0% found this document useful (0 votes)
58 views117 pages

Cyber Security

Cybersecurity involves protecting computers, networks, programs, and data from unauthorized access and cyber attacks. As digital technologies have become more integral to our lives, cybersecurity is increasingly important to safeguard sensitive information and maintain functionality. There are several types of cybersecurity including network security, application security, information security, cloud security, mobile security, endpoint security, critical infrastructure security, and Internet of Things (IoT) security. Cybersecurity is crucial to protect sensitive data, prevent cyber attacks, safeguard critical infrastructure, maintain business continuity, comply with regulations, and protect national security as digital dependence grows.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
58 views117 pages

Cyber Security

Cybersecurity involves protecting computers, networks, programs, and data from unauthorized access and cyber attacks. As digital technologies have become more integral to our lives, cybersecurity is increasingly important to safeguard sensitive information and maintain functionality. There are several types of cybersecurity including network security, application security, information security, cloud security, mobile security, endpoint security, critical infrastructure security, and Internet of Things (IoT) security. Cybersecurity is crucial to protect sensitive data, prevent cyber attacks, safeguard critical infrastructure, maintain business continuity, comply with regulations, and protect national security as digital dependence grows.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 117

UNIT 1

Cybersecurity:
Cybersecurity, or information security, is a broad field that encompasses practices, technologies, and
processes designed to protect computers, networks, programs, and data from unauthorized access,
attacks, damage, or theft. As our dependence on digital technologies continues to grow, so does the
importance of cybersecurity in safeguarding sensitive information and maintaining the functionality of
systems.

Cyber Security proper began in 1972 with a research project on ARPANET (The Advanced Research
Projects Agency Network), a precursor to the internet. ARPANET developed protocols for remote
computer networking.

Types of Cybersecurity:

1. Network Security – Focuses on securing computer networks from unauthorized access, data breaches,
and other network-based threats. It involves technologies such as Firewalls, Intrusion detection
systems (IDS), Virtual private networks (VPNs), and Network segmentation.

• Guard your internal network against outside threats with increased network security.

• Sometimes we used to utilize free Wi-Fi in public areas such as cafes, Malls, etc. With this
activity, 3rd Party starts tracking your Phone over the internet. If you are using any payment
gateway, then your bank account can be Empty.

• So, avoid using Free Network because free network Doesn’t support Securities.

2. Application Security –Concerned with securing software applications and preventing vulnerabilities
that could be exploited by attackers. It involves secure coding practices, regular software updates and
patches, and application-level firewalls.

• Most of the Apps that we use on our Cell-phone are Secured and work under the rules and
regulations of the Google Play Store.

• There are 3.553 million applications in Google Play, Apple App Store has 1.642 million, while
Amazon App Store has 483 million available for users to download. When we have other choices,
this does not mean that all apps are safe.

• Many of the apps pretend to be safe, but after taking all information from us, the app share the
user information with the 3rd-party.

• The app must be installed from a trust-worthy platform, not from some 3rd party website in the
form of APK (Android Application Package).

3. Information or Data Security: Focuses on protecting sensitive information from unauthorized access,
disclosure, alteration, or destruction. It includes Encryption, Access controls, Data classification,
and Data loss prevention (DLP) measures.
• Incident response refers to the process of detecting, analyzing, and responding to security
incidents promptly.

• Promoting security awareness among users is essential for maintaining information security. It
involves educating individuals about common security risks, best practices for handling sensitive
information, and how to identify and respond to potential threats like phishing attacks or social
engineering attempts.

• Encryption is the process of converting information into an unreadable format (ciphertext) to


protect it from unauthorized access.

4. Cloud Security –It involves securing data, applications, and infrastructure hosted on cloud platforms,
and ensuring appropriate access controls, data protection, and compliance. It uses various cloud service
providers such as AWS, Azure, Google Cloud, etc., to ensure security against multiple threats.

• Cloud base data storage has become a popular option over the last decade. It enhances privacy
and saves data on the cloud, making it accessible from any device with proper authentication.

• These platforms are free to some extent if we want to save more data than we have to pay.

• AWS is also a new Technique that helps to run your business over the internet and provides
security to your data

5. Mobile Security –It involves securing the organizational and personal data stored on mobile devices
such as cell phones, tablets, and other similar devices against various malicious threats. These threats
are Unauthorized access, Device loss or Theft, Malware, etc.

• Mobile is the very common device for day-to-day work. Everything we access and do are from
mobile phone. Ex- Online class, Personal Calls, Online Banking, UPI Payments, etc.

• Regularly backing up mobile device data is important to prevent data loss in case of theft,
damage, or device failure.

• Mobile devices often connect to various networks, including public Wi-Fi, which can pose
security risks. It is important to use secure networks whenever possible, such as encrypted Wi-Fi
networks or cellular data connections.

6. Endpoint Security: Refers to securing individual devices such as computers, laptops, smartphones, and
IoT devices. It includes antivirus software, intrusion prevention systems (IPS), device encryption, and
regular software updates.

• Antivirus and Anti-malware software that scans and detects malicious software, such
as Viruses, Worms, Trojans, and Ransomware. These tools identify and eliminate or quarantine
malicious files, protecting the endpoint and the network from potential harm.

• Firewalls are essential components of endpoint security. They monitor and control incoming and
outgoing network traffic, filtering out potentially malicious data packets.

• Keeping software and operating systems up to date with the latest security patches and updates
is crucial for endpoint security.
5. Critical Infrastructure Security-

1. All of the physical and virtual resources, systems, and networks that are necessary for a society’s
economics, security, or any combination of the above to run smoothly are referred to as critical
infrastructure. Food and agricultural industries, as well as transportation systems, comprise
critical infrastructure.

2. The infrastructure that is considered important might vary depending on a country’s particular
demands, resources, and level of development, even though crucial infrastructure is comparable
across all nations due to basic living requirements.

3. Industrial control systems (ICS), such as supervisory control and data acquisition (SCADA)
systems, which are used to automate industrial operations in critical infrastructure industries,
are frequently included in critical infrastructure. SCADA and other industrial control system
attacks are very concerning. They have the capacity to seriously undermine critical
infrastructure, including transportation, the supply of oil and gas, electrical grids, water
distribution, and wastewater collection.

4. Due to the links and interdependence between infrastructure systems and sectors, the failure or
blackout of one or more functions could have an immediate, detrimental effect on a number of
sectors.

6. Internet of Things (IoT) Security-

1. Devices frequently run on old software, leaving them vulnerable to recently identified security
vulnerabilities. This is generally the result of connectivity problems or the requirement for end
users to manually download updates from a C&C center.

2. Manufacturers frequently ship Internet of Things (IoT) devices (such as home routers) with easily
breakable passwords, which may have been left in place by suppliers and end users. These
devices are easy targets for attackers using automated scripts for mass exploitation when they
are left exposed to remote access.

3. APIs are frequently the subject of threats such as Man in the Middle (MITM), code injections
(such as SQLI), and distributed denial of service (DDoS) attacks since they serve as a gateway to a
C&C center. You can read more about the effects of attacks that target APIs here.

Importance of Cybersecurity:

1. Protecting Sensitive Data: With the increase in digitalization, data is becoming more and more
valuable. Cybersecurity helps protect sensitive data such as personal information, financial
data, and intellectual property from unauthorized access and theft.
2. Prevention of Cyber Attacks: Cyber-attacks, such as Malware infections, Ransomware, Phishing,
and Distributed Denial of Service (DDoS) attacks, can cause significant disruptions to businesses
and individuals. Effective cybersecurity measures help prevent these attacks, reducing the risk of
data breaches, financial losses, and operational disruptions.
3. Safeguarding Critical Infrastructure: Critical infrastructure, including power grids, transportation
systems, healthcare systems, and communication networks, heavily relies on interconnected
computer systems. Protecting these systems from cyber threats is crucial to ensure the smooth
functioning of essential services and prevent potential disruptions that could impact public
safety and national security.
4. Maintaining Business Continuity: Cyber-attacks can cause significant disruption to businesses,
resulting in lost revenue, damage to reputation, and in some cases, even shutting down the
business. Cybersecurity helps ensure business continuity by preventing or minimizing the impact
of cyber-attacks.
5. Compliance with Regulations: Many industries are subject to strict regulations that require
organizations to protect sensitive data. Failure to comply with these regulations can result in
significant fines and legal action. Cybersecurity helps ensure compliance with regulations such as
HIPAA, GDPR, and PCI DSS.
6. Protecting National Security: Cyber-attacks can be used to compromise national security by
targeting critical infrastructure, government systems, and military installations. Cybersecurity is
critical for protecting national security and preventing cyber warfare.
7. Preserving Privacy: In an era where personal information is increasingly collected, stored, and
shared digitally, cybersecurity is crucial for preserving privacy. Protecting personal data from
unauthorized access, surveillance, and misuse helps maintain individuals’ privacy rights and
fosters trust in digital services.

Challenges of Cybersecurity:

1. Constantly Evolving Threat Landscape: Cyber threats are constantly evolving, and attackers are
becoming increasingly sophisticated. This makes it challenging for cybersecurity professionals to
keep up with the latest threats and implement effective measures to protect against them.
2. Lack of Skilled Professionals: There is a shortage of skilled cybersecurity professionals, which
makes it difficult for organizations to find and hire qualified staff to manage their cybersecurity
programs.
3. Limited Budgets: Cybersecurity can be expensive, and many organizations have limited budgets
to allocate towards cybersecurity initiatives. This can result in a lack of resources and
infrastructure to effectively protect against cyber threats.
4. Insider Threats: Insider threats can be just as damaging as external threats. Employees or
contractors who have access to sensitive information can intentionally or unintentionally
compromise data security.
5. Complexity of Technology: With the rise of cloud computing, IoT, and other technologies, the
complexity of IT infrastructure has increased significantly. This complexity makes it challenging to
identify and address vulnerabilities and implement effective cybersecurity measures.

Strategies for Addressing Cybersecurity Challenges:

• Comprehensive Risk Assessment: A comprehensive risk assessment can help organizations


identify potential vulnerabilities and prioritize cybersecurity initiatives based on their impact and
likelihood.
• Cybersecurity Training and Awareness: Cybersecurity training and awareness programs can help
employees understand the risks and best practices for protecting against cyber threats.
• Collaboration and Information Sharing: Collaboration and information sharing between
organizations, industries, and government agencies can help improve cybersecurity strategies
and response to cyber threats.
• Cybersecurity Automation: Cybersecurity automation can help organizations identify and
respond to threats in real-time, reducing the risk of data breaches and other cyber-attacks.
• Continuous Monitoring: Continuous monitoring of IT infrastructure and data can help identify
potential threats and vulnerabilities, allowing for proactive measures to be taken to prevent
attacks.

How to Protect Yourself from Cyber Threats:

There are several steps you can take to protect yourself from cyber threats, including:

• Use strong passwords: Use unique and complex passwords for all of your accounts, and consider
using a password manager to store and manage your passwords.

• Keep your software up to date: Keep your operating system, software applications, and security
software up to date with the latest security patches and updates.

• Enable two-factor authentication: Enable two-factor authentication on all of your accounts to


add an extra layer of security.

• Be wary of suspicious emails: Be cautious of unsolicited emails, particularly those that ask for
personal or financial information or contain suspicious links or attachments.

• Educate yourself: Stay informed about the latest cybersecurity threats and best practices by
reading cybersecurity blogs and attending cybersecurity training programs.

Types of Cyber Criminals:

1. Hackers: The term hacker may refer to anyone with technical skills, however, it typically refers to an
individual who uses his or her skills to achieve unauthorized access to systems or networks so as to
commit crimes. The intent of the burglary determines the classification of those attackers as white, grey,
or black hats. White hat attackers burgled networks or PC systems to get weaknesses so as to boost the
protection of those systems. The owners of the system offer permission to perform the burglary, and
they receive the results of the take a look at. On the opposite hand, black hat attackers make the most of
any vulnerability for embezzled personal, monetary or political gain. Grey hat attackers are somewhere
between white and black hat attackers. Grey hat attackers could notice a vulnerability and report it to
the owners of the system if that action coincides with their agenda.

(a). White Hat Hackers – These hackers utilize their programming aptitudes for a good and lawful reason.
These hackers may perform network penetration tests in an attempt to compromise networks to
discover network vulnerabilities. Security vulnerabilities are then reported to developers to fix them and
these hackers can also work together as a blue team. They always use the limited number of resources
which are ethical and provided by the company, they basically perform pentesting only to check the
security of the company from external sources.

(b). Gray Hat Hackers – These hackers carry out violations and do seemingly deceptive things however
not for individual addition or to cause harm. These hackers may disclose a vulnerability to the affected
organization after having compromised their network and they may exploit it.
(c). Black Hat Hackers – These hackers are unethical criminals who violate network security for personal
gain. They misuse vulnerabilities to bargain PC frameworks. theses hackers always exploit the
information or any data they got from the unethical pentesting of the network.

2. Organized Hackers: These criminals embody organizations of cyber criminals, hacktivists, terrorists,
and state-sponsored hackers. Cyber criminals are typically teams of skilled criminals targeted on control,
power, and wealth. These criminals are extremely subtle and organized, and should even give crime as a
service. These attackers are usually profoundly prepared and well-funded.

3. Internet stalkers: Internet stalkers are people who maliciously monitor the web activity of their
victims to acquire personal data. This type of cyber-crime is conducted through the use of social
networking platforms and malware, that are able to track an individual’s PC activity with little or no
detection.

4. Disgruntled Employees: Disgruntled employees become hackers with a particular motive and also
commit cyber-crimes. It is hard to believe that dissatisfied employees can become such malicious
hackers. In the previous time, they had the only option of going on strike against employers. But with the
advancement of technology there is increased in work on computers and the automation of processes, it
is simple for disgruntled employees to do more damage to their employers and organization by
committing cyber-crimes. The attacks by such employees brings the entire system down. Please refer for:
Cyber Law (IT Law) in India

Global perspective of Cyber crime


A global perspective on cybercrime reveals a complex and rapidly evolving landscape with significant
implications for individuals, businesses, governments, and international relations. Here are key aspects
of the global perspective on cybercrime:

• Cross-Border Nature: Cybercrime knows no geographical boundaries. Criminals can operate


from anywhere in the world, targeting victims in different countries. This makes it challenging for
law enforcement to track and apprehend cybercriminals, as jurisdictional issues and legal
complexities arise.
• Diverse Threat Landscape: Cybercrime encompasses a wide range of activities, including
hacking, identity theft, financial fraud, ransomware attacks, and more. The methods used by
cybercriminals are continually evolving, requiring ongoing efforts to detect and mitigate new
threats.
• State-Sponsored Cyber Activities: Some countries engage in state-sponsored cyber activities,
including cyber espionage, cyber warfare, and interference in the internal affairs of other
nations. These actions can have serious geopolitical consequences and strain international
relations.
• Economic Impact: Cybercrime has substantial economic consequences, with costs running into
trillions of dollars globally. Businesses face financial losses, and the costs associated with
cybersecurity measures continue to rise. Small and medium-sized enterprises (SMEs) are often
disproportionately affected.
• Critical Infrastructure Vulnerabilities: Cyber threats to critical infrastructure, such as energy,
transportation, and healthcare systems, pose significant risks to national security. Attacks on
these systems can have far-reaching and potentially catastrophic consequences.
• Ransomware Proliferation: Ransomware attacks have become a pervasive and lucrative form of
cybercrime. Criminals use ransomware to encrypt data and demand payment for its release,
affecting businesses, government agencies, and individuals worldwide.
• Global Collaboration and Regulations: Addressing cybercrime requires international
cooperation. Many countries are working together to establish norms and regulations governing
behavior in cyberspace. However, achieving consensus on these issues can be challenging due to
differing national interests.
• Cybersecurity Capacity Disparities: There are significant disparities in cybersecurity capabilities
among nations. Some countries, particularly developed ones, may have robust cybersecurity
infrastructure and expertise, while others, especially in the developing world, may struggle to
address cyber threats effectively.
• Human Factor: The human factor remains a significant vulnerability in cybersecurity. Social
engineering, phishing attacks, and other tactics that exploit human behavior continue to be
successful, highlighting the importance of cybersecurity awareness and education.
• Emerging Technologies and Threats: The adoption of emerging technologies, such as artificial
intelligence, the Internet of Things (IoT), and 5G, introduces new attack vectors and challenges.
Securing these technologies is crucial to preventing novel forms of cybercrime.

A comprehensive global response to cybercrime involves cooperation among governments, industry


stakeholders, and international organizations. Strengthening cybersecurity capabilities, promoting
information sharing, and developing and enforcing international norms are essential components of a
holistic approach to address the challenges posed by cybercrime on a global scale.

How Criminal Plan the attacks:


Criminals plan cyber-attacks through a combination of strategic thinking, technical expertise, and often a
deep understanding of human behavior. The planning process involves several key steps:

1. Reconnaissance:

• Target Identification: Cybercriminals choose specific targets based on their objectives,


whether it's financial gain, stealing sensitive information, or causing disruption.

• Gathering Information: Criminals collect information about the target, such as network
architecture, employee roles, and security measures in place. This may involve exploiting
publicly available data, social engineering, or other reconnaissance techniques.

2. Vulnerability Analysis:

• Identifying Weaknesses: Criminals assess the target's systems and networks to identify
vulnerabilities that can be exploited. This includes weaknesses in software, unpatched
systems, or gaps in security protocols.

• Exploit Research: Cybercriminals may search for or develop tools that exploit specific
vulnerabilities. They might also purchase exploit kits on the dark web.
3. Planning the Attack:

• Choosing Attack Vector: Cybercriminals decide on the type of attack they will launch,
such as malware infections, phishing campaigns, or denial-of-service attacks.

• Timing: Attackers may plan the timing of the attack to maximize the chances of success,
taking advantage of events or vulnerabilities that increase the likelihood of success.

4. Phishing and Social Engineering:

• Crafting Deceptive Messages: If the attack involves phishing, criminals create convincing
emails, messages, or websites to trick individuals into revealing sensitive information or
downloading malicious content.

• Building Trust: Social engineering techniques are used to build trust with potential
victims, making them more likely to fall for the deception.

5. Malware Development:

• Creating or Acquiring Malware: Some cyber-attacks involve the development or


acquisition of malicious software tailored to the specific target. This could include
ransomware, spyware, or other types of malwares.

6. Execution:

• Launching the Attack: Cybercriminals initiate the attack, deploying malware, sending
phishing emails, or exploiting vulnerabilities to gain unauthorized access.

• Maintaining Access: In some cases, criminals aim to maintain persistent access to the
target's systems for ongoing exploitation.

7. Covering Tracks:

• Erasing Evidence: To avoid detection, cybercriminals may attempt to erase or obfuscate


evidence of their activities, making it more challenging for investigators to trace the
attack back to its source.

8. Escape and Monetization:

• Withdrawal: Once the objectives are met or if detection becomes imminent,


cybercriminals may withdraw from the compromised systems.

• Monetization: If the goal is financial gain, criminals may proceed to monetize the stolen
data, demand a ransom, or engage in other activities to convert their success into
tangible gains.

The evolving nature of cybersecurity and the constant development of new attack techniques mean that
criminals continually adapt their strategies. Organizations and individuals must stay vigilant, employ
robust cybersecurity measures, and stay informed about emerging threats to mitigate the risk of falling
victim to cyber-attacks.
Social engineering
Social engineering uses human weakness or psychology to gain access to the system, data, personal
information, etc. It is the art of manipulating people. It doesn’t involve the use of technical hacking
techniques. Attackers use new social engineering practices because it is usually easier to exploit the
victim’s natural inclination to trust. For example, it is much easier to fool someone to give their password
instead of hacking their password. Sharing too much information on social media can enable attackers to
get a password or extracts a company’s confidential information using the posts by the employees. This
confidential information helped attackers to get the password of victim accounts.

How do Social Engineering Attacks Take Place?

Phishing scams are the most common type of Social Engineering attacks these days. Tools such as SET
(Social Engineering Toolkit) also make it easier to create a phishing page but luckily many companies are
now able to detect phishing such as Facebook. But it does not mean that you cannot become a victim of
phishing because nowadays attackers are using iframe to manipulate detection techniques. An example
of such hidden codes in phishing pages is cross-site-request-forgery “CSRF” which is an attack that forces
an end user to execute unwanted actions on a web application. Here are a few examples of social
engineering attacks that are used to be executed via phishing:

• Banking Links Scams

• Social Media Link Scams

• Lottery Mail Scams

• Job Scams

Purpose

The purpose of social engineering attacks is typically to steal sensitive information, such as login
credentials, credit card numbers, or personal information. Attackers can use this information for identity
theft, financial fraud, or other malicious purposes. Another purpose of social engineering attacks is to
gain unauthorized access to secure areas or systems. For example, an attacker might use tailgating to
follow an authorized individual into a secure area or use pretexting to convince an individual to give
them access to a restricted system.

Types of Social Engineering

There are many different types of social engineering attacks, each of which uses a unique approach to
exploit human weaknesses and gain access to sensitive information. Here are some of the types of
attacks, include:

• Phishing: Phishing is a type of social engineering attack that involves sending an email or
message that appears to be from a legitimate source, such as a bank, in an attempt to trick the
recipient into revealing their login credentials or other sensitive information.

• Baiting: Baiting is a type of social engineering attack that involves leaving a tempting item, such
as a USB drive, in a public place in the hope that someone will pick it up and plug it into their
computer. The USB drive is then used to infect the computer with malware.
• Tailgating: Tailgating is a type of social engineering attack that involves following an authorized
individual into a secure area, such as a building or data center, without proper authorization.

• Pretexting: Pretexting is a type of social engineering attack that involves creating a false identity
or situation in order to trick an individual into revealing sensitive information. For example, an
attacker might pretend to be a customer service representative in order to trick an individual
into giving them their login credentials.

• Vishing: Vishing is a type of social engineering attack that involves using voice phishing, or
“vishing,” to trick individuals into revealing sensitive information over the phone.

• Smishing: Smishing is a type of social engineering attack that involves using SMS messages to
trick individuals into revealing sensitive information or downloading malware.

Prevention

• Timely monitor online accounts whether they are social media accounts or bank accounts, to
ensure that no unauthorized transactions have been made.

• Check for Email headers in case of any suspecting mail to check its legitimate source.

• Avoid clicking on links, unknown files, or opening email attachments from unknown senders.

• Beware of links to online forms that require personal information, even if the email appears to
come from a source. Phishing websites are the same as legitimate websites in looks.

• Adopt proper security mechanisms such as spam filters, anti-virus software, and a firewall, and
keep all systems updated, with anti-keyloggers.

Cyberstalking:
Cyberstalking refers to the use of electronic communications or online platforms to repeatedly harass,
intimidate, or threaten an individual. It involves the persistent and unwanted intrusion into a person's
life through digital means. Cyberstalking can take various forms, and the motives behind it may include
revenge, obsession, control, or harassment. Here are some key aspects of cyberstalking:

• Online Harassment: Cyberstalkers use the internet, social media, email, messaging apps, and
other digital platforms to harass their victims. This can include sending threatening messages,
spreading false information, or engaging in other forms of online abuse.
• Monitoring and Surveillance: Cyberstalkers may engage in monitoring the online activities of
their victims. This can involve tracking their social media posts, gathering personal information,
or using technology to spy on their online and offline behaviors.
• Impersonation: Some cyberstalkers go to the extent of creating fake profiles or impersonating
their victims online. This can lead to the spread of false information, damage to the victim's
reputation, or the solicitation of unwanted attention.
• Doxxing: Cyberstalkers may engage in doxxing, which involves publicly revealing and
disseminating private or personal information about the victim, such as home address, phone
number, or workplace details.
• Online Threats: Cyberstalkers may use the internet to issue threats, whether explicit or implicit,
causing the victim to fear for their safety or well-being.
• Non-consensual Distribution of Intimate Content (Revenge Porn): In some cases, cyberstalkers
may engage in the non-consensual distribution of intimate or explicit content, often as a form of
revenge or to humiliate the victim.
• Cyberbullying: Cyberstalking can overlap with cyberbullying, especially when the harassment is
repetitive and intended to harm the victim emotionally or psychologically.
• Impact on Victims: The consequences of cyberstalking can be severe, leading to emotional
distress, anxiety, depression, and even physical harm in extreme cases. Victims may also face
challenges in maintaining online and offline security.

Legal authorities in many jurisdictions recognize cyberstalking as a criminal offense, and laws have been
enacted to address such behavior. Victims are encouraged to report incidents of cyberstalking to law
enforcement agencies and, if necessary, seek legal protection through restraining orders or other legal
measures.

Preventing cyberstalking involves practicing good online security habits, such as using strong and unique
passwords, being cautious about sharing personal information online, and adjusting privacy settings on
social media platforms. Additionally, individuals should report any incidents of cyberstalking promptly
and seek support from law enforcement and relevant support organizations.

Cybercafe and Cybercrimes:


Cybercafés, also known as internet cafés, are public places where individuals can access the internet and
use computer terminals for various purposes. While these establishments provide convenient internet
access to people who may not have personal computers or internet connections, they also pose certain
risks related to cybercrime. Here's a look at the connection between cybercafés and cybercrimes:

• Anonymity and Untraceability: Cybercafés offer a level of anonymity to users since they don't
necessarily require personal identification to access the services. This anonymity can be
exploited by individuals engaging in cybercrimes, making it difficult for law enforcement to trace
the origin of malicious activities.
• Use for Cybercrime: Cybercafés can be used as locations to launch various cybercrimes, such as
hacking, identity theft, online fraud, and spreading malware. Criminals may use the anonymity
provided by cybercafés to avoid detection.
• Unsecured Computers: In some cases, cybercafés may not implement stringent security
measures on their computer systems. This lack of security can make the computers more
vulnerable to malware infections, keyloggers, and other forms of cyber-attacks.
• Phishing and Scams: Cybercriminals may use cybercafés to engage in phishing attacks and online
scams. They might create fake websites, send phishing emails, or conduct fraudulent activities,
taking advantage of the public nature of these establishments.
• Digital Forensics Challenges: Investigating cybercrimes originating from cybercafés can be
challenging for law enforcement due to the shared and public nature of the computer systems. It
may be difficult to attribute specific actions to individual users without proper logging and
monitoring mechanisms.
• Educational Opportunities: Cybercafés can also serve as educational hubs, providing
opportunities for individuals to learn about digital literacy and responsible internet use. Proper
education and awareness programs can help users understand the potential risks and
consequences of engaging in cybercrimes.

To mitigate the risks associated with cybercafés and prevent their misuse for cybercrimes, several
measures can be implemented:

• User Registration: Cybercafés can implement user registration processes that require individuals
to provide some form of identification before accessing the internet.

• Monitoring and Logging: Implementing monitoring tools and logging mechanisms can help track
the activities of users, making it easier to identify and trace any malicious behavior.

• Security Software: Installing and regularly updating security software on the computer systems
within cybercafés can help protect against malware and other cyber threats.

• User Education: Cybercafés can play a role in educating users about safe internet practices,
including the importance of using strong passwords, avoiding suspicious websites, and being
cautious about online activities.

• Collaboration with Law Enforcement: Establishing partnerships with law enforcement agencies
can facilitate the reporting and investigation of cybercrimes originating from cybercafés.

By implementing these measures, cybercafés can provide a safer online environment for users while
contributing to efforts to combat cybercrimes.

Botnets: Fuel for Cybercrime


A botnet is a network of compromised computers, often referred to as "bots" or "zombies," that are
under the control of a single entity, the "botmaster" or "command and control server." Botnets are a
significant threat in the realm of cybercrime and provide a powerful tool for malicious activities. Here's
how botnets serve as fuel for various types of cybercrimes:

• Distributed Denial of Service (DDoS) Attacks: Botnets are commonly used to carry out DDoS
attacks, where a large number of compromised computers are coordinated to flood a target's
servers or network with traffic, rendering them inaccessible. This can disrupt online services,
websites, or even entire networks.
• Spam and Phishing Campaigns: Botnets can be employed to send massive volumes of spam
emails or phishing messages. The sheer number of compromised computers allows
cybercriminals to distribute malicious links, malware, or phishing attempts widely, increasing the
chances of success in compromising more systems or stealing sensitive information.
• Credential Stuffing Attacks: In credential stuffing attacks, botnets are used to automate the
process of trying large numbers of username and password combinations to gain unauthorized
access to online accounts. This is possible because many individuals reuse passwords across
multiple platforms.
• Cryptocurrency Mining: Botnets can be used to mine cryptocurrencies by leveraging the
combined processing power of the compromised computers. This allows cybercriminals to
generate cryptocurrency without the knowledge or consent of the computer owners.
• Information Theft and Data Breaches: Botnets may be used to exfiltrate sensitive information
from compromised systems. This could include personal data, financial information, login
credentials, or intellectual property. The stolen data can be used for various malicious purposes,
including identity theft or selling on the dark web.
• Keylogging and Spyware: Botnets may deploy keyloggers and spyware on compromised
computers to monitor and record user activities. This can result in the theft of sensitive
information, such as login credentials, credit card numbers, or personal communications.
• Remote Control and Surveillance: Cybercriminals can use botnets to remotely control
compromised computers. This control can be exploited for surveillance, further spreading
malware, or launching additional attacks on other targets.
• Fraudulent Clicks and Ad Fraud: Botnets can generate fake clicks on online advertisements,
leading to ad fraud. This artificially inflates the number of clicks, defrauding advertisers and
siphoning off advertising revenue.

Efforts to combat botnets involve a combination of technical measures, such as antivirus software and
intrusion detection systems, as well as legal and law enforcement actions to dismantle the infrastructure
supporting these malicious networks. Users can contribute to the fight against botnets by maintaining
good cybersecurity practices, such as keeping software updated, using strong and unique passwords, and
being cautious about suspicious emails and links.

Attack Vectors:
Attack vectors refer to the paths or methods through which a cyber attacker can exploit vulnerabilities in
a system or network to compromise its integrity, confidentiality, or availability. Cybersecurity
professionals use the knowledge of attack vectors to design and implement defenses against potential
threats. Here are some common attack vectors:

• Phishing Attacks: Email Phishing: Attackers use deceptive emails to trick individuals into clicking
on malicious links or downloading malicious attachments. Spear Phishing: Targeted phishing
attacks that are customized for specific individuals or organizations.
• Malware Attacks: Drive-By Downloads: Malicious software is automatically downloaded to a
user's device when they visit a compromised or malicious website. Trojan Horses: Malware
disguised as legitimate software that, once installed, allows unauthorized access or control.
• Social Engineering: Manipulating Trust: Attackers exploit human psychology to manipulate
individuals into divulging sensitive information or taking specific actions. Impersonation:
Pretending to be someone else to gain unauthorized access or deceive individuals.
• Credential Attacks: Brute Force Attacks: Repeatedly attempting to guess passwords until the
correct one is found. Credential Stuffing: Using known username and password combinations
obtained from previous data breaches to gain unauthorized access.
• Man-in-the-Middle (MitM) Attacks: Intercepting and possibly altering communications between
two parties without their knowledge.
• SQL Injection: Exploiting vulnerabilities in web applications to execute malicious SQL queries on
a database, potentially allowing unauthorized access or data manipulation.
• Cross-Site Scripting (XSS): Injecting malicious scripts into web pages viewed by other users,
potentially leading to the theft of sensitive information.
• Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks: Overwhelming a
system, network, or service with traffic to disrupt its normal functioning.
• Zero-Day Exploits: Taking advantage of vulnerabilities in software or hardware that are not yet
known to the vendor or the public.
• Physical Attacks: Physically manipulating or gaining unauthorized access to hardware devices or
infrastructure.
• Ransomware Attacks: Encrypting files or systems and demanding a ransom for their release.
• IoT (Internet of Things) Exploitation: Taking advantage of security vulnerabilities in connected
devices to gain unauthorized access or disrupt their functionality.
• USB-based Attacks: Distributing malware or exploiting vulnerabilities through infected USB
devices.
• Watering Hole Attacks: Compromising websites that a target group is likely to visit, exploiting
their trust in those sites to deliver malware.
• Wi-Fi Eavesdropping: Unauthorized interception of Wi-Fi communications to capture sensitive
information.

Understanding these attack vectors is crucial for developing effective cybersecurity strategies.
Organizations and individuals need to implement a multi-layered defense approach, including firewalls,
antivirus software, intrusion detection systems, and user education to mitigate the risks associated with
these attack vectors. Regular updates, patches, and security audits are also essential for maintaining a
secure digital environment.
UNIT 2
Mobile and wireless devices
Mobile and wireless devices play a crucial role in today's interconnected world, providing users
with the ability to communicate, access information, and perform various tasks on the go. Here
are some key aspects related to mobile and wireless devices:
Mobile Devices:
1. Smartphones:
• Smartphones are versatile mobile devices that combine a phone with features
like internet browsing, applications, camera, and more.
• Operating systems include iOS (Apple), Android (Google), and others.
2. Tablets:
• Larger than smartphones, tablets offer a portable computing experience with
touchscreens and various applications.
• Popular operating systems include iOS, Android, and Windows.
3. Wearables:
• Devices like smartwatches and fitness trackers are worn on the body.
• They often connect to smartphones for notifications and health tracking.
4. E-readers:
• Designed for reading digital books, e-readers like Kindle provide a dedicated
platform for e-books.
Wireless Technologies:
1. Wi-Fi:
• Enables wireless local area networking (WLAN) for internet access and device
connectivity.
• Commonly used in homes, offices, and public spaces.
2. Bluetooth:
• Used for short-range wireless communication between devices (e.g.,
headphones, speakers, keyboards).
• Low-power consumption makes it suitable for various applications.
3. NFC (Near Field Communication):
• Allows for short-range communication between devices by bringing them close
together.
• Used for contactless payments, data transfer, and more.
4. 4G and 5G Networks:
• Cellular networks provide mobile data connectivity.
• 4G (LTE) and 5G offer high-speed internet access, with 5G providing faster speeds
and lower latency.
5. Satellite Communication:
• Used in remote areas where traditional communication infrastructure is not
available.
Security and Challenges:
1. Security Concerns:
• Mobile devices face security threats like malware, phishing, and data breaches.
• Encryption, secure authentication, and regular updates are crucial for device
security.
2. Battery Life:
• A key consideration, especially for mobile devices, as users expect longer battery
life.
3. Interoperability:
• Ensuring seamless communication between different devices and platforms.
4. Health Concerns:
• Debates around the potential health effects of prolonged exposure to wireless
signals.
Emerging Technologies:
1. IoT (Internet of Things):
• Connecting various devices to the internet for data exchange and automation.
2. Edge Computing:
• Processing data closer to the source (device) rather than relying solely on
centralized cloud servers.
3. Foldable Devices:
• Innovations in form factors, such as foldable smartphones and tablets.
4. Augmented Reality (AR) and Virtual Reality (VR):
• Integration of AR and VR technologies in mobile devices for immersive
experiences.
Mobile and wireless technologies continue to evolve, influencing how people communicate,
work, and interact with their surroundings. Ongoing advancements contribute to the growth of
a more interconnected and technologically advanced society.

Proliferation of mobile and wireless devices


The proliferation of mobile and wireless devices has been a transformative force in recent
decades, reshaping how individuals communicate, access information, and conduct various
aspects of their lives. Several factors contribute to the widespread adoption and growth of
these devices:

• Technological Advancements: Rapid advancements in technology, including


improvements in processing power, battery life, and wireless connectivity, have made
mobile devices more powerful and versatile.
• Smartphone Revolution: The introduction and widespread adoption of smartphones
revolutionized the concept of mobile communication. Smartphones combine various
functionalities, including communication, internet browsing, navigation, and multimedia,
into a single device.
• Affordability: Over time, the cost of mobile devices has decreased, making them more
accessible to a broader range of consumers. Affordable smartphones, especially in
emerging markets, have contributed to increased adoption.
• Global Connectivity: The expansion of wireless networks, including 4G and 5G, has
facilitated global connectivity. Users can access high-speed internet and communicate
across borders more easily.
• App Ecosystem: The development of mobile applications (apps) has played a significant
role in the popularity of mobile devices. Apps offer a wide range of services, from social
media and productivity tools to entertainment and e-commerce.
• Mobile Internet: The availability of mobile internet services has transformed the way
people access information. Mobile browsing allows users to connect to the web from
virtually anywhere, enabling instant access to news, social media, and online services.
• Enterprise Mobility: The integration of mobile devices into the business environment
has increased productivity and flexibility. Employees can work remotely, access
corporate resources, and collaborate on the go.
• Internet of Things (IoT): The proliferation of IoT devices, which are often wirelessly
connected, has expanded the ecosystem of mobile and wireless technologies. These
devices include smart home gadgets, wearable fitness trackers, and industrial sensors.
• Consumer Demand for Mobility: There is a growing demand from consumers for
mobility and flexibility in their digital experiences. Mobile devices provide a convenient
and on-the-go solution to meet these demands.
• Evolving Form Factors: Innovations in form factors, such as foldable screens and
compact designs, continue to attract consumers. These advancements contribute to the
ongoing appeal of mobile devices.
• Social and Cultural Shifts: Changes in social behavior and cultural norms have led to an
increased reliance on mobile devices for social interaction, entertainment, and
information sharing.
• E-commerce and Mobile Payments: Mobile devices facilitate online shopping and
mobile payment options, contributing to the growth of e-commerce.
The proliferation of mobile and wireless devices is likely to continue as technology continues to
advance. Emerging technologies, such as augmented reality, virtual reality, and 5G connectivity,
will further shape the landscape of mobile and wireless communication in the future.

Trends in Mobility:
1. 5G Technology: The rollout and adoption of 5G networks were gaining momentum. 5G
promises significantly faster data speeds, lower latency, and increased capacity, opening
up possibilities for new applications and services.
2. Edge Computing: Edge computing involves processing data closer to the source (device)
rather than relying solely on centralized cloud servers. This trend reduces latency and
enhances real-time processing, crucial for applications like IoT and AR/VR.
3. Internet of Things (IoT): The proliferation of IoT devices continued, connecting various
objects to the internet for data exchange and automation. IoT applications span
industries such as healthcare, agriculture, smart homes, and industrial sectors.
4. Mobile Health (mHealth): The integration of mobile devices in healthcare, known as
mHealth, was expanding. This trend includes health monitoring apps, wearable devices,
and telemedicine solutions.
5. Augmented Reality (AR) and Virtual Reality (VR): AR and VR technologies were gaining
traction, with applications in gaming, education, training, and immersive experiences.
Mobile devices were becoming increasingly capable of supporting AR and VR
applications.
6. Foldable Devices: Manufacturers were experimenting with foldable smartphone and
tablet designs, offering users a more flexible and versatile form factor.
7. Mobile Security: With the increasing reliance on mobile devices for sensitive tasks,
mobile security became a significant concern. Biometric authentication, secure enclaves,
and improved encryption were among the measures implemented to enhance mobile
security.
8. Artificial Intelligence (AI) Integration: AI was being integrated into mobile devices,
enhancing features like voice assistants, image recognition, and predictive analytics. This
trend aimed to provide more personalized and intelligent user experiences.
9. 5G-Enabled IoT: The combination of 5G and IoT was expected to bring about
transformative changes, enabling massive connectivity for a multitude of devices with
high data transfer rates and low latency.
10. Mobile App Development: Cross-platform app development frameworks and
technologies were gaining popularity, allowing developers to create apps that run
seamlessly on multiple operating systems.
11. Remote Work Tools: The COVID-19 pandemic accelerated the adoption of mobile tools
and applications supporting remote work, including video conferencing, collaboration
platforms, and cloud-based productivity tools.
12. Mobile Payments and Digital Wallets: The trend toward cashless transactions and
mobile payments continued to grow, with digital wallets and mobile payment apps
becoming increasingly popular.
It's important to check for the latest updates to understand the current trends in the mobility of
mobile and wireless devices, as the technology landscape is continually evolving.

Credit card frauds in mobile and wireless computing era:


Credit card fraud in the mobile and wireless era has evolved with technological advancements,
and perpetrators often exploit vulnerabilities in various stages of the payment process. Here are
some key aspects of credit card fraud in the context of mobile and wireless technology:
1. Lost or Stolen Devices: Mobile devices, including smartphones and tablets, are
susceptible to loss or theft. If a device with saved credit card information falls into the
wrong hands, it can be misused for unauthorized transactions.
2. Skimming and Card Cloning: Skimming devices and techniques are used to capture
credit card information during legitimate transactions. Criminals may attach skimming
devices to ATMs or point-of-sale terminals. Additionally, card cloning involves creating a
duplicate card with stolen information.
3. Data Breaches: Breaches of databases and systems that store credit card information
can lead to massive data leaks. Hackers target retailers, financial institutions, and other
entities to gain access to credit card data.
4. Phishing Attacks: Phishing involves tricking individuals into revealing sensitive
information, such as credit card details, through fraudulent emails, messages, or
websites. In the mobile era, phishing attacks may target users through mobile apps and
SMS.
5. Malware and Mobile Banking Trojans: Malicious software and mobile banking Trojans
can infect mobile devices, capturing sensitive information, including credit card details,
as users engage in online transactions or mobile banking.
6. Insecure Wi-Fi Networks: Public Wi-Fi networks can be insecure, providing opportunities
for hackers to intercept data, including credit card information, transmitted over these
networks.
7. SMS Spoofing and SIM Swapping: Criminals may use SMS spoofing to trick users into
revealing information or engaging in fraudulent transactions. SIM swapping involves
convincing a mobile carrier to transfer a victim's phone number to a new SIM card,
allowing the attacker to receive authentication codes.
8. Mobile Wallet and App Vulnerabilities: Issues with security in mobile wallet applications
or payment apps can expose users to fraud. This includes vulnerabilities in the app itself
or weaknesses in the user's device security.
9. Lack of Two-Factor Authentication: Without robust two-factor authentication measures,
unauthorized access to accounts and transactions becomes easier for fraudsters.
10. Identity Theft: Mobile and wireless communication can be used to gather personal
information for identity theft. Fraudsters may use stolen identities to open new credit
card accounts.
Prevention and Mitigation:
1. Secure Mobile Devices: Use strong passwords or biometric authentication on mobile
devices and enable remote tracking and wiping features.
2. Regularly Monitor Accounts: Regularly review credit card statements and transactions
for any unauthorized activity.
3. Secure Wi-Fi Usage: Avoid using public Wi-Fi for sensitive transactions, and consider
using a virtual private network (VPN) for added security.
4. Install Security Software: Use reputable security software on mobile devices to detect
and prevent malware and other threats.
5. Be Cautious of Phishing Attempts: Exercise caution when clicking on links or providing
information in response to unsolicited messages or emails.
6. Enable Two-Factor Authentication: Whenever possible, enable two-factor
authentication for additional account security.
7. Keep Apps and Software Updated: Ensure that mobile apps and device operating
systems are up to date with the latest security patches.
8. Use Secure Payment Methods: When making online purchases, use secure and
reputable payment methods, and consider using virtual credit cards when available.
9. Educate Users: Educate users about the risks of credit card fraud in the mobile era and
promote safe online practices.
As technology continues to advance, so do the methods employed by fraudsters. Staying
informed about current threats and adopting best practices for security is essential for both
consumers and businesses in the mobile and wireless era.

Security Challenges posed by mobile devices:


Mobile devices, such as smartphones and tablets, present unique security challenges due to
their portability, connectivity, and the diverse range of applications they support. Addressing
these challenges is crucial to safeguarding sensitive information and preventing unauthorized
access. Here are some key security challenges posed by mobile devices:
1. Lost or Stolen Devices: Loss or theft of a mobile device can result in unauthorized access
to sensitive data. Passwords, biometric authentication, and remote wiping capabilities
are essential for mitigating this risk.
2. Data Encryption: Ensuring that data stored on the device is encrypted helps protect it
from being accessed by unauthorized individuals, even if the device falls into the wrong
hands.
3. Insecure Wi-Fi Networks: Public Wi-Fi networks are often insecure, making mobile
devices vulnerable to various attacks, including man-in-the-middle attacks. Users should
avoid using public Wi-Fi for sensitive transactions or use a virtual private network (VPN)
for added security.
4. Malware and Mobile Threats: Mobile devices are susceptible to malware and other
malicious software. Users may inadvertently download malicious apps, click on phishing
links, or encounter malware-infected websites. Security measures, such as antivirus
software and secure app sources, are essential.
5. Phishing Attacks: Mobile users are susceptible to phishing attacks through emails, text
messages, or fraudulent apps. Educating users about recognizing and avoiding phishing
attempts is crucial to prevent unauthorized access.
6. App Security: Insecure mobile applications can pose significant risks. App vulnerabilities,
including poor data encryption, weak authentication mechanisms, and inadequate
permission controls, can lead to unauthorized access and data breaches.
7. Jailbreaking and Rooting: Jailbreaking (iOS) or rooting (Android) a device can bypass
built-in security features, exposing the device to additional security risks. Users should
avoid modifying their device's operating system in unauthorized ways.
8. Device Fragmentation: The diversity of mobile device manufacturers, models, and
operating systems leads to fragmentation. This makes it challenging for developers and
security professionals to ensure consistent security across the entire mobile ecosystem.
9. Insufficient Authentication: Weak or easily guessable passwords, as well as the absence
of two-factor authentication, increase the risk of unauthorized access to devices and
accounts.
10. Bring Your Own Device (BYOD) Risks: The trend of employees using personal devices for
work (BYOD) introduces additional security challenges. Companies need to implement
policies and security measures to protect corporate data on employee-owned devices.
11. Location Tracking and Privacy Concerns: Location-based services on mobile devices can
be exploited for tracking individuals without their consent. Privacy concerns arise when
apps or services collect and share user location data without clear permission.
12. Limited User Awareness: Users may not be fully aware of security best practices or the
potential risks associated with certain behaviors on their mobile devices. Education and
awareness campaigns are essential components of mobile security strategies.
13. Supply Chain and App Store Security: Security vulnerabilities may be introduced at
various stages of the supply chain, from device manufacturing to app distribution.
Malicious apps can sometimes slip through app store security measures.
Addressing these security challenges requires a holistic approach that combines technological
solutions, user education, and effective policies. Regular updates, strong authentication
practices, and a proactive stance against emerging threats are essential for maintaining the
security of mobile devices in an increasingly connected world.

Registry settings for mobile devices


Registry settings are specific configurations stored in the Windows Registry, a centralized
database in the Microsoft Windows operating system. The registry is a hierarchical database
that contains settings, options, and configuration data for the operating system and installed
applications. Modifying registry settings should be done with caution, as changes can impact
system stability and functionality. Before making any changes, it's advisable to back up the
registry or create a system restore point.
Here are some common locations in the Windows Registry and the types of settings you might
find there:
1. HKEY_CLASSES_ROOT (HKCR): This hive contains file association information, including
which application is used to open specific file types.
2. HKEY_CURRENT_USER (HKCU): This hive stores settings specific to the currently logged-
in user, such as desktop settings, application preferences, and control panel settings.
3. HKEY_LOCAL_MACHINE (HKLM): This hive contains settings that apply to the entire
computer, including hardware-related information, software configurations, and system
settings.
4. HKEY_USERS: This hive contains individual user profiles on the computer.
5. HKEY_CURRENT_CONFIG: This hive contains information about the current hardware
configuration.
Here are a few examples of registry settings and their locations:
• Windows Explorer Settings:
• Location:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
• Examples: Control Panel settings, recent documents, start menu settings.
• Internet Explorer Settings:
• Location: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
• Examples: Homepage, security settings, browser history.
• System Settings:
• Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
• Examples: System startup settings, virtual memory configurations.
• User Interface Settings:
• Location: HKEY_CURRENT_USER\Control Panel\Desktop
• Examples: Wallpaper, screen saver settings, mouse behavior.
• Network Settings:
• Location:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Interne
t Settings
• Examples: Proxy settings, Internet Explorer configurations.
It's important to note that manually editing the registry is generally not recommended for
casual users. If you need to modify a specific setting, it's often better to use the appropriate
system tool or application settings. If you do need to edit the registry, be sure to follow best
practices, make backups, and only modify settings you fully understand. Incorrect changes to
the registry can lead to system instability or failure. Always proceed with caution and consider
seeking professional advice if you are unsure.

Authentication service security


Authentication service security is critical for safeguarding digital systems and user information.
Authentication is the process of verifying the identity of a user, device, or system before
granting access to resources. Authentication services play a key role in this process, and their
security is paramount to prevent unauthorized access and protect sensitive data. Here are key
considerations for ensuring the security of authentication services:
1. Secure Communication: Use secure communication protocols, such as HTTPS, to encrypt
data transmitted between the user and the authentication service. This helps prevent
eavesdropping and man-in-the-middle attacks.
2. Multi-Factor Authentication (MFA): Implement multi-factor authentication to add an
extra layer of security. MFA requires users to provide multiple forms of identification,
such as passwords, biometrics, or one-time codes, making it more difficult for
unauthorized users to gain access.
3. Password Policies: Enforce strong password policies, including requirements for
complexity, length, and regular updates. Additionally, use secure methods for storing
and transmitting passwords, such as password hashing and salting.
4. Rate Limiting and Account Lockout: Implement rate limiting to prevent brute force
attacks on user accounts. Account lockout mechanisms can temporarily or permanently
lock user accounts after a certain number of unsuccessful login attempts, protecting
against password-guessing attacks.
5. Session Management: Implement secure session management to protect against
session hijacking. This includes using secure session tokens, enforcing session timeouts,
and generating unique session identifiers.
6. Secure Token Storage: If authentication involves the use of tokens (e.g., JSON Web
Tokens), ensure secure storage and handling to prevent token theft or tampering.
7. User Account Management: Implement robust user account management practices,
including secure methods for user registration, account recovery, and account
deactivation. Validate user input to prevent injection attacks.
8. OAuth and OpenID Connect Security: If using OAuth for authorization or OpenID
Connect for identity management, follow best practices for securing these protocols.
Use secure implementations and stay informed about updates and security
recommendations.
9. Audit Logs: Maintain comprehensive audit logs to track authentication events and
identify suspicious activities. Regularly review and analyze these logs to detect and
respond to security incidents.
10. Secure Coding Practices: Implement secure coding practices when developing and
maintaining authentication services. This includes input validation, output encoding, and
protection against common web vulnerabilities such as Cross-Site Scripting (XSS) and
Cross-Site Request Forgery (CSRF).
11. API Security: If the authentication service exposes APIs, secure them against
unauthorized access and attacks. Implement proper authentication and authorization
mechanisms for API endpoints.
12. Regular Security Audits and Testing: Conduct regular security audits and penetration
testing to identify vulnerabilities and weaknesses in the authentication service. Address
any discovered issues promptly.
13. Compliance with Regulations: Ensure that the authentication service complies with
relevant data protection and privacy regulations, such as GDPR, HIPAA, or others
applicable to your industry.
14. Security Updates: Keep the authentication service and its dependencies up to date with
the latest security patches. Regularly review and apply updates to address known
vulnerabilities.
By addressing these considerations, organizations can enhance the security of their
authentication services and better protect user identities and sensitive information. It’s
important to stay vigilant and proactive in the ever-evolving landscape of cybersecurity threats.

Attack on mobile phones:


Wireless and mobile devices have become ubiquitous in today’s society, and with this increased
usage comes the potential for security threats. Wireless and mobile device attacks are a
growing concern for individuals, businesses, and governments.
Below are some of the most common types of Wireless and Mobile Device Attacks:

• SMiShing: Smishing become common now as smartphones are widely used. SMiShing
uses Short Message Service (SMS) to send fraud text messages or links. The criminals
cheat the user by calling. Victims may provide sensitive information such as credit card
information, account information, etc. Accessing a website might result in the user
unknowingly downloading malware that infects the device.
• War driving: War driving is a way used by attackers to find access points wherever they
can be. With the availability of free Wi-Fi connection, they can drive around and obtain a
very huge amount of information over a very short period of time.
• WEP attack: Wired Equivalent Privacy (WEP) is a security protocol that attempted to
provide a wireless local area network with the same level of security as a wired LAN.
Since physical security steps help to protect a wired LAN, WEP attempts to provide
similar protection for data transmitted over WLAN with encryption. WEP uses a key for
encryption. There is no provision for key management with Wired Equivalent Privacy, so
the number of people sharing the key will continually grow. Since everyone is using the
same key, the criminal has access to a large amount of traffic for analytic attacks.
• WPA attack: Wi-Fi Protected Access (WPA) and then WPA2 came out as improved
protocols to replace WEP. WPA2 does not have the same encryption problems because
an attacker cannot recover the key by noticing traffic. WPA2 is susceptible to attack
because cyber criminals can analyze the packets going between the access point and an
authorized user.
• Bluejacking: Bluejacking is used for sending unauthorized messages to another
Bluetooth device. Bluetooth is a high-speed but very short-range wireless technology for
exchanging data between desktop and mobile computers and other devices.
• Replay attacks: In a Replay attack an attacker spy on information being sent between a
sender and a receiver. Once the attacker has spied on the information, he or she can
intercept it and retransmit it again thus leading to some delay in data transmission. It is
also known as playback attack.
• Bluesnarfing: It occurs when the attacker copies the victim’s information from his
device. An attacker can access information such as the user’s calendar, contact list, e-
mail and text messages without leaving any evidence of the attack.
• RF Jamming: Wireless signals are susceptible to electromagnetic interference and radio-
frequency interference. Radio frequency (RF) jamming distorts the transmission of a
satellite station so that the signal does not reach the receiving station.
There are several types of attacks that target these devices, each with its own advantages and
disadvantages:

• Wi-Fi Spoofing: Wi-Fi spoofing involves setting up a fake wireless access point to trick
users into connecting to it instead of the legitimate network. This attack can be used to
steal sensitive information such as usernames, passwords, and credit card numbers. One
advantage of this attack is that it is relatively easy to carry out, and the attacker does not
need sophisticated tools or skills. However, it can be easily detected if users are aware of
the legitimate network’s name and other details.
• Packet Sniffing: Packet sniffing involves intercepting and analyzing the data packets that
are transmitted over a wireless network. This attack can be used to capture sensitive
information such as email messages, instant messages, and web traffic. One advantage
of this attack is that it can be carried out without the user’s knowledge. However, the
attacker needs to be in close proximity to the victim and must have the technical skills
and tools to intercept and analyze the data.
• Bluejacking: Bluejacking involves sending unsolicited messages to Bluetooth-enabled
devices. This attack can be used to send spam, phishing messages, or malware to the
victim’s device. One advantage of this attack is that it does not require a network
connection, and the attacker can be located anywhere within range of the victim’s
Bluetooth signal. However, it requires the attacker to have the victim’s Bluetooth
device’s address and is limited to devices that have Bluetooth capabilities.
• SMS Spoofing: SMS spoofing involves sending text messages that appear to come from a
trusted source, such as a bank or a government agency. This attack can be used to trick
users into revealing sensitive information or downloading malware. One advantage of
this attack is that it can be carried out without the user’s knowledge. However, it
requires the attacker to have the victim’s phone number, and it can be easily detected if
users are aware of the legitimate source of the message.
• Malware: Malware is software designed to infect a device and steal or damage data.
Malware can be distributed through email attachments, software downloads, or
malicious websites. One advantage of this attack is that it can be carried out remotely,
without the attacker needing to be physically close to the victim. However, it requires
the attacker to have a way to deliver the malware to the victim’s device, such as through
a phishing email or a fake website.
Conclusion: Wireless and mobile device attacks can have severe consequences, including the
theft of sensitive data, identity theft, financial loss, and reputational damage. To protect against
these attacks, users should always use strong passwords, keep their devices and software up-to-
date, avoid connecting to unsecured networks, and use reputable app stores. Businesses should
also implement security measures such as firewalls, intrusion detection systems, and employee
training to protect against wireless and mobile device attacks.

Mobile devices: Security Implications for Organizations


Mobile devices pose both opportunities and challenges for organizations when it comes to
security. Here are some key security implications for organizations concerning mobile devices:
1. Data Protection:
• Mobile devices often store sensitive organizational data. Organizations need to
implement strong encryption methods to protect data at rest and during
transmission.
• Implementing remote wipe capabilities can help in case a device is lost or stolen,
ensuring that sensitive data does not fall into the wrong hands.
2. Device Management:
• Organizations should establish mobile device management (MDM) and mobile
application management (MAM) policies to control and monitor mobile devices
within their network.
• These policies may include password requirements, device encryption, and
restrictions on certain applications.
3. Network Security:
• Mobile devices frequently connect to various networks, including public Wi-Fi.
This increases the risk of data interception. Implementing virtual private
networks (VPNs) and secure Wi-Fi connections can help mitigate this risk.
4. Endpoint Security:
• Mobile devices are endpoints that can be vulnerable to malware and other
security threats. Regularly updating device software, using security apps, and
implementing antivirus solutions can enhance endpoint security.
5. Authentication and Authorization:
• Implement strong authentication methods, such as two-factor authentication
(2FA) or biometrics, to ensure that only authorized users can access sensitive
organizational information.
6. Policy and Training:
• Establish clear security policies for the use of mobile devices within the
organization. Regularly educate employees about the importance of security and
the risks associated with mobile device usage.
7. Secure Development Practices:
• Organizations developing mobile applications should follow secure coding
practices to minimize vulnerabilities. Regularly update and patch applications to
address any discovered security flaws.
8. BYOD (Bring Your Own Device):
• If the organization allows employees to use their own devices, it's crucial to have
a well-defined BYOD policy that addresses security concerns. This may include
requirements for security software, regular updates, and compliance with
organizational security policies.
9. Incident Response:
• Have a robust incident response plan in place in case of a security breach
involving mobile devices. This includes procedures for reporting incidents,
investigating, and mitigating potential damage.
10. Compliance:
• Ensure that the organization's use of mobile devices complies with relevant
industry regulations and data protection laws. This is particularly important in
industries with strict compliance requirements, such as healthcare or finance.
In summary, organizations need to adopt a comprehensive approach to mobile device security,
combining technical measures, policies, and employee education to mitigate risks effectively.
Regular audits and updates to security protocols are essential to address evolving threats in the
mobile landscape.
Organizational measures for handling mobile
Handling mobile devices within an organization requires a combination of technical measures,
policies, and employee training to ensure security and compliance. Here are some
organizational measures for effectively handling mobile devices:
1. Mobile Device Management (MDM): Implement MDM solutions to centrally manage
and control mobile devices. MDM allows organizations to enforce security policies, track
devices, and remotely wipe data if a device is lost or stolen.
2. Mobile Application Management (MAM): Use MAM solutions to control and secure the
deployment of mobile applications. This includes whitelisting approved apps, restricting
unauthorized app installations, and managing app updates.
3. Security Policies: Develop and enforce comprehensive security policies specifically
tailored for mobile device usage within the organization. Include policies on password
requirements, encryption, app usage, and data access.
4. BYOD Policies: If the organization allows Bring Your Own Device (BYOD), establish clear
policies outlining the requirements and restrictions for personal devices accessing
corporate resources. Include guidelines on security software, updates, and compliance.
5. Authentication Mechanisms: Implement strong authentication methods, such as two-
factor authentication (2FA) or biometrics, to enhance access control and protect
sensitive information.
6. Data Encryption: Enforce encryption on mobile devices to safeguard data both at rest
and in transit. This includes implementing device-level encryption and encrypted
communication channels.
7. Remote Wipe and Lock: Enable remote wipe and lock features to allow IT administrators
to remotely erase data or lock a device in case it is lost or stolen. This prevents
unauthorized access to sensitive information.
8. Network Security: Ensure that mobile devices connect to secure and trusted networks.
Encourage the use of virtual private networks (VPNs) when accessing organizational
resources over public Wi-Fi.
9. Regular Software Updates: Require users to keep their mobile devices' operating
systems, apps, and security software up to date. Regular updates often include patches
for security vulnerabilities.
10. Employee Training: Conduct regular training sessions to educate employees about
mobile security best practices, the organization's policies, and the potential risks
associated with mobile device usage.
11. Incident Response Plan: Develop and regularly update an incident response plan specific
to mobile security incidents. Define procedures for reporting, investigating, and
mitigating security breaches involving mobile devices.
12. Compliance Audits: Conduct regular audits to ensure that mobile device usage aligns
with industry regulations, data protection laws, and organizational policies.
13. Collaboration with IT and Security Teams: Foster collaboration between IT, security, and
other relevant teams to ensure a unified approach to mobile device management and
security.
14. Monitoring and Reporting: Implement monitoring tools to track mobile device activity
and generate reports on security-related events. This helps in identifying and responding
to potential security threats.
15. Legal and Ethical Considerations: Stay informed about legal and ethical considerations
related to mobile device usage. Ensure that organizational policies and practices align
with relevant laws and ethical standards.
By combining these organizational measures, businesses can establish a strong foundation for
managing mobile devices securely and efficiently within the organizational environment.
UNIT 3
Proxy server
Proxy server refers to a server that acts as an intermediary between the request made by
clients, and a particular server for some services or requests for some resources. There are
different types of proxy servers available that are put into use according to the purpose of a
request made by the clients to the servers. The basic purpose of Proxy servers is to protect the
direct connection of Internet clients and internet resources. The proxy server also prevents the
identification of the client’s IP address when the client makes any request is made to any other
servers.
• Internet Client and Internet resources: For internet clients, Proxy servers also act as a
shield for an internal network against the request coming from a client to access the
data stored on the server. It makes the original IP address of the node remains hidden
while accessing data from that server.
• Protects true host identity: In this method, outgoing traffic appears to come from the
proxy server rather than internet navigation. It must be configured to the specific
application such as HTTPs or FTP. For example, organizations can use a proxy to observe
the traffic of its employees to get the work efficiently done. It can also be used to keep a
check on any kind of highly confidential data leakage. Some can also use it to increase
their websites rank.
Need Of Private Proxy:
1. Defeat Hackers: To protect organizations data from malicious use, passwords are used
and different architects are setup, but still, there may be a possibility that this
information can be hacked in case the IP address is accessible easily. To prevent such
kind of misuse of Data Proxy servers are set up to prevent tracking of original IP
addresses instead data is shown to come from a different IP address.
2. Filtering of Content: By caching the content of the websites, Proxy helps in fast access to
the data that has been accessed very often.
3. Examine Packet headers and Payloads: Payloads and packet headers of the requests
made by the user nodes in the internal server to access to social websites can be easily
tracked and restricted.
4. To control internet usage of employees and children: In this, the Proxy server is used to
control and monitor how their employees or kids use the internet. Organizations use it,
to deny access to a specific website and instead redirecting you with a nice note asking
you to refrain from looking at said sites on the company network.
5. Bandwidth savings and improved speeds: Proxy helps organizations to get better overall
network performance with a good proxy server.
6. Privacy Benefits: Proxy servers are used to browse the internet more privately. It will
change the IP address and identify the information the web request contains.
7. Security: Proxy server is used to encrypt your web requests to keep prying eyes from
reading your transactions as it provides top-level security.
Types Of Proxy Server
1. Reverse Proxy Server: The job of a reverse proxy server to listen to the request made by
the client and redirect to the particular web server which is present on different servers.
Example – Listen for TCP port 80 website connections which are normally placed in a
demilitarized zone (DMZ) zone for publicly accessible services but it also protects the
true identity of the host. Moreover, it is transparent to external users as external users
will not be able to identify the actual number of internal servers. So, it is the prime duty
of reverse proxy to redirect the flow depending upon the configurations of internal
servers. The request that is made to pass through the private network protected by
firewalls will need a proxy server that is not abiding by any of the local policies. Such
types of requests from the clients are completed using reverse proxy servers. This is also
used to restrict the access of the clients to the confidential data residing on the
particular servers.
2. Web Proxy Server: Web Proxy forwards the HTTP requests, only URL is passed instead of
a path. The request is sent to particular the proxy server responds. Examples, Apache,
HAP Proxy.
3. Anonymous Proxy Server: This type of proxy server does not make an original IP address
instead these servers are detectable still provides rational anonymity to the client
device.
4. Highly Anonymity Proxy: This proxy server does not allow the original IP address and it
as a proxy server to be detected.
5. Transparent Proxy: This type of proxy server is unable to provide any anonymity to the
client, instead, the original IP address can be easily detected using this proxy. But it is put
into use to act as a cache for the websites. A transparent proxy when combined with
gateway results in a proxy server where the connection requests are sent by the client,
then IP are redirected. Redirection will occur without the client IP address configuration.
HTTP headers present on the server-side can easily detect its redirection.
6. CGI Proxy: CGI proxy server developed to make the websites more accessible. It accepts
the requests to target URLs using a web form and after processing its result will be
returned to the web browser. It is less popular due to some privacy policies like VPNs but
it still receives a lot of requests also. Its usage got reduced due to excessive traffic that
can be caused to the website after passing the local filtration and thus leads to damage
to the organization.
7. Suffix Proxy: Suffix proxy server basically appends the name of the proxy to the URL.
This type of proxy doesn’t preserve any higher level of anonymity. It is used for
bypassing the web filters. It is easy to use and can be easily implemented but is used less
due to the greater number of web filter present in it.
8. Distorting Proxy: Proxy servers are preferred to generate an incorrect original IP address
of clients once being detected as a proxy server. To maintain the confidentiality of the
Client IP address HTTP headers are used.
9. Tor Onion Proxy: This server aims at online anonymity to the user’s personal
information. It is used to route the traffic through various networks present worldwide
to arise difficulty in tracking the users’ address and prevent the attack of any anonymous
activities. It makes it difficult for any person who is trying to track the original address. In
this type of routing, the information is encrypted in a multi-fold’s layer. At the
destination, each layer is decrypted one by one to prevent the information to scramble
and receive original content. This software is open-source and free of cost to use.
10. 12P Anonymous Proxy: It uses encryption to hide all the communications at various
levels. This encrypted data is then relayed through various network routers present at
different locations and thus I2P is a fully distributed proxy. This software is free of cost
and open source to use, it also resists the censorship.
11. DNS Proxy: DNS proxy take requests in the form of DNS queries and forward them to the
Domain server where it can also be cached, moreover flow of request can also be
redirected.
How Does the Proxy Server Operates?
Every computer has its unique IP address which it uses to communicate with another node.
Similarly, the proxy server has its IP address that your computer knows. When a web request is
sent, your request goes to the proxy server first. The Proxy sends a request on your behalf to
the internet and then collect the data and make it available to you. A proxy can change your IP
address So, the webserver will be unable to fetch your location in the world. It protects data
from getting hacked too. Moreover, it can block some web pages also.

Disadvantages of Proxy Server


1. Proxy Server Risks: Free installation does not invest much in backend hardware or
encryption. It will result in performance issues and potential data security issues. If you
install a “free” proxy server, treat very carefully, some of those might steal your credit
card numbers.
2. Browsing history log: The proxy server stores your original IP address and web request
information is possibly unencrypted form and saved locally. Always check if your proxy
server logs and saves that data – and what kind of retention or law enforcement
cooperation policies they follow while saving data.
3. No encryption: No encryption means you are sending your requests as plain text.
Anyone will be able to pull usernames and passwords and account information easily.
Keep a check that proxy provides full encryption whenever you use it.

Anonymizer

An anonymizer or an anonymous proxy is a tool that attempts to make activity on the Internet
untraceable. It is a proxy server computer that acts as an intermediary and privacy shield
between a client computer and the rest of the Internet. It accesses the Internet on the user’s
behalf, protecting personal information by hiding the client computer’s identifying information.

There are many reasons for using anonymizers. Anonymizers help minimize risk. They can be
used to prevent identity theft, or to protect search histories from public disclosure. Some
countries apply heavy censorship on the internet. Anonymizers can help in allowing free access
to all of the internet content, but cannot help against persecution for accessing the Anonymizer
website itself. Furthermore, as information itself about Anonymizer websites are banned in
these countries, users are wary that they may be falling into a government-set trap.

Anonymizers are also used by people who wish to receive objective information with the
growing target marketing on the internet and targeted information. For example, large news
outlets such as CNN target the viewers according to region and give different information to
different populations. Websites such as YouTube obtain information about the last videos
viewed on a computer, and propose “recommended” videos accordingly, and most of the
online targeted marketing is done by showing advertisements according to that region.
Anonymizers are used for avoiding this kind of targeting and getting a more objective view of
information.

Types

• Protocol specific anonymizers – Sometimes anonymizers are implemented to work only


with one particular protocol. The advantage is that no extra software is needed. The
operation occurs in this manner: A connection is made by the user to the anonymizer.
Commands to the anonymizer are included inside a typical message. The anonymizer
then makes a connection to the resource specified by the inbound command and relays
the message with the command stripped out. An example of a protocol-specific
anonymizer is an anonymous remailer for e-mail. Also of note are web proxies, and
bouncers for FTP and IRC.
• Protocol independent anonymizers – Protocol independence can be achieved by
creating a tunnel to an anonymizer. The technology to do so varies. Protocols used by
anonymizer services may include SOCKS, PPTP, or OpenVPN. In this case either the
desired application must support the tunneling protocol, or a piece of software must be
installed to force all connections through the tunnel. Web browsers, FTP and IRC clients
often support SOCKS for example, unlike telnet.

Phishing
Phishing is one type of cyber-attack. Phishing got its name from “phish” meaning fish. It’s a
common phenomenon to put bait for the fish to get trapped. Similarly, phishing works. It is an
unethical way to dupe the user or victim to click on harmful sites. The attacker crafts the
harmful site in such a way that the victim feels it to be an authentic site, thus falling prey to it.
The most common mode of phishing is by sending spam emails that appear to be authentic and
thus, taking away all credentials from the victim. The main motive of the attacker behind
phishing is to gain confidential information like
• Password
• Credit card details
• Social security numbers
• Date of birth
The attacker uses this information to further target the user and impersonate the user and
cause data theft. The most common type of phishing attack happens through email. Phishing
victims are tricked into revealing information that they think should be kept private. The original
logo of the email is used to make the user believe that it is indeed the original email. But if we
carefully look into the details, we will find that the URL or web address is not authentic.
How Does Phishing Occur?
Below mentioned are the ways through which Phishing generally occurs. Upon using any of the
techniques mentioned below, the user can lead to Phishing Attacks.
• Clicking on an unknown file or attachment: Here, the attacker deliberately sends a
mysterious file to the victim, as the victim opens the file, either malware is injected into
his system or it prompts the user to enter confidential data.
• Using an open or free wifi hotspot: This is a very simple way to get confidential
information from the user by luring him by giving him free wifi. The wifi owner can
control the user’s data without the user knowing it.
• Responding to social media requests: This commonly includes social engineering.
Accepting unknown friend requests and then, by mistake, leaking secret data are the
most common mistake made by naive users.
• Clicking on unauthenticated links or ads: Unauthenticated links have been deliberately
crafted that lead to a phished website that tricks the user into typing confidential data.
Types of Phishing Attacks
There are several types of Phishing Attacks, some of them are mentioned below. Below
mentioned attacks are very common and mostly used by the attackers.
• Email Phishing: The most common type where users are tricked into clicking unverified
spam emails and leaking secret data. Hackers impersonate a legitimate identity and send
emails to mass victims. Generally, the goal of the attacker is to get personal details like
bank details, credit card numbers, user IDs, and passwords of any online shopping
website, installing malware, etc. After getting the personal information, they use this
information to steal money from the user’s account or harm the target system, etc.
• Spear Phishing: In spear phishing of phishing attack, a particular user (organization or
individual) is targeted. In this method, the attacker first gets the full information of the
target and then sends malicious emails to his/her inbox to trap him into typing
confidential data. For example, the attacker targets someone (let’s assume an employee
from the finance department of some organization). Then the attacker pretends to be
like the manager of that employee and then requests personal information or transfers a
large sum of money. It is the most successful attack.
• Whaling: Whaling is just like spear-phishing but the main target is the head of the
company, like the CEO, CFO, etc. a pressurized email is sent to such executives so that
they don’t have much time to think, therefore falling prey to phishing.
• Smishing: In this type of phishing attack, the medium of phishing attack is
SMS. Smishing works similarly to email phishing. SMS texts are sent to victims containing
links to phished websites or invite the victims to call a phone number or to contact the
sender using the given email. The victim is then invited to enter their personal
information like bank details, credit card information, user id/ password, etc. Then using
this information, the attacker harms the victim.
• Vishing: Vishing is also known as voice phishing. In this method, the attacker calls the
victim using modern caller id spoofing to convince the victim that the call is from a
trusted source. Attackers also use IVR to make it difficult for legal authorities to trace the
attacker. It is generally used to steal credit card numbers or confidential data from the
victim.
• Clone Phishing: Clone Phishing this type of phishing attack, the attacker copies the email
messages that were sent from a trusted source and then alters the information by
adding a link that redirects the victim to a malicious or fake website. Now the attacker
sends this mail to a larger number of users and then waits to watch who clicks on the
attachment that was sent in the email. It spreads through the contacts of the user who
has clicked on the attachment.
Impact of Phishing
These are the impacts on the user upon affecting the Phishing Attacks. Each person has their
own impact after getting into Phishing Attacks, but these are some of the common impacts that
happen to the majority of people.
• Financial Loss: Phishing attacks often target financial information, such as credit card
numbers and bank account login credentials. This information can be used to steal
money or make unauthorized purchases, leading to significant financial losses.
• Identity Theft: Phishing attacks can also steal personal information, such as Social
Security numbers and date of birth, which can be used to steal an individual’s identity
and cause long-term harm.
• Damage to Reputation: Organizations that fall victim to phishing attacks can suffer
damage to their reputation, as customers and clients may lose trust in the company’s
ability to protect their information.
• Disruption to Business Operations: Phishing attacks can also cause significant disruption
to business operations, as employees may have their email accounts or computers
compromised, leading to lost productivity and data.
• Spread of Malware: Phishing attacks often use attachments or links to deliver malware,
which can infect a victim’s computer or network and cause further harm.
Signs of Phishing
It is very much important to be able to identify the signs of a phishing attack in order to protect
against its harmful effects. These signs help the user to protect user data and information from
hackers. Here are some signs to look out for include:
• Suspicious email addresses: Phishing emails often use fake email addresses that appear
to be from a trusted source, but are actually controlled by the attacker. Check the email
address carefully and look for slight variations or misspellings that may indicate a fake
address.
• Urgent requests for personal information: Phishing attacks often try to create a sense of
urgency in order to trick victims into providing personal information quickly. Be cautious
of emails or messages that ask for personal information and make sure to verify the
authenticity of the request before providing any information.
• Poor grammar and spelling: Phishing attacks are often created quickly and carelessly,
and may contain poor grammar and spelling errors. These mistakes can indicate that the
email or message is not legitimate.
• Requests for sensitive information: Phishing attacks often try to steal sensitive
information, such as login credentials and financial information. Be cautious of emails or
messages that ask for sensitive information and verify the authenticity of the request
before providing any information.
• Unusual links or attachments: Phishing attacks often use links or attachments to deliver
malware or redirect victims to fake websites. Be cautious of links or attachments in
emails or messages, especially from unknown or untrusted sources.
• Strange URLs: Phishing attacks often use fake websites that look similar to the real ones,
but have slightly different URLs. Look for strange URLs or slight variations in the URL that
may indicate a fake website.
How To Stay Protected Against Phishing?
Until now, we have seen how a user becomes so vulnerable due to phishing. But with proper
precautions, one can avoid such scams. Below are the ways listed to protect users against
phishing attacks:
• Authorized Source: Download software from authorized sources only where you have
trust.
• Confidentiality: Never share your private details with unknown links and keep your data
safe from hackers.
• Check URL: Always check the URL of websites to prevent any such attack. it will help you
not get trapped in Phishing Attacks.
• Avoid replying to suspicious things: If you receive an email from a known source but
that email looks suspicious, then contact the source with a new email rather than using
the reply option.
• Phishing Detection Tool: Use phishing-detecting tools to monitor the websites that are
crafted and contain unauthentic content.
• Try to avoid free wifi: Avoid using free Wifi, it will lead to threats and Phishing.
• Keep your system updated: It’s better to keep your system always updated to protect
from different types of Phishing Attacks.
• Keep the firewall of the system ON: Keeping ON the firewalls helps you in filtering
ambiguous and suspicious data and only authenticated data will reach to you.
How To Distinguish between a Fake Website and a Real Website?
It is very important nowadays to protect yourself from fake websites and real websites. Here are
some of the ways mentioned through which you can identify which websites are real and which
ones are fake. To distinguish between a fake website and a real website always remember the
following points:
• Check the URL of the website: A good and legal website always uses a secure medium to
protect yourself from online threats. So, when you first see a website link, always check
the beginning of the website. That means if a website is started with https:// then the
website is secure because https:// s denotes secure, which means the website uses
encryption to transfer data, protecting it from hackers. If a website uses http:// then the
website is not guaranteed to be safe. So, it is advised not to visit HTTP websites as they
are not secure.
• Check the domain name of the website: The attackers generally create a website whose
address mimic of large brands or companies like www.amazon.com/order_id=23. If we
look closely, we can see that it’s a fake website as the spelling of Amazon is wrong, that
is amazon is written. So, it’s a phished website. So be careful with such types of
websites.
• Look for site design: If you open a website from the link, then pay attention to the
design of the site. Although the attacker tries to imitate the original one as much as
possible, they still lack in some places. So, if you see something off, then that might be a
sign of a fake website. For example, www.sugarcube.com/facebook, when we open this
URL the page open is cloned to the actual Facebook page but it is a fake website. The
original link to Facebook is www.facebook.com.
• Check for the available web pages: A fake website does not contain the entire web
pages that are present in the original website. So, when you encounter fake websites,
then open the option(links) present on that website. If they only display a login page,
then the website is fake.
Anti-Phishing Tools
Well, it’s essential to use Anti-Phishing tools to detect phishing attacks. Here are some of the
most popular and effective anti-phishing tools available:
• Anti-Phishing Domain Advisor (APDA): A browser extension that warns users when they
visit a phishing website. It uses a database of known phishing sites and provides real-
time protection against new threats.
• PhishTank: A community-driven website that collects and verifies reports of phishing
attacks. Users can submit phishing reports and check the status of suspicious websites.
• Webroot Anti-Phishing: A browser extension that uses machine learning algorithms to
identify and block phishing websites. It provides real-time protection and integrates with
other security tools.
• Malwarebytes Anti-Phishing: A security tool that protects against phishing attacks by
detecting and blocking suspicious websites. It uses a combination of machine learning
and signature-based detection to provide real-time protection.
• Kaspersky Anti-Phishing: A browser extension that provides real-time protection against
phishing attacks. It uses a database of known phishing sites and integrates with other
security tools to provide comprehensive protection.

Password Cracking
Password cracking is one of the imperative phases of the hacking framework. Password cracking
is a way to recuperate passwords from the information stored or sent by a PC or mainframe.
The motivation behind password cracking is to assist a client with recuperating a failed
authentication or recovering a password, as a preventive measure by framework chairmen to
check for effectively weak passwords, or an assailant can utilize this cycle to acquire unapproved
framework access.
Types of Password Attacks:
Password cracking is consistently violated regardless of the legal aspects to secure from
unapproved framework access, for instance, recovering a password the customer had forgotten
etc. This hack arrangement depends upon aggressors exercises, which are ordinarily one of the
four types:
1. Non-Electronic Attacks –
This is most likely the hacker’s first go-to to acquire the target system password. These
sorts of password cracking hacks don’t need any specialized ability or information about
hacking or misuse of frameworks. Along these lines, this is a non-electronic hack. A few
strategies used for actualizing these sorts of hacks are social engineering, dumpster
diving, shoulder surfing, and so forth.
2. Active Online Attacks –
This is perhaps the most straightforward approach to acquire unapproved manager-level
mainframe access. To crack the passwords, a hacker needs to have correspondence with
the objective machines as it is obligatory for password access. A few techniques used for
actualizing these sorts of hacks are word reference, brute-forcing, password speculating,
hash infusion, phishing, LLMNR/NBT-NS Poisoning, utilizing Trojan/spyware/keyloggers,
and so forth.
3. Passive Online Attacks –
An uninvolved hack is a deliberate attack that doesn’t bring about a change to the
framework in any capacity. In these sorts of hacks, the hacker doesn’t have to deal with
the framework. In light of everything, he/she idly screens or records the data ignoring
the correspondence channel to and from the mainframe. The attacker then uses the
critical data to break into the system. Techniques used to perform passive online hacks
incorporate replay attacks, wire-sniffing, man-in-the-middle attack, and so on.
4. Offline Attacks –
Disconnected hacks allude to password attacks where an aggressor attempts to
recuperate clear content passwords from a password hash dump. These sorts of hacks
are habitually dreary yet can be viable, as password hashes can be changed due to their
more modest keyspace and more restricted length. Aggressors utilize preprocessed
hashes from rainbow tables to perform disconnected and conveyed network hacks.
Some of the best practices protecting against password cracking include:
1. Perform data security reviews to screen and track password assaults.
2. Try not to utilize a similar password during the password change.
3. Try not to share passwords.
4. Do whatever it takes not to use passwords that can be found in a word reference.
5. Make an effort not to use clear content shows and shows with weak encryption.
6. Set the password change technique to 30 days.
7. Try not to store passwords in an unstable area.
8. Try not to utilize any mainframes or PC’s default passwords.
9. Unpatched computers can reset passwords during cradle flood or Denial of Service
assaults. Try to refresh the framework.
10. Empower account lockout with a specific number of endeavors, counter time, and
lockout span. One of the best approaches to oversee passwords in associations is to set
a computerized password reset.
11. Ensure that the computer or server’s BIOS is scrambled with a password, particularly on
devices that are unprotected from real perils, for instance, centralized servers and PCs.

Key loggers
Key loggers also known as keystroke loggers, may be defined as the recording of the key pressed
on a system and saved it to a file, and the that file is accessed by the person using this malware.
Key logger can be software or can be hardware. Working: Mainly key-loggers are used to steal
password or confidential details such as bank information etc. First key-logger was invented in
1970’s and was a hardware key logger and first software key-logger was developed in 1983.
1. Software key-loggers: Software key-loggers are the computer programs which are developed
to steal password from the victim’s computer. However key loggers are used in IT organizations
to troubleshoot technical problems with computers and business networks. Also, Microsoft
windows 10 also has key-logger installed in it.
1. JavaScript based key logger – It is a malicious script which is installed into a web page,
and listens for key to press such as oneKeyUp(). These scripts can be sent by various
methods, like sharing through social media, sending as a mail file, or RAT file.
2. Form Based Key loggers – These are key-loggers which activates when a person fills a
form online and when click the button submit all the data or the words written is sent
via file on a computer. Some key-loggers works as a API in running application it looks
like a simple application and whenever a key is pressed it records it.
2. Hardware Key-loggers: These are not dependent on any software as these are hardware key-
loggers. keyboard hardware is a circuit which is attached in a keyboard itself that whenever the
key of that keyboard pressed it gets recorded.
1. USB keylogger – There are USB connector key-loggers which has to be connected to a
computer and steals the data. Also, some circuits are built into a keyboard so no external
wire i used or shows on the keyboard.
2. Smartphone sensors – Some cool android tricks are also used as key loggers such as
android accelerometer sensor which when placed near to the keyboard can sense the
vibrations and the graph then used to convert it to sentences, this technique accuracy is
about 80%. Now a days crackers are using keystroke logging Trojan, it is a malware which
is sent to a victims computer to steal the data and login details.
So key-loggers are the software malware or a hardware which is used to steal , or snatch our
login details, credentials , bank information and many more. Some keylogger application used in
2020 are: Kidlogger, Best Free Keylogger, Windows Keylogger, Refog Personal Monitor, All In One
Keylogger
Prevention from key-loggers: These are following below-
1. Anti-Key-logger – As the name suggest these are the software which are anti / against
key loggers and main task is to detect key-logger from a computer system.
2. Anti-Virus – Many anti-virus software also detects key loggers and delete them from the
computer system. These are software anti-software so these cannot get rid from the
hardware key-loggers.
3. Automatic form filler – This technique can be used by the user to not fill forms on
regular bases instead use automatic form filler which will give a shield against key-
loggers as keys will not be pressed.
4. One-Time-Passwords – Using OTPs as password may be safe as every time, we login we
have to use a new password.
5. Patterns or mouse-recognition – On android devices used pattern as a password of
applications and on PC use mouse recognition, mouse program uses mouse gestures
instead of stylus.
6. Voice to Text Converter – This software helps to prevent Keylogging which targets a
specific part of our keyboard.
These techniques are less common but are very helpful against key-loggers.
Spyware
Spyware is a breach of cyber security as they usually get into the laptop/ computer system
when a user unintentionally clicks on a random unknown link or opens an unknown attachment,
which downloads the spyware alongside the attachment. It is a best practice to be cautious of
the sites that are used for downloading content on the system. Spyware is a type of software
that unethically without proper permissions or authorization steals a user’s personal or business
information and sends it to a third party. Spyware may get into a computer or laptop as a
hidden component through free or shared wares.
Spywares perform the function of maliciously tracking a user’s activity, having access to data, or
even resulting in the crashing of the computer/ laptop system. Spyware in many cases runs as a
background process and slows down the normal functioning of the computer system.
Spyware enters the laptop/computer system through the below-listed ways:
• Phishing: It is a form of a security breach where spyware enters the system when a
suspicious link is clicked or an unknown dangerous attachment is downloaded.
• Spoofing: It goes alongside phishing and makes the unauthorized emails appear to come
from legitimate users or business units.
• Free Softwares or Shared Softwares: It gets into the system when a user installs
software that is free of cost but has additional spyware added to them.
• Misleading software: This is advertised as very beneficial for the system and would
boost up the speed of the system but lead to stealing confidential information from the
system.
How does Spyware Enter the Computer System?
Spyware entering the system is very dangerous and therefore proper knowledge of them can
save a lot of trusted information from being accessible to third-party. Spywares are classified on
the basis of the function they perform. There are different types of Spyware, which can attack
our system. These are listed as below:
• Adware: It is a type of Spyware that keeps track of the user’s activity and gives
advertisements based on the tracked activity of the user.
• Tracking Cookies: It is a type of Spyware that tracks a user’s activity and supplies the
same to third parties.
• Trojans: It is a type of Spyware that is the most dangerous. It aims to steal confidential
user information such as bank details, passwords and transfers it to a third party to
perform illegal transactions or frauds.
• Keyloggers: It is a type of Spyware that keeps a track of all the keystrokes that the user
enters through the keyboard. It is dangerous as it contributes bro cyber fraud where
sensitive passwords can be stolen by keeping an eye on the user who entered the
information.
• Stalkerware: It is a type of Spyware that is installed on mobile phones to stalk the user. It
tracks the movement of the user and sends the same to the third party.
• System Monitor: It is a type of Spyware that monitors and keep a track of the entire
system including users activity, sensitive information, keystrokes, calls, and chats. It is
extremely dangerous to user privacy.
How Spyware Infects Devices?
Spyware gets attached to websites and downloads without going much into the notice of the
user. There are many software’s that get downloaded without any warning alongside the
needed software and are very dangerous for our computer system. Another way of spyware,
entering our systems is when the user clicks unverified links or downloads malicious contents on
the computer system.
When spyware enters the computer system it unethically accesses the information that it is not
authorized to view. In most cases, it also supplies this information to third-party users leading to
data leaks. Sensitive information such as passwords and bank information are at much risk if
spyware enters the computer system. Data leak, stealing of sensitive information, tracking
user’s activity/ preferences, making the system slow down, and even crashing the computer
system are the effects that can be caused when spyware enters the computer system without
the user’s consent.
How to Prevent Spyware?
• Installing Antivirus/ Antispyware: The best way to protect your system from spyware is
to install a good quality Anti-spyware or Antivirus such as MalwareBytes, Adaware, AVG
Antivirus, SpywareBlaster, etc. This will help in protecting the computer system in case
spyware tries to attach to our system. Installing Antivirus/ Antispyware also protects the
system from harmful threats by blocking sites that try to steal data or leak the data to
third-party users.
• Beware of Cookie Settings: There are some websites that transfer confidential
information alongside cookies. It is always advisable to keep a check on the cookie
settings and set the settings to high security.
• Beware of the Pop-ups on Websites: Don’t click on the pop-ups that appear on your
website without reading them. Never accept their terms and conditions as it is highly
dangerous. Always close the pop-up windows without clicking on ‘ok’.
• Never Install Free Software: Always be very cautious when you install free software on
your systems. Free software mostly has spyware attached to them and it can directly
leak confidential user information.
• Always read Terms & Conditions: Always read Terms and Conditions before installing
apps on your system. Never accept policies that breach privacy. Download only trusted
and verified apps from Google PlayStore or Apple PlayStore for mobile phones to protect
them from Spyware.

Worms and Virus


1. Worms:
Worms are similar to a virus but it does not modify the program. It replicates itself more and
more to cause slow down the computer system. Worms can be controlled by remote. The main
objective of worms is to eat the system resources. The WannaCry ransomware worm in 2000
exploits the Windows Server Message Block (SMBv1) which is a resource-sharing protocol.
2. Virus:
A virus is a malicious executable code attached to another executable file that can be harmless
or can modify or delete data. When the computer program runs attached with a virus it
performs some action such as deleting a file from the computer system. Viruses can’t be
controlled by remote. The ILOVEYOU virus spreads through email attachments.
Difference between Worms and Virus:

Basis of
Sr.No. Comparison WORMS VIRUS

A Virus is a malicious executable


code attached to another
A Worm is a form of malware that executable file which can be
replicates itself and can spread to harmless or can modify or
1. Definition different computers via Network. delete data.

The main objective of worms is to eat


the system resources. It consumes
system resources such as memory and
The main objective of viruses is
bandwidth and made the system slow
2. Objective to modify the information.
in speed to such an extent that it
stops responding.

It doesn’t need a host to replicate It requires a host is needed for


3. Host from one computer to another. spreading.

4. Harmful It is less harmful as compared. It is more harmful.

Detection
and Worms can be detected and removed Antivirus software is used for
5. Protection by the Antivirus and firewall. protection against viruses.

Controlled Viruses can’t be controlled by


6. by Worms can be controlled by remote. remote.

Worms are executed via weaknesses Viruses are executed via


7. Execution in the system. executable files.

Worms generally comes from the


downloaded files or through a Viruses generally comes from
8. Comes from network connection. the shared or downloaded files.

• Hampering computer
performance by slowing down
it
• Pop-up windows linking
• Automatic opening and to malicious websites
running of programs
• Hampering computer
• Sending of emails without your performance by slowing
knowledge down it
• Affected the performance of • After booting, starting of
web browser unknown programs.
• Error messages concerning to • Passwords get changed
9. Symptoms system and operating system without your knowledge

• Keep your operating system • Installation of Antivirus


and system in updated state software
10. Prevention
• Avoid clicking on links from • Never open email
untrusted or unknown attachments
websites
• Avoid usage of pirated
• Avoid opening emails from software
unknown sources
• Keep your operating
• Use antivirus software and a system updated
firewall
• Keep your browser
updated as old versions
are vulnerable to linking
to malicious websites

Boot sector virus, Direct Action


Internet worms, Instant messaging virus, Polymorphic virus, Macro
worms, Email worms, File sharing virus, Overwrite virus, File
worms, Internet relay chat (IRC) Infector virus are different types
11. Types worms are different types of worms. of viruses

Examples of worms include Morris Examples of viruses include


12. Examples worm, storm worm, etc. Creeper, Blaster, Slammer, etc.

It does not need human action to It needs human action to


13. Interface replicate. replicate.

Its spreading speed is slower as


14. Speed Its spreading speed is faster. compared to worms.

Trojan Horse
The name of the Trojan Horse is taken from a classical story of the Trojan War. It is a code that is
malicious in nature and has the capacity to take control of the computer. It is designed to steal,
damage, or do some harmful actions on the computer. It tries to deceive the user to load and
execute the files on the device. After it executes, this allows cybercriminals to perform many
actions on the user’s computer like deleting data from files, modifying data from files, and
more. Now like many viruses or worms, Trojan Horse does not have the ability to replicate itself.
Now after this many Trojan viruses or Malware came which turned out to be a threat or the
most popular malware attack. As these Trojans can be found as versatile, this is used by many
online criminals for malware attacks. The Trojans are a bit tougher to be identified. Trojans can
be found in MP3 songs that the user may have downloaded, downloading games from an
unsecured website, or advertisement that pops up when the user is browsing the page.
Many people have been infected by Trojans without realizing it. This type of Trojans is called
Direct-Action-Trojans. It can’t spread to any user because when a virus infects the system show
some indications that it has been affected by the virus.
Another example there is a direct action Trojan name Js. ExitW. It can be downloaded from
many malicious sites. The effect of the Js. ExitW is to make the computer fall into a never-
ending loop of start and shutdown. The Trojan does not do any damage which could be
considered dangerous. But we should be aware that there are many Trojans that are far more
dangerous.
Features of Trojan Horse
• It steals information like a password and more.
• It can be used to allow remote access to a computer.
• It can be used to delete data and more on the user’s computers.
How Does Trojan Horse Work?
Unlike computer viruses, a Trojan horse requires a user to download the server side of the
application for it to function because it cannot manifest by itself. This means that for the Trojan
to target a device’s system, the executable (.exe) file must be implemented and the software
installed.
In order to reach as many people’s inboxes as possible, spammers send emails with attachments
that appear to be legal and that contain files that propagate trojan viruses. The trojan will install
and run automatically each and every time the infected device is turned on the email is opened
and downloaded malicious attachment.
Cybercriminals can also utilize social engineering techniques to trick people into installing
malicious software, which can then infect a device with a Trojan. The malicious file may be
hidden in internet links, pop-up ads, or banner advertisements. The malicious file may be
hidden in internet links, pop-up ads, or banner advertisements.
Trojan software can propagate to other computers from a Trojan-infected the computer. A
hacker makes the device into a zombie computer, giving them remote access to it without the
user’s knowledge. The zombie machine can then be used by hackers to spread malware among
a botnet of computers.
A user might, for example, get an email from a friend that has an attachment that likewise
appears to be real. However, the attachment has malicious code that runs on the user’s device
and installs the Trojan. The user may not be aware that anything suspicious has happened
because their machine may continue to function regularly without any signs of it having been
infected.
Until the user makes a certain action, such visiting a specific website or banking app, the
malware will remain undiscovered. As a result, the malicious code will be activated and the
Trojan will do the required hacking activity. The malware may destroy itself, go back to being
dormant, or continue to be active on the device, depending on the type of Trojan and how it
was developed.
Examples of Trojan Horse Virus Attacks
Trojan assaults that infect systems and steal user data are to blame for significant damage.
Typical instances of Trojans include:
• Rakhni Trojan: The Rakhni Trojan infects devices by delivering ransomware or a
cryptojacker utility that allows an attacker to utilize a device to mine bitcoin.
• Tiny Banker: With the use of Tiny Banker, hackers can steal users’ bank information. As
soon as it infected, it was discovered at least 20 U.S. banks.
• Zeus or Zbot: Zeus, often known as Zbot, is a toolkit that allows hackers to create their
own Trojan virus and targets financial services. To steal user passwords and financial
information, the source code employs strategies like form grabbing and keystroke
logging.
Uses of Trojan Horse
1. Spy: Some Trojans act as spyware. It is designed to take the data from the victim like
social networking (username and passwords), credit card details, and more.
2. Creating backdoors: The Trojan makes some changes in the system or the device of the
victim, so this is done to let other malware or any cyber criminals get into your device or
the system.
3. Zombie: There are many times that the hacker is not at all interested in the victim’s
computer, but they want to use it under their control.
Types of Trojan Horse
Now there are many Trojans which is designed to perform specific functions. Some of them are:
• Backdoor trojan: A trojan horse of this kind gives the attacker remote access to the
compromised machine.
• Ransom trojan: This kind of trojan horse is intended to encrypt the data on the
compromised system and then demand payment in exchange for its decryption.
• Trojan Banker: It is designed to steal the account data for online banking, credit and
debit cards, etc.
• Trojan Downloader: It is designed to download many malicious files like the new
versions of Trojan and Adware into the computer of the victims.
• Trojan Dropper: It is designed to prevent the detection of malicious files in the system. It
can be used by hackers for installing Trojans or viruses on the victim’s computers.
• Trojan GameThief: It is designed to steal data from Online Gamers.
• Trojan I’s: It is designed to steal the data of login and passwords like: -a. skype b. yahoo
pager and more.
Other Trojans can also be used like: -Trojan-notifier, Trojan-clicker, and more.
Advantage of Trojan Horse
• It can be sent as an attachment in an email.
• It can be in some pop-up ads that we find on the web page.
• It can be used to allow remote access to a computer.
• It can be used to delete data and more on the user’s computers.
Disadvantages of Trojan Horse
• It can’t manifest by itself. It requires the implementation of the .exe files.
• It remains undetected and starts its execution when the user is doing any online
transaction activity.
• the system or the device where it has been affected will be slow.
• The user can also experience a direct shutdown of the computer.
• The user will experience the files to be opening much slower.
Prevention from Trojan Horse
• Do not download anything like the images, and audios from an unsecured website.
• Do not click on the ads that pop up on the page with advertisements for online games.
• Do not open any attachment that has been sent from an unknown use.
• The user has to install the anti-virus program. This anti-virus program has the capacity to
detect those files which are affected by a virus.
Trojan Horse vs. Backdoor: A Comparative Analysis
In the world of cybersecurity, malicious software tools like Trojan horses and backdoors are
commonly used by cybercriminals to infiltrate systems, steal data, and cause significant damage.
These terms often get thrown around interchangeably, leading to confusion among the general
public. This article aims to clarify the difference between the two by providing a comprehensive
comparison in tabular form. So, if you've ever wondered about the distinction between a Trojan
horse and a backdoor, read on to unravel their unique characteristics and functionalities.
Understanding Trojan Horses
A Trojan horse, inspired by the mythical tale of the wooden horse used to infiltrate the city of
Troy, is a type of malware that disguises itself as legitimate software or files to deceive
unsuspecting users. Once executed, a Trojan horse opens a backdoor on the victim's system,
allowing hackers to gain unauthorized access and carry out various malicious activities without
the user's knowledge. Unlike viruses or worms, which can replicate and spread on their own,
Trojan horses require human interaction to execute and deploy their payload.
Types of Trojan Horses
Trojan horses come in different forms, each designed to serve a specific purpose. Here are some
common types of Trojan horses:
• Remote Access Trojans (RATs): These Trojans enable remote control and administration
of the victim's system, providing hackers with full access and control over the
compromised device. RATs are frequently used in espionage and surveillance activities.
• Keyloggers: These Trojans are programmed to record keystrokes on the victim's system,
allowing hackers to capture sensitive information like passwords, credit card details, and
other personal data.
• Banking Trojans: As the name suggests, these Trojans target online banking services,
intercepting login credentials and financial information to carry out fraudulent
transactions.

Backdoors
While Trojan horses serve as the means to establish a backdoor, the term "backdoor" refers to a
hidden entry point in a system or application intentionally created by software developers for
legitimate purposes, such as system administration or debugging. However, cybercriminals
often exploit these backdoors to gain unauthorized access and control over compromised
systems.
The Purpose of Backdoors
Backdoors can serve both legitimate and malicious purposes, depending on who has control
over them. Software developers may create backdoors to facilitate troubleshooting or allow
system administrators to regain access in case of lockouts. However, when unauthorized
individuals gain access to backdoors, they can manipulate or exploit systems, often resulting in
severe consequences.
Trojan Horse vs. Backdoor: A Comparative Analysis

Trojan Horse Backdoor

Definition • A type of malware that • A hidden entry point intentionally created


disguises itself as by software developers for legitimate
legitimate software or files purposes but can be exploited by
to deceive users and open unauthorized individuals.
a backdoor.

Execution • Requires human • Can be present in system or application


interaction to execute and code, ready to be exploited by
deploy its payload. unauthorized individuals.

Objective • Deceive users and gain • Facilitate legitimate system administration


unauthorized access to but can be exploited for unauthorized
systems or steal sensitive access and control.
data.

Methods of • Disguised as legitimate • Present in the system or application code,


Deployment software or files and waiting to be triggered by unauthorized
spread through social individuals or malware.
engineering, email
attachments, or malicious
downloads.

Functionalities • Can be used for various • Provides unauthorized access and control
malicious activities, such over compromised systems, allowing
as remote control of the manipulation, data theft, or further
victim’s system, data theft, malware deployment.
or installing additional
malware.

Visibility • Disguised as legitimate • Hidden within the system or application


software, making it code, often requiring advanced techniques
challenging to detect for detection.
without proper
cybersecurity measures.
Detection and • Requires robust antivirus • Regular security audits, code reviews, and
Prevention software and user network monitoring can help identify and
vigilance to detect and mitigate potential backdoor
prevent infection. vulnerabilities.

Steganography
A steganography technique involves hiding sensitive information within an ordinary, non-secret
file or message, so that it will not be detected. The sensitive information will then be extracted
from the ordinary file or message at its destination, thus avoiding detection. Steganography is
an additional step that can be used in conjunction with encryption in order to conceal or
protect data.
Steganography is a means of concealing secret information within (or even on top of) an
otherwise mundane, non-secret document or other media to avoid detection. It comes from the
Greek words steganos, which means “covered” or “hidden,” and graph, which means “to write.”
Hence, “hidden writing.”
You can use steganography to hide text, video, images, or even audio data. It’s a helpful bit of
knowledge, limited only by the type of medium and the author’s imagination.
Different Types of Steganography
1. Text Steganography − There is steganography in text files, which entails secretly storing
information. In this method, the hidden data is encoded into the letter of each word.
2. Image Steganography − The second type of steganography is image steganography, which
entails concealing data by using an image of a different object as a cover. Pixel intensities are
the key to data concealment in image steganography.
Since the computer description of an image contains multiple bits, images are frequently used
as a cover source in digital steganography.
The various terms used to describe image steganography include:
• Cover-Image - Unique picture that can conceal data.
• Message - Real data that you can mask within pictures. The message may be in the form
of standard text or an image.
• Stego-Image − A stego image is an image with a hidden message.
• Stego-Key - Messages can be embedded in cover images and stego-images with the help
of a key, or the messages can be derived from the photos themselves.
3. Audio Steganography − It is the science of hiding data in sound. Used digitally, it protects
against unauthorized reproduction. Watermarking is a technique that encrypts one piece of
data (the message) within another (the "carrier"). It’s typical uses involve media playback,
primarily audio clips.
4. Video Steganography − Video steganography is a method of secretly embedding data or
other files within a video file on a computer. Video (a collection of still images) can function as
the "carrier" in this scheme. Discrete cosine transform (DCT) is commonly used to insert values
that can be used to hide the data in each image in the video, which is undetectable to the naked
eye. Video steganography typically employs the following file formats: H.264, MP4, MPEG, and
AVI.
5. Network or Protocol Steganography − It involves concealing data by using a network protocol
like TCP, UDP, ICMP, IP, etc., as a cover object. Steganography can be used in the case of covert
channels, which occur in the OSI layer network model.
Steganography Examples Include
• Writing with invisible ink
• Embedding text in a picture (like an artist hiding their initials in a painting they’ve done)
• Backward masking a message in an audio file (remember those stories of evil messages
recorded backward on rock and roll records?)
• Concealing information in either metadata or within a file header
• Hiding an image in a video, viewable only if the video is played at a particular frame rate
• Embedding a secret message in either the green, blue, or red channels of an RRB image
Steganography can be used both for constructive and destructive purposes. For example,
education and business institutions, intelligence agencies, the military, and certified ethical
hackers use steganography to embed confidential messages and information in plain sight.
On the other hand, criminal hackers use steganography to corrupt data files or hide malware in
otherwise innocent documents. For example, attackers can use BASH and PowerShell scripts to
launch automated attacks, embedding scripts in Word and Excel documents. When a poor,
unsuspecting user clocks one of those documents open, they activate the secret, hidden script,
and chaos ensues. This process is a favored ransomware delivery method.

DoS attacks
DoS attacks are attempts to interrupt a website or network’s operations by overwhelming it
with traffic. The attacker achieves this by sending an enormous number of requests to the
target server, which causes it to slow down or even crash, making it inaccessible to legitimate
users.
Denial of service (DOS) is a network security attack, in which, the hacker makes the system or
data unavailable to someone who needs it. Denial of service is of various types:
1. Browser Redirection – This happens when you are trying to reach a webpage, however,
another page with a different URL opens. You can view only the directed page and are
unable to view the contents of the original page. This is because the hacker has
redirected the original page to a different page.
2. Closing Connections – After closing the connection, there can be no communication
between the sender(server) and the receiver(client). The hacker closes the open
connection and prevents the user from accessing resources.
3. Data Destruction – This is when the hacker destroys the resource so that it becomes
unavailable. He might delete the resources, erase, wipe, overwrite or drop tables for
data destruction.
4. Resource Exhaustion – This is when the hacker repeatedly requests access for a resource
and eventually overloads the web application. The application slows down and finally
crashes. In this case the user is unable to get access to the webpage.
How Do DoS Attacks Impact Businesses and Users?
DoS attacks can have severe consequences for businesses and users alike. Here are some
impacts of DoS attacks:
• Loss of Revenue: DoS attacks can cause businesses to lose significant amounts of
revenue as customers are unable to access their website or service.
• Damage to Reputation: DoS attacks can damage a company’s reputation and erode the
trust of its customers.
• Financial Losses: The cost of mitigating a DoS attack can be significant, and businesses
may also have to pay for lost revenue, legal fees and damages.
• Disruption of Critical Services: DoS attacks can disrupt critical services, such as
healthcare and emergency services, which can have life-threatening consequences.
• Loss of Data: Data destruction attacks can cause businesses to lose critical data, leading
to financial losses and damage to the company’s reputation.
Preventing DoS Attacks: There are several measures businesses can take to prevent DoS attacks,
including:
• Implementing DDoS protection solutions that can detect and mitigate DoS attacks in real
time.
• Ensuring their website and network infrastructure is up-to-date with the latest security
patches.
• Using strong authentication mechanisms, such as multi-factor authentication, to prevent
unauthorized access to the network.
• Monitoring network traffic to detect unusual patterns and take immediate action to
prevent potential attacks.

DDoS Attack
Distributed Denial of Service (DDoS) is a type of DOS attack where multiple systems, which are
trojan infected, target a particular system which causes a DoS attack.
A DDoS attack uses multiple servers and Internet connections to flood the targeted resource. A
DDoS attack is one of the most powerful weapons on the cyber platform. When you come to
know about a website being brought down, it generally means it has become a victim of a DDoS
attack. This means that the hackers have attacked your website or PC by imposing heavy traffic.
Thus, crashing the website or computer due to overloading.
Example: In 2000, Michael Calce, a 15-year-old boy who used the online name “Mafiaboy”, was
behind one of the first DDoS attacks. He hacked into the computer networks of various different
universities. He used their servers to operate a DDoS attack that brought down several websites
such as eBay and Yahoo. In 2016, Dyn was hit with a massive DDoS attack that took down major
websites and services such as Netflix, PayPal, Amazon, and GitHub.
DoS
DoS stands for Denial of Service. It is a type of attack on a service that disrupts its normal
function and prevents other users from accessing it. The most common target for a DoS attack is
an online service such as a website, though attacks can also be launched against networks,
machines, or even a single program.
Difference between DoS and DDoS

DoS DDoS

DDoS Stands for Distributed Denial of service


DoS Stands for Denial-of-service attack.
attack.

In Dos attack single system targets the In DDoS multiple systems attack the victim’s
victim system. system.

Victim’s PC is loaded from the packet of Victim PC is loaded from the packet of data sent
data sent from a single location. from Multiple locations.

Dos attack is slower as compared to DDoS. A DDoS attack is faster than Dos Attack.

It is difficult to block this attack as multiple


Can be blocked easily as only one system
devices are sending packets and attacking from
is used.
multiple locations.

In DOS Attack only a single device is used In a DDoS attack, the volumeBots are used to
with DOS Attack tools. attack at the same time.

DOS Attacks are Easy to trace. DDOS Attacks are Difficult to trace.

Types of DOS Attacks are: Types of DDOS Attacks are:


1. Buffer overflow attacks 1. Volumetric Attacks
DoS DDoS

2. Ping of Death or ICMP flood 2. Fragmentation Attacks


3. Teardrop Attack 3. Application Layer Attacks
4. Flooding Attack 4. Protocol Attack.

Types of DDoS Attacks


1. Volumetric Attacks: Volumetric Attacks are the most prevalent form of DDoS attacks.
They use a botnet to overload the network or server with heavy traffic but exceed the
network’s capabilities of processing the traffic. This attack overloads the target with
huge amounts of junk data. This leads to the loss of network bandwidth and can lead to
a complete denial of service.
2. Protocol Attacks: TCP Connection Attacks exploit a vulnerability in the TCP connection
sequence which is commonly referred to as the three-way handshake connection
between the host and the server. The work is explained as follows. The targeted server
receives a request to start with the handshake. In this attack, the handshake is never
accomplished. This leaves the connected port as busy and unavailable to process any
further requests. Meanwhile, the cybercriminal continues to send multiple requests
overwhelming all the working ports and shutting down the server.
3. Application Attacks: Application layer attacks (Layer 7 attacks) target the applications of
the victim in a slower fashion. Thus, they may initially appear as legitimate requests
from users and the victim becomes unable to respond. These attacks target the layer
where a server generates web pages and responds to HTTP requests. Application-level
attacks are combined with other kinds of DDoS attacks targeting applications, along with
the network and bandwidth. These attacks are threatening as it is more difficult for
companies to detect.
4. Fragmentation Attacks: The cybercriminal exploits frangibility in the datagram
fragmentation process, in which IP datagrams are divided into smaller packets,
transferred across a network, and then reassembled. In such attacks, fake data packets
are unable to be reassembled.
How do DDoS Attacks Work?
The logic of a DDoS attack is very simple, although attacks can be highly different from each
other. Network connections consist of various layers of the OSI model. Various types of DDoS
attacks focus on particular layers. Examples are illustrated below:
• Layer-3: Network layer – Attacks are known as Smurf Attacks, ICMP Floods, and IP/ICMP
Fragmentation.
• Layer-4: Transport layer – Attacks include SYN Floods, UDP Floods, and TCP Connection
Exhaustion.
• Layer-7: Application layer – HTTP-encrypted attacks.
How to Protect Yourself from DDoS Attacks?
1. Take quick action: Sooner the DDoS attack is identified, the quicker the harm can be
resisted. Companies should provide DDoS services or a certain kind of technology so that
the heavy traffic can be realized and worked upon as soon as possible.
2. Configure firewalls and routers: Firewalls and routers should be configured in such a way
that they reject bogus traffic and you should keep your routers as well as firewalls
updated with the latest security patches.
3. Consider artificial intelligence: While present defenses of advanced firewalls and
intrusion detection systems are very common, Artificial Intelligence is being used to
develop new systems.
4. Secure your Internet of Things devices: To keep your devices from becoming a part of
a botnet, it’s smart to make sure your computers have trusted security software. It’s
important to keep it updated with the latest security patches.

SQL injection
SQL injection is a technique used to extract user data by injecting web page inputs as
statements through SQL commands. Basically, malicious users can use these instructions to
manipulate the application’s web server.
1. SQL injection is a code injection technique that can compromise your database.
2. SQL injection is one of the most common web hacking techniques.
3. SQL injection is the injection of malicious code into SQL statements via web page input.
The Exploitation of SQL Injection in Web Applications
Web servers communicate with database servers anytime they need to retrieve or store user
data. SQL statements by the attacker are designed so that they can be executed while the web
server is fetching content from the application server. It compromises the security of a web
application.
Example of SQL Injection
Suppose we have an application based on student records. Any student can view only his or her
own records by entering a unique and private student ID.
Suppose we have a field like the one below:
Student id: The student enters the following in the input field: 12222345 or 1=1.
Query:
SELECT * from STUDENT where
STUDENT-ID == 12222345 or 1 = 1
Now, this 1=1 will return all records for which this holds true. So basically, all the student data is
compromised. Now the malicious user can also delete the student records in a similar fashion.
Consider the following SQL query.
Query:
SELECT * from USER where
USERNAME = “” and PASSWORD=””
Now the malicious can use the ‘=’ operator in a clever manner to retrieve private and secure
user information. So instead of the above-mentioned query the following query when executed
retrieves protected data, not intended to be shown to users.
Query:
Select * from User where
(Username = “” or 1=1) AND
(Password=”” or 1=1).
Since 1=1 always holds true, user data is compromised.
Impact of SQL Injection
The hacker can retrieve all the user data present in the database such as user details, credit card
information, and social security numbers, and can also gain access to protected areas like the
administrator portal. It is also possible to delete user data from the tables.
Nowadays, all online shopping applications and bank transactions use back-end database
servers. So, in case the hacker is able to exploit SQL injection, the entire server is compromised.
Preventing SQL Injection
• User Authentication: Validating input from the user by pre-defining length, type of input,
of the input field and authenticating the user.
• Restricting access privileges of users and defining how much amount of data any
outsider can access from the database. Basically, users should not be granted permission
to access everything in the database.
• Do not use system administrator accounts.
SQL in Web Pages
SQL injection typically occurs when you ask a user for input, such as their username/user ID,
instead of their name/ID, and the user gives you an SQL statement that you execute without the
knowledge about your database.
txtUserId = getRequestString("UserId");
txtSQL = "SELECT * FROM Users
WHERE UserId = " + txtUserId;
SQL Injection Based on Batched SQL Statements
1. Most databases guide batch SQL statements.
2. A batch of SQL statements is a collection of two or more square statements separated by
using semicolons.
The SQL declaration underneath will return all rows from the “users” desk after which delete
the “Employees” table.
Query:
SELECT * FROM Users;
DROP TABLE Employees
Look at the following example:
Syntax:
txtEmpId = getRequestString("EmpId");
txtSQL = "SELECT * FROM Users
WHERE EmpId = " + txtEmpId;
The valid SQL statement would look like this:
Query:
SELECT * FROM Users WHERE EmpId = 116;
DROP TABLE Employees;

Buffer Overflow
Buffers are memory storage regions that temporarily hold data while it is being transferred from
one location to another. A buffer overflow (or buffer overrun) occurs when the volume of data
exceeds the storage capacity of the memory buffer. As a result, the program attempting to write
the data to the buffer overwrites adjacent memory locations.
For example, a buffer for log-in credentials may be designed to expect username and password
inputs of 8 bytes, so if a transaction involves an input of 10 bytes (that is, 2 bytes more than
expected), the program may write the excess data past the buffer boundary.
Buffer overflows can affect all types of software. They typically result from malformed inputs or
failure to allocate enough space for the buffer. If the transaction overwrites executable code, it
can cause the program to behave unpredictably and generate incorrect results, memory access
errors, or crashes.
What is a Buffer Overflow Attack
Attackers exploit buffer overflow issues by overwriting the memory of an application. This
changes the execution path of the program, triggering a response that damages files or exposes
private information. For example, an attacker may introduce extra code, sending new
instructions to the application to gain access to IT systems.
If attackers know the memory layout of a program, they can intentionally feed input that the
buffer cannot store, and overwrite areas that hold executable code, replacing it with their own
code. For example, an attacker can overwrite a pointer (an object that points to another area in
memory) and point it to an exploit payload, to gain control over the program.
Types of Buffer Overflow Attacks

• Stack-based buffer overflows are more common, and leverage stack memory that only
exists during the execution time of a function.
• Heap-based attacks are harder to carry out and involve flooding the memory space
allocated for a program beyond memory used for current runtime operations.
What Programming Languages are More Vulnerable?
C and C++ are two languages that are highly susceptible to buffer overflow attacks, as they don’t
have built-in safeguards against overwriting or accessing data in their memory. Mac OSX,
Windows, and Linux all use code written in C and C++.
Languages such as PERL, Java, JavaScript, and C# use built-in safety mechanisms that minimize
the likelihood of buffer overflow.
How to Prevent Buffer Overflows
Developers can protect against buffer overflow vulnerabilities via security measures in their
code, or by using languages that offer built-in protection.
In addition, modern operating systems have runtime protection. Three common protections
are:
• Address space randomization (ASLR)—randomly moves around the address space
locations of data regions. Typically, buffer overflow attacks need to know the locality of
executable code, and randomizing address spaces makes this virtually impossible.
• Data execution prevention—flags certain areas of memory as non-executable or
executable, which stops an attack from running code in a non-executable region.
• Structured exception handler overwrite protection (SEHOP)—helps stop malicious code
from attacking Structured Exception Handling (SEH), a built-in system for managing
hardware and software exceptions. It thus prevents an attacker from being able to make
use of the SEH overwrite exploitation technique. At a functional level, an SEH overwrite
is achieved using a stack-based buffer overflow to overwrite an exception registration
record, stored on a thread’s stack.
Security measures in code and operating system protection are not enough. When an
organization discovers a buffer overflow vulnerability, it must react quickly to patch the affected
software and make sure that users of the software can access the patch.

Wireless Network Attacks


Wireless network attacks are deliberate and malicious actions aimed at exploiting vulnerabilities
in wireless communication systems to gain unauthorized access, intercept sensitive data,
disrupt network operations, or compromise the security of devices and users connected to the
network. These attacks target weaknesses in the protocols, configurations, or encryption
mechanisms of wireless networks, taking advantage of their inherent nature of broadcasting
signals over the airwaves.
Types of Wireless Network Attacks
Wireless networks have undoubtedly revolutionized the way we communicate and conduct
business, offering unparalleled convenience and mobility. However, with this freedom comes
the lurking threat of malicious attackers seeking to exploit the vulnerabilities inherent in
wireless technology. Here are some of the common types of wireless network attacks:
1. Wireless Eavesdropping (Passive Attacks): Attackers use tools like packet sniffers to intercept
and monitor wireless communications between devices. By capturing data packets transmitted
over the air, they can potentially obtain sensitive information, such as login credentials, financial
data, or personal information.
2. Wireless Spoofing (Man-in-the-Middle Attacks): In these attacks, the attacker positions
themselves between the wireless client and the legitimate access point, intercepting and
manipulating data transmissions. The attacker may then relay the information back and forth,
making it appear as if they are the legitimate access point. This enables them to snoop on data
or perform other malicious actions unnoticed.
3. Wireless Jamming (Denial-of-Service Attacks): Attackers flood the wireless frequency
spectrum with interference signals, disrupting legitimate communications between devices and
access points. By creating excessive noise, they can render the wireless network unusable for
legitimate users.
4. Rogue Access Points: Attackers set up unauthorized access points, mimicking legitimate ones,
to deceive users into connecting to them. Once connected, the attacker can eavesdrop, capture
data, or launch further attacks on the unsuspecting users.
5. Brute-Force Attacks: Attackers try various combinations of passwords or encryption keys in
rapid succession until they find the correct one to gain unauthorized access to the wireless
network.
6. WEP/WPA Cracking: Attackers exploit vulnerabilities in older wireless security protocols like
Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA) to gain unauthorized access
to encrypted wireless networks.
7. Evil Twin Attacks: Attackers create fake access points with names similar to legitimate ones,
tricking users into connecting to the malicious network. Once connected, the attacker can
intercept sensitive data or execute further attacks.
8. Deauthentication/Disassociation Attacks: Attackers send forged deauthentication or
disassociation frames to wireless devices, forcing them to disconnect from the network, leading
to service disruptions or potential vulnerabilities when devices automatically reconnect.

Preventing Wireless Network Attacks: Safeguarding Your Digital Domain


Protecting your wireless network from potential threats is paramount, and we have compiled a
comprehensive list of preventive measures to ensure your digital domain remains secure.
Follow these essential tips to fortify your wireless network against attacks:
1. Update your computer often: Regularly update your operating system and applications to
ensure you have the latest security patches and fixes. Timely updates help address discovered
vulnerabilities, making it harder for attackers to exploit known weaknesses.
2. Use MAC filtering: Enable MAC filtering on your wireless router to control access to your
network. By specifying which devices are allowed to connect based on their unique MAC
addresses, you can prevent unauthorized access and enhance your network’s security.
3. Disable SSID broadcasting: Turn off SSID broadcasting to make your wireless network
invisible to casual observers. This prevents your network from being easily discoverable and
adds an extra layer of obscurity for potential attackers.
4. Use WPA2 encryption: Utilize WPA2 encryption, the latest and most secure protocol, to
safeguard your data as it travels between devices and access points. Encryption ensures that
even if intercepted, your data remains unintelligible to unauthorized entities.
5. Change the default SSID: Customize your router’s SSID to something unique and unrelated to
personal information. Avoid using common names like “Linksys” or “default” to deter attackers
from identifying and targeting your network.
6. Disable file sharing: Turn off file sharing on your network to prevent unauthorized users from
accessing your sensitive files. If file sharing is necessary, ensure you set up secure passwords to
limit access to approved users only.
7. Enable WEP encryption (only if using an older router): If your router doesn’t support WPA2,
use WEP encryption as a fallback option. However, keep in mind that WEP is less secure than
WPA2 and should only be considered if absolutely necessary.
By implementing these preventive measures, you significantly bolster your wireless network’s
security, thwarting potential attackers, and safeguarding your sensitive information and digital
activities. Stay one step ahead in the ever-evolving landscape of cybersecurity, and let your
wireless network become a fortress of protection for all your digital endeavors.

Identity Theft
Identity Theft also called Identity Fraud is a crime that is being committed by a huge number
nowadays. Identity theft happens when someone steals your personal information to commit
fraud. This theft is committed in many ways by gathering personal information such as
transactional information of another person to make transactions.
Example: Thieves use different mechanisms to extract information about customers’ credit
cards from corporate databases, once they are aware of the information, they can easily
degrade the rating of the victim’s credit card. Having this information with the thieves can make
you cause huge harm if not notified early. With these false credentials, they can obtain a credit
card in the name of the victim which can be used for covering false debts.
Types of Identity Thefts:
• Criminal Identity Theft – This is a type of theft in which the victim is charged guilty and
has to bear the loss when the criminal or the thief backs up his position with the false
documents of the victim such as ID or other verification documents and his bluff is
successful.
• Senior Identity Theft – Seniors with age over 60 are often targets of identity thieves.
They are sent information that looks to be actual and then their personal information is
gathered for such use. Seniors must be aware of not being the victim.
• Driver’s license ID Identity Theft – Driver’s license identity theft is the most common
form of ID theft. All the information on one’s driver’s license provides the name,
address, and date of birth, as well as a state driver’s identity number. The thieves use
this information to apply for loans or credit cards or try to open bank accounts to obtain
checking accounts or buy cars, houses, vehicles, electronic equipment, jewelry, anything
valuable and all are charged to the owner’s name.
• Medical Identity Theft – In this theft, the victim’s health-related information is gathered
and then a fraud medical service need is created with fraud bills, which then results in
the victim’s account for such services.
• Tax Identity Theft – In this type of attack attacker is interested in knowing your Employer
Identification Number to appeal to get a tax refund. This is noticeable when you attempt
to file your tax return or the Income Tax return department sends you a notice for this.
• Social Security Identity Theft – In this type of attack the thief intends to know your
Social Security Number (SSN). With this number, they are also aware of all your personal
information which is the biggest threat to an individual.
• Synthetic Identity Theft – This theft is uncommon to the other thefts; thief combines all
the gathered information of people and they create a new identity. When this identity is
being used than all the victims are affected.
• Financial Identity Theft – This type of attack is the most common type of attack. In this,
the stolen credentials are used to attain a financial benefit. The victim is identified only
when he checks his balances carefully as this is practiced in a very slow manner.
Techniques of Identity Thefts: Identity thieves usually hack into corporate databases for
personal credentials which requires effort but with several social-engineering techniques, it is
considered easy. Some common identity theft techniques are:
• Pretext Calling – Thieves pretending to be an employee of a company over phone asking
for financial information are an example of this theft. Pretending as legitimate
employees they ask for personal data with some buttery returns.
• Mail Theft – This is a technique in which credit card information with transactional data
is extracted from the public mailbox.
• Phishing – This is a technique in which emails pertaining to be from banks are sent to a
victim with malware in it. When the victim responds to mail their information is mapped
by the thieves.
• Internet – Internet is widely used by the world as attackers are aware of many
techniques of making users get connected with public networks over Internet which is
controlled by them and they add spyware with downloads.
• Dumpster Diving – This is a technique that has made much information out of the
known institutions. As garbage collectors are aware of this, they search for account
related documents that contain social security numbers with all the personal documents
if not shredded before disposing of.
• Card Verification Value (CVV) Code Requests – The Card Verification Value number is
located at the back of your debit cards. This number is used to enhance transaction
security but several attackers ask for this number while pretending as a bank official.
Steps Of Prevention from Identity Theft:
1. Use Strong Passwords and do not share your PIN with anyone on or off the phone.
2. Use two-factor notification for emails.
3. Secure all your devices with a password.
4. Don’t install random software from the internet.
5. Don’t post sensitive information over social media.
6. While entering passwords at payment gateway ensure its authenticity.
7. Limit the personal information to be carried without.
8. Keep a practice of changing your PIN and password regularly.
9. Do not disclose your information over phone.
10. While traveling does not disclose personal information with strangers.
11. Never share your Aadhaar/PAN number (In India) with anyone whom you do not
know/trust.
12. Never share your SSN (In US) with anyone whom you do not know/trust.
13. Do not make all the personal information on your social media accounts public.
14. Please never share an Aadhaar OTP received on your phone with someone over a call.
15. Make sure that you do not receive unnecessary OTP SMS about Aadhaar (if you do, your
Aadhaar number is already in the wrong hands).
16. Do not fill personal data on the website that claims to offer benefits in return.
17. Last, be a keeper of personal knowledge.
UNIT 4

Computer forensics
Computer forensics, also known as digital forensics, is a branch of forensic science that involves
the investigation and analysis of digital devices and electronic data to gather evidence for legal
purposes. The primary goal of computer forensics is to uncover, preserve, analyze, and present
digital evidence in a way that is admissible in a court of law. This field is crucial in dealing with
cybercrime, fraud, data breaches, and other digital incidents. Here are key aspects of computer
forensics:
1. Evidence Identification and Preservation: The process begins with the identification and
preservation of digital evidence. This involves securing and isolating the device or
storage media to prevent any alteration or contamination of the data.
2. Acquisition: Forensic specialists use specialized tools and techniques to create a forensic
copy (bit-by-bit duplicate) of the original data. This ensures that the original evidence
remains intact and unaltered during the investigation.
3. Analysis: Investigators analyze the acquired data to identify relevant information, such
as files, documents, emails, or other artifacts. This may involve recovering deleted files,
examining metadata, and reconstructing digital activities.
4. Recovery of Deleted Data: Computer forensics tools often include features for
recovering data that has been intentionally or accidentally deleted. This can be crucial in
uncovering evidence that the suspect may have tried to conceal.
5. Timeline Reconstruction: Investigators create a timeline of events to understand the
sequence of actions taken on the digital device. This helps in establishing a chronological
order of activities, which can be important in legal proceedings.
6. Network Forensics: In cases involving network-based attacks or incidents, investigators
may analyze network traffic, logs, and other digital artifacts to trace the source of
unauthorized activities and understand the extent of the compromise.
7. Documentation and Reporting: Thorough documentation of the investigation process is
essential. Investigators create detailed reports that include their findings,
methodologies, and any relevant information that can be presented in court.
8. Legal Admissibility: Computer forensic specialists must adhere to strict protocols to
ensure that the evidence they collect is admissible in court. This involves maintaining the
integrity of the evidence, following established procedures, and obtaining proper
authorization.
9. Expert Testimony: Computer forensic experts may be called upon to testify as expert
witnesses in legal proceedings. Their testimony can help explain complex technical
details to judges and juries.
Computer forensics is a constantly evolving field due to advancements in technology and
changes in cyber threats. Professionals in this field often need to stay updated on the latest
tools and techniques to effectively investigate and respond to digital incidents. Additionally,
they must adhere to ethical standards and legal requirements to ensure the integrity and
admissibility of the evidence they collect.
Computer Forensics is a scientific method of investigation and analysis in order to gather
evidence from digital devices or computer networks and components which is suitable for
presentation in a court of law or legal body. It involves performing a structured investigation
while maintaining a documented chain of evidence to find out exactly what happened on a
computer and who was responsible for it.
Types:
• Disk Forensics: It deals with extracting raw data from the primary or secondary storage
of the device by searching active, modified, or deleted files.
• Network Forensics: It is a sub-branch of Computer Forensics that involves monitoring
and analyzing the computer network traffic.
• Database Forensics: It deals with the study and examination of databases and their
related metadata.
• Malware Forensics: It deals with the identification of suspicious code and studying
viruses, worms, etc.
• Email Forensics: It deals with emails and their recovery and analysis, including deleted
emails, calendars, and contacts.
• Memory Forensics: Deals with collecting data from system memory (system registers,
cache, RAM) in raw form and then analyzing it for further investigation.
• Mobile Phone Forensics: It mainly deals with the examination and analysis of phones
and smartphones and helps to retrieve contacts, call logs, incoming, and outgoing SMS,
etc., and other data present in it.

Characteristics
• Identification: Identifying what evidence is present, where it is stored, and how it is
stored (in which format). Electronic devices can be personal computers, Mobile phones,
PDAs, etc.
• Preservation: Data is isolated, secured, and preserved. It includes prohibiting
unauthorized personnel from using the digital device so that digital evidence, mistakenly
or purposely, is not tampered with and making a copy of the original evidence.
• Analysis: Forensic lab personnel reconstruct fragments of data and draw conclusions
based on evidence.
• Documentation: A record of all the visible data is created. It helps in recreating and
reviewing the crime scene. All the findings from the investigations are documented.
• Presentation: All the documented findings are produced in a court of law for further
investigations.

Procedure:
The procedure starts with identifying the devices used and collecting the preliminary evidence
on the crime scene. Then the court warrant is obtained for the seizure of the evidence which
leads to the seizure of the evidence. The evidence is then transported to the forensics lab for
further investigations and the procedure of transportation of the evidence from the crime scene
to labs are called chain of custody. The evidence is then copied for analysis and the original
evidence is kept safe because analysis is always done on the copied evidence and not the
original evidence.
The analysis is then done on the copied evidence for suspicious activities and accordingly, the
findings are documented in a nontechnical tone. The documented findings are then presented
in a court of law for further investigations.
Some Tools used for Investigation:
Tools for Laptop or PC –
• COFFEE – A suite of tools for Windows developed by Microsoft.
• The Coroner’s Toolkit – A suite of programs for Unix analysis.
• The Sleuth Kit – A library of tools for both Unix and Windows.
Tools for Memory:
• Volatility
• WindowsSCOPE
Tools for Mobile Device:
• MicroSystemation XRY/XACT
Applications
• Intellectual Property theft
• Industrial espionage
• Employment disputes
• Fraud investigations
• Misuse of the Internet and email in the workplace
• Forgeries related matters
• Bankruptcy investigations
• Issues concerned the regulatory compliance
Advantages of Computer Forensics:
• To produce evidence in the court, which can lead to the punishment of the culprit.
• It helps the companies gather important information on their computer systems or
networks potentially being compromised.
• Efficiently tracks down cyber criminals from anywhere in the world.
• Helps to protect the organization’s money and valuable time.
• Allows to extract, process, and interpret the factual evidence, so it proves the
cybercriminal actions in the court.
Disadvantages of Computer Forensics:
• Before the digital evidence is accepted into court it must be proved that it is not
tampered with.
• Producing and keeping electronic records safe is expensive.
• Legal practitioners must have extensive computer knowledge.
• Need to produce authentic and convincing evidence.
• If the tool used for digital forensics is not according to specified standards, then in a
court of law, the evidence can be disapproved by justice.
A lack of technical knowledge by the investigating officer might not offer the desired result.
The need for computer forensics
Computer forensics is crucial for several reasons, and its significance continues to grow as
technology plays an increasingly central role in our personal and professional lives. Here are
some key reasons highlighting the need for computer forensics:

• Digital Evidence in Legal Investigations: Digital devices are often involved in criminal
activities, such as cybercrime, fraud, intellectual property theft, and more. Computer
forensics helps law enforcement and legal professionals collect, analyze, and present
digital evidence in a court of law.
• Cybercrime Investigations: With the rise of cybercrime, including hacking, data
breaches, and online fraud, computer forensics is essential for identifying perpetrators,
understanding attack vectors, and securing evidence to prosecute cybercriminals.
• Data Breach Response: Organizations that experience data breaches need to conduct
thorough investigations to determine the extent of the breach, identify the
compromised data, and understand how the breach occurred. Computer forensics helps
in this process, enabling organizations to improve their cybersecurity measures.
• Employee Misconduct and Insider Threats: Computer forensics is employed to
investigate cases of employee misconduct, such as unauthorized access, data theft, or
policy violations. It helps organizations uncover evidence of insider threats and take
appropriate action.
• Intellectual Property Theft: Companies often face challenges related to the theft of
intellectual property, trade secrets, and proprietary information. Computer forensics
assists in identifying the perpetrators and gathering evidence for legal action.
• Fraud Investigations: Financial fraud, including online scams, identity theft, and
embezzlement, can be effectively investigated using computer forensics. This involves
analyzing digital transactions, communications, and other electronic evidence.
• Incident Response: In the aftermath of a security incident, whether it's a malware
infection, ransomware attack, or any other cybersecurity incident, computer forensics
plays a crucial role in understanding the scope of the incident, mitigating further
damage, and implementing preventive measures.
• Electronic Discovery (eDiscovery): In legal proceedings, parties may request the
discovery of electronic evidence relevant to a case. Computer forensics helps in the
identification, preservation, and retrieval of this digital evidence, ensuring compliance
with legal requirements.
• Regulatory Compliance: Various industries are subject to regulations regarding data
protection and privacy. Computer forensics assists organizations in complying with these
regulations by helping them investigate and report security incidents.
• Protection of Digital Assets: Computer forensics helps organizations protect their digital
assets by identifying vulnerabilities, improving security measures, and responding
effectively to incidents. This proactive approach is crucial in an ever-evolving threat
landscape.
In summary, computer forensics is essential for uncovering and analyzing digital evidence,
whether in the context of criminal investigations, legal proceedings, or cybersecurity incidents. It
plays a pivotal role in maintaining the integrity of digital systems and ensuring justice in the
digital age.

Digital evidence
Digital evidence refers to any information or data that is stored or transmitted in digital form
and is relevant to an investigation or legal proceeding. This type of evidence plays a crucial role
in various fields, including criminal investigations, civil litigation, cybersecurity incidents, and
regulatory compliance. Digital evidence can be found on computers, servers, mobile devices,
networks, and other electronic storage media. Here are some common examples of digital
evidence:
1. Emails and Communication Logs: Digital evidence often includes email communications,
instant messaging logs, and other electronic conversations. These can be crucial in cases
involving cyber threats, harassment, or business disputes.
2. Files and Documents: Documents, spreadsheets, presentations, and other digital files
can serve as evidence in legal proceedings. Digital forensics can analyze file metadata,
timestamps, and content to establish the authenticity and relevance of documents.
3. System Logs and Event Data: Operating system logs, application logs, and event data
provide a timeline of activities on a computer or network. This information is valuable
for reconstructing events and understanding the sequence of actions taken.
4. Internet Browsing History: Web browser histories and cache data can be examined to
determine websites visited, online searches conducted, and online activities. This type of
evidence is relevant in cases involving online threats or criminal behavior.
5. Social Media Content: Social media posts, messages, and interactions can be collected
as digital evidence. This is particularly important in cases of cyberbullying, defamation,
or when establishing an individual's online presence.
6. Digital Images and Videos: Photos and videos captured by digital devices can be used as
evidence in various contexts, such as surveillance footage, crime scene documentation,
or incidents captured on mobile devices.
7. Network Traffic and Packet Captures: In cybersecurity investigations, capturing and
analyzing network traffic can provide insights into unauthorized access, data exfiltration,
or other malicious activities.
8. Metadata: Metadata includes information about other data, such as the creation date,
author, and modification history of a file. Analyzing metadata is essential for verifying
the integrity and authenticity of digital evidence.
9. Database Records: Information stored in databases, such as customer records, financial
transactions, or employee data, can be crucial in investigations related to fraud,
embezzlement, or data breaches.
10. GPS and Location Data: Mobile devices often store location data, providing information
about the movements of individuals. This can be relevant in criminal investigations or
cases involving disputes over location-specific events.
Digital evidence is subject to the same legal standards as traditional forms of evidence.
Admissibility in court depends on the proper handling, preservation, and presentation of this
evidence, often through the expertise of digital forensics professionals. It is essential to follow
established protocols to ensure the integrity and reliability of digital evidence in legal
proceedings.

Forensics analysis of email


E mail Basics
Several communicating entities called e-mail nodes which are essentially software units working
on application layer of TCP/IP model are involved in the process of e-mail delivery. E-mail is a
highly distributed service involving several actors that play different roles to accomplish end-to-
end mail exchange. These actors fall under “User Actors”, “Message Handling Service (MHS)
Actors” and “ADministrative Management Domain (ADMD) Actors” groups.
User Actors are people, organizations or processes that serve as sources or sinks of messages.
They can generate, modify or look at the whole message. User Actors can be of following four
types.

User Actor Type Roles and Responsibilities

Author Responsible for creating the message, its contents, and its list of Recipient addresses.
The MHS transfers the message from the Author and delivers it to the Recipients.
The MHS has an Originator role that correlates with the Author role.
User Actor Type Roles and Responsibilities

Recipient The Recipient is a consumer of the delivered message.


The MHS has a Receiver role that correlates with the Recipient role.
A Recipient can close the user-communication loop by creating and submitting
a new message that replies to the Author e.g. an automated form of reply is the
Message Disposition Notification (MDN)

Return Handler It is a special form of Recipient that provides notifications (failures or completions)
generated by the MHS as it transfers or delivers the message.
It is also called Bounce Handler.

All types of Mediator user actors set HELO/EHLO, ENVID, RcptTo and Received fields. Alias actors
also typically change To/CC/BCC and MailFrom fields. Identities relevant to ReSender are: From,
Reply-To, Sender, To/CC/BCC, Resent-From, Resent-Sender, Resent-To/CC/BCC and MailFrom
fields. Identities relevant to Mailing List processor are: List-Id, List-*, From, Reply-To, Sender,
To/CC and MailFrom fields. Identities relevant to Gateways are: From, Reply-To, Sender,
To/CC/BCC and MailFrom fileds. Message Handling Service (MHS) Actors are responsible for
end-to-end transfer of messages. These Actors can generate, modify or look at only transfer
data in the message. MHS Actors can be of following four types.

MHS Actor Type Roles and Responsibilities

Originator It ensures that a message is valid for posting and then submits it to a Relay
It is responsible for the functions of the Mail Submission Agent.
It also performs any post-submission that pertain to sending error and delivery
notice.
The Author creates the message, but the Originator handles any transmission issues
with it

Relay It performs MHS-level transfer-service routing and store-and-forward function by


transmitting or retransmitting the message to its Recipients.
It adds trace information but does not modify the envelope information or the
MHS Actor Type Roles and Responsibilities

semantics of message content.


It can modify message content representation, such as changing the form of transfer
encoding from binary to text, but only (as required) to meet the capabilities of the
next hop in the MHS.
When a Relay stops attempting to transfer a message, it becomes an Author because
it sends an error message to the Return Address.

Gateway It connects heterogeneous mail services despite differences in their syntax and
semantics.
It can send a useful message to a Recipient on the other side, without requiring
changes to any components in the Author’s or Recipient’s mail services.

Receiver It performs final delivery or sends the message to an alternate address.


It can also perform filtering and other policy enforcement immediately before or
after delivery.

A mail message from Author to Receiver that traverses through aMUA, aMSA, hMSA, MTA
(outbound), MTA (Inbound), hMDA, rMDA, rMailServ and rMUA is considered as good mail by
the Sender Policy Forum (SPF). Mails following through other paths are either fully or partially
non-SMTP based or uses non-standard transfer modes which are often suspected to contain
viruses and spam. Delivery Status Notification (DSN) messages are generated by some
components of MHS (MSA, MTA, or MDA) which provide information about transfer errors or
successful deliveries and are sent to MailFrom addresses. Message Disposition Notification
(MDN) messages are generated by rMUA which provide information about post-delivery
processing are sent to Disposition-Notification-To address. Out Of Office (OOO) messages are
sent by rMDA to return address.

Email Forensics
E-mail forensics refers to the study of source and content of e-mail as evidence to identify the
actual sender and recipient of a message, data/time of transmission, detailed record of e-mail
transaction, intent of the sender, etc. This study involves investigation of metadata, keyword
searching, port scanning, etc. for authorship attribution and identification of e-mail scams.
Various approaches that are used for e-mail forensic are
• Header Analysis – Meta data in the e-mail message in the form of control information
i.e. envelope and headers including headers in the message body contain information
about the sender and/or the path along which the message has traversed. Some of
these may be spoofed to conceal the identity of the sender. A detailed analysis of these
headers and their correlation is performed in header analysis.
• Bait Tactics – In bait tactic investigation an e-mail with http: “<img src>” tag having
image source at some computer monitored by the investigators is send to the sender of
e-mail under investigation containing real (genuine) e-mail address. When the e-mail is
opened, a log entry containing the IP address of the recipient (sender of the e-mail
under investigation) is recorded on the http server hosting the image and thus sender is
tracked. However, if the recipient (sender of the e-mail under investigation) is using a
proxy server then IP address of the proxy server is recorded. The log on proxy server can
be used to track the sender of the e-mail under investigation. If the proxy server’s log is
unavailable due to some reason, then investigators may send the tactic e-mail containing
a) Embedded Java Applet that runs on receiver’s computer or b) HTML page with Active
X Object. Both aiming to extract IP address of the receiver’s computer and e-mail it to
the investigators.
• Server Investigation – In this investigation, copies of delivered e-mails and server logs
are investigated to identify source of an e-mail message. E-mails purged from the clients
(senders or receivers) whose recovery is impossible may be requested from servers
(Proxy or ISP) as most of them store a copy of all e-mails after their deliveries. Further,
logs maintained by servers can be studied to trace the address of the computer
responsible for making the e-mail transaction. However, servers store the copies of e-
mail and server logs only for some limited periods and some may not co-operate with
the investigators. Further, SMTP servers which store data like credit card number and
other data pertaining to owner of a mailbox can be used to identify person behind an e-
mail address.
• Network Device Investigation – In this form of e-mail investigation, logs maintained by
the network devices such as routers, firewalls and switches are used to investigate the
source of an e-mail message. This form of investigation is complex and is used only when
the logs of servers (Proxy or ISP) are unavailable due to some reason, e.g. when ISP or
proxy does not maintain a log or lack of co-operation by ISP’s or failure to maintain chain
of evidence.
• Software Embedded Identifiers – Some information about the creator of e-mail,
attached files or documents may be included with the message by the e-mail software
used by the sender for composing e-mail. This information may be included in the form
of custom headers or in the form of MIME content as a Transport Neutral Encapsulation
Format (TNEF). Investigating the e-mail for these details may reveal some vital
information about the sender’s e-mail preferences and options that could help client-
side evidence gathering. The investigation can reveal PST file names, Windows logon
username, MAC address, etc. of the client computer used to send e-mail message.
• Sender Mailer Fingerprints – Identification of software handling e-mail at server can be
revealed from the Received header field and identification of software handling e-mail at
client can be ascertained by using different set of headers like “X-Mailer” or equivalent.
These headers describe applications and their versions used at the clients to send e-
mail. This information about the client computer of the sender can be used to help
investigators devise an effective plan and thus prove to be very useful.
Email Forensics Tools
Erasing or deleting an email doesn’t necessarily mean that it is gone forever. Often emails can
be forensically extracted even after deletion. Forensic tracing of e-mail is similar to traditional
detective work. It is used for retrieving information from mailbox files.
• MiTec Mail Viewer – This is a viewer for Outlook Express, Windows Mail/Windows Live
Mail, Mozilla Thunderbird message databases, and single EML files. It displays a list of
contained messages with all needed properties, like an ordinary e-mail client. Messages
can be viewed in detailed view, including attachments and an HTML preview. It has
powerful searching and filtering capability and also allows extracting email addresses
from all emails in opened folder to list by one click. Selected messages can be saved to
eml files with or without their attachments. Attachments can be extracted from selected
messages by one command.
• OST and PST Viewer – Nucleus Technologies’ OST and PST viewer tools help you view
OST and PST files easily without connecting to an MS Exchange server. These tools allow
the user to scan OST and PST files and they display the data saved in it including email
messages, contacts, calendars, notes, etc., in a proper folder structure.
• eMailTrackerPro – eMailTrackerPro analyses the headers of an e-mail to detect the IP
address of the machine that sent the message so that the sender can be tracked down.
It can trace multiple e-mails at the same time and easily keep track of them. The
geographical location of an IP address is key information for determining the threat level
or validity of an e-mail message.
• EmailTracer – EmailTracer is an Indian effort in cyber forensics by the Resource Centre
for Cyber Forensics (RCCF) which is a premier centre for cyber forensics in India. It
develops cyber forensic tools based on the requirements of law enforcement agencies.
Exchange Analysis
Every Exchange forensic analysis should start on the Exchange system itself. If the required
information is not available on Exchange, then a deeper analysis at the client side is typically
performed.
To preserve e-mail from a live Microsoft Exchange server, forensic investigators typically take
one of several different approaches, depending on the characteristics of the misuse being
investigated. Those approaches might include:
• Exporting a copy of a mailbox from the server using the Microsoft Outlook e-mail client,
the Exchange Management Shell or a specialized 3rd-party tool;
• Obtaining a backup copy of the entire Exchange Server database from a properly created
full backup of the server;
• Temporarily bringing the Exchange database(s) offline to create a copy;
• Using specialised software such as F-Response or EnCase Enterprise to access a live
Exchange server over the network and copying either individual mailboxes or an entire
Exchange database file.
One of the most complete collections from an Exchange server is to collect a copy of the
mailbox database files. The main advantage in this case is that the process preserves and
collects all e-mail in the store for all users with accounts on the server. If during the course of
the investigation it becomes apparent that new users should be added to the investigation, then
those users’ mailboxes have already been preserved and collected.
Traditionally, the collection of these files from live servers would require shutting down e-mail
server services for a period of time because files that are open for access by Exchange cannot
typically be copied from the server. This temporary shutdown can have a negative impact on the
company and the productivity of its employees. In some cases, a process like this is scheduled to
be done out of hours or over a weekend to further minimize impact on the company.
Some 3rd-party software utilities can also be used to access the live Exchange server over the
network and to preserve copies of the files comprising the information store.
Another approach to collecting mailbox database files is to collect a recent full backup of
Exchange, if there is one. Once these files are preserved and collected, there are a number of
3rd-party utilities on the market today that can extract mailboxes from them, such as Kernel
Exchange EDB Viewer or Kernel EDB to PST.
A different approach that is becoming more and more important, is to use features of Exchange
to perform the investigation. Exchange has a number of features such as audit logs or In-Place
Hold that help, amongst other purposes, the investigation of misuse by keeping a data intact
and a detailed log of actions performed in the messaging system.
Auditing Mailbox Access
In every organization, there are always mailboxes with sensitive information. These might be
the mailboxes of the CEO, directors, users from the HR or Payroll departments, or simply
mailboxes for which administrators have to perform discovery actions to demonstrate
compliance with regulatory or legal requirements. Although normally administrators are not
concerned with the content of user’s mailboxes, there might be someone less honest that
attempts to access someone’s mailbox in order to obtain information of value for their own
benefit.
Versions of Exchange prior to Exchange 2010 did not provide a full range of compliance
capabilities. Managed Folders or Journaling simply were not enough to perform basic audits or
to be fully compliant with legislation such as the Sarbanes-Oxley Act in the United States.
Exchange 2010 Service Pack 1 introduced a new feature known as Auditing Mailbox Access,
which allows administrators to record operations on a mailbox such as the deletion or copy of e-
mails. After enabling audit for one or more mailboxes and configuring the level of detail that we
want to capture, audit entries are captured in the Audit subfolder of the Recoverable Items
folder and can be interrogated using the Exchange Management Shell or the GUI (being that the
Exchange Control Panel or the Exchange Admin Center)
Outlook Analysis
Although nowadays a great part of an investigation is done at the Exchange server level, there
might be situations where a forensics investigator needs to analyze e-mail clients in order to
collect evidence.
E-mail clients, such as Microsoft Outlook and Outlook Express, enable users to send and receive
e-mails, manage newsgroups and organize helpful information in contacts and calendars.
Outlook is probably the most common e-mail client in any organization. It is part of the
Microsoft Office suite and provides a platform for e-mail management. The primary data file
types associated with Outlook are personal data file (.PST) and offline data file (.OST) files.
These PST and OST files contain a user’s e-mail, calendar, contacts and other data that allows
Outlook to function effectively for the user. There is a wide variety of different ways for an
investigator to get to the data within a PST or OST file. Perhaps the easiest is to add a PST file
into Outlook on a forensic workstation. Once the PST file is opened, the investigator can access
and view the user’s mail and other Outlook items as if he was the user himself. If the PST is
password protected, this is obviously more of a challenge, but there are numerous tools
available for cracking PST passwords. Other than Outlook itself, virtually any forensic suite
processes Outlook data files for viewing and searching by the investigator.
Furthermore, the advantage of using a forensic suite to parse e-mail is that many of them can
recover deleted items from the unallocated space within the PST or OST file. Outlook data files
have their own structures, similar to their own file systems, complete with unallocated space in
which investigators can find snippets of deleted conversations and even entire messages.
It is also very important to understand two different methods of operation in Outlook: online
and cached mode. When Outlook is configured to use Cached Exchange Mode, Outlook works
from a local copy of a user’s Exchange mailbox that is stored in an OST file on the user’s
computer. The cached mailbox is updated periodically from Exchange. Cached Exchange Mode
was introduced in Outlook 2003 to provide users a better online and offline experience as
cached mode lets users move between connected and disconnected environments without
interrupting their experience in Outlook. Also, it protects users from network latency and
connectivity issues while they are using Outlook.
In contrast, Online Mode works by using information directly from the Exchange server. When
new information is required in Outlook, a request is made to the server and the information is
displayed. Mailbox data is only cached in memory and never written to disk. Therefore, if the
user experiences any network issues that prevent the connection to Exchange, it becomes
impossible to access any mailbox data.

Digital Forensics
Digital Forensics is a branch of forensic science which includes the identification, collection,
analysis and reporting any valuable digital information in the digital devices related to the
computer crimes, as a part of the investigation. In simple words, Digital Forensics is the process
of identifying, preserving, analyzing and presenting digital evidences. The first computer crimes
were recognized in the 1978 Florida computers act and after this, the field of digital forensics
grew pretty fast in the late 1980-90’s. It includes the area of analysis like storage media,
hardware, operating system, network and applications. It consists of 5 steps at high level:
1. Identification of evidence: It includes of identifying evidences related to the digital
crime in storage media, hardware, operating system, network and/or applications. It is
the most important and basic step.
2. Collection: It includes preserving the digital evidences identified in the first step so that
they don’t degrade to vanish with time. Preserving the digital evidences is very
important and crucial.
3. Analysis: It includes analyzing the collected digital evidences of the committed
computer crime in order to trace the criminal and possible path used to breach into the
system.
4. Documentation: It includes the proper documentation of the whole digital investigation,
digital evidences, loop holes of the attacked system etc. so that the case can be studied
and analysed in future also and can be presented in the court in a proper format.
5. Presentation: It includes the presentation of all the digital evidences and documentation
in the court in order to prove the digital crime committed and identify the criminal.
Branches of Digital Forensics:
• Media forensics: It is the branch of digital forensics which includes identification,
collection, analysis and presentation of audio, video and image evidences during the
investigation process.
• Cyber forensics: It is the branch of digital forensics which includes identification,
collection, analysis and presentation of digital evidences during the investigation of a
cybercrime.
• Mobile forensics: It is the branch of digital forensics which includes identification,
collection, analysis and presentation of digital evidences during the investigation of a
crime committed through a mobile device like mobile phones, GPS device, tablet, laptop.
• Software forensics: It is the branch of digital forensics which includes identification,
collection, analysis and presentation of digital evidences during the investigation of a
crime related to software’s only.

Digital forensics life cycle


The digital forensics process is shown in the following figure. Forensic life cycle phases are:

1. Preparing for the Evidence and Identifying the Evidence


In order to be processed and analysed, evidence must first be identified. It might be possible
that the evidence may be overlooked and not identified at all. A sequence of events in a
computer might include interactions between:
• Different files
• Files and file systems
• Processes and files
• Log files
In case of a network, the interactions can be between devices in the organization or across the
globe (Internet). If the evidence is never identified as relevant, it may never be collected and
processed.
2. Collecting and Recording Digital Evidence
Digital evidence can be collected from many sources. The obvious sources can be:
• Mobile phone
• Digital cameras
• Hard drives
• CDs
• USB memory devices
Non-obvious sources can be:
• Digital thermometer settings
• Black boxes inside automobiles
• RFID tags
Proper care should be taken while handling digital evidence as it can be changed easily. Once
changed, the evidence cannot be analysed further. A cryptographic hash can be calculated for
the evidence file and later checked if there were any changes made to the file or not.
Sometimes important evidence might reside in the volatile memory. Gathering volatile data
requires special technical skills.

3. Storing and Transporting Digital Evidence


Some guidelines for handling of digital evidence:
• Image computer-media using a write-blocking tool to ensure that no data is added to the
suspect device
• Establish and maintain the chain of custody
• Document everything that has been done
• Only use tools and methods that have been tested and evaluated to validate their
accuracy and reliability
Care should be taken that evidence does not go anywhere without properly being traced. Things
that can go wrong in storage include:
• Decay over time (natural or unnatural)
• Environmental changes (direct or indirect)
• Fires
• Floods
• Loss of power to batteries and other media preserving mechanisms
Sometimes evidence must be transported from place to place either physically or through a
network. Care should be taken that the evidence is not changed while in transit. Analysis is
generally done on the copy of real evidence. If there is any dispute over the copy, the real can
be produced in court.
4. Examining/Investigating Digital Evidence
Forensics specialist should ensure that he/she has proper legal authority to seize, copy and
examine the data. As a general rule, one should not examine digital information unless one has
the legal authority to do so. Forensic investigation performed on data at rest (hard disk) is called
dead analysis.
Many current attacks leave no trace on the computer’s hard drive. The attacker only exploits the
information in the computer’s main memory. Performing forensic investigation on main
memory is called live analysis. Sometimes the decryption key might be available only in RAM.
Turning off the system will erase the decryption key. The process of creating and exact duplicate
of the original evidence is called imaging. Some tools which can create entire hard drive images
are:
• DCFLdd
• Iximager
• Guymager
The original drive is moved to secure storage to prevent tampering. The imaging process is
verified by using the SHA-1 or any other hashing algorithms.
5. Analysis, Interpretation and Attribution
In digital forensics, only a few sequences of events might produce evidence. But the possible
number of sequences is very huge. The digital evidence must be analyzed to determine the type
of information stored on it. Examples of forensics tools:
• Forensics Tool Kit (FTK)
• EnCase
• Scalpel (file carving tool)
• The Sleuth Kit (TSK)
• Autopsy
Forensic analysis includes the following activities:
• Manual review of data on the media
• Windows registry inspection
• Discovering and cracking passwords
• Performing keyword searches related to crime
• Extracting emails and images
Types of digital analysis:
• Media analysis
• Media management analysis
• File system analysis
• Application analysis
• Network analysis
• Image analysis
• Video analysis

6. Reporting
After the analysis is done, a report is generated. The report may be in oral form or in written
form or both. The report contains all the details about the evidence in analysis, interpretation,
and attribution steps. As a result of the findings in this phase, it should be possible to confirm or
discard the allegations. Some of the general elements in the report are:
• Identity of the report agency
• Case identifier or submission number
• Case investigator
• Identity of the submitter
• Date of receipt
• Date of report
• Descriptive list of items submitted for examination
• Identity and signature of the examiner
• Brief description of steps taken during examination
• Results / conclusions

7. Testifying
This phase involves presentation and cross-examination of expert witnesses. An expert witness
can testify in the form of:
• Testimony is based on sufficient facts or data
• Testimony is the product of reliable principles and methods
• Witness has applied principles and methods reliably to the facts of the case
Experts with inadequate knowledge are sometimes chastised by the court. Precautions to be
taken when collecting digital evidence are:
• No action taken by law enforcement agencies or their agents should change the
evidence
• When a person to access the original data held on a computer, the person must be
competent to do so
• An audit trial or other record of all processes applied to digital evidence should be
created and preserved
• The person in-charge of the investigation has overall responsibility for ensuring that the
law and these are adhered to

Chain of Custody
A chain of custody is the process of validating how evidences have been gathered, tracked, and
protected on the way to the court of law. Forensic professionals know that if you do not have a
chain of custody, the evidence is worthless.
The chain of custody is a chronological written record of those individuals who have had
custody of the evidence from its initial acquisition to its final disposition. A chain of custody
begins when evidence is collected and the chain is maintained until it is disposed of. The chain
of custody assumes continuous accountability.

Network forensics
Network forensics is a subcategory of digital forensics that essentially deals with the
examination of the network and its traffic going across a network that is suspected to be
involved in malicious activities, and its investigation for example a network that is spreading
malware for stealing credentials or for the purpose analyzing the cyber-attacks. As the internet
grew cybercrimes also grew along with it and so did the significance of network forensics, with
the development and acceptance of network-based services such as the World Wide Web, e-
mails, and others.
With the help of network forensics, the entire data can be retrieved including messages, file
transfers, e-mails, and, web browsing history, and reconstructed to expose the original
transaction. It is also possible that the payload in the uppermost layer packet might wind up on
the disc, but the envelopes used for delivering it are only captured in network traffic. Hence, the
network protocol data that enclose each dialog is often very valuable.
For identifying the attacks investigators must understand the network protocols and
applications such as web protocols, Email protocols, Network protocols, file transfer protocols,
etc.
Investigators use network forensics to examine network traffic data gathered from the networks
that are involved or suspected of being involved in cyber-crime or any type of cyber-attack.
After that, the experts will look for data that points in the direction of any file manipulation,
human communication, etc. With the help of network forensics, generally, investigators and
cybercrime experts can track down all the communications and establish timelines based on
network events logs logged by the NCS.
Processes Involved in Network Forensics:
• Identification: In this process, investigators identify and evaluate the incident based on
the network pointers.
• Safeguarding: In this process, the investigators preserve and secure the data so that the
tempering can be prevented.
• Accumulation: In this step, a detailed report of the crime scene is documented and all
the collected digital shreds of evidence are duplicated.
• Observation: In this process, all the visible data is tracked along with the metadata.
• Investigation: In this process, a final conclusion is drawn from the collected shreds of
evidence.
• Documentation: In this process, all the shreds of evidence, reports, conclusions are
documented and presented in court.
Challenges in Network Forensics:
• The biggest challenge is to manage the data generated during the process.
• Intrinsic anonymity of the IP.
• Address Spoofing
Advantages:
• Network forensics helps in identifying security threats and vulnerabilities.
• It analyzes and monitors network performance demands.
• Network forensics helps in reducing downtime.
• Network resources can be used in a better way by reporting and better planning.
• It helps in a detailed network search for any trace of evidence left on the network.
Disadvantage:
• The only disadvantage of network forensics is that It is difficult to implement.
Network forensics involves the analysis of network traffic, logs, and other data to investigate
security incidents, identify the source of attacks, and gather evidence for legal proceedings.
While network forensics is a powerful tool, it comes with its own set of challenges. Here are
some common challenges faced in network forensics:
Encrypted Traffic: The increasing use of encryption in network communications can hinder the
ability to inspect and analyze the content of network traffic. Encrypted data poses a challenge
as it may limit the visibility into malicious activities.
Volume of Data: Networks generate vast amounts of data, and sifting through this volume to
identify relevant information can be overwhelming. Analyzing and storing large datasets
efficiently is a constant challenge in network forensics.
Packet Loss: In large and complex networks, packet loss can occur due to network congestion or
other issues. Packet loss can impact the completeness of the captured data and hinder the
reconstruction of events.
Timeliness: Timely detection and response to security incidents are critical. Network forensics
requires quick analysis to identify and mitigate threats. Delays in investigation may result in the
loss of valuable evidence.
Diversity of Devices and Protocols: Networks comprise diverse devices, each with its own
protocols and communication methods. Analyzing data from different devices and protocols
requires a deep understanding of various technologies.
Data Fragmentation: Network data may be fragmented across multiple sources and devices.
Reassembling fragmented data to reconstruct a coherent picture of events can be challenging,
especially when dealing with distributed or decentralized attacks.
Incident Attribution: Determining the true source of a network attack or security incident is
complex. Attackers often use techniques to hide their identity, making it challenging to attribute
malicious activities accurately.
False Positives and Negatives: Network security tools may generate false positives (indicating
an incident that did not occur) or false negatives (missing actual incidents). Distinguishing
between real threats and false alarms requires careful analysis.
Legal and Privacy Concerns: Network forensics involves handling sensitive information, and
investigators must navigate legal and privacy considerations. Ensuring compliance with
regulations and obtaining necessary permissions can be challenging.
Dynamic Network Environments: Networks are dynamic, with devices joining or leaving, and
configurations changing. Adapting to these changes and maintaining an accurate picture of the
network's state during an investigation can be challenging.
Skill Requirements: Effective network forensics requires specialized skills and knowledge.
Cybersecurity professionals must stay updated on evolving technologies, attack vectors, and
forensic tools to conduct thorough investigations.
Resource Constraints: Limited resources, both in terms of personnel and technology, can
constrain the effectiveness of network forensic investigations. Organizations may face
challenges in acquiring and maintaining the necessary tools and expertise.
Addressing these challenges requires a combination of advanced technology, skilled
professionals, and proactive strategies. Organizations must invest in training, stay informed
about emerging threats, and continuously improve their network forensic capabilities to
effectively respond to security incidents.

Approaching a Computer Forensics Investigation


The phases in a computer forensics investigation are:
• Secure the subject system
• Take a copy of hard drive/disk
• Identify and recover all files
• Access/view/copy hidden, protected, and temp files
• Study special areas on the drive
• Investigate the settings and any data from programs on the system
• Consider the system from various perspectives
• Create detailed report containing an assessment of the data and information collected
Things to be avoided during forensics investigation:
• Changing date/timestamps of the files
• Overwriting unallocated space
Things that should not be avoided during forensics investigation:
• Engagement contract
• Non-Disclosure Agreement (NDA)
Elements addressed before drawing up a forensics investigation engagement contract:
• Authorization
• Confidentiality
• Payment
• Consent and acknowledgement
• Limitation of liability
General steps in solving a computer forensics case are:
• Prepare for the forensic examination
• Talk to key people about the case and what you are looking for
• Start assembling tools to collect the data and identify the target media
• Collect the data from the target media
• Use a write blocking tool while performing imaging of the disk
• Check emails records too while collecting evidence
• Examine the collected evidence on the image that is created
• Analyze the evidence
• Report your finding to your client

Forensics and Social Networking Sites


Social networking site is defined as web-based services that allow individuals to:
• Create a public or semi-public profile
• Search or navigate through a list of users with whom they share a common connection
• View connections of other users
Although social networking sites have their uses, there are several associated security threats.
The concerns regarding social networking sites are:
• Does the social networking site violate people’s intellectual property rights
• Whether these sites infringe the privacy of their own users
• Whether these sites promote fraudulent and illegal activities
Content preservation can be challenging given the dynamic, short-lived and often multi-format
nature of social media. There is generally no control over the content posted on social media
networking sites. High level of forensic skill is required to analyze and quantify the preserved
data to answer questions such as:
• Who posted the offending content?
• Is there a real live person to whom the offending content can be attributed even when
evidence exists?
• Can we identify the time frame associated with the posting of the offending content?
• How much of the offending content exists across the entire social networking platform?
• Is there other content that supports interpretation of the relevant content?
• How accurate is the reported physical location?
Security issues that are associated with social networking sites are:
• Corporate espionage
• Cross site scripting
• Virus and Worms
• Social networking site aggregators
• Phishing
• Network infiltration leading to data leakage
• ID theft
• Cyberbullying
• Content-Based Image Retrieval (CBIR)
• Spam
UNIT 5
Information security policy
An information security policy is a documented statement of rules and guidelines that need to
be followed by people accessing company data, assets, systems, and other IT resources. The
main purpose of an information security policy is to ensure that the company’s cybersecurity
program is working effectively.
A security policy is a "living document" — it is continuously updated as needed. It defines the
“who,” “what,” and “why” regarding cybersecurity. It’s different from a security procedure,
which represents the “how.” A security policy might also be called a cybersecurity policy,
network security policy, IT security policy, or simply IT policy.
The security policy doesn’t have to be a single document, though. A more sophisticated, higher-
level security policy can be a collection of several policies, each one covering a specific topic. It’s
quite common to find several types of security policies bundled together.
Need to have security policies
1. To define roles and responsibilities: A well-written security policy document should clearly
answer the question, “What does a security policy allow you to do?” It should outline who is
responsible for which task, who is authorized to do such a job, what one employee can do and
cannot do, and when each task should be completed.
If security policies are in place, any onboarding employee can be quickly acquainted with
company rules and regulations. They define not only the roles and responsibilities of employees
but also those of other people who use company resources (like guests, contractors, suppliers,
and partners).
2. To define accountability: Employees can make mistakes. What’s more, some mistakes can be
costly, and they can compromise the system in whole or in part. This is one area where a
security policy comes in handy. It outlines the consequences for not following the rules.
Security policies are like contracts. They are to be acknowledged and signed by employees. This
means no employees shall be excused from being unaware of the rules and consequences of
breaking the rules. Should an employee breach a rule, the penalty won’t be deemed to be non-
objective. Security policies can also be used for supporting a case in a court of law.
3. To increase employee cybersecurity awareness: Security policies act as educational
documents. They can teach employees about cybersecurity and raise cybersecurity awareness.
The range of topics that can be covered by security policies is broad, like choosing a secure
password, file transfers, data storage, and accessing company networks through VPNs.
4. To address threats
Security policies must tackle things that need to be done in addressing security threats, as well
as recovering from a breach or cyber-attack and mitigating vulnerabilities. The aspect of
addressing threats also overlaps with other elements (like who should act in a security event,
what an employee must do or not do, and who will be accountable in the end).
5. To comply with regulations
Security policies also shape the company’s cybersecurity efforts, particularly in meeting the
requirements of industry standards and regulations, like PCI, GDPR, HIPAA, or ISO/IEC 27002.

Cyber Law
Cyber Law also called IT Law is the law regarding Information-technology including computers
and the internet. It is related to legal informatics and supervises the digital circulation of
information, software, information security, and e-commerce.
IT law does not consist of a separate area of law rather it encloses aspects of contract,
intellectual property, privacy, and data protection laws. Intellectual property is a key element of
IT law. The area of software license is controversial and still evolving in Europe and elsewhere.
Cyber laws, also known as cybersecurity laws or internet laws, encompass a set of legal
regulations and guidelines that govern the use of the internet, digital technology, and
cyberspace. These laws are designed to address various aspects of online activities, data
protection, electronic transactions, and the prevention and prosecution of cybercrimes.
According to the Ministry of Electronics and Information Technology, Government of India :
Cyber Laws yields legal recognition to electronic documents and a structure to support e-filing
and e-commerce transactions and also provides a legal structure to reduce, check cybercrimes.
Importance of Cyber Law:
1. It covers all transactions over the internet.
2. It keeps eye on all activities over the internet.
3. It touches every action and every reaction in cyberspace.

Area of Cyber Law:


Cyber laws contain different types of purposes. Some laws create rules for how individuals and
companies may use computers and the internet while some laws protect people from becoming
the victims of crime through unscrupulous activities on the internet. The major areas of cyber
law include:
1. Fraud: Consumers depend on cyber laws to protect them from online fraud. Laws are
made to prevent identity theft, credit card theft, and other financial crimes that happen
online. A person who commits identity theft may face confederate or state criminal
charges. They might also encounter a civil action brought by a victim. Cyber lawyers
work to both defend and prosecute against allegations of fraud using the internet.
2. Copyright: The internet has made copyright violations easier. In the early days of online
communication, copyright violations were too easy. Both companies and individuals
need lawyers to bring an action to impose copyright protections. Copyright violation is
an area of cyber law that protects the rights of individuals and companies to profit from
their creative works.
3. Defamation: Several personnel uses the internet to speak their mind. When people use
the internet to say things that are not true, it can cross the line into defamation.
Defamation laws are civil laws that save individuals from fake public statements that can
harm a business or someone’s reputation. When people use the internet to make
statements that violate civil laws, that is called Defamation law.
4. Harassment and Stalking: Sometimes online statements can violate criminal laws that
forbid harassment and stalking. When a person makes threatening statements again and
again about someone else online, there is a violation of both civil and criminal laws.
Cyber lawyers both prosecute and defend people when stalking occurs using the
internet and other forms of electronic communication.
5. Freedom of Speech: Freedom of speech is an important area of cyber law. Even though
cyber laws forbid certain behaviors online, freedom of speech laws also allows people to
speak their minds. Cyber lawyers must advise their clients on the limits of free speech
including laws that prohibit obscenity. Cyber lawyers may also defend their clients when
there is a debate about whether their actions consist of permissible free speech.
6. Trade Secrets: Companies doing business online often depend on cyber laws to protect
their trade secrets. For example, Google and other online search engines spend lots of
time developing the algorithms that produce search results. They also spend a great deal
of time developing other features like maps, intelligent assistance, and flight search
services to name a few. Cyber laws help these companies to take legal action as
necessary to protect their trade secrets.
7. Contracts and Employment Law: Every time you click a button that says you agree to the
terms and conditions of using a website, you have used cyber law. There are terms and
conditions for every website that are somehow related to privacy concerns.

Advantages of Cyber Law:


• Organizations are now able to carry out e-commerce using the legal infrastructure
provided by the Act.
• Digital signatures have been given legal validity and sanction in the Act.
• It has opened the doors for the entry of corporate companies for issuing Digital
Signatures Certificates in the business of being Certifying Authorities.
• It allows Government to issue notifications on the web thus heralding e-governance.
• It gives authority to the companies or organizations to file any form, application, or any
other document with any office, authority, body, or agency owned or controlled by the
suitable Government in e-form using such e-form as may be prescribed by the suitable
Government.
• The IT Act also addresses the important issues of security, which are so critical to the
success of electronic transactions.
• Cyber Law provides both hardware and software security.
Cyber laws in India are a crucial facet of the modern legal landscape, intricately weaving into
our online experiences and shaping the legality of every action and reaction in the virtual space.
Cyber laws in India encompass a spectrum of vital components, delving into cyber crimes,
electronic and digital signatures, intellectual property, data protection, and privacy. In the
dynamic landscape of cyberspace, understanding and navigating cyber law is essential for
individuals and businesses alike. In India, the Information Technology Act of 2000 (IT Act) stands
as the cornerstone, ushering in a new era of legal recognition for electronic commerce. Enacted
on October 17, 2000, the IT Act not only addresses cyber crimes but also facilitates the seamless
filing of electronic records with the government.

Cyber laws in India: Rules and Regulations under Cyber Laws


The Information Technology Act, 2000 (“IT Act”), which became operative on October 17, 2000,
comprises cyber legislation in India. The Act’s primary goals are to expedite the filing of
electronic records with the government and to provide electronic commerce with legal status.
The following acts, rules, and regulations are covered under cyber laws:
1. Information Technology Act, 2000
2. Information Technology (Certifying Authorities) Rules, 2000
3. Information Technology (Security Procedure) Rules, 2004
4. Information Technology (Certifying Authority) Regulations, 2001
Information Technology Act, 2000: The Information Technology Act of 2000 is like the rulebook
for computers, electronic data, and the internet in India. It covers a bunch of things, from how
we prove who we are online to what happens if someone does something wrong in the digital
world. The Act is all about making sure our online transactions are legal and secure. The Act
even got a power-up in 2008 to keep up with the changing tech world. It was like adding new
levels to a game, making sure the rules stay up-to-date. This law was created to boost the IT
industry, make online shopping fair, help the government go digital, and stop cybercrime. Think
of it as a shield that keeps our digital space safe and sound.
Information Technology (Certifying Authorities) Rules, 2000: This regulation addresses the
licensing of certifying authorities and the protocols that they must follow. It also specified the
qualifications, designations, and operations of certifying authorities. They specify the
requirements that these authorities must fulfill to operate, and they lay out the licensing
procedures for them. Furthermore, the regulations provide a uniform and safe environment for
digital verification by precisely outlining the requirements, responsibilities, and working
procedures for certifying authorities.
Information Technology (Security Procedure) Rules, 2004: The regulations concerning safe
digital signatures and secure electronic records are outlined in these rules. It describes strict
guidelines and practices to protect the privacy and integrity of digital communications. These
regulations provide a strong foundation for preserving the reliability of digital communication,
including everything from safe authentication techniques to the safeguarding of electronic
documents.
Information Technology (Certifying Authority) Regulations, 2001: The regulation specifies the
technical requirements and methods that a certifying authority must follow. They ensure a
consistent and trustworthy approach to digital identity validation by outlining the technical
specifications and procedures that certifying authorities must follow. These rules are essential
to maintaining the reliability and technical soundness of certifying authorities in the digital
sphere.
The Purpose of Cyber Laws in India
Cyber laws serve various purposes, covering aspects of computer and internet usage and
protecting individuals from online crimes. Key areas of cyber law include:
1. Fraud: Cyber laws safeguard consumers from online fraud, addressing issues like identity
theft and credit card crimes. Perpetrators may face criminal charges and civil actions.
Cyber lawyers work to both defend and prosecute fraud allegations online.
2. Copyright: With the internet making copyright violations more prevalent, cyber laws
play a crucial role. These laws protect individuals and companies from unauthorized use
of their creative works, requiring legal action to enforce copyright protections.
3. Defamation: Defamation laws within cyber law protect individuals and businesses from
false statements made online that can harm reputations. Cyber lawyers deal with cases
where online statements cross the line into defamation, a violation of civil laws.
4. Harassment and stalking: Online statements that constitute harassment or stalking can
violate criminal laws. Cyber lawyers handle cases where repeated threatening
statements are made online, addressing both civil and criminal aspects of these
violations.
5. Freedom of Speech: Freedom of speech is a critical aspect of cyber law. While certain
online behaviors are forbidden, freedom of speech laws allow individuals to express
their opinions. Cyber lawyers advise clients on the limits of free speech and may defend
actions considered permissible expressions.
6. Trade Secrets: Companies conducting online business rely on cyber laws to protect their
trade secrets. Cyber laws enable legal action against those attempting to compromise
proprietary information, ensuring the protection of algorithms and other valuable
assets.
7. Contracts and Employment Law: Cyber law is evident in the terms and conditions of
websites, governing user agreements. These agreements, often related to privacy
concerns, are a vital component of cyber laws, impacting users’ interactions with online
platforms.
Advantages of Cyber Laws in India
The IT Act 2000 offers strategies for handling cybercrimes and makes an effort to update
obsolete legislation. Such restrictions are necessary to allow customers to use credit cards for
online purchases without worrying about them being misused. The Act provides the much-
needed legal framework to ensure that information stored in electronic records is not excluded
from having legal effect, validity, or enforceability.
• There are several benefits to the IT Act 2000 and its provisions from the standpoint of
Indian e-commerce. First, these provisions would mean that email would now be
recognized as a legitimate and lawful means of communication in our nation, one that
can be properly generated and accepted in a court of law. This would have significant
ramifications for e-businesses.
• Businesses can now use the legal framework that the Act provides to conduct internet
commerce.
• The Act has granted digital signatures legal recognition and legitimacy.
• The Act gives corporations the ability to electronically file any form, application, or other
document with any office, authority, body, or agency that is owned or managed by the
relevant government by using any electronic form that the relevant government may
specify.
• The crucial security concerns that are essential to the success of electronic transactions
are likewise covered by the IT Act. The concept of safe digital signatures, which must
have gone through a security procedural system as determined later by the government,
now has a legal definition according to the Act.
• Corporates will now be able to access a statutory remedy under the IT Act, 2000, in the
event that someone breaches their computer systems or network and copies or
damages data. The Act provides monetary damages up to a maximum of Rs. 1 crore as
the remedy.
• The Act makes it possible for corporate entities to become certifying authorities and
issue certificates for digital signatures.
• The Act has ushered in e-governance by enabling the government to publish
notifications online.

Digital Personal Data Protection (DPDP) Act, 2023


Key definitions in the Bill
• Personal data: “Any data about an individual who is identifiable by or in relation to such
data.”
• Data Fiduciary: “Any person who alone or in conjunction with other persons determines
the purpose and means of the processing of personal data.”
• Processing: “An automated operation or set of operations performed on digital personal
data, and may include operations such as collection, recording, organization, structuring,
storage, adaptation, alteration, retrieval, use, alignment or combination, indexing,
sharing, disclosure by transmission, dissemination or otherwise making available,
restriction, erasure or destruction.”
• Data Principal: “The individual to whom the personal data relates and where such
individual is a child includes the parents or lawful guardian of such a child.”
• Data Processor: “Any person who processes personal data on behalf of a Data Fiduciary.”
Applicability of the Bill
1. Processing of personal data collected within the territory of India when the data is
collected online or is collected offline and digitized.
2. Processing of personal data outside of India, if the processing is in connection with
profiling people in India or offering goods and services to people in India. Profiling here
means “any form of processing of personal data that analyses or predicts aspects
concerning the behaviors, attributes or interests of a Data Principal.”
3. Does not apply to:
• non-automated processing of personal data
• offline personal data
• personal data processed by an individual for any personal or domestic purpose
• personal data about an individual that is contained in a record that has been in
existence for at least 100 years.
What are the obligations of Data Fiduciaries?
1. Personal data can only be processed with consent or deemed consent: Fiduciaries can only
process personal data for lawful purposes for which the Data Principal has given or is deemed to
have given consent. The processing must be in accordance with this Act.
2. Notice must be issued when seeking consent: When seeking consent, or as soon as it is
reasonably practicable, Fiduciaries must give the users a notice that describes what personal
data will be collected and for what purpose. The notice must be presented in a form “as may be
prescribed.”
3. Measures to adhere to while obtaining consent:
• Free, specific, informed, affirmative: The consent given by users must be freely given,
specific, informed, and must be a clear affirmative action agreeing to the processing of
their personal data for the purpose specified in the notice.
• Cannot seek consent for infringing this Act: Fiduciaries cannot seek consent for
anything that will infringe provisions of this Act. For example, Fiduciaries cannot seek
consent from users asking them to waive their right to file a complaint with the Data
Protection Board.
• Contact details of Data Protection Officer or other officer: When seeking consent, the
contact details of a Data Protection Officer (for significant data fiduciaries) or any other
contact person (for other fiduciaries) must be mentioned.
• Withdrawal of consent: Users should have their right to withdraw consent at any time
with the same ease as they were able to give consent. The Fiduciary can stop providing
the services which it was earlier providing if those services can only be provided based
on the processing of personal data that the user had consented to. Furthermore, Data
Fiduciaries must ensure that their data processors stop processing the personal data of
the concerned user.
• Consent Manager: The Data Principal can “give, manage, review or withdraw her
consent to the Data Fiduciary through a Consent Manager,” which is defined as a Data
Fiduciary that maintains an accessible, transparent and interoperable platform for this
purpose. Consent Managers are accountable to the users and must be registered with
the Data Protection Board of India. The rules for Consent Managers will be prescribed.
Nothing in the Bill that mandates fiduciaries to work with Consent Managers.
• Cannot make services conditional on consent when not required: If a Data Fiduciary
has a contract with a user to deliver a service or good, the same cannot be made
conditional on the consent to the processing of any personal data not necessary for
performing that contract.
• Proof of burden lies with the Data Fiduciary: If challenged in the courts, Data
Fiduciaries will have to prove that a notice was given and consent was obtained to carry
out the processing of personal data.
4. When is it considered deemed consent: A Data Principal is deemed to have given consent
to the processing of her personal data if such processing is necessary for the following
purposes:
• Voluntary provision of data: When the user voluntarily provides their personal data to
the Data Fiduciary and it is reasonably expected that they would provide such personal
data. For example, when a user shares their name and number when reserving a table.
In this case, the user “shall be deemed to have given her consent to the collection of her
name and mobile number by the Data Fiduciary for the purpose of confirming the
reservation,” the Bill illustrates.
• For the State to perform its function under any law: When the state or its agencies
need to perform any function under any law, provide any service or benefit to the Data
Principal, or issue any certificate, license, or permit for any action or activity of the Data
Principal. For example, “‘A’ shares her name, mobile number and bank account number
with a government department for direct credit of agricultural income support. ‘A’ shall
be deemed to have given her consent to the processing of her name, mobile number
and bank account number for the purpose of credit of fertilizer subsidy amount to her
bank account,” the Bill illustrates.
• Court orders: “For compliance with any judgment or order issued under any law.”
• Medical emergency: “For responding to a medical emergency involving a threat to the
life or immediate threat to the health of the Data Principal or any other individual.”
• Epidemics: “For taking measures to provide medical treatment or health services to any
individual during an epidemic, outbreak of disease, or any other threat to public health”.
• Disasters: “For taking measures to ensure the safety of, or provide assistance or services
to any individual during any disaster, or any breakdown of public order.”
• Employment: “For the purposes related to employment, including prevention of
corporate espionage, maintenance of confidentiality of trade secrets, intellectual
property, classified information, recruitment, termination of employment, provision of
any service or benefit sought by a Data Principal who is an employee, verification of
attendance and assessment of performance.”
• Public interest: For the sake of public interest as defined in the Bill, including for:
o prevention and detection of fraud
o mergers, acquisitions, any other similar combinations or corporate restructuring
transactions in accordance with the provisions of applicable laws
o network and information security
o credit scoring
o operation of search engines for processing of publicly available personal data
o processing of publicly available personal data
o recovery of debt
• Fair and reasonable cases: For any fair and reasonable purpose “as may be prescribed”
after taking into consideration:
o “whether the legitimate interests of the Data Fiduciary in processing for that
purpose outweigh any adverse effect on the rights of the Data Principal
o any public interest in processing for that purpose; and
o the reasonable expectations of the Data Principal having regard to the context of
the processing.”
5. Maintaining the accuracy of data: Data Fiduciaries must make reasonable efforts to ensure
that personal data processed by or on behalf of the Data Fiduciary is accurate and complete,
especially if the personal data is to be used to make a decision that affects the principal or if it is
to be disclosed to another Data Fiduciary.
6. Preventing and notifying data breaches: Data Fiduciaries and Data Processors must “protect
personal data in its possession or under its control by taking reasonable security safeguards to
prevent personal data breach.” In case of a data breach, the Data Protection Board and
concerned Data Principals must be notified in such as manner “as may be prescribed.”
7. Retention of personal data: Data Fiduciaries must stop retaining personal data, or remove
the means by which the personal data can be associated with particular Data Principals, as soon
as it is reasonable to assume that:
• the purpose for which such personal data was collected is no longer being served by its
retention; and
• retention is no longer necessary for legal or business purposes.
For example, if a user deletes a social media account, the personal data shared with the
platform must be removed. However, this does not apply if required for legal purposes. For
example, if a person opens a bank account and closes it within 6 months, the bank can store the
KYC data for longer because they are required to do so under other laws.
8. Appointing a Data Protection Officer or contact person: Data Fiduciaries must publish
the “business contact information of a Data Protection Officer, if applicable, or a person who is
able to answer on behalf of the Data Fiduciary, the Data Principal’s questions about the
processing of her personal data” in a format “as may be prescribed.” For significant fiduciaries
it’s DPO, for others it can be any other officer.
9. Grievance redressal mechanism: Data Fiduciaries must have in place “a procedure and
effective mechanism to redress the grievances of Data Principals.”
10. Measures to adhere to the provision: Data Fiduciaries must implement “appropriate
technical and organizational measures to ensure effective adherence with the provisions of this
Act.”
What are the obligations of Significant Data Fiduciaries?
The government will notify the criteria for Significant Data Fiduciaries based on the following
factors:
• the volume and sensitivity of personal data processed
• risk of harm to the Data Principal
• potential impact on the sovereignty and integrity of India
• risk to electoral democracy
• security of the State
• public order
• such other factors as the government may consider necessary
In addition to complying with obligations applicable to all Data Fiduciaries, a significant Data
Fiduciary is required to:
1. Appoint a Data Protection Officer who will represent Data Fiduciary under the provisions
of this Act and be based in India. “The Data Protection Officer shall be an individual
responsible to the Board of Directors or similar governing body of the Significant Data
Fiduciary. The Data Protection officer shall be the point of contact for the grievance
redressal mechanism under the provisions of this Act.”
2. Appoint an Independent Data Auditor “who shall evaluate the compliance of the
Significant Data Fiduciary with provisions of this Act.”
3. Undertake Data Protection Impact Assessment and periodic audit in relation to the
objectives of this Act, and other measures “as may be prescribed.” Data Protection
Impact Assessment is defined as “a process comprising description, purpose, assessment
of harm, measures for managing risk of harm and such other matters with respect to
processing of personal data.”
What are the obligations of Data Fiduciaries processing children’s data?
In addition to complying with obligations applicable to all Data Fiduciaries and Significant Data
Fiduciaries, if applicable, a Data Fiduciary processing data of anyone under the age of 18 is
required to:
1. Parental consent: Obtain verifiable parental consent before processing any personal data
of a child, in such manner “as may be prescribed.”
2. No harm to the child: Not undertakes any processing of personal data that is likely to
cause harm to a child, “as may be prescribed.” Harm, as defined in the Bill, includes:
• any bodily harm
• distortion or theft of identity
• harassment
• prevention of lawful gain or causation of significant loss
3. No targeted advertising or behavioral monitoring: Not undertake “tracking or behavioral
monitoring of children or targeted advertising directed at children.”
4. Exemptions: (1) and (3) will not be applicable when the processing of personal data of a
child for such purposes “as may be prescribed” later.
What are the rights and duties of Data Principals?
1. Right to information about personal data: The user has the right to know
• if a Data Fiduciary is processing or has processed their personal data
• if yes, a summary of the personal data being processed and the processing activities
undertaken by the Data Fiduciary
• the identities of all those with whom personal data has been shared and what categories
of personal data
• any other information “as may be prescribed”
2. Right to correction and erasure of personal data: The Data Principal has the right to request
for correction and erasure of her personal data “in accordance with the applicable laws and in
such manner as may be prescribed.” Erasure requests can be denied if data must be retained for
legal purposes.
3. Right of grievance redressal: Users have the right to register a grievance with a Data
Fiduciary. And if the response from the Fiduciary is not satisfactory or a response is not received
in seven days or “as may be prescribed”, the user may register a complaint with the Data
Protection Board in a manner “as may be prescribed.”
4. Right to nominate: A Data Principal has the right to nominate any other individual to exercise
their rights in the event of the Principal’s death or if the Principal is incapacitated, in such
manner “as may be prescribed.”
5. Duties of Data Principals:
• Users must comply with all applicable laws while exercising rights under the provisions
of this Act.
• Users should not register a false or frivolous grievance or complaint with a Data
Fiduciary or the Board.
• Users should not furnish any false particulars or suppress any material information or
impersonate another person.
• Users should only provide information that is verifiably authentic while exercising their
right to correction or erasure.
Transfer of personal data outside India
Data Fiduciaries can transfer personal data outside of India to countries or territories that have
been approved by the central government “in accordance with such terms and conditions as
may be specified.”
Government access to data
The central government can issue a notification to exempt any “instrumentality of the
state” from the provisions of the Bill in the interests of the:
• sovereignty and integrity of India
• security of the State
• friendly relations with foreign States
• maintenance of public order; or
• preventing incitement to any cognizable offence relating to any of the above
Additionally, the government and its agencies can retain personal data for an unlimited period
of time regardless of whether the purpose for which data was collected has been served.
Other exemptions from the Act
1. Exemptions for a class of data fiduciaries: The central government has the power to exempt
certain Data Fiduciaries or a class of Data Fiduciaries, based on the volume and nature of
personal data they process, from certain provisions of the Bill. Specifically, these Fiduciaries will
be exempt from:
• Section 6 (issuing notice before consent)
• Sub-sections 2 (ensuring accuracy of personal data) and 6 (deleting personal data after
the purpose is served) of section 9
• Section 10 (obligations when processing personal data of children)
• Section 11 (obligations of Significant Data Fiduciaries)
• Section 12 (Data Principal’s right to information about personal data)
While this could be used to exempt smaller data fiduciaries from some onerous obligations,
there is no limitation on who can be exempt.
2. Exemptions for certain use cases: The Bill exempts entities from provisions of Chapter 2
(obligations of Data Fiduciaries) except sub-section 4 (provision related to securing data) of
section 9, Chapter 3 (rights and duties of Data Principals), and Section 17 (transfer of personal
data outside India) of this Act when:
• Law enforcement purposes: “Personal data is processed in the interest of prevention,
detection, investigation or prosecution of any offence or contravention of any law.”
• Legal right or claim: “The processing of personal data is necessary for enforcing any legal
right or claim.”
• Judicial purposes: “The processing of personal data by any court or tribunal or any other
body in India is necessary for the performance of any judicial or quasi-judicial function.”
• Personal data of those outside India: “Personal data of Data Principals not within the
territory of India is processed pursuant to any contract entered into with any person
outside the territory of India by any person based in India.”
3. Exemption for research and statistical purposes: The central government can exempt entities
when the processing of personal data is “necessary for research, archiving or statistical
purposes if the personal data is not to be used to take any decision specific to a Data Principal
and such processing is carried on in accordance with standards specified by the [Data
Protection] Board.”
Data Protection Board of India
Establishment of the Data Protection Board of India (DPBI): The central government will
establish the DPBI by issuing a notification.
• Members of the board: The number of people on the Board and the process for
selecting its members including its Chairperson as well as the terms and conditions of
appointment and service will be prescribed.
• Chief executive: The management of the affairs of the Board will be entrusted to a chief
executive whose appointment and terms of service will be determined by the central
government.
• Officers and employees: The Board will consist of officers and employees whose terms
and conditions of appointment and service will be prescribed.
• Public servants: The Chairperson, Members, officers and employees of the Board will be
deemed as public servants.
• Lawsuits against the Board: “No suit, prosecution or other legal proceedings shall lie
against the Board or its Chairperson, Member, employee or officer for anything which is
done or intended to be done in good faith under the provisions of this Act.”
Functions of the Board:
1. Determining non-compliance: to determine non-compliance with provisions of this Act
and impose appropriate penalties.
2. Issuing directions: To discharge its functions under the Act, the Board may issue
directions from time to time after giving the concerned persons a reasonable
opportunity of being heard and after recordings its own reasons in writing. The Board
also can also modify, suspend, withdraw or cancel any direction it has issued.
3. Data breach mitigation: In the event of a personal data breach, the Board can direct the
Data Fiduciary to adopt any urgent measures to remedy such personal data breach or
mitigate any harm caused to Data Principals.
4. Following other government orders: to perform such functions that the Central
Government may assign under the provisions of this Act or under any other law by an
order published in the Official Gazette
Investigations by the Data Protection Board of India
Process for the Board to follow while conducting inquiries:
1. The Board should function as an independent body and “employ such techno-legal
measures as may be prescribed.”
2. The Board can take action based on a complaint received from an affected user or on a
reference by the government or in compliance with court directions or if a user did not
fulfil their duties as laid out in the Act.
3. If there are sufficient grounds for inquiry, the Board must record the reasons in writing,
and launch an inquiry into the affairs of the concerned person to ascertain whether they
are complying with the Act or not. If there are no sufficient grounds for inquiry, the
Board must record the reasons in writing and close the proceeding.
4. Proceedings related to complaints can be conducted by individual Members or a group
of Members.
5. The inquiry must be conducted following the principles of natural justice including giving
reasonable opportunity of being heard and the Board should record reasons for its
actions during the course of any inquiry.
6. To conduct an inquiry, the Board shall have powers to summon and enforce the
attendance of persons, examine them on oath and inspect any data, book, document,
register, books of account or any other document.
7. The inquiry must be completed at the earliest and the Board cannot prevent access to or
confiscate any thing that may adversely affect the day-to-day functioning of an entity.
8. The Board can seek the services of any police officer or any officers of the
Government to assist it and it is the duty of every such officer to comply with such
requests.
9. The Board can issue interim orders if it considers it necessary for preventing non-
compliance with the provisions of this Act, but the reasons for the same must be
recorded in writing and the concerned persons must have been given a reasonable
opportunity of being heard.
10. If the Board concludes that non-compliance by a person is not significant, it may, for
reasons recorded in writing, close such inquiry. If the Board determines that the non-
compliance by the person is significant, it shall issue financial penalties as allowed under
this Act.
11. At any stage after receipt of a complaint, if the Board determines that the complaint is
devoid of merit, it may issue a warning or impose costs on the complainant.
12. Every person is bound by the orders of the Board. “Every order made by the Board shall
be enforced by it as if it were a decree made by a Civil Court. For the purpose of this
subsection, the Board shall have all the powers of a Civil Court as provided in the Code
of Civil Procedure, 1908.”
Review and appeal of Board orders:
1. Reviewing orders: Board can review any order it has issued, on a representation made
to it, or on its own, and for reasons to be recorded in writing, modify, suspend, withdraw
or cancel any order issued. The review must be done by a group that is larger than the
group that issued the order.
2. Appeals in High Court: Any appeals against orders issued by the Board will be heard in
the High Court and the appeal will be preferred within a period of sixty days from the
date of the order.
3. Jurisdiction of civil courts and other authorities: No civil court will have the jurisdiction
to entertain any suit or take any action in respect of any matter under the provisions of
this Act and no injunction shall be granted by any court or other authority in respect of
any action taken under the provisions of this Act.
Alternate Dispute Resolution: If the Board is of the opinion that any complaint can be more
appropriately resolved by mediation or other processes of dispute resolution, the Board may
direct the concerned parties to the alternative dispute resolution option.
Voluntary undertaking: The Board can accept voluntary undertakings from entities in respect of
any matter related to compliance with provisions of this Act. The undertaking must include
specific actions and timelines, and must be publicised. Board can request for the terms of the
undertaking to be modified. If accepted, any ongoing relevant proceedings against the
concerned entity must be barred unless the terms of the undertaking and not complied with.
Penalties for offences
Applicable penalties according to Schedule 1 of the Bill:
1. Failure to take reasonable security safeguards to prevent personal data breach: Up
to ₹250 crores
2. Failure to notify the Board and affected Data Principals of a personal data breach: Up
to ₹200 crores
3. Non-fulfilment of additional obligations in relation to processing data of children: Up
to ₹200 crores
4. Non-fulfilment of additional obligations of Significant Data Fiduciary: Up to ₹150 crores
5. Violation of user duties: Up to ₹10,000
6. For all other non-compliances under this Act: Up to ₹50 crores
Board gets to determine the quantum of penalty: If the non-compliance by a person is deemed
significant by the Board, the Board can determine the quantum of financial penalty to issue as
long as it adheres to Schedule 1 published by the government. To determine the amount, the
Board should consider the following factors:
• the nature, gravity and duration of the non-compliance
• the type and nature of the personal data affected by the non-compliance
• repetitive nature of the non-compliance
• whether the person, as a result of the non-compliance, has realized a gain or avoided
any loss
• whether the person took any action to mitigate the effects and consequences of the
non-compliance and the timeliness and effectiveness of that action
• whether the financial penalty to be imposed is proportionate and effective, having
regard to achieving compliance and deterring non-compliance with the provisions of this
Act; and
• the likely impact of the imposition of the financial penalty on the person.
Penalties cannot be greater than ₹500 crores: The central government has the power to amend
Schedule 1 by issuing a notification. But the Schedule cannot be modified by the government to
exceed ₹500 crores in any instance of non-compliance and the amendment must be presented
to the parliament for debate after it’s notified.

Intellectual Property Issues


Intellectual Property (IP) simply refers to the creation of the mind. It refers to the possession of
thought or design by the one who came up with it. It offers the owner of any inventive design or
any form of distinct work some exclusive rights, that make it unlawful to copy or reuse that
work without the owner’s permission. It is a part of property law. People associated with
literature, music, invention, etc. can use it in business practices.
There are numerous types of tools of protection that come under the term “intellectual
property”. Notable among these are the following:
• Patent
• Trademark
• Geographical indications
• Layout Designs of Integrated Circuits
• Trade secrets
• Copyrights
• Industrial Designs
Cyberspace is the non-physical domain where numerous computers are connected through
computer networks to establish communication between them. With the expansion of
technology, cyberspace has come within reach of every individual. This fact led to the
emergence of cyberspace as a business platform and hence increases pressure on Intellectual
Property. Nowadays, cybercrimes do not solely limit themselves to fraud, cyberbullying, identity
thefts but also an infringement of copyrights and trademarks of various businesses and other
organizations. Online content needs to be protected and hence Intellectual Property Rights and
Cyber laws cannot be separated.
In cyberspace, sometimes one person makes a profit by using another person’s creation without
the owner’s consent. This is a violation of privacy, and it is protected by IPR. We have certain
laws to avoid violation of Intellectual Property Rights in cyberspace and when it is violated, then
additionally we have several remedies in law.

Copyright Infringement:
Copyright protection is given to the owner of any published artistic, literary, or scientific work
over his work to prohibit everyone else from exploiting that work in his name and thereby gain
profit from it.
When these proprietary creations are utilized by anyone without the permission of the owner, it
leads to copyright infringement. If copies of any software are made and sold on the internet
without the permission of the owner or even copying the content from any online source, these
all are examples of copyright infringement.
Copyright Issues in Cyberspace:
1. Linking – It permits a website user to visit another location on the Internet. By simply clicking
on a word or image on one Web page, the user can view another Web page elsewhere in the
world, or simply elsewhere on the same server as the original page.
Linking damages, the rights or interests of the owner of the Linked webpage. It may create the
supposition that the two linked sites are the same and promote the same idea. In this way, the
linked sites can lose their income as it is often equal to the number of persons who visit their
page.
2. Software Piracy – Software piracy refers to the act of stealing software that is lawfully
shielded. This stealing comprises various actions like copying, spreading, altering, or trading the
software. It also comes under the Indian copyright act.
An example of software piracy is downloading a replica of Microsoft Word from any website
other than Microsoft to avoid paying for it as it is a paid software. Piracy can be of 3 types:
1. Soft lifting
2. Software Counterfeiting
3. Uploading-Downloading.
3. Cybersquatting –Cybersquatting means unauthorized registration and use of Internet domain
names that are similar to any business’s trademarks, service marks, or company names. For
example, let us consider Xyz is a very famous company and the company hadn’t created a
website yet. A cybersquatter could buy xyz.com, looking to sell the domain to the company Xyz
at a later date for a profit. The domain name of a famous company can even be used to attract
traffic and this traffic will help cybersquatters earn a lot of money through advertising.
When more than one individual believes that they have the right to register a specific domain
name, then this can lead to a Domain Name Dispute. It arises when a registered trademark is
registered by another individual or organization who is not the owner of a trademark that is
registered.
Trademark Issues in Cyberspace
Trademark means a mark capable of being depicted diagrammatically and which may
distinguish the products or services of one person from those of others and will embody the
form of products, their packaging, and combination of colors. A registered service mark
represents a service. Trademark infringement refers to the unlawful use of a trademark or
service mark which can cause ambiguity, fraud, or confusion about the actual company a
product or service came from. Trademark owners can take the help of the law if they believe
their marks are being infringed.
Advantages of Intellectual Property Rights
1. It provides exclusive rights to the creator’s or inventors.
2. It gives freedom to inventor to share his knowledge without keeping its secret.
3. It helps to creator financially.
4. It provides legal defense to the creator.
Conclusion: With the growth of Cyberspace and technology advancements, copyright and
trademarks are not limited to the usual intellectual property alone but have spread to
intellectual property rights over the internet.

Trademark:
Cyberspace is becoming a hub for intellectual property rights infringement. Several practices by
the cyber site operators resulted in the violation of intellectual property rights and various other
rights of other website operators. It has become crucial that people are aware of the illegal
usage of their websites and webpages.
International conventions and treaties have provided various laws to protect infringement of
IPRs online which are helping e-commerce and e-businesses to grow. However, the Information
technology Act does not provide any provisions in respect of cybercrimes related to IPR,
cyberstalking, cyber defamation, etc.
Also, the Indian Trademark Act, 1999 and Copyright Act, 1957 are silent on issues on online
Trademark and Copyright infringement. Though computer programs are protected under the
Copyright Act, 1957, it does not provide remedies for cyberpiracy.
Patents in Information Technology:
Any kinds of practical application in the computer device are known to be patentable. Not all
soft wares are patentable but devices like pacemakers are very much patentable. A particular
computer program is authorized for patenting only when it contributes to an art. If this program
enhances the speed and the efficiency of the existing program, it has the eligibility to get a
patent for the same program. A few software patents are as follows:
– Program algorithms
– Program language translations
– Menu arrangements
– OS functions
– Editing functions and interface features
– Display presentations
The United States of America has recognized the patents for businesses like online stock trading,
gambling, e-commerce, etc.
What is non-patentable?
Soft wares are basically a form of intangible properties that are safeguarded by copyrights and
not patents, as in the case of literary and artistic works. Programming languages are treated as
any basic languages like English, French, etc are also not patentable but are protected under the
copyright law. Many countries have been debating regarding this to make even the software
programming languages to be protected under the patent law as the patent law provides for a
larger protection. The computer programmes and languages are not considered as a new
invention as they only solve a mathematical or a computer related problem and thus is not used
in any practical application and field.

You might also like