Introduction to Cyber Security

COURSE CODE: BETCK105I

TEXTBOOK: Sunit Belapure and Nina Godbole, “Cyber Security:

Understanding Cyber Crimes, Computer Forensics And Legal
Perspectives”
 MODULE 1: Cybercrime
Cybercrime Introduction:
 Almost everyone is aware of phenomenal growth of the internet. Given the unrestricted number of a
free websites, the internet as undeniably opened a new way of exploitation known as a cybercrime.

 The term cybercrime is used to describe a unlawful activity in which computer or computing devices
such as smartphones, tablets, PDA’s etc. which are part of a network are used as a tool and target of
criminal activity.

 It is often committed by the people of destructive and criminal mindset either for revenge, greed.
Cybercrime is not a new phenomenon. the first recorded cybercrime took place in the year 1820.

 It is one of the most talked about topics in the recent years.

 Contd..
• The situation in India is not any better, Indian corporate and government sites have been attacked or
defaced more than 780 Times between 2000 and 2009.

• ICANN-Internet Corporation for Assigned Domain Names and Numbers.

• WIPO-Worlds Intellectual Property Organization-will take care of the Intellectual Property Rights
(IPR).

• IPR are Copyright, Patent, Trade mark, Trade secret.

• UDRP-Uniform Dispute Resolution Policy for Domain name

 CYBERCRIME: DEFINITION AND ORIGINS OF THE WORD

• Alternative definitions of Cybercrime are as follows:

1. Any illegal activity done through the Internet or on the computer. All criminal activities done
using the medium of computers, the Internet, cyberspace and the WWW.

2. Any financial dishonesty that takes place in a computer environment.

3. Any threats to the computer itself, such as theft of hardware or software, damage and demands for
money.

4. “Cybercrime (computer crime) is any illegal behavior, directed by means of electronic operations,
that targets the security of computer systems and the data processed by them.”
 Contd..
synonyms of Cybercrimes are

• Computer-related crime

• Computer crime

• Internet crime

• E-crime

• High-tech crime, etc.

 Contd..
• Types of Attacks in Cyber security.
1. techno crime
2. techno vandalism
1.techno crime: A premeditated act against a system or systems, with the intent to copy, steal,
prevent access, corrupt or otherwise deface or damage parts of or the complete computer system.
 The 24/7 connection to the internet makes this type of Cybercrime a real possibility to engineer
from anywhere in the world.
2. techno vandalism:

 These acts of “brainless” defacement of websites and/or other activities, such as copying files and
publicizing their contents publicly, are usually opportunistic in nature.

 Tight internal security, allied to strong technical safeguards should prevent the vast majority of
such incidents.
 Contd..
Important Definitions related to Cyber Security:

• Cyber space: It is now used to describe the internet and other computer networks.
• In terms of computer science, cyberspace is a worldwide network of computer networks that uses
the transmission control protocol or internet protocol for communication to facilitate transmission
and exchange of data.

• Common Factor in almost all definition of cyber space is the sense of place that they convey -
cyberspace is most definitely a place where you chat, explore, research and play.
 Contd..
• Cybersquatting: Cybersquatting means registering selling or using a domain name with the
intent of profiting from the Goodwill of someone else trademark (TM). In this nature, it can be
considered to be a type of cybercrime.

• Cybersquatting is the practice of buying domain names that have existing businesses names.

• In other words, cybersquatting involves the preemptive registration of trademarks by 3rd parties as
domain names. it is done with the intent to sell those domain names to earn Profit.

• Amul is India’s one of the biggest dairy companies with a sales turnover of over 38,550 crore
Indian rupees (approximately US$5.28 billion, or 385,500,000,000 Indian Rupees) for the financial
year 2019-2020.
 Contd..

• The company became the victim of cybersquatting when someone bought the following
domains and made phishing sites:

Amuldistributor.com

Amulboard.com

Amufran.org.in

Amuldistributorindia.com
 Contd..
• Cyber terrorism:
 This term was introduced in 1997 by Barry Collin, a senior research fellow at the institute for Security and
Intelligence in California.

 Cyberterrorism seems to be a controversial term. The use of information technology and means by terrorist
groups & agents is called as Cyberterrorism.

 “The premeditated use of disruptive activities, or the threat there of, against computers and/or networks,
with the intention to cause harm or further social, ideological, religious, political or similar objectives or to
intimidate any person in furtherance of such objectives.”

(or)

 Cyberterrorism is defined as “any person, group or organization who, with terrorist intent, utilizes
accessing a computer or computer network or electronic system or electronic device by any available
means and thereby knowingly engages in or attempts to engage in a terrorist act commits the offence of
 Contd..
• Cybernetics:

 Cybernetics deals with information and its use. It is the study of controls of any system by using
technology.

 Cybernetics is the science that overlaps the fields of neurophysiology, information theory,
computing machinery and automation.

 Worldwide, including India, cyberterrorists usually use computer as a tool, target for their
unlawful act to gain information.
 Contd..
• Phishing:
 Phishing is a cyber attack that uses disguised email as a weapon.

 Phishing is a form of online identity theft that aims to steal sensitive information such as online
banking passwords, credit card information from users etc.
(or)

 Inotherwords It is an attempt by an individual or a group to thieve personal confidential

information such as passwords, credit card information from unsuspecting victims for identity

theft, financial gain & other fraudulent activities.

 Contd..
• Cyberpunk:

 The two basic aspects of cyberpunk are technology and individualism

 Cyberpunk is a subgenre of science fiction in a dystopian futuristic life said to focus on a

combination of "low-life and high-techlife”.

 What is cyberpunk effect?

 Tall buildings, smoke filled rooms, people on the margins of society, late nights, bright signs.
 Contd..
• Cyberwarfare:

 It is the use of computer network to disrupt the activities of a state or organization,

especially the deliberate attacking of information system for strategic or military purpose.

 It refers to information resources, including communication systems that support an

industry, institution. Cyber-attacks are often presented as military forces and the internet
has major implications for espionage and warfare.
 Cybercrime Contd..
1.3. Cybersecurity and Information Security:
 Cyber security and Information security are two ways to protect important information.

 Cyber security is about keeping computer systems and networks safe from bad people who try to
break in or cause harm online.

 It deals with things like stopping hackers, fixing computer problems, and making sure websites
work properly.

 Information security, on the other hand, is about keeping all kinds of information safe, whether it’s
on computers or not.

 This includes protecting paper files, keeping secrets, and making sure only the right people can see
or use important information.

 While cyber security focuses on the internet and computers, information security covers a wider
range of ways to keep information safe in all forms.
 Contd..
Q: WHO ARE CYBERCRIMINALS?

A:Cybercriminals are those who conduct act such as child

pornography; credit card fraud, cyber stalking, defame another
online; gaining unauthorized access to a computer system; ignoring
copyright, software licensing and Trademark protection; overriding
encryption to make illegal copies; software piracy and stealing
another's identity to perform criminal acts.
 Contd..
• Types of Cybercriminals:
We have three types of Cybercriminals:
Type I: Cybercriminals hungry for recognition
Type II: Cybercriminals not interested in recognition
Type III: Cybercriminals the insiders

1. Type I: Cybercriminals – hungry for recognition

• Hobby hackers;
• IT professionals (ethical hackers);
• Politically motivated hackers;
• Terrorist organizations.
 Contd..
2.Type II: Cybercriminals – not interested in recognition
• Psychological perverts;
• financially motivated hackers (corporate espionage);
• state-sponsored hacking (national espionage, sabotage)
• organized criminals
3.Type III: Cybercriminals – the insiders

• Disgruntled or former employees seeking revenge;

• Competing companies using employees to gain economic advantage through

damage and/or theft.
 Contd..
• Classifications of Cybercrimes:
 Contd..

• The Cybercrimes are also classified as below based on the crimes victims number and groups
or on society.

1. Cybercrime against individual

2. Cybercrime against property

3. Cybercrime against organization

4. Cybercrime against society

5. Crimes emanating from Usenet newsgroups

 Contd..
1. Cybercrime against individual:
 Electronic mail email spoofing and other online frauds
 Phishing Spear phishing and its various other forms such as vishing and smishing
 Spamming
 Cyber defamation
 Cyberstalking and harassment
 Computers sabotage
 Pornography offences
 Password sniffing this also belongs to the category of Cybercrime against organization because the
use of password could be an individual for his or her personal work or the work here or she is doing
using the computer that belongs to an organization.
 Contd..
2.Cybercrime against property:
 Credit card frauds
 Intellectual property crimes basically IP crimes include software piracy copyright infringement
trademarks violations theft of computer source code etc.,
 Internet time theft

3. Cybercrime against organization:

 Unauthorized accessing of computer - hacking is one method of doing this and hacking is a
punishable offence
 Password sniffing
 Denial-of-service attacks
 Virus attacks dissemination of viruses
 Email bombing or mail bombs
 Contd..
 Salami attack or Salami technique

 Logic bomb

 Trojan horse

 Data diddling

 Crimes emanating from Usenet newsgroups

 Industrial spying/Industrial espionage

 Computer network instructions

 Software piracy
 Contd..
4. Cybercrime against society:
 Forgery
 Cyber terrorism
 web jacking
5. Crimes emanating from Usenet newsgroups:
 Newsgroup spam is a type of spam where the targets are Usenet newsgroups. Usenet convention
defines spamming as excessive multiple posting, i.e. repeated posting of a message or very similar
messages to newsgroups.
Contd..
 Contd..
• Explain the following crimes with examples:
a) Email Spoofing: A Spoofed E-mail is one that appears to originate from one source but
actually has been sent from another source. It is a threat that involves sending email messages
with a fake sender address.
b) Spamming: It means sending multiple copies of unsolicited mails for mass emails such as
chain letters difficult to control. It is distributed through text messages( SMS), phone calls,
social media.
c) Cyberdefamation: Cyberdefamation occurs when defamation takes place with the help of a
computer and/or internet. For example, someone publishing defamatory matter about someone's
website or send emails contain defamatory information to all friends of that person.
d) Internet time theft: The usage of the internet hearts by an unauthorized person which is
actually paid by another person. Internet time theft comes under hacking because the person get
access to someone else ISP, user ID and password through the legal measures.
e) Salami attack or Salami technique: It is a type of cybercrime that attacker or hackers typically
used to commit financial crimes. These types of attacks occur when negligible amount received
removed and accumulated into something larger from bank accounts these attacks are used for
the commission of a financial crimes.
Example: attackers withdrawing rupees to from every customer's account.
 Contd..

f) Data diddling: It is a type of cybercrime in which data is altered as it is entered into a computer
system, most often done by a data entry clerk. Computerized processing of the altered data results in a
fraudulent benefit. Example: It is often used when businesses and individuals want to hide part of
their profits for tax evasion purposes.

g) Forgery: Currency notes, revenue stamps, marksheets, fake certificate, etc., can be formed using
computers and high-quality scanners and printers does these types of forgery can be categorised as a
cyber crime.

h) Web jacking: It occurs hackers gain access and control over the website of another, when these
types of attack occurred the attacker can even change the content of website for fulfilling political
objectives for money.

Inotherwords, attackers taking unauthorized control of a websites.

 Contd..
i) Newsgroup spam or crimes emanating from usenet newsgroups: This is one form of spamming
here a large number of messages are posted to various newsgroups. These messages usually relating to a
public matter can be used to create a panic or aggression among the people.

 Usenet is a popular means of sharing and distributing information on the web with respect to specific subject
or topic following criminals use Usenet.

j) Industrial spying for industrial espionage: Spy can get information about product finances research and
development and marketing strategies and activity known as industrial spying these are usually appointed by
competing companies to get the trade secrets of other company.

• Industrials bi may be an insider threats such as an individual who has gained employment with the company
with the purpose of spying or a disgruntled employee who trades information for personal gain or revenge.

• Spice may also contain information through social engineering tactics for example by threatening an
employee in to give privileged information.
 Contd..
K) Hacking: Every act committed towards breaking into computer and or network is hacking. Hacking can
also be defined as gaining unauthorized access to a computer system.

The purpose of hacking can be for money, power, publicity, revenge, desire to access Forbidden information
and destructive mind set.

L) Online frauds: This type of a fraud makes use of the internet and could involve hiding of information or
providing incorrect information for the purpose of tracking victims out of money property and inheritance.

M) Pornography offenses: Child Pornography means visual depictions, cyber-Pornography is a simple word
defined as the act of using cyberspace to create, display, distribute, import or publish Pornography. Child
Pornography is considered as an offense.

• under section 67 of the information technology act 2000 makes this act punishable with imprisonment up
to three years and fine up to 5 lakhs.
 Contd..
• Software piracy: It is theft of software through the illegal copying of Genuine programs or the
counterfeiting and distribution of product intended to pass for the original illegal copying of programs
distribution of copies of software.

• Computer sabotage: The use of internet to find the normal functioning of a computer system through the
introduction of worm's viruses or logical bombs is referred to as a computer sabotage.

 Logical Bombs is a malicious piece of code that secretly inserted into a computer networks or operating
system, any software applications to cause damage e. Note: the sabotage means deliberately destroying.
Inotherwords, Infecting a website with malware is an example of sabotage.

• Email bombing/mail bomb: It refers to sending a large number of emails to the victim to crash victim E-
mail account. A computer program can be written to instruct a computer to do such tasks on a repeated basis.

• The terrorism has hit the Internet in the form of Email bombing. Here the Cybercrime repeatedly send the
email to the particular persons email ID and shut down the entire system.
 Contd..
• Computer Network Intrusion: Crackers can break into computer system from anywhere in
the world on steal data, spreading viruses, create back doors, insert trojan horse or change
username and passwords. Network Intrusion are illegal, but detection and enforcement are
difficult.

 The cracker can bypass existing password protection by creating a program to capture login ID
and password. Here the attacker breaks into a computer network.

• Password sniffing: Password sniffers are program that monitor and record the name and
password of a network uses as the login at a site. Example keyloggers these are computer
programs which one installed into a particular computer system records all the keystrokes and
send it to the attacker so the attacker can get access to user credentials. With the user credentials,
the attacker will login and access restricted documents.
 Contd..
• Credit card frauds:The unauthorized use of an individual credit card or card information to
make purchases from the card holders accounts.

 Example: attacker gaining access to credit card details can make an online shopping the owner of
the account may be unaware of the compromise until the information is actually used to make
purchases. Millions of dollars may be lost annually by consumers who have the credit card.

 PCI-DSS (Payment Card Industry Data Security Standard) is a set of regulations used to avoid the
data theft and to combat credit card fraud.

• Identity theft:Identity theft is a fraud involving another person's identity or illicit purpose this
occurs when a criminal uses someone else identity for his or own illegal purposes.

 Example of obtaining account details of a genuine customer and withdrawing money from the
bank account.
 Contd..

• Pornography offences:
 Child pornography means, any photograph that can be considered obscene and/or unsuitable for the age of
child viewer film. video. picture; or computer generated image or picture of sexually explicit conduct
where the production of such visual depiction involves the use of a minor engaging in sexually explicit
conduct.

o Child pornography is considered an offense.

o Unfortunately, child pornography is a reality of the Internet.

o The Internet is being highly used by its abusers to reach and abuse children sexually, worldwide. In India
too, the Internet has become a household commodity in the urban areas of the nation.

o Its explosion has made the children a viable victim to the cybercrime.

o As the broad-band connections get into the reach of more and more homes, larger child population will be
using the Internet and therefore greater would be the chances of falling victim to the aggression of
pedophiles.
 Contd..
• "Pedophiles" are people who physically or psychologically force minors to engage in sexual
activities, which the minors would not consciously consent to.

• Operational steps taken by pedophiles:

 Step 1: Pedophiles use a false identity to trap the children/teenagers (using "false identity which
in itself is another crime called "identity theft").

 Step 2: They seek children/teens in the kids' areas on the services, such as the Teens BB, Games
BB or chat areas where the children gather.

 Step 3: they befriend children/teens.

 Step 4: they extract personal information from the child/teen by winning his/her confidence.
 Contd..

 Step 5: Pedophiles get E-Mail address of the child/teen and start making contacts on the victim's
E-Mail address as well. Sometimes, these E-Mails contain sexually explicit language.

 Step 6: They start sending pornographic images/text to the victim including child pornographic
images in order to help child/teen shed his/her inhibitions so that a feeling is created in the mind of
the Victim that what is being fed to him is normal and that everybody does it.

 Step 7: At the end of it, the pedophiles set up a meeting with the child/teen out of the house and
then drag him/her into the net to further sexually assault him/her or to use him/her as a sex object.
 Contd..
• What is the main purpose of hacking, explain hacking with examples.
The following are the few main purpose of hacking:

1. Greed;

2. power;

3. publicity

4. revenge

5. adventure

6. desire to access forbidden information;

7. destructive mindset
 Contd..

• Every act committed toward breaking into a computer and/or network is hacking and it is an
offense Hackers write or use ready-made computer programs to attack the target computer.
• They possess the desire to destruct and they get enjoyment out of such destruction.
• Some hackers hack for personal monetary gains, such as stealing credit card information,
transferring money from various bank accounts to their own account followed by withdrawal of
money.
• They extort money from some corporate giant threatening him to publish the stolen information
that is critical in nature.
• The original meaning of the word hack meaning an elegant, witty or inspired way of doing almost
anything originated at MIT The meaning was now changed to become something associated with
the breaking into or harming of any kind of computer or telecommunications system.
• Some people claim that those who break into computer systems should Ideally be called
"crackers" and those targeting phones should be known as "phreaks"
 Contd..
• Hacking and Indian Laws:
• The ITA 2000 was framed after the United Nation General Assembly Resolution in January 30,
1997.

• ITA adopting the Model Law on Electronic Commerce (E-Commerce) adopted by Commission on
the United Nations International Trade Law.

• A total cybercrime were registered under the IT Act in 2007 compared to 142 cases registered
2006.

• Under the IPC in to, 339 cases were recorded in 2007 compared noteworthy to 311 cases in 2006.
The laws, crime details and punishment details given in table below.
Contd..
Contd..
 Contd..
• Global Perspectives on Cybercrime
• statute and treaty law both refer to cybercrime.
• In Australia, cybercrime has a narrow statutory meaning as used in the Cyber Crime Act 2001,
which details offenses against computer data and systems.
• In the Council of Europe's (CoE's) Cyber Crime Treaty, cybercrime is used as an umbrella term to
refer to an array of criminal activity including offenses against computer data and system,
computer-related offenses, content offenses and copyright offenses.
• These crimes based on ICT are called as white-collar crime and economic crime.
• International Telecommunication Union (ITU) survey conducted in 2005, shows the taking of
actions against Spam.
• E-Mail Spam legislation mention in Section 67 of the Indian ITA 2000.
• Spam acts a vehicle to spread viruses and worms.
• Spam mails to try to get the financial information such as account numbers and passwords.
 Contd..
• 1. August 4, 2006 Announcement:
• The US Senate ratifies CoE Convention on Cyber Crime. The convention targets hackers, those
spreading destructive computer viruses.
• Those using the Internet for the sexual exploitation of children or the distribution of racist
material, and terrorists attempting to attack infrastructure facilities or financial institutions.
• In August 18, 2006, there was a news article published "ISPs Wary About Drastic Obligations' on
Web Site Blocking.“
• 2. European Union (EU): Here officials want to debar suspicious websites as part of a 6-
point plan to boost joint antiterrorism activities.
• They want to block websites that incite terrorist action.
• 3. CoE Cyber Crime Convention (1997-2001): was the first international treaty
seeking to address Internet crimes by harmonizing national laws, improving investigative
techniques and increasing cooperation among nations.
 Contd..
• Cybercrime and the Extended Enterprise:
• This term represents the concept that a company is made up not just of its employees, its board
member and executives, but also its business partners, its suppliers and even its customers.

• The extended enterprise can only be successful if all of the component groups and individuals
have the information, they need in order to do business effectively. Extended enterprise is shown
in figure below.
 Contd..

• An extended enterprise is a "loosely coupled, self-organizing network' of firms that combined their
economic output to provide "products and services" offerings to the market.

• Firms in the extended enterprise may operate independently, for example, through market
mechanisms or cooperatively through agreements and contracts.

• The flow of "information" in a large scale to support instantaneous "decision- making ability" is
for the "external enterprise.“

• Due to the interconnected features of information and communication technologies, security

overall can only be fully promoted when the users have full awareness of the dangers.
 Contd..
• Given the promises and challenges in the extended enterprise scenario, organizations in the
community international have a special role in sharing information on good practices.

• International cooperation at the levels of government, industry, consumer, business and technical
groups to allow a global and coordinated approach to achieving global cybersecurity is the key.
 Contd..
• What are the major types of Incidents occurring in the computer environment?
The following are the major incidents occurs in the computer environment.
 Denial of Service attack
 Laptop theft
 Telecom fraud
 unauthorized access
 viruses
 financial fraud
 insider abuse
 sabotage
 theft or loss of information
instant messaging abuse
password sniffing
theft or loss of computer customer data.
 Contd..
• Spamming:
• People who create electronic Spam are called spammers.

• Spam is the abuse of electronic messaging systems (including most broadcast media, digital delivery
systems) to send unsolicited bulk messages indiscriminately.

• Although the most widely recognized form of Spam is E-Mail Spam, the term is applied to similar
abuses in other media:

o Instant messaging Spam,

o Usenet newsgroup Spam,

o Web search engine Spam.

o Spam in blogs,

o Wiki Spam,
 Contd..
o Online classified ads Spam,

o Mobile phone messaging Spam

o Social networking Spam, file sharing network Spam,

o Video sharing sites, etc.

• Those who continually attempt to subvert or spam the search engine may be permanently excluded
from search index.
 Contd..
• The web publishing techniques to be avoided in search engine spam.
1. Repeating keywords
2. use of keywords that do not relate to the content on the site
3. use of fast meta refresh:
4. redirection
5. IP Cloaking use of colored text on the same color background:
6. tiny text usage:
7. tiny text messages
8. duplication of pages with different U'RLs:
9. hidden links:
10. use of different pages that bridge to the same URL (gateway pages)