Learning Objectives

After reading this chapter, the learner shall be able to:

−       Classify various types of cyber crimes

−       Know the reasons for Commission of Cyber Crimes

−       Define various types of Malware and its types

−       Explain various kinds of cyber crime

Introduction
The internet was born around 1960’s where its access was limited to few scientist, researchers
and the defense only. Internet user base have evolved exponentiation. Initially the computer
crime was only confined to making a physical damage to the computer and related infrastructure.
Around 1980’s the trend changed from causing the physical damaging to computers to making a
computer malfunction using a malicious code called virus. Till then the effect was not so
widespread because internet was only confined to defence setups, large international companies
and research communities. In 1996, when internet was launched for the public, it immediately
became popular among the masses and they slowly became dependent on it to an extent that it
have changed their lifestyle. The GUIs were written so well that the user don’t have to bother
how the internet was functioning. They have to simply make few click over the hyper links or
type the desired information at the desired place without bothering where this data is stored and
how it is sent over the internet or whether the data can accessed by another person who is
connected to the internet or whether the data packet sent over the internet can be snoofed and
tempered. The focus of the computer crime shifted from merely damaging the computer or
destroying or manipulating data for personal benefit to financial crime. These computer attacks
are increasing at a rapid pace. Every second around 25 computer became victim to cyber attack
and around 800 million individuals are effected by it till 2013. CERT-India have reported around
308371 Indian websites to be hacked between 2011-2013. It is also estimated that around $160
million are lost per year due to cyber crime. This figure is very conservative as most of the cases
are never reported. 

According to the 2013-14 report of the standing committee on Information Technology to the
15th Lok Sabha by ministry of communication and information technology, India is a third
largest number do Internet users throughout the world with an estimated 100 million internet
users as on June, 2011 and the numbers are growing rapidly. There are around 22 million
broadband connections in India till date operated by around 134 major Internet Service
Providers(ISPs).

Before discussing the matter further, let us know what the cyber crime is?
The term cyber crime is used to describe a unlawful activity in which computer or computing
devices such as smartphones, tablets, Personal Digital Assistants(PDAs),  etc. which are stand
alone or a part of a network are used as a tool or/and target of criminal activity. It is often
committed by the people of destructive and criminal mindset either for revenge, greed or
adventure.

Classification of Cyber Crimes

The cyber criminal could be internal or external to the organization facing the cyber attack.
Based on this fact, the cyber crime could be categorized into two types:

Insider Attack: An attack to the network or the computer system by some person with authorized
system access is known as insider attack. It is generally performed by dissatisfied or unhappy
inside employees or contractors. The motive of the insider attack could be revenge or greed. It is
comparatively easy for an insider to perform a cyber attack as he is well aware of the policies,
processes, IT architecture and weakness of the security system. Moreover, the attacker have an
access to the network.  Therefore it is comparatively easy for a  insider attacker to steel sensitive
information, crash the network, etc. In most of the cases the reason for insider attack is when a
employee is fired or assigned new roles in an organization, and the role is not reflected in the IT
policies. This opens a venerability window for the attacker. The insider attack could be prevented
by planning and installing an Internal intrusion detection systems (IDS) in the organization.

External Attack: When the attacker is either hired by an insider or an external entity to the
organization, it is known as external attack. The organization which is a victim of  cyber attack
not only faces financial loss but also the loss of reputation.  Since the attacker is external to the
organization, so these attackers usually scan and gathering information.An experienced
network/security administrator keeps regular eye on the log generated by the firewalls as external
attacks can be traced out by carefully analyzing these firewall logs. Also, Intrusion Detection
Systems are installed to keep an eye on external attacks.
Th
cyber attacks can also be classified as structure attacks and unstructured attacks based on the
level of maturity of the attacker. Some of the authors have classified these attacks as a form of
external attacks but there is precedence of the cases when a structured attack was performed by
an internal employee. This happens in the case when the competitor company wants the future
strategy of an organization on certain points. The attacker may strategically gain access to the
company as an employee and access the required information.

Unstructured attacks: These attacks are generally performed by armatures who don’t have any
predefined motives to perform the cyber attack. Usually these armatures try to test a tool readily
available over the internet on the network of a random company.

Structure Attack: These types of attacks are performed by highly skilled and experienced people
and the motives of these attacks are clear in their mind. They have access to sophisticated tools
and technologies to gain access to other networks without being noticed by their Intrusion
Detection Systems(IDSs). Moreover, these attacker have the necessary expertise to develop or
modify the existing tools to satisfy their purpose. These types of attacks are usually performed by
professional criminals, by a country on other rival countries, politicians to damage the image of
the rival person or the country, terrorists, rival companies, etc.

Cyber crimes have turned out to be a low-investment, low-risk business with  huge returns. Now-
a-days these structured crimes are performed are highly organized. There is a perfect hierarchical
organizational setup like formal organizations and some of them have reached a level in
technical capabilities at par with those of developed nation.   They are targeting large financial
organizations, defence and nuclear establishments and they are also into online drugs trading.
                                                                               Hierarchical Organisational Structure

The role of all the people in the hierarchy remain changing and it is based on the opportunity. If a
hacker who have hacked sensitive data from an organization may use it for financially exploiting
the organisation himself. In case, the hacker himself have the technical expertise for it, he will do
it himself, otherwise he may find a buyer who is interested in that data and have the technical
expertise. There are some cyber criminals offers on-demand and service.  The person,
organization or a country may contact these cyber criminals for hacking an organization to gain
access to some sensitive data , or create massive denial-of –service attack on their competitors.
Based on the demand of the customer the hackers write malware, virus, etc to suit their
requirements. An organization effected by a cyber attack, not only faces financial loss, but its
reputation is also adversely affected, and the competitor organization will defiantly benefited by
it.