UNIT – I

Introduction to Cyber Security

Basic Cyber Security Concepts:

What is Cyber Security?
Cyber security consists of technologies, processes and controls designed to
protect systems, networks, programs, devices and data from cyber-attacks.
(or)
Cyber security is the practice of defending computers, servers, mobile devices,
electronic systems, networks, and data from malicious attacks. It’s also known
as information technology security or electronic information security.
Note: August Kerckhoffs, a linguist and German professor at HEC, wrote an
essay in the Journal of Military Science in February 1883. Kerckhoff had
unwittingly established the foundations for contemporary encryption, earning
him the title of “Father of Computer Security.”

The term applies in a variety of contexts, from business to mobile computing,

and can be divided into a few common categories.
 Network security is the practice of securing a computer network from
intruders, whether targeted attackers or opportunistic malware.
 Application security focuses on keeping software and devices free of
threats. A compromised application could provide access to the data its
designed to protect. Successful security begins in the design stage, well
before a program or device is deployed.
  Information security protects the integrity and privacy of data, both in
storage and in transit.
 Operational security includes the processes and decisions for handling
and protecting data assets. The permissions users have when accessing a
network and the procedures that determine how and where data may be
stored or shared all fall under this umbrella.
 Disaster recovery and business continuity define how an organization
responds to a cyber-security incident or any other event that causes the
loss of operations or data. Disaster recovery policies dictate how the
organization restores its operations and information to return to the same
operating capacity as before the event. Business continuity is the plan the
organization falls back on while trying to operate without certain
resources.
 End-user education addresses the most unpredictable cyber-security
factor: people. Anyone can accidentally introduce a virus to an otherwise
secure system by failing to follow good security practices. Teaching users
to delete suspicious email attachments, not plug in unidentified USB
drives, and various other important lessons is vital for the security of any
organization.
Note: August Kerckhoffs, a linguist and German professor at HEC, wrote an
essay in the Journal of Military Science in February 1883. Kerckhoff had
unwittingly established the foundations for contemporary encryption, earning
him the title of “Father of Computer Security.”
The importance and challenges of Cyber Security:
Cyber security is vital in any organization, no matter how big or small the
organization is, due to increasing technology and increasing software across
various sectors like government, education, hospitals, etc., the information is
becoming digital through wireless communication networks.
The importance of cyber security is to secure our data of various organizations
like email, yahoo, etc., which have extremely sensitive information that can
cause damage to both us and our reputation. Attackers target small and large
companies and obtain their essential documents and information.
There are a few reasons why it is important, which are as follows:
 Cyber Crime is on rising – There are 4000 roughly cyber-attacks every
day. One of the reasons cybercrimes is increasing is because it is cheap,
fast, and highly profitable compared to other types of crime, which is why
cybercriminals are headed.
  Damage is significant – Cybercrime can cost organizations can cause
millions of dollars in damage. But it is not just about financial costs; it
can also damage reputations. Their ability to do business sometimes even
compromises the physical safety and health of employees, patients,
customers, and others.
 Cybersecurity builds trust – Cybersecurity affects trust with customers
and employees. When people feel that their information is not being
properly secured and kept private, they lose trust in the brand, product,
and services.
 Our identities protect our data – User identity now protects billions of
points of data. This is the data we are transmitting at work data from the
internet of things, devices or a coffee maker or the printers we use, and
our personal information as more of our data is becoming digitized.
Security of these identities helps reduce the risk of cybercrime to
organizations and individuals alike.
 Every organization has vulnerabilities – As organizations evolve,
merge, and grow over time, their networks and systems become more
complicated, and things may slip through the cracks. Additionally, end-
users can often be the weakest link in an organization’s security,
requiring the organizations to put robust security and compliance
protection in place. We should all care about cybersecurity.
Types of cyber threats:
The threats countered by cyber-security are three-fold:
1. Cybercrime includes single actors or groups targeting systems for
financial gain or to cause disruption.
2. Cyber-attack often involves politically motivated information gathering.
3. Cyberterrorism is intended to undermine electronic systems to cause
panic or fear.
So, how do malicious actors gain control of computer systems? Here are some
common methods used to threaten cyber-security:
1. Malware attack
2. SQL injection attack
3. Phishing attack
4. Man-in-the-middle (MITM) attack
5. Denial-of-service (DOS) attack
Malware attack
Malware means malicious software. One of the most common cyber threats,
malware is software that a cybercriminal or hacker has created to disrupt or
damage a legitimate user’s computer. Often spread via an unsolicited email
attachment or legitimate-looking download, malware may be used by
cybercriminals to make money or in politically motivated cyber-attacks.
There are a number of different types of malwares, including:
 Virus: A self-replicating program that attaches itself to clean file and
spreads throughout a computer system, infecting files with malicious
code.
 Trojans: A type of malware that is disguised as legitimate software.
Cybercriminals trick users into uploading Trojans onto their computer
where they cause damage or collect data.
 Spyware: A program that secretly records what a user does, so that
cybercriminals can make use of this information. For example, spyware
could capture credit card details.
 Ransomware: Malware which locks down a user’s files and data, with
the threat of erasing it unless a ransom is paid.
 Adware: Advertising software which can be used to spread malware.
 Botnets: Networks of malware infected computers which cybercriminals
use to perform tasks online without the user’s permission.
SQL injection attack
An SQL (Structured Query Language) injection is a type of cyber-attack used to
take control of and steal data from a database. Cybercriminals exploit
vulnerabilities in data-driven applications to insert malicious code into a
databased via a malicious SQL statement. This gives them access to the
sensitive information contained in the database.
Phishing attack
Phishing is when cybercriminals target victims with emails that appear to be
from a legitimate company asking for sensitive information. Phishing attacks
are often used to dupe people into handing over credit card data and other
personal information.
Man-in-the-middle attack
A man-in-the-middle attack is a type of cyber threat where a cybercriminal
intercepts communication between two individuals in order to steal data. For
example, on an unsecure Wi-Fi network, an attacker could intercept data being
passed from the victim’s device and the network.
Denial-of-service attack
A denial-of-service attack is where cybercriminals prevent a computer system
from fulfilling legitimate requests by overwhelming the networks and servers
with traffic. This renders the system unusable, preventing an organization from
carrying out vital functions.
Latest cyber-attacks in India:
Air India data breach highlights third-party risk
Date: May 2021
Impact: personal data of 4.5 million passengers worldwide
Details: A cyberattack on systems at airline data service provider SITA resulted
in the leaking of personal data of passengers of Air India. The leaked data was
collected between August 2011 and February 2021, when SITA informed the
airline. Passengers didn't hear about it until March, and had to wait until May to
learn full details of what had happened. The cyber-attack on SITA’s passenger
service system also affected Singapore Airlines, Lufthansa, Malaysia Airlines
and Cathay Pacific.
CAT burglar strikes again: 190,000 applicants’ details leaked to dark web
Date: May 2021
Impact: 190,000 CAT applicants’ personal details
Details: The personally identifiable information (PII) and test results of 190,000
candidates for the 2020 Common Admission Test, used to select applicants to
the Indian Institutes of Management (IIMs), were leaked and put up for sale on
a cybercrime forum. Names, dates of birth, email IDs, mobile numbers, address
information, candidates’ 10th and 12th grade results, details of their bachelor’s
degrees, and their CAT percentile scores were all revealed in the leaked
database.
The data came from the CAT examination conducted on 29 November 2020 but
according to security intelligence firm CloudSEK, the same thread actor also
leaked the 2019 CAT examination database.
Hacker delivers 180 million Domino’s India pizza orders to dark web
Date: April 2021
Impact: 1 million credit card records and 180 million pizza preferences
Details: 180 million Domino’s India pizza orders are up for sale on the dark
web, according to Alon Gal, CTO of cyber intelligence firm Hudson Rock.
Gal found someone asking for 10 bitcoin (roughly $535,000 or ₹4 crore) for
13TB of data that they said included 1 million credit card records and details of
180 million Dominos India pizza orders, topped with customers’ names, phone
numbers, and email addresses. Gal shared a screenshot showing that the hacker
also claimed to have details of the Domino’s India’s 250 employees, including
their Outlook mail archives dating back to 2015.
Jubilant Food Works, the parent company of Domino’s India, told IANS that it
had experienced an information security incident, but denied that its customers’
financial information was compromised, as it does not store credit card details.
The company website shows that it uses a third-party payment gateway,
PayTM.
Trading platform Upstox resets passwords after breach report
Date: April 2021
Impact: All Upstox customers had their passwords reset
Details: Indian trading platform Upstox has openly acknowledged a breach of
know-your-customer (KYC) data. Gathered by financial services companies to
confirm the identity of their customers and prevent fraud or money laundering,
KYC data can also be used by hackers to commit identity theft.
On April 11, Upstox told customers it would reset their passwords and take
other precautions after it received emails warning that contact data and KYC
details held in a third-party data warehouse may have been compromised.
Upstox apologized to customers for the inconvenience, and sought to reassure
them it had reported the incident to the relevant authorities, enhanced security
and boosted its bug bounty program to encourage ethical hackers to stress-test
its systems.
Police exam database with information on 500,000 candidates goes up for
sale
Date: February 2021
Impact: 500,000 Indian police personnel
Details: Personally identifiable information of 500,000 Indian police personnel
was put up for sale on a database sharing forum. Threat intelligence firm
CloudSEK traced the data back to a police exam conducted on 22 December,
2019.
The seller shared a sample of the data dump with the information of 10,000
exam candidates with CloudSEK. The information shared by the company
shows that the leaked information contained full names, mobile numbers, email
IDs, dates of birth, FIR records and criminal history of the exam candidates.
Further analysis revealed that a majority of the leaked data belonged to
candidates from Bihar. The threat-intel firm was also able to confirm the
authenticity of the breach by matching mobile numbers with candidates’ names.
This is the second instance of army or police workforce data being leaked
online this year. In February, hackers isolated the information of army
personnel in Jammu and Kashmir and posted that database on a public website.
COVID-19 test results of Indian patients leaked online
Date: January 2021
Impact: At least 1500 Indian citizens (real-time number estimated to be higher)
Details: COVID-19 lab test results of thousands of Indian patients have been
leaked online by government websites.
What’s particularly worrisome is that the leaked data hasn’t been put up for sale
in dark web forums, but is publicly accessible owing to Google indexing
COVID-19 lab test reports.
First reported by BleepingComputer, the leaked PDF reports that showed up on
Google were hosted on government agencies’ websites that typically use
*.gov.in and *.nic.in domains. The agencies in question were found to be
located in New Delhi.
The leaked information included patients’ full names, dates of birth, testing
dates and centers in which the tests were held. Furthermore, the URL (Uniform
Resource Locator) structures indicated that the reports were hosted on the same
CMS system that government entities typically use for posting publicly
accessible documents.
Niamh Muldoon, senior director of trust and security at OneLogin said: “What
we are seeing here is a failure to educate and enable employees to make
informed decisions on how to design, build, test and access software and
platforms that process and store sensitive information such as patient records.”
He added that the government ought to take quick measures to reduce the risk of
a similar breach from reoccurring and invest in a comprehensive information
security program in partnership with trusted security platform providers.
User data from Juspay for sale on dark web
Date: January 2021
Impact: 35 million user accounts
Details: Details of close to 35 million customer accounts, including masked
card data and card fingerprints, were taken from a server using an unrecycled
access key, Juspay revealed in early January. The theft took place last August, it
said.
The user data is up for sale on the dark web for around $5000, according to
independent cybersecurity researcher Rajshekhar Rajaharia.
BigBasket user data for sale online
Date: October 2020
Impact: 20 million user accounts
Details: User data from online grocery platform BigBasket is for sale in an
online cybercrime market, according to Atlanta-based cyber intelligence firm
Cyble.
Part of a database containing the personal information of close to 20 million
users was available with a price tag of 3 million rupees ($40,000), Cyble said on
November 7.
The data comprised names, email IDs, password hashes, PINs, mobile numbers,
addresses, dates of birth, locations, and IP addresses. Cyble said it found the
data on October 30, and after comparing it with BigBasket users’ information to
validate it, reported the apparent breach to BigBasket on November 1.
Unacademy learns lesson about security
Date: May 2020
Impact: 22 million user accounts
Details: Edutech startup Unacademy disclosed a data breach that compromised
the accounts of 22 million users. Cybersecurity firm Cyble revealed that
usernames, emails addresses and passwords were put up for sale on the dark
web.
Founded in 2015, Unacademy is backed by investors including Facebook,
Sequoia India and Blume Ventures.
Hackers steal healthcare records of 6.8 million Indian citizens
Date: August 2019
Impact: 68 lakh patient and doctor records
Details: Enterprise security firm FireEye revealed that hackers have stolen
information about 68 lakh patients and doctors from a health care website based
in India. FireEye said the hack was perpetrated by a Chinese hacker group
called Fallensky519.
Furthermore, it was revealed that healthcare records were being sold on the dark
web – several being available for under USD 2000.
Local search provider JustDial exposes data of 10 crore users
Date: April 2019
Impact: personal data of 10 crore users released
Details: Local search service JustDial faced a data breach on Wednesday, with
data of more than 100 million users made publicly available, including their
names, email ids, mobile numbers, gender, date of birth and addresses, an
independent security researcher said in a Facebook post.
SBI data breach leaks account details of millions of customers
Date: January 2019
Impact: three million text messages sent to customers divulged
Details: An anonymous security researcher revealed that the country’s largest
bank, State Bank of India, left a server unprotected by failing to secure it with a
password.
The vulnerability was revealed to originate from ‘SBI Quick’ – a free service
that provided customers with their account balance and recent transactions over
SMS. Close to three million text messages were sent out to customers.
End-user protection:
End-user protection or endpoint security is a crucial aspect of cyber security.
After all, it is often an individual (the end-user) who accidentally uploads
malware or another form of cyber threat to their desktop, laptop or mobile
device.
So, how do cyber-security measures protect end users and systems? First, cyber-
security relies on cryptographic protocols to encrypt emails, files, and other
critical data. This not only protects information in transit, but also guards
against loss or theft.
In addition, end-user security software scans computers for pieces of malicious
code, quarantines this code, and then removes it from the machine. Security
programs can even detect and remove malicious code hidden in Master Boot
Record (MBR) and are designed to encrypt or wipe data from computer’s hard
drive.
Electronic security protocols also focus on real-time malware detection. Many
uses heuristic and behavioral analysis to monitor the behavior of a program and
its code to defend against viruses or Trojans that change their shape with each
execution (polymorphic and metamorphic malware). Security programs can
confine potentially malicious programs to a virtual bubble separate from a user's
network to analyze their behavior and learn how to better detect new infections.
Security programs continue to evolve new defenses as cyber-security
professionals identify new threats and new ways to combat them. To make the
most of end-user security software, employees need to be educated about how
to use it. Crucially, keeping it running and updating it frequently ensures that it
can protect users against the latest cyber threats.
Cyber safety tips - protect yourself against cyberattacks
How can businesses and individuals guard against cyber threats? Here are our
top cyber safety tips:
1. Update your software and operating system (OS): This means you
benefit from the latest security patches.
2. Use anti-virus software: Security solutions like Kaspersky Total
Security will detect and removes threats. Keep your software updated for
the best level of protection.
 3. Use strong passwords: Ensure your passwords are not easily guessable.
4. Do not open email attachments from unknown senders: These could
be infected with malware.
5. Do not click on links in emails from unknown senders or unfamiliar
websites: This is a common way that malware is spread.
6. Avoid using unsecure Wi-Fi networks in public places: Unsecure
networks leave you vulnerable to man-in-the-middle attacks.
Layers of Security
Cybersecurity shouldn’t be a single piece of technology that improves security.
Rather, it should be a layered approach with multiple facets to ensure
comprehensive protection.
It’s important to understand what a layered approach consists of. Generally,
there are 7 layers of cybersecurity to consider. Below, we explore what these
are and why they are important.

1. Mission-Critical Assets
This is data that is absolutely critical to protect. Whether businesses would like
to admit it or not, they face malicious forces daily. The question is how are
leaders dealing with this type of protection? And what measures have they put
in place to guard against breaches?
An example of mission-critical assets in the Healthcare industry is Electronic
Medical Record (EMR) software. In the financial sector, its customer’s financial
records.
2. Data Security
Data security is when there are security controls put in place to protect both the
transfer and the storage of data. There has to be a backup security measure in
place to prevent the loss of data, this will also require the use of encryption and
archiving.
Data security is an important focus for all businesses as a breach of data can
have dire consequences.
3. Application Security
This involves the security features that control access to an application and that
application’s access to your assets. It also includes the internal security of the
app itself.
Most of the time, applications are designed with security measures that continue
to provide protection when the app is in use.
4. Endpoint Security
This layer of security makes sure that the endpoints of user devices are not
exploited by breaches. This includes the protection of mobile devices, desktops,
and laptops.
Endpoint security systems enable protection either on a network or in the cloud
depending on the needs of a business.
5. Network Security
This is where security controls are put in place to protect the business’s
network. The goal is to prevent unauthorized access to the network.
It is crucial to regularly update all systems on the business network with the
necessary security patches, including encryption. It’s always best to disable
unused interfaces to further guard against any threats.
6. Perimeter Security
This security layer ensures that both the physical and digital security methods
protect a business as a whole. It includes things like firewalls that protect the
business network against external forces.
7. The Human Layer
Despite being known as the weakest link in the security chain, the human layer
is a very necessary layer. It incorporates management controls and phishing
simulations as an example.
These human management controls aim to protect that which is most critical to
a business in terms of security. This includes the very real threat that humans,
cyber attackers, and malicious users pose to a business.
Vulnerabilities:
Vulnerabilities simply refer to weaknesses in a system. They make threat
outcomes possible and potentially even more dangerous. A system could be
exploited through a single vulnerability, for example, a single SQL Injection
attack could give an attacker full control over sensitive data. An attacker could
also chain several exploits together, taking advantage of more than one
vulnerability to gain more control.
Below are some examples of vulnerability:
 A weakness in a firewall that can lead to malicious hackers getting into a
computer network
 Lack of security cameras
 Unlocked doors at businesses
Note1: Firewall
 A firewall is a network security device that monitors incoming and
outgoing network traffic and decides whether to allow or block specific
traffic based on a defined set of security rules.
 Firewalls have been a first line of defense in network security for over 25
years. They establish a barrier between secured and controlled internal
networks that can be trusted and untrusted outside networks, such as the
Internet.
 A firewall can be hardware, software, or both.
Note2: VPN
 A virtual private network, or VPN, is an encrypted connection over the
Internet from a device to a network. The encrypted connection helps
ensure that sensitive data is safely transmitted.
 It prevents unauthorized people from eavesdropping on the traffic and
allows the user to conduct work remotely.
  VPN technology is widely used in corporate environments.
Threats and Harmful Acts:
Cyber threats, or simply threats, refer to cybersecurity circumstances or events
with the potential to cause harm by way of their outcome. A few examples of
common threats include a social-engineering or phishing attack that leads to an
attacker installing a trojan and stealing private information from your
applications, DoS-Ing your website, an administrator accidentally leaving data
unprotected on a production system causing a data breach, or a storm flooding
your ISP’s data center.
Cybersecurity threats are actualized by threat actors. Threat actors usually refer
to persons or entities who may potentially initiate a threat. While natural
disasters, as well as other environmental and political events, do constitute
threats, they are not generally regarded as being threat actors (this does not
mean that such threats should be disregarded or given less importance).
Examples of common threat actors include financially motivated criminals
(cybercriminals), politically motivated activists (hacktivists), competitors,
careless employees, disgruntled employees, and nation-state attackers.
Cyber threats can also become more dangerous if threat actors leverage one or
more vulnerabilities to gain access to a system, often including the operating
system.
Internet Governance – Challenges and Constraints:
Internet Governance:
Internet governance refers to the rules, policies, standards and practices that
coordinate and shape global cyberspace.
The Internet is a vast network of independently-managed networks, woven
together by globally standardized data communication protocols (primarily,
Internet Protocol, TCP, UDP, DNS and BGP). The common adoption and use of
these protocols unified the world of information and communications like never
before. Millions of digital devices and massive amounts of data, software
applications, and electronic services became compatible and interoperable. The
Internet created a new environment, a complex and dynamic “cyberspace.”
While Internet connectivity generated innovative new services, capabilities and
unprecedented forms of sharing and cooperation, it also created new forms of
crime, abuse, surveillance and social conflict. Internet governance is the process
whereby cyberspace participants resolve conflicts over these problems and
develop a workable order.
The term “Internet governance” first started to be used in connection with the
governance of Internet identifiers such as domain names and IP addresses,
which led to the formation of ICANN (Internet Corporation for Assigned Names
and Numbers). Since then, the economic, political, social and military
implications of Internet governance have expanded to embrace a number of
other areas of policy:
Constraints of Internet Governance:
a. Cybersecurity: Cybersecurity is the practice of protecting systems,
networks, and programs from digital attacks. These cyberattacks are
usually aimed at accessing, changing, or destroying sensitive
information; extorting money from users; or interrupting normal business
processes.
b. Digital Trade: Digital trade is a broad concept, capturing not just the
sale of consumer products on the Internet and the supply of online
services, but also data flows that enable global value chains, services that
enable smart manufacturing, and myriad other platforms and
applications.
c. Free Expression Online: Freedom of expression includes the right to
access information, which in the case of journalists could mean being
granted access in a public institution, including courts, or to a public
document, including data of secret services.
d. Privacy & Surveillance:
privacy is the right to be let alone, or freedom from interference or
intrusion. Information privacy is the right to have some control over how
your personal information is collected and used.
Surveillance is the careful watching of a person or place, especially by
the police or army, because of a crime that has happened or is expected.
e. Internet of Things: The Internet of things describes physical objects
with sensors, processing ability, software, and other technologies that
connect and exchange data with other devices and systems over the
Internet or other communications networks.
f. IG Institutions: Internet Governance Institute (IGI) is an initiative
established for strengthening Internet Governance at the grass-root level
through research, capacity building, awareness, debates and policy
intervention across the Asia Pacific. IGI believes in collaboration and
operates through the participation of IG related institutions.
 The main objective of IGI is to contribute to strengthening grass root
level stakeholders through research, capacity building, awareness,
debates, and policy intervention.
Major objectives of IGI are as follows:
 Research and development on Internet Governance issues,
 Conduct short and long academic and non-academic online and
offline course on Internet Governance,
 Conduct lectures, symposia, international meetings, conferences,
and workshops on Internet Governance,
 Exchange of researchers and students working in the area of
Internet Governance,
 Do advocacy and promotional activities on Internet Governance
related issues and others,
 Design, develop, distribution and sales of digital and nondigital
content on Internet Governance issues,
g. Internet Identifiers: Internet identifiers means an electronic mail
address, instant message address or identifier, or any other designation or
moniker used for self-identification during internet communication or
posting, including all designations used for the purpose of routing or
self-identification in internet communications or postings.
h. Geopolitics of IG: Geopolitics is the study of the effects of Earth's
geography on politics and international relations. Geopolitical examples
may include trade agreements, war treaties, border or territorial
acknowledgements, climate agreements, and more. Two recent examples
are NAFTA and the Kyoto protocol
Challenges of Internet Governance:
a. Censorship of Internet: Internet censorship is the control or suppression
of what can be accessed, published, or viewed on the Internet enacted by
regulators, or on their own initiative. Internet censorship puts restrictions
on what information can be put on the internet or not.
b. Anonymity and Attribution Challenges:
Anonymity is when nobody knows who you are but potentially, they
know what you are doing.
Attribution is the process of tracking, identifying and laying blame on
the perpetrator of a cyberattack or other hacking exploit.
c. Applicability of Existing Laws of Warfare to Cyberspace:
Applicability of Laws means all applicable provisions of constitutions,
laws, statutes, ordinances, rules, treaties, regulations, permits, licenses,
 approvals, interpretations and orders of courts or Governmental
Authorities and all orders and decrees of all courts and arbitrators of
Warfare to Cyberspace.
d. Spillover of Cyber-attacks: Cyber- conflict terminology spillover means
when cyber conflicts seep and bleed into traditional arena of militarized
and foreign policy conflict.
e. Intellectual Property Protection:
Intellectual Property Protection is protection for inventions, literary and
artistic works, symbols, names, and images created by the mind.
Ex: Patents, Trademarks, Trade Secrets, and Copyrights.
Computer Criminals or Cyber Criminals:
Cybercriminals are individuals or teams of people who use technology to
commit malicious activities on digital systems or networks with the intention of
stealing sensitive company information or personal data, and generating profit.
Types of Cyber Criminals:
1. Hackers: The term hacker may refer to anyone with technical skills,
however, it typically refers to an individual who uses his or her skills to achieve
unauthorized access to systems or networks so as to commit crimes. The intent
of the burglary determines the classification of those attackers as white, grey, or
black hats. White hat attackers burgled networks or PC systems to get
weaknesses so as to boost the protection of those systems. The owners of the
system offer permission to perform the burglary, and they receive the results of
the take a look at. On the opposite hand, black hat attackers make the most of
any vulnerability for embezzled personal, monetary or political gain. Grey hat
attackers are somewhere between white and black hat attackers. Grey hat
attackers could notice a vulnerability and report it to the owners of the system if
that action coincides with their agenda.
(a) White Hat Hackers – These hackers utilize their programming aptitudes for
a good and lawful reason. These hackers may perform network penetration tests
in an attempt to compromise networks to discover network vulnerabilities.
Security vulnerabilities are then reported to developers to fix them.
(b) Gray Hat Hackers – These hackers carry out violations and do seemingly
deceptive things however not for individual addition or to cause harm. These
hackers may disclose a vulnerability to the affected organization after having
compromised their network.
(c) Black Hat Hackers – These hackers are unethical criminals who violate
network security for personal gain. They misuse vulnerabilities to bargain PC
frameworks.
2. Internet Stalkers: Internet stalkers are people who maliciously monitor the
web activity of their victims to acquire personal data. This type of cybercrime is
conducted through the use of social networking platforms and malware, that are
able to track an individual’s PC activity with little or no detection.
3. Disgruntled Employees: Disgruntled employees become hackers with a
particular motive and also commit cybercrimes. It is hard to believe that
dissatisfied employees can become such malicious hackers. In the previous
time, they had the only option of going on strike against employers. But with
the advancement of technology there is increased in work on computers and the
automation of processes, it is simple for disgruntled employees to do more
damage to their employers and organization by committing cybercrimes. The
attacks by such employees brings the entire system down.
4. Phishing Scammers: Phishers are cyber criminals who attempt to get ahold
of personal or sensitive information through victims’ computers. This is often
done via phishing websites that are designed to copycat small-business,
corporate or government websites. Unsuspecting computer users often fall prey
to such activities by unknowingly providing personal information including
home addresses, social security numbers, and even bank passwords. Once such
information is obtained, phishers either use the information themselves for
identity fraud scams or sell it in the dark web. It’s important for businesses to
constantly be aware of phishing scams, particularly scams that may be trying to
copycat their own business site. Such sites can tarnish the company’s reputation
and brand, which could potentially lead to a decrease in earnings.
CIA Triad:
Confidentiality, Integrity and Availability, also known as the CIA triad, is a
model designed to guide policies for information security within an
organization.
The model is also sometimes referred to as the AIC triad (Availability, Integrity
and Confidentiality) to avoid confusion with the Central Intelligence Agency.
The CIA Triad is actually a security model that has been developed to help
people think about various parts of IT security.
Confidentiality:
It's crucial in today's world for people to protect their sensitive, private
information from unauthorized access.
Protecting confidentiality is dependent on being able to define and enforce
certain access levels for information.
In some cases, doing this involves separating information into various
collections that are organized by who needs access to the information and how
sensitive that information actually is - i.e., the amount of damage suffered if the
confidentiality was breached.
Some of the most common means used to manage confidentiality include access
control lists, volume and file encryption, and Unix file permissions.
Integrity:
Data integrity is what the "I" in CIA Triad stands for. This is an essential
component of the CIA Triad and designed to protect data from deletion or
modification from any unauthorized party, and it ensures that when an
authorized person makes a change that should not have been made the damage
can be reversed.
Availability:
This is the final component of the CIA Triad and refers to the actual availability
of your data. Authentication mechanisms, access channels and systems all have
to work properly for the information they protect and ensure it's available when
it is needed.
High availability systems are the computing resources that have architectures
that are specifically designed to improve availability.
Based on the specific HA system design, this may target hardware failures,
upgrades or power outages to help improve availability, or it may manage
several network connections to route around various network outages.
Understanding the CIA triad:
Chances are you have noticed a trend here - the CIA Triad is all about
information. While this is considered the core factor of the majority of IT
security, it promotes a limited view of the security that ignores other important
factors.
For example, even though availability may serve to make sure you don't lose
access to resources needed to provide information when it is needed, thinking
about information security in itself doesn't guarantee that someone else hasn't
used your hardware resources without authorization.
It's important to understand what the CIA Triad is, how it is used to plan and
also to implement a quality security policy while understanding the various
principles behind it.
It's also important to understand the limitations it presents. When you are
informed, you can utilize the CIA Triad for what it has to offer and avoid the
consequences that may come along by not understanding it.
Assets and Threat:
Asset:
An asset is any data, device or other component of an organization’s systems
that is valuable – often because it contains sensitive data or can be used to
access such information.
For example, an employee’s desktop computer, laptop or company phone would
be considered an asset, as would applications on those devices. Likewise,
critical infrastructure, such as servers and support systems, are assets.
An organization’s most common assets are information assets. These are things
such as databases and physical files – i.e., the sensitive data that you store.
Threat:
A threat is any incident that could negatively affect an asset – for example, if
it’s lost, knocked offline or accessed by an unauthorized party.
Threats can be categorized as circumstances that compromise the
confidentiality, integrity or availability of an asset, and can either be intentional
or accidental.
Intentional threats include things such as criminal hacking or a malicious insider
stealing information, whereas accidental threats generally involve employee
error, a technical malfunction or an event that causes physical damage, such as a
fire or natural disaster.
Motive of Attackers:
Every hacker has a different motive for doing cybercrime. These are some of
the known reasons behind cybercrime.
1. Financial Gain:
Most of the hacker’s primary motivation is Financial Gain. They are using a
variety of methods to do the crime.
Hackers use phishing attacks to collect credit card or debit card details, banking
account login details, etc. Once they gain credentials, they login into your
account and transfer the money to their account. They also use attacks like
Ransomware on the entire organization for money.
Some of the hackers use fake social media profiles to trap people and may
collect money from them.
2. Insider Threats:
The threat has occurred directly or indirectly by the person who is working in an
organization with access to critical information. He may sell details to other
organizations for personal gain or to damage the company’s reputation in
public.
Sometimes the threat has occurred due to his negligence in using exposed
passwords and easily guessable passwords for accounts. The attackers identify
these details and collect the required information.
3. Recognition & Popularity:
In general, every human has comitative nature. He feels happy when everyone
recognizes him. Hackers also do this activity for their recognition.
Example: The hacker hacks the girlfriend’s account to recognize his friend.
4. State-Sponsored Hackers:
These hackers are either white hat or black hat hackers who steal information
from foreign governments. Their targets are terrorists, foreign governments, and
corporations. They may work for their governments.
The Government provides funds to these hackers. These hackers themself treat
as legitimate because they work for their government.
5. Hacktivists:
Hacktivists are the hackers who protest the political and social ideas of
organizations and governments by posting articles, videos, leaking sensitive
information, and more.
Sometimes they do DDoS attacks to stop their website services. These types of
hackers come under the category of Gray Hat Hackers.
Example: The most famous Hacking Group is Anonymous. It fights for people
against governments and organizations. It works secretly.
Anonymous Hacking Group hacks governments’ sites and leaks sensitive
information and this group has a lot of fans.
In the Recent Ukraine War, hackers did a DDoS attack on Russia Government
Websites. Most sites are down due to this activity.
Example: 1. Cult of the Dead Cow 2. Anonymous 3. WikiLeaks etc.
6. Crackers:
Crackers are hackers who modify the programming in applications to use those
applications for free.
Some crackers crack the tools placed on websites like getintopc.com to earn
money with ads and some of the hackers insert malicious code in these cracks to
collect users’ information credit card links.
7. Pornography:
Some hackers did hack to produce pornography by hacking users’ phones &
Computers and collecting their personal information and blackmailing and
uploading their videos porn sites. etc.
Some stupid people did women trafficking by collecting their personal
information and blackmailing them.
8. Drugs:
Some Persons use their technical skills to do illegal activities like selling drugs
etc.
Most crimes have been done using the darknet. Darknet sites do not open by
using normal browsers. They are using separate browsers like TOR etc.
Active Attacks:
An active attack is a network exploit in which a hacker attempts to make
changes to data on the target or data enroute to the target.
There are several different types of active attacks. However, in all cases, the
threat actor takes some sort of action on the data in the system or the devices the
data resides on. Attackers may attempt to insert data into the system or change
or control data that is already in the system.
Types of active attacks:
Masquerade attack:
In a masquerade attack, the intruder pretends to be a particular user of a system
to gain access or to gain greater privileges than they are authorized for.
Masquerade attacks are conducted in several different ways, including the
following:
 using stolen login identifications (IDs) and passwords;
 finding security gaps in programs; and
 bypassing the authentication
An attempt may come from an employee inside an organization or from an
outside threat actor using a connection to the public network. Weak
authentication can provide a point of entry for a masquerade attack and make it
easy for an attacker to gain entry. If attackers successfully receive authorization
and enter the network, depending on their privilege level, they may be able to
modify or delete the organization's data. Or they may make changes to network
configuration and routing information.
For example, an outside attacker can use spoofed Internet Protocol (IP)
addresses to bypass the victim's firewall and gain access from an unauthorized
source. To do this, the attacker may use a network sniffer to capture IP packets
from the target machine. Another device is used to send a message to the
firewall with the forged IP address. The firewall then permits access to the
victim's machine.
Session hijacking attack:
A session hijacking attack is also called a session replay attack. In it, the
attacker takes advantage of a vulnerability in a network or computer system and
replays the session information of a previously authorized system or user. The
attacker steals an authorized user's session ID to get that user's login
information. The attacker can then use that information to impersonate the
authorized user.
A session hijacking attack commonly occurs over web applications and
software that use cookies for authentication. With the use of the session ID, the
attacker can access any site and any data that is available to the system or the
user being impersonated.
Message modification attack:
In a message modification attack, an intruder alters packet header addresses to
direct a message to a different destination or to modify the data on a target
machine. Message modification attacks are commonly email-based attacks. The
attacker takes advantage of security weaknesses in email protocols to inject
malicious content into the email message. The attacker may insert malicious
content into the message body or header fields.
DoS attack:
In a denial-of-service (DoS) attack, the attackers overwhelm the victim's
system, network or website with network traffic, making it difficult for
legitimate users to access those resources. Two ways a DoS attack can occur
include:
 Flooding: The attacker floods the target computer with internet traffic to
the point that the traffic overwhelms the target system. The target system
is unable to respond to any requests or process any data, making it
unavailable to legitimate users.
 Malformed data: Rather than overloading a system with requests, an
attacker may strategically send data that a victim's system cannot handle.
For example, a DoS attack could corrupt system memory, manipulate
fields in the network protocol packets or exploit servers.
DDoS attack:
In a Distributed Denial of Service (DDoS) exploit, large numbers of
compromised systems -- also referred to as a botnet or zombie army -- attack a
single target with a DoS attack.
A DDoS uses multiple devices and locations to launch requests and overwhelm
a victim's system in the same way a DoS attack does.
Passive Attacks:
Active attacks contrast with passive attacks, in which an unauthorized party
monitors networks and sometimes scans for open ports and vulnerabilities.
Passive attackers aim to collect information about the target; they don't steal or
change data. However, passive attacks are often part of the steps an attacker
takes in preparation for an active attack.
Types of passive attacks:
War driving:
This is a wireless network reconnaissance method that involves driving or
walking around with a laptop computer and portable Wi-Fi-enabled wireless
Ethernet card to find unsecured wireless networks. Once found, these attackers
use these networks to illegally access computers and steal confidential
information.
Dumpster diving:
This passive attack involves intruders searching for information on discarded
devices or for notes containing passwords in trash bins. For example, the
attacker can retrieve information from hard drives or other storage media that
have not been properly erased.
Software Attacks:
A software attack or cyber-attack is any attempt to gain unauthorized access to a
computer, computing system or computer network with the intent to cause
damage. Cyber-attacks aim to disable, disrupt, destroy or control computer
systems or to alter, block, delete, manipulate or steal the data held within these
systems.
Types of Software attacks or Cyber-attacks:
1. Malware attack
2. SQL injection attack
3. Phishing attack
4. Man-in-the-middle attack
5. Denial-of-service attack
6. Zero-day exploit
7. DNS Tunneling
8. Password attack
Note: First 5 attacks are already discussed in the methods of cyber security topic
Zero-day exploit
A zero-day (0day) exploit is a cyber-attack targeting a software vulnerability
which is unknown to the software vendor or to antivirus vendors. The attacker
spots the software vulnerability before any parties interested in mitigating it,
quickly creates an exploit, and uses it for an attack. Such attacks are highly
likely to succeed because defenses are not in place. This makes zero-day attacks
a severe security threat.
DNS Tunneling
DNS Tunneling is a method of cyber-attack that encodes the data of other
programs or protocols in DNS queries and responses. DNS tunneling often
includes data payloads that can be added to an attacked DNS server and used to
control a remote server and applications.
Typically, DNS tunneling requires the compromised system to have external
network connectivity, as DNS tunneling requires access to an internal DNS
server with network access. Hackers must also control a domain and a server
that can act as an authoritative server in order to execute the server-side
tunneling and data payload executable programs.
Note: DNS
 Domain name system, or DNS, is the protocol that translates human-
friendly URLs, such as paloaltonetworks.com, into machine-friendly IP
addresses, such as 199.167.52.137.
Password attack
Password attacks involve exploiting a broken authorization vulnerability in the
system combined with automatic password attack tools that speed up the
guessing and cracking of passwords.
The attacker uses various techniques to access and expose the credentials of a
legitimate user, assuming their identity and privileges. The username-password
combination is one of the oldest known account authentication techniques, so
adversaries have had time to craft multiple methods of obtaining guessable
passwords.
Additionally, applications that use passwords as the sole authentication factor
are vulnerable to password attacks since the vulnerabilities are well understood.
Brute-Force attack, Dictionary attack, and Keylogging are the examples of the
password attack.
Note:
Keystroke logging, often referred to as keylogging or keyboard capturing, is the
action of recording the keys struck on a keyboard, typically covertly, so that a
person using the keyboard is unaware that their actions are being monitored.
Data can then be retrieved by the person operating the logging program.
Hardware Attacks:
Hardware attacks are not as well-known as software attacks, but they are just as
dangerous. They involve directly exploiting interaction with a system's
electronic components. These sneak attacks are particularly effective against
connected objects.
Types of Hardware Attacks:
VMX - Virtual machine Extensions
Virtualizations offer 2 levels-
(a.) higher performance & more cost-effective Ex: Intel
(b.) greater isolation & higher costs Ex: IBMs
Most of us will use 'a.' vs 'b.' not knowing the underlying threats for the reduced
isolation.
Bluepill
A rootkit designed for x86 virtualization. It creates a thin hypervisor/VMM and
running the remaining machine virtually. It's almost undetectable, however
there was a controversy on this. Hardware assisted virtualization can help
malicious software, thus hardware architecture is prime here.
Extreme Privilege Escalation
This was demonstrated with modern windows8. Exploitation of platform
firmware UEFI using new API (windows 8). Privilege escalation from ring3 to
ring0, most privileged level-almost directly communicates with the hardware
resources.
Stepping p3wns
This attack used resource (printer here) firmware update, that by passes the anti-
virus at the computer as it's not windows malicious. However, when the task is
received at printer side, the firmware gets updated to the malicious one. This
exploitation enables infecting IP phones etc. which can be a huge concern in
'BYOD' times.
Shadow walker (TLB Splitting)
Misuse x86 hardware to hide malware from OS and anti-virus. In fact, even
code modifications could not be detected by anti-virus. The flaw-difference
between reading the memory and executing it.
Cyber Threats:
a. Cyber Warfare
b. Cyber Crime
c. Cyber Terrorism
d. Cyber Espionage
Cyber Warfare
Cyber Warfare is typically defined as a set of actions by a nation or organization
to attack countries or institutions' computer network systems with the intention
of disrupting, damaging, or destroying infrastructure by computer viruses or
denial-of-service attacks.
Cyber warfare can take many forms, but all of them involve either the
destabilization or destruction of critical systems. The objective is to weaken the
target country by compromising its core systems.
This means cyber warfare may take several different shapes:
 Attacks on financial infrastructure
 Attacks on public infrastructure like dams or electrical systems
 Attacks on safety infrastructure like traffic signals or early warning
systems
 Attacks against military resources or organizations
Cyber Crime
Cybercrime or a computer-oriented crime is a crime that includes a computer
and a network. The computer may have been used in the execution of a crime or
it may be the target.
Cybercrime is the use of a computer as a weapon for committing crimes such as
committing fraud, identity theft, or breaching privacy.
Cybercrime, especially through the Internet, has grown in importance as the
computer has become central to every field like commerce, entertainment, and
government.
Cybercrime may endanger a person or a nation’s security and financial health.
Cybercrime encloses a wide range of activities, but these can generally be
divided into two categories:
 Crimes that aim at computer networks or devices. These types of crimes
involve different threats (like virus, bugs etc.) and denial-of-service
(DoS) attacks.
 Crimes that use computer networks to commit other criminal activities.
These types of crimes include cyber stalking, financial fraud or identity
theft.
Cyber Terrorism
Cyberterrorism is the convergence of cyberspace and terrorism. It refers to
unlawful attacks and threats of attacks against computers, networks and the
information stored therein when done to intimidate or coerce a government or
its people in furtherance of political or social objectives.
Further, to qualify as cyberterrorism, an attack should result in violence against
persons or property, or at least cause enough harm to generate fear.
Attacks that lead to death or bodily injury, explosions, or severe economic loss
would be examples.
Serious attacks against critical infrastructures could be acts of cyberterrorism,
depending on their impact. Attacks that disrupt nonessential services or that are
mainly a costly nuisance would not.
One way of understanding cyberterrorism involves the idea that terrorists could
cause massive loss of life, worldwide economic chaos and environmental
damage by hacking into critical infrastructure systems. The nature of
cyberterrorism covers conduct involving computer or Internet technology that:
 is motivated by a political, religious or ideological cause
 is intended to intimidate a government or a section of the public to
varying degrees
 seriously interferes with infrastructure
Cyber Espionage
Cyber espionage, or cyber spying, is a type of cyberattack in which an
unauthorized user attempts to access sensitive or classified data or intellectual
property (IP) for economic gain, competitive advantage or political reasons.
Cyber espionage is primarily used as a means to gather sensitive or classified
data, trade secrets or other forms of IP that can be used by the aggressor to
create a competitive advantage or sold for financial gain. In some cases, the
breach is simply intended to cause reputational harm to the victim by exposing
private information or questionable business practices.
Cyber espionage attacks can be motivated by monetary gain; they may also be
deployed in conjunction with military operations or as an act of cyber terrorism
or cyber warfare. The impact of cyber espionage, particularly when it is part of
a broader military or political campaign, can lead to disruption of public
services and infrastructure, as well as loss of life.
The most common targets of cyber espionage include large corporations,
government agencies, academic institutions, think tanks or other organizations
that possess valuable IP and technical data that can create a competitive
advantage for another organization or government. Targeted campaigns can also
be waged against individuals, such as prominent political leaders and
government officials, business executives and even celebrities.
Cyber spies most commonly attempt to access the following assets:
 Research & Development data and activity
 Academic research data
 IP, such as product formulas or blueprints
 Salaries, bonus structures and other sensitive information regarding
organizational finances and expenditures
 Client or customer lists and payment structures
 Business goals, strategic plans and marketing tactics
 Political strategies, affiliations and communications
 Military intelligence
Comprehensive Cyber Security Policy:
Security policies are a formal set of rules which is issued by an organization to
ensure that the user who are authorized to access company technology and
information assets comply with rules and guidelines related to the security of
information. It is a written document in the organization which is responsible
for how to protect the organizations from threats and how to handles them when
they will occur. A security policy also considered to be a "living document"
which means that the document is never finished, but it is continuously updated
as requirements of the technology and employee changes.
Need of Security policies
1) It increases efficiency.
The best thing about having a policy is being able to increase the level of
consistency which saves time, money and resources. The policy should inform
the employees about their individual duties, and telling them what they can do
and what they cannot do with the organization sensitive information.
2) It upholds discipline and accountability
When any human mistake will occur, and system security is compromised, then
the security policy of the organization will back up any disciplinary action and
also supporting a case in a court of law. The organization policies act as a
contract which proves that an organization has taken steps to protect its
intellectual property, as well as its customers and clients.
3) It can make or break a business deal
It is not necessary for companies to provide a copy of their information security
policy to other vendors during a business deal that involves the transference of
their sensitive information. It is true in a case of bigger businesses which
ensures their own security interests are protected when dealing with smaller
businesses which have less high-end security systems in place.
4) It helps to educate employees on security literacy
A well-written security policy can also be seen as an educational document
which informs the readers about their importance of responsibility in protecting
the organization sensitive data. It involves on choosing the right passwords, to
providing guidelines for file transfers and data storage which increases
employee's overall awareness of security and how it can be strengthened.
We use security policies to manage our network security. Most types of security
policies are automatically created during the installation. We can also customize
policies to suit our specific environment. There are some important
cybersecurity policies recommendations describe below-
1. Virus and Spyware Protection policy
This policy provides the following protection:
 It helps to detect, removes, and repairs the side effects of viruses and
security risks by using signatures.
 It helps to detect the threats in the files which the users try to download
by using reputation data from Download Insight.
 It helps to detect the applications that exhibit suspicious behavior by
using SONAR heuristics and reputation data.
2. Firewall Policy
This policy provides the following protection:
 It blocks the unauthorized users from accessing the systems and networks
that connect to the Internet.
 It detects the attacks by cybercriminals.
 It removes the unwanted sources of network traffic.
3. Intrusion Prevention policy
This policy automatically detects and blocks the network attacks and browser
attacks. It also protects applications from vulnerabilities. It checks the contents
of one or more data packages and detects malware which is coming through
legal ways.
4. LiveUpdate policy
This policy can be categorized into two types one is LiveUpdate Content policy,
and another is LiveUpdate Setting Policy. The LiveUpdate policy contains the
setting which determines when and how client computers download the content
updates from LiveUpdate. We can define the computer that clients contact to
check for updates and schedule when and how often client’s computer check for
updates.
5. Application and Device Control policy
This policy protects a system's resources from applications and manages the
peripheral devices that can attach to a system. The device control policy applies
to both Windows and Mac computers whereas application control policy can be
applied only to Windows clients.
6. Exceptions policy
This policy provides the ability to exclude applications and processes from
detection by the virus and spyware scans.
7. Host Integrity policy
This policy provides the ability to define, enforce, and restore the security of
client computers to keep enterprise networks and data secure. We use this
policy to ensure that the client's computers who access our network are
protected and compliant with companies? securities policies. This policy
requires that the client system must have installed antivirus.
 UNIT-II
Cyberspace and the Law & Cyber Forensics
Cyberspace:
Cyberspace refers to the virtual computer world, and more specifically, an
electronic medium that is used to facilitate online communication. Cyberspace
typically involves a large computer network made up of many worldwide
computer subnetworks that employ TCP/IP protocol to aid in communication
and data exchange activities.
Cyberspace's core feature is an interactive and virtual environment for a broad
range of participants.
In the common IT lexicon, any system that has a significant user base or even a
well-designed interface can be thought to be “cyberspace.”
Cyber Security Regulations:
There are four predominant cyber laws to cover when it comes to cybersecurity
regulations:
In countries like India, where the internet is used very extensively, cyber laws in
India become extremely crucial. Stringent cyber laws fulfil the purpose of
supervising the digital circulation of information, software, information
security, e-commerce, and monetary transactions.
By providing maximum connectivity and minimizing cybersecurity concerns,
India's Cybersecurity Law has cleared the path for electronic commerce and
electronic government in the country and also broadened the scope and
application of digital media.
1. Information Technology Act, 2000
The Indian cyber law is governed by the Information Technology Act, penned
down back in 2000. The principal impetus of this Act is to offer reliable legal
inclusiveness to eCommerce, facilitating registration of real-time records with
the Government.
But with the cyber attackers getting sneakier, topped by the human tendency to
misuse technology, a series of amendments followed.
The ITA, enacted by the Parliament of India, highlights the grievous
punishments and penalties safeguarding the e-governance, e-banking, and
e-commerce sectors. Now, the scope of ITA has been enhanced to encompass
all the latest communication devices.
The IT Act is the salient one, guiding the entire Indian legislation to govern
cybercrimes rigorously:
 Section 43 - Applicable to people who damage the computer systems
without permission from the owner. The owner can fully claim
compensation for the entire damage in such cases.
 Section 66 - Applicable in case a person is found to dishonestly or
fraudulently commit any act referred to in section 43. The imprisonment
term in such instances can mount up to three years or a fine of up to Rs.5
lakhs.
 Section 66B - Incorporates the punishments for fraudulently receiving
stolen communication devices or computers, which confirms a probable
three years imprisonment. This term can also be topped by a Rs. 1 lakh
fine, depending upon the severity.
 Section 66C - This section scrutinizes the identity thefts related to
imposter digital signatures, hacking passwords, or other distinctive
identification features. If proven guilty, imprisonment of three years
might also be backed by a Rs.1 lakh fine.
 Section 66D - This section was inserted on-demand, focusing on
punishing cheaters doing impersonation using computer resources.
2. Indian Penal Code (IPC) 1980
Identity thefts and associated cyber frauds are embodied in the Indian Penal
Code (IPC), 1860 - invoked along with the Information Technology Act of
2000.
The primary relevant section of the IPC covers cyber frauds:
 Forgery (Section 464)
 Forgery pre-planned for cheating (Section 468)
 False documentation (Section 465)
 Presenting a forged document as genuine (Section 471)
 Reputation damage (Section 469)
3. Companies Act of 2013
The corporate stakeholders refer to the Companies Act of 2013 as the legal
obligation necessary for the refinement of daily operations. The directives of
this Act cement all the required techno-legal compliances, putting the less
compliant companies in a legal fix.
The Companies Act 2013 vested powers in the hands of the SFIO (Serious
Frauds Investigation Office) to prosecute Indian companies and their directors.
Also, post the notification of the Companies Inspection, Investment, and Inquiry
Rules, 2014, SFIOs have become even more proactive and stern in this regard.
The legislature ensured that all the regulatory compliances are well-covered,
including cyber forensics, e-discovery, and cybersecurity diligence. The
Companies (Management and Administration) Rules, 2014 prescribes strict
guidelines confirming the cybersecurity obligations and responsibilities of the
company directors and leaders.
4. NIST Compliance
The Cybersecurity Framework, authorized by the National Institute of Standards
and Technology (NIST), offers a harmonized approach to cybersecurity as the
most reliable global certifying body.
NIST Cybersecurity Framework encompasses all required guidelines, standards,
and best practices to manage the cyber-related risks responsibly. This
framework is prioritized flexibility and cost-effectiveness. It promotes the
resilience and protection of critical infrastructure by:
 Allowing better interpretation, management, and reduction of
cybersecurity risks – to mitigate data loss, data misuse, and the
subsequent restoration costs
 Determining the most important activities and critical operations - to
focus on securing them
 Demonstrates the trust-worthiness of organizations that secure critical
assets
 Helps to prioritize investments to maximize the cybersecurity ROI
 Addresses regulatory and contractual obligations
 Supports the wider information security program
By combining the NIST CSF framework with ISO/IEC 27001 - cyber security
risk management becomes simplified. It also makes communication easier
throughout the organization and across the supply chains via common
cybersecurity directives laid by NIST.
International Law:
International law is a system of treaties and agreements between nations that
governs how nations interact with other nations, citizens of other nations, and
businesses of other nations. In terms of types of international law, it can be
divided into two significant categories: private and public international law.
On the other hand, international law is nothing but a set of rules governing and
concerning the mutual relations between countries. Nations accept those rules as
legally binding and as such, they are applicable to all countries regardless of
state borders. There are some major substantive fields of international law, such
as the following:
 International economic law: the body of law concerned with rights and
obligations of sovereign states in international economic relations.
 International security law: set of rules aims to ensure effective
operational cooperation between states in terms of maintaining
international security, justice, and peace on a global basis.
 International criminal law: the area of law that deals with prosecution
and punishment of perpetrators, individuals responsible for grave.
violations of human rights, relating specifically to the commission of war
crimes, genocide, crimes against humanity, and the crime of aggression.
 International environmental law: the field of international law
regulating the behavior of states and international organizations relating
to the environment.
 Diplomatic law: the area of international law concerning diplomatic
privileges and immunities, permanent or temporary diplomatic missions,
and the rights and obligations of the state representatives while operating
on the territory of other states.
 International humanitarian law, A.K.A. law of war: set of rules that
seek to regulate armed conflicts between states, as well as between states
and individuals or informal groups.
 International human rights law: the body of international law aimed to
promote and ensure the protection and respect of human rights that are
inherent to every human being.
Roles of International Law:
  International Law is a set of rules which are necessary in order to regulate
the behavior of nation-States towards each other so as to ensure peace and
welfare of the international community.
 International Law helps in resolving disputes amongst States.
 International Law may influence internal laws too and may become a part
of domestic law.
 International Law is majorly concerned with the relation among States.
 In the case of International Law, the law is not above the individuals but
between the sovereign States and the States themselves create the law.
 In International Law, the States often disobey the laws or create laws as
per their interests.
 Article 38 of the Statute of the ICJ is considered as the most authoritative
statement of the sources of law for the Public International Law. It states
the sources of law such as customs, conventions, treaties, general
principles of law recognized by civilized nations and judicial decisions
and teachings of highly qualified publicists.
 It is not necessary for International Law to be codified into an agreement.
There have been a lot of developments in the Modern International Law
and the International Court of Justice is considered as the principal body
responsible for upholding the tenants of International Law.
The INDIAN Cyberspace:
Indian cyberspace was born in 1975 with the establishment of National
Informatics Centre (NIC) with an aim to provide govt with IT solutions. Three
networks (NWs) were set up between 1986 and 1988 to connect various
agencies of govt.
These NWs were, INDONET which connected the IBM mainframe installations
that made up India’s computer infrastructure, NICNET (the NIC NW) a
nationwide very small aperture terminal (VSAT) NW for public sector
organizations as well as to connect the central govt with the state govts and
district administrations, the third NW setup was ERNET (the Education and
Research Network), to serve the academic and research communities.
New Internet Policy of 1998 paved the way for services from multiple Internet
service providers (ISPs) and gave boost to the Internet user base grow from 1.4
million in 1999 to over 150 million by Dec 2012.
Exponential growth rate is attributed to increasing Internet access through
mobile phones and tablets. Govt is making a determined push to increase
broadband penetration from its present level of about 6%.
National Cyber Security Policy:
National Cyber Security Policy is a policy framework by Department of
Electronics and Information Technology (DeitY). It aims at protecting the
public and private infrastructure from cyber-attacks. The policy also intends to
safeguard "information, such as personal information (of web users), financial
and banking information and sovereign data". This was particularly relevant in
the wake of US National Security Agency (NSA) leaks that suggested the US
government agencies are spying on Indian users, who have no legal or technical
safeguards against it. Ministry of Communications and Information Technology
(India) defines Cyberspace as a complex environment consisting of interactions
between people, software services supported by worldwide distribution of
information and communication technology.
Reason for Cyber Security policies:
India had no Cyber security policy before 2013. In 2013, The Hindu newspaper,
citing documents leaked by NSA whistle-blower Edward Snowden, has alleged
that much of the NSA surveillance was focused on India's domestic politics and
its strategic and commercial interests.[5] This sparked a furor among people.
Under pressure, the government unveiled a National Cyber Security Policy
2013 on 2 July 2013.
Vision:
To build a secure and resilient cyberspace for citizens, business, and
government and also to protect anyone from intervening in user's privacy.
Mission:
To protect information and information infrastructure in cyberspace, build
capabilities to prevent and respond to cyber threat, reduce vulnerabilities and
minimize damage from cyber incidents through a combination of institutional
structures, people, processes, technology, and cooperation.
Objectives:
 To create a secure cyber ecosystem in the country, generate adequate trust
and confidence in IT system and transactions in cyberspace and thereby
enhance adoption of IT in all sectors of the economy.
 To create an assurance framework for the design of security policies and
promotion and enabling actions for compliance to global security
standards and best practices by way of conformity assessment (Product,
process, technology & people).
  To strengthen the Regulatory Framework for ensuring a SECURE
CYBERSPACE ECOSYSTEM.
 To enhance and create National and Sectoral level 24x7 mechanism for
obtaining strategic information regarding threats to ICT infrastructure,
creating scenarios for response, resolution and crisis management through
effective predictive, preventive, protective response and recovery actions.
 To improve visibility of integrity of ICT products and services by
establishing infrastructure for testing & validation of security of such
product.
 To create workforce for 5,00,000 professionals skilled in next 5 years
through capacity building skill development and training.
 To provide fiscal benefit to businesses for adoption of standard security
practices and processes.
 To enable Protection of information while in process, handling, storage &
transit so as to safeguard privacy of citizen's data and reducing economic
losses due to cybercrime or data theft.
 To enable effective prevention, investigation and prosecution of
cybercrime and enhancement of law enforcement capabilities through
appropriate legislative intervention.
Strategies:
 Creating a secured Ecosystem.
 Creating an assurance framework.
 Encouraging Open Standards.
 Strengthening The regulatory Framework.
 Creating a mechanism for Security Threats Early Warning, Vulnerability
management, and response to security threats.
 Securing E-Governance services.
 Protection and resilience of Critical Information Infrastructure.
 Promotion of Research and Development in cyber security.
 Reducing supply chain risks
 Human Resource Development (fostering education and training
programs both in formal and informal sectors to Support the Nation's
cyber security needs and build capacity.
 Creating cyber security awareness.
 Developing effective Public-Private partnerships.
 To develop bilateral and multilateral relationships in the area of cyber
security with another country. (Information sharing and cooperation)
 A Prioritized approach for implementation.
Cyber Forensics:
Cyber Forensics is a process of extracting data as proof for a crime (that
involves electronic devices) while following proper investigation rules to nab
the culprit by presenting the evidence to the court. Cyber forensics is also
known as computer forensics. The main aim of cyber forensics is to maintain
the thread of evidence and documentation to find out who did the crime
digitally. Cyber forensics can do the following:
 It can recover deleted files, chat logs, emails, etc.
 It can also get deleted SMS, Phone calls.
 It can get recorded audio of phone conversations.
 It can determine which user used which system and for how much time.
 It can identify which user ran which program.
Computer Forensics:
Computer Forensics (also known as computer forensic science) is a branch of
digital forensic science pertaining to evidence found in computers and digital
storage media. The goal of computer forensics is to examine digital media in a
forensically sound manner with the aim of identifying, preserving, recovering,
analyzing and presenting facts and opinions about the digital information.
Although it is most often associated with the investigation of a wide variety of
computer crime, computer forensics may also be used in civil proceedings. The
discipline involves similar techniques and principles to data recovery, but with
additional guidelines and practices designed to create a legal audit trail.
Evidence from computer forensics investigations is usually subjected to the
same guidelines and practices of other digital evidence. It has been used in a
number of high-profile cases and is accepted as reliable within court systems.
Types of computer forensics:
There are multiple types of computer forensics depending on the field in which
digital investigation is needed. The fields are:
 Network forensics: This involves monitoring and analyzing the network
traffic to and from the criminal’s network. The tools used here are
network intrusion detection systems and other automated tools.
 Email forensics: In this type of forensics, the experts check the email of
the criminal and recover deleted email threads to extract out crucial
information related to the case.
  Malware forensics: This branch of forensics involves hacking related
crimes. Here, the forensics expert examines the malware, trojans to
identify the hacker involved behind this.
 Memory forensics: This branch of forensics deals with collecting data
from the memory (like cache, RAM, etc.) in raw and then retrieve
information from that data.
 Mobile Phone forensics: This branch of forensics generally deals with
mobile phones. They examine and analyze data from the mobile phone.
 Database forensics: This branch of forensics examines and analyzes the
data from databases and their related metadata.
 Disk forensics: This branch of forensics extracts data from storage media
by searching modified, active, or deleted files.
Historical background of Cyber Forensics:
Here, are important landmarks from the history of Cyber Forensics:
 Hans Gross (1847 -1915): First use of scientific study to head criminal
investigations
 FBI (1932): Set up a lab to offer forensics services to all field agents and
other law authorities across the USA.
 In 1978 the first computer crime was recognized in the Florida Computer
Crime Act.
 Francis Galton (1982 – 1991): Conducted first recorded study of
fingerprints
 In 1992, the term Computer Forensics was used in academic literature.
 1995 International Organization on Computer Evidence (IOCE) was
formed.
 In 2000, the First FBI Regional Computer Forensic Laboratory
established.
 In 2002, Scientific Working Group on Digital Evidence (SWGDE)
published the first book about digital forensic called “Best practices for
Computer Forensics”.
 In 2010, Simson Garfinkel identified issues facing digital investigations.
Digital Forensics Science:
Digital Forensics is defined as the process of preservation, identification,
extraction, and documentation of computer evidence which can be used by the
court of law. It is a science of finding evidence from digital media like a
computer, mobile phone, server, or network. It provides the forensic team with
the best techniques and tools to solve complicated digital-related cases.
Digital Forensics helps the forensic team to analyzes, inspect, identifies, and
preserve the digital evidence residing on various types of electronic devices.
Types of Digital Forensics:
Types of digital forensics are:
 Disk Forensics: It deals with extracting data from storage media by
searching active, modified, or deleted files.
 Network Forensics: It is a sub-branch of digital forensics. It is related to
monitoring and analysis of computer network traffic to collect important
information and legal evidence.
 Wireless Forensics: It is a division of network forensics. The main aim
of wireless forensics is to offers the tools need to collect and analyze the
data from wireless network traffic.
 Database Forensics: It is a branch of digital forensics relating to the
study and examination of databases and their related metadata.
 Malware Forensics: This branch deals with the identification of
malicious code, to study their payload, viruses, worms, etc.
 Email Forensics: Deals with recovery and analysis of emails, including
deleted emails, calendars, and contacts.
 Memory Forensics: It deals with collecting data from system memory
(system registers, cache, RAM) in raw form and then carving the data
from Raw dump.
 Mobile Phone Forensics: It mainly deals with the examination and
analysis of mobile devices. It helps to retrieve phone and SIM contacts,
call logs, incoming, and outgoing SMS/MMS, Audio, videos, etc.
Note:
 Digital forensics is a branch of forensic science encompassing the
recovery, investigation, examination and analysis of material found in
digital devices, often in relation to mobile devices and computer crime.
 Computer forensics is a branch of digital forensic science pertaining to
evidence found in computers and digital storage media.
 Digital forensics, also known as cyber forensics, is a broad term that
describes activities relating to investigating attacks and cyber incidents
involving various digital assets. This includes everything from mobile
phones and computers to servers, networks and so on.
The Need for Computer Forensics:
In today’s technology driven generation, the importance of cyber forensics is
immense. Technology combined with forensic, forensics paves the way for
quicker investigations and accurate results. Below are the points depicting the
importance of cyber forensics:
 Cyber forensics helps in collecting important digital evidence to trace the
criminal.
 Electronic equipment stores massive amounts of data that a normal
person fails to see. For example: in a smart house, for every word we
speak, actions performed by smart devices, collect huge data which is
crucial in cyber forensics.
 It is also helpful for innocent people to prove their innocence via the
evidence collected online.
 It is not only used to solve digital crimes but also used to solve real-world
crimes like theft cases, murder, etc.
 Businesses are equally benefitted from cyber forensics in tracking system
breaches and finding the attackers.
Digital Evidence:
Digital evidence is information stored or transmitted in binary form that may be
relied on in court. It can be found on a computer hard drive, a mobile phone,
among other places.
Digital evidence is commonly associated with electronic crime, or e-crime, such
as child pornography or credit card fraud. However, digital evidence is now
used to prosecute all types of crimes, not just e-crime.
For example, suspects' e-mail or mobile phone files might contain critical
evidence regarding their intent, their whereabouts at the time of a crime and
their relationship with other suspects.
In 2005, for example, a floppy disk led investigators to the BTK serial killer
who had eluded police capture since 1974 and claimed the lives of at least 10
victims.
In an effort to fight e-crime and to collect relevant digital evidence for all
crimes, law enforcement agencies are incorporating the collection and analysis
of digital evidence, also known as computer forensics, into their infrastructure.
Law enforcement agencies are challenged by the need to train officers to collect
digital evidence and keep up with rapidly evolving technologies such as
computer operating systems.

Forensic Analysis of Email:

An E-Mail system is a combination of hardware and software that controls the
flow of E-Mail. Two most important components of an email system are:
 E-Mail server
 E-Mail gateway
E-Mail servers are computers that forward, collect, store, and deliver email to
their clients. The general overview of how an email system works is shown in
the following figure:

E-Mail gateways are the connections between email servers. Mail server
software is a software which controls the flow of email. Mail client is the
software which is used to send and receive (read) emails. An email contains two
parts:
  Header
 Body

Email header is very important from forensics point of view. A full header view
of an email provides the entire path email’s journey from its source to
destination. The header also includes IP and other useful information. Header is
a sequence of fields (key-value pair).
The body of email contains actual message. Headers can be easily spoofed by
spammers. Header protocol analysis is important for investigating evidence.
After getting the source IP address we find the ISP’s details. By contacting ISP,
we can get further information like:
 Name
 Address
 Contact number
 Internet facility
 Type of IP address
 Any other relevant information
It is important during investigations that logs of all servers in the chain need to
be examined as soon as possible. If the server mentioned in the bottom received
section does not match the server of the email sender, it is a fake email. The
Message-ID will help to find a particular email log entry in a email server.
RFC2822 defines the Internet message format. According to RFC2822:
 Each email must have a globally unique identifier
 Defines the syntax of Message-ID
 Message-ID can appear in three header fields:
a. Message-ID header
b. In-reply-to header
c. References header
Digital Forensics Lifecycle:
The digital forensics process is shown in the following figure. Forensic life
cycle phases are:
1. Preparation and identification
2. Collection and recording
3. Storing and transporting
4. Examination/investigation
5. Analysis, interpretation, and attribution
6. Reporting
7. Testifying

1. Preparing for the Evidence and Identifying the Evidence

In order to be processed and analyzed, evidence must first be identified. It might
be possible that the evidence may be overlooked and not identified at all. A
sequence of events in a computer might include interactions between:
 Different files
 Files and file systems
 Processes and files
 Log files
In case of a network, the interactions can be between devices in the organization
or across the globe (Internet). If the evidence is never identified as relevant, it
may never be collected and processed.
2. Collecting and Recording Digital Evidence
Digital evidence can be collected from many sources. The obvious sources can
be:
 Mobile phone
 Digital cameras
  Hard drives
 CDs
 USB memory devices

Non-obvious sources can be:

 Digital thermometer settings
 Black boxes inside automobiles
 RFID tags
Proper care should be taken while handling digital evidence as it can be
changed easily. Once changed, the evidence cannot be analysed further. A
cryptographic hash can be calculated for the evidence file and later checked if
there were any changes made to the file or not. Sometimes important evidence
might reside in the volatile memory. Gathering volatile data requires special
technical skills.
3. Storing and Transporting Digital Evidence
Some guidelines for handling of digital evidence:
 Image computer-media using a write-blocking tool to ensure that no data
is added to the suspect device
 Establish and maintain the chain of custody
 Document everything that has been done
 Only use tools and methods that have been tested and evaluated to
validate their accuracy and reliability
Care should be taken that evidence does not go anywhere without properly
being traced. Things that can go wrong in storage include:
 Decay over time (natural or unnatural)
 Environmental changes (direct or indirect)
 Fires
 Floods
 Loss of power to batteries and other media preserving mechanisms
Sometimes evidence must be transported from place to place either physically
or through a network. Care should be taken that the evidence is not changed
while in transit. Analysis is generally done on the copy of real evidence. If there
is any dispute over the copy, the real can be produced in court.
4. Examining/Investigating Digital Evidence
Forensics specialist should ensure that he/she has proper legal authority to seize,
copy and examine the data. As a general rule, one should not examine digital
information unless one has the legal authority to do so. Forensic investigation
performed on data at rest (hard disk) is called dead analysis.
Many current attacks leave no trace on the computer’s hard drive. The attacker
only exploits the information in the computer’s main memory. Performing
forensic investigation on main memory is called live analysis. Sometimes the
decryption key might be available only in RAM. Turning off the system will
erase the decryption key. The process of creating and exact duplicate of the
original evidence is called imaging. Some tools which can create entire hard
drive images are:
 DCFLdd
 Iximager
 Guymager
The original drive is moved to secure storage to prevent tampering. The
imaging process is verified by using the SHA-1 or any other hashing
algorithms.
5. Analysis, Interpretation and Attribution
In digital forensics, only a few sequences of events might produce evidence. But
the possible number of sequences is very huge. The digital evidence must be
analyzed to determine the type of information stored on it. Examples of
forensics tools:
 Forensics Tool Kit (FTK)
 EnCase
 Scalpel (file carving tool)
 The Sleuth Kit (TSK)
 Autopsy
Forensic analysis includes the following activities:
 Manual review of data on the media
 Windows registry inspection
 Discovering and cracking passwords
 Performing keyword searches related to crime
 Extracting emails and images
Types of digital analysis:
  Media analysis
 Media management analysis
 File system analysis
 Application analysis
 Network analysis
 Image analysis
 Video analysis
6. Reporting
After the analysis is done, a report is generated. The report may be in oral form
or in written form or both. The report contains all the details about the evidence
in analysis, interpretation, and attribution steps. As a result of the findings in
this phase, it should be possible to confirm or discard the allegations. Some of
the general elements in the report are:
 Identity of the report agency
 Case identifier or submission number
 Case investigator
 Identity of the submitter
 Date of receipt
 Date of report
 Descriptive list of items submitted for examination
 Identity and signature of the examiner
 Brief description of steps taken during examination
 Results / conclusions
7. Testifying
This phase involves presentation and cross-examination of expert witnesses. An
expert witness can testify in the form of:
 Testimony is based on sufficient facts or data
 Testimony is the product of reliable principles and methods
 Witness has applied principles and methods reliably to the facts of the
case
Experts with inadequate knowledge are sometimes chastised by the court.
Precautions to be taken when collecting digital evidence are:
 No action taken by law enforcement agencies or their agents should
change the evidence
  When a person to access the original data held on a computer, the person
must be competent to do so
 An audit trial or other record of all processes applied to digital evidence
should be created and preserved
 The person in-charge of the investigation has overall responsibility for
ensuring that the law and these are adhered to
Chain of Custody
A chain of custody is the process of validating how evidences have been
gathered, tracked, and protected on the way to the court of law. Forensic
professionals know that if you do not have a chain of custody, the evidence is
worthless.
The chain of custody is a chronological written record of those individuals who
have had custody of the evidence from its initial acquisition to its final
disposition. A chain of custody begins when evidence is collected and the chain
is maintained until it is disposed of. The chain of custody assumes continuous
accountability.
Forensics Investigation:
Forensics are the scientific methods used to solve a crime.
Forensic investigation is the gathering and analysis of all crime-related physical
evidence in order to come to a conclusion about a suspect. Investigators will
look at blood, fluid, or fingerprints, residue, hard drives, computers, or other
technology to establish how a crime took place. This is a general definition,
though, since there are a number of different types of forensics.
Types of Forensic Investigation:
 Forensic Accounting / Auditing
 Computer or Cyber Forensics
 Crime Scene Forensics
 Forensic Archaeology
 Forensic Dentistry
 Forensic Entomology
 Forensic Graphology
 Forensic Pathology
 Forensic Psychology
 Forensic Science
 Forensic Toxicology
Forensic Accounting / Auditing
A forensic accounting investigation aids the victims of fraud or financial crimes.
Also known as financial investigation, this kind of analysis uses intelligence-
gathering techniques, accounting, business, and communication skills to provide
evidence to attorneys involved in criminal and civil investigations. They
investigate by combing through a large number of relevant figures, searching
for irregularities or illegal financial practices. Crimes can vary from tax evasion
to theft of company assets. They also look into insurance claims and high
payouts.
Forensic accounting services can include:
 Searching for hidden assets
 Calculating lost wages
 Tracing misappropriated funds
 Performing fraud investigations
Forensic Computer or Cyber Forensics
Computer investigations are similar to electronic discovery (or e-discovery).
These forensic investigations recover data from computers and hard drives to
solve a crime or find evidence of misconduct. Computer investigators can
uncover things like sale of black-market goods, fraud, and sex trafficking. Some
common situations that call for computer investigation are divorce, wrongful
termination, employee internet abuse, unauthorized disclosure of corporate
information, and other illegal internet activity. Forensic computer investigations
can find information on cell phones and hard drives including emails, browsing
history, downloaded files, and even deleted data. One of the first cases in which
computer forensics lead to a conviction involved the messages exchanged in an
online chat room.
Crime Scene Forensics
Crime scene investigations document and gather any physical evidence found at
a crime scene in order to solve a crime or determine whether a crime has taken
place. This kind of investigation also includes the analysis of what investigators
collect to ensure the evidence is credible and relevant. There are a wide range of
crime scene investigators like ballistics experts, who study the trajectory of
ammunition and match bullets to potential firearms, and odontologists, who
specialize in teeth and bite-marks to identify missing persons or victims of mass
disaster.
Forensic Archaeology
Forensic archaeology focuses on human remains that are severely decomposed.
They mainly focus on clues they can glean from the bones, including carbon
dating to determine their age. From these clues, they can sometimes establish
cause-of-death. If a mass grave is discovered or in the event of large casualties,
forensic archaeologists can identify the victims using facial reconstruction
software.
Forensic Dentistry
Forensic dentists are vital when a victim can’t be identified by any other means
or when a culprit bites a victim. Since teeth have distinct patterns, the marks left
behind can identify a suspect or victim. The shape of the jaw can also indicate
age, gender, and DNA can be extrapolated from teeth like with bone marrow
and hair. Even if the victim wasn’t bitten, physical evidence found at a crime
scene may still be useful for forensic dentists. For example, a pencil with bite
marks or a half-eaten apple might have deep enough impressions to reveal
someone’s identity.
Forensic Entomology
Forensic entomology is the study of any insects found at a crime scene. Alive or
dead, these bugs can reveal where a crime took place, whether the victim had
been given drugs, and the time of death. Some insects are only found in specific
areas so finding them on a body can suggest whether a body was moved. The
presence of larvae in a body can also suggest how long a victim has been dead.
If the crime isn’t a murder, insects will still occupy untreated wounds in abuse
cases or identify the origin of illegally imported goods, like cannabis.
Forensic Graphology
Forensic graphologists study the handwriting on ransom notes, poison pen
letters, suicide notes, and blackmail demands. Though age and gender cannot be
determined by handwriting alone, it can indicate the writer’s state of mind at the
time the note was penned. Handwriting can give insights about:
 Mood
 Motivation
 Integrity
 Intelligence
 Emotional stability
Slant, size of writing, and the weight of the hand all reflect information about
the writer. The phrases and slang the writer uses can also say a lot about
location and motive. Forensic graphologists are also used to verify the validity
of documents such as insurance claims or police statements.
Forensic Pathology
Ultimately, it is the forensic pathologist’s job to find out cause-of-death,
especially when it is suspected that the death was not due to natural causes.
They perform an autopsy, which involves observing both the outside and inside
of the victim. On the outside there may be signs of blows, bruises, bullet entry
points, or asphyxia. On the inside, the pathologist will look at things like the
organs and stomach contents. By observing these things, a pathologist can
determine whether the death was a suicide, murder, or due to natural causes.
Forensic Psychology
Forensic psychology studies the thoughts behind an attacker’s actions. Before
thinking about how to catch a suspect, forensic psychologists consider why the
act was committed. They look at sources of extreme stress in the perpetrator’s
life that might push them to act violently. They also observe the scene of the
crime, which can tell them whether the act was done out of a burst of emotion
or was predetermined. Once a suspect is caught, a forensic psychologist can
determine whether they are of sound mind. Even in cases of suspected suicide,
investigators can examine the life of the victim and conclude whether the act
was purposeful or an accident.
Forensic Science
Forensic science is the general term used for all of the scientific processes
involved in solving a crime. Some types of forensic science include:
 DNA coding
 Toxicology (drugs and the effects)
 Serology (bodily fluids)
 Ballistics (everything related to firearms)
A big part of forensic science is the collection, storage, and analysis of fibers,
DNA, bodily fluids, and other physical evidence. The roles of forensic scientists
have become vital to the sentencing of criminals due to the reliability and
accuracy of the evidence they provide. It is also a section of forensics that is
constantly growing and changing as technology advances.
Forensic Toxicology
Forensic toxicology studies toxic substances, environmental chemicals, and
poison. The drug tests needed for certain job applications are an example of the
most basic forensic toxicology. Today, a large part of a forensic toxicologist’s
job is studying both illegal and legal drugs. Using urine, blood, or hair, they
look at the way these substances are absorbed, distributed, and eliminated by the
body. They will also look at their effects. For a murder, substances use shows
itself in the brain, liver, and spleen.

Challenges in Computer Forensics:

Although there are well-developed forensic techniques, cybercrime
investigation is not easy. Huge amount of data is available and searching for
evidence in that enormous data is not easy. Most of the existing tools allow
anyone to change the attribute associated with digital data.
Encryption is a commonly used anti forensics technique and keyword search
can be defeated by renaming file names. Cybercrime investigators often face a
problem of collecting evidence from very large groups of files. They need to use
techniques like link analysis and visualization. To find leads they need to use
machine learning techniques (patterns).
Technical Challenges
The two challenges faced in a digital forensic investigation are complexity and
quantity. The complexity problem refers to the data collected being at the
lowest level or in raw format. Non-technical people will find it difficult to
understand such data.
Tools can be used to transform the data from low level format to readable
format. The quantity problem refers to the amount of data that needs to be
analyzed. Data reduction techniques can be used to group data or remove
known data. Data reduction techniques include:
 Identifying known network packets using IDS signatures
 Identifying unknown entries during log processing
 Identifying known files using hash databases
 Sorting files by their types
Legal Challenges
Digital evidence can be tampered easily, sometimes, even without any traces. It
is common for modern computers to have multiple gigabyte sized disks.
Seizing and freezing of digital evidence can no longer be accomplished just by
burning a CD-ROM.
Failure to freeze the evidence prior to opening files has invalidated critical
evidence.
There is also the problem of finding relevant evidence within massive amounts
of data which is a daunting task.
The real legal challenges involve the artificial limitations imposed by
constitutional, statutory and procedural issues.
There are many types of personnel involved in digital/computer forensics like
technicians, policy makers, and professionals.
 Technicians have sound knowledge and skills to gather information from
digital devices, understand software and hardware as well as networks.
 Policy makers establish forensics policies that reflect broad
considerations.
 Professionals are the link between policy and execution who have
extensive technical skills as well as good understanding of the legal
procedures.
Special Techniques for Forensic Auditing:
Forensic auditing is an accounting form that checks in detail a company’s
different financial records to identify any signs of fraud being committed.
Forensic audit firms also provide deep analysis of the financial books, which
can be submitted to the court of law.
Forensic auditors are considered detectives in the business and economic fields.
These professionals check every transaction to identify illegal or fraudulent
activity in the industry.
Techniques for Forensic Auditing
1. Conducting background checks and reviewing public documents
2. Interviewing in detail
3. Collecting information from reliable sources
4. Analyzing the evidence collected
5. Performing surveillance
6. Working undercover
7. Taking a closer look at the financial statements
Various techniques can be employed to conduct a forensic audit of a business.
Below are some generic yet effective techniques. Most of these techniques can
be applied to any business. They include:
1. Conducting background checks and reviewing public documents
Public documents are carefully scrutinized since they are the easiest to obtain.
In addition, extensive background checks are conducted on a particular business
to ascertain the company’s past performance. These include any information
accessible through the public database, corporate records, and legally accessible
information available via the internet.
2. Interviewing in detail
Interviewing is an integral part of generating valuable information from an
unwilling person. This step aids in gaining a complete understanding of the
situation. To conduct an effective interview, one must determine the gravity of
the situation and prepare questions accordingly. The discussion should consider
every detail and consider the overall picture to determine the scope of the illegal
activity and the perpetrators.
3. Collecting information from reliable sources
A confidential and reliable source of information can prove invaluable in any
situation. Suppose information is gathered from a confidential source or an
informant. In that case, all measures should be taken to conceal the source’s
identity. Forensic accountants should attempt to obtain as many confidential
sources as possible since they can virtually guarantee the accuracy of their
conclusions.
4. Analyzing the evidence collected
An adequate analysis of the obtained evidence can identify the responsible party
and assist in determining the extent to which fraud was committed within the
business. This analysis will also provide insight into the level of security that
the company has against financial scams and how various austerity measures
can be implemented to prevent similar situations in the future.
5. Performing surveillance
One of the conventional methods of uncovering fraud involves conducting
physical or electronic checks. One way of doing this is to monitor all official
emails and messages.
6. Working undercover
A measure of this magnitude should be employed only when all other options
are exhausted. Professionals should investigate since they know how and where
to conduct it. Even minor mistakes may alert the offender that something is
amiss and may disappear.
7. Taking a closer look at the financial statements
The purpose of this tool is to identify the fraud committed. Financial statements
contain all the necessary details. An analysis of these statements can assist a
forensic accountant in determining whether a scam has been perpetrated.
 UNIT – III
Cybercrime: Mobile and Wireless Devices
Introduction
In this modern era, the rising importance of electronic gadgets (i.e., mobile
hand-held devices) –which became an integral part of business, providing
connectivity with the Internet outside the office – brings many challenges to
secure these devices from being a victim of cybercrime.
In the recent years, the use of laptops, personal digital assistants (PDAs), and
mobile phones has grown from limited user communities to widespread desktop
replacement and broad deployment.
By the end of 2008 around 1.5 billion individuals around the world had the
Internet access.
In November 2007, mobile phone users were numbered 3.3 billion, with a
growing proportion of those mobile devices enabled for the Internet access.
The complexity of managing these devices outside the walls of the office is
something that the information technology (IT) departments in the organizations
need to address.
Remote connection has extended from fixed location dial-in to wireless-on-the-
move, and smart hand-held devices such as PDAs have become networked,
converging with mobile phones.
Furthermore, the maturation of the PDA and advancements in cellular phone
technology have converged into a new category of mobile phone device: the
Smartphone.
Smartphones combine the best aspects of mobile and wireless technologies and
blend them into a useful business tool.
Although IT departments of organizations as yet are not swapping employees’
company- provided PDAs (as the case may be) for the Smartphones, many users
may bring these devices from home and use them in the office.
Thus, the larger and more diverse community of mobile users and their devices
increase the demands on the IT function to secure the device, data and
connection to the network, keeping control of the corporate assets, while at the
same time supporting mobile user productivity.
Clearly, these technological developments present a new set of security
challenges to the global organizations.
Proliferation of Mobile and Wireless Devices
Today, incredible advances are being made for mobile devices. The trend is for
smaller devices and more processing power. A few years ago, the choice was
between a wireless phone and a simple PDA. Now the buyers have a choice
between high-end PDAs with integrated wireless modems and small phones
with wireless Web-browsing capabilities. A long list of options is available to
the mobile users. A simple hand-held mobile device provides enough
computing power to run small applications, play games and music, and make
voice calls. A key driver for the growth of mobile technology is the rapid
growth of business solutions into hand-held devices.
As the term "mobile device" includes many products. We first provide a clear
distinction among the key terms: mobile computing, wireless computing and
hand-held devices. Figure below helps us understand how these terms are
related. Let us understand the concept of mobile computing and the various
types of devices.
Mobile computing is "taking a computer and all necessary files and software out
into the field." Many types of mobile computers have been introduced since
1990s. They are as follows:
1. Portable computer: It is a general-purpose computer that can be easily
moved from one place to another, but cannot be used while in transit, usually
because it requires some "setting-up" and an AC power source.
2. Tablet PC: It lacks a keyboard, is shaped like a slate or a paper notebook and
has features of a touchscreen with a stylus and handwriting recognition
software. Tablets may not be best suited for applications requiring a physical
keyboard for typing, but are otherwise capable of carrying out most tasks that an
ordinary laptop would be able to perform.
3. Internet tablet: It is the Internet appliance in tablet form. Unlike a Tablet
PC, the Internet tablet does not have much computing power and its
applications suite is limited. Also, it cannot replace a general-purpose computer.
The Internet tablets typically feature an MP3 and video player, a Web browser,
a chat application and a picture viewer.
4. Personal digital assistant (PDA): It is a small, usually pocket-sized,
computer with limited functionality. It is intended to supplement and
synchronize with a desktop computer, giving access to contacts, address book,
notes, E-Mail and other features.
5. Ultramobile (PC): It is a full-featured, PDA-sized computer running a
general-purpose operating system (OS).
6. Smartphone: It is a PDA with an integrated cell phone functionality. Current
Smartphones have a wide range of features and installable applications.
7. Carputer: It is a computing device installed in an automobile. It operates as
a wireless computer, sound system, global positioning system (GPS) and DVD
player. It also contains word processing software and is Bluetooth compatible.
8. Fly Fusion Pentop computer: It is a computing device with the size and
shape of a pen. It functions as a writing utensil, MP3 player, language
translator, digital storage device and calculator.
Trends in Mobility:
Mobile computing is moving into a new era, fourth generation (4G), which
promises greater variety in applications and have highly improved usability as
well as speedier networking. "iPhone" from Apple and Google-led "Android"
phones are the best examples of this trend and there are plenty of other
developments that point in this direction. This smart mobile technology is
rapidly gaining popularity and the attackers (hackers and crackers) are among
its biggest fans.
It is worth noting the trends in mobile computing; this will help readers to
readers to realize the seriousness of cybersecurity issues in the mobile
computing domain. Figure below shows the different types of mobility and their
implications.
The new technology 4G networks are not entirely built with IP data security.
Moreover, IP data world when compared to voice-centric security threats is new
to mobile operators. There are numerous attacks that can be committed against
mobile networks and they can originate from two primary vectors. One is from
outside the mobile network - that is, public Internet, private networks and other
operator's networks - and the other is within the mobile networks- that is,
devices such as data-capable handsets and Smartphones, notebook computers or
even desktop computers connected to the 4G network.
Popular types of attacks against 4G mobile networks are as follows:
1. Malwares, viruses and worms: Although many users are still in the
transient process of switching from 3G to 4G, it is a growing need to educate
the community people and provide awareness of such threats that exist while
using mobile devices. Here are few examples of malware(s) specific to mobile
devices:
 Skull Trojan: It target Series 60 phones equipped with the Symbian
mobile OS.
 Cabir Worm: It is the first dedicated mobile-phone worm infects phones
running on Symbian OS and scans other mobile devices to send a copy of
itself to the first vulnerable phone it finds through Bluetooth Wireless
 technology. The worst thing about this worm is that the source code for
the Cabir-H and Cabir-I viruses is available online.
 Mosquito Trojan: It affects the Series 60 Smartphones and is a cracked
version of "Mosquitos" mobile phone game.
 Brador Trojan: It affects the Windows CE OS by creating a svchost. exe
file in the Windows start-up folder which allows full control of the
device. This executable file is conductive to traditional worm propagation
vector such as E-Mail file attachments.
 Lasco Worm: It was released first in 2005 to target PDAs and mobile
phones running the Symbian OS. Lasco is based on Cabir's source code
and replicates over Bluetooth connection.
2. Denial-of-service (DoS): The main objective behind this attack is to make
the system unavailable to the intended users. Virus attacks can be used to
damage the system to make the system unavailable. Presently, one of the most
common cyber security threats to wired Internet service providers (ISPs) is a
distributed denial-of-service (DDos) attack. DDoS attacks are used to flood the
target system with the data so that the response from the target system is either
slowed or stopped.
3. Overbilling attack: Overbilling involves an attacker hijacking a subscriber's
IP address and then using it (i.e., the connection) to initiate downloads that are
not "Free downloads" or simply use it for his/her own purposes. In either case,
the legitimate user is charged for the activity which the user did not conduct or
authorize to conduct.
4. Spoofed policy development process (PDP): These of attacks exploit the
vulnerabilities in the GTP [General Packet Radio Service (GPRS) Tunneling
Protocol].
5. Signaling-level attacks: The Session Initiation Protocol (SIP) is a signaling
protocol used in IP multimedia subsystem (IMS) networks to provide Voice
Over Internet Protocol (VoIP) services. There are several vulnerabilities with
SIP-based VolP systems.
Credit card Frauds in Mobile and Wireless Computing Era:
These are new trends in cybercrime that are coming up with mobile computing -
mobile commerce (M-Commerce) and mobile banking (M-Banking). Credit
card frauds are now becoming commonplace given the ever-increasing power
and the ever-reducing prices of the mobile hand-held devices, factors that result
in easy availability of these gadgets to almost anyone. Mobile credit card
transactions are now very common; new technologies combine low-cost mobile
phone technologies with the capabilities of a point-of-sale (POS) terminal.
Today belongs to "mobile computing," that is, anywhere anytime computing.
The developments in wireless technology have fueled this new mode of
working for white collar workers. This is true for credit card processing too;
wireless credit card processing is a relatively new service that will allow a
person to process credit cards electronically, virtually anywhere.
Wireless credit card processing is a very desirable system, because it allows
businesses to process transactions from mobile locations quickly, efficiently and
professionally.
It is most often used by businesses that operate mainly in a mobile environment.
These businesses include mobile utility repair service businesses, locksmiths,
mobile windshield repair and others. Some upscale restaurants are using
wireless processing equipment for the security of their credit card paying
customers. Figure below shows the basic flow of transactions involved in
purchases done using credit cards.

If Credit card companies, normally, do a good job of helping consumers resolve

identity (ID) they) theft problems once they occur. But they of could reduce ID
fraud even more if they give consumers better to monitor their accounts and
limit high-risk transactions.
There is a system available from an Australian company "Alacrity" called
closed-loop environment for wireless (CLEW). Figure above shows the flow of
events with CLEW which is a registered trademark of Alacrity used here only to
demonstrate the flow in this environment.
As shown in Figure, the basic flow is as follows:
1. Merchant sends a transaction to bank
2. The bank transmits the request to the authorized cardholder
3. The cardholder approves or rejects (password protected)
4. The bank/merchant is notified
5. The credit card transaction is completed.
Security Challenges Posed by Mobile Devices:
Mobility brings two main challenges to cybersecurity:
 First, on the hand-held devices, information is being taken outside the
physically controlled environment and
 Second, remote access back to the protected environment is being
granted.
Perceptions of the organizations to these cybersecurity challenges are important
in devising appropriate security operating procedure. When people are asked
about important in managing a diverse range of mobile devices, they seem to be
thinking of the ones shown in below figure.
As the number of mobile device users increases, two challenges are presented:
 One at the device level called "micro challenges" and
 Another at the organizational level called "macro-challenges."
Some well-known technical challenges in mobile security are:
 Managing the registry settings and configurations
 Authentication service security
 Cryptography security
 Lightweight Directory Access Protocol (LDAP) security
 Remote Access Server (RAS) security
 Media player control security
 Networking application program interface (API) security etc.
Registry Settings for Mobile Devices:
The Registry Settings allows us to add, modify, and delete the values in the
registry of the users in the mobile devices. The Registry Settings
Configuration enables us to modify the values in the registry centrally and
for several users.
Let us understand the issue of registry settings on mobile devices through an
example: Microsoft ActiveSync is meant for synchronization with Windows-
powered personal computers (PCs) and Microsoft Outlook. ActiveSync acts
as the "gateway between Windows-powered PC and Windows mobile-
powered device, enabling the transfer of applications such as Outlook
information, Microsoft Office documents, pictures, music, videos and
applications from a user's desktop to his/her device.
In addition to synchronizing with a PC, ActiveSync can synchronize directly
with the Microsoft exchange server so that the users can keep their E-Mails,
calendar, notes and contacts updated wirelessly when they are away from
their PCs. In this context, registry setting becomes an important issue given
the ease with which various applications allow a free flow of information.
Authentication Service Security:
There are two components of security in mobile computing: security of
devices and security in networks. A secure network access involves
authentication between the device and the base stations or Web servers.
This is to ensure that only authenticated devices can be connected to the
network for obtaining the requested services. No Malicious Code can
impersonate the service provider to trick the device into doing something it
does not mean to. Thus, the networks also play a crucial role in security of
mobile devices.
Some eminent kinds of attacks to which mobile devices are subjected to are:
push attacks, pull attacks and crash attacks.
Authentication services security is important given the typical attacks on
mobile devices through wireless networks: Dos attacks, traffic analysis,
eavesdropping, man-in-the-middle attacks and session hijacking.
Security measures in this scenario come from Wireless Application
Protocols (WAPs), use of VPNs, media access control (MAC) address
filtering and development in 802.xx standards.
Attacks on Mobile/Cell Phones:
Mobile devices can be attacked at different levels. This includes the potential
for malicious apps, network-level attacks, and exploitation of vulnerabilities
within the devices and the mobile OS.
As mobile devices become increasingly important, they have received
additional attention from cybercriminals. As a result, cyber threats against
these devices have become more diverse.
1. Malicious Apps and Websites
Like desktop computers, mobile devices have software and Internet access.
Mobile malware (i.e., malicious applications) and malicious websites can
accomplish the same objectives (stealing data, encrypting data, etc.) on
mobile phones as on traditional computers.
Malicious apps come in a variety of different forms. The most common
types of malicious mobile apps are trojans that also perform ad and click
scams.
2. Mobile Ransomware
Mobile ransomware is a particular type of mobile malware, but the increased
usage of mobile devices for business has made it a more common and
damaging malware variant. Mobile ransomware encrypts files on a mobile
device and then requires a ransom payment for the decryption key to restore
access to the encrypted data.
3. Phishing
Phishing is one of the most common attack vectors in existence. Most
cyberattacks begin with a phishing email that carries a malicious link or an
attachment containing malware. On mobile devices, phishing attacks have a
variety of media for delivering their links and malware, including email,
SMS messaging, social media platforms, and other applications.
In fact, while emails are what people most commonly think of when they
hear phishing, they are not even close to the most commonly phishing vector
on mobile devices. In fact, emails only account for 15% of mobile phishing
attacks, placing them behind messaging, social media and “other” apps (not
social, messaging, gaming, or productivity).
4. Man-in-the-Middle (MitM) Attacks
Man-in-the-Middle (MitM) attacks involve an attacker intercepting network
communications to either eavesdrop on or modify the data being transmitted.
While this type of attack may be possible on different systems, mobile
devices are especially susceptible to MitM attacks. Unlike web traffic, which
commonly uses encrypted HTTPS for communication, SMS messages can
be easily intercepted, and mobile applications may use unencrypted HTTP
for transfer of potentially sensitive information.
MitM attacks typically require an employee to be connected to an untrusted
or compromised network, such as public Wi-Fi or cellular networks.
However, the majority of organizations lack policies prohibiting the use of
these networks, making this sort of attack entirely feasible if solutions like a
virtual private network (VPN) are not used.
5. Advanced Jailbreaking and Rooting Techniques
Jailbreaking and rooting are terms for gaining administrator access to iOS
and Android mobile devices. These types of attacks take advantage of
vulnerabilities in the mobile OSs to achieve root access on these devices.
These increased permissions enable an attacker to gain access to more data
and cause more damage than with the limited permissions available by
default. Many mobile users will jailbreak/root their own devices to enable
 them to delete unwanted default apps or install apps from untrusted app
stores, making this attack even easier to perform.
6. Device and OS exploits
Often, the focus of cybersecurity is on top-layer software, but lower levels of
the software stack can contain vulnerabilities and be attacked as well. With
mobile devices – like computers – vulnerabilities in the mobile OS or the
device itself can be exploited by an attacker. Often, these exploits are more
damaging than higher-level ones because they exist below and outside the
visibility of the device’s security solutions.
Organizational Security Policies and Measures in Mobile
Computing Era, Laptops:
Proliferation of hand-held devices used makes the cybersecurity issue graver
than what we would tend to think. People have grown so used to their hand-held
they are treating them like wallets! For example, people are storing more types
of confidential information on mobile computing devices than their employers
or they themselves know; they listen to music using their-hand-held devices.
One should think about not to keep credit card and bank account numbers,
passwords, confidential E-Mails and strategic information about organization,
merger or takeover plans and also other valuable information that could impact
stock values in the mobile devices. Imagine the business impact if an
employee's USB, pluggable drive or laptop was lost or stolen, revealing
sensitive customer data such as credit reports, social security numbers (SSNs)
and contact information. Not only would this be a public relations (PR) disaster,
but it could also violate laws and regulations. One should give a deep thought
about the potential legal troubles for a public company whose sales reports,
employee records or expansion plans may fall into wrong hands.
When controls cannot be implemented to protect data in the event they are
stolen, the simplest solution is to prevent users from storing proprietary
information on platforms deemed to be insufficiently secure. This sort of policy
can be difficult to enforce, however, by increasing awareness of 'the user, it can
be reasonably effective. Information classification and handling policy should
clearly define what sorts of data may be stored on mobile devices. In the
absence of other controls, simply not storing confidential data on at-risk
platforms will mitigate the risk of theft or loss.
Operating Guidelines for Implementing Mobile Device Security
Policies
In situations such as those described above, the ideal solution would be to
prohibit all confidential data from being stored on mobile devices, but this may
not always be practical. Organizations can, however, reduce the risk that
confidential information will be accessed from lost or stolen mobile devices
through the following steps:
 Determine whether the employees in the organization need to use mobile
computing devices at all, based on their risks and benefits within the
organization, industry and regulatory environment.
 Implement additional security technologies, as appropriate to fit both the
organization and the types of devices used. Most (and perhaps all) mobile
computing devices will need to have their native security augmented with
such tools as strong encryption, device passwords and physical locks.
 Biometrics techniques can be used for authentication and encryption and
have great potential to eliminate the challenges associated with
passwords.
 Standardize the mobile computing devices and the associated security
tools being used with them. As a matter of fundamental principle,
security deteriorates quickly as the tools and devices used become
increasingly disparate.
 Develop a specific framework for using mobile computing devices,
including guidelines for data syncing, the use of firewalls and anti-
malware software and the types of information that can be stored on
them.
 Centralize management of your mobile computing devices. Maintain an
inventory so that you know who is using what kinds of devices.,
 Establish patching procedures for software on mobile devices. This can
often be simplified by integrating patching with syncing or patch
management with the centralized inventory database.
 Label the devices and register them with a suitable service that helps
recovered devices to the owners.
 Establish procedures to disable remote access for any mobile devices
reported as lost or stolen. Many devices allow the users to store
usernames and passwords for website portals, which could allow a thief
to access even more information than on the device itself.
 Remove data from computing devices that are not in use or before re-
assigning those devices to new owners. This is to preclude incidents
through which people obtain "old" computing devices that still had
confidential company data.
  Provide education and awareness training to personnel using mobile
devices. People cannot be expected to appropriately secure their
information if they have not been told how.
Organizational Policies for the Use of Mobile Hand-Held Devices
There are many ways to handle the matter of creating policy for mobile devices.
One way is creating distinct mobile computing policy. Another way is including
such devices existing policy. There are also approaches in between where
mobile devices fall under both existing policies and a new one. In the hybrid
approach, a new policy is created to address the specific needs of the mobile
devices but more general usage issues fall under general IT policies. As a part
of this approach, the "acceptable use" policy for other technologies is extended
to the mobile devices. There may not be a need for separate policies for
wireless, LAN, wide area network (WAN), etc. because a properly written
network policy can cover all connections to the company data, including mobile
and wireless.
Companies new to mobile devices may adopt an umbrella mobile policy but
they find over time, they will need to modify their policies to match the
challenges posed by different kinds of mobile hand-held devices. For example,
wireless devices pose different challenges than non-wireless Also, employees
who use mobile devices more than 20% of the time will have different
requirements than less-frequent users. It may happen that over time, companies
may need to create separate policies for the mobile devices on the basis of
whether they connect wirelessly and with distinctions for devices that connect
to WANs and LANs.
It is never too early to start, planning for mobile devices, even when a company,
at a given point of time, cannot afford creating any special security policies to
mitigate the threats posed by mobile computing devices to cyber security. It is,
after all, an issue of new technology adoption for many organizations. By
contemplating its uses companies may think of ways they can use it and,
perhaps just as important, how their competitors will use it.

UNIT – IV
 Cyber Security: Organizational Implications
Introduction:
In the global environment with continuous network connectivity, the
possibilities for cyberattacks can emanate from sources that are local, remote,
domestic or foreign. They could be launched by an individual or a group. They
could be casual probes from hackers using personal computers (PCs) in their
homes, hand-held devices or intense scans from criminal groups.

PI is information that is, or can be, about or related to an identifiable individual.

It includes any information that can be linked to an individual or used to directly
or indirectly identify an individual.
Most information the organization collects about an individual is likely to come
under “PI” category if it can be attributed to an individual. For an example, PI is
an individual’s first name or first initial and last name in combination with any
of the following data:
1. Social security number (SSN)/social insurance number.
2. Driver’s license number or identification card number.
3. Bank account number, credit or debit card number with personal
identification number such as an access code, security codes or password that
would permit access to an individual’s financial account.
4. Home address or E-Mail address.
5. Medical or health information.
An insider threat is defined as “the misuse or destruction of sensitive or
confidential information, as well as IT equipment that houses this data by
employees, contractors and other ‘trusted’ individuals.”
Insider threats are caused by human actions such as mistakes, negligence,
reckless behavior, theft, fraud and even sabotage. There are three types of
“insiders” such as:
1. A malicious insider is motivated to adversely impact an organization through
a range of actions that compromise information confidentiality, integrity and/or
availability.
2. A careless insider can bring about a data compromise not by any bad
intention but simply by being careless due to an accident, mistake or plain
negligence.
3. A tricked insider is a person who is “tricked” into or led to providing
sensitive or private company data by people who are not truthful about their
identity or purpose via “pretexting” (known as social engineering).
• Insider Attack Example 1: Heartland Payment System Fraud
A case in point is the infamous “Heartland Payment System Fraud” that was
uncovered in January 2010. This incident brings out the glaring point about
seriousness of “insider attacks. In this case, the concerned organization suffered
a serious blow through nearly 100 million credit cards compromised from at
least 650 financial services companies. When a card is used to make a purchase,
the card information is trans- mitted through a payment network”.
• Insider Attack Example 2: Blue Cross Blue Shield (BCBS)
Yet another incidence is the Blue Cross Blue Shield (BCBS) Data Breach in
October 2009 the theft of 57 hard drives from a BlueCross BlueShield of
Tennessee training facility puts the private information of approximately
500,000 customers at risk in at least 32 states.
The two lessons to be learnt from this are:
1. Physical security is very important.
2. Insider threats cannot be ignored.
What makes matters worse is that the groups/agencies/entities connected with
cybercrimes are all linked. There is certainly a paradigm shift in computing and
work practices; with workforce mobility, virtual teams, social computing media,
cloud computing services being offered, sharp rise is noticed in business process
outsourcing (BPO) services, etc. to name a few.

A key message from this discussion is that cybercrimes do not happen on their
own or in isolation. Cybercrimes take place due to weakness of cybersecurity
practices and “privacy” which may get impacted when cybercrimes happen.
Privacy has following four key dimensions:
1. Informational/data privacy: It is about data protection, and the users’ rights
to determine how, when and to what extent information about them is
communicated to other parties.
2. Personal privacy: It is about content filtering and other mechanisms to
ensure that the end-users are not exposed to whatever violates their moral
senses.
3. Communication privacy: This is as in networks, where encryption of data
being transmitted is important.
4. Territorial privacy: It is about protecting users’ property for example, the
user devices from being invaded by undesired content such as SMS or E-
Mail/Spam messages. The paradigm shift in computing brings many challenges
for organizations; some such key challenges are described here.
The key challenges from emerging new information threats to organizations are
as follows:
1. Industrial espionage: There are several tools available for web
administrators to monitor and track the various pages and objects that are
accessed on their website.
2. IP-based blocking: This process is often used for blocking the access of
specific IP addresses and/or domain names.
3. IP-based “cloaking”: Businesses are global in nature and economies are
interconnected.
4. Cyberterrorism: “Cyberterrorism” refers to the direct intervention of a
threat source toward your organization’s website.
Confidential information leakage: “Insider attacks” are the worst ones.
Typically, an organization is protected from external threats by your firewall
and antivirus solutions

Cost of Cybercrimes and IPR Issues:

cybercrimes cost a lot to organizations.
When a cybercrime incidence occurs, there are a number of internal costs
associated with it for organizations and there are organizational impacts as well.
Detection and recovery constitute a very large percentage of internal costs. This
is supported by a benchmark study conducted by Ponemon Institute USA
carried out with the sample of 45 organizations representing more than 10
sectors and each with a head count of at least 500 employees.
1. Organizations have Internal Costs Associated with Cyber security
Incidents
The internal costs typically involve people costs, overhead costs and
productivity losses. The internal costs, in order from largest to the lowest and
that has been supported by the benchmark study mentioned:
 Detection costs (25%)
 Recovery costs (21%)
 Post response costs (19%)
 Investigation costs (14%)
 Costs of escalation and incident management (12%)
 Cost of containment (9%)

2. The consequences of cybercrimes and their associated costs, mentioned

 Information loss/data theft (42%)
 Business disruption (22%)
  Damages to equipment, plant and property (13%)
 Loss of revenue and brand tarnishing (13%)
 Other costs (10%)
3. The impact on organizations by various cyber crimes
 Virus, Worms and Trojans-100%
 Malwares-80%
 Botnets-73%
 Web based attacks-53%
 Phishing and Social engineering-47%
 Stolen devices-36%
 Malicious insiders-29%
 Malicious code-27%
4. Average days taken to resolve cyber attacks
 Attacks by Malicious insiders-42 days
 Malicious code-39 days
 Web based attacks-19 days
 Data lost due to stolen devices-10 days
 Phishing and social engineering attacks-9 days
 Virus, worms, and trojans-2.5 days
 Malware-2 days
 Botnets- 2 days
5. There are many new endpoints in today’s complex networks; they
include hand-held devices.
Again, there are lessons to learn:
 Endpoint protection: It is an often-ignored area but it is IP-based
printers, although they are passive devices, are also one of the endpoints.
 Secure coding: These practices are important because they are a good
mitigation control to protect organizations from “Malicious Code” inside
business applications.
 HR checks: These are important prior to employment as well as after
employment.
 Access controls: These are always important, for example, shared IDs
and shared laptops are dangerous.
  Importance of security governance: It cannot be ignored policies,
procedures and their effective implementation cannot be over-
emphasized.
6. Organizational Implications of Software Piracy
Use of pirated software is a major risk area for organizations.
From a legal standpoint, software piracy is an IPR violation crime. Use of
pirated software increases serious threats and risks of cybercrime and computer
security when it comes to legal liability.
The most often quoted reasons by employees, for use of pirated software, are as
follows:
 Pirated software is cheaper and more readily available.
 Many others use pirated software anyways.
 Latest versions are available faster when pirated software is used.
Web Threats for Organizations:
Internet and the Web is the way of working today in the interconnected digital
economy. More and more business applications are web based, especially with
the growing adoption of cloud computing.
1. Overview of Web Threats to Organizations
The Internet has engulfed us! Large number of companies as well as individuals
have a connection to the Internet. Employees expect to have Internet access at
work just like they do at home.
IT managers must also find a balance between allowing reasonable personal
Internet use at work and maintaining office work productivity and work
concentration in the office.
2. Employee Time Wasted on Internet Surfing
This is a very sensitive topic indeed, especially in organizations that claim to
have a “liberal culture.” Some managers believe that it is crucial in today’s
business world to have the finger on the pulse of your employees.
People seem to spend approximately 45-60 minutes each working day on
personal web surfing at work.

3. Enforcing Policy Usage in the Organization

An organization has various types of policies. A security policy is a statement
produced by the senior management of an organization, or by a selected policy
board or committee to dictate what type of role security plays within the
organization.

4. Monitoring and Controlling Employees’ Internet Surfing

A powerful deterrent can be created through effective monitoring and reporting
of employees’ Internet surfing.
Even organizations with restrictive policies can justify a degree of relaxation;
for example, allowing employees to access personal sites only during the lunch
hour or during specified hours.
5. Keeping Security Patches and Virus Signatures Up to Date
Updating security patches and virus signatures have now become a reality of
life, a necessary activity for safety in the cyberworld! Keeping security systems
up to date with security signatures, software patches, etc. is almost a nightmare
for management.

6. Surviving in the Era of Legal Risks

As website galore, most organizations get worried about employees visiting
inappropriate or offensive websites. We mentioned about Children’s Online
Privacy Protection.
Serious legal liabilities arise for businesses from employee’s
misuse/inappropriate use of the Internet.
7. Bandwidth Wastage Issues
Today’s applications are bandwidth hungry; there is an increasing image
content in messages and that too, involving transmission of high-resolution
images.
There are tools to protect organization’s bandwidth by stopping unwanted
traffic before it even reaches your Internet connection.
8. Mobile Workers Pose Security Challenges
Use of mobile handset devices in cybercrimes. Most mobile communication
devices for example, the personal digital assistants (PDAs) have raised security
concerns with their use. Mobile workers use those devices to connect with their
company networks when they move. So, the organizations cannot protect the
remote user system as a result workforce remains unprotected. We need tools to
extend web protection and filtering to remote users, including policy
enforcement
9. Challenges in Controlling Access to Web Applications
Today, a large number of organizations’ applications are web based. There will
be more in the future as the Internet offers a wide range of online applications,
from webmail or through social networking to sophisticated business
applications. Employees use personal mail id to send business sensitive
information (BSI) for valid or other reasons. It leads to data security breach.
The organizations need to decide what type of access to provide to employees.
10. The Bane of Malware
Many websites contain malware. Such websites are a growing security threat.
Although most organizations are doing a good job of blocking sites declared
dangerous, cyber attackers, too, are learning. Criminals change their techniques
rapidly to avoid detection.

11. The Need for Protecting Multiple Offices and Locations

Delivery from multi-locations and teams collaborating from multi-locations to
deliver a single project are a common working scenario today. Most large
organizations have several offices at multiple locations. In such scenario
Internet-based host service is best idea to protect many locations.
Security and Privacy Implications:
Cloud computing is one of the top 10 Cyber Threats to organizations. There are
data privacy risks through cloud computing. Organizations should think about
privacy scenarios in terms of “user spheres”. There are three kinds of spheres
and their characteristics:
1. User sphere: Here data is stored on users’ desktops, PCs, laptops, mobile
phones, Radio Frequency Identification (RFID) chips, etc. Organization’s
responsibility is to provide access to users and monitor that access to ensure
misuse does not happen.
2. Recipient sphere: Here, data lies with recipients: servers and databases of
network providers, service providers or other parties with whom data recipient
shares data. Organizations responsibility is to minimize users’ privacy risk by
ensuring unwanted exposure of personal data of users’ does not happen.
3. Joint sphere: Here data lies with web service provider’s servers and
databases. This is the in between sphere where it is not clear to whom does the
data belong. Organization responsibility is to provide users some control over
access to themselves and to minimize users’ futures privacy risk.
Social Media Marketing: Security Risks and Perils for
Organizations:
Social media marketing has become dominant in the industry. According to fall
2009 survey by marketing professionals; usage of social media sites by large
business-to-business (B2B) organizations shows the following:
 Facebook is used by 37% of the organizations.
 LinkedIn is used by 36% of the organizations.
 Twitter is used by 36% of the organizations.
 YouTube is used by 22% of the organizations.
 My Space is used by 6% of the organizations.
Although the use of social media marketing site is rampant, there is a problem
related to “social computing” or “social media marketing” – the problem of
privacy threats. Exposures to sensitive PI and confidential business information
are possible if due care is not taken by organizations while using the mode of
“social media marketing.”
• Understanding Social Media Marketing
Most professionals today use social technologies for business purposes. Most
common usage include: marketing, internal collaboration and learning,
customer service and support, sales, human resources, strategic planning,
product development.
Following are the most typical reasons why organizations use social media
marketing to promote their products and services:
1. To be able to reach to a larger target audience in a more spontaneous and
instantaneous manner without paying large advertising fees.
2. To increase traffic to their website coming from other social media websites
by using Blogs and social and business-networking. Companies believe that
this, in turn, may increase their “page rank” resulting in increased traffic from
leading search engines.
3. To reap other potential revenue benefits and to minimize advertising costs
because social media complements other marketing strategies such as a paid
advertising campaign.
4. To build credibility by participating in relevant product promotion forums
and responding to potential customers’ questions immediately.
5. To collect potential customer profiles. Social media sites have information
such as user profile data, which can be used to target a specific set of users for
advertising.
There are other tools too that organizations use; industry practices indicate the
following:
1. Twitter is used with higher priority to reach out to maximum marketers in the
technology space and monitor the space.
2. Professional networking tool LinkedIn is used to connect with and create a
community of top executives from the Fortune 500.
3. Facebook as the social group or social community tool is used to drive more
traffic to Websense website and increase awareness about Websense.
4. YouTube (the video capability tool to run demonstrations of
products/services, etc.) is used to increase the brand awareness and create a
presence for corporate videos.
5. Wikipedia is also used for brand building and driving traffic.
There are conflicts views about social media marketing some people in IT say
the expensive and careless use of it. Some illustrate the advantages of it with
proper control of Security risk.
Social Computing and Associated Challenges for Organizations:
Social computing is the collaborative and interactive aspect of online behavior.
The term can be understood in contrast to personal computing, which describes
the behavior of isolated users.
Elements of social computing include blogs, wikis, Twitter, RSS, instant
messaging, multiplayer gaming and opensource development, as well as social
networking and social bookmarking sites. Social computing is closely related to
the concept of Web 2.0, which can be thought of as the framework of
applications supporting the processes of social computing.
Social computing within an organization can empower and motivate employees
and, as a consequence, create benefit for the business.
Businesses can also use social computing to get closer to their customers and
promote their brands. Social computing can enhance customer relationship
management (CRM) because it allows a business to follow public opinion about
its brand and respond quickly to customer issues. Many larger organizations
have also started to use crowdsourcing for research. The corporate use of social
computing applications is sometimes referred to as Enterprise 2.0.
Challenges for Organizations:
1. Lack of social media literacy amongst workers.
2. A perception that social tools won't work well in a particular industry.
3. Social software is still perceived as too risky to use for core business
activities.
4. Can't get enough senior executives engaged with social tools.
5. There is vapor lock between IT and the social computing initiative.
6. Need to prove ROI (Return on Investment) before there will be support for
social software.
7. Security concerns are holding up pilot projects/adoption plans.
8. The needs around community management have come as a surprise.
9. Difficulties sustaining external engagement.
10. Struggling to survive due to unexpected success.
Cybercrime and Cyber Terrorism:
Cyberattacks can come in the form of viruses, malware, email phishing, social
media fraud - the spectrum of cyber threats is limitless. We are more
interconnected than ever before, but for all of the advantages, that connectivity
leaves us vulnerable to the risks of fraud, theft, abuse, and attack. Cybercrime
can have wide-ranging impacts, at the individual, local, state, and national
levels.
Organized cybercrime, state-sponsored hackers, and cyber espionage can pose
national security risks to our country and our critical infrastructure.
Transportation, power, and other services may be disrupted by large scale cyber
incidents. The extent of the disruption is highly uncertain as it will be
determined by many unknown factors such as the target and size of the incident.
Vulnerability to data breach and loss increases if an organization's network is
compromised. Information about a company, its employees, and its customers
can be at risk.
Individually-owned devices such as computers, tablets, mobile phones, and
gaming systems that connect to the Internet are vulnerable to intrusion. Personal
information may be at risk without proper security.
Intellectual Property in the Cyberspace
Intellectual Property (IP) simply refers to the creation of the mind. It refers to
the possession of thought or design by the one who came up with it. It offers the
owner of any inventive design or any form of distinct work some exclusive
rights, that make it unlawful to copy or reuse that work without the owner’s
permission. It is a part of property law. People associated with literature, music,
invention, etc. can use it in business practices.
There are numerous types of tools of protection that come under the term
“intellectual property”. Notable among these are the following:
1. Patents
2. Trademarks
3. Copyrights
4. Geographical indications
5. Layout Designs of Integrated Circuits
6. Trade secrets
7. Industrial Designs
With the growth of Cyberspace and technology advancements, copyright and
trademarks are not limited to the usual intellectual property alone but have
spread to intellectual property rights over the internet.
Cyberspace is becoming a hub for intellectual property rights infringement.
Several practices by the cyber site operators resulted in the violation of
intellectual property rights and various other rights of other website operators. It
has become crucial that people are aware of the illegal usage of their websites
and webpages.
International conventions and treaties have provided various laws to protect
infringement of IPRs online which are helping e-commerce and e-businesses to
grow. However, the Information technology Act does not provide any
provisions in respect of cybercrimes related to IPR, cyberstalking, cyber
defamation, etc.
Also, the Indian Trademark Act, 1999 and Copyright Act, 1957 are silent on
issues on online Trademark and Copyright infringement. Though computer
programs are protected under the Copyright Act, 1957, it does not provide
remedies for cyberpiracy.
The Ethical Dimension of Cybercrimes
Information Technology (IT) has a central role in commerce, industry,
government, medicine, education, entertainment and society at large. Its
economic and social benefits hardly need explanation. But like any other
technologies, IT also has problematic implications, and some negative impacts
on our society. It poses and creates some problems related to ethics, and
contains in general three main types of ethical issues:
1. personal privacy
2. access right and
3. harmful actions
Let us look more closely at these issues, exploring in each case the ways in
which they affect the public reactions to this technological change.
personal privacy: In terms of personal privacy, IT enables data exchange of
information on a large scale from anybody, on any locations or parts of the
world, at any times. In this situation, there is increased potential for disclosing
information and violating the privacy of any individuals and groups of people
due to its widespread disseminations worldwide.
It is our challenge and responsibility to maintain the privacy and integrity of
data regarding individuals. This also includes taking precautions to ensure the
accuracy of data, as well as protecting it from unauthorized access or accidental
disclosure to inappropriate individuals.
access right: The second aspect of ethical issues in computing systems is access
right. Due to the current popularity of international commerce on the Internet,
the topic of computer security and access right has moved quickly from being a
low priority for corporations and government agencies to a high priority. This
interest has been heightened by computer break-ins at places like Los Alamos
National Laboratories and NASA in the US.
Many attempts of such illegal access to United States government and military
computers by computer hackers have been widely reported. Without
implementation of proper computer security policies and strategies, network
connections on the Internet can’t be made secure from illegal accesses.
harmful actions: In computer ethics, harmful action means injury or negative
consequences, such as undesirable loss of information, loss of property,
property damage, or unwanted environmental impacts. This principle prohibits
use of computing technology in ways that result in harm to any of users, the
general public, employees, and employers.
Harmful actions include intentional destruction or modification of files and
programs leading to serious loss of e-sources or unnecessary expenditure of
human resources such as the time and effort required to purge system from
"computer viruses."
The Psychology, Mindset and Skills of Hackers and Other Cyber
Criminals
The Psychology of Hackers
They realize early that they are super smart people with skills to understand the
cyber system and outsmart others. This realization and practice of breaking
cyber barriers and playing with systems become part of their routine.
Probably they have a complex antisocial mindset and tendency to go away from
norm. Due to in general lack of community awareness about cyber systems and
they being super smart they become aggressive and powerful.\
They think they can get away not being caught. Sometimes they express their
anger and try to teach lesson by taking revenge on some issue and go way
beyond to prove their point! Some hackers are performing these cyber activities
for good ethical reasons, others for non- ethical reasons.
The anger and aggressiveness in social behavior may result from multiple
individual reasons. Feeling of extreme Nationalism or Anti-Nationalism when
threatened against set views or antisocial activities or retaliation against
oppression or to prove power or just for fun and fill free time by playing with
technology.
The Mindset of Hackers:
Hackers are curious and creative individuals. They typically approach problems
differently than someone looking to thwart them.
While security professionals have to think of every variable and seek feedback
on their design choices in a methodical manner, hackers are flexible and agile
when assessing attack vectors and executing plans.
Their known pragmatism allows them to switch on a dime from running into a
closed route to finding another opportunity.
The bottom line is, hackers are always on the lookout for weakness and it’s not
a matter of if, but when they find those points.
This is why cybersecurity isn’t a “set-it-and-forget-it” kind of deal. It requires
constant vigilance when monitoring, upgrading, and utilizing your security
infrastructure.
Hackers are/have:
1. Curious
 2. Creative
3. Tenacious and
4. Respect for diversity of thought
The Skills of Hackers:
Some of the most important skills required for hacking professional to be a part
of the future of cybersecurity are:
1. Networking Skills
2. Computer Skills
3. Linux Skills
4. Programming Skills
5. SQL Skills
6. Hardware Knowledge
7. Knowledge in Reverse Engineering
8. Cryptography
9. Database Skills
10. Problem-solving Skills
Networking Skills: Networking skills are one of the most critical skills for
becoming a hacker. A computer network is an interconnection of multiple
devices, generally termed hosts connected using multiple paths to send or
receive data or media.
Computer Skills: Hacking involves exploiting computer systems to locate
potential threats. Therefore, having a firm and sound knowledge of computers is
one of the skills needed for hacking.
Linux Skills: Linux is a free and open-source operating system based on the
Linux Kernel. The source code of Linux can be modified and distributed to
anyone commercially or non-commercially under the GNU General Public
License. The main reason why learn Linux for hackers is its security. Linux is
more secure than any other operating system. Although 100 per cent security is
not guaranteed for Linux, it has some malware which makes it less vulnerable
than any other operating system.
Programming Skills: Programming Skills are another most crucial skill to
become a hacker. Programming means “The act of writing code understood by a
computational device to perform various instructions.” So, if you want to be a
hacker, you need to know the various programming languages used by hackers
and the languages required for hacking.
SQL Skills: SQL skills are essential to becoming an effective hacker. SQL is
one of the programming languages required for hacking. Also, SQL is a
language used to communicate with a database in Cross-platform Web Hacking.
The SQL injection is used to bypass weak web application login algorithms,
delete data from the database, etc.
Hardware Knowledge: A Hacker must have the basic computer hardware
knowledge for hacking. Computer hardware comprises the physical parts of a
computer, like the central processing unit (CPU), monitor, mouse, keyboard,
computer data storage, graphics card, sound card, speakers and motherboard,
etc.
Knowledge in Reverse Engineering: Reverse Engineering is a method of
retrieving a product's architecture, requirements, and features from an analysis
of its code. It creates a database of programs and extracts knowledge from it.
Cryptography: Cryptography knowledge is another area a hacker should be
skilled in. Cryptography is the study and use of techniques in the presence of
third parties called adversaries for secure communication. It deals with creating
and analyzing protocols that prevent the exchange of information between two
entities by malicious third parties. Thus, pursuing the various aspects of
information security.
Cryptography involves translating a standard text/message known as plain text
to a non-readable type known as ciphertext throughout the transmission. A
hacker must ensure no leakage of contact between various entities within the
organization.
Database Skills: Database skills for Hacking is another vital skill set a Hacker
need. Database Management Systems or DBMS is the development and
management of all databases. Although database systems such as Microsoft
SQL Server, MySQL, and Oracle are supreme in value, their security
vulnerabilities have come to the forefront.
Problem-solving Skills: A Hacker should be a strategic thinker and creative
problem solver. Apart from the technological skills pointed out above,
problem-solving skills allow one to assess and find an appropriate solution to
the root of a problem.
Problem-solving Skills for hacking help to solve cyber-attacks that have become
more complex with the advancement of technology. Therefore, hackers need to
have analytical and critical reasoning skills to tackle these challenges.
 UNIT – V
Privacy Issues
Basic Data Privacy Concepts
Fundamental Concepts:
The fundamentals of data privacy include data confidentiality, data security,
limitations in what data is collected and used, transparency in how the data is
used, and compliance with the appropriate data privacy laws.
Data privacy fundamentals entail the proper use and handling of data with
sensitive information. This typically includes personal, health, or financial data
about an individual or organization. It should not be confused with data
security, which is the process of protecting data from being viewed, altered, or
stolen by unauthorized users.
Data Confidentiality
Data confidentiality is the prevention of unauthorized entities from accessing
sensitive data. Users who access the data must be properly authorized to use it,
see it, and distribute it. Not all data is created equal in this regard, as some types
of data are more sensitive than others.
Data Security
Data security ties into data confidentiality, as it ties into keeping unauthorized
users from accessing data. When securing sensitive information, or data in
general, organizations should abide by the CIA triad: confidentiality, integrity,
and availability.
Limiting Data Collection
When following data privacy fundamentals, organizations should collect as little
information as possible about their users. According to GDPR (General Data
Protection Regulation) Article 5(1)(b), this means that sensitive data should
only be “collected for specified, explicit and legitimate purposes and not further
processed in a manner that is incompatible with those purposes.”
Organizations should only collect data that they intend to use purposefully. A
doctor’s office will need a patient’s weight, height, and age in order to provide a
thorough service. An online retailer fulfilling an order for clothes, however,
requires none of that information. Organizations that collect unneeded data put
themselves at risk.
Data Privacy Transparency
When collecting information about users, organizations should be transparent in
how they plan to use their data, and what data they are collecting. This includes
having:
Consent, where users must opt-in before their data is collected and shared.
A privacy policy, which outlines what data is collected, the reasons for data
collection and use, the length of time the data is kept, other parties involved,
and where the data will go. This policy should be prominently displayed and
easily accessible by users.
Disclosure, where users will be informed about the privacy policy, as well as
cookies and other functions that store and share data.
Compliance
The fundamentals discussed above are good guidelines to follow when keeping
employee and user information private. However, there are several laws and
regulations concerning data privacy, especially with the rise in prominent
breaches of personal data.
Data Privacy Attacks
Data privacy:
Data privacy generally means the ability of a person to determine for
themselves when, how, and to what extent personal information about them is
shared with or communicated to others.
This personal information can be one's name, location, contact information, or
online or real-world behavior. Just as someone may wish to exclude people
from a private conversation, many online users want to control or prevent
certain types of personal data collection.
Personal data can be misused in a number of ways if it is not kept private or if
people don’t have the ability to control how their information is used:
 Criminals can use personal data to defraud or harass users.
 Entities may sell personal data to advertisers or other outside parties
without user consent, which can result in users receiving unwanted
marketing or advertising.
  When a person's activities are tracked and monitored, this may restrict
their ability to express themselves freely, especially under repressive
governments.
Some known challenges or attacks are:
 Online tracking: User behavior is regularly tracked online. Cookies
often record a user's activities, and while most countries require websites
to alert users of cookie usage, users may not be aware of to what degree
cookies are recording their activities.
 Losing control of data: With so many online services in common use,
individuals may not be aware of how their data is being shared beyond
the websites with which they interact online, and they may not have a say
over what happens to their data.
 Lack of transparency: To use web applications, users often have to
provide personal data like their name, email, phone number, or location;
meanwhile, the privacy policies associated with those applications may
be dense and difficult to understand.
 Social media: It is easier than ever to find someone online using social
media platforms, and social media posts may reveal more personal
information than users realize. In addition, social media platforms often
collect more data than users are aware of.
 Cybercrime: Many attackers try to steal user data in order to commit
fraud, compromise secure systems, or sell it on underground markets to
parties who will use the data for malicious purposes. Some attackers use
phishing attacks to try to trick users into revealing personal information;
others attempt to compromise companies' internal systems that contain
personal data.
 Data breaches: A data breach can lead to a massive violation of user
privacy if personal details are leaked, and attackers continue to refine the
techniques they use to cause these breaches.
 Insider threats: Internal employees or contractors might inappropriately
access data if it is not adequately protected.
Data Linking and Profiling
Data Linking
Data linking is the process of collating information from different sources in
order to create a more valuable and helpful data set. The linking of information
about the same person or entity from disparate sources allows, among other
things, the construction of a chronological sequence of events. This information
is of immense value at the policy level to derive meaningful decisions.
Linking this connecting information from a range of sources and combining it
creates a vast data set that contains different parameters. The main aim of this
exercise is to gain information at a macro level. For example, information about
children in a local community can help decide on the volume of early childhood
programs required and school locations.
Earlier, people had to rely on government data to obtain this level of
information. However, now there is the capability to link data from different
sources while maintaining the highest standards of privacy and safety. Social
researchers can ethically use this linked data to understand the characteristics
and needs of a population. This ultimately promotes better health and social
services for the community.
Data Profiling
Data profiling is the process of examining, analyzing, and creating useful
summaries of data. The process yields a high-level overview which aids in the
discovery of data quality issues, risks, and overall trends. Data profiling
produces critical insights into data that companies can then leverage to their
advantage.
More specifically, data profiling sifts through data to determine its legitimacy
and quality. Analytical algorithms detect dataset characteristics such as mean,
minimum, maximum, percentile, and frequency to examine data in minute
detail. It then performs analyses to uncover metadata, including frequency
distributions, key relationships, foreign key candidates, and functional
dependencies. Finally, it uses all of this information to expose how those factors
align with your business’s standards and goals.
Data profiling can eliminate costly errors that are common in customer
databases. These errors include null values (unknown or missing values), values
that shouldn’t be included, values with unusually high or low frequency, values
that don’t follow expected patterns, and values outside the normal range.
Privacy Policies and Their Specifications
A privacy policy is a statement or a legal document (in privacy law) that
discloses information about how a party gathers, uses, discloses, and manages a
customer or client's data. It adheres to a legal requirement to protect a
customer's or client's privacy. Personal information can be any indicator that
can be used to identify an individual, which is not limited to the person's name,
address, date of birth, marital status, contact information, ID issue, and expiry
date, financial records, credit information, medical history, where one travels,
and intent to purchase goods and services.
The Information Technology (Amendment) Act, 2008 made significant changes
to the Information Technology Act, 2000, introducing Section 43A. This section
provides compensation in the case where a corporate body is negligent in
implementing and maintaining reasonable security practices and procedures and
thereby causes wrongful loss or wrongful gain to any person. This applies when
a corporate body possesses, deals or handles any sensitive personal data or
information in a computer resource that it owns, controls or operates.
In 2011, the Government of India prescribed the Information Technology
(Reasonable security practices and procedures and sensitive personal data or
information) Rules, 2011 by publishing it in the Official Gazette. These rules
require a body corporate to provide a privacy policy for handling of or dealing
in personal information including sensitive personal data or information. Such a
privacy policy should consist of the following information in accordance with
the rules:
 Clear and easily accessible statements of its practices and policies,
 Type of personal or sensitive personal data or information collected,
 Purpose of collection and usage of such information,
 Disclosure of information including sensitive personal data or
information,
 Reasonable security practices and procedures.
The privacy policy should be published on the website of the body corporate,
and be made available for view by providers of information who have provided
personal information under lawful contract.
Privacy Policy Languages
Privacy Policy Languages were designed to express the privacy controls that
both organizations and users want to express. Most of the privacy policy
languages were designed for specific purposes with specific features and
characteristics. Some known privacy policy languages are:
1. XACML - eXtensible Access Control Markup Language
2. PPL - PrimeLife Policy Language
3. A-PPL - Accountability PrimeLife Policy Language
4. GeoXACML - Geospatial eXtensible Access Control Markup Language
5. XACL - XML Access Control Language
6. APPEL - Adaptable and Programmable Policy Environment and Language
7. P2U - Purpose-to-Use Policy Language
8. EPAL - Enterprise Privacy Authorization Language
9. CPExchange - Customer Profile Exchange Language
10. PSLang - Policy Specification Language
11. SAML - Security Assertion Markup Language
12. PRML - Privacy Rights Markup Language
13. USDL - Unified Service Description Language, etc.
Privacy in Different Domains - Medical, Financial, etc.
Medical Privacy:
Medical privacy or health privacy is the practice of maintaining the security and
confidentiality of patient records. It involves both the conversational discretion
of health care providers and the security of medical records. The terms can also
refer to the physical privacy of patients from other patients and providers while
in a medical facility, and to modesty in medical settings.
Modern concerns include the degree of disclosure to insurance companies,
employers, and other third parties. The advent of electronic medical records
(EMR) and patient care management systems (PCMS) have raised new
concerns about privacy, balanced with efforts to reduce duplication of services
and medical errors.
Financial Privacy:
Financial institutions handle huge amounts of important information about their
customers, and they are increasingly being required to collect information that
far exceeds their legitimate purposes in order to assist governments and
companies to build profiles.
Potential infringements of financial privacy arise during the tracking of foreign
transactions, the development of payment systems that monitor and report on
cash transactions and the sharing of financial information with third parties.
Governments and other institutions seek access to financial information in order
to administer taxes, prevent and identify money laundering, develop credit
profiles and, increasingly, for intelligence purposes.
Privacy in Education:
Privacy in education refers to the broad area of ideologies, practices, and
legislation that involve the privacy rights of individuals in the education system.
Concepts that are commonly associated with privacy in education include the
expectation of privacy, the Family Educational Rights and Privacy Act
(FERPA), the Fourth Amendment, and the Health Insurance Portability and
Accountability Act of 1996 (HIPAA).
Most privacy in education concerns relate to the protection of student data (like
educational records and other personal information) and the privacy of medical
records.
Many scholars are engaging in an academic discussion that covers the scope of
students’ privacy rights, from student in KG and even higher education, and the
management of student data in an age of rapid access and dissemination of
information.
Cybercrime: Examples and Mini-Cases
Examples:
Official Website of Maharashtra Government Hacked
The official website of the Maharashtra government was allegedly hacked,
forcing the state Information Technology department to lodge a formal
complaint with the city police on Sep 18, 2007 (Tuesday). The website was
hacked for the second time in the past two weeks, the fourth since July. The
previous attack took place on September 5.
Joint Commissioner of Police (Crime) Rakesh Maria said that access to the
website, www.maharashtra.gov.in, had been blocked for a while. "It had some
Arabic content posted on it by the hacker. The IT department has lodged an FIR
with the police and we will try and trace the culprit," said Maria. It is suspected
that the same group of international hackers was behind all the four attacks.
The site was hacked into late on Sep 17, 2007 (Monday) night by a person or a
group calling itself "coolhacker" who had left an imprint of a hand on the
website. The state’s information and technology department came to know of
the hacking Tuesday morning and immediately blocked all access to the
website.
State officials maintained that no data had been lost and no serious damage had
been inflicted on the website, which is updated daily with information on
various government regulations and decisions, and supports links to all
government departments. The hacker could only manage to damage the
homepage. However, restoration work is in progress.
The state government website is hosted on a VSNL server. In the month of
August, 345 Indian websites ending with .in,. co.in and edu.in were defaced by
hackers. Nearly 2,700 Indian websites have been hacked in January 2007.
Indian Banks Lose Millions of Rupees
The number highlights the problem facing Indian banks already tacking the
issue of looming bad debt and willful defaulters. Banks themselves flagged the
cases of fraud and default.
A total of 222 bank frauds involving ₹27,000 crore, were reported by the
Central Bureau of Investigation in 2018-19 according to the annual report of the
Central Economic Intelligence Bureau (CEIB) – an intelligence wing and think-
tank of the finance ministry.
The number highlights the problem facing Indian banks already tacking the
issue of looming bad debt and willful defaulters. Banks themselves flagged the
cases of fraud and default.
“Agencies have asked to initiate prompt action to recover the money and
prosecute those responsible,” a senior finance ministry official said on condition
of anonymity.
On Tuesday (4 July 2019), the CBI carried out countrywide raids on 16
companies for bank fraud and defaults that cost the exchequer about ₹1139
crore. The agency registered as many as 17 separate cases. A Gujarat-based
Diamond trading company that owes a consortium bank about ₹7000 crore was
among companies whose premises were searched.
According to CEIB the top ten banks in terms of money lost to frauds and
default are: India’s largest state-owned lender State Bank of India (SBI), the
Punjab National Bank (PNB) which has been roiled by a high-profile fraud case
involving fugitive diamond merchant Nirav Modi; the Central Bank of India,
United Commercial Bank and, ICICI Bank, the country’s largest private lender.
CBI is investigating the last’s former CEO Chanda Kochhar for allegedly
sanctioning loans to the Videocon Group in return for which the latter invested
in a company promoted by her spouse.
In a separate 73-page report titled “Timely detection of bank frauds” submitted
to the government, CEIB listed 11 prime reasons for recurring banking frauds.
These included banks not monitoring SWIFT – a global network that gives
details of fund transfer among banks; lack of due-diligence by banks; and
failure of credit appraisal committees of banks.”
CEIB has suggested “systemic changes” to address the situation including a
dedicated online platform for borrowers, relating to invoices raised, revenue
realized, payments made and repayment of loans received so that the problem of
manipulation of receivables is addressed.
Chandrajit Banerjee, director general, Confederation of Indian Industry (CII),
said, “During the crisis of 2008-09 it was the real sector which was putting
pressure on the financial sector. In the last one year, we are seeing similar
transmission of risk from financial sector to real sector. It is time for all
regulators to ensure that no part of financial sector is allowed to slip.”
Parliament Attack
Bureau of Police Research and Development at Hyderabad had handled some of
the top cyber cases, including analyzing and retrieving information from the
laptop recovered from terrorist, who attacked Parliament. The laptop which was
seized from the two terrorists, who were gunned down when Parliament was
under siege on December 13 2001, was sent to Computer Forensics Division of
BPRD after computer experts at Delhi failed to trace much out of its contents.
The laptop contained several evidences that confirmed of the two terrorists’
motives, namely the sticker of the Ministry of Home that they had made on the
laptop and pasted on their ambassador car to gain entry into Parliament House
and the fake ID card that one of the two terrorists was carrying with a
Government of India emblem and seal.
The emblems (of the three lions) were carefully scanned and the seal was also
craftly made along with residential address of Jammu and Kashmir. But careful
detection proved that it was all forged and made on the laptop.
Pune City Police Burst Nigerian Racket
The Pune city police has arrested two Nigerian nationals on May 28, 2021 for
allegedly hacking ATM machines and withdrawing money.
The police identified the accused as David Charles Allies Ugochukwu Charles
Nwacghukwu (30) and Kehinde Sadiq Idris (29), both currently residing in
Undri and natives of Nigeria.
As per a press release issued by the Pune city police, an offence was lodged at
the Shivajinagar police station against two persons who were hacking ATM
machines at certain spots in the city.
It was learnt that the accused persons were connecting some external device to
the network cable of the ATM machine. Then, after the ATM machine was
hacked, they inserted an ATM card and gave input for withdrawing Rs 1,000.
But as per the input, instead of Rs 1,000, as many as 40 currency notes of Rs
500 denomination came out of the ATM machines. On knowing about this,
bank officials lodged a complaint with the Pune city police.
A cyber police station team led by senior police inspector D S Hake initiated
investigation into the case. Cops got clues from the videos captured by CCTV
cameras. During the probe, cops identified one of the accused, David, on May
25. His interrogation revealed the involvement of his aide Idris.
A court remanded the two accused to police custody till May 30 for further
investigation. “Both accused were found to be staying in Pune for the past few
months. They do not have proper visa documents and are suspected to be
overstaying in the city. Further investigation is on,” said inspector Hake.
During searches, police seized seven cell phones, three laptops, one modem and
two passports from David, while three cell phones and a laptop was recovered
from Idris. The police have also seized a two-wheeler from their possession.
E-Mail Spoofing Instances
15 CFOs in BKC get spoof emails for funds transfer:
TimesofIndia reported Bandra-Kurla Complex (BKC) cyber police are probing
at least 15 instances of email spoofing scam. In all cases, chief financial officers
(CFOs) of corporate houses have received fake emails ostensibly from their
company managing directors, demanding urgent wire funds transfer. Cyber cops
received the complaints over a span of three weeks from CFOs. Some of whom
also executed the transfer. Spammers used to make minor alterations in email
IDs. They managed to create lookalike IDs. A CFO of an MNC became the
latest victim of an email spoof when he transferred Rs 18.6 lakh from the
company’s account to three unidentified bank accounts. The CFO did not verify
the sender of the email who impersonated as the MD.
TOI again reported on June 30, 6 companies lost lakhs of rupees to hackers in
one week.
Flipkart CEO, Binny Bansal email account got spoofed:
EconomicTimes reported that Bansal’s email account was spoofed. Two emails
were sent in his name to Flipkart’s CFO Sanjay Baweja on March 1 at 11.33
AM directing him to transfer $80,000. Surprised by the nature of the emails and
their timing, Baweja cross-checked with Bansal, only to find out that they were
a fraud.
Producer Ronnie Screwvala’s NGO loses Rs. 34 lacs over spoof emails
Another incident reported by Indianexpress reported July 5, 2016 “Screwvala”
asked the employee to transfer funds to a bank account. The official obliged and
transferred Rs 20.20 lakh. The fraudsters sent more such emails later. After the
NGO had transferred over Rs 34 lakh, the junior employees asked Screwvala
about the e-mails and realized the fraud. A complaint was then lodged with the
Cyber police station.
Mini-Cases:
The Indian Case of Online Gambling
The Social Security Cell of Pune City Police has raided eight online gambling
dens being run under garb of lottery and video gaming centers in Bibwewadi
area. 30 July 2022’s raids also led to the arrest of 42 persons.
Multiple teams from the cell raided the dens and made seizures of over Rs 19
lakh that included cash, bikes and tools used for online gambling. Police have
booked 94 persons, including owners of these lottery and video game centers,
recordkeepers employed at the shops, and some people who had come to
gamble.
Sleuths from the Social Security Cell of the Crime Branch had received
information that eight shops in Bibwewadi, which were licensed for sale of state
authorized lottery tickets and also as video gaming centers, were running online
gambling rackets. While simultaneous raids were conducted on these shops,
three similar shops were raided in the Kondhwa area on July 23, 2022.
Police probe suggests that the racketeers used various online gambling
applications including that of Matka gambling. Those who came for placing
bets on specific numbers wrote their number bets on a plastic sheet and then
took a photo of it before erasing the number. The results were then taken out
using a computer- or phone-based gambling application. Thus, there was hardly
any evidence or paper trail.
An Indian Case of Intellectual Property Crime
In its continuous fight against digital piracy and infringing usage of content,
Viacom18 Media is working closely with the Maharashtra Cyber Crime Cell,
Mumbai. The Cyber Crime Cell has arrested Subhanjan Kayet for his
involvement in the pirated websites/platform named Thop TV.
Kayet was accused for the development of software, technical manipulation,
illegal streaming and telecasting the contents from Viacom18’s channels and its
OTT platform – Voot.
He was produced before Esplanade Court on May 23, 2022, wherein the Court
has sent him to five days police custody considering the severity of the offence
and upon request of the counsel appearing for the state.
The Maharashtra Cyber Crime Cell has also frozen his bank account in which
he has purportedly received the illegal proceeds of unlawful activities. He was
apprehending his arrest for the last few months after his bail applications were
rejected by the courts in Kolkata and Mumbai.
Superintendent of Police, Maharashtra Cyber, Mumbai, Sanjay Shintre, said,
“Special anti-piracy unit MIPCU (Maharashtra Intellectual property Crime
Unit) arrested accused Subhanjan Samiran Kayet from Gobardanaga Harbra, 24
Paragana, West Bengal on May 23, as he appears to be the lead developer of the
THOP TV app. We have sufficient evidence regarding this.”
A Viacom18 spokesperson said, “We are thankful to the Maharashtra Cyber for
continuing this action against piracy. It is important to make the message clear
that operating or abetting a business of infringement is a serious offence which
affects the creative community at large. The perpetrators will be found and
brought before law.”
Viacom18 also said that it will continue to fight market threats associated with
piracy and will protect their channel’s content using all legal methods available.
Financial Frauds in Cyber Domain in India
Today, India ranks second only to China, with more than 690 million active
internet users which constitute almost 41% of our country’s total population. On
the back of this massive digital penetration, many services have flourished in
both rural and urban India, particularly online banking.
Digital payments and online banking are sectors that have witnessed a
tremendous boost with consumers preferring to transact online given the ease
that it offers. But as they say, if there is a safe, there will always be safe
crackers. We have witnessed a massive surge in banking and cyber frauds
where both consumers and banks have been affected. Hence, it is important to
create awareness about fraudsters and continue to take steps to curb their
actions.
Central Banks across the world have reported that these frauds have become
more sophisticated and have been increasing in numbers. The amount of money
involved in these frauds has also increased. Indian banks are continuously and
effectively taking measures to raise awareness among consumers and have
updated their technology to thwart cyber-attacks.
As cybercrime continues to increase, banks and financial institutions have
adopted a proactive approach to cybersecurity. If we were to learn anything
from the current financial cybercrime landscape, financial fraud and identity
theft can be effectively beaten given that banks are already investing heavily in
a robust security infrastructure along with educating their customers. The
Reserve Bank of India is very proactive in conducting drives around financial
awareness and its efforts have no doubt paid off.
Cybercriminals working as a syndicate or on their own are continuously
changing their strategies and devising new ways to strike. Some of the common
strategies they employ are as below.
Reverse Engineering of Mobile Apps: A scammer may reverse engineer an
app as the first step in a number of ways they choose to strike. Consider it
reconnaissance before the targeted strike. Adversaries may reverse engineer an
app to analyze its source code and component parts to gather information that
can be used to develop malware that exploits the app’s operation, or to tamper
with the app. For example, attackers might deploy their own malicious app
designed to exploit vulnerabilities discovered by reverse engineering the
banking app. If a user has both applications on their device, the malicious app
can redirect banking deposits to the account without the user realizing there was
ever a breach.
Screen Overlay attack: These consist of an attacker-generated screen opening
on top of the legitimate application UI. To the user, it will appear as a normal
experience within the app, but in reality, they will be entering sensitive
information, such as usernames, passwords, credit card numbers, or other
personally identifiable information, into a form controlled by the attacker. This
overlay window is then instructed to deliver whatever information is entered
into it directly to the attacker. Unbeknownst to the user, they have just handed
over their information. In addition to hijacking data entry, overlay strikes are
used to trick (or socially engineer) users into installing other malware or
performing insecure tasks on their mobile devices, like granting a malware app
full control of the user’s phone
Screen Sharing/ Remote Access Fraud: Another recent fraud that we have
witnessed is screen sharing fraud. In this, the fraudster will call you representing
an online gaming company or a bank employee and as you for remote access to
your phone on some pretext. It could either be a lucrative offer wherein you are
being offered money or to install a banking app for safety. The moment you
install the app, you will be asked to share the code for the screen-sharing app
and conduct a transaction for a very nominal amount. The catch here is that
once you provide the scammer with the code, they can see exactly what you are
typing on your screen, your bank account number and all the information that
you are seeing in real-time. To prevent this, always verify the authenticity of the
caller on the official website on behalf of which they are calling from.
Also, be mindful of installing antivirus and spam-blocking software on your
device. Screen sharing means trusting the other person completely, and if you
do not know the person on the other line, never install these software and share
screen-sharing codes.
Keylogging/Screen Reading: The app marketplace is full of alternative
keyboard applications to replace the native keyboards installed on mobile
devices. Typically, users download these applications in an innocent attempt to
personalize their devices. They may like the color of the new keyboard. They
may prefer its functionality. In any case, many of these keyboard apps are
completely benign, but some are known as rogue keyboards. These apps have
code operating in the background to steal personal information or carry out
other malicious activity.
Message App Banking Fraud: With this type of fraud, bank customers are
contacted by swindlers on behalf of a bank that the person has an account in.
Scammers usually get this information by phishing or several other methods.
They then ask the customer to install an app under the pretext of increased
security or rewards. Once installed, the customer will be asked to enter sensitive
information in the app, which in turn will be relayed back to the fraudster on the
other line resulting in them being able to gain control of the bank account. To
prevent this, be very cautious inn responding to calls from unknown numbers.
Contact your branch in case you have installed such an app and immediately
block your account.
Malicious Applications Fraud: If you ever get a call offering you a freelance/
WFH job provided you install an app suggested by them, don’t fall for it. This is
a scam wherein the fraudster will get all the details on your device through the
malicious app you installed and can easily access your bank accounts and
transfer money. They can get the OTP sent by your bank on your phone and
your email ids which makes you an easy target for fraud. To avoid being a
victim of this scheme, always contact the company directly on behalf of which
you were offered the job.
Sim Swap Fraud: While the concept of sim swap may sound simple, which
means changing your faulty SIM for a new one. However, the ramifications of
this kind of fraud can be financially very harmful. When the fraudster swaps
your SIM by obtaining a new card from the mobile service provider, they can
do multiple money transfers from your account without you getting to know
about it. The phone is immediately disconnected in a SIM swap and within a
very short period, funds can be transferred to several accounts by the fraudsters.
To prevent it from happening, one should keep a two-step verification process
along with putting a ceiling on the withdrawal amount. If suddenly your SIM
stops working, contact your bank and block all transactions along with
temporarily blocking your account. As an extra precautionary measure, always
keep a PIN while installing your SIM.
QR Code Scams: This scam mostly affects those people who are trying to sell
their goods, usually expensive ones like vehicles or mobile phones, on online
marketplaces.
With this, the scammer contacts the buyer with an immediate offer to purchase
the item on sale. Once the seller agrees, the fraudster who is posing as the buyer
will ask for the account details where the payment can be made. On some
pretext, the defrauding buyer will say that they cannot send the payment and
request the seller to scan a QR code and enter their UPI PIN. The unaware seller
then proceeds to scan the code and enter the pin. Once this is done, the scammer
can remove any amount of money from the seller, and there is very little chance
of tracing them. Fraudsters usually pose as professionals in a trustworthy
occupation to obtain the trust of the seller. To avoid this, only scan QR codes
from sources you absolutely trust. Also, the UPI PIN is never used for receiving
money. It’s only used for payments and it’s important to keep this very basic
rule in mind before selling goods on online marketplaces.

Prepared by:
Amma Madhu
Assistant Professor, MREC(A).

*-- THE END --*