Tuesday, August 15, 2017
Friday, August 4, 2017
A man from Odisha gets six years of Jail in cyber pornography Section 67A: A Revenge Porn Case
A Judicial Magistrate in Puri today sentenced a man to six years of imprisonment in a cyber pornography (A revenge Porn) case, stated to be the first such case.
Puri Sub-Divisional Judicial Magistrate Shibasis Giri also slapped a Rs-9,000 fine on the convict, Jayanta Kumar Das an alleged RTI activist, A fake profile was created by the accused in the name of the victim woman from Puri Township in a pornographic site, who then had uploaded the woman’s name, address, photo and phone number on a pornographic website in 2012 to take revenge against her husband.After her personal info was posed on the site, the victim started receiving calls from numerous persons enquiring about her interest in paid sex and wife swapping.
The crime branch had arrested Das on September 18, 2012, following a complaint filed by the victim in July.He was booked under several sections of the Indian Penal Code and Information Technology Act, 2000. Sections 292, 465, 469, 500 of the Indian Penal Code and 66(C) and 67A of the Information Technology Act,2000(cyber law of India) were applied
The conviction was procured on evidence, including crucial witness statements of scientists from the Central Forensic Science Laboratory, Kolkata.
My Views:
I highly appreciate the conviction upheld as India is short of convictions for cyber crimes committed. This remains first of a kind of conviction in odisha state and could be a first serious conviction of a revenge porn in India. Maligning and destroying a girls life by defaming her online often kills a ladies zeal to live.
I feel if the convict moves for appeal, his punishment under sections of IPC would be set aside by the High Court in the light of decision made under Sharat Babu Digumarti Vs State Govt of NCT of Delhi but punishment under Sections 66(c) & 67A could be confirmed on merits of the case.
Thursday, July 27, 2017
What do we mean by a “right of privacy” in India?
What do we mean by a “right of privacy” in India?Justice Cooley in 1888 defined it simply as a right to be left alone. Alternatively, it may be defined as a right to be anonymous. The two definitions are quite different but both are important, and the right to be anonymous is a form of privacy that has particularly significant implications in cyberspace. In legal terms, our right of privacy amounts to a right to be free from government intrusion into certain areas of our lives and a right to be free from intrusion by other individuals into our “private” lives. The former is protected largely through Constitutional interpretation and a number of statutes; the latter is protected largely through the common law under tort principles.
Before 1890 no English or American court had ever granted relief based on such a claim as “invasion of privacy.”
However, in 1890 a Harvard Law Review article by Samuel Warren and Louis Brandeis examined a number of cases ostensibly decided on other grounds, and concluded that these decisions were actually based on a broader principle, a right of privacy. Warren and Brandeis claimed such a principle was in fact necessary to deal with what was seen as the growing problem of excesses of the press. New York was the first state to confront this issue head on in the wake of the article. Several lower courts had held the existence of a right of privacy.
The New York State Court of Appeals (which is, oddly, the State’s highest court – the “Supreme Court” is the State’s entry level court) got to review the matter in the case of Roberson v. Rochester Folding Box Company in 1902. In this case, the defendant had used a picture of an attractive young woman to advertise its flour without her consent. In a 4–3 decision, the Court of Appeals held that there was no legal precedent for such “right of privacy.” Furthermore, the Court felt that recognizing a right of privacy was a poor idea because, first, the alleged harm was of a purely mental character and would thus be difficult to prove or disprove; second, recognizing a right of privacy would lead to a flood of litigation; third, there would be difficulty in distinguishing between “public” and “private” figures, whose protections under a right of privacy would differ; and finally because it might lead to undue restrictions on the freedom of the press.
A public outcry followed the decision and, in its next session, the New York State Legislature passed a law banning the use of a person’s name or picture “for advertising purposes or for the purposes of trade” without the person’s written consent. By the 1930s “virtually” all jurisdictions had recognized the Right of Privacy, either by statute or through the common law.
Man’s house is his castle.a well-known proverb is also getting legal recognition as Right to Privacy. Human beings have a natural need to autonomy or control over confidential part of their. This need is inherent in human behaviour and now this has been recognized as fundamental right to privacy. It is not a right against physical restrains but it is a right against psychological restrain or encroachment of right . USA, UK, India, and at International level UDHR, ECHR, ICCPR has recognized this right as fundamental right.
Position in India
Right to Privacy is not explicit in the Constitution of India, so it is a subject of judicial interpretation. The judicial interpretations of fundamental right bring it within the purview of fundamental right. The journey of this project would start from the search of answer of issue that whether the right to privacy is a fundamental right, through analysis of cases and some pioneering work of scholars.
In India, after the case of R. Rajagopal alias R. R. Gopal v State of Tamil Nadu and People s Union for Civil Liberties (PUCL) v Union of India , the right to privacy is well recognized as Right to Life. In the case of People s Union for Civil Liberties (PUCL) v Union of India (Telephone Taping Case) Supreme of India also observed Article 17 of ICCPR and Article 12 of UDHN.
The apex court is hearing the Aadhaar card privacy issue.The Government is of a view and has argued before Supreme Court that “there is a fundamental right to privacy, but it is a wholly qualified right”. The constitution bench of Supreme Court in the same case have said "Can this court define privacy? You can't make a catalogue of what constitutes privacy. Privacy is so amorphous and includes everything... if we make any attempt to catalogue privacy it will have disastrous consequences,"
What now evolves remains to be seen, but i agree that Privacy cannot be an absolute right. I also agree that Data Privacy is bigger than Right to Privacy in this cyber age. India definitely needs Data Privacy or Data Protection Act.
Sunday, July 23, 2017
Why does India need Data Privacy or Protection Law ?
Why does India need a Data Protection Law?
Apart from appeasing European Union for sharing data with Indian companies, One of the reason is
presently all Data of ours -Search, Emails, Chats of Google, FB, Hotmail, Whatsapp are stored in Californian Servers, USA Jurisdiction.
US Foriegn Intelligence Survivelenace Court (FISA) with a single penstroke court gag order can take all Indian MPs, PMO, Home Minister,MEA's etc Email data and Analyse them for leverage in Intl' Affairs, Thats a severe Threat, #privacy intrusion.
Not to mention even the Locations of each Citizen,Official in India can be monitored by US NSA analysts as of now with #Whatsapp, Android Phones relaying data back to USA servers.
Hence a Data Protection Law in India is a need of the Hour.
"How to turn Android Phone or Tablet into a Server"
.You can check it out here - https://joyofandroid.com/use-old-android-phone-as-server/
Monday, July 3, 2017
Prashant Mali Interview in Business Standard Newpaper
Ransom-payers are also the cause of ransomware proliferation: Prashant Mali
The ransom to retrieve files was reportedly $300, to be paid in virtual currency bitcoins
Operations at a terminal of the country’s largest container port, Jawaharlal Nehru Port Trust in Mumbai, came to a standstill earlier this week. The process of loading and unloading containers was halted as the port’s computers shut down after a major cyber attack that swept across the globe. The aggressiveness of the malware showed that such attacks were capable of bringing both corporate and government networks to a sudden halt. The ransom to retrieve files was reportedly $300, to be paid in virtual currency bitcoins. Cyber law expert Prashant Mali, also an advocate at the Bombay High Court, tells Nikita Puri how to prevent mass-scale civil disruptions that future cyber attacks can result in. Edited excerpts:
First we had individual companies and high-networth individuals who were targets of ransomware, then WannaCry hit servers across the globe. Now another malware, which some are identifying as Petya, has sent corporations into a tizzy. Do you foresee more such threats?
First we had individual companies and high-networth individuals who were targets of ransomware, then WannaCry hit servers across the globe. Now another malware, which some are identifying as Petya, has sent corporations into a tizzy. Do you foresee more such threats?
To date, financial cyber crime has only grown and it is yet to peak, so I would say it’s written on the wall that many more such attacks are expected in the near future. Such threats loom large as the ransom is paid in bitcoins, so the criminals aren’t caught. One thing the police and the government can do is to ensure that citizens make compulsory declarations of purchase of bitcoins and other cryptocurrencies (like ethereum) when they file their income tax returns. This can help the government see who pays and how much because, I feel, ransom-payers are also the cause of ransomware proliferation.
Security experts confirm that the malware isn't really a ransomware, but a wiper designed to destroy data. Reportedly, because of “ its aggressive features,” the malware makes it impossible to retrieve certain files leading many to believe that this attack may not have been for money. Can this be seen as an attempt to test how far companies will go to protect data?
Even if cyber attacks don’t cause financial damage, they definitely throw open defences. Identifying fortresses that have holes in their system can be of interest to the state and non-state actors. This data of the number of loopholes is in demand and is sold at a premium price. There are different types of people involved in the dark world: many a time those who look for such holes, those who attack, and those who intend to get ransoms are all different.
Companies are often wary of making such attacks public. Security firm Symantec has said that India is the worst hit in Asia, but we have confirmation only from Mumbai’sJawaharlal Nehru Port Trust. Do you think information sharing could actually help build a better defence against such attacks?
By not reporting such attacks, companies are depriving the nation of a knowledge database that can help other companies develop better defences. Symantec and other (security) vendors also cannot be fully relied upon because fear is what they harp on. The more fear they put in Indians, the more they sell security products. The Insurance Regulatory and Development Authority of India and insurance companies should make it compulsory for clients to file a First Information Report (FIR) before claiming cyber insurance. Once reporting to some government agency becomes mandatory to claim insurance, companies would be motivated.
What are the security measures that one must take to avoid such attacks?
No one can be immune in cyber space and that's the reality. Only cyber awareness in organisations can bring in cyber resilience. I would advise organisations to have multi-prong policies to establish a cyber security culture. I feel the highest level of cyber safety can be achieved by establishing a cyber security culture in the company, and a country can be cyber resilient by cultivating a culture of cyber security in society. Government should quadruple its budget for digital literacy programmes. For the government to be ahead of hackers, we need cyber spies: our law and enforcement agencies should implant cyber spies among cyber criminals. The chatter within their group helps the state to be ready for what is coming: we need cyber intelligence.
Do you think companies should have ethical hackers on their pay rolls?
I have an issue with the term “ethical hackers” because legally this isn’t right: those are two contradictory terms put together. People who use these terms are either doing it for branding purpose or are students. Companies should opt for services by cyber security researchers.
Are India’s cyber laws equipped to handle such large-scale attacks?
No. Laws can be invoked when prima facie evidence is found against criminals and investigation can be completed if attribution to a criminal is possible. The legal framework to help enforcement agencies in India has serious flaws. Large-scale cyber attacks need multiple law and enforcement agencies to work together along with CERT-In (Indian Computer Emergency Response Team), but the protocol for this is yet to be developed.
In the future, cyber attacks are going to affect government facilities meant for citizens: like centres for health, water etcetera. Even municipalities should coordinate with the aforementioned agencies to avoid mass scale civil disruption from cyber attacks.
Tuesday, June 27, 2017
Petya Ransomeware Attack : What to Do immediately
Petya/Petwrap ransomware
What is Petya Ransomeware do?
Ans:
Ransomware, Petya does not encrypt files on a targeted system one by one.
Instead, Petya reboots victims computers and encrypts the hard drive's master file table (MFT) and rendering the master boot record (MBR) inoperable, restricting access to the full system by seizing information about file names, sizes, and location on the physical disk.
Petya replaces the computer's MBR with its own malicious code that displays the ransom note and leaves computers unable to boot.
Why it spreads fast?
Ans : Petya ransomware successful in spreading because it combines both a client-side attack (CVE-2017-0199) and a network based threat (MS17-010)
So patch both first!
Affected countries: UK, Ukraine, India, the Netherlands, Spain, Denmark, and others
Behavior:
Encrypts MFT (Master File Tree) tables for NTFS partitions and overwrites the MBR (Master Boot Record) with a custom bootloader that shows a ransom note and prevents victims from booting their computer.
Actions to be taken:
1. Block source E-mail address
wowsmith123456@posteo.net
2. Block domains:
http://mischapuk6hyrn72.onion/
http://petya3jxfp2f7g3i.onion/
http://petya3sen7dyko2n.onion/
http://mischa5xyix2mrhd.onion/MZ2MMJ
http://mischapuk6hyrn72.onion/MZ2MMJ
http://petya3jxfp2f7g3i.onion/MZ2MMJ
http://petya3sen7dyko2n.onion/MZ2MMJ
3. Block IPs:
95.141.115.108
185.165.29.78
84.200.16.242
111.90.139.247
4. Apply patches:
Refer(in Russian): https://habrahabr.ru/post/331762/
5. Disable SMBv1
6. Update Anti-Virus hashes
a809a63bc5e31670ff117d838522dec433f74bee
bec678164cedea578a7aff4589018fa41551c27f
d5bf3f100e7dbcc434d7c58ebf64052329a60fc2
aba7aa41057c8a6b184ba5776c20f7e8fc97c657
0ff07caedad54c9b65e5873ac2d81b3126754aac
51eafbb626103765d3aedfd098b94d0e77de1196
078de2dc59ce59f503c63bd61f1ef8353dc7cf5f
7ca37b86f4acc702f108449c391dd2485b5ca18c
2bc182f04b935c7e358ed9c9e6df09ae6af47168
1b83c00143a1bb2bf16b46c01f36d53fb66f82b5
82920a2ad0138a2a8efc744ae5849c6dde6b435d
myguy.xls EE29B9C01318A1E23836B949942DB14D4811246FDAE2F41DF9F0DCD922C63BC6
BCA9D6.exe 17DACEDB6F0379A65160D73C0AE3AA1F03465AE75CB6AE754C7DCB3017AF1FBD
As of a Kill-switch can be used for #Petya Ransomware.
i.e. Just create a file "C:\Windows\perfc"
Does this affect you?*
Though this attack is largely targeting companies, it's important you stay vigilant and take following precautionary measures.
- Always make sure your anti-virus is up-to-date to maximize the protection available to you.
- Don't click too quickly. This attack may be spreading through phishing or spam emails, so make sure you check an email's content for legitimacy. Hover over a link and see if it's going to a reliable URL. Or, if you're unsure about an email's content or the source it came from, do a quick search and look for other instances of this campaign, and what those instances could tell you about the email's legitimacy.
- Do a complete back up. Back up all your PCs immediately. If your machine becomes infected with Petya ransomware, your data could become completely inaccessible. Make sure you cover all your bases and have your data stored on an external hard drive or elsewhere.
- Apply system and application updates.Making sure your operating system is up to date will help contain the spread of this malware.
Monday, June 19, 2017
Electronic Evidence where to find in Files
Electronic Evidence where to find in files
Windows Searches — For years, one challenge in digital investigative analysis has been proving a
user not only had something significant to an investigation on their computer, but that he knew it was on
there. Two of the easiest ways help prove knowledge of a file is to prove the user was searching for it or
accessed it. In order for Microsoft to enhance the user experience, Windows tracks the names of files you
access and search for in multiple locations. As previously discussed, the Windows registry is essentially
several databases called registry hives. Each user has his own primary registry hive called the
NTUSER.DAT. This registry hive tracks information specific to each user’s activity and preferences.
Starting in Windows 7, when a user conducts a search on his computer using the Windows search
function or the “Charm Bar” in Windows 8-10 (the magnifying glass that appears when you move your
mouse to the right edge of the screen), Windows records each search in temporal order in the “NTUSER.DAT\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\WordWheelQuery” registry
key. Because the searches are recorded in temporal order, an analyst can frequently see indications of the
user’s thought process as he searched for particular files.
File Access —– Windows also records in numerous artifacts when a user opens or attempts to
open non-executable files. Four of the most useful digital artifacts to identify files opened or attempted to
be opened are “LNK” files (pronounced as “link” files), Jump Lists, and several “most recently used”
registry keys.
LNK files — A LNK File is an artifact that has existed since Windows XP. LNK files are also
known as a “Windows Shortcut” files and are created anytime a user opens or attempts to open a nonexecutable
file. A LNK file is created even if the file opened is on a network or external drive. When an
opened file is later deleted, its LNK file does not get deleted with it. Windows creates and stores
approximately 149 LNK files in the user’s home directory under the “AppData\Roaming\Microsoft\
Windows\Recent” directory. LNK files contain a wealth of information including the modified, accessed,
and created dates and times of the file opened; the full directory path, volume name, and volume serial
number from which the file was last opened; and the file size.
Starting in Windows 10, Microsoft added rules to when LNK files would be created in addition to
when files are opened. On earlier versions of Windows 10, a LNK file was created for the directory to
which any file was copied. The creation of a LNK file for the directory a file was copied to was stopped
on later versions of Windows 10. However, on versions as early as version 1607, Microsoft created a
LNK file for the directory a file is opened from. Additionally, when a directory is created, Windows
creates a LNK file for the directory created and for the created directories “parent” and “grandparent”
directory. In addition to all the information LNK files record, LNK files also record the last time a file
was opened.
Jump Lists — One of the newest artifacts to identify files opened by a user are “Jump Lists.”
Starting in Windows 7, Microsoft introduced two types of jump lists: “AutomaticDestinations” and
“CustomDestinations.” Automatic and Custom jump lists are created and stored in their respective
directory in each user’s home directory under the “AppData\ Roaming\ Microsoft\ Windows\Recent”
directory. Each application can incorporate its own jump lists as a “mini-start” menu.
Automatic Destinations allow a user to quickly “jump” to or access files they recently or frequently used,
usually by right-clicking the application in the Windows taskbar. CustomDestinations allow a user to pin
recent tasks, such as opening a new browser window or create a new spreadsheet to the jump list.
Jump lists are essentially mega LNK files. Each jump list can record upwards of the last 1,000
files opened by each application. As jump lists are essentially compound LNK files, they contain all the
same information as LNK files, such as when each file was opened, modified, accessed, and created;
dates and times that the file was opened; the full directory path, volume name, and volume serial number
from where the file was last opened; and the file size.
Most Recently Used (MRU) Registry Keys – As previously mentioned, the Windows Registry is a
series of massive databases that track system configuration and user activity. There are several registry
keys that track most recently used items. An analysis of these registry keys can help an analyst quickly
identify files accessed. Every application developer has the option of creating registry keys specific to his application configuration and user activity. Three of the most useful registry keys that track files accessed
are “RecentDocs,” “Microsoft Office FileMRU,” and “OpenSavePIDMRU.”
RecentDocs — The “RecentDocs” registry key tracks the name and order of the last 10 files
opened for every file extension (e.g. .doc, .docx, .jpg, etc.). The registry organizes each of the last 10 files
opened in sub keys named by the file extension. A sub key named “folder” is also created when the first
folder is opened using the Windows Explorer. This sub key tracks the name of the last 30 folders opened.
Each user has his own RecentDocs registry key located in his NTUSER.DAT registry hive under the
“\Software\ Microsoft\ Windows\ Currentversion\ Explorer” registry key. The master RecentDocs key
maintains a master list, organized in temporal order of the last 150 files or folders opened. By analyzing
the order that particular files were opened, analysts have often been able to refute claims that a single type
of file was opened by mistake. In one trade secret case, it was helpful for the analyst to show the pattern
of files opened that all related to the same subject matter.
Applications Specific Most Recently Used (MRU) — With every Windows application,
developers have the ability to create their own set of registry keys to track specific configuration and user
activity for their application. If a specific application is used to commit or facilitate a crime or is
otherwise significant to an investigation, it is often advantageous for the analyst to determine both if the
application has its own set of registry keys and what actions those keys record. Two excellent examples
are “Winzip,” which records the name of the last several zip files created using the Microsoft Office suite
of applications. Each application in the Office suite has its own set of “FileMRU” (most recently used
files) that tracks most recent files used and when they were opened. Additionally, starting with Office
version 365 and 2016, Microsoft Office tracks the “reading location” for each Word, PowerPoint, and
Excel document opened and when each file was closed. Using this information, an analyst can determine
not only what document was last opened and when it was closed, but also that the user had scrolled to and
was on page 32 of the document when it was closed.
OpenSavePIDMRU — Windows has some basic dialog boxes that all programs can use when a
user opens or saves a file. Some may have noticed that when saving files, a dropdown arrow in the file
name dialog entry location appears. By clicking on the arrow, you will see several of the most recent file
names you have saved for that application. These file names are saved as a part of the
“OpenSavePIDMRU” registry key which is located under the “NTUSER.DAT \ Software\ Microsoft\
Windows\ CurrentVersion\ Explorer\ ComDlg32\ OpenSaveMRU” registry key. A record of the last 10 to
25 names of the last files opened or saved using the Windows Common Dialog Box are stored under sub
keys based on file extension.
Subscribe to:
Posts (Atom)
FIR : All you want to know about in a criminal case
FIR - What is? The first information report is a report giving information of the commission of a cognizable crime, which may be made by t...
-
The Telecommunications Act of 2023 has strengthened the dispute resolution framework by introducing an online grievance redressal system. T...
-
Types of Cyber Attacks There are several effective methods for disrupting computer systems. We are talking of a method known as cyber ... -
Police Closure Reports after investigation in cyber crime cases : 1. Art 21 of the Constitution guarantees fundamental right to life and per...