Purpose of Criminal Law 1. Regulate, maintain and enforce social conduct 2. Discourage behavior harmful to the society 3. Discourage behavior challenging authority’s legitimacy 4. Aim at enforcing society’s more favorable behavior 5. Use criminal sanctions for punishing offenders 6. Incapacitate offenders from continual harming the society 7. Rehabilitate offenders 8. Re-tribute offenders for the harm done 9. Deter potential/repeating offenders from the prohibited conducts
What is Criminal Laws
“Criminal Law is a branch of law that deals with the punishment of an offender for wrongs committed against society.”
Sources of Criminal Laws 1. Common Law * Laws developed through courts * “judge-made” law 2. Statutory Law * Laws enacted by the Legislature * Written Law 3. Rules of Equity * A supplement common law, when it prevented "justice" from prevailing * based on a judicial assessment of fairness as opposed to the strict and rigid rule of common law.
Criminal Laws in Hong Kong 1. The Basic Law 2. Common Law and Rules of Equity 3. Statutory Law * Ordinances 4. Chinese Customary Law * e.g. New Territories Ordinance, CAP. 9 5. International Law
Criminal Liability * actus reus--The criminal act * mens rea--The guilty mind
Example: Theft * A person commits theft if he dishonestly appropriates property belonging to another with the intention of permanently depriving the other of it’ * Elements of Offence: * dishonesty * appropriation * property * belonging to another * the intention of permanently depriving * actus reus: appropriation of property belonging to another * mens rea: dishonesty; the intention of permanently depriving
Criminal Justice System 1. Law Enforcement * Police Force * Customs and Excise Department, * ICAC, Immigration * Fire Services, ... 2. Criminal Courts & Penal System * Magistrate’s Court * District Court * Court of First Instance * Court of Appeal, Court of Final Appeal 3. Crime Prevention
Cybercrime * Computer as a target * Computer as a medium
Cybercrime Laws 1. Unauthorized Access 2. Access with Criminal / Dishonest Intent
(4 Situations) (5 years prison) * Intent to commit crime * Dishonest intent to deceive * View to Dishonest gain -> himself / another * Dishonest intent -> cause loss to another 3. Criminal Damage 4. Burglary 5. False Accounting 6. Fraud, Theft 7. Extortion 8. Pornography, Gambling, Drugs Offences 9. Sexual Offences 10. Child Pornography * publishes any child pornography... * a fine of $2,000,000 and imprisonment for 8 years 11. Copyright Offences 12. Control of Obscene and Indecent Articles * publishes; * possesses for the purpose of publication; or * imports for the purpose of publication, * any obscene article, whether or not he knows that it is an obscene article, commits an offence and is liable to a fine of $1,000,000 and to imprisonment for 3 years.
Information Security * Confidentiality 機密性 * Integrity 完整性 * Availability 可用性
Information Security--A User’s Perspective * SYSTEM * PROCEDURE * PEOPLE
Case 1 * Remote Login to company intranet/VPN * Automatic inactive log out * Using public computer to access...
Case 2 * Spyware and Password * Trojan and Password
Case3
* Installing own software... downloaded from * Internet * Virus... still the no. 1 threat. * Virus + Spyware, trojan, DDoS, ....
Case 4: Information Leakage * The power of Search Engine * The power of Blog! * Convenience * Information ‘sharing’ * The ‘TV’ Test
Case 5 * Storage media... * HDD, USB Drive, Memory card, Network drive * Public services, ISP, Yahoo!, Gmail, ...
Social Impact 1. Financial loss 2. Media report 3. Job lost 4. Social cost 5. Crime
Tips 1. Computing on a degree of trust * Private Computer: Personal data; private e-mail; e-banking; Storing logins; Cookies; online shopping * Shared Use: Company data; business e-mail; encrypt if needed use network/storage device * Public Computer: Web surfing; webmail?; login to websites?; e-banking?; network drive? 2. Manage your Password * Password Category * Reminder Mechanism * Password vault * How secure is your password?
* How to choose a strong password?
Password example: Wal2aS’t! * Not 100% sure, no email link, attachment * TV Test * Encrypt if in doubt!
Lecture 2 Computer Crimes Ordinance
Hackers
1. white hat hackers * identify system vulnerabilities in the interest of promoting heightened security 2. black hat hackers * identify and exploit system vulnerabilities for nefarious purposes, including, but not limited to, destruction and theft * also known as ‘crackers’ 3. grey hat hackers * wear both white and black hats! * may identify vulnerabilities for system administrators * but may also provide them to black hat hackers for profit!
Example: Kevin Mitnick * “Social engineering” * non-technical intrusion * relies heavily on human interaction * tricking/deceiving other people for information gathering * or to break normal security procedures * previously, a term describing an act of psychological manipulation * arrested by FBI in February 1995 * today, claimed to be reformed and owned a security firm! * 90,000+ followers on Twitter
Example: c0mrade * first teen to be imprisoned for computer hacking * created a back door to U.S. Department of Defense’s DTRA, access to usernames, passwords, emails of thousands of government employees!
Computer Crimes * Traditional Computer Crimes 1. Phreaking : Manipulation of telecommunications carriers to gain knowledge of telecommunications, theft of such services * Stealing of PABX services * telecom fraud 2. hacking : Identify computer shortcuts or clever pranks (defined by MIT 1960s) * an anti-establishment ideology * the ‘hacker’ manifesto 3. criminal hacking : targets data which is valuable on its face, e.g. trade secrets, proprietary data, credit card information’= * exploitation of data * disarming a computerized alarm system 4. theft of computer hardware 5. infringement of software copyrights 6. film and music privacy * Computer and Cyber Crimes Today * Fraud * Fraudulent Instruments * Hacking, Interference with Lawful Use of Computer * Malware, Virus, Worms, Spyware * Spam, Phishing * Ransomware, Kidnapping of Information * Theft of Information, Data Manipulation, Web Encroachment, Cyber-squatting * Cyber Extortion and Terrorism * Cyber Pornography, Child Pornography * Online Pharmacies, Dangerous Drugs * Online Gambling * Threatening and Harassing Communications * Cyberstalking and Harassment * Online Fraud * Securities Fraud and Market Manipulation * Money Laundering * Cyber Crime Tomorrow
Exercise * The strength of the overall defense is as strong as the weakest link * One successful attack is enough * Distributed Denial of Service Attack * (DDoS) v. individual strikes * Defence in depth * military strategy * delay the advance of an attacker * rather than perimeter defence * multiple layers of security controls to * compromise * Manual Defense v. Automatic Setup * Few big attacks v. many small attacks
Computer Crimes Ordinance * enacted in 1993 to protect against computer-related crime * through amending Telecommunications Ordinance (Cap. 106), Crimes Ordinance (Cap. 200), Theft Ordinance (Cap. 210) * created new offences and broadened the coverage of existing offences * Unauthorized Access * Unauthorized access to computer by telecommunications * Cap. 106 - Telecommunications Ordinance * S. 27A, prohibiting unauthorized access to computer by telecommunication. Offender will be subject to a maximum fine of HK$20,000. * Access with Criminal / Dishonest Intent * Access to Computer with Criminal or Dishonest Intent * 5 YEARS * HKSAR v. TSUN Shui Lun [1999] HKCFI 77 * a view to gain * “gain” include obtaining information which one did not have prior to his access to a computer. * ... In the present case, it was a gain to obtain the information from the CT scan report which was stored in the RIS of the Hospital's computer. * ... it was to be a leak to newspapers which is tantamount to leaking it to the public. Such a leak would be in direct contradiction to the obligation of confidentiality... any ordinary and reasonable person would have considered such conduct as not only discreditable, dishonorable or inappropriate, but also dishonest and reprehensible. * ... There was access into the computer by the appellant. He did it in excess of his authority. At the time he did so, he intended to obtain the confidential information in the computer for the purpose of and with a view to printing out a copy and leaking it to the press. That is a gain within the definition in section 161. It was dishonest conduct and he knew it was dishonest. There is no merit in the appeal against conviction and it must be dismissed. * dishonesty (R. v. Ghosh, [1982] 1 QB 1056) * Criminal Damage * Cap. 200 - Crime Ordinance S. 59 extending the meaning of property to include any program or data held in a computer or in computer storage medium. * Cap. 200 - Crime Ordinance S. 59 and 60, extending the meaning of criminal damage to property to misuse of a computer program or data. Offender will be subject to a penalty of 10 years' imprisonment. * 10 YEARS * Burglary * Cap. 210 - Theft Ordinance S. 11 extending the meaning of burglary to include unlawfully causing a computer to function other than as it has been established and altering, erasing or adding any computer program or data. * 14 YEARS * False Accounting * Cap. 210 - Theft Ordinance S. 19, extending the meaning of false accounting to include destroying, defacing, concealing or falsifying records kept by computer. * 10 YEARS * Making false entry in bank book, etc. * Cap. 200 - Crimes Ordinance S. 85, “books” (簿冊) to include any disc, card, tape, microchip, sound track or other device on or in which information is recorded or stored by mechanical, electronic , optical or other means. * Jail maximum FOR LIFE!
Lecture 3 Hacking, Intrusion, Malicious Codes
U.S. Cybercrime Law * California Business and Professional Code S.17538 * Anti-cyber squatting Consumer Protection Act (ACPA), 15 U.S. Code (U.S.C.) s.1125(D) * Unsolicited E-mail : CAN-SPAM Act of 2003, 15 U.S.C. s.7701-7713 * 18 U.S.C. 1028. Fraud and related activity in connection with identification documents, authentication features, and information * 18 U.S.C. § 1029. Fraud and Related Activity in Connection with Access Devices * 18 U.S.C. § 1030. Fraud and Related Activity in Connection with Computers * 18 U.S.C. § 1362. Communication Lines, Stations, or Systems * 18 U.S.C. § 2510 et seq. Wire and Electronic Communications Interception and Interception of Oral * Communications * 18 U.S.C. § 2701 et seq. Stored Wire and Electronic Communications and Transactional Records Access * 18 U.S.C. § 3121 et seq. Recording of Dialing, Routing, Addressing, and Signaling Information * Communications Decency Act * 47 U.S.C. s.230 * Protection for private blocking and screening of offensive material * 18 U.S.C. 875 Interstate Communications: Including Threats, Kidnapping, Ransom, Extortion * 18 U.S.C. 1361 Injury to Government Property * 18 U.S.C. 1831 Economic Espionage Act
Hacking * Passwords... * Security Question v. Insecure Question? * What about 2-Factors Authentication * Biometrics? * Man-in-the Middle / Man-in-the-Browser Attacks * Man In The Middle Attack
One of the most successful vectors for gaining control of customer information and resources is through man-in-the-middle attacks. In this class of attack, the attacker situates himself between the customer and the real web-based application, and proxies all communications between the systems. From this vantage point, the attacker can observe and record all transactions. This form of attack is successful for both HTTP and HTTPS communications. Forman-in-the-middle attacks to be successful, the attacker must be able to direct the customer to their proxy server instead of the real server. * Man In The Browser Attack
The Man in the Browser attack is an enhancement of the Man in the Middle, already seen in the wild. It is designed to work even against customers who are careful enough to not enter their bank details on sites visited from links in emails. In this attack, the fraudster installs malware on the customer's PC, either via email or a drive-by download (even with up to date anti-virus software, 80% of new malware is undetected). Then, when the customer makes a transfer using their normal online banking, the malware inside the web browser silently manipulates the amount and destination. * Single Attack * DDoS * Botnets and Zombie Armies * Intermediates... virus, spams, spyware, malware, Trojans * Static channel... websites, honeypot * Database... SQL Injection * SQL injection
• attack data driven applications
• including portions of SQL statements in an entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database
• e.g., dump the database contents to the attacker
• a code injection technique that exploits a security vulnerability in an application's software
• happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed
Malicious Codes * Viruses and worms * similarity - the goal to replicate, but very different functional requirements * Virus * a code segment which replicates by attaching copies to existing executables. * Worm * a program which replicates itself and causes execution of the new copy. * Network Worm * a worm which copies itself to another system by using common network facilities, and causes execution of the copy on that system. * Trojan Horse * a program which performs a useful function, but also performs an unexpected action as well. * Malicious code (also called vandals) * a new breed of Internet threat, cannot be efficiently controlled by conventional antivirus software alone * In contrast to viruses that require a user to execute a program in order to cause damage, vandals are auto-executable applications * Malicious code can take the form of: * Java Applets * ActiveX Controls * Scripting languages * Browser plug-ins * Pushed content
Malware * (aka scumware) * Malware - Malicious software * designed to infiltrate a computer without the owner’s informed consent * variety forms of hostile, intrusive, or annoying software or program code
Malware – Concealment * Virus and Worms * Trojan horses * Can intrude without being shut down, or deleted by the user or administrator of the computer * Program disguised as something innocuous or desirable * Users may be tempted to install it without knowing what it does * Rootkits * Malicious program to stay concealed * Avoid detection and disinfection * Modify the host operating system so that the malware is hidden from the user * Prevent a malicious process from being visible in the system’s list of processes, or keep its files from being read * Backdoors * Bypassing normal authentication procedures * To allow easier access in the future. * Backdoors may also be installed prior to malicious software, to allow attackers entry * Spyware * Collects information about users without their knowledge * Typically hidden from the user * Adware, a special form to track users’ behavior and suggest relevant advertisement * Adware
Lecture 4 Fraud, Intellectual Property, Theft
Theft (s.2-10) * Obtaining Property by Deception (s.17) * by any Deception, dishonestly * obtains property * belonging to another * intention of permanently depriving the other of it * What is “deception” * any deception (whether deliberate or reckless) by words or conduct (whether by any act or omission) as to factor as to law, including a deception relating to the past, the present or the future and a deception as to the intentions of the person using the deception or any other person. * What is “obtain” * obtains ownership, possession or control of it, and "obtain" includes obtaining for another or enabling another to obtain or to retain * Obtaining pecuniary advantage by deception (s.18) * by any Deception, dishonestly * obtains for himself or another * any pecuniary advantage * what is “pecuniary advantage”? * credit facility or arrangement, its improvement, a credit / set off an account * borrow by way of overdraft, insurance or annunty contract, its improvement * opportunity to earn remuneration, its improvement, in an employment * opportunity to win money by betting * Obtaining services by deception (s.18A) * by any Deception, dishonestly * obtains a service * from another * What is “obtaining a service”? * where the other is induced to confer a benefit by doing some act, or causing or permitting some act to be done, on the understanding that the benefit has been or will be paid for * Evasion of liability by deception (s.18B) * Making off without payment (s.18C) * Procuring entry in certain records by deception (s.18D) * False accounting (s.19)
Fraud (s.16A) * by any deceit * with the intention to defraud * induces another person * to commit an act, or make an omission, results in: * benefit to other than the victim, or * prejudice/substantial risk to other than the offender
What is intellectual property?
Intellectual property is the name commonly given to a group of separate intangible property rights. These include trademarks, patents, copyright, designs, plant varieties and the layout design of integrated circuits.
Copyright Ordinance, Cap. 528 * Making or dealing with infringing articles (s.118) * Exemptions (s.118A) * Penalties (s.119) * Level 5 Fine (HK$50,000) + 4 Years * HK$500,000 + 8 Years * Making infringing copies outside HK (s.120)
Copyright Law of the U.S. * Originality Requirement * Work of Authorship * Fixation * Copyright is an Automatic Creation * Compilation Copyrights
Lecture 6 Gambling, Pornography, Drugs
* Moral Offences * behavior between two consenting adults with no immediate victims to bring charges * involves one person providing goods (such as drugs) or services (gambling or prostitution) to another * Victim-less Offences * With no one to file a criminal complaint claiming injury, these are crimes simply because they were outlawed. * The criminal justice system must rely on informants, undercover agents, and surveillance equipment to detect or investigate such crimes.
Gambling Ordinance, Cap. 148 * Gambling is Unlawful (s.3) * Lotteries is Unlawful (s.4) * Unlawful Gambling Establishment (s.5) * Gambling in an Unlawful Gambling * Establishment (s.6) * Bookmaking (s.7) * Betting with a Bookmaker (s.8) * Promoters with a Bookmaker (s.9) * Street Gambling (s.13) * Operating premises for promoting, facilitating booking (s.16A)
United States * 31 USC Chapter 53, Subchapter IV - PROHIBITION ON FUNDING OF UNLAWFUL INTERNET GAMBLING * No person engaged in the business of betting or wagering may knowingly accept, in connection with the participation of another person in unlawful Internet gambling -
(1) credit, or the proceeds of credit, extended to or on behalf of such other person (including credit extended through the use of a credit card);
(2) an electronic fund transfer, or funds transmitted by or through a money transmitting business, or the proceeds of an electronic fund transfer or money transmitting service, from or on behalf of such other person;
(3) any check, draft, or similar instrument which is drawn by or on behalf of such other person and is drawn on or payable at or through any financial institution; or
(4) the proceeds of any other form of financial transaction, as the Secretary and the Board of Governors of the Federal Reserve System may jointly prescribe by regulation, which involves a financial institution as a payor or financial intermediary on behalf of or for the benefit of such other person. * § 5361-5367
Dangerous Drugs Ordinance, Cap. 134 * Possession of Dangerous Drug (s.8) * Trafficking in Dangerous Drug (s.4) * Trafficking in Purported Dangerous Drug (s.4A) * Manufacturing Dangerous Drugs (s.6) * Divan Keeping (s.35)
Control of Obscene and Indecent Articles Ordinance, Cap. 390 * Publishing, etc. Obscene Articles (s.21) * Publishing, etc. Indecent Articles to a juvenile (under 18) (s.22)
Prevention of Child Pornography Ordinance, Cap.
579
* Child – under 16 years. “Child pornography" means—
(a) a photograph, film, computer-generated image or other visual depiction that is a pornographic depiction of a person who is or is depicted as being a child, whether it is made or generated by electronic or any other means, whether or not it is a depiction of a real person and whether or not it has been modified; or
(b) anything that incorporates a photograph, film, image or depiction referred to in paragraph (a), and includes data stored in a form that is capable of conversion into a photograph, film, image or depiction referred to in paragraph (a) and anything containing such data * Prints, makes, produces, reproduces, copies, imports or exports, publishes - max. 8 years imprisonment * Possessing – max. 5 years imprisonment
Lecture 7 Cyber Extortion and Terrorism
Cyber Extortion
Crimes Ordinance, Cap. 200 * Criminal Intimidation (s.24-27) * Threaten to destroy or damage property (s.61) * Arson (s.60) * Procurement by threats (s.119)
Theft Ordinance, Cap. 210-Involve Money * Blackmail (s.23)
Societies Ordinance, Cap. 151 * Definition of Unlawful Society (s.18) * Claiming to be a Member of a Triad Society (s.20)-actus reus * Claiming to be an Office-bearer of a Triad Society (s.19) * Inciting, etc., a person to become a member of an Triad Society (s.22)
Traditional v. Cyber Extortion * Organized Crime? Botnet? * Traditional Extortion : Physical violence, destruction of property, disclosure of sensitive information... * Cyber Extortion: DDoS attack, Erasure of data, publication of privacy...
Organized and Serious Crimes Ordinance, Cap. 455 * An Ordinance to create new powers of investigation into organized crimes and certain other offences and into the proceeds of crime of certain offenders; provide for the confiscation of proceeds of crime; make provision in respect of the sentencing of certain offenders; create offences relating to the proceeds of crime or property representing the proceeds of crime; and for ancillary and connected matters. (s.1) * Production Order (s.4) * Confiscation Orders (s.8) * Restraint Orders (s.15) * Money Laundering Offence (s.25) * Enhanced Sentencing (s.27)
Cyber Terrorism
What is Terrorism? * Government Definition * All criminal acts directed against a State and intended or calculated to create a state of terror in the minds of particular persons or a group o persons or the general public (League of Nations Convention, 1937) * Criminal acts intended or calculated to provoke a state of terror in the general public, a group of persons or particular persons for political purposes are in any circumstance unjustifiable, whatever the considerations of a political, philosophical, ideological, racial, ethnic, religious or othernature that may be invoked to justify them (UN Resolution Language, 1994) * The calculated use of unlawful violence or threat of unlawful violence to inculcate fear; intended to coerce or to intimidate governments or societies in the pursuit of goals that are generally political, religious, or ideological (U.S. Department of Defense, 2007) * Academic Definition * An anxiety-inspiring method of repeated violent action, employed by (semi-) clandestine individual, group or state actors, for idiosyncratic, criminal or political reasons, whereby - in contrast to assassination - the direct targets of violence are not the main targets... * ... The immediate human victims of violence are generally chosen randomly (targets of opportunity) or selectively (representative or symbolic targets) from a target population, and serve as message generators... * ... Threat- and violence-based communication processes between terrorist, victims, and main targets are used to manipulate the main target (audience), turning it into a target of terror, a target of demands, or a target of attention, depending on whether intimidation, coercion, or propanda is primarily sought (Schmid, Alex P., and Albert J. Jongman, et al., 1988)
What is Terrorism? * an act of violence * the victimization of innocents * methodical or serial operations * advanced planning * demands (political, religious, philosophical, ideological, racial, ethnic) * performed for an audience * intended to instill fear, or terror
United Nations (Anti-Terrorism Measures) Ordinance, Cap. 575 * An Ordinance to further implement a decision of the Security Council of the United Nations in its Resolution 1373 of 28 September 2001 relating to measures for the prevention of terrorist acts, and in that connection, to permit the implementation of the United Nations International Convention for the Suppression of Terrorist Bombings, the United Nations Convention for the Suppression of Unlawful Acts Against the Safety of Maritime Navigation and the United Nations Protocol for the Suppression of Unlawful Acts Against the Safety of Fixed Platforms Located on the Continental Shelf; to implement certain of the Special Recommendations on Terrorist Financing of the Financial Action Task Force; and to provide for matters incidental thereto or connected therewith. (s.1) * Application of Certain Provisions outside HKSAR (s.3) * Freezing of Funds (s.6) * Prohibition against false threats of terrorist acts (s.11) * Prohibitions against bombing of prescribed objects (s.11B) * Other Prohibitions (s.7, 8, 9, 10, 11E, 11F, 11G)
Cyber Terrorism * Deployments, by known terrorist organizations, of disruption attacks against information systems for the primary purpose of creating alarm and panic * The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives (Ronald McDonald of the Technolytics Institute) * Premeditated, methodological, and ideologically motivated dissemination of information, facilitation of communication, or attack against digital information, computer systems, and/or computer programs which requires advanced planning and is intended to result in social, financial, physical, or psychological harm to noncombatant targets and audiences; or any dissemination of information which is designed to facilitate such actions. (Marjie T. Britz) * Internet used by Terrorist as: * Propaganda, information dissemination, recruiting, and fundraising * Training * Communication * Research and planning * Criminal Activities and Money Laundering * Attack Mechanism
Lecture 8 Identity and Privacy
Identity Theft
The illegal use or transfer of a third party’s personal identification information with unlawful intent (Marjie T. Britz)
A vast array of illegal activities based on fraudulent use of identifying information of a real of fictitious person (Marjie T. Britz)
Identity Theft * Credit card fraud * stolen credit cards, duplicated cards * new cards opened in victims’ name * Finance fraud * bank account opened in the victim’s name * counterfeit checks * taking out a loan * Utility fraud * opens new phone, electricity, water, gas or cable accounts * Document fraud * A victim’s government-issued document, e.g. ID card or passport, is used to get new identification or government benefits * Login ID Fraud * login ID is used for false pretense * use to further apply other online identities * Mobile / SMS Fraud
What is ‘Identity’? * Physical Identity - Appearance... * Biological Identity - DNA, fingerprint... * Social Identity - ID No., Passport No. * Virtual Identity - Login ID
Personal Data (Privacy) Ordinance, Cap. 486
* Amended 1 October 2012 * What is Personal Data? * Interpretation (s.2)
(s. 2) “personal data” means any data-
(a) relating directly or indirectly to a living individual;
(b) from which it is practicable for the identity of the individual to be directly or indirectly ascertained ; and
(c) in a form in which access to or processing of the data is practicable; * (s.3) This Ordinance binds the Government * (s.4) A data user shall not do an act, or engage in a practice, that contravenes a data protection principle unless the act or practice, as the case may be, is required or permitted under this Ordinance. * Data Protection Principles (Schedule 1)
1-purpose and manner of collection of personal data
2-accuracy and duration of retention of personal data
3-use of personal data
4-security of personal data
5-information to be generally available
6-access to personal data
Lecture 9 Digital Evidence, Computer Forensics & Global Challenge
Digital Evidence
Basic Law of Hong Kong * Article 87 : Presumption of Innocence * “In criminal or civil proceedings in the Hong
Kong Special Administrative Region, the principles previously applied in Hong Kong and the rights previously enjoyed by parties to proceedings shall be maintained. Anyone who is lawfully arrested shall have the right to a fair trial by the judicial organs without delay and shall be presumed innocent until convicted by the judicial organs.”
Evidential Test for Prosecution * Prima facie case * Likelihood of conviction for prosecution case * Prosecution guideline (Department of Justice, Hong Kong, 2002) * Initiate Prosecution Process when evidence is capable of proving the guilt of suspect * Court to prove beyond reasonable doubt * Appeal mechanism
General Matters on Evidence * Evidential value and strength * Availability, competence and credibility of witness, their likely impression on the court * Admissibility of evidence, such as the accused’s confession * Potential defence, e.g. alibi * Disclosure by prosecution
Digital Evidence * Volatile (in memory until storage) * Fragile (easily altered or destroyed) * Latent (cannot be ‘seen’, need process and equipment to interpret it) * Many hidden features (e.g. slack areas, Staganography, digital watermark, etc.) * Different representations – physical and logical independency (e.g. deleted files, data packets, dynamic web contents, user input form vs. database representation, etc.) * Intangible (e.g. e-cash in Octopus card, digital signature, etc.) * Copy as good as original, what is original and what is the copy? * Rapid evolution - changing versions and technologies
What Else Digital Evidence Can Prove? * actus reus - evidence of the act (through text search, data carving, evaluation of images, network analysis) * mens rea - evidence of the guilty mind (use of data hiding techniques, deletion of wiping, composition of passwords, etc.) * concurrence and causation - evidence of the relationship between the act, the intention, and the harm (timeframe analysis) * harm - evidence of the actual harm suffered (child porn. photos, video of the criminal act) * ownership - evidence of ownership of questioned digital information (timeframe analysis, evaluation of password, apps or file analysis)
Evidence Ordinance (Cap. 8) * Documentary evidence in criminal proceedings from computer records (s.22A) * Provisions supplementary to sections 22 and 22A (s.22B) * making documentary evidence from computer records acceptable in criminal proceedings * Admissibility and Weight
Acceptance of Digital Evidence in Court * Finally, computer is defined in law!!! * “computer” means any device for storing, processing or retrieving information, and any reference to information being derived from other information is a reference to its being derived there from by calculation, comparison or any other process. * Essentially, admissibility of digital evidence from a forensic standpoint depends on: * The person producing it having practical knowledge, and experience * The computer operating properly, or if not, the accuracy of the evidence not affected * Weight is loosely quantified & depends on: * Evidence being recovered contemporaneously * No reason or incentive for tampering * The person producing the evidence must write a computer ‘certificate’ to support his/her findings and ensure that the law has been complied with.
Digital Evidence: Challenge * Lacked of qualified personnel * Absence of Computer Forensic Laboratories and related facilities, tools * Training of techniques and skills * Overlooking of procedures, routines, chain of evidence * Contamination of digital evidence * Destroying potentially critical digital evidence
Computer Forensics
A scientific and systematic methodology in identifying, searching, preserving, recovering, retrieving, and analyzing digital evidence from computers, computer storage media and electronic devices, and presenting the findings which meet the standards required by Court of Law
A Typical Forensic Investigation Process * Establish Forensically Sterile Conditions * Ensure Legitimacy and Capabilities of Analysis Tools * Physical Examination * Creation and Verification of Image * Bypass CMOS Password * Short Circuiting the Chip... * Pulling the Battery * Default Passwords * Social Engineering/Brute Force * Key Disks * Image Verification * Logical Examination * File Restoration... * Files Listing * Examine Unallocated Space for Data Remnants * Unlocking Files * Brute Force/Social Engineering * Program Defaults and Program-Specific * Crackers * Examine User Data Files * Piping of Evidence... * Examine Executable Programs * Evidence from Internet Activity * Network and Live Forensics
Challenge in Forensics * Surveillance? * Interception of Communication and Surveillance Ordinance (CAP 589) – impact on cybercrime forensics * Digital evidence acquisition... collection of historical record or surveillance? * Mobile Device Forensics & Mobility Forensics * billion mobile subscribers (2011) (IDC) * “1.55 billion mobile phones sold worldwide in 2011” (1.39b in 2010, 1.2b in 2009, 1.28b in 2008... 1.15b in 2007...) (IDC) * Growth is led by China and India, account for 30%+ world subs (IDC) * Growing OS Platforms * RIM Blackberry * Apple iOS * Nokia Symbian * Google Android * Microsoft Windows Mobile * Palm OS * ... and others... * Cannot analyze/clone handset data when powered off * Concern over receiving signals * Handling procedures from 1st responder to analysis * Battery life! * Identity * “Central to Fraud is the concept of identity” * “Central to the concept of identity is technology” * Virtualization & Cloud computing * Where will we find tomorrow’s evidence? * No longer residing in your computer * Might not even be in your country of residence * Does business care about logging? * Does business care about backup? * Does business care about anything other than profit (short term profit)? * Live & Network Forensics * Traditional Forensics: Unplug the computer! * Not any more for live & network forensics... * or the data will be gone * no more logged in session * no more capturing to what’s ‘going on’ * New tools, New techniques, New competence * Impact bring along by New Media?
Mobile phone content and use statistics (Apr 2008) * 88% of teenagers regularly communicate via SMS * 76% of teenagers use the internet to Instant Message friends; * 71% of teenagers use their mobiles as a portable mp3 player * 70% of teenagers take photos and videos, up from 11% in the 2006 * 64% of teenagers play games, up from 51% in 2006
Mobile phone content and use statistics (May 2011) * 92% of teenagers have a mobile phone * 42% a smartphone * 58% brand new phone in 1-6 months * 32% have facebook on mobile * 25% regularly download apps * ... and the figures are rising.
Mobile phone content and use statistics (March 2012) * 23% of teenagers 12-17 have a SMARTPHONE * 54% teenagers regular mobile * 23% teenagers NO phone * 91% teen Smartphone owners on social media * 31% ages 14-17 have a SMARTPHONE * again, the figures are rising.
Global Challenges in Cybercrime * Attackers across the border * Single incident involves multiple jurisdictions * Mutual legal assistance between countries * Taking Evidence * Search and Seizure * Production of materials * Removal from/to Hong Kong * Release of Persons * Arrest * Confiscation * Evidence in the ‘cloud’ * Criminals early adoption to latest technologies * Global Botnets, local defence * Underground attackers global network
Lecture 12 Virtual Policing and Cybercrime Investigation
What is Virtual Policing * Cyber patrol * Cyber intelligence gathering * Cyber crime detection & investigation * Cyber crime prevention * Cyber public order management * And ... * Policing using virtual means.
[What about policing in a virtual world?]
How to proceed with the investigation? * Elements of the offence? * Access to Computer with Criminal or Dishonest Intent * Intent to commit crime * Dishonest intent to deceive * View to Dishonest gain -> himself / another * Dishonest intent -> cause loss to another * What is the evidence required? * What are the evidence Part 1 * The laptop computer in question * a forensic image of its hard disk drive * file list, program list, program installation date stamp * file access logs, last open date stamp * temporary Internet files, cache, cookies, browsing history * file execution history of other Internet services, e.g. FTP * image files in question, .jpg, .png, .tif, .bmp, etc. * Video file also. Why? * encrypted, zip, etc. files, their access and log record * password, keychain * analysis of the OS in question, any login, login password, encryption applied * What are the evidence Part 2 * obtain hash value from the files in question, e.g. MD5, SHA * hash value... what is it? * What are the evidence Part 3 * Similar acquisition to the suspect’s computer(s), including laptop, desktop, netbook, iPhone, iPad !! * Locate for suspected files (may not be same file name) * Calculate the hash value to ascertain they are actually the same files * File creation, access, modification information * Internet access traces, incl. temporary Internet files, cache, cookies, browsing histories * Internet access account details, ISP, web mails, online storage, social networking, discussion forums, web albums, photos, videos, etc. * What are the evidence Part 4 * ISP (Internet Services Provider) for I.P. address resolution * Respective website providers for activities logs to respective services (e.g. Microsoft for Hotmail, Google for Gmail, Yahoo! for Yahoo! Mail) * Map the activities to the I.P. address * Last Mile... * Map the user to the computer * Direct evidence v. collaborative evidence a) Direct evidence: admission b) Collaborative evidence: everything suggests the same suspicion * Where to obtain them?
Lecture 12 Information Security Governance and Incident Response
Information Security 1. Confidentiality 2. Integrity 3. Availability
Information Security Governance
Incident Security Governance 1. The set of responsibilities and practices exercised by the board and executive management with the goal of: * providing strategic direction, * ensuring that objectives are achieved, * ascertaining that risks are managed appropriately, and * verifying that the enterprise’s resources are used responsibly 2. Strong information security governance can offer many benefits to an organization including: * Demonstration of due care which helps to address the potential for civil and legal liability * Provides assurance of policy compliance * Lowering risks to definable and acceptable levels 3. benefits... (cont’d): * Improves trust in customer relationships * Protects the organization’s reputation * Provides accountability for safeguarding information during critical business activities
Governance Framework
[System Procedure People] * Policies * Standards * Procedures * Guidelines * Architecture(s) * Controls—physical, technical, procedural * Countermeasures * Layered defenses * Technologies * Personnel security * Organizational structure * Roles and responsibilities * Skills * Training * Awareness and education * Audits * Compliance enforcement * Threat analysis * Vulnerability analysis * Risk assessment * Business impact assessment * Resource dependency analysis * Outsourced security providers * Other organizational support and assurance providers * Facilities * Environmental security
Incident Response Management
The Goal: to identify, analyze, manage and respond effectively to unexpected events that may adversely affect the organization’s information assets and/or its ability to operate. * Develop and implement processes for detecting, identifying, analyzing and responding to information security incidents. * Establish escalation and communication processes and lines of authority. * Develop plans to respond to and document information security incidents. * Establish the capability to investigate information security incidents * Develop a process to communicate with internal parties and external organizations * Integrate information security incident response plans with the organization’s disaster recovery (DR) and business continuity plan. * Organize, train, and equip teams to respond to information security incidents. * Periodically test and refine information security incident response plans. * Manage the response to information security incidents. * Conduct reviews to identify causes of information security incidents, develop corrective actions and reassess risk.
Incident Management System * Consolidate inputs from multiple systems * Identify incidents or potential incidents * Prioritize incidents based on business impact * Track incidents until they are closed * Provide status tracking and notifications * Integrate with major IT management systems * Implement good practices guidelines
You May Also Find These Documents Helpful
-
Failure to exercise reasonable care that results in injury to another; damaging actions that are careless, unintentional, and unplanned…
- 2179 Words
- 9 Pages
Powerful Essays -
The computer world gives criminals a large amount of power because victims can just about anyone and can happen internationally (Maras, 2015). It can be hard for law enforcement to understand cybercrime because of how fast new crimes are committed and the new ways to commit those crimes is constantly changing (Maras, 2015). For example, various ways to commit cybercrime include hacking, malware, cyberterrorism, cyberextortion, and cybervandalism (Maras, 2015). It can be hard for law enforcement to keep up with these criminals because of how often technology is changing. Account holders of platforms such as social media, online bank accounts and billing accounts, email, and more have to be very cautious when using technology because of how easy…
- 471 Words
- 2 Pages
Good Essays -
for the hacker is for financial gain. Cybercrime is about making a profit and continuing to make…
- 1094 Words
- 5 Pages
Good Essays -
Cybercrime, also called computer crime because the use of a computer is used as tool to help people meet their illegal ends. Some cybercrime examples are committing fraud, trafficking in child pornography and intellectual property, stealing other peoples identity, or violating privacy of others.…
- 395 Words
- 2 Pages
Good Essays -
Criminal law is made up of precedents which are guidelines that we have to follow. If we do not follow these guidelines known as laws we are at risk of punishment. If a person commits a crime, they are sent to court to receive a suitable punishment. When a crime is committed, it is committed against the state with ‘the state’ meaning all of us. (Class Notes, 2009)…
- 1366 Words
- 6 Pages
Good Essays -
| Criminal law looks after public interests, and involves punishing and rehabilitating offenders, and protecting the society. A person reports a crime to the police and then they investigate the matter and find the suspect. If the charge has been properly presented and is enough supporting evidence of it, the Government, not the person who complains of the incident, prosecutes it in the courts. In a Criminal Case defendant may be found guilty or not.…
- 1145 Words
- 5 Pages
Better Essays -
There are classifications and categories of law that can be helpful to use to determine what law corresponds with a particular action or crime. Some of the laws we will be looking at in this paper are; substantive law, procedural law, criminal law, civil law, common law, and statutory law.…
- 491 Words
- 2 Pages
Good Essays -
a lawsuit and the defense analyze the case in more or less the same way. One of the…
- 1662 Words
- 7 Pages
Powerful Essays -
I have been asked to write a paper concerning cybercrime in the world today. I will go over what cybercrime is, how much it is affecting the United States, possible ways of enforcement and why or why not enforcement would be effective.…
- 596 Words
- 3 Pages
Good Essays -
Computer crime, or cybercrime, refers to any crime that involves a computer and a network, where the computers may or may not have played an instrumental part in the commission of a crime.[1] Netcrime refers, more precisely, to criminal exploitation of the Internet.[2] Issues surrounding this type of crime have become high-profile, particularly those surrounding hacking, copyright infringement, child pornography, and child grooming. There are also problems of privacy when confidential information is lost or intercepted, lawfully or otherwise.…
- 1139 Words
- 5 Pages
Powerful Essays -
P.R. Patil and D.V. Bhosale Dept. of Defence & Strategic Studies, Tuljaram Chaturchand College, Baramati, DistPune, Maharashtra, India…
- 2381 Words
- 10 Pages
Powerful Essays -
Since the internet had been introduced to public during the mid-1990s, it had changed the human’s lifestyle. Until now, with the finger clip at home, we can buy all the things we need, enjoy the music and movie without going to cinema, and also contact with friends and families whose are staying at other countries. Computer and internet have brought a lot of convenience to us. They make our life easier and complete. But just like a Chinese proverb mentioned: “water can carry a boat, can also capsize it.” Internet and computer can bring many benefits when we use it wisely and vice versa, it also giving the chance to the criminals to use it to prey on unsuspecting victims who are IT-savvy.…
- 2925 Words
- 12 Pages
Best Essays -
The term criminal law, sometimes called penal law, refers to various rules whose common characteristic is…
- 6313 Words
- 21 Pages
Powerful Essays -
In the past few years, increase in cybercrime conducted through the Internet, has emerged as a significant concern for government. The Cybercrime Prevention Act of 2012, officially recorded as Republic Act No. 10175, is a law in the Philippines approved on September 12, 2012. It aims to address legal issues concerning online interactions and the Internet in the Philippines. Among the cybercrime offenses included in the bill are cybersquatting, cybersex, child pornography, identity theft, illegal access to data and libel. Under the new act, a person found guilty of libellous comments online, including comments made on social networks such as Facebook and Twitter or blogs, could be fined or jailed. The act is also designed to prevent cybersex, defined as sexually explicit chat over the internet - often involving "cam girls" performing sexual acts in front of webcams for internet clients.…
- 360 Words
- 2 Pages
Satisfactory Essays -
I strongly agree to the idea of the authorities monitoring what is happening on social media’s such as MSN chats, Facebook profiles, Twitter, and other social websites being used.…
- 753 Words
- 4 Pages
Good Essays