Cyber Crime and Safety
Cyber Crime and Safety
Cyber Crime and Safety
and safety
• Ransomware is a type of computer malware that encrypts the files, storage media on communication
devices like desktops, Laptops, Mobile phones etc., holding data/information as a hostage.
• Pharming is cyber-attack aiming to redirect a website's traffic to another, bogus website.
• Cyber-Squatting is an act of registering, trafficking in, or using a domain name with an intent to profit
from the goodwill of a trademark belonging to someone else.
• Website Defacement is an attack intended to change visual appearance of a website and/ or make it
dysfunctional. The attacker may post indecent, hostile and obscene images, messages, videos, etc.
• A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by
overwhelming it with traffic from multiple sources.
• Data breaches: unauthorized access to and theft of sensitive information such as personal and
financial data.
• Salami Slicing Attack : steal money or resources a tiny bit at a time, so they do not do noticeable
difference to the bank account.
• This term refers to the crime of unauthorized access to private
computers or networks and misuse of it either by shutting it down or
tampering with the data stored or other illegal approaches
Hacking
• Anyone who uses a computer connected to the internet is susceptible
to the threats that computer hackers and online predators pose.
Sexting
• Sending sexual photographs of yourself
or someone else is illegal. Sending or
receiving sexual photographs of anyone
is illegal. This is very serious, and you
can be charged with crimes related to
transmitting pornography.
• It is pertinent to note that the victim
can be a male or female and the law
punishes anyone who publishes without
consent under the information
technology Act, 2000 (IT Act)
• Sexting a minor under 18 years of age
would also be offence under the
Protection of Children from Sexual
Offences Act, 2012 (POCSO).
Monetary
scams
Warning
signs of
online loan
fraud
Cyber Threat Report of 2020: 69% of Firms Face Serious Cyber Attacks in India!
Recent cyber attacks in India
• Malware(Dtrack) attack on Kudankulam Nuclear Power Plant (KKNPP) 20 oct 2019, by North Korean
hacker group- “Lazarus” to get information on thorium-based reactors.
• Cyber-attack on Union Bank of India – july 2017 through a central bank forged email attachment (malware)
to get SWIFT codes access and transferred $170 million.
• Facebook database leak data of 419 million users: Insecure database allowed the hackers to access the
phone numbers, user‘s name, gender, and location of around 419 million users including the data of many
Indian users. Cambridge Analytica scandal (2018)
• Cosmos Cooperative Bank Cyber Attack in Pune (2018):Hackers hacked into the bank‘s ATM server and took
details of many visas and rupee debit cardholders and siphoned off Rs. 94.42 crore.
• UIDAI Aadhaar Software Hacked: In 2018, UIDAI revealed that around 210 Indian Government websites had
leaked Aadhaar details of people online, a massive data breach of personal records of 1.1 Billion Indians.
• Cyber attack on Indian Healthcare websites: In Dec-2022,5 AIIMS Servers Hacked, 1.3 TB Data Encrypted in
Recent Cyberattack, Govt Tells Rajya Sabha(records of nearly 3-4 crore patients, including high-profile
politicians, were compromised)
• WannaCry ransomware attack (2017) , Equifax data breach (2017) etc
Who are cyber criminals ?
• Cyber crime can be committed by a variety of individuals and
organizations, including: Individual hackers , Organized criminal gangs,
Nation-states(confidential information, military, election purpose).
• Insider threats: Some cyber crimes are committed by employees,
contractors, or other insiders who have authorized access to systems
and resources but abuse that access for personal gain or to harm the
organization.
• Cyber criminals who hire others: Some cyber criminals may hire
others to commit cyber crimes, such as hackers-for-hire, who can
carry out cyber attacks on behalf of others.
Modus Operandi of cyber criminals
• Dissemination of Malware through google forms , software downloads etc.
• Social engineering :use of psychological tactics to trick individuals into
revealing confidential information .
• Remote Access: exploiting vulnerabilities in software or hardware, IoT
devices, tricking a user into providing remote access for tech support.
• SQL Injection: technique used to exploit vulnerabilities in databases to steal
or manipulate information.
• Cross-Site Scripting (XSS): type of security vulnerability that allows
attackers to inject malicious code into websites.
• Man-in-the-Middle attacks: attacker intercepts and potentially modifies
communication between two parties.
Legal remedies for Cyber Crime in India
• IT Act 2000: This act defines and provides punishment for various cyber
crimes like hacking, identity theft, cyberstalking, etc.
• Criminal Complaint: A victim can file a complaint with the local police under
IPC.
• Civil Suits: A victim can also file a civil suit for damages under the IT Act
2000, or for compensation under the IPC.
• The government has set up a National Cyber Crime Reporting Portal for
reporting and registering cyber crime cases.
• Cyber Appellate Tribunal: The IT Act 2000 provides for the establishment of a
Cyber Appellate Tribunal to hear appeals against the decisions of the
adjudicating officer.
Safety mechanisms to avoid
cyber attack
• Antivirus and firewall software: using antivirus and firewall software to protect against
malicious software and unauthorized access.
• Regular software updates: keeping all software, including the operating system, up-to-
date to ensure the latest security patches are installed.
• Strong passwords: using unique and complex passwords for each online account.
• Multi-factor authentication: using additional methods of authentication such as a security
token or biometrics to verify identity.
• Wi-Fi in public places should be disregarded - When utilizing public Wi-Fi, never make
online payments, email personal information, or introduce crucial account passwords.
• Unsolicited emails and SMS communications should be avoided - Never click on a link,
picture, or video sent to you by an unknown source.
• Check for spelling errors, bad language, unusual phrasing, and urgent requests for money
or action to ensure that emails are authentic . Malicious websites may appear to be
identical to legal sites, however the URL is frequently misspelt or uses a different domain.
• Protect personal information on social media – Cyber criminals utilize social media to
gather personal information that they may subsequently exploit in phishing schemes.
• Don’t use charging/adapter cables from strangers
Safety mechanisms to avoid cyber attack
• Limit physical access to critical information by turning off your computer while you’re
not using it. To keep private data safe, lock mobile devices and encrypt confidential
data. Limit who in your workplace has access to certain network drives.
• Phones and other mobile devices should never be left unattended and visible.
• Awareness and education: staying informed about the latest cyber threats and
educating oneself and others about safe online practices.
• Regular backups: regularly backing up important data to minimize the impact of a data
breach or ransomware attack.
• Do not amass a collection of computers or digital data- Keep digital data organized and
up to date, and delete files on a regular basis.
• Dispose of old or unneeded computer hard drives in a secure manner at your office.
Secure your
digital
payments
Government initiatives to fight against Cybercrime
• Cyber Crime Investigation Cell (CCIC): responsible for investigating cybercrime cases and providing
technical support to other law enforcement agencies.
• National Cyber Coordination Centre (NCCC: central hub for coordinating and sharing information
related to cyber security between various agencies and organizations.
• National Cyber Security Policy:2013, outlines the government's strategy for protecting the
country's critical information infrastructure and securing the cyberspace in India.
• CERT-In: national nodal agency for responding to cyber security threats and incidents in the
country. It also provides alerts, advisories, and guidelines for securing IT systems and networks.
• National Critical Information Infrastructure Protection Centre (NCIIPC): responsible for protecting
the country's critical information infrastructure, including power grids, financial systems, and
government networks, from cyber threats.
• Awareness campaigns: The government regularly conducts awareness campaigns and training
programs.
Thank
you