Monday, July 19, 2021

How to Pay Ransom During Ransomeware attack on your company ?

How to Pay Ransom during a Ransomeware cyber attack in India ?

The demand for ransom is illegal under the IPC, but not the payment. If business exigencies require, ransom may have to be paid under duress. even Section 37 of the income tax Act in India will not come in the way of the claim for deduction of ransom money. Commissioner of Income Tax Vs M/s Khemchand Motilal Jain (Madhya Pradesh High Court (2011))

There are also companies that swoop in at the last minute to handle the logistics. companies like CyberSecOp, DigitalMint, are a full-service, final-mile crypto broker.They are at the end of the process

They hired specialists, after the forensic consultants, the company, and stakeholders have all made the determination victims have exhausted all their options and that paying the ransom from an economics perspective is the best way to move forward. That’s when they come to companies like CyberSecOp, digitalmint in order to help them acquire crypto at any time of day or night,

In the space of 30 to 60 minutes from initial contact, these companies are able to make the ransom payment for the victim. This includes vetting the hacker to make sure they aren’t tied to a U.S.-sanctioned country and going on the open market, order books and exchanges to acquire the cryptocurrency needed to pay the ransom.

They say that 90% to 95% of ransoms are paid in bitcoin, but monero is an increasingly popular option. Monero is considered more of a privacy token and allows cybercriminals greater freedom from some of the tracking tools and mechanisms that the bitcoin blockchain brings.

Since January 2020, DigitalMint alone has facilitated more than $100 million in ransomware settlements with a median payment of $800,000.

Last year, crypto ransomware payments overall more than quadrupled from 2019 levels to $350 million, according to Chainalysis,  that figure is likely understated. But the true number may be closer to $1 billion.

In April, a task force including Amazon Web Services, Microsoft, the FBI and the Secret Service, among others, delivered recommendations to the White House on how to fight the ransomware threat. On the question of whether to ban payments to attackers, the group of more than 60 members was split.

Part of the problem is that the threat actors are getting greedy at pricing their ransom demands. 

If they ask for too much, forensics goes through their feasibility studies and says, ‘Well, that’s too much. Let’s just rebuild our systems, take a risk, and not pay for it,’ 

At a certain point, it is more economically viable to just pay the ransom rather than hemorrhaging cash due to paralyzed operations.

Bitcoin is the most popular currency demanded by ransomware attackers, but other cryptocurrencies they have dictated include Ethereum, Zcash, and Monero.

Other methods
The first step is to contact your organization's bank to determine if they transfer funds to a cryptocurrency exchange, and if there are any limits.
Then set up an account with a cryptocurrency exchange such as CoinDCX or WazirX,  or on coinbased which is FDIC-insured for up to $250,000 held in US currency in a custodial account. Once the US dollars are exchanged for digital currency, Coinbase insures the digital currency should its system be breached, but does not insure the breach of an individual account, according to its website.
Once you create a cryptocurrency exchange account, have your bank transfer/wire its government-issued currency into the wallet or custodial account. From there, you can purchase some cryptocurrency to hold in a digital wallet or custodial Coinbase account.
But you may want to think twice before buying and holding cryptocurrency in custodial accounts because the value of this currency can be highly volatile. 
To seed a cryptocurrency exchange account or Coinbase account in advance of any ransomware attack, you must open an account with one of the cryptocurrency companies such as Bitcoin, Zcash, Ethereum, or Monero.

For Small Ransom Payments, Go to a Bitcoin ATM
Using a Bitcoin ATM is faster than purchasing Bitcoins online, says Neal Conner, a customer service manager for Bitcoin ATM manufacturer Lamassu, which has 300 machines across the globe through independent operators.

These ATM machines are cash-based, no [credit or debit] cards or bank accounts are required. If you're buying online, they certainly are from the brokerage or exchange you are purchasing them from. With online methods of purchasing Bitcoins, most users have to go through registration, verification, and linking of credit cards or bank accounts, a cumbersome process, especially if you have cash and just want Bitcoin immediately.

First, download a Bitcoin mobile wallet app on the Bitcoin site for Android or iOS Phone.

The wallet allows you to access one of the growing network of Bitcoin ATM machines, such as Coinucopia. The Bitcoin wallet app for Android or Breadwallet for the iPhone, for example, work with this particular ATM, for example. Next, download an app for reading QR codes. The ATM reads the wallet information via its QR code displayed on the phone.

The Coinucopia ATM can accept a minimum of $5 to a maximum of $3,000 per transaction, which will then be converted into Bitcoin and loaded onto the phone's Bitcoin wallet. The maximum daily amount that can be purchased for a Bitcoin wallet account is $10,000.

Once the money is loaded onto the digital wallet, the ransomware address can be entered onto your smartphone and the payment sent.

Pay via an Online Cryptocurrency Account
If just a limited number of machines or devices are hit with ransomware, online payment may be a good option.

The decision to use an online cryptocurrency service verses a Bitcoin ATM machine largely depends on the comfort level of the person handling the transaction.
Depending on the cryptocurrency exchange service, a cap generally exists on the amount of Bitcoin, Monero, or other type of cryptocurrency that can be purchased per transaction.
For example, a cap of $5,000 per transaction to purchase Bitcoin or to convert Bitcoin to Monero would require you to execute the purchase process 14 times if you have 50 computers and devices infected with ransomware and a ransom demand of $1,400 per machine. That would total a $70,000 purchase in digital currency, and potentially exceed the daily allotment per account that is available.
Depending on the type of cryptocurrency the attacker demands - Bitcoin, Monero, Zcash, or Ethereum - the type of account you would need to get and number of services differs.
If a ransom demand is in Monero, for example, you need a Monero digital wallet. Additionally, you need to sign up for a digital currency converter service such as ShapeShift, because a number of cryptocurrency exchanges do not accept Monero directly, Spagni explains. You would also need to sign up for a cryptocurrency exchange to purchase the Bitcoin, which would then be converted to Monero using ShapeShift.
Signing up for a digital wallet, cryptocurrency exchange, and digital currency converter service, can take longer to execute a transaction than using a Bitcoin ATM.

Final Advice
Try to Convince decision makers Not to Pay the Ransom
Don't give up hope that your CEO or board of directors will have a change of heart and give up on paying ransom.
Tell them the main reason not to pay: it doesn't necessarily not guarantee access to the locked files, sometimes even cybercriminals don't know the decryption key coz ransomeware seller never sold the decryption key to the cyber criminal.
Sane advice: Don't pay the ransom. Once you do, they may keep coming back for more. That's like Kidnapping. The other thing is that if other cyber criminals in this space know you pay, then they, too, will hit you up next.






Wednesday, July 14, 2021

Legal status of cryptocurrency in India


What's the legal status of cryptocurrency or Digital currency in India?

As of July 2021, Cryptocurrencies are not illegal in India. So if you want to buy, let's say Bitcoins, you can do so and start trading in it. However, India does not have a regulatory framework to govern cryptocurrencies as of now. The government had constituted an Inter-Ministerial Committee (IMC) on November 2, 2017, to study virtual currencies. The Group's report, along with a Draft Bill, flagged the positive aspect of distributed-ledger technology and suggested various applications, especially in financial services, for its use in India, including banks and other financial firms. 

However, the Centre had flagged reservations around its misuse and wanted to put a blanket ban in India. Latest reports say cryptocurrency may not face a complete ban in India. The Centre may soon set up a panel to regulate them. The decision was taken after several cryptocurrency exchanges urged the Centre to regulate virtual coins rather than banning them. Cryptocurrency , as a medium of payment, has neither been authorized nor been regulated by any central authority in India. Further, no set rules, regulations or guidelines have been laid down for resolving disputes that could arise while dealing with bitcoins. Hence, cryptocurrency transactions come with their own set of risks.

You should also know that the government in Jan 2021 had also said, it will introduce a bill to create a sovereign digital currency and simultaneously ban all private cryptocurrencies.

  • “The bill seeks to prohibit all private cryptocurrencies in India. However, it would allow certain exceptions to promote the underlying technology of cryptocurrency and its uses,” the government says.

What’s the Road Ahead for cryptocurrency or digital currency in India ?

While the government has some reservations regarding cryptocurrencies, it is also working on its digital currency. The government does not want to be left behind in the new age tech revolution and aims to cash in on the benefits blockchain technology offers. "The time has come to leverage its applications while at the same time strengthening the digital infrastructure," Reserve Bank of India (RBI) Governor Shaktikanta Das had said in February 2021 while announcing that RBI is working on its digital currency. 

Is cryptocurrency taxable currently?

Yes. Cryptocurrency transactions are taxable in India in cases where the person earning such gains is an Indian tax resident or where the crypto is said to be domiciled in India. The income tax authorities may choose to tax the gains from bitcoins under the head “Income from other sources”. Further, if the income gets taxed under “Income from other sources”, the taxpayer would have to pay taxes at a rate as applicable to the tax slab he falls under. For eg, if his taxable income exceeds Rs 10 lakh, he would be liable to a tax @ 30% .

Cryptocurrency was once having implied ban in India.

The RBI, through a circular in April 2018, had advised all entities regulated by it not to deal in virtual currencies or provide services for facilitating any person or entity in dealing with or settling them. 

In 2018, the finance ministry had also issued a statement, saying "the government does not consider cryptocurrencies as legal tender or coin and will take all measures to eliminate the use of these crypto-assets in financing illegitimate activities or a part of the payment system the government will explore the use of blockchain technology proactively for assuring in the digital economy." 

In mid-2019, a government committee had suggested banning all private cryptocurrencies, with a jail term of up to 10 years as well as heavy penalties for anyone dealing in digital currencies. However, the Supreme Court in March 2020 overturned RBI's circular, permitting banks to handle cryptocurrency transactions from traders and exchanges.

Conclusion:

In India, despite government threats of a ban, transaction volumes are swelling and 8 million investors now hold 100 billion rupees ($1.4 billion) in crypto-investments, according to industry estimates. I feel Goverment would give six months lead time to liquidate cryptocurrency before banning them if it decides so. Please do pay your taxes on the cryptocurrency holdings or you may be vilified in the Goverment books .

Sunday, June 27, 2021

बॅंकेतून ऑनलाइन पैसे गेलयास १५५२६० हा हेल्पलाइन क्रमांक करा डायल

बॅंकेतून ऑनलाइन पैसे गेलयास १५५२६० हा हेल्पलाइन क्रमांक करा डायल


तंत्रज्ञान जेवढे प्रगत होत जाते तेवढेच त्याच्यामागे धोकेही चालत येतात. ऑनलाइन चोरी हा त्यातलाच एक प्रकार! विशेष म्हणजे शिक्षित, अनुभवी असलेले व्यक्ती याला बळी (Online fraud) पडतात. तुमचे क्रेडिट कार्ड अपडेट करायचे आहे, तुमच्या पिन नंबरची मुदत संपली, तुमच्या खात्यात अमुक रक्कम जमा करायची आहे, अशा एक ना अनेक क्लूप्त्या वापरत सायबर गुन्हेगार नागरिकांना फसवत असतात.

अशा सायबर गुन्हेगारांवर आळा घालण्यासाठी केंद्र सरकारने आता पाऊल उचलले आहे. केंद्रीय गृहमंत्रालय आणि दिल्ली पोलिसांच्या सायबर सेलने अशी यंत्रणा विकसित केली की ज्या माध्यमातून लोकांना दिलासा मिळणार आहे. केंद्रीय गृहमंत्रालयाने १५५२६० हा क्रमांक हेल्पलाइन म्हणून जारी केला आहे. ज्यांचे पैसे खात्यातून उडाले असतील त्यांनी त्वरित या क्रमांकावर कॉल करावा. कारण, सायबर गुन्ह्यांमध्ये वेळेला फार महत्त्व असते. जेवढ्या लवकर हेल्पलाइनवर कॉल कराल तेवढे गुन्हेगार शोधून काढण्यास आणि रक्कम परत मिळण्यास मदत होते.

इंटरनेटला कुठलीही भौगोलिक मर्यादा नसल्याने अगदी विदेशात बसलेला हॅकरही तुमच्या खात्यातील पैसे लंपास करू शकतो. अर्थात त्याला तुम्हीही मदत करीत असता ते ओटीपी सांगून अथवा एखादे ॲप डाउनलोड करून! कारण, हॅकर कितीही तरबेज असला तरी त्याला एकतर्फी हात साफ करताच येत नाही. आतापर्यंत देशात लाखो लोकांना याचा फटका बसला.

सात ते आठ मिनिटांत रक्कम होल्ड

सायबर गुन्हेगाराने चुना लावल्याचे कळताच त्वरित १५५२६० या क्रमांकावर कॉल केल्यास सायबर यंत्रणा कामाला लागते आणि अवघ्या सात ते आठ मिनिटांत ट्रान्सफर झालेली रक्कम होल्ड केली जाते. कारण, गुन्हेगार पैसे चोरी करण्यासाठी अनेक खात्यांचा वापर करीत असतात. कॉल येताच संबंधित बॅंक अथवा ई-साइटला अलर्ट केले जाते. त्यामुळे ट्रान्सफर सुरू असतानाच पैसे होल्ड केले जातात.

यंत्रणा काम कशी करते?

हेल्पलाइन क्रमांकावर कॉल येताच नाव, मोबाईल, खाते क्रमांक, पैसे वजा झाल्याची वेळ ही महत्त्वाची माहिती विचारली जाते. त्यानंतर सर्व माहिती http://cybercrime.gov.in/ या गृहमंत्रालयाच्या संकेतस्थळावरील डॅशबोर्डवर शेअर केली जाते. याकामी आरबीआयचेही सहकार्य मिळत आहे. क्राईम झाल्यानंतर पहिले दोन ते तीन तास अत्यंत महत्त्वपूर्ण असतात. आतापर्यंत अनेक नागरिकांना त्यांचे पैसे परत मिळाले आहेत.
एकप्रकारचे सुरक्षा कवच

http://cybercrime.gov.in/ हे संकेतस्थळ आणि १५५२६० हा हेल्पलाइन क्रमांक म्हणजे एकप्रकारे सुरक्षा कवच आहे. याला ‘इंडियन सायबर क्राईम कोऑर्डिनेशन प्लॅटफार्म’ असेही म्हणतात. याच्याशी जवळपास ५५ बॅंका, ई-वॉलेटस् ,पेमेंट गेटवेज, ई-कॉमर्स संकेतस्थळ आणि अन्य वित्तीय सेवा देणाऱ्या संस्था जुळलेल्या आहेत.

Saturday, June 12, 2021

इलेक्ट्रॉनिक उपकरणांच्या शोध आणि जप्तीसाठीची पोलिसानसाठी मार्गदर्शक तत्त्वे

पोलिस : इलेक्ट्रॉनिक उपकरणांच्या शोध आणि जप्तीसाठीची मार्गदर्शक तत्त्वे    कर्नाटक उच्च न्यायालय निकाला प्रमाणे - अ‍ॅड. (डॉ.) प्रशांत माळी, सायबर तज्ज्ञ वकील 

महाराष्ट्र सायबरच्या पोलीस अधिकारींच्या माज्या व्याख्यान कार्यक्रमा निमित्त, माझा हा ब्लॉग प्रदर्शित करत आहे.

Virendra Khanna Vs State of Karnataka and Ors (2021) वीरेंद्र खन्ना विरुद्ध स्टेट ऑफ कर्नाटक आणि इतर (२०२१) निकालामध्ये स्मार्टफोन, इलेक्ट्रॉनिक उपकरणे किंवा ईमेल खाती यासंबंधात तपासणी दरम्यान जमलेल्या पुराव्यांना जतन करण्यासाठी शोध घेण्याच्या पद्धती संबंधित अनुसरण करण्याचे निर्देश उच्च न्यायालयाने अधोरेखित केले आहेत.

कोर्ट एका खटल्याची सुनावणी करीत होते, जेथे आरोपीच्या मोबाईल फोन च्या शोध आणि जप्ती संदर्भात चौकशीचा सहभाग होता, या संदर्भात हा निकाल हायलाइट्स केला गेला कि, ज्या तपासामध्ये इलेक्ट्रॉनिक उपकरणांचा तपासणी दरम्यान समावेश असतो त्या संदर्भात कोणताही विशिष्ट असा कायदा नाही.

हा निकाल असा निष्कर्ष काढतो कि, इलेक्ट्रॉनिक उपकरणांच्या शोध आणि जप्ती संदर्भात पोलिस विभागाने तपशीलवार मार्गदर्शक तत्त्वे बनवावीत. अश्या कोणत्याही परिस्थितीत अनुसरण करण्याकरिता सूचना/मार्गदर्शक तत्त्वे तयार होईपर्यंत कोर्टाने नियमांचा किमान सेट जारी केला आहे.

अनुसरण केलेली मार्गदर्शक तत्त्वेः वैयक्तिक संगणक किंवा लॅपटॉप जप्तीच्या वेळेस:

१.      ज्यावेळेस इलेक्ट्रॉनिक उपकरणे, स्मार्टफोन किंवा ई-मेल खाते ह्यांचा संबंधित जागेत शोध घेतला जात असेल तेव्हा शोध तपास यंत्रणेने त्यांच्या सोबत पात्रता असलेले फॉरेन्सिक परीक्षक ह्यांना घेऊन गेले पाहिजे.

२.      गुन्ह्याचा तपास करताना ज्या जागेवर संगणक ठेवले असतील त्याचे संपूर्ण फोटो असे काढले पाहिजे की, ज्या मध्ये सगळ्या वायरच्या कनेकशन्स जसे पॉवर, नेटवर्क इत्यादी फोटोमध्ये टिपले गेले पाहिजेत.

३.      एक डायग्रॅम (आलेख) काढला पाहिजे ज्यामध्ये सगळे संगणक किंवा लॅपटॉप कसे जोडले गेले आहेत हे दिसून येतील.

४.      जर संगणकाची पॉवर चालू असेल आणि स्क्रीन ही ब्लँक असेल तर संगणकाचा माउस हलवा व जस जसे स्क्रीन वर इमेज येत जाईल तस-तसे स्क्रीन चे फोटो काढून घ्या.

५.      मॅक पत्ता (MAC Address) देखील ओळखला जाणे आणि सुरक्षित करणे गरजेचे आहे. जर कोणत्याही कारणाने फॉरेन्सिक परीक्षक उपलब्ध नसतील तर, संगणक अनप्लग करा, संगणक व तारा स्वतंत्र फॅराडे कव्हरमध्ये त्यांना लेबलिंगनंतर पॅक करा.

संगणक, लॅपटॉप इत्यादींच्या जप्तीसंदर्भात वरील प्रक्रियेव्यतिरिक्त, जर उपरोक्त उपकरणे एखाद्या नेटवर्कशी जोडलेली असतील तर, पुढील गोष्टींची शिफारस केली गेली आहेः

१.      सांगितलेली उपकरणे कोणत्याही रिमोट स्टोरेज उपकरणांशी किंवा शेअर नेटवर्क डिवाइस सोबत जोडलेली आहेत की नाही हे तपासा आणि जर तसे असेल तर रिमोट स्टोरेज उपकरणाला जप्त करण्यासाठी शेअर नेटवर्क डिवाइस (servers) देखील जप्त करा.

२.      वायरलेस ऍक्सेस पॉईंट्स, राऊटर्स, मोडेम्स किंवा इतर कोणतेही उपकरण जे ह्या ऍक्सेस पॉईंट, राऊटर्स, मोडेम्स ला जोडलेला असतो जे कधी कधी लपलेले असतात त्यांना देखील जप्त करा.

३.      घटनास्थळावरून कोणतेही असुरक्षित वायरलेस नेटवर्क ऍक्सेस होत नाही ना ह्याची खात्री करून घ्या, आणि जर तसे होत असेल तर त्याला ओळखा व असुरक्षित वायरलेस डिव्हाइस ह्यांना सुरक्षित करा कारण आरोपीने असुरक्षित वायरलेस डिव्हाइस चा वापर केला असू शकतो.

४.      खात्री करून घ्या की कोण नेटवर्क सांभाळत आहे किंवा कोण नेटवर्क चालवत आहे हे ओळखा - नेटवर्क चालवणाऱ्या संदर्भातील व त्या सोबतच नेटवर्क मॅनेजर कडून जप्त केलेल्या उपकरणाचा गुन्ह्यांमधील समावेश ची सगळी माहिती गोळा करा.

मोबाइल डिव्हाइसच्या जप्तीच्या वेळेस, पुढील गोष्टींची शिफारस केली गेली आहे:

मोबाइल डिव्हाइस म्हणजे स्मार्टफोन आणि मोबाईल फोन, टॅब्लेट जीपीएस युनिट इ. समाविष्ट करेल.

१.      नेटवर्कला संप्रेषण करण्यापासून आणि / किंवा Wi-Fi किंवा मोबाईल डेटा द्वारे फॅराडे बॅगमध्ये समान पॅक करून कोणतेही वायरलेस संप्रेषण साधण्यापासून डिव्हाइसला प्रतिबंधित करा.

२.      डिव्हाइसला सर्वत्र चार्ज ठेवा, जर बॅटरी संपली असेल तर अस्थिर मेमरीमध्ये उपलब्ध डेटा गमावला जाऊ शकतो.

३.      स्लिम-स्लॉट्स शोधा, सिम कार्ड काढून टाका जेणेकरून मोबाईल नेटवर्कमध्ये कोणालाही प्रवेश टाळता येईल, फॅराडे बॅगमध्ये सिम कार्ड स्वतंत्रपणे पॅक करा.

४.      शोध घेताना, तपास अधिकाऱ्याने आवारात असलेली सीडी, डीव्हीडी, ब्लू-रे, पेन ड्राईव्ह, बाह्य हार्ड ड्राइव्ह, यूएसबी थंब ड्राईव्ह, सॉलिड-स्टेट ड्राइव्ह्स इ. सारख्या इलेक्ट्रॉनिक स्टोरेज उपकरणे ताब्यात घेतल्यास त्यांना स्वतंत्रपणे फॅराडे बॅगमध्ये ठेवावे.

५.      संगणक, स्टोरेज मीडिया, लॅपटॉप इ. मॅग्नेट, रेडिओ ट्रान्समीटर, पोलिस रेडिओ इत्यादीपासून दूर ठेवावे लागतील कारण त्यांचा वरील उपकरणांवरील डेटावर विपरीत परिणाम होऊ शकेल.

६.      सूचना पुस्तिका, कागदपत्रे इ. मिळविण्यासाठी परिसराचा शोध घ्यावा, तसेच एखादी संकेतशब्द कुठेतरी लिहिले गेले आहे का हे शोधावे, बहुतेक वेळेस त्या ठिकाणी उपकरणे असणाऱ्याच एखाद्या व्यक्तीने एखाद्या पुस्तकात, लेखन पॅडवर किंवा इतर संकेतशब्दावर संकेतशब्द लिहिले असतात.

७.      तपासणी व शोध कार्यसंघाच्या प्रवेशाच्या वेळेपासून परीक्षेच्या बाहेर येईपर्यंत संपूर्ण प्रक्रिया व प्रक्रिया यांचे लेखी दस्तऐवजीकरण केले गेले पाहिजे.

PASSWORD संकेतशब्द (पासवर्ड) जप्तीच्या वेळेस:

तपास अधिकारी आरोपीला संकेतशब्द / पासकोड्स / बायोमेट्रिक्स सादर करण्यासाठी स्वतःच अशा दिशानिर्देश जारी करु शकतात.

जर आरोपींनी अधिकाऱ्याच्या निर्देशांचे पालन केले नाही तर, ते अधिकारी शोध आदेश (search warrant) जारी करण्यासाठी कोर्टाकडे अर्ज करू शकतात.

मोबाइल फोन किंवा लॅपटॉप शोधण्याची आवश्यकता दोन परिस्थितींमध्ये उद्भवू शकते - एखाद्या आपत्कालीन परिस्थितीत जेव्हा एखाद्या डिव्हाइसवर असलेले संभाव्य पुरावे नष्ट होऊ शकतात अशी भीती उद्भवली असेल, अशा परिस्थितीत शोध वॉरंटचा आग्रह धरणे व्यर्थ आहे, आणि त्याऐवजी तपास अधिकाऱ्याने वॉरंटशिवाय स्स्तःच पासवर्ड ची विचारणा आरोपी कडून करू शेकतात व अशी पासवर्ड ची विचारणा का केली गेली आहे व असा शोध का घेण्यात आला आहे, तपास अधिकाऱ्याचे उद्दीष्ट समाधानासाठी पुरेसे तपशील लेखी नोंदवला जावा लागेल. जर तपास अधिकाऱ्याने तसे केले नसेल तर मात्र वॉरंटशिवाय शोध घेणे हे तपास अधिकाऱ्याचे कार्यकक्षाशिवाय शोध घेणे असेल.

तपासणीच्या नियमित सामान्य प्रकरणात दुसर्‍या बाबतीत आवश्यक संकेतशब्द मिळविण्यासाठी सर्च वॉरंट मिळवणे आवश्यक असते.

सीआरपीसीचा सातवा अध्याय जो शोध आणि जप्त करण्याची शक्ती प्रदान करतो आणि स्मार्टफोन तसेच शोधले जाऊ शकतात असे ठामपणे सांगते. एखाद्या आरोपी व्यक्तीने सर्च वॉरंटला आणि / किंवा संकेतशब्द प्रदान करण्याच्या दिशेला प्रतिकार केला तर त्याच्या विरुद्ध प्रतिकूल अनुमान लावला जाऊ शकतो आणि तपास अधिकारी माहिती मिळविण्यासाठी डिव्हाइस हॅक करण्यासाठी पुढे जाऊ शकतात.

संकेतशब्द देणे हे भारतीय संवेदाना च्या अनुच्छेद २०(३) याचे उल्लंघन नाही (Right to self incrimination)

कर्नाटक हायकोर्टाने असेही म्हटले आहे की फक्त स्मार्टफोनकडूनच मिळालेले पुरावे आरोपींचे अपराध सिद्ध करण्यासाठी पूरक नसतात, पुरावे इतर पुरावांच्या बरोबरीने आहेत ज्यावर आरोपीचा दोष ठरवण्यासाठी एकत्रितपणे अवलंबून रहावे लागेल. फ़क्त मोबाइल फोन डिव्हाइसवरून प्राप्त केलेले पुरावे आरोपी व्यक्तीस दोषी ठरवू शकत नाहीत, म्हणून हायकोर्टाने असा तर्क केला की संकेतशब्द देण्याची कृतीने आरोपि स्वत:ची हानी करु शकत नाही व तसे करने भारतीय संवेदाना च्या अनुच्छेद २०(३) याचे उल्लंघन सुधा नाही . (Article 20(3))

संकेतशब्द देणे गोपनीयतेच्या अधिकाराचे (Right to Privacy) उल्लंघन करत नाही

कर्नाटक हायकोर्टाने असेही म्हटले आहे की संकेतशब्द पुरवणे गोपनीयतेच्या अधिकाराचे उल्लंघन करीत नाही आणि संबंधित यंत्रणेकडून मिळालेल्या माहितीचा उपयोग चौकशीच्या वेळी केला जाऊ शकतो कारण ती पुत्तस्वामीच्या केस मधील एक अपवादातच (exception) आहे. Justice K.S.Puttaswamy (Retired). vs Union of India And Ors(2017) 10 SCC 1, AIR 2017 SC 4161.

तथापि, हे स्वीकारले आहे की, तपास अधिकाऱ्याला आरोपीच्या वैयक्तिक अशा अधिक माहितीसाठी अकॅसेस (प्रवेश) मिळेल; ज्याचे प्रत्यक्ष स्वरूपात पुरावे ज्या प्रकारे हाताळले जातात त्याचप्रकारे हाताळायचे आहेत; आणि तपास अधिकारी कोणत्याही वैयक्तिक माहितीचा दुरुपयोग करण्यासाठी किंवा तृतीय पक्षासह माहिती सामायिक करण्यासाठी जबाबदार असतील.



इलेक्ट्रॉनिक उपकरणांच्या शोध आणि जप्तीसाठीची सामान्य मार्गदर्शक तत्त्वेः

a. सर्व प्रकरणांमध्ये, जप्त केलेली उपकरणे धूळ मुक्त आणि तपमान-नियंत्रित वातावरणात ठेवली पाहिजेत;

b. तपास अधिकारीने आवारात स्थित, शोध घेऊन जप्त करताना, सीडी, डीव्हीडी, ब्लू-रे, पेन ड्राईव्ह, बाह्य हार्ड ड्राइव्ह, यूएसबी थंब ड्राईव्ह, सॉलिड-स्टेट ड्राइव्ह इत्यादी इलेक्‍ट्रॉनिक स्टोरेज उपकरणे हि लेबल करावी आणि फॅराडे बॅगमध्ये त्यांना स्वतंत्रपणे पॅक करून ठेवावी;

c.संगणक, स्टोरेज मिडिया, लॅपटॉप इत्यादी मॅग्नेट, रेडिओ ट्रान्समीटर, पोलिस रेडिओ इत्यादींपासून दूर ठेवणे आवश्यक आहे कारण त्यांचा वरील उपकरणांवरील डेटावर विपरीत परिणाम होऊ शकतो;

d. सूचना पुस्तिका, कागदपत्रे इ. मिळविण्यासाठी परिसराचा शोध घ्यावा, तसेच एखादी संकेतशब्द कुठेतरी लिहिले गेले आहे का हे शोधावे, बहुतेक वेळेस त्या ठिकाणी उपकरणे असणाऱ्याच एखाद्या व्यक्तीने एखाद्या पुस्तकात, लेखन पॅडवर किंवा इतर संकेतशब्दावर संकेतशब्द लिहिले असतात.

e. तपास प्रक्रिया / शोध कार्यसंघाच्या प्रवेशाच्या वेळेपासून आवारात बाहेर येईपर्यंत संपूर्ण प्रक्रिया आणि प्रक्रियेचे लेखी दस्तऐवजीकरण केले गेले पाहिजे.


निष्कर्ष (Conclusion ):

माननीय कर्नाटक उच्च न्यायालया च्या निर्णयामुळे आरोपींना, विशेषत: व्हाईट कॉलरच्या (EOW, Cyber Crime ) प्रकरणात अडकलेल्यांना, तपासात तांत्रिक बिघाड दर्शविण्याकरिता आणि या तांत्रिक बाबींवर दिलासा मिळण्याचा पर्यायी मार्ग उघडण्याची शक्यता आहे. दुसरीकडे, न्यायालयीन समितीनेही तपास पध्दतीचे अनुसरण करणे सोपे केले आहे, जर ती योग्यरीत्या अंमलात आणली गेली तर चौकशी करण्यास कमी वाव आहे. इलेक्ट्रॉनिक उपकरणांच्या शोध आणि जप्तीसंदर्भातील नियम या विषयावर मौन बाळगलेल्या इतर राज्यांमध्ये या मार्गदर्शक तत्त्वांचे किती द्रुतपणे आणि कोणत्या प्रमाणात पालन केले गेले हे पाहणे बाकी आहे. महाराष्ट्र पोलीस याची अंमलबजावणी करून इतर व सायबर गुन्ह्या मद्ये जास्तात जास्त CONVICTION आणेल अशी अपेक्षा .


अ‍ॅड. (डॉ.) प्रशांत माळी, सायबर तज्ज्ञ वकील  Bombay High Court  


Thursday, June 10, 2021

Guidelines for search & seizure of Electronic Devices by Police : Karnataka HC Case Law


Guidelines for search & seizure of Electronic Devices by Police: Karnataka HC Case Law

Releasing this Blog on the event on my session for Maharashtra Cyber (MahCyber) police officers :

In the case Virendra Khanna vs. State of Karnataka and others (2021), the high court underlined guidelines to be followed by investigating officers regarding the manner of carrying a search and/or for the preservation of evidence gathered during an investigation that concerns smartphones, electronic equipment, or email accounts.

The court was hearing a case where the investigation involved the search and seizure of an accused mobile phone. In this context, the judgment highlights that there is no specific law regarding the procedure to be followed during an investigation that involves electronic devices.

The judgment concludes that detailed guidelines must be prepared by the police department in relation to the search and seizure of electronic devices. Meanwhile, until such instructions are formulated, the court issued a minimum set of rules to be followed in any such scenario.

The followed guidelines: In the case of a personal computer or a laptop;

1. When carrying out a search of the premises, as regards any electronic equipment, Smartphone, or an e-mail account, the search team is to be accompanied by a qualified Forensic Examiner.

2. At the time of the search, the place where the computer is stored or kept is to be photographed in such a manner that all the connections of wires including power, network, etc. are captured in such photographs.

3. A diagram should be prepared to show the manner in which the computer and/or the laptop is connected.

4. If the computer is powered on and the screen is blank, the mouse could be moved, and as and when the image appears on the screen, the photograph of the screen to be taken.

5. The MAC address also to be identified and secured. In the unlikely event of the Forensic examiner not being available, then unplug the computer, pack the computer and the wires in separate faraday covers after labeling them.

Apart from the above steps regarding the seizure of the computer, laptop, etc., if the said equipment is connected to a network, the following was recommended:

1. To ascertain as to whether the said equipment is connected to any remote storage devices or shared network drives, if so to seize the remote storage devices as also the shared network devices.

2. To seize the wireless access points, routers, modems, and any equipment connected to such access points, routers, modems which may sometimes be hidden.

3. To ascertain if any unsecured wireless network can be accessed from the location. If so, identify the same and secure the unsecured wireless devices since the accused might have used the unsecured wireless devices.

4. To ascertain who is maintaining the network and to identify who is running the network – get all the details relating to the operations of the network and the role of the equipment to be seized from such network manager.

In the case of mobile devices, the following was recommended:

Mobile devices would mean and include smartphones, mobile phones, tablets GPS units, etc.

1. Prevent the device from communicating to the network and/or receiving any wireless communication either through Wi-Fi or mobile data by packing the same in a faraday bag.

2. Keep the device charged throughout, since if the battery drains out, the data available in the volatile memory could be lost.

3. Look for slim slots, remove the sim card so as to prevent any access to the mobile network, pack the sim card separately in a faraday bag.

4. While conducting the search, if the investigating officer seized any electronic storage devices like CD, DVD, Blu-Ray, pen drive, external hard drive, USB thumb drives, solid-state drives, etc., located on the premises, label and pack them separately in a faraday bag.

5. The computers, storage media, laptops, etc. to be kept away from magnets, radio transmitters, police radios, etc. since they could have an adverse impact on the data in the said devices.

6. To carry out a search of the premises to obtain instructions manuals, documentation, etc., as also to ascertain if a password is written down somewhere since many a time person owning equipment would have written the password in a book, writing pad or the like at the said location.

7. The entire process and procedure followed to be documented in writing from the time of the entry of the investigation/search team into the premises until they exit.

Password confiscating procedure :

An investigating officer can issue such directions in the course of an investigation accused to furnish passwords/ passcodes/ biometrics. 

If the accused were to not comply with the officer’s directions, the officer could then apply to the Court seeking issuance of search order. 

The necessity to search a mobile phone or laptop would arise in two circumstances – in an emergency when there is an apprehension that the potential evidence contained on a device may be destroyed, in this scenario, it would be futile to insist on a search warrant, and it would instead be appropriate if the investigating officer recorded his reasons in writing as to why such search was being conducted without a warrant, i.e., objective satisfaction by such officer regarding the emergent nature of the search would have to be recorded in sufficient detail, failing which the search without a warrant would be without jurisdiction.

In the second case in the regular ordinary course of an investigation, it would be essential to procure a search warrant to obtain the requisite passwords. 

Chapter VII of the CrPC which provides for powers to search and seize was relied upon to assert that smartphones can be searched as well. Should an accused person resist a search warrant and/ or a direction to provide a password, an adverse inference can be drawn against him/ her and the investigating officer can proceed to get the device hacked to obtain the information.

Giving Passwords Doesn't amount to self-incrimination:

Karnataka HC also held that evidence that is obtained from a smartphone cannot ipso facto prove the guilt of the accused. Such evidence is on par with other evidence that has to be cumulatively relied on to decide the guilt of an accused. Since evidence obtained from a mobile device cannot ipso facto render an accused person guilty, the HC reasoned that the act of giving passwords cannot amount to self-incrimination.  

Giving passwords does not violate the right to privacy

The Karnataka HC also held that furnishing passwords does not violate the right to privacy, and information that is obtained from the concerned device can be used in the course of the investigation as it falls within the exceptions carved out in Puttaswamy. However, it acknowledged that the investigating officer would have access to a plethora of personal information of the accused, which is to be handled in the same way that evidence in physical forms is handled; and that the investigating officer would be liable for misuse of any personal information or sharing of information with third parties.

General Guidelines :

In all cases, seized equipment to be placed in a dust-free and temperature-controlled environment;

While conducting the search, the investigating officer to seize any electronic storage devices like CD, DVD, Blu-Ray, pen drive, external hard drive, USB thumb drives, solid-state drives, etc, located on the premises, label and pack them separately in a faraday bag;

Computers, storage media, laptops, etc to be kept away from magnets, radio transmitters, police radios, etc since they could have an adverse impact on the data in the said devices;

Carry out a search of the premises to obtain instruction manuals, documentation, etc, as also to ascertain if a password is written down somewhere since many a time the person owning the equipment would have written the password in a book, writing pad or the like at the said location;

The entire process and procedure followed to be documented in writing from the time of the entry of the investigation/ search team into the premises until they exit.

Conclusion :

This decision is likely to open a treasure trove of options for accused persons, especially those implicated in white-collar matters, to point out technical lapses in investigations and seek reliefs on these technical counts. On the other hand, the HC has also made the job easier for investigators to follow a set pattern, which if implemented correctly, can lead to less scope for assailing an investigation. It remains to be seen as to how quickly and to what extent these guidelines are followed in other States where Rules regarding search and seizure of electronic equipment are silent on the subject.


Friday, June 4, 2021

APT Groups of India involved in Cyber Warfare

APT Groups of India involved in Cyber Warfare

An advanced persistent threat (APT) is a stealthy threat actor, typically a nation-state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state-sponsored groups conducting large-scale targeted intrusions for specific goals. Such threat actors' motivations are typically political or economic.


Following are some of the Indian APT Groups :


  • SideWinder: The highly active cyber-espionage entity known as SideWinder has been plaguing governments and enterprises since 2012. SideWinder’s most of the activity is heavily focused on South Asia and East Asia, with the group likely supporting Indian political interests.

  • Dropping Elephant: This is allegedly an Indian state-sponsored group Dropping Elephant has been known to target the Chinese government via spear-phishing and watering hole attacks.

  • Viceroy Tiger: This APT group has been known to use weaponized Microsoft Office documents in spear-phishing campaigns. Security researchers at Lookout recently went public with research on mobile malware attributed to the threat actors and rated as medium sophistication.

India has consolidated its cyber forces by establishing the Defence Cyber Agency (DCA), a new tri-service agency for cyber warfare. The DCA is said to have more than 1,000 experts who will be distributed into a number of formations in the Army, Navy, and Air Force.

What are the tactics, techniques, and procedures of Indian APT Groups?
APT groups use a variety of tactics, techniques, and procedures (TTPs) including spear-phishing and custom malware. These are adaptive and disciplined threat group that hides its activity on a victim’s network, they communicate infrequently and in a way that closely resembles legitimate traffic, by using legitimate popular web service.







Sunday, April 25, 2021

WhatsApp group admin Liability Case Law


Case Laws for WhatsApp Group Admin Liability

A vicarious criminal liability can be fastened only by reason of a provision of a statute and not otherwise. In the absence of a special penal law creating vicarious liability, an Admin of a WhatsApp group cannot be held liable for the objectionable post by a group member."

a crime was registered against the first accused under Sections 67B (a),(b) and (d) of the Information Technology Act, 2000 and Sections 13, 14 and 15 of the Protection of Children from Sexual Offence Act.

Manual v. State of Kerala [2022]
CRL MC No.3654 of 2021

WhatsApp group admin can’t be held liable for member’s post unless common intention shown held by Bombay High Court :
Alleged Crime was under Section 67 of the IT Act, 2000 (related to obscenity)

Kishor v State of Maharashtra [2021] GCtR 787 (Nagpur, Bombay HC)
01/03/2021 in Criminal Application (APL) 573/2016

"Common intention cannot be established in a case of WhatsApp service user merely acting as a group administrator. When a person creates a WhatsApp group, he cannot be expected to presume or to have advance knowledge of the criminal acts of the member of the group",

MADRAS High Court Another Judgement 

If the petitioner had played the role of a group administrator alone and nothing else, then while filing final report, the petitioner's name shall be deleted. If some other material is also gathered by the first respondent so as to implicate the petitioner, then of course the petitioner will have to challenge the case only on merits."

R. Rajendran v. The Inspector of Police & Kathirvel

Case No: Crl.O.P.(MD)No.8010 of 2021 & CRL.M.P.(MD)No.4123 of 2021


Adv (Dr.) Prashant Mali
Cyber Law Expert and Author , Lawyer Bombay High Court
Mobile: 9821763157

FIR : All you want to know about in a criminal case

FIR - What is?  The first information report is a report giving information of the commission of a cognizable crime,  which may be made by t...