri Lanka hasExtradition Treaties through Government intervention
Expected Outcome: Increased number of successfully prosecuted
cases
-
8/2/2019 Sri Lankan Perspective in Meeting the Cyber Crime Challenge
24/24
THANK YOU