Cyber Crime

and
Digital signature

Government of Nepal
Ministry of Science , Technology and Environment
Singhadurbar, Kathmandu
 Cyber Crime , Cyber Security- Part I
Digital Signature Part II
 Cyber Crime is a term used to broadly describe criminal activity
in which computers or computer networks are a tool, a target, or
a place of criminal activity and include everything from
electronic cracking to denial of service attacks.

Crime committed using a computer and the internet to steal a

persons identity or illegal imports or malicious programs

cybercrime is nothing but where the computer used as an object

or subject of crime
 Definition of Cyber crime
According to Electronic Transaction Act of Nepal
Theft of computer source code,
Unauthorized access to computer system,
Destructing the computer and computer system,
Illegal publication,
Violation of privacy ,
Providing wrong information,
Compute fraud etc
are known as computer (cyber) crime.
CYBER LAW
Cyber law encompasses laws relating to:
I. Electronic and Digital Signatures
II. Computer Crime
III. Intellectual Property
IV. Data Protection and Privacy
V. Telecommunications Laws
 The Computer as a Target : using a computer (ICT
resources) to attack other computers.
The computer as a weapon : using a computer to
commit real world crimes.

Pornography, Threatening Email, Assuming someone's

Identity, Sexual Harassment, Defamation, Spam and
Phishing are some examples where computers are used to
commit crime, whereas Viruses, Worms and Industrial
Espionage, Software Piracy and Hacking are examples
where computers become target of crime.
 Financial fraud
Sabotage / disrupt of data/networks
Theft of proprietary information
System penetration from the outside
Denial of service/Making Service Unavailable
Unauthorized access by insiders
Employee abuse of internet privileges
Injection of Viruses
 CYBER CRIME
type of activity performed by the intruder
Manipulate data integrity
Installed a sniffer
Stole password files
Proving/scanning systems
Trojan logons
IP spoofing
Introduced virus
Denied use of services
 HACKING
CHILD PORNOGRAPHY
DENIAL OF SERVICE ATTACK
VIRUS DISSEMINITION
COMPUTER VANDALISM
CYBER TERRORISM
SOFTWARE PIRACY
PHISHING
CYBER STALKING
 Hacking in simple terms
means an illegal intrusion
into a computer system
and/or network. It is also
known as CRACKING.
Government websites are
the hot targets of the
hackers due to the press
coverage, it receives.
Hackers enjoy the media
coverage.
The Internet is being highly used by its abusers to reach
and abuse children sexually, worldwide. As more homes
have access to internet, more children would be using
the internet and more are the chances of falling victim to
the aggression of pedophiles.
 This is an act by the criminal, who floods the bandwidth
of the victims network or fills his e-mail box with spam
mail depriving him of the services he is entitled to access
or provide
Malicious software that attaches itself to other software.
(virus, worms, Trojan Horse, web jacking, e-mail bombing
etc)
Damaging or destroying data rather than stealing or
misusing them is called cyber vandalism. Transmitting
virus: These are programs that attach themselves to a file
and then circulate .
Terrorist attacks on the Internet is by distributed denial of
service attacks, hate websites and hate emails, attacks
on sensitive computer networks, etc.
Theft of software through the illegal copying of genuine
programs or the counterfeiting and distribution of
products intended to pass for the original.
 Phishing
Phishing is just one of the many frauds on the Internet,
trying to fool people into parting with their money.

Phishing refers to the receipt of unsolicited emails by

customers of Financial Institutions, requesting them to
enter their Username, Password or other personal
information to access their Account for some reason.
 Cyber Stalking
Cyber Stalking is use of the Internet or other
electronic means to stalk someone.
This term is used interchangeably with online
harassment and online abuse.
Stalking generally involves harassing or threatening
behaviour that an individual engages in repeatedly,
such as following a person, appearing at a person's
home or place of business, making harassing phone
calls, leaving written messages or objects, or
vandalizing a person's property.

 Internet security is a branch

of computer security specifically
related to the Internet.
It's objective is to establish rules
and measure to use against
attacks over the Internet.
 Nepali Crime Scene
The major Cyber Crimes reported, in Nepal, are
Defacement of Websites,
Spam,
Computer Virus and Worms,
Pornography,
VOIP Call Bypass,
Creation/design of Fake /Duplicate documents ,
Phishing and
Fake Social Networking Users ID(fake facebook id in
facebook)
Bank ATM Fraud
 Use antivirus softwares
insert firewalls
uninstall unnecessary software
maintain backup
check security settings
Stay anonymous - choose a genderless screen name
Never give your full name or address to strangers
 Don't respond to harassing or
negative messages (flames)
Get out of uncomfortable or
hostile situations quickly
Save offending messages
Learn more about Internet
privacy
Treat your laptop/Computer like
cash
Cyber Ethics and Laws
Cryptography and digital
signature
 Remember that any email or instant message you send
could come back to haunt you
Lock it when you leave it
If you access the Internet from a shared computer,
make sure you don't leave anything behind
Don't check the "remember my password" box.
When you're done, make sure you log off completely by
clicking the "log off" button before you walk away.
If possible, clear the browser cache and history.
Trash all documents you used, and empty the recycle bin.
Don't reply to unsolicited email messages (spam)
 It's 10 p.m. Do you know whom your kids are chatting
with online?
Don't Trust Links Sent in Email Messages
Stop. Think. Click
If you suspect malware is on your computer
Stop, Confirm, Scan

Backup important files on a regular basis

Don't click on links in pop-ups or banner
advertisements
The Most Dangerous Things You Can Do
Opening attachments from unknown senders
Installing unauthorized applications
Disabling security tools.
Giving/lending passwords
Wireless networks are a huge risk
Filling in web forms and registration pages
Avoid social networking sites
Top Password Tips
Never tell your password to anyone
Never write down your password
Make your password hard to guess do not use the
name of your pet (or your child).
Avoid using words found in a dictionary.
Be sure that you don't use personal identifiers in your
password
10 Scams to Screen from Your Email

Phishing
Foreign Lotteries
Sexual Enhancement products
 The cyber security will defend us from critical attacks.
It helps us to browse the safe website.
Internet security process all the incoming and outgoing
data on our computer.
security will defend from hacks and virus.
The application of cyber security used in our PC needs
update every week.
The security developers will update their database every
week once. Hence the new virus also deleted
Cyber Security Strategies- Nepal
Legal Framework
IT Policy 2067
Electronic Transaction Act 2063
Telecommunication Act 1997
Secure Password Practices 2067

Institutional Development
Ministry of Science Technology and Environment(MoSTE)
Department of Information Technology(DOIT)
Office of Controller of Certification(OCC)
Cyber Forensics Lab
National Information Technology Centre (NITC)
Cyber Cell Hanuman Dhoka
CIB
ITERT(Information Technology Emergency Response Team) Under study
 Part II
Digital Signature and its use
Electronic Record
i. Very easy to make copies
ii. Very fast distribution
iii. Easy archiving and retrieval
iv. Copies are as good as original
v. Easily modifiable
vi. Environmental Friendly

Because of IV & V together, these lack authenticity

Digital Signature
Only electronic originals are legally binding because
they can be checked using trusted software to
determine if they are authentic or not
A digital signature is produced by using the
PKI(Public Key Infrastructure) method.
Digital Signature
Digital signatures help to establish the following
assurances:
Authenticity The digital signature helps to assure that the
signer is who he or she claims to be.
Integrity The digital signature helps to assure that the
content has not been changed or tampered with since it was
digitally signed.
Non-repudiation The digital signature helps to prove to
all parties the origin of the signed content. "Repudiation"
refers to the act of a signer's denying any association with the
signed content.
PIN protected Soft token
Smart Token
User can choose different packaging:

Plug-n-Play Other Electronic Locks

Smart Phone
USB Token

Reader +
Smart Card
USB Token
Smart Card
Digital Certificates
Digital Certificate is a data with digital signature from
one trusted Certification Authority (CA).
This data contains:
Who owns this certificate
Who signed this certificate
The expired date
User name & email address
 Elements of Digital Cert.
A Digital ID typically contains the following information:
Your public key, Your name and email address
Expiration date of the public key, Name of the CA who issued your Digital ID

All copyrights reserved by C.C. Cheung 2003.

Digital Signatures
Pair of keys for every entity

One Public key known to everyone

One Private key known only to the possessor

Digital Signatures
To digitally sign an electronic document the
signer uses his/her Private key.

To verify a digital signature the verifier uses the

signers Public key.
Digital Signature
The message is encrypted with the senders private key
Recipient decrypts using the senders public key

Public
PKA
Document
Document Document

Document
CONFIRMED
Digital Digital Digital
Signature Signature Signature
Private
SKA
 Confidential
Signed Messages
Message Hash
Encrypted
Using Hash function
ENCRYPTSent thru Internet
Message
Message DECRYPT on the message
Message
+ Message + Message +
signature +
signature signature
with Receivers Signature
with Receivers
Public Key Private Key COMPARE
Hash

SIGN hash Hash

With Senders
Private key
VERIFY
Signature
With Senders
Sender Receiver Public Key
Public-Private Encryption
Public key
Public key stored in the directory

First, create public Public Key Directory

and private key

Private key

Public Key
Private key

Private key stored in

Token
Message Encryption
(User A sends message to User B)

Public Key Directory

User Bs Public Key

Encrypted
Text Text

Encryption

User A
Message Encryption
Original Message Encrypted Message

CSC1720 Introduction to
Internet All copyrights reserved by C.C. Cheung 2003. 53
Transfer Encrypted Data

User A User B

Encrypted Encrypted
Text Text

Insecure Channel
Decryption with your Private
key
Encrypted Using Private key in
Text your personal computer

User B
User Bs
Private key
Decryption

Original Text
 How digital Signature works?
User A Transmit via the Internet

Use As private key to sign the document

User B received
the document with
Verify the signature signature attached
by As public key stored
at the directory
User B
What are digital signatures used for? Or its
Advantages

Identification & Authentication

Data Integrity

Non-Repudiation

Security
 Imposter prevention: By using digital signatures you
are actually eliminating the possibility of committing
fraud by an imposter signing the document. Since the
digital signature cannot be altered, this makes forging
the signature impossible.
 Legal requirements: Using a digital signature
satisfies some type of legal requirement for the
document in question. A digital signature takes care of
any formal legal aspect of executing the document.
 PKI
in
Authentication

60
PKI in E-Commerce

61
PKI Structure
Certification Authority Directory services

Public/Private Keys
E-gov
User Application
Services,
Banks,
Webserver
Etc.
 Banking Solution Overview

Browser Internet

End User w/ Mutual Identity Authentication Secure

a Smart Token Server

CA
The Client-side includes:
Smart token
The Server-side includes:
Backend user database integration - issuance, admin , self-service
Front-end (Web site) integration replace password login / logout pages with token pages
Certificate & certificate authority Private (free) or public (annual fee)
 Deployment Overview
$

Web site and backend Token issuance User installs Secure online
server setup to online users Token package transactions

Self-service kiosk, or (Future) Web-based Security

admin station in some self-service for certificate Convenience
branch offices for renewal, token loss, Simplicity
security sensitive work damage, etc. New revenue
Sharper company image
Customer loyalty
E-Commerce
Server-Side Authentication

Internet HTTPS
Browser Secure
Server
(4) SSL authentication
and encryption with

Certificates, PKI
calculation from the
Client token
Clean Sign-off, No Traces Left

Internet HTTPS
Browser Secure
Server
(5) Take the lock away,
all SSL sessions
automatically self-destroy
upon that event.

No data caching, no passwords,

nor private keys exposed. All base
on FIPS-certified crypto calculation
Implication
NID
Passport
PIS
Driving License
E-payment
Internet and Mobile Banking
E-Procurement
E-governance Applications
Any type of online Transaction
 Root CA
Controller Office OCSP
National VM
Repository

Issuing CA
CM
CRL
24/7 Help
Desk

CA
RA

Customer
Govt. Dept.

Internet with Secured VPN

 Conclusion
Cyber Law of Nepal is well drafted and are capable of
handling all kinds of challenges as posed by cyber criminals.
As internet technology advances so does the threat of cyber
crime.
In times like these we must protect ourselves from cyber
crime. Anti-virus software, firewalls and security patches are
just the beginning.
Never open suspicious e-mails and only navigate to trusted
sites.
If possible Use Digital Signature for every electronic
Transactions