Module1 Cyber Security

Chapter 1
Introduction to
Cybercrime
Introduction
Internet has undeniably opened a new way of exploitation known

as cybercrime involving the use of computers, the Internet,
cyberspace and the worldwide web (WWW).
Figure 1, based on a 2008 survey in Australia, shows the cybercrime trend.
While the worldwide scenario on cybercrime looks bleak, the situation in
India is not any better.
 Indian corporate and government sites have been attacked or defaced
more than 780 times between February 2000 and December 2002.
 A total of 3,286 Indian websites were hacked in 5 months – between
January and June 2009.
Cyber Security by Nina Godbole/Sunit Belapure

Copyright  2011 Wiley India Pvt. Ltd. All rights reserved.
Cybercrime: Definition and Origins of the Word
The definitions of computer crime:
1. Any illegal act where a special knowledge of computer technology

is essential for its perpetration, investigation or prosecution.
2. Any traditional crime that has acquired a new dimension or order of
magnitude through the aid of a computer, and abuses that have come
into being because of computers.
3. Any financial dishonesty that takes place in a computer
environment.
4. Any threats to the computer itself, such as theft of hardware or
software, sabotage and demands for ransom.
The term “cybercrime” relates to a number of other terms such as:

• Computer-related crime
• Computer crime
• Internet crime
• E-crime
• High-tech crime
Cybercrime: Definition and Origins of the Word

Cybercrime:Reasons for the Rise of Cybercrime in India:
1. Increasing Internet Penetration:
India has witnessed a significant surge in internet penetration over

the past decade. With more people gaining access to the internet, the
potential victim pool for cybercriminals has expanded exponentially.
Lack of awareness and inadequate cybersecurity measures make
individuals and organizations vulnerable to cyberattacks.
2. Digital Transformation and E-commerce Boom:
The digital transformation wave in India has led to a boom in e-

commerce, online banking, and digital transactions. While this has
made life more convenient, it has also opened up new avenues for
cybercriminals to exploit vulnerabilities in online platforms, steal
personal information, and carry out financial frauds.

Cybercrime:Reasons for the Rise of Cybercrime in India:
3. Lack of Cybersecurity Awareness and Education:

A major contributing factor to the rise of cybercrime in India is the
lack of awareness and education about cybersecurity. Many
individuals and organizations do not possess the necessary knowledge
to identify potential threats or take appropriate preventive measures.
This knowledge gap makes them easy targets for cybercriminals.
4. Weak Cybersecurity Infrastructure:
India's cybersecurity infrastructure is still evolving, and it faces

significant challenges in keeping up with the ever-evolving tactics of
cybercriminals. Insufficient investment in cybersecurity measures,
outdated systems, and a lack of coordination between government
agencies and private organizations have left critical gaps that
cybercriminals can exploit.

Two types of attack are prevalent in cybercrimes:
1. Techno-crime: A premeditated act against a system or systems, with the

intent to copy, steal, prevent access, corrupt or otherwise deface or damage
parts of or the complete computer system.
2. Techno-vandalism: These acts of “brainless” defacement of websites
and/or other activities, such as copying files and publicizing their contents
publicly, are usually opportunistic in nature.
Cybercrimes differ from most terrestrial crimes in four ways:

(a) how to commit them is easier to learn
(b) they require few resources relative to the potential damage caused
(c) they can be committed in a jurisdiction without being physically present in it
(d) they are often not clearly illegal.
Cyberterrorism is defined as “any person, group or organization who, with

terrorist intent, utilizes accesses or aids in accessing a computer or
computer network or electronic system or electronic device by any available
means, and thereby knowingly engages in or attempts to engage in a terrorist
act commits the offence of cyberterrorism.”

How cybercrimes are planned and how they actually take place
• Cyberterrorists usually use computer as a tool, target or both for their
unlawful act to gain information.
• Internet is one of the means by which the offenders can gain priced
sensitive information of companies, firms, individuals, banks and can lead
to intellectual property (IP), selling illegal articles, pornography/child
pornography, etc. This is done using:
 Phishing, Spoofing, Pharming, Internet Phishing, wire transfer, etc.

Cybercrime and Information Security
Indian Information Technology Act (ITA 2008) provides a new focus on

“Information Security in India.”
 “Cybersecurity” means protecting information, equipment, devices,
computer, computer resource, communication device and information
stored therein from unauthorized access.
 Where financial losses to the organization due to insider crimes are
concerned, difficulty is faced in estimating the losses because the financial
impacts may not be detected by the victimized organization and no direct
costs may be associated with the data theft. YES BANK
Stayam
 For anyone trying to compile data on business impact of cybercrime, there
are number of challenges.
o Organizations do not explicitly incorporate the cost of the vast majority
of computer security incidents into their accounting. Ex Microsoft
licensing
o There is always a difficulty in attaching a quantifiable monetary value
to the corporate data and yet corporate data get stolen/lost.
o Most organizations abstain from revealing facts and figures about
“security incidents” including cybercrime.
o Organizations perception about “insider attacks” seems to be different
than that made out by security solution vendor. Cyber Security by Nina Godbole/Sunit Belapure
o Awareness about “data privacy” too tendsCopyright
to below
2011 in most
Wiley India Pvt. Ltd. All rights reserved.
Figure 3 shows several categories of incidences – viruses, insider abuse, laptop
theft and unauthorized access to systems.
Typical network misuses are for:

 Internet radio
 streaming audio
 streaming video
 file sharing
 instant messaging
 Online gaming
 Online gambling

Who are Cybercriminals?
Cybercriminals are those who conduct activities such as child pornography;
credit card fraud; cyberstalking; defaming another online; gaining
unauthorized access to computer systems; ignoring copyright, software
licensing and trademark protection; overriding encryption to make illegal
copies; software piracy and stealing another’s identity to perform criminal
acts.
1. Type I: Cybercriminals – hungry for recognition
2. Type II: Cybercriminals – not interested in recognition
Classifications of Cybercrimes
3. Type III: Cybercriminals – the insiders

Cybercrimes are classified as follows:
1. Cybercrime against individual PHISHING VIDEO
2. Cybercrime against property
3. Cybercrime against organization
4. Cybercrime against Society
5. Crimes emanating from Usenet newsgroup:

E-Mail Spoofing
• A spoofed E-Mail is one that
appears to originate from one
source but actually has been
sent from another source.
Spamming
• People who create electronic
Spam are called spammers.
• Spam is the abuse of
electronic messaging systems
to send unsolicited bulk
messages indiscriminately.
• Spamming is widely detested,
and has been the subject of
legislation in many
jurisdictions – for example,
the CAN-SPAM Act of 2003.

Search engine spamming
 Spamming is alteration or creation of a document with the intent
to deceive an electronic catalog or a fi ling system.
 Some web authors use “subversive techniques” to ensure that
their site appears more frequently or higher number in returned
search results.
Cyberdefamation
• “Cyberdefamation” occurs when defamation takes place with the help of
computers and/or the According to the IPC Section 499:
1. It may amount to defamation to impute anything to a deceased person, if
the imputation would harm the reputation of that person if living, and is
intended to be hurtful to the feelings of his family or other near relatives.
2. It may amount to defamation to make an imputation concerning a company
or an association or collection of persons as such.
3. An imputation in the form of an alternative or expressed ironically, may
amount to defamation.
4. No imputation is said to harm a person’s reputation unless that imputation
directly or indirectly, in the estimation of others, lowers the moral or
intellectual character of that person, or lowers the character of that person in
respect of his caste or of his calling, or lowers the credit of that person, or
causes it to be believed that the body of that person is in a loathsome state or
in a state generally considered as disgraceful.
• The law on defamation attempts to create a workable balance between two
equally important human rights
1. The right to an unimpaired reputation Cyber Security by Nina Godbole/Sunit Belapure
2. The right to freedom of expression Copyright  2011 Wiley India Pvt. Ltd. All rights reserved.
Internet Time Theft
 Internet time theft occurs when an unauthorized person uses the Internet
hours paid for by another person. Hot spot
 It comes under hacking because the person gets access to someone else’s
ISP user ID and password, either by hacking or by gaining access to it by
illegal means
Salami Attack/Salami Technique

 These attacks are used for committing financial crimes.
 No account holder will probably notice this unauthorized debit, but the bank
employee will make a sizable amount every month.
Data Diddling
 A data diddling attack involves
altering raw data just before it is
processed by a computer and then
changing it back after the
processing is completed.
 Electricity Boards in India have
been victims to data diddling
programs inserted when private
parties computerize their systems.
Forgery
• Forging counterfeit currency notes, postage and revenue stamps,
marksheets, etc. using sophisticated computers, printers and scanners.
Web Jacking
• Web jacking occurs when someone forcefully takes control of a website (by
cracking the password and later changing it).
Newsgroup Spam/Crimes Emanating from Usenet Newsgroup

• The advent of Google Groups, and its large Usenet archive, has made
Usenet more attractive to spammers than ever.
• Spamming of Usenet newsgroups actually predates E-Mail Spam.
Industrial Spying/Industrial Espionage

• “Spies” can get information about product finances, research and
development and marketing strategies, an activity known as “industrial
spying.”
• “Targeted Attacks” - applies very well to organizations that are victim of
focused attacks aiming at stealing corporate data, Intellectual Property or
whatever else that may yield a competitive advantage for a rival company.
• There are two distinct business models for cybercrime applied to industrial
spying
 Selling Trojan-ware
 Selling Stolen Intellectual Property.
Hacking
Hackers, crackers and phrackers are some of the oft-heard terms. The original
meaning of the word “hack” meaning an elegant, witty or inspired way of doing
almost anything originated at MIT.
 Hackers write or use ready-made computer programs to attack the target

computer.
 They possess the desire to destruct and they get enjoyment out of such
destruction.
 Some hackers hack for personal monetary gains, such as stealing credit card
Online Frauds
information, transferring money from various bank accounts to their own
Types of crimes under
account followed bythe categoryof
withdrawal ofmoney.
hacking
 Spoofing website and E-Mail security alerts
 Hoax mails about virus threats
 lottery frauds
 Spoofing.
Spoofing websites and E-Mail security threats
o Fraudsters create authentic looking websites that are actually nothing but a
spoof.
o The purpose of these websites is to make the user enter personal
information which is then used to access business and bank accounts
o This kind of online fraud is common in banking and financial sector.
o It is strongly recommended not to input any sensitive information that might
help criminals to gain access to sensitive information, such as bank account
details, even if the page appears legitimate.
Virus hoax E-Mails
o The warnings may be genuine, so there is always a dilemma whether to take them
lightly or seriously.
o A wise action is to first confirm by visiting an antivirus site such as McAfee, Sophos
or Symantec before taking any action, such as forwarding them to friends and
colleagues.
Lottery frauds
o Typically letters or E-Mails that inform the recipient that he/she has won a prize in a
lottery.
o To get the money, the recipient has to reply, after which another mail is received
asking for bank details so that the money can be directly transferred.
Spoofing
o A hacker logs-in to a computer illegally, using a different identity than his own.
Pornographic
o He creates a newOffenses
identity by fooling the computer into thinking that the hacker is
“Child pornography”
the genuine includes:
system operator and then hacker then takes control of the system.
1. Any photograph that can be considered obscene and/or unsuitable for
the age of child viewer;
2. film, video, picture;
3. computer-generated image or picture of sexually explicit conduct
where the production of such visual depiction involves the use of a
minor engaging in sexually explicit conduct.
 As the broad-band connections get into the reach of more and more
homes, larger child population will be using the Internet and therefore
greater would be the chances of falling victim to the aggression of
pedophiles. Cyber Security by Nina Godbole/Sunit Belapure
Software Piracy
 Theft of software through the illegal copying of genuine programs or the
counterfeiting and distribution of products intended to pass for the original.
Those who buy pirated software

have a lot to lose:
(a) getting untested software that
may have been copied
thousands of times over
(b) the software, if pirated, may
potentially contain hard-drive-
infecting viruses
(c) there is no technical support in
the case of software failure,
that is, lack of technical
product support available to
properly licensed users
(d) there is no warranty protection,
(e) there is no legal right to use
the product, etc.
Economic impact of software
piracy is grave (see Fig. 4).

Computer Sabotage
It is the use of the Internet to hinder the normal functioning of a computer
system through the introduction of worms, viruses or logic bombs. It can be
used to gain economic advantage over a competitor, to promote the illegal
activities of terrorists or to steal data or programs for extortion purposes.
Logic bombs are event-dependent programs created to do something only
when a certain event (known as a trigger event) occurs. Some viruses may
be termed as logic bombs.
E-Mail Bombing/Mail Bombs

 It refers to sending a large number of E-Mails to the victim to crash
victim’s E-Mail account or to make victim’s mail servers crash (in the case
of a company or an E-Mail service provider).
 Computer program can be written to instruct a computer to do such tasks
on a repeated basis.
Usenet Newsgroup as the Source of Cybercrimes

Usenet is a popular means of sharing and distributing information on the
Web with respect to specific topic or subjects. It is a mechanism that allows
sharing information in a many-to-many manner. The newsgroups are spread
across 30,000 different topics.

Computer Network Intrusions
 Computer Networks pose a problem by way of security threat because people
can get into them from anywhere.
 The cracker can bypass existing password protection by creating a program to
capture logon IDs and passwords.
 The practice of “strong password” is therefore important.
Password Sniffing
 Password Sniffers are programs that monitor and record the name and
password of network users as they login, jeopardizing security at a site.
 Whoever installs the Sniffer can then impersonate an authorized user and
login to access restricted documents.
Credit Card Frauds

 Millions of dollars may be lost annually by consumers who have credit card
and calling card numbers stolen from online databases.
 Bulletin boards and other online services are frequent targets for hackers who
want to access large databases of credit card information.
Identity Theft
 Identity theft is a fraud involving another person’s identity for an illicit
purpose.
 This occurs when a criminal uses someone else’s identity for his/her own
illegal purposes.
 The cyberimpersonator can steal unlimited funds in the victim’s name without
the victim even knowing about it for months, sometimes even
Copyright  2011 Wiley for
India Pvt.years!
Ltd. All rights reserved.
Cybercrime: The Legal Perspectives
Computer Crime: Criminal Justice Resource Manual (1979)
 The first comprehensive presentation of computer crime
 computer-related crime was defined in the broader meaning as: any illegal act
for which knowledge of computer technology is essential for a successful
prosecution.
Cybercrime:
 outcome of “globalization.”
 Globalized information systems accommodate an increasing number of
transnational offenses.
This problem can be resolved in two ways:
1. Divide information systems into segments bordered by state boundaries
2. Incorporate the legal system into an integrated entity obliterating these state
boundaries
Cybercrimes: An Indian Perspective

India has the fourth highest number of Internet users in the world.
 there are 45 million Internet users in India
 37% - from cybercafes
 57% of users are between 18 and 35 years.
 A point to note is that the majority of off enders were under 30 years.
 About 46% cybercrime cases were related to incidents of
cyberpornography
 In over 60% of these cases, off enders were between 18 and 30 years.
Cybercrime and the Indian ITA 2000 Copyright  2011 Wiley India Pvt. Ltd. All rights reserved.
419 CHEATING BY IMPERSONATING

420 CHEATING BY PROPERTY

Computer Emergency Response

Team


Hacking and the Indian Law(s)
 Cybercrimes are punishable under two categories: the ITA 2000 and the IPC.
 A total of 207 cases of cybercrime were registered under the IT Act in 2007
compared to 142 cases registered in 2006.
 Under the IPC too, 339 cases were recorded in 2007 compared to 311 cases in
2006.
A Global Perspective on Cybercrimes
 In Australia, cybercrime has a narrow statutory meaning as used in the Cyber
Crime Act 2001, which details offenses against computer data and systems.
 In the Council of Europe’s (CoE’s) Cyber Crime Treaty, cybercrime is used as
an umbrella term to refer to an array of criminal activity including offenses
against computer data and systems, computer-related offenses, content
offenses and copyright offenses.
 Recently, there have been a number of significant developments such as
1. August 4, 2006 Announcement: The US Senate ratifies CoE Convention on
Cyber Crime.
2. In August 18, 2006, there was a news article published “ISPs Wary About
‘Drastic Obligations’ on Web Site Blocking.”
3. CoE Cyber Crime Convention (1997–2001) was the first international
treaty seeking to address Internet crimes by harmonizing national laws,
improving investigative techniques and increasing cooperation among
nations.
Cybercrime and the Extended Enterprise
 It is the responsibility of each user to become aware of the threats as well as
the opportunities that “connectivity” and “mobility” presents them with.
 Extended enterprise - represents the concept that a company
Copyright  2011 isLtd.
Wiley India Pvt. made upreserved.
All rights
Cybercrime Era: Survival Mantra for the Netizens
Netizen
 Netizen is someone who spends considerable time online and also has a
considerable presence online (through websites about the person, through
his/her active blog contribution and/or also his/her participation in the online
chat rooms).
 The 5P Netizen mantra for online security is: (a) Precaution, (b) prevention,
(c) Protection, (d) Preservation and (e) Perseverance.
 For ensuring cybersafety, the motto for the “Netizen” should be “Stranger is
Danger!”

GOOGLE CLASSROOM CODE

Module1 Cyber Security

Uploaded by

Copyright:

Available Formats

Module1 Cyber Security

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Module1 Cyber Security

Uploaded by

Copyright:

Available Formats

Chapter 1

Internet has undeniably opened a new way of exploitation known

Cyber Security by Nina Godbole/Sunit Belapure

The definitions of computer crime:

1. Any illegal act where a special knowledge of computer technology

The term “cybercrime” relates to a number of other terms such as:

Cyber Security by Nina Godbole/Sunit Belapure

1. Increasing Internet Penetration:

India has witnessed a significant surge in internet penetration over

2. Digital Transformation and E-commerce Boom:

The digital transformation wave in India has led to a boom in e-

Cyber Security by Nina Godbole/Sunit Belapure

3. Lack of Cybersecurity Awareness and Education:

4. Weak Cybersecurity Infrastructure:

India's cybersecurity infrastructure is still evolving, and it faces

Cyber Security by Nina Godbole/Sunit Belapure

1. Techno-crime: A premeditated act against a system or systems, with the

Cybercrimes differ from most terrestrial crimes in four ways:

Cyberterrorism is defined as “any person, group or organization who, with

Cyber Security by Nina Godbole/Sunit Belapure

Cyber Security by Nina Godbole/Sunit Belapure

Indian Information Technology Act (ITA 2008) provides a new focus on

Typical network misuses are for:

Cyber Security by Nina Godbole/Sunit Belapure

Cyber Security by Nina Godbole/Sunit Belapure

Cyber Security by Nina Godbole/Sunit Belapure

Cyber Security by Nina Godbole/Sunit Belapure

Salami Attack/Salami Technique

Newsgroup Spam/Crimes Emanating from Usenet Newsgroup

Industrial Spying/Industrial Espionage

 Hackers write or use ready-made computer programs to attack the target

Those who buy pirated software

Cyber Security by Nina Godbole/Sunit Belapure

E-Mail Bombing/Mail Bombs

Usenet Newsgroup as the Source of Cybercrimes

Cyber Security by Nina Godbole/Sunit Belapure

Credit Card Frauds

Cybercrimes: An Indian Perspective

419 CHEATING BY IMPERSONATING

Cyber Security by Nina Godbole/Sunit Belapure

Computer Emergency Response

Cyber Security by Nina Godbole/Sunit Belapure

Cyber Security by Nina Godbole/Sunit Belapure

Cyber Security by Nina Godbole/Sunit Belapure

You might also like