cyber security attacks - critical legal and investigation aspects
DESCRIPTION
Cyber Security Attacks - Critical Legal and Investigation AspectsTRANSCRIPT
![Page 1: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/1.jpg)
2
By Zaid Hamzah
4 June 2014
Email: [email protected] www.cybersecuritylaw.asia
Workshop 4
Cybersecurity Attacks Critical Legal & Investigation Aspects
You Must Know
![Page 2: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/2.jpg)
Objectives
1. Equip participants with the concepts and principles of computer crime laws and regulations
2. Understand investigative measures, methods and techniques which can be used to determine if a computer crime has been committed.
3. Understand methods to gather, preserve and present evidence of a computer crime
4. Provide an overview of the cybersecurity law in Singapore (Computer Misuse and Cybersecurity Act (Chapter 50A).
3
![Page 3: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/3.jpg)
What we will cover 1. Learn how to identify legal risk issues in the design,
development and management of information technology security systems
2. Understand key legal risk management principles and strategies that organizations should adopt as part of their information security policy;
3. Know how to carry out investigation processes and techniques when a computer crime is suspected to have been committed;
4. Understand how to manage digital evidence to ensure that such evidence meets the legal standards and requirements in court proceedings;
5. Learn how they can better deal with legal and regulatory compliance in information security arena including understanding criminal prosecution procedures under Singapore’s cybersecurity law.
4
![Page 4: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/4.jpg)
5
• Advocate & Solicitor, Singapore
• Solicitor, England & Wales
• Author of 9 books including “E-security Law &
Strategy” (other 8 books on Strategic Legal Risk
Management, Information Technology Contracts,
Biotechnology, Biomedical Science Law, Private Equity
and Venture Capital, IP Law and Strategy”)
Over 26 years of professional work experience including:
• Director for Intellectual Property at Microsoft, Asia Pacific,
• Chief Legal, Regulatory & Compliance Officer, Telekom
Malaysia
• Founder of software company, i-Knowledge Technologies
• Principal, SLG Consultants (regional business &
investment consultancy)
• Lawyer, Khattar Wong & Partners (law firm in Singapore)
• Singapore Government Service
About Zaid Hamzah
Present Role: Advisor to governments, enterprises, research institutions on IPR,
technology commercialization, IP-based financing, intellectual capital management
Entrepreneur: www.intellectualfutures.com
![Page 5: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/5.jpg)
6
E-Security Law & Strategy by Zaid Hamzah
Publisher Lexis Nexis, 2005
www.lexisnexis.com.my
ISBN 967-962-632-6 (paperback)
E-Security Law and Strategy provides a concise and management-oriented legal guide on key aspects of information security and computer forensics, an emerging practice area that deals primarily with the management of digital evidence. Aimed at IT professionals and business executives in corporations, organizations and government agencies as well as lawyers seeking an
introduction to this emerging practice area.
![Page 6: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/6.jpg)
7
1. Cyber-attacks harm national security and business interests -
usually considered criminal acts in most jurisdictions.
2. In managing the security aspects of the networked
environment, understanding how the law and legal process
operates is critical to cybercrime management
3. Knowing how digital evidence should be managed is critical
to successful prosecution in the courts.
4. Creating a robust legal framework and prosecution regime is
an essential building block in the fight against cybersecurity
breaches – this should be part of a proactive and structured
risk management framework.
KEY TAKE-AWAYS
![Page 7: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/7.jpg)
GENERAL PRINCIPLES
8
![Page 8: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/8.jpg)
9
Cybercrime – The Legal Aspects
The law operates in all aspects – You must understand legal issues &
ramifications
Chain of
Custody
Integrity of
Evidence
Burden of Proof
Admissibility of
Evidence
![Page 9: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/9.jpg)
10
The Legal & Investigation Cycle
Intrusion
Detection
Evidence Preservation
& Analysis Investigation
Prosecution
Legal Aspects
are Integral
Parts of Cycle
![Page 10: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/10.jpg)
11
Strategies to Manage Legal Aspects
Compliance with the law
Evidence produced must meet legal standards
Collection of evidence must comply with laws of criminal
procedures
![Page 11: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/11.jpg)
• For successful criminal prosecution: – Must acquire the evidence while preserving the
integrity of the evidence • No damage during collection, transportation, or storage • Document everything • Collect everything the first time
– Establish a chain of custody
• What to watch out for……. – Don’t work on original evidence! – Can perform analysis of evidence on exact copy! – Make many copies and investigate them without
touching original – Can use time stamping/hash code techniques to
prove evidence has not been compromised
Key Aspects
![Page 12: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/12.jpg)
DIGITAL FORENSICS
13
![Page 13: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/13.jpg)
14
Digital Forensics & the Law
Computer Forensics: An autopsy of a computer or network to uncover digital evidence of a crime Role of Evidence in the Court Evidence must be preserved and hold up in a court of law
![Page 14: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/14.jpg)
HOW THE LAW OPERATES
15
![Page 15: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/15.jpg)
16
1. Need to determine if it is a crime or a
civil wrong
2. All depends on the laws of the country –
so if hacking is not a criminal offence in a
particular country, cybercriminals cant
be put in jail in that country
3. Most cybercrimes are cross border in
nature – so one needs to know how to
deal with cross border legal issues
Types of Offences & Civil Wrongs
![Page 16: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/16.jpg)
WHAT IS A CYBERCRIME?
17
![Page 17: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/17.jpg)
18
Example of a Criminal Offence
3.—(1) Subject to subsection (2), any person who knowingly causes a computer to perform any function for the purpose of securing access without authority to any program or data held in any computer shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $5,000 or to imprisonment for a term not exceeding 2 years or to both and, in the case of a second or subsequent conviction, to a fine not exceeding $10,000 or to imprisonment for a term not exceeding 3 years or to both.
Unauthorised access to computer material
Criminal intention + Action = CRIME
![Page 18: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/18.jpg)
THE LEGISLATIVE FRAMEWORK IN
SINGAPORE
19
![Page 19: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/19.jpg)
20
Part I PRELIMINARY
Part II OFFENCES
3 Unauthorised access to computer material
4 Access with intent to commit or facilitate commission of offence
5 Unauthorised modification of computer material
6 Unauthorised use or interception of computer service
7 Unauthorised obstruction of use of computer
8 Unauthorised disclosure of access code
9 Enhanced punishment for offences involving protected computers
10 Abetments and attempts punishable as offences
Part III MISCELLANEOUS AND GENERAL
11 Territorial scope of offences under this Act
12 Jurisdiction of Courts
12A Composition of offences
13 Order for payment of compensation
14 Saving for investigations by police and law enforcement officers
15 (Repealed)
15A Cybersecurity measures and requirements
16 Arrest by police without warrant
COMPUTER MISUSE AND CYBERSECURITY ACT
![Page 20: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/20.jpg)
21
Part II OFFENCES
3 Unauthorised access to computer material
4 Access with intent to commit or facilitate commission of offence
5 Unauthorised modification of computer material
6 Unauthorised use or interception of computer service
7 Unauthorised obstruction of use of computer
8 Unauthorised disclosure of access code
9 Enhanced punishment for offences involving protected computers
10 Abetments and attempts punishable as offences
COMPUTER MISUSE AND CYBERSECURITY ACT
![Page 21: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/21.jpg)
MANAGING DIGITAL EVIDENCE
22
![Page 22: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/22.jpg)
23
Integrity of Evidence
Admissibility of Evidence
Weightage of Evidence
Concepts
Burden of Proof Beyond reasonable doubt
Cannot be illegally obtained
If not strong, not so useful (but you can try)
Tampered evidence cannot be used
![Page 23: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/23.jpg)
24
1. Physical evidence
2. Digital Evidence
Evidence Management Lifecycle
Identify Evidence
Collect Evidence
Process Evidence
Analyze Evidence
Present in report
IP addresses are
like the digital
fingerprint
![Page 24: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/24.jpg)
COMPUTER MISUSE AND CYBERSECURITY ACT
25
Additional slides provided by Mr Benjamin Ang
Part 2
![Page 25: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/25.jpg)
Computer Misuse and Cyber Security Act
CMA Crimes – committed against computers
• ”for securing computer material against unauthorised access or modification”
• Deals largely with “pure” computer crimes i.e. crimes against computer systems e.g. Hacking, stealing information
Other Crimes (or Torts) – committed using computers
• Spreading pornography
• Spreading sedition
• Running illegal gambling operations
• Defamation
• Fraud e.g. scam emails
26
![Page 26: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/26.jpg)
Computer Misuse Act offences
Section Offence
S. 3 Unauthorised access
S. 4 Access with intent to commit further offence
S. 5 Unauthorised modification
S. 6 Unauthorised use of computer service
S. 7 Unauthorised obstruction of use
S. 8 Unauthorised disclosure of access codes
S. 9 Enhanced Punishment for Protected computers
27
![Page 27: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/27.jpg)
Section 3 - Unauthorised access
• Where a person, without authority, accesses the data or a program stored in a computer.
– Hacking
– Snooping around
– Accessing commercially sensitive information e.g. financial database of bank
– Accessing someone else’s email, social media
28
![Page 28: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/28.jpg)
Section 4 - Access with intent to commit further offence
• Where a person uses a computer with intent to commit an offence (theft, cheating/fraud or bodily injury) – Setting up online transactions to transfer money from
another person’s account
– Credit-card skimming to make purchases
– Credit-card skimming to create counterfeit cards
– Illegal altering of stored value of cinema smart cards
• The ACCESS is an offence even if the final offence (theft, fraud etc) was no completed
29
![Page 29: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/29.jpg)
Section 5 - Unauthorised modification
• Where a person causes unauthorised modification (changes, erases, copies, moves, uses) of the contents of any computer.
– Intentionally introducing a virus
– Deleting someone else’s data
– Changing someone else’s data
30
![Page 30: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/30.jpg)
What offences were committed?
• Lim Siong Khee v PP: Lim and victim broke up their relationship; three of victim’s friends received an e-mail sent from her account giving lurid details of her relationship with Lim
• PP v. Lim Boon Hong: Skimmed data stored on the magnetic strips of credit cards for the purpose of the cheating credit card companies
• Law Aik Meng v PP: Skimmed data from genuine ATM cards to manufacture cloned ATM cards
• Navaseelan Balasingam v PP: Used cloned ATM cards to withdraw money
31
![Page 31: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/31.jpg)
Section 6 - Unauthorised use of computer service
• Where a person gains access without authority to any computer for the purpose of obtaining, directly or indirectly, any computer service.
– Using someone else’s account without permission
– Using someone else’s wi-fi without permission
32
![Page 32: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/32.jpg)
Section 7 - Unauthorised obstruction of use
• Where a person interferes with, or interrupts or obstructs the lawful use of a computer.
– Email bombs, ‘ping’ attacks, viruses
– All kinds of Denial of Service (DOS) attacks
33
![Page 33: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/33.jpg)
Section 8 - Unauthorised disclosure of access codes
• Where a person knowingly and without authority, discloses
– any password,
– access code or
– any other means of gaining access to any program or data held in any computer.
34
![Page 34: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/34.jpg)
What offences were committed?
• PP v Mohd Nuzaihan: Reconfigured a company’s server to create an IRC account for himself; then used the company’s high speed link to download files from the Internet
• PP v Kendrick Tan: Sent 2,500 e-mail to 3 different addresses at the HDB, asking for a response
• Sicknet case: 2 hackers obtained the passwords of several Singnet subscribers and posted them on a US-based website called Sicknet
35
![Page 35: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/35.jpg)
Section 9 – “Protected” computers
• The offender gets an enhanced sentence if he/she knew that the computer is used for – – Security, defence, international relations;
– confidential source of information relating to the enforcement of a criminal law;
– communications infrastructure, banking and finance, public utilities, public transportation or public key infrastructure;
– public safety, essential emergency services (police, civil defence and medical services)
36
![Page 36: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/36.jpg)
SEARCH & SEIZURE OF DIGITAL EVIDENCE
37
![Page 37: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/37.jpg)
SEARCH AND SEIZURE CRIMINAL PROCEDURE CODE
38 Power of court to impound document or other thing produced
39 Power to access computer
40 Power to access decryption information
![Page 38: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/38.jpg)
38 Power of court to impound document or other thing produced
• A court may, if it thinks fit, impound any document or other thing taken under this Code and produced before it.
39
![Page 39: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/39.jpg)
39 Power to access computer
• 39.—(1) A police officer or an authorised person, investigating an arrestable offence, may at any time —
• (a) access, inspect and check the operation of a computer that he has reasonable cause to suspect is or has been used in connection with the arrestable offence; or
• (b) use or cause to be used any such computer to search any data contained in or available to such computer.
40
![Page 40: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/40.jpg)
39 Power to access computer
• (3) Any person who obstructs the lawful exercise by a police officer or an authorised person of the powers under subsection (1), or who fails to comply with any requirement of the police officer or authorised person under subsection (2), shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $5,000 or to imprisonment for a term not exceeding 6 months or to both.
41
![Page 41: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/41.jpg)
40 Power to access decryption information
• (2) The police officer or authorised person referred to in subsection (1) shall be entitled to —
• (a) access any information, code or technology which has the capability of retransforming
• or unscrambling encrypted data into readable and comprehensible format or text for the purposes of investigating the arrestable offence;
42
![Page 42: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/42.jpg)
40 Power to access decryption information
• (b) A police officer can also require —
• any person … having charge of, or otherwise concerned with the operation of, such computer, to provide him with such reasonable technical and other assistance as he may require; and
• require any person whom he reasonably suspects to be in possession of any decryption
• information to grant him access to such decryption information as may be necessary
43
![Page 43: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/43.jpg)
CONFIDENTIAL INFORMATION
44
![Page 44: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/44.jpg)
Elements of Confidence
• The following information will be protected
– The information was confidential to the business/company;
– The information has been revealed in breach of a promise of confidence;
– The information was used in an improper way that has resulted in financial damage to the business/company.
• The owner of the information can sue for an injunction or damages
![Page 45: Cyber Security Attacks - Critical Legal and Investigation Aspects](https://reader035.vdocument.in/reader035/viewer/2022062702/554971a2b4c9056e598b52c4/html5/thumbnails/45.jpg)
END
46