CS Unit-5
CS Unit-5
CS Unit-5
Cyber Security
Fundamentals of Cyber
Security
UNIT-V
•Cyber Crime Examples: Introduction, Real-life Examples: Official
website of Maharashtra Government hacked, E-Mail spoofing
instances, Indian banks lose millions of rupees, Parliament attack, Pune
city police bust Nigerian racket.
•Mini-Cases: The Indian case of online gambling, an Indian case of
intellectual property crime, illustrations of financial frauds in cyber
domain.
UNIT-V Cyber Crime Examples
🠶 Introduction
🠶 For the reasons of confidentiality and privacy, real names (individuals and/or organizations)
are masked in some of the illustrations.
🠶 Though the names are masked, the situations are real.
🠶 If the hypothetical names match with actual names of any living or dead person, it is purely
a coincidence.
🠶 A number of cases/illustrations are based on the information released in the public domain; those URLs
are mentioned.
🠶 Neither authors nor the publisher is responsible for false/inaccurate information posted on those public
weblinks.
🠶 Cybercrime knows no geographical boundaries
UNIT-V Cyber Crime Examples
🠶 Introduction
🠶 Figure 11.1 illustrates this point effectively. Criminals, the means for the crimes and the
impacted victims can be anywhere on the globe!
UNIT-V Cyber Crime Examples
🠶 Real-life Examples: Official website of Maharashtra Government
hacked website was
🠶 Website hacking incidence reported in September 2007. The impacted
http://www.maharashtragovernment.in.
🠶 A few days after the Chief Minister of the state inaugurated the new, citizen-friendly service- based web
portal of the Brihanmumbai Municipal Corporation, the Maharashtra government’s official website was
hacked which lead to the shutting down of www.maharashtra.gov.
🠶 The state officials, however, said that there was no data lost and that there was no serious damage to the
website.
🠶 State Officials further stated that the website gets updated daily with information on various
government regulations and decisions, and supports links to all government departments.
🠶 However, IT experts had to restore the official website of the government of Maharashtra, having
succumbed to the attack by the hacker.
UNIT-V Cyber Crime Examples
🠶 Real-life Examples: Official website of Maharashtra Government hacked
🠶 As per reports, the site was attacked early in the morning by a person or a group proclaimed
as “cool- hacker.” The hacker left an imprint of a hand on the hacked website.
🠶 The state’s information and technology department came to know about the incident next day morning.
They immediately blocked all access to the website.
🠶 The IT department has lodged an FIR (First Information Report) with the police in an
attempt to trace the culprit.
UNIT-V Cyber Crime Examples
🠶 Real-life Examples: Official website of Maharashtra Government hacked
🠶 Joint commissioner of police, in his official remark, stated that the state’s IT officials lodged a formal
complaint with the cybercrime branch police following this incidence.
🠶 He expressed confidence that the hackers would be tracked down. The Commissioner also
mentioned that the hacker had posted some Arabic content on the site.
🠶 According to sources, hackers were suspected to be from Washington.
🠶 IT experts gave to understand that the hackers had identified themselves as “Hackers Cool Al-Jazeera” and
claimed they were based in Saudi Arabia.
🠶 Officials further added that this might be a red herring to throw investigators off their trail.
🠶 For those who are not familiar with the term “red herring,” it refers to the tactic of diverting attention away
from an item of significance.
UNIT-V Cyber Crime Examples
🠶 Real-life Examples: E-Mail spoofing instances
🠶 Example-1
🠶 An American teenager made millions of dollars by spreading false information about certain companies
whose shares he had short sold.
🠶 This misleading information was spread by sending spoofed E-Mails purportedly from news agencies like
Reuters, to share brokers and investors who were informed that the companies were doing very badly.
🠶 Even after the truth emerged, the values of the shares could not be restored to the earlier levels.
🠶 This resulted in thousands of investors losing a lot of money.
🠶 This can be considered as a cybercrime against an organization because the impacted organization was the
one about whom false information was spread.
UNIT-V Cyber Crime Examples
🠶 Real-life Examples: E-Mail spoofing instances
🠶 Example-2
🠶 Another example of E-Mail Spoofing incident in India.
🠶 A branch of the Global Trust Bank experienced a customer run-down on the bank owing to a certain
rumour spread about the bank not doing well financially.
🠶 Under panic, many customers decided to withdraw all their money and close their accounts.
🠶 It was revealed later that someone had sent out spoofed E-Mails to many of the bank’s customers
announcing that the bank was in a very bad shape financially and could close operations any time.
🠶 In the next few days, unfortunately, this information turned out to be true.
🠶 So, can we say that this instance of E-Mail Spoofing saved many customers?
UNIT-V Cyber Crime Examples
🠶 Real-life Examples: E-Mail spoofing instances
🠶 Example-3
🠶 Another shocking example of the E-Mail Spoofing involves a former executive from a well- known company
in the state of Gujarat.
🠶 The executive faked himself to be a lady by adopting a false name.
🠶 He then created a fake E-Mail ID.
🠶 Using that ID, the executive contacted a businessman based in the Middle East.
🠶 The executive posing as a woman then went into a long cybercourting relationship with the Middle East
businessman.
🠶 During this “cyberdating,” the executive used to send many “emotional blackmailing”
messages to the businessman.
🠶 One such message threatened the businessman thatif he ended this relationship,“she”
(i.e., the executive posing as a woman) would end her life!
🠶 What is worse, the executive gave another woman’s E-Mail ID to the businessman. This too
was a non-existent address.
UNIT-V Cyber Crime Examples
🠶 Real-life Examples: E-Mail spoofing instances
🠶 When the Middle East businessman sent a mail at that ID, he was shocked to learn that the executive (who
presented himself as a woman) had died and that now the police was searching him as the suspect in that
death case!
🠶 Using this trap and trick the executive exhorted from the businessman several hundred thousands of
Indian Rupees threatening that the businessman would get exposed if he did not part with that money.
🠶 The executive also sent E-Mails to him from different E-Mail IDs making the poor businessman believe
that they were mails from high court and police officials.
🠶 All this was done to extract more money from the gullible businessman.
🠶 Finally, businessman flew to India to lodge a case with the Police.
🠶 Internet users indeed enjoy “anonymity” and can get away with many thin
UNIT-V Cyber Crime Examples
🠶 Real-life Examples: Indian banks lose millions of rupees
🠶 This is a real-life example showing the techniques used by cybercriminals.
🠶 Banks across the country lost Rs. 6.57 crore (Rs.6,57,00,000) to Internet frauds in 233
incidents of cybercrime, with Tamil Nadu topping the list in last fiscal year.
🠶 Rs.2.09 crore (Rs.2,09,00,000) has been lost by various banks in the Indian state of Tamil
Nadu in seven cases reported between April and December 2008.
🠶 The lending institutions in Maharashtra had reported the highest number of incidents, 23 in all.
🠶 They lost Rs.55.54 lakhs (Rs.55,54,000) to online fraudulent practices.
🠶 This was revealed by the erstwhile Ministerof State for Home told the Lok Sabha in
February 2009.
UNIT-V Cyber Crime Examples
🠶 Real-life Examples: Indian banks lose millions
of rupees
🠶 The banks in other Indian states – Andhra Pradesh, Rajasthan and Bengal –
Rs.89.93
West lakhs (Rs.89,93,000), Rs.64.29 lakhs (Rs.64,29,000) and Rs.35.72 lost lakhs
(Rs.35,72,000), respectively, while Kerala and Delhi lost Rs.17.60 (Rs.17,60,000) and
Rs.10.90 lakhs (Rs.10,90,000), respectively, owing to cyberfrauds.
🠶 A total of 11 cases of Internet frauds were reported from Andhra Pradesh, 8 from Delhi, 7
from Tamil Nadu, 6 from Karnataka and 5 from West Bengal during the said period.
🠶 Surprisingly, banks in Bihar, Goa and Jharkhand did not losea single penny to such
activities and no case was reported from any of these states.
UNIT-V Cyber Crime Examples
🠶 e Examples: Parliament
Real-lif
🠶 Bureau of Police Research and Development (BPRD) at Hyderabad handled some of the top
attack
cybercases.
🠶 One such case involved analyzing and retrieving information from the laptop recovered from terrorists,
who attacked the Parliament.
🠶 The laptop was seized from the two terrorists, who were gunned down when Parliament was under siege
on 13 December 2001.
🠶 Police sent the seized laptop to Computer Forensics Division of BPRD after
computer experts at Delhi failed to trace much out of its contents.
🠶 Inside the laptop there were a number of evidences that established the motives of the two terrorists,
namely
🠶 (a) the sticker of the Ministry of Home that they had made on the laptop and pasted on
their ambassador car to gain entry into Parliament House and
🠶 (b) the fake ID card that one of the two terrorists was carrying with a Government of India emblem
and seal.
🠶 It was also found that the emblems (of the three lions) were care- fully scanned and the seal was also
deviously made along with residential address of Jammu and Kashmir.
🠶 But careful forensics detection proved thatit was all forged and was created using the
laptop.
UNIT-V Cyber Crime Examples
🠶 Real-life Examples: Pune city police bust Nigerian racket.
🠶 This story had appeared in Pune Mirror dated 25 October 2010.
🠶 Name of the victim has been masked to respect the privacy of the person.
🠶 However, all the events mentioned here are real and are presented exactly as they
happened, as mentioned in the chain of events mentioned here is as at the time of writing
this.
🠶 The police succeeded in nabbing two suspects in this fraud case.
🠶 This fraud happened when the police started probing into a complaint receivedfrom a
young software engineer working in Pune city.
🠶 Arjun Changaokar, a resident in Warje area, was duped into parting with Rs.10.27 lakhs (Rs.10,27,000) by
making him believe that he was going to be offered a high profile job in a London hotel called New Climax.
UNIT-V Cyber Crime Examples
🠶 Real-life Examples: Pune city police bust Nigerian racket.
🠶 In an E-Mail chat with an alleged UK-based Councillor, Arjun, the techie from Rajiv Gandhi
Infotech Park at Hinjewadi, was convinced to pack up and leave India for UK!
🠶 The fraud got exposed when Arjun found that there was no flight to UK from Indira Gandhi International
Airport at the time he was told by the conmen!
🠶 The efforts expended by Warje police were successful and two perpetrators, including
a bank account holder, were arrested.
🠶 However, the real mastermind Chong-Ching, who is a foreign national, was still
absconding.
🠶 A special squad of cyber experts has been investigating the Nigerian fraud racket run from Meera Road.
🠶 The three accused in the FIR (First Information Report) filed by the victim include Shailendra Ramesh
Soni, aged 24, a resident of Shivajinagar in Govandi in Mumbai, Naresh Shubrakaran Sharma, aged 27, a
resident of Queens Park in Mira-Bhayandar in Thane and Chong-Ching, the foreign national whose
complete name and address could not be traced (as at the time of writing this).
🠶 The fraud took place during the period 26 July–24 September 2010.
🠶 The accused have been charged under various sections of the IPC (Indian Penal Code and
the Indian IT Act for cheating and conspiracy using Information Technology.
UNIT-V Cyber Crime Examples
🠶 Real-life Examples: Pune city police bust Nigerian racket.
🠶 As per complaint filed by the victim Arjun Changaokar, the fraud started with the mail he
received on 26 July 2010. In that mail he was offered a job in UK-based hotel “New Climax.”
🠶 A person calling himself Chong-Ching claimed to be authority at the hotel and offered to victim the post
of Sales Supervisor with a handsome UK salary.
🠶 The victim responded to the E-Mail and accepted the offer. There onward, the correspondence
continued. In another E-Mail, a person called John Smith Levis introduced himself as UK councillor.
🠶 John claimed to have been given the responsibility by the hotel to provide Visa.
🠶 To get the Visa and to pay for journey expenses and accommodation in the UK, John asked
the victim for various amounts of money in a number of E-Mails.
🠶 John gave to the victim several account numbers in different branches of Axis Bank and ICICI Bank.
🠶 Victim Arjun deposited those amounts ranging from Rs.2 to 5 lakhs (Rs.2,00,000 to
5,00,000) on different occasions.
UNIT-V Cyber Crime Examples
🠶 Real-life Examples: Pune city police bust Nigerian racket.
🠶 Over a 2-month period, Arjun (thevictim) deposited a total amount of Rs.10.27
lakhs
(Rs.10,27,000)!
🠶 In the words of the victim
🠶 “At first, I received an email offering me a high paying job in UK hotel to get a visa and to pay for
journey expenses and accommodation in UK, I was asked for various amounts of money in multiple
emails. He gave me several account numbers in different branches of Axis Bank and ICICI Bank. I
deposited amounts ranging from Rs. 25 lakh on different occasions. Over a two-month period, I
deposited a total amount of Rs. 10,27,700.”
🠶 The victim arranged the money from various sources.
🠶 He shared with his parents and friends the news of his overseas job.
🠶 According to the E-Mail, the victim received on 10 October 2010, he was supposed to catch a flight from
Indira Gandhi International Airport and a person was going to meet Arjun at the airport with a Visa and
an air ticket.
🠶
UNIT-V Cyber Crime Examples
🠶 Real-life Examples: Pune city police bust Nigerian racket.
🠶 During the correspondence, receipts with fake stamps (as it turned out later) and signatures
of the British High Commissioner were sent to victim.
🠶 When victim (Arjun) reached the airport, he found that there was no such person waiting for him. That is
when the victim realized that he had been cheated.
🠶 Arjun returned to Pune and tried to contact the concerned person but the concerned person
never replied to his mails.
🠶 Arjun then decided to approach the police.
UNIT-V Cyber Crime Examples
🠶 Real-life Examples: Pune city police bust Nigerian racket.
🠶 Inspector (Crime Branch) Solankar said“After receiving the complaint, we started
investigating the accounts in which Arjun had deposited the requested amounts of money.
🠶 We identified an account in the name Shailendra Soni in the Shivajinagar branch of Axis Bank. We sent a
team to Govandi and laid a trap for him.”
🠶 After the inquiry, the Police discovered that Soni was asked by someone called “Sharma” for
permission to use his account.
🠶 Police nabbed Sharma in Mira-Bhayandar.
🠶 The investigation revealed thatsomeone hailing from Nigeria asked them to commit
the crime. He offered 7% of the total amount to Sharma.
🠶 Sharma, in turn, got Soni’s help by offering him a 5% commission.
🠶 Sharma had met the suspected foreign national several times and they had been running this racket for
many years.
🠶 Sharma has various cheating crimes registered to his name.
🠶 The Police took up the investigation aimed at finding out other crimes committed by this gang.
UNIT-V Mini-Cases
🠶 The Indian case of online gambling
🠶 There are millions of websites, hosted on many servers, to offer online gambling
services.
🠶 It is believed that many of these websites are actually fronts for “money laundering.” Fraud cases of
“Hawala” dealings money mis-deals over the Internet have been reported in the past.
🠶 It is not yet fully known if these sites have any relationship with drug trafficking.
🠶 Recent Indian case about cyber lotto is very interesting.
🠶 Kola Mohan was the man who invented the story of winning the Euro Lottery.
🠶 He created a website and an E-Mail address on the Internet with the address
“eurolottery@usa.net.”
🠶 Whenever accessed, the site would declare him as the recipient of the 12.5 million pound.
UNIT-V Mini-Cases
🠶 The Indian case of online gambling
🠶 A Telugu newspaper published this as news after confirmation.
🠶 Meanwhile, Kola Mohan collected large sums of money from the public as well as from some banks for
mobilization of the deposits in foreign currency.
🠶 He could have gone on merrily.
🠶 The fraud, however, got exposedwhen a discounted cheque from Kola Mohan with
the
Andhra Bank for Rs.1.73 million bounced.
🠶 Kola Mohan had pledged with Andhra Bank the copy of a bond certificate purportedly issued by
Midland Bank, Sheffields, London stating that a term deposit of 12.5 million was held in his name.
UNIT-V Mini-Cases
🠶 An Indian case of intellectual property crime
🠶 Bharti Cellular Ltd. made a case in the Delhi High Court with a complaint that some cybersquatters had
registered domain names such as barticellular.com and bhartimobile.com with network solutions under
different fictitious names.
🠶 The court ordered Network Solutions not to transfer the domain names in question to any third party
and the matter was sub-judice. Similar issues were brought to various High Courts earlier.
🠶 Yahoo had sued a man called Akash Arora for use of the domain name “Yahooindia.Com”
deceptively similar to its “Yahoo.com.”
🠶 As this case was governed by the Trade Marks Act 1958, the additional defense taken against Yahoo’s
legal action for the interim order was that the Trade Marks Act was applicable only to goods.
UNIT-V Mini-Cases
🠶 Illustrations of financial frauds in cyber domain.
🠶 Here provided varions illustrations of banking frauds (including credit card-related crimes),
online gambling, IPR crimes, digital media piracy, hacking,computer frauds, website
attacks, counterfeit hardware, malicious use of the Internet, social networking victims, etc.
🠶 Banking-Related Frauds
🠶 Credit Card-Related Frauds
🠶 Other Illustrations
UNIT-V Mini-Cases
🠶 Illustrations of financial frauds in cyber
domain.
Illustration No. Title Topic
1 Stolen Credit Card Information Phishing and credit card frauds (banking frauds)