Notes by Prof.

Paridhi Jain

UNIT- I

Introduction of Cyber World

The interconnected virtual world generated by the Internet and digital technology is referred to as the
“cyber world,” also known as the “digital world” or “cyberspace,” and it is where people
communicate, share information, conduct business, and engage in a variety of other activities online.

Advantages of the cyber world include:

Global connectivity: Through real-time connections made possible by the internet, people may
communicate, collaborate, and share information with anyone anywhere in the globe.

Access to information: People may learn, educate themselves, and keep informed on a variety of
topics thanks to the massive volumes of information that are easily accessible in the cyber world.

Convenience and efficiency: Online platforms and services in the cyberspace provide convenience
and efficiency, saving time and effort with capabilities like digital communication, online banking,
and online shopping.

Economic opportunities: The internet has produced new employment and income-generating
opportunities, including online enterprises, freelancing, and remote labor.

Disadvantages of the cyber world include:

Cybersecurity risks: The online world is vulnerable to a number of cybersecurity risks, including
hacking, data breaches, malware, and identity theft, which can jeopardize personal information,
physical safety, and financial security.

Privacy concerns: Because online activities can be followed, observed, and exploited by bad
individuals or organizations, the cyber world poses questions about privacy and the security of
personal information.

Online harassment and cyber-bullying: The anonymity of the internet can result in destructive
behavior such as online harassment and cyber-bullying, which can have detrimental psychological and
social effects.

The abundance of information available online can cause information overload and the propagation
of false or misleading information, which can cause confusion and misinterpretation.
Cyber Law
Cyber law, also known as Internet Law or Cyber Law, is the part of the overall legal system that is
related to legal informatics and supervises the digital circulation of information, e-commerce, and
software and information security.

1
Notes by Prof. Paridhi Jain

It is associated with legal informatics and electronic elements, including information systems,
computers, software, and hardware. It covers many areas, such as access to and usage of the Internet,
encompassing various subtopics as well as freedom of expression, and online privacy.

Cyber laws help to reduce or prevent people from cybercriminal activities on a large scale with the
help of protecting information access from unauthorized people, freedom of speech related to the use
of the Internet, privacy, communications, email, websites, intellectual property, hardware and
software, such as data storage devices. As Internet traffic is increasing rapidly day by day, that has led
to a higher percentage of legal issues worldwide. Because cyber laws are different according to the
country and jurisdiction, restitution ranges from fines to imprisonment, and enforcement is
challenging.
The Computer Fraud and Abuse Act was the first cyber law, called CFAA that was enacted in
1986. This law was helpful in preventing unauthorized access to computers. And it also provided a
description of the stages of punishment for breaking that law or performing any illegal activity.
Areas involving in Cyber Laws
These laws deal with multiple activities and areas that occur online and serve several purposes. Some
laws are formed to describe the policies for using the Internet and the computer in an organization, and
some are formed to offer people security from unauthorized users and malicious activities. There are
various broad categories that come under cyber laws; some are as follows:

Fraud

Cyber laws are formed to prevent financial crimes such as identity theft, credit card theft and other
that occurring online. A person may face confederate or state criminal charges if he commits any type
of identity theft. These laws have explained strict policies to prosecute and defend against allegations
of using the internet.

Copyrighting Issues

The Internet is the source that contains different types of data, which can be accessed anytime,
anywhere. But it is the authority of anyone to copy the content of any other person. The strict rules are
defined in the cyber laws if anyone goes against copyright that protects the creative work of
individuals and companies.

Scam/ Treachery

There are different frauds and scams available on the Internet that can be personally harmful to any
company or an individual. Cyber laws offer many ways to protect people and prevent any identity
theft and financial crimes that happen online.
Online Insults and Character Degradation

There are multiple online social media platforms that are the best resources to share your mind with
anyone freely. But there are some rules in cyber laws if you speak and defaming someone online.
Cyber laws address and deal with many issues, such as racism, online insults, gender targets to protect
a person's reputation.

Online Harassment and Stalking

2
Notes by Prof. Paridhi Jain

Harassment is a big issue in cyberspace, which is a violation of both criminal laws and civil. In cyber
laws, there are some hard laws defined to prohibit these kinds of despicable crimes.

Data Protection

People using the internet depends on cyber laws and policies to protect their personal information.
Companies or organizations are also relying on cyber laws to protect the data of their users as well as
maintain the confidentiality of their data.

Contracts and Employment Law

When you are visiting a website, you click a button that gives a message to ask you to agree for
terms and conditions; if you agree with it that ensures you have used cyber law. For every website,
there are terms and conditions available that are associated with privacy concerns.

Trade Secrets

There are many organizations that are doing online businesses, which are often relying on cyber laws
to protect their trade secrets. For example, online search engines like Google spend much time to
develop the algorithms that generate a search result. They also spend lots of time developing other
features such as intelligent assistance, flight search services, to name a few and maps. Cyber laws help
these organizations to perform legal action by describing necessary legal laws for protecting their
trade secrets.

Common types of cyber-attacks/threats

Cyber-attacks can have motives other than financial gain. Some cyber-attacks focus on destroying or
gaining access to critical data.
Organizations and individuals face the following types of typical cyber-attacks:

Malware
Cyber attackers use harmful software such as spyware, viruses, Ransomware, and worms known as
malware to access your system's data. When you click on a malicious attachment or link, the malware
can install itself and become active on your device.

Phishing
Phishing attacks rely on communication methods like email to convince you to open the message and
follow the instructions inside. If you follow the attackers’ instructions, they gain access to personal
data, such as credit cards, and can install malware on your device.
Spoofing
Cyber attackers will sometimes imitate people or companies to trick you into giving up personal
information. This can happen in different ways. A common spoofing strategy involves using a fake
caller ID, where the person receiving the call doesn’t see that the number is falsified. Other spoofing
methods include subverting facial recognition systems, using a fake domain name, or creating a fake
website.

3
Notes by Prof. Paridhi Jain

Backdoor Trojan
Backdoor Trojan attacks involve malicious programs that can deceptively install malware or data and
open up what’s referred to as the “backdoor” to your computer system. When attackers gain access to
the backdoor, they can hijack the device without it being known to the user.

Ransomware (ररररररररर)
Ransomware is malicious software that cyber attackers can install on your device, allowing them to
block your access until you pay the attackers a ransom. However, paying the ransom doesn’t guarantee
the removal of the software, so experts often advise individuals not to pay the ransom if possible.

Password attacks
Password attacks can be as simple as someone correctly guessing your password or other methods
such as key logging, where attackers can monitor the information you type and then identify passwords.
An attacker can also use the aforementioned phishing approach to masquerade as a trusted site and try
to fool you into revealing your account credentials.

Internet of Things attack

Communication channels between connected IoT (Internet of Things) components can be susceptible
to cyber-attacks and the applications and software found on IoT devices. Since IoT devices are in
connection with one another through the internet and may have limited security features, there is a
larger attack surface that attackers can target.

Drive-by download
Drive-by download attacks occur when you download malicious code to your device through an app,
website, or operating system with flawed security systems. This means you could do nothing wrong
and still be a victim of a drive-by download since it can occur due to a lack of security measures on a
site you believe to be safe.

Denial-of-service Attack (DOS)

A denial-of-service attack causes an entire device or operating system to shut down by overwhelming
it with traffic, causing it to crash. Attackers don’t often use this method to steal information. Instead, it
costs the victim time and money to get their systems up and running again. Cybercriminals typically
use this method when the target is a trade organization or government entity.

****************************************************************
Difference between Conventional Crime and Cybercrime
Basis Cybercrime Conventional crime

Conventional crime
These crimes basically involve typically involves physical
the use of computers, the internet, force or the threat of
Methods used
or other digital devices to commit physical force to commit
to commit the
a crime. Examples of cybercrimes the crime. Examples of
crime
include malware attacks, identity conventional crimes
theft, and online fraud. include theft, assault, and
burglary.

4
Notes by Prof. Paridhi Jain

Basis Cybercrime Conventional crime

Remain undetected for a long

Get detected immediately
Duration of period as there is no physical
because it leaves physical
detection presence and no on-ground
traces of the crime.
evidence.

Conventional crime tends

Cybercrime targets online
Types of to target individuals or
interconnected systems, digital
victims physical assets such as
assets, and sensitive personal
targeted offices, relatives, and
information or health information.
homes.

Cybercrimes are committed on a On a limited scale as

large scale because in such a crime conventional crime comes
physical proximity to the victim is in physical proximity to
Scale of crime not required. the victim.
e.g. - A single computer can hack e.g. - A robber can rob
thousands of bank websites and one or two banks in a
loot them at a single instance. single day only.

Victims of cybercrime experience

Conventional crime can
damage to their digital reputation
Types of have physical, emotional,
or loss of sensitive personal
Consequences and financial consequences
information that can be used for
for victims.
identity theft.

Spamming, Phishing, Hacking,

Murder, Extortion,
Examples Cyberbullying, Cyber stalking,
Bullying, and many more.
Malware, and many more.

Types of Cybercrime
Piracy
Piracy refers to the unauthorized duplication of copyrighted content that is then sold at substantially
lower prices in the 'grey' market. The ease of access to technology has meant that over the years,
piracy has become more rampant. For example, CD writers are available off the shelf at very low
prices, making music piracy a simple affair.
Hacking
Hacking is the activity of identifying weaknesses in a computer system or a network to exploit the
security to gain access to personal data or business data. An example of computer hacking can be:
using a password cracking algorithm to gain access to a computer system.
While your computer is linked to the Internet, spyware installed by a hacker silently
communicates your personal and financial information without your awareness or agreement. The
hackers can:
 Steal usernames and passwords.
 Take out a cash advance

5
Notes by Prof. Paridhi Jain

 Steal your money and use your name to obtain credit cards and bank accounts.
 Destroy your credit.
 Exploit your Social Security number
 Make a new account requesting Additional credit cards or personal identification numbers
(PINs)
 Misuse personal information and share it with third parties (illegal purposes).
 Purchase something.

How to identify that your system is hacked?

If your system is hacked by some hacker then you will see the following warning signs:
 Your computer system or mobile phone or tablet start acting strangely like the password does
not work, the setting of your device is changes, the camera and microphone of your system is
activating, etc.
 The antivirus software of your system is deactivated without your information. It is the main
element to protect your system if it is off without you knowledge then it is big sign that your
system is under attack.
 Generally hackers redirect your browser or your internet traffic to some malicious website.
Then it is the sign that your system is under attack.
 If someone stealing money from your account without your permission.
 When some hacker gains the access of your account then the first step he/she do is to change
that password of your account. So when the password doesn’t work then this means that someone
change your account password.
 Seeing some suspicious ads or popup frequently on your system is also the part of hacking.

Data Breach
A data breach is any security incident in which unauthorized parties’ access sensitive or confidential
information, including personal data (Social Security numbers, bank account numbers, healthcare
data) and corporate data (customer records, intellectual property, financial information).
However, not all cyber-attacks are data breaches. Data breaches include only those security
breaches where someone gains unauthorized access to data.
Examples of personal data breaches include: Human error, for example an email attachment
containing personal data being sent to the incorrect recipient or records being deleted
accidentally. Sharing of passwords or other credentials with third parties.

CSS (Cross-Site Scripting) XSS Cheat Sheet

Cross-site scripting attacks, also called XSS attacks, are a type of injection attack that injects
malicious code into otherwise safe websites. An attacker will use a flaw in a target web application to
send some kind of malicious code, most commonly client-side JavaScript, to an end user. Rather than
targeting the application’s host itself, XSS attacks generally target the application’s users directly.
Key Concepts of XSS

 XSS is a web-based attack performed on vulnerable web applications.

 In XSS attacks, the victim is the user and not the application.
 In XSS attacks, malicious content is delivered to users using JavaScript.

SQL Injection

SQL Injection is a code-based vulnerability that allows an attacker to read and access sensitive data
from the database. Attackers can bypass security measures of applications and use SQL queries to
6
Notes by Prof. Paridhi Jain

modify, add, update, or delete records in a database. A successful SQL injection attack can badly
affect websites or web applications using relational databases such as MySQL, Oracle, or SQL
Server.

Identity Theft/Hack
Identity theft is the crime of using the personal or financial information of another person to commit
fraud, such as making unauthorized transactions or purchases.
Identity theft is committed in many different ways and its victims are typically left with damage to
their credit, finances, and reputation.
Examples of Identity Theft
It can be difficult to know if you've been a victim of identity theft, especially if you don't check
your financial statements regularly. Some clear indicators of identity theft include:

 Bills for items that you didn't buy that you discover on your credit card statement, online
account, or via invoices by email or U.S. mail
 Calls from debt collectors regarding accounts that you didn't open
 Loan applications that are denied even though you believe your credit is in good standing
 Bounced checks
 A warrant for your arrest
 Unfounded medical bills and explanations of benefits (EOBs) from an insurance company
 Utilities being shut off
 The inability to sign into accounts
 Inexplicable hard inquiries into your credit report
 New credit cards in your name that you didn't apply for.
Cyber terrorism
Cyber terrorism (also known as digital terrorism) is defined as disruptive attacks by recognized
terrorist organizations against computer systems with the intent of generating alarm, panic, or the
physical disruption of the information system.

The internet can be used by terrorists to finance their operations, train other terrorists, and plan
terror attacks. The more mainstream idea of cyber terrorism is the hacking of government or private
servers to access sensitive information or even siphon funds for use in terror activities. However,
there is currently no universally accepted definition of cyber terrorism.

Dark Web
The dark web is an encrypted portion of the internet not visible to the general public via a
traditional search engine such as Google.
Tor (The Onion Router) is a web browser that lets users access a network that anonymizes web
traffic to provide private web browsing.
Insiders
An insider attack is a malicious attack perpetrated on a network or computer system by a person
with authorized system access.
An insider threat is a perceived threat to an organization that comes from people within the
organization, such as employees, former employees, contractors or business associates, who have
inside information concerning the organization's security practices, data and computer systems.
Examples include mistyping an email address and accidentally sending a sensitive business
document to a competitor, unknowingly or inadvertently clicking on a hyperlink, opening an
attachment in a phishing email that contains a virus, or improperly disposing of sensitive documents.

7
Notes by Prof. Paridhi Jain

UPI Hacking
UPI frauds are becoming increasingly common in India due to the rise of digital transactions. There
were over 95,000 cases of UPI fraud reported in the 2022-23 financial year, according to finance
ministry data.
UPI fraud refers to fraudulent activities and scams that take place within the Unified Payments
Interface (UPI) system in India with reference to UPI based digital transactions.
Fraudsters often trick you into revealing their UPI PIN or personal information, enabling them to
access your bank accounts and carry out fraudulent transactions.
Types of UPI frauds / online frauds
Vishing
Vishing refers to fraudsters posing as bank representatives, asking questions on behalf of the bank.
These individuals weave a web of lies and enquire about your personal information to extract your
PIN or password.

Fake UPI Payments or Transfers

Fake UPI payments or transfer requests are fraudulent attempts to manipulate users into believing
that they have received or made a legitimate UPI transaction request.
Fake UPI QR codes
Fraudsters or scammers will generate a fake UPI QR code that redirects users to phishing websites
or malicious apps, with an attempt to steal their UPI credentials or sensitive information.
Impersonation
Fraudsters impersonate trusted individuals or organizations, such as bank representatives or
customer service personnel, and trick users into revealing their UPI PIN or OTP.
Fake payment screenshots
Fraudsters create illegitimate screenshots of UPI payment confirmations and send them to users,
making them believe that they have received a payment.
Phishing
Phishing is one of the most common UPI transaction frauds. Fraudsters send bogus emails to access
sensitive information. Once you key your details (password or PIN) into the fraudulent site, the
information is immediately passed on to the hacker for misuse. This way, you become more prone
to UPI scams.
Fraud through Screen Monitoring Apps
People with malicious intent can exploit screen monitoring apps to compromise your privacy and
security. These apps allow fraudsters to capture sensitive information like UPI PINs, OTPs and other
personal details by recording your screen activities without your knowledge. This allows them to gain
access to your banking information and conduct fraudulent activities.
Child Pornography:-
Child pornography is pornography that exploits children. It is against the law in many
countries. Child pornography is made by taking pictures or videos, or more rarely sound
recordings, of children who are wearing less clothing than usual, wearing no clothing, or being raped.
It can also be made using illustrations of children. Child pornography is sometimes called "child
sexual abuse images" because it is images (pictures) of a child who is being sexually
abused.[1] Child pornography can be made by setting up a camera or other recording device
and molesting a child.

Human Trafficking:-
Human trafficking consists of transporting, recruiting, transferring, harboring and receiving of
persons by using means like force, threat or coercion. The ultimate purpose of these acts and means is
to use these individuals for the purpose of exploitation. The exploitation of these persons takes

8
Notes by Prof. Paridhi Jain

various extremely degrading forms like prostitution, organ trade, sexual exploitation, forced labor,
slavery and servitude. Although the problem exists in all parts of the world some of the most affected
areas in this respect are Sub-Saharan Africa, Central Asia and South Asia.

 Every year, 30th of July is observed as the World Day against Trafficking in Persons.
 In the year 2010, the United Nations adopted the Global Plan of Action to Combat Trafficking in
Persons so that more awareness is created the world over regarding the heinous nature of the crime of
trafficking.
 The overwhelming proportion of individuals that are trafficked consists of women and children
who are then used for various unethical forms of labor or for sexual exploitation.

Causes of Trafficking
Some of the causes or reasons for human trafficking are described below.

 Poverty

Trafficking thrives at places where there is widespread poverty. Parents sell their kids because
poverty leaves them with no other option often thinking that selling their children will take them to
places that are much better and where their lives will improve.

 Social factors

One of the most vulnerable sections of the society that are more prone to trafficking are young
women, and this is because in most societies both socially and culturally women are de-valued and
unwanted and as such they are more vulnerable to the practice of trafficking.

 Migration

The desire to migrate from places where their lives are miserable makes individuals open to
approaches from traffickers who in the initial stages lure them with promises of better lives, but
once the victims are under their control, coercive measures are enforced to bend them.

 Other factors

Other causes are porous nature of borders, corrupt government officials, the involvement of
international organized criminal groups or networks and the limited capacity of or commitment by
immigration and law enforcement officers to control borders.
Malicious Advertisement Campaign (Malvertising):-

Malicious advertising or ‘Malvertising’ as it is known is used by hackers to distribute malware or

direct the users to a malicious server. The hackers use several techniques to hide this malicious
content in adverts across the web, which when clicked begin the process of infecting the user’s
computer and network. Sometimes you do not even need to click on the advert!
The ads can appear anywhere online; banners ads, pop up, ads before videos so if you are online
chances are you will come across a malicious advert.
These malicious adverts do not just affect those surfing the web on land, they can also affect any
users accessing the internet whilst at sea. Access to a secure network for communications and data
transfer if vital at sea and malware is a huge threat, to avoiding being infected by malware
9
Notes by Prof. Paridhi Jain

though malvertising awareness is key. You will be protecting your own devices as well as the
business network.
There are a number of ways to get malicious adverts on to sites, hijacking the processes used by
legal advertisers; paying for ads, compromising an ad network or building their own ad agencies.
 By paying for the ads – paying to post adverts on sites is common practice however hackers hide
malicious content in their adverts or direct the visitor to a malicious server to infect them with
malware.
 By compromising an ad network – hackers can compromise a legitimate ad network and use it to
spread their malicious ads instead. This technique is useful for spreading ads on more tightly guarded
websites, just like in the attack against the New York Times, the BBC and other websites discussed
in the previous section.
 By building their own ad agencies – This method isn’t as common because it’s a lot more work,
but it’s still a possibility. A good example is the 2017 Zirconium attacks, which involved a
cybercriminal that created 28 fake ad agencies, and was responsible for delivering an estimated one
billion malicious ads.

Online Gambling:-
Online gambling, also known as e-gambling or internet gambling, refers to the act of betting or
wagering money on games of chance or skill through the internet. It encompasses various forms of
gaming, including:

Types of Online Gambling:

1. Online Casinos: Virtual versions of traditional casinos, offering games like slots, roulette,
blackjack, and craps.

2. Sports Betting: Wagering on sports events, such as football, basketball, tennis, and horse racing.

3. Poker Rooms: Online platforms for playing poker against other players.

4. Bingo and Lottery: Online versions of traditional bingo and lottery games.

5. Fantasy Sports: Daily or season-long fantasy sports contests.

6. Esports Betting: Wagering on competitive video game tournaments.

7. Online Slots: Virtual slot machines with various themes and payouts.

10