Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sri Lankan perspective in meeting the Cyber crime challenge

Similar presentations


Presentation on theme: "Sri Lankan perspective in meeting the Cyber crime challenge"— Presentation transcript:

1 Sri Lankan perspective in meeting the Cyber crime challenge
by Lal Dias Chief Operating Officer, Sri Lanka CERT

2 Role of Cyber systems in Sri Lanka
e-Sri Lanka Development Initiative Multi-faceted program Objectives Bridge digital divide Improve delivery of public services Increase competitiveness of private sector Accelerate social development Poverty reduction

3 e-Sri Lanka Development Initiative
Major Programs of e-Sri Lanka ICT Policy, Leadership & Institutional Development Information Infrastructure Re-engineering government ICT Human Resources Capacity Building ICT Investment & Private sector Development E-Society ICT Agency of Sri Lanka established to spearhead the e-Sri Lanka Development Initiative

4 e-Sri Lanka Development Initiative
ICT Policy, Leadership & Institutional Development Program e-Laws Project Electronic Transactions Act No. 19 Sri Lanka Computer Crimes Act No. 24 e-Leadership Development Project Information Infrastructure Sri Lanka CERT Project

5 e-Sri Lanka Projects e-Laws Project Electronic Transactions Act No. 19
Law to enable validation of e-Commerce, e-Signature and e-Contracting Sri Lanka Computer Crimes Act No. 24 Identification, Investigation and Enforcement of computer crimes

6 e-Sri Lanka Projects e-Leadership Development Project
Develop a pool of champions to enforce security policies, monitor fraudulent activities and promote best practices Sri Lanka CERT Project National CERT mandated to protect Sri Lanka’s ICT infrastructure from attacks, be the single, trusted source for information on cyber crime techniques and coordinate efforts to handle Cyber crime incidents

7 Conflict of Systems e-Sri Lanka introduces new challenges in fighting cyber crime: New (due to e-Sri Lanka) Traditional SLCERT Forensics Team SLCERT Incident Handling Computer Crimes Act E-Transactions Act New reporting mechanisms Police Investigation Team CID NIB Existing Penal Code Traditional Reporting mechanisms

8 Cyber crime in Sri Lanka: 2007

9 Cyber crime in Sri Lanka
Prosecution of Cyber crime cases Total Cases: 17 Total Cases: 9 Total Cases: 4

10 Computer Crimes Act Timeline
1995: Work started by CINTEC Law Committee 1997: Working paper on Computer crime Act submitted Decision to be made: Develop provisions for prosecution of cyber crimes under existing penal code OR develop a Subject specific law? 2000: decision to develop Subject specific legislation 2005: Bill finalized and presented in Parliament 2006: Further review by Parliamentary committee 2007: Passing of bill in parliament Computer Crime Act currently not enforced fully

11 Computer Crimes Act Features
Provides clear structure for conducting of investigations and jurisdictions Provides distinct cyber crime categories and the corresponding parameters under which a case may be prosecuted, including maximum or minimum applicable penalties Use of Generic terms, so that even if technology changes, the nature of the crime will remain the same (example: phishing, vishing & phaxing) Provision of Cross Extradition arrangement with Council of Europe signatories. Increased ability to prosecute cases beyond Sri Lanka’s borders Clear statement of Resources that would be brought to bear on the case, including, among others, “experts”.

12 Computer Crimes Act Cyber crime Categories Computer-related offenses
Computers used as tools for criminal activity (Theft, fraud) Hacking Activities which affect CIA of computer system or network (includes viruses and other malware) Content related offenses Computers with Internet access used to distribute illegal data (copyright infringement, pornography)

13 Computer Crimes Act Parameters Unauthorized Access
Unauthorized Access in order to commit an offence Causing a computer to perform functions without lawful authority Offenses committed against national security Dealing with unlawfully obtained data Illegal interception of data Use of an illegal device Unauthorized disclosure of information

14 Computer Crimes Act: Penalties
Parameter Jail Term (Years) Fine (Rupees) Or Both? Unauthorized Access ≤5 ≤100K Unauthorized Access to commit offense ≤200K Function without Lawful authority ≤300K Offenses Against National Security - × Unlawfully obtained data 0.5≤ ≤3 100K≤ ≤300K Illegal interception Use of illegal devices Unauthorized disclosure

15 Identification of Cyber Crimes
CHALLENGES Identification of Cyber Crimes Limited reporting of crime Lack of trust in reporting methods No guarantee of confidentiality Verifying reports/Authenticity of Reports Genuine report or prank? Due diligence Reporting of crimes found at workplace. Professional obligation vs. Personal inconvenience

16 Investigation of Cyber Crimes
CHALLENGES Investigation of Cyber Crimes Gathering of evidence Maintaining admissibility of evidence Lack of proper structure for cooperation between investigating organizations Poor system for maintenance of chain of custody Weight of Digital evidence in court Lack of understanding of importance of digital evidence Lack of Legal professionals conversant with CCA Jurisdiction NIB, CID, other organizations (SLCERT, TechCERT, etc)

17 Enforcement of Cyber Laws
CHALLENGES Enforcement of Cyber Laws Tendency to prosecute under existing penal code; more lenient penalties (Case studies) Lack of IT Savvy lawyers Lack of ICT Knowledge of judges, making obtaining warrants more time consuming Lack of provisions for prosecuting Cross border crime, such as cross-extradition arrangements, cooperative investigation of cases, etc

18 Case study 1: A Foreign National published false information regarding the sale of DVD players online Online payments credited to Standard Chartered Bank Account Funds withdrawn by offender who left country DVD Players not delivered Suspect arrested upon return to Sri Lanka, fined and deported Problem: Waiting for suspect to return to Sri Lanka. Lack of extradition arrangements.

19 Case study 2: Superimposing nude images on a picture of a Buddha Statue (causing offense) Investigated by CID Cyber Crimes Unit NGO employee arrested Convicted and sentenced to 3 Years imprisonment, suspended for 3 years Problem: Leniency in sentence and enforcement of sentence. Much stronger penalties allowed for under CCA

20 Future plans for cyber crime fighting
Build a defined structure and working relationship between organizations concerned with cyber crime International Judicial Community AG’s Department Inter-Governmental Relationships Police Force NIB CID International Police Community Sri Lanka CERT International CERT Community Cyber crime Reporting Centres

21 Future Plans Identification
Building and maintenance of Cyber Crime Reporting Centres Additional “secured” reporting channels ( , Web) Protection of Confidentiality through Information Security Measures Raises trust Expected Outcome: Reporting of more cases

22 Future Plans Investigation
Develop a Digital Forensics Lab, Larger Forensics team to handle increase in cases Develop clear Chain of Custody procedures Build contacts with Foreign Police forces to increase skills available in investigating complex, cross-border cases and forensics knowledge Expected Outcome: Increased number of successfully prosecuted cases

23 Future Plans Prosecution
Run Awareness Programs for the local judiciary to raise awareness of Computer crimes (attack techniques, potential damage, etc) and the provisions of the Computer Crimes Act (CCA) Build a pool of IT Savvy Legal professionals able to prosecute cases under the CCA Increase number of countries with which Sri Lanka has Extradition Treaties through Government intervention Expected Outcome: Increased number of successfully prosecuted cases

24 THANK YOU


Download ppt "Sri Lankan perspective in meeting the Cyber crime challenge"

Similar presentations


Ads by Google