Upload
phungkhanh
View
232
Download
2
Embed Size (px)
Citation preview
Digital Threats & Forensic Audit – Growing Need and
Professional Opportunity Kolkata 18-10-2014
CA ANAND PRAKASH JANGID,CISA, CISM, ACP
Privileged and Confidential 2
Agenda
• Check in
• The environment today
• Why should we worry
• Computer/Digital Forensic
• Legal aspects
• Awareness and prevention
• Case studies
• Check out
Privileged and Confidential 4
Famous Technology Predictions
I think there is a world market for maybe five computers.’
Thomas Watson, Chairman of IBM, 1943
‘There is no reason why anyone would want a computer in the home.’
Ken Olson, Present, Chairman and founder of Digital Equipment Corporation, 1977
‘640K should be enough for anybody.’
Bill Gates, 1981
‘So far, Java seems like a stinker to me…I have a hunch that it won't be a very successful language.’
Paul Graham, Author
Privileged and Confidential 7
The future is not what is used to
be….
Cyber fraud/crime earnings more then Drug
earnings( source FBI.gov)
Estonia brought to its knee by cyber attacks.
TOR- .onion sites
Identity thefts
Credit cards fraud in 2013 was USD 109 Billion
dollar
You & I
New Generation Devices
Typical skimming device beside
new device
New device consists of magnetic
tape reader and battery-powered
radio transmitter unit for
transmitting data.
Privileged and Confidential 16
The Fraud
•January 2008 Société
Générale announced that it
lost approximately €4.9
billion( $ 7.2 Billion) due to
unauthorized trading
•The bank was founded in
1984
•Operates in 82 countries and
employs 151,000 people
worldwide
Privileged and Confidential 17
The Man
Jérôme Kerviel (born
January 11, 1977)
Started his career in
2000 in the complaince
dept of SG
2005 Promoted as
JUNIOR trader in the
“Delta one” Product
team
Privileged and Confidential 18
What so special about the fraud !!!!
Magnitude of the event - $7 billion in losses, surpassing any other example of unauthorized trading
incidents in history.
Singly perputed by a JUNIOR trader
Privileged and Confidential 19
How it happned
A Junior trader(Jérôme) in SocGen’s Delta One business entered in to significant long positions in
Eurostoxx,DAX & FTSE index futures.
In the normal course of business these long positions would be hedged however the trader did not
take out genuine hedging trades
Privileged and Confidential 20
How it Happened..cont
The trader offset the reported market risk by entering in to fictitious hedge transactions.
To avoid controls he Chose transactions with “ no cash movements or margin call & which didn’t
require immediate confirmation “
Privileged and Confidential 21
How it Happened..cont
Used other individuals passwords to cancel certain transaction
Falsified documents to justify the transactions
Ensured that the fictitious transactions were of a different instrument than the ones he cancelled
Privileged and Confidential 22
Able to Use/guess other individuals passwords to cancel/conceal certain transactions.
Fake mail confirmations for the trades.
Trader used his experience of working in middle office roles to circumvent control processes .
Diverse application and access control across it not in sync.Old access to apps not removed for the
new role
Cause/contributory factor
Privileged and Confidential 23
What is Mr. Jerome doing now ?
Kerviel is now into a new job at information technology security consulting
firm Lemaire Consultants & Associates
Privileged and Confidential 24
Definition
What is Computer Forensics??
Computer forensics involves the preservation, identification, extraction, documentation, and interpretation of computer media for evidentiary and/or root cause analysis.
Multiple methods of
Discovering data on computer system
Recovering deleted, encrypted, or damaged file information
Monitoring live activity
Detecting violations of corporate policy
Information collected assists in arrests, prosecution, termination of employment, and preventing future illegal activity
Privileged and Confidential 25
Definition (cont)
•What Constitutes Digital Evidence?
Any information being subject to human intervention or not, that can be extracted from a computer.
Must be in human-readable format or capable of being interpreted by a person with expertise in the subject.
•Computer Forensics Examples
Recovering thousands of deleted emails
Performing investigation post employment termination
Recovering evidence post formatting hard drive
Performing investigation after multiple users had taken over the system
Privileged and Confidential 26
Reasons For Evidence.. Some
example Wide range of computer crimes and misuses
Fraud
SPAM investigations
Virus/Trojan distribution
Intellectual property breaches & Espionage
Unauthorized use of personal information (my favorite)
• Tracking internet browsing habits
• Reconstructing Events
• Selling company bandwidth
• Sexual harassment
• Software Piracy
Privileged and Confidential 27
Who Uses Computer Forensics?
Criminal Prosecutors
Civil Litigations
Insurance Companies
Private Corporations
Law Enforcement Officials
Individual/Private Citizens
Privileged and Confidential 28
Steps Of Computer Forensics
Computer forensic is emerging body of knowledge. Presently most experts follow a four (4) step process
Acquisition
Physically or remotely obtaining possession of the computer, all network mappings from the system, and external physical storage devices
Identification
This step involves identifying what data could be recovered and electronically retrieving it by running various Computer Forensic tools and software suites
Evaluation
Evaluating the information/data recovered to determine if and how it could be used again the suspect for employment termination or prosecution in court
Privileged and Confidential 29
Steps Of Computer Forensics (cont)
Presentation
This step involves the presentation of evidence discovered in a
manner which is understood by lawyers, non-technically
staff/management, and suitable as evidence as determined by
United States and internal laws
Privileged and Confidential 31
RBN – Who?
12 Levashovskiy Prospect. 197110 Saint-Petersburg, - RU RBN
Operations
Ref: Bizeul.org - 11/21/07
Ref: Bizeul.org
Privileged and Confidential 32
RBN – What? (a)
The Russian Business Network (commonly abbreviated as RBN) is a
Russian Internet Service Provider based in St. Petersburg which is
notorious for its hosting of illegal and dubious businesses, including;
child pornography, phishing and malware distribution sites. -
Wikipedia
Privileged and Confidential 34
Definition of Evidence..
The Act amends the definition of ‘Evidence’in Section 3, the interpretation
clause of the Indian Evidence Act 1872, to state:
‘Evidence’ means and includes
1) ..
2) All documents including electronic records produced for the inspection
of the Court
Privileged and Confidential 35
What is an Electronic Record ?
According to section 2(t) of the Information Technology Act, 2000 “electronic record” means
data, record or data generated, image or sound stored, received or sent in an electronic form or
micro film or computer generated micro fiche.
Privileged and Confidential 36
Legal Recognition of electronic records
Section 4 of The IT Act,2000
Where any law provides that information or any
other matter shall be in writing or in the typewritten
or printed form, then, notwithstanding anything
contained in such law, such requirement shall be
deemed to have been satisfied if such information
or matter is-
a) rendered made available in an electronic form;
and
b) accessible so as to be usable for a subsequent
reference.
Privileged and Confidential 37
Electronic Evidence
(Recent Case Law)
Mohinder Sharma, a resident of Budhpur in northwest Delhi was Sent to 20 years of Imprisonment and 1.02 Lakhs Penalty was charged.”Electronic Evidence was Relied upon”
Mohinder Sharma V/S State , Delhi HC
Surveillance with the help of its unique international mobile equipment identity (IMEI) number and was found being used by Sharma with a different SIM. He had destroyed the original SIM.
Privileged and Confidential 38
Case Law on Email as evidence
M/s. P. R. Transport Agency v. Union of India (AIR 2006 ALLAHABAD
23)
Thus, the acceptance of the tender, communicated by the
respondents to the petitioner by e-mail, will be deemed to be received by
the petitioner at Varanasi or Chandauli, which are the only two places
where the petitioner has his place of business
Privileged and Confidential 39
Case Law on SMS,MMS as Evidence
In State of Delhi v. Mohd. Afzal & ors,
It was held that electronic records are admissible as
evidence. If someone challenges the accuracy of a
computer evidence or electronic record on the
grounds of misuse of system or operating failure or
interpolation, then the person challenging it must
prove the same beyond reasonable doubt. The court
observed that mere theoretical and general
apprehensions cannot make clear evidence
defective and in admissible. This case has well
demonstrated the admissibility of electronic
evidence in various forms in Indian courts.
Privileged and Confidential 40
Some Case Studies
Google adword fraud and pay per click fraud
Geometric software example ( Intellectual property)
Delhi Airport Data card issue( Bandwidth and Identify theft)
BBMP(Database related fraud)
Tokyo stock exchange -
TDS Fraud at income tax Hyderabad
Swift frauds
Onmobile Case
Digital signtaure
Privileged and Confidential 42
Cloud Forensics
Cloud forensics is a cross discipline of cloud computing and digital forensics.
Cloud forensics is a subset of network forensics.
Network forensics deals with forensic investigations of networks.
Cloud computing is based on broad network access. cloud forensics follows the main phases of
network forensics with techniques tailored to cloud computing environments.
Intro Control
and Audit Risks Forensics
Privileged and Confidential 43
Objectives of Digital Forensics
To find out whether the digital artifact had been used for a criminal act
To identify the data that had been generated during the period of committing the criminal act
To recover and preserve the integrity of the data that had been generated
To analyze the data and prove in the court of law the validity and integrity of the data
Intro Control
and Audit Risks Forensics
Privileged and Confidential 44
Challenges in Cloud Forensics
Forensic Data Collection
Live Forensics
Evidence Segregation
Virtualised Environments
Internal Staffing
External Dependency
Chains
Service Level Agreements
Multiple Jurisdictions
Intro Control
and Audit Risks Forensics
Questions and
Thank You CA ANAND PRAKASH JANGID
+91 9620233516
www.quadrisk.com