Cybercrime Investigator Outlines Forensic ChallengesDhanya Menon, India's First Woman Cybercrime Investigator, Also Sizes Up the Legal Framework
Dhanya Menon, the recipient of the President's Award in recognition of being the first woman cybercrime investigator in India, says one of her biggest challenges is keeping evidence intact during an investigation.
"In most cases, evidence get destroyed by the victims unknowingly," Menon says. "Therefore, proving a crime gets difficult as court doesn't accept tampered evidence."
In an interview with Information Security Media Group (see transcript below), Menon also comments on India's cybercrime laws and the challenges that law enforcement authorities face. She discusses:
- The various steps in a cybercrime investigation;
- The challenges faced by a cybercrime investigator;
- Changes needed in India's laws.
Menon is a director at Avanzo, a cybersecurity solution company. She completed her diploma in cybercrime from Asian School of Cyber Law located at Pune. She has a bachelor's degree in computing from British Columbia University. While in school, she conducted workshops on cybercrime awareness for schools, colleges and police forces.
Cyber Investigation Challenges
Suparna Goswami: As the demand for cyber investigators rises as a result of growing cybercrime, what kind of changes have you noticed in the investigation process?
Dhanya Menon: In the cyber world there are two sets of people: one who is victimized and doesn't know about it and the other who has been attacked and is very much aware of it. So essentially it means everybody has been a cybercrime victim, however small it might be.
Unfortunately, a breach or an attack [often] goes unidentified. My job as a cybercrime investigator begins after an attack has been identified and reported and it ends when I set aside the evidence within the organization for it to use it for legal purposes. So the steps involve identifying the issue, keeping the evidence intact and keeping them legalized.
The greatest challenge would be to retain the evidence until the case is produced in the court. In my experience, more often than not, the victims themselves end up destroying the evidence unknowingly. This is one of the most challenging part as by the time people get to know they have been attacked, the evidence has already been tampered with. So there are times when cybercrime investigators like me are able to trace an event completely, but we won't be able to present to the court as the law demands that evidence remain untampered.
For example, in a 2009 a case that was reported to me for data stealing, the third-party vendor was bought off by the competitor of the organization. So every time a person from the vendor's end would come and inform the organization that a particular hard disk isn't working, with the permission of the organization, he would then go and overwrite the hard disk. So every time he would take the hard disk, the data went out along with him. Eventually, he trashed out the original hard disk and bought a new hard disk for the organization. The trashed-out hard disk was sold to someone and it was not documented. When the organization came to know that data from their firm has been leaked, they approached me. After a lot of investigation, we could retrieve the data from the trashed hard disk, but the legality of such data is questionable in the court of law.
Social Media Threats
Goswami: We increasingly see Twitter accounts of celebrities getting hacked. What is the role of a cybercrime investigator when it comes to social media?
Menon: When it comes to social media, I cannot deal with any issue as a case unless the court orders me to. In India, we don't allow parallel policing. So in case the police department is dealing with a particular social media case, even if the victim approaches me, my role can only be of a consultant. If I handle the case independently, that would lead to a breach of privacy (see: 32.8 Million Twitter Credentials May Have Been Leaked).
When it comes to breach cases, I haven't been approached by banks directly. Banks typically have their own investigative process. If they want a particular transaction to be investigated, they can approach me. The typical social media cases I receive are that of identity theft, blackmailing, threatening, fake profiles, sex abuse, drug abuse, and stalking.
IT Act Shortcomings
Goswami: The IT Act in India has often been criticized for being ambiguous in certain matters. As a cybercrime investigator, have you ever felt that there are certain aspects that need to be covered under the IT Act?
Menon: Unlike popular perception, I believe the IT Act that we have is very strong and elaborate. There are other challenges.
For example we have jurisdictional challenges. We are dealing with Indian laws only in India, but the challenges that we face is that cybercrime is a global phenomenon. In those cases we are helpless. Another issue is despite the various sections under IT Act covering most issues, there isn't much awareness among law enforcement authorities. LEAs are not technically as strong as they should be. Having said that, I must say that things are improving fast.
Personally, I am disappointed that Section 66A of the Information Technology Act has been taken away by the law. Section 66A provided punishment to people who sent, by means of a computer resource or a communication device, any information that is grossly offensive or has menacing character. However, since people misused the Act, and it affected the fundamental right, the freedom of expression, it was removed. It was widely misused by filling complaints even against people who genuinely wanted to bring certain matters to the notice of the public or authorities and against people in the media.
The spreading of purported content can be reduced to a large extent if those who download or share it get punished. If there is no one to download fake content, who will upload it? Alternate sections in Indian Penal Code, or IPC, either don't cover the offense or don't cover it adequately. The police find it easier to advise petitioners to change their mobile number or delete their profile.
Abuse or harassment on social media or through any computer or computer-enabled resource should be made a cognizable offense, irrespective of any new clauses.
Section 66A helped a lot in defending innocent clients who were unnecessarily bothered and personally abused on social media.
Message to Women
Goswami: What will be your message to women who want to get into cybercrime investigation?
Menon: I would give an honest answer. It is not an easy profession. There have been many days when a particular case has disturbed me. But at the end of the day my investigation has put behind bars criminals. Nothing can be more satisfying. I would encourage women to give this field a shot as this has a bright future.