Beruflich Dokumente
Kultur Dokumente
Bridge digital divide Improve delivery of public services Increase competitiveness of private sector Accelerate social development Poverty reduction
ICT Policy, Leadership & Institutional Development Information Infrastructure Re-engineering government ICT Human Resources Capacity Building ICT Investment & Private sector Development E-Society
ICT Agency of Sri Lanka established to spearhead the e-Sri Lanka Development Initiative
Develop a pool of champions to enforce security policies, monitor fraudulent activities and promote best practices
National CERT mandated to protect Sri Lankas ICT infrastructure from attacks, be the single, trusted source for information on cyber crime techniques and coordinate efforts to handle Cyber crime incidents
Conflict of Systems
41% 23%
Hacking Publishing Information without consent (Sexual Harrassment) Impersonation Hacking Addresses & Attempted cheats Pornography Violation of Intellectual Property Act Cheating
0
0
Total Cases: 9
22 78
2006
0 0
Total Cases: 4
25 75
2005
0 0
20
40 Successful
60 Dismissed Pending
80 Uninvestigated
100
120
Timeline
1995: Work started by CINTEC Law Committee 1997: Working paper on Computer crime Act submitted Decision to be made: Develop provisions for prosecution of cyber crimes under existing penal code OR develop a Subject specific law? 2000: decision to develop Subject specific legislation 2005: Bill finalized and presented in Parliament 2006: Further review by Parliamentary committee 2007: Passing of bill in parliament
Features
Provides clear structure for conducting of investigations and jurisdictions Provides distinct cyber crime categories and the corresponding parameters under which a case may be prosecuted, including maximum or minimum applicable penalties Use of Generic terms, so that even if technology changes, the nature of the crime will remain the same (example: phishing, vishing & phaxing) Provision of Cross Extradition arrangement with Council of Europe signatories. Increased ability to prosecute cases beyond Sri Lankas borders Clear statement of Resources that would be brought to bear on the case, including, among others, experts.
Computer-related offenses
Computers used as tools for criminal activity (Theft, fraud)
Hacking
Activities which affect CIA of computer system or network (includes viruses and other malware)
Parameters
Unauthorized Access Unauthorized Access in order to commit an offence Causing a computer to perform functions without lawful authority Offenses committed against national security Dealing with unlawfully obtained data Illegal interception of data Use of an illegal device Unauthorized disclosure of information
0.5 3
0.5 3 0.5 3
100K 300K
100K 100K 300K 300K
Due diligence
Gathering of evidence
Lack of proper structure for cooperation between investigating organizations Poor system for maintenance of chain of custody
Lack of understanding of importance of digital evidence Lack of Legal professionals conversant with CCA
Jurisdiction
Tendency to prosecute under existing penal code; more lenient penalties (Case studies)
Lack of IT Savvy lawyers
Lack of ICT Knowledge of judges, making obtaining warrants more time consuming
Lack of provisions for prosecuting Cross border crime, such as cross-extradition arrangements, cooperative investigation of cases, etc
Case study 1:
A Foreign National published false information regarding the sale of DVD players online
Online payments credited to Standard Chartered Bank Account Funds withdrawn by offender who left country DVD Players not delivered
Case study 2:
Build a defined structure and working relationship between organizations concerned with cyber crime
AGs Department Police Force NIB CID Cyber crime Reporting Centres Sri Lanka CERT International Police Community International CERT Community International Judicial Community Inter-Governmental Relationships
Future Plans
Identification
Future Plans
Investigation
Develop a Digital Forensics Lab, Larger Forensics team to handle increase in cases
Future Plans
Prosecution
Run Awareness Programs for the local judiciary to raise awareness of Computer crimes (attack techniques, potential damage, etc) and the provisions of the Computer Crimes Act (CCA) Build a pool of IT Savvy Legal professionals able to prosecute cases under the CCA
Increase number of countries with which Sri Lanka has Extradition Treaties through Government intervention
Expected Outcome: Increased number of successfully prosecuted
cases
THANK YOU