CS

5.Cyber Security

5.1

 Introduction to Cyber Crimes :

 “Cybercrime (computer crime) is any illegal behavior, directed by means of electronic operations,
that target the security of computer systems and the data processed by them”.
 Hence cybercrime can sometimes be called as computer-related crime, computer crime, E-crime,
Internet crime, High-tech crime.
 Two types of attacks are common:
- Techno- crime : Active attack
Techno Crime is usually pre-meditated and results in the deletion, corruption, alteration, theft or
copying of data on an organization's systems.

- Techno – vandalism: Passive attack

Techno Vandalism is a term used to describe a hacker or cracker who breaks into a
computer system with the sole intent of defacing and or destroying its contents.

 Who are Cybercriminals?

Are those who conduct acts such as:
 Child pornography
 Credit card fraud
 Cyberstalking
 Defaming another online
 Gaining unauthorized access to computer systems
 Ignoring copyrights
 Software licensing and trademark protection
 Overriding encryption to make illegal copies
 Software piracy
 Stealing another’s identity to perform criminal acts

Note: (Don’t go at deep for all the below topics till 5.2)

 Hacking :
 Every act committed toward breaking into a computer and/ or network is known as
hacking.
 Hacking is the process of finding some security holes in a computer system or network in
order to gain access to personal or corporate information.
 One example of computer hacking is the use of a password cracking technique to gain
access to a computer system.
 The process of gaining illegal access to a computer system, or a group of computer systems,
is known as hacking.
 Types of Hacking/Hackers:
1. Ethical Hacking (White Hat Hacking):
 Ethical hackers, also known as white hat hackers, are individuals or security professionals
who use their hacking skills for legitimate, lawful purposes.
 They may be employed by organizations to identify vulnerabilities in their systems,
networks, or applications and help patch those vulnerabilities before malicious hackers
can exploit them.
 Ethical hacking is an important part of cybersecurity as it helps improve the security of
systems.
2. Malicious Hacking (Black Hat Hacking):
 Malicious hackers, or black hat hackers, engage in hacking activities with malicious intent.
 They may seek financial gain, steal sensitive information, or disrupt services. T
 his type of hacking is illegal and can result in criminal charges.

3. Gray Hat Hacking:

 Gray hat hackers operate in a somewhat ambiguous ethical space.
 They may discover and exploit vulnerabilities without authorization but do not necessarily have
malicious intent.
 They might notify the affected parties afterward or release information about the vulnerability.

 Cracking :
 Cracking is a technique used to breach computer software or an entire computer security system,
and with malicious intent.
 Cracking is the process of gaining unauthorized access with the intention of causing damage.
 while hacking truly applies only to activities having good intentions.
 Types of Cracking
- Password Cracking
- Software cracking
- Network cracking
- Application cracking
 - Wireless cracking

 Pornography :
 Pornography means an act by using cyberspace to create, display, distribute, import, or publish
obscene materials, especially materials related to children who are engaged in sexual acts with
adults.
 This term refers to any visual representation, including but not limited to:
1. Any photograph that can be considered obscene and/ or unsuitable for the age of child viewer.
2. Film ,video, picture.
3. Obscene Computer generated image or picture.

 Software Piracy :
 Software piracy is the illegal and unethical act of unauthorized copying, distribution, or use of
software without proper licenses or permissions, violating intellectual property rights and causing
severe consequences.
 Types of Software Piracy:
 1. End-User Piracy: This occurs when an individual or organization uses unauthorized copies
of software without the appropriate licenses. It includes using a single licensed copy on multiple
computers or obtaining and using software without a valid license.
2. Hard-Disk Loading: This happens when a computer vendor or reseller pre-installs
unauthorized copies of software on computers they sell, without obtaining the necessary licenses.
3. Counterfeiting: This involves creating fake or counterfeit copies of software, often with the
intent to sell them as genuine products.
4. Internet Piracy: The unauthorized distribution and downloading of software from the
internet, often through torrent sites or file-sharing networks, is a common form of software piracy.

 Buying Pirated software have a lot to lose:

 Getting untested software that may have been copied thousands of times.
 Potentially contain hard-ware infecting viruses
 No technical support in case of software failure
 No warranty protection
 No legal right to use the product

 Intellectual Property :
 Intellectual property (IP) refers to legal rights that are granted to individuals or entities for their
creations or inventions of the mind.
 Intellectual property is a form of protection that allows creators, inventors, and innovators to
have exclusive rights to their work to make it unlawful to copy or reuse that work without the
owner’s permission. It is a part of property law.
 There are numerous types of tools of protection that come under the term “intellectual property”.
Notable among these are the following:
1. Copyright: Copyright protects original works of authorship, such as literary works, music, art, and
software. It gives creators the exclusive right to reproduce, distribute, and display their works.
Copyright protection typically lasts for the life of the creator plus 50 to 70 years.

2. Trademark: Trademarks protect symbols, names, and slogans used to identify and distinguish
goods and services. This helps consumers identify the source or origin of products. Trademarks
are renewable as long as they are in use.

3. Patent: Patents protect inventions or discoveries, granting the inventor exclusive rights to make,
use, and sell the invention for a specified period (usually 20 years). In return, inventors must
disclose their invention to the public.
4. Industrial Design Rights: These rights protect the visual design of objects, such as the shape or
surface of a product.

5. Database Rights: In some jurisdictions, there are rights associated with the compilation and
maintenance of databases.
 Advantages of Intellectual Property Rights
- It provides exclusive rights to the creator’s or inventor’s.
- It gives freedom to inventor to share his knowledge without keeping its secret.
- It helps to creator financially.
- It provides legal defence to the creator.

 Legal System of Information Technology:

 The legal system of information technology, often referred to as IT law or Cyber law, encompasses
a body of laws and regulations designed to address legal issues and challenges in the digital and
technology-driven world.
 These legal principles and regulations cover various aspects of information technology, including
data privacy, cybersecurity, e-commerce, intellectual property, and more.
 The legal system of information technology can vary by country or region, but there are common
t2hemes and principles that are often shared globally.
 The legal system of information technology covers a wide range of areas, including:
- Data Privacy and Protection
- Cybersecurity
- Intellectual Property
- Digital Signatures and Authentication
- Electronic Transactions and Records
- Cybercrimes
- Artificial Intelligence and Emerging Technologies
- Cryptocurrency and Blockchain
- Cloud Computing and Data Localization

 Mail Bombs :
 A "mail bomb," also known as an "email bomb" or "letter bomb" (not to be confused with a
physical explosive device sent via postal mail).
 Itis a form of cyberattack in which an individual or group sends a massive volume of emails to a
specific email address or domain with the intent of overwhelming the recipient's email server and
disrupting their email service.
 This can have serious consequences, including making the email system unusable for the intended
recipient or causing network congestion.
 Volume: In a mail bomb attack, a large number of emails are sent to the target's email address,
typically in a short period of time. This volume can vary, but it is generally enough to cause
problems for the recipient's email server or client.
 Intent: The intent behind a mail bomb is often malicious. Attackers may want to disrupt the
target's email service, overwhelm their inbox, or cause inconvenience and frustration.
 Denial of Service (DoS): A mail bomb is a type of Denial of Service (DoS) attack. By flooding the
recipient's email system with messages, the attacker aims to render it temporarily or even
permanently unavailable.

 Bug Exploits :
 "Bug exploits," often referred to as "exploits, is a piece of code, a chunk of data, or a sequence of
commands that takes advantage of a software vulnerability or security flaw in an application or a
system to cause unexpected behaviour to occur.
 Exploits are used to gain unauthorized access, control, or manipulate a computer system,
application, or network.
 They can be used for various purposes, including spreading malware, stealing data, disrupting
services, or gaining control over a compromised system.
 Exploits take advantage of a security flaw in an operating system, computer system, Internet of
Things (IoT) device, piece of software or other security vulnerability.
 Once an exploit has been used, it becomes known to the software developers of the vulnerable
system, often fixed through a patch, and becomes unusable.

 Cyber Crime Investigation :

 Cybercrime investigation is the process of identifying, tracking, and prosecuting individuals or
groups involved in illegal activities conducted on the internet or through computer systems.
 These investigations are conducted by law enforcement agencies, cybersecurity professionals, and
other experts to uncover and gather evidence related to cybercrimes.
 Cybercrime investigations are complex and time-consuming, requiring technical expertise, legal
knowledge, and collaboration among entities to identify and bring cybercriminals to justice while
mitigating their impact on individuals, organizations, and society.
5.2 Introduction Cyber Laws :

 Cyber law, also known as cybercrime law or IT (Information Technology) law, is a branch of legal
studies and regulations that specifically addresses legal issues related to the use of digital
technology, the internet, and computers. Cyber law encompasses a wide range of topics and
concerns.
 These laws aim to establish guidelines for internet activities,protect digital assets and combat (to
struggle againts) cybercrimes.
 Two significant pieces of legislation in India that provide the legal founadation for addressing
cyber related issues are the information technology Act, 2000 and its subsequent amendment in
2008.

 Introduction to IT act 2000 and IT act 2008 :

Aspects IT Act 2000 IT Act 2008

Enacted Enacted in year 2000. Passed in year 2008
Purpose Facilitate e-commerce ad regulate Enhance cyber security and address
digital activities. emerging cyber threats.
Key Provision 1. Recognition of D.S. 1. Introduction to data privacy
2. Data protection regulaions. 2. Definition and penalties for cyber
3. Rules for electronic contracts. crimes.
4. Provisions for computer crimes 3. Inclusion of provisions for cyber
terrorism.
4. Classification of intermediaries
liabilities
Punishments Prescribes penalties varying in Strict penalties including
severity imprisonment and fines
Cyber Security Focused on basic aspects of Expanded definitions of crimes and
cybersecurity enhanced cybersecurity provisions
Cyber Terrorism Did not explicitly address cyber - Added provisions related to cyber
terrorism terrorism
Intermediaries Did not provide detailes definitions or Defined the responsibilities and
Liability regulations liabilities of intermediaries
Adjudication body Did not establish specific adjudication Established adjudication bodies to
bodies resolve disputes more efficiently
 Introduction to Cyber Laws :

 Cyber Law also called IT law is the law regarding information technology including computers and
internet.
 Cyber Law is the law governing cyber space. Cyber space is a very wide term and includes
computers, networks, software, data storage devices (such as hard disks, USB disks etc), the
Internet, websites, emails and even electronic devices such as cell phones, ATM machines etc.
 Cyber law encompasses laws relating to:
1. Cyber Crimes
2. Electronic and Digital Signatures
3. Intellectual Property
4. Data Protection and Privacy

 Need for Cyber Law:

1. Regulate Digital Activities: The goal is to establish legal frameworks to regulate online activities,
safeguard rights, and resolve digital disputes(conflicts/controversy).
2. Intangible : Define and prosecute cybercrimes like hacking, identity theft, and online fraud to
deter and penalize malicious behavior.
3. Safeguard Privacy: Protect individuals' digital privacy, data, and personal information from
unauthorized access and misuse.
4. Address Intellectual Property: Protect digital content and inventions through copyright,
trademark, and patent laws.
5. Govern Cybersecurity: Regulate and establish standards for cybersecurity practices to protect
critical infrastructure and sensitive data.
5.3 Cyber Forensics :

 Cyber Forensic Introduction :

 Cyber forensics, also known as digital forensics, is the process of collecting, preserving,
analyzing and presenting electronic evidence in order to investigate and prevent cybercrimes
and other digital incidents.
 Determining the past actions that have taken place on a computer system using computer
forensic techniques .
 It encompasses various areas such as Computer Forensic, Network Forensics, and Mobile
Device Forensics.
 Objectives:

 To identify and recover digital evidence.

 To preserve the integrity of evidence.
 To analyze digital artifacts.
 To present findings in a clear and understandable manner during legal proceedings.
 Who uses Computer Forensics?
 Law Enforcement
 Private Computer Forensic Organizations
 Military
 University Programs
 Computer Security and IT Professionals

 Forensic Tools :
 Forensic tools, also known as digital forensics tools, are specialized software applications and
hardware devices used by digital forensic investigators and cybersecurity professionals to collect,
preserve, analyze, and present electronic evidence during investigations.
 Here are some common types of forensic tools and their functionalities:
1. EnCase (Disk Imaging Tool) :
- A popular commercial tool for creating forensic images of disks and analyzing data.

2. Recuva (Data Recovery Tool) :

- A user-friendly tool for recovering deleted files on Windows systems.

3. Autopsy (File System Analysis Tool):

- An open-source digital forensic platform that includes various modules for file system analysis,
registry analysis, and keyword searching.

4. Wireshark (Network Analysis Tool):

- An open-source network protocol analyzer for capturing and analyzing network traffic.

5. SQLite Forensic Explorer(Database Forensic Tool):

- A tool for examining SQLite databases often used in mobile apps and various software applications.

6. Audacity (Audio Forensic Tool):

- An open-source audio editing tool that can be used to analyze and enhance audio recordings.

 Forensic Techniques :

 Cyber forensic techniques, also known as digital forensic techniques, are methods and procedures
used by digital forensic investigators to collect, preserve, analyze, and interpret electronic
evidence in a systematic and legally sound manner. Here are some common cyber forensic
techniques:
1. Reverse-steganography :
 The process of attempting to hide data inside a digital message or file is called steganography.
 Reverse-steganography happens when computer forensic specialists look at the hashing of a
message or the file contents.
 A hashing is a string of data, which changes when the message or file is interfered with.
2. Evidence Collection:
 Collecting electronic evidence from various sources, including hard drives, memory, network logs,
and cloud storage.
 Using specialized forensic tools to create forensic images and acquire data from digital devices.

3. Data Recovery:
 Employing data recovery techniques to retrieve deleted, damaged, or hidden data, such as files or
database records.
4. Memory Analysis:
 Examining the contents of computer memory (RAM) to identify running processes, malware, open
files, and system activity.
5. Malware Analysis:

 Dissecting (study in detail) and analyzing malicious software (malware) to understand its

behavior, functionality, and impact on the affected system.

6. Keyword Searching:

 Conducting keyword searches to identify relevant data, documents, or communication related to

the investigation.

 Investigating the Crime Scene :

 Cybercrime investigations focus on collecting digital evidence, preserving the integrity of that
evidence, and understanding how cybercrimes occurred.
 Here are the key steps involved in investigating a cybercrime scene:
1. Preservation of Evidences:
It's crucial to ensure that digital evidence is preserved in a forensically sound manner and isolating
them to prevent alteration of evidence.
2. Documentation:
Document the physical and digital environment, including photographs, sketches, and descriptions of
the crime scene. Take note of the hardware, network configurations, and any signs of intrusion or
unauthorized access.
3. Chain of Custody:
Establish and maintain a clear chain of custody for all digital evidence. Document who handles the
evidence, when, and what actions are taken.
4. Imaging:
Creating forensic images of storage media to preserve Data integrity. During the image process it is
insured that no changes are made to the original data.
 Rules of Evidence :
 Admissable(accepted): Digital evidence must met certain criteria to be admissable in court. It
should be relevant authentic and not hearsay(unverified).
 Hearsay Rule : Hearsay is generally not admissible. Hearsay is an out-of-court statement offered
for the truth of the matter asserted.
 Relevance: Evidence must be relevant to the case at hand. It should have a logical connection to
the facts in dispute, helping to prove or disprove an issue in the case.
 Expert Testinomy: In many cases, a qualified cyber forensic expert is required to present and
explain the digital evidence to the court.
 Best Evidence Rule: The best evidence rule requires that the original document or the best
available evidence be presented in court. Copies or secondary evidence may be admitted if the
original is unavailable.