Module - 1

Module-1
Introduction to Cybercrime
Cybercrime: Definition of Origins of the Word:
"A crime conducted in which a computer was directly and significantly instrumental."
This definition is not universally accepted. It, however, initiates further discussion to narrow the
scope of the definition for "cybercrime": for example, we can propose the following alternative
definitions of computer crime:
1. Any illegal act where a special knowledge of computer technology is essential for its
perpetration, investigation or prosecution.
2. Any traditional crime that has acquired a new dimension or order of magnitude through
the aid of a computer, and abuses that have come into being because of computers.
3. Any financial dishonesty that takes place in a computer environment.
4. Any threats to the computer itself, such as theft of hardware or software, sabotage and
demands for ransom.
Here is yet another definition:
"Cybercrime (computer crime) is any illegal behavior, directed by means of electronic
operations, that targets she security of computer systems and the data processed by them." Note
that in a wider sense, "computer-related crime" can be any illegal behavior committed by means
of, or in relation to, a computer system or network; however, this is not cybercrime.
Statute and treaty law both refer to "cybercrime." The term "cybercrime" relates to a number of
other terms that may sometimes be used interchangeably to describe crimes committed using
computers. Computer-related. crime, Computer crime, Internet crime, E-crime, High-tech crime,
etc. are the other synonymous terms. Cybercrime specifically can be defined in a number of
ways; a few definitions are:
1. A crime committed using a computer and the Internet to steal a person's identity (identity
theft) or sell contraband or stalk victims or disrupt operations with malevolent programs.
2. Crimes completed either on or with a computer.
3. Any illegal activity done through the Internet or on the computer.
4. All criminal activities done using the medium of computers, the Internet, cyberspace and
the WWW.
According to one information security glossary, cybercrime is any criminal activity which uses
network access to commit a criminal act. Opportunities for the exploitation due to weaknesses in
information security are multiplying because of the exponential growth of Internet. Cybercrime
may be internal or external, with the former easier to perpetrate. The term "cybercrime" has
evolved over the past few years since the adoption of Internet connection on a global scale with

PROF. NARENDRA N & PROF. SWATHI N, CSE, NCET 1

Module - 1

hundreds of millions of users. Cybercrime refers to the act of performing a criminal act using
cyberspace as the communications vehicle.
Some people argue that a cybercrime is not a crime as it is a crime against software and not
against a person or property. However, while the legal systems around the world scramble to
introduce laws to combat cyber-criminals.
Two types of attack are prevalent:
1. Techno-crime: A premeditated act against a system or systems, with the intent to copy,
steal, prevent access, corrupt or otherwise deface or damage parts of or the complete
computer system. The 24 x 7 connection to the Internet makes this type of cybercrime a
real possibility to engineer from anywhere in the world, leaving few; if any, "finger
prints."
2. Techno-vandalism: These acts of "brainless" defacement of websites and/or other
activities, such as copying files and publicizing their contents publicly, are usually
opportunistic in nature. Tight internal security, allied to strong technical safeguards,
should prevent the vast majority of such incidents.
Cybercrimes (harmful acts committed from or against a computer or network) differ from most
terrestrial crimes in four ways:
(a) how to commit them is easier to learn,
(b) they require few resources relative to the potential damage caused,
(c) they can be committed in a jurisdiction without being physically present in it and
(d) they are often not clearly illegal.
The term cybercrime has some stigma attached and is notorious due to the word "terrorism" or
"terrorist" attached with it, that is, cyberterrorism.

Cyberterrorism
It is defined as "any person, group or organization who, with terrorist intents, utilizes access or
aids in accessing a computer or computer network or electronic system or electronic device by
any available means, and thereby knowingly engages in or attempts to engage in a terrorist act
commits the offence of cyberterrorism." Cybercrime, especially through the Internet, has grown
in number as the use of computer has become central to commerce, entertainment and
government.

Cyberspace
It is a worldwide network of computer networks that uses the Transmission Control
Protocol/Internet Protocol (TCP/P for communication to facilitate transmission and exchange of
data. A common factor in almost all definitions of cyberspace is the sense of place that they
convey

PROF. NARENDRA N & PROF. SWATHI N, CSE, NCET 2

Module - 1

- cyberspace is most definitely a place where you chat. explore, research and play. This is a term
coined by William Gibson, a science fiction writer, in his Sci-fi novel Neuromancer (published
in 1984) - he suggested it as a "consensual hallucination." According to his vision about near-
future

PROF. NARENDRA N & PROF. SWATHI N, CSE, NCET 3

Module - 1

computer network (as at the time when he coined the term in 1984), "cyberspace" is where users
mentally travel through matrices of data. Conceptually, "cyberspace" is the "nebulous place"
where humans interact over computer networks.

Cybersquatting
It is a practice of buying domain name that have existing business name. it is done with the intent
to sell those domain name to earn profit.
Ex: WWW.Flipkart.com - Authorized
WWW.Flipcart.com – Unauthorized (fake)

Cyberpunk
According to science fiction literature, the words "cyber" and "punk” emphasize the two basic
aspects of cyberpunk: "technology" and "individualism." The term "cyberpunk" could mean
something like "anarchy via machines" or "machine/computer rebel movement." This word first
appeared as the title of a short story "Cyberpunk" by Bruce Bethke, published in science fiction
stories magazine, AMAZING, Vol. 57. No. 4, November 1983. It is quite interesting to note that
the word was coined in the early spring of 1980, and applied to the "bizarre, hard-edged, high-
tech" science fiction emerging in the 1980s. The story is about a bunch of teenage
hackers/crackers. The idea behind calling it "cyber-punk" was to invent a new term that will
express the juxtaposition of punk attitudes and high technology. For the terms "hackers",
"crackers" and others.

Cyberwarfare
It means information warriors unleashing vicious attacks against an unsuspecting opponent's
computer networks, wreaking havoc and paralyzing nations. This perception seems to be correct
as the terms cyberwarfare and cyberterrorism have got historical connection in the context of
attacks against infrastructure. The term "information infrastructure" refers to information
resources, including communication systems that support an industry, institution or population.
Cyberattacks are often presented as threat to military forces and the Internet has major
implications for espionage and warfare.

Cybercrime and Information Security

Lack of information security gives rise to cybercrimes. Let us refer to the amended Indian
Information Technology Act (ITA) 2000 in the context of cybercrime. From an Indian
perspective, the new version of the Act (referred to as IT 2008) provides a new focus on
"Information Security in India."
"Cybersecurity” means protecting information, equipment, devices, computer, computer
resource, communication device and information stored therein from unauthorized access, use,
disclosure, disruption, modification or destruction. The term incorporates both the physical
security of devices

PROF. NARENDRA N & PROF. SWATHI N, CSE, NCET 4

Module - 1

as well as the information stored therein. It covers protection from unauthorized access, use,
disclosure, disruption, modification and destruction.
Where financial losses to the organization due to insider crimes are concerned (e.g.. leaking
customer data), often some difficulty is faced in estimating the losses because the financial
impacts may not be detected by the victimized organization and no direct costs may be
associated with the data theft. The 2008 CSI Survey on computer crime and security supports
this. Cybercrimes occupy an important space in information security domain because of their
impact. For anyone trying to compile data on business impact of cybercrime, there are number of
challenges.
One of them comes from the fact that organizations do not explicitly incorporate the cost of the
vast majority of computer security incidents into their accounting as opposed to, say, accounting
for the "shrinkage” of goods from retail stores.
The other challenge comes from the difficulty in attaching a quantifiable monetary value to the
corporate data and yet corporate data get stolen/last. Because of these reasons, reporting of
financial losses often remains approximate. In an attempt to avoid negative publicity, most
organizations abstain from revealing facts and figures about "security incidents" including
cybercrime.
In general, organizations perception about "insider attacks" seems to be different than that made
out by security solution vendor. However, this perception of an organization does not seem to be
true as revealed by the 2008 CSI Survey: Awareness about "data privacy" too tends to be low in
most organizations. When we speak of financial losses to the organization and significant insider
crimes, such as leaking customer data, such "crimes" may not be detected by the victimized
organization and no direct costs may be associated with the theft.

Who are Cybercriminals?

Cybercrime involves such activities as child pornography: credit card fraud; cyberstalking;
defaming another online, gaining unauthorized access to computer systems ignoring copyright,
software licensing and trademark protection; overriding encryption to make illegal copies;
software piracy and stealing another's identity (known as identity theft) to perform criminal acts,
Cybercriminals are those who conduct such acts. They can be categorized into three groups that
reflect their motivation:
1. Type I: Cybercriminals - hungry for recognition
 Hobby hackers;
 IT professionals (social engineering is one of the biggest threat);
 politically motivated hackers;
 terrorist organizations.
2. Type Il: Cybercriminals - not interested in recognition
 Psychological perverts;
 financially motivated hackers (corporate espionage);

PROF. NARENDRA N & PROF. SWATHI N, CSE, NCET 5

Module - 1

 state-sponsored hacking (national espionage, sabotage):

PROF. NARENDRA N & PROF. SWATHI N, CSE, NCET 6

Module - 1

 organized criminals.
3. Type III: Cybercriminals - the insiders
 Disgruntled or former employees seeking revenge;
 competing companies using employees to gain economic advantage through damage
and/or theft.

Classifications of Cybercrimes
Crime is defined as "an act or the commission of an act that is forbidden, or the omission of a duty
that is commanded by a public law and that makes the offender liable so punishment by that law".
Cybercrimes are classified as follows:
1. Cybercrime against individual
 Electronic mail (E-Mail) Spoofing and other online frauds
 Phishing, Spear Phishing and its various other forms such as Vishing and Smishing
 Spamming
 Cyberdefamation
 Gyberstalking and harassment
 Computer sabotage
 Pornographic offenses
 Pastond sniffing: This also belongs to the category of cybercrimes against organization
because the use of password could be by an individual for his/her personal work or the
work he/she is doing using a computer that belongs to an organization.
2. Cybercrime against property
 Credit card fraud
 Iniellectual property (IP) crimes: Basically, IP crimes include software piracy, copyright
infringe. ment, trademarks violations, theft of computer source code, etc.
 Internet time theft
3. Cybercrime against organization
 Unauthorized accessing of computer: Hacking is one method of doing this and hacking is
a punishable offense
 Password sniffing
 Denial-of-service attacks (known as DoS attacks)
 Virus attack/dissemination of viruses
 E-Mail bombing/mail bombs
 Salami attack/Salami technique
 Logic bomb
 Trojan Horse
 Data diddling
 Crimes emanating from Usenet newsgroup
 Industrial spying / industrial espionage

PROF. NARENDRA N & PROF. SWATHI N, CSE, NCET 7

Module - 1

 Computer network intrusions

 Software piracy
4. Cybercrime against Society
 Forgery
 Cyberterrorism
 Web jacking
5. Crimes emanating from Usenet newsgroup: By its very nature, Usenet groups may
carry very offensive, harmful, inaccurate or otherwise inappropriate material, or in some
cases, postings that have been mislabeled or are deceptive in another way. Therefore, it is
expected that you will use caution and common sense and exercise proper judgment when
using Usenet, as well as use the service at your own risk.
Let us take a brief look at some of the cybercrime forms mentioned above:

1. E-Mail Spoofing
A spoofed E-Mail is one that appears to originate from one source but actually has been sent
from another source. For example, let us say, Roopa has an E-Mail address
[email protected]. Let us say her brother Suresh and she happen to have a show down.
Then Suresh, having become her enemy, spoofs her E-Mail and sends obscene/vulgar
messages to all her acquaintances. Since the E-Mails appear to have originated from Roopa,
her friends could take offense and relationships could be spoiled for life.

2. Spamming
People who create electronic Spam are called spammers. Spam is the abuse of electronic
messaging systems (including most broadcast media, digital delivery systems) to send
unsolicited bulk messages indiscriminately. Although the most widely recognized form of
Spam is E-Mail Spam, the term is applied to similar abuses in other media: Instant messaging
Spam, Usenet newsgroup Spam, web search engine Spam, Spam in blogs, wiki Spam, online
classified ads Spam, mobile phone messaging Spam, Internet forum Spam, junk fax
transmissions, social networking Spam, file sharing network Spam, video sharing sites, etc.
Another definition of spamming is in the context of "search engine spamming." In this
context, spamming is alteration or creation of a document with the intent to deceive an
electronic catalog or a filing system. Some web authors use "subversive techniques" to
ensure that their site appears more frequently or higher number in returned search results -
this is strongly discouraged by search engines and there are fines? penalties associated with
the use of such subversive techniques. Those who continually attempt to subvert or. Spam the
search engines may be permanently excluded from the search index. Therefore, the following
web publishing techniques should be avoided:
1. Repeating keywords;
2. use of keywords that do not relate to the content on the site.
3. use of fast meta refresh;

PROF. NARENDRA N & PROF. SWATHI N, CSE, NCET 8

Module - 1

4. redirection;
5. IP Cloaking,
6. use of colored text on the same color background;
7. tiny text usage;
8. duplication of pages with different URIs;
9. hidden links:
10. use of different pages that bridge to the same URL (gateway pages).
3. Cyberdefamation
“Whoever, by words either spoken or intended to be read, or by signs or by visible
representations, makes or publishes any imputation concerning any person intending to harm,
or knowing or having reason to believe that such imputation will harm, the reputation of such
person, is said, except in the cases hereinafter expected, to defame that person."
Cyberdefamation happens when the above takes place in an electronic form. In other words,
"cyberdefamation" occurs when defamation takes place with the help of computers and for
the Internet, for example, someone publishes defamatory matter about someone on a website
or sends an E-Mail containing defamatory information to all friends of that person.
According to the IPC Section 499:
1. It may amount to defamation to impute anything to a deceased person, if the imputation
would harm the reputation of that person if living, and is intended to be hurtful to the
feelings of his family or other near relatives.
2. It may amount to defamation to make an imputation concerning a company or an
association or collection of persons as such.
3. An imputation in the form of an alternative or expressed ironically, may amount to
defamation.
4. No imputation is said to harm a person's reputation unless that imputation directly or
indirectly, in the estimation of others, lowers the moral or intellectual character of that
person, or lowers the character of that person in respect of his caste or of his calling, or
lowers the credit of that person, or causes it to be believed that the body of that person is
in a loathsome state or in a state generally considered as disgraceful.
4. Internet Time Theft
Such a theft occurs when an unauthorized person uses the Internet hours paid for by another
person. Basically, Internet time theft comes under hacking because the person who gets
access to someone else's ISP user ID and password, either by hacking or by gaining access to
it by illegal means, uses it to access the Internet without the other person's knowledge.
However, one can identify time theft if the Internet time has to be recharged often, even
when one's own use of the Internet is not frequent. The issue of Internet time theft is related
to the crimes conducted through "identity theft

5. Salami Attack/Salami Technique

PROF. NARENDRA N & PROF. SWATHI N, CSE, NCET 9

Module - 1

These attacks are used for committing financial crimes. The idea here is to make the
alteration so insignificant that in a single case it would go completely unnoticed; for example
a bank employee inserts a program, into the banks servers, that deducts a small amount of
money (say 2/- or a few cents in a month) from the account of every customer.
No account holder will probably notice this unauthorized debit, but the bank employee will.
make a sizable amount every month.

6. Data Diddling
A data diddling attack involves altering raw data just before it is processed by a computer
and then changing it back after the processing is completed. Electricity Boards in India have
been victims to data diddling programs inserted when private parties computerize their
systems.

7. Forgery
Counterfeit currency notes, postage and revenue stamps, marksheets, etc, can be forged using
sophisticated computers, printers and scanners. Outside many colleges there are miscreants
soliciting the sale of fake marksheets or even degree certificates. These are made using
computers and high quality scanners and printers. In fact, this is becoming a booming
business involving large monetary amount given to student gangs in exchange for these
bogus but authentic looking certificates.

8. Web Jacking
Web jacking occurs when someone forcefully takes control of a website (by cracking the
password and later changing it). Thus, the first stage of this crime involves "password
sniffing." The actual owner of the website does not have any more control over what appears
on that website.

9. Newsgroup Spam/Crimes Emanating from Usenet Newsgroup

As explained earlier, this is one form of spamming. The word "Spam" was usually taken to
mean excessive multiple posting (EMP). The advent of Google Groups, and its large Usenet
archive, has made Usenet more attractive to spammers than ever. Spamming of Usenet
newsgroups actually predates E-Mail Spam. The first widely recognized Usenet Spam cited
Global Alert for Al: Jesus is Coming Soon (though not the most famous) was posted on 18
January 1994 by Clarence L. Thomas IV, a sysadmin at Andrews University. It was a
fundamentalist religious tract claiming chat "his world's history is coming to a climax." The
newsgroup posting Bot Serdar Argic also appeared in early 1994, posting tens of thousands
of messages to various newsgroups, consisting of identical copies of a political screed
relating to the Armenian Genocide.

10. Industrial Spying/Industrial Espionage

PROF. NARENDRA N & PROF. SWATHI N, CSE, NCET 10

Module - 1

Spying is not limited to governments. Corporations, like governments, often spy on the
enemy. The Internet and privately networked systems provide new and better
opportunities for

PROF. NARENDRA N & PROF. SWATHI N, CSE, NCET 11

Module - 1

espionage. "Spies" can get information about product finances, research and development
and marketing strategies, an activity known as "industrial spying." However, cyberspies
rarely leave behind a trail. Industrial spying is not new; in fact it is as old as industries
themselves. The use of the Internet to achieve this is probably as old as the Internet itself.
Traditionally, this has been the reserved hunting field of a few hundreds of highly skilled
hackers, contracted by high-profile companies or certain governments via the means of
escrow organizations (it is said that they get several hundreds of thousands of dollars,
depending on the "assignment").

11. Hacking
The purpose of hacking is many, the main one are as follows:
Greed, power, publicity, revenge, adventure, desire to access forbidden information,
destructive mindset.
Every act committed toward breaking into a computer and/or network is hacking and it is an
offense. Hackers write or use ready-made computer programs to attack the target computer.
They possess the desire to destruct and they get enjoyment out of such destruction. Some
hackers hack for personal monetary gains, such as stealing credit card information,
transferring money from various bank accounts to their own account followed by withdrawal
of money. They extort money from some corporate giant threatening him to publish the stolen
information that is critical in nature. Government websites are hot on hackers' target lists and
attacks on Government websites receive wide press coverage.
Hackers, crackers and phrackers are some of the oft-heard terms. The original meaning of the
word "hack" meaning an elegant, witty or inspired way of doing almost anything originated
at MIT. The meaning has now changed to become something associated with the breaking
into or harming of any kind of computer or telecommunications system. Some people claim
that those who break into computer systems should ideally be called "crackers" and those
targeting phones should be known as "phreaks".

12. Online Frauds

Online Scams. There are a few major types of crimes under the category of hacking:
Spoofing website and E-Mail security alerts, hoax mails about virus threats, lottery frauds
and Spoofing.
In Spoofing websites and E-Mail security threats, fraudsters create authentic
looking websites that are actually nothing but a spoof. The purpose of these websites is to
make the user enter personal information which is then used to access business and bank
accounts. Fraudsters are increasingly turning to E-Mail to generate traffic to these websites.
This kind of online fraud is common in banking and financial sector. There is a rise in the
number of financial institutions' customers who receive such E-Mails which usually contain a
link to a spoof website and mislead users to enter user ids and passwords on the pretence that
security details can be updated or passwords changed. It is wise to be alert and careful about

PROF. NARENDRA N & PROF. SWATHI N, CSE, NCET 12

Module - 1

E-Mails containing an embedded link, with a request for you to enter secret details. It is
strongly

PROF. NARENDRA N & PROF. SWATHI N, CSE, NCET 13

Module - 1

recommended not so input any sensitive information that might help criminals to gain access
to sensitive information, such as bank account details, even if the page appears legitimate.
In virus hoax E-Mails, the warnings may be genuine, so there is always a dilemma whether to
take them lightly or seriously. A wise action is to first confirm by visiting an antivirus site
such as McAfee, Sophos or Symantec before taking any action, such as forwarding them to
friends and colleagues
Lottery frauds are typically letters or E-Mails that inform the recipient that he/she has won a
prize in a lottery. To get the money, the recipient has to reply, after which another mail is
received asking for bank details so that the money can be directly transferred. The E-Mail
also asks for a processing fee/handling fee. Of course, the money is never transferred in this
case; the processing fee is swindled and the banking details are used for other frauds and
scams.
“Spoofing” means illegal intrusion, posing as a genuine user. A hacker logs-in co a computer
illegally, using a different identity than his own. He is able to do this by having previously
brained the actual pass-word. He creates a new identity by fooling the computer into thinking
that the hacker is the genuine system operator and then hacker then takes control of the
system. He can commit innumerable number of frauds using this false identity.

13. Pornographic Offenses

Child pornography" means any visual depiction, including but not limited to the following.
1. Any photograph that can be considered obscene and/or unsuitable for the age of child
viewer;
2. film, video, picture;
3. computer-generated image or picture of sexually explicit conduct where the production of
such visual depiction involves the use of a minor, engaging in sexually explicit conduct.
Child pornography is considered an offense. Unfortunately, child pornography is a reality of
the Internet, The Internet is being highly used by its abusers to reach and abuse children
sexually, worldwide. In India too, the Internet has become a household commodity in the
urban areas of the nation. Is explosion has made the children a viable victim to the
cybercrime. As the broad-band connections get into the reach of more and more homes,
larger child population will be using the Internet and therefore greater would be the chances
of falling victim to the aggression of pedophiles. "Pedophiles” are people who physically or
psychologically coerce minors to engage in sexual activities, which the minors would not
consciously consent to. Here is how pedophiles operate:
Step 1: Pedophiles use a false identity to trap the children/teenagers (using "false identity"
which in itself is another crime called "identity theft").
Step 2: They seek children/teens in the kids' areas on the services, such as the Teens BB.
Games BB or chat areas where the children gather.

PROF. NARENDRA N & PROF. SWATHI N, CSE, NCET 14

Module - 1

Step 3. They befriend children/teens.

PROF. NARENDRA N & PROF. SWATHI N, CSE, NCET 15

Module - 1

Step 4: They extract personal information from the child/teen by winning his/her confidence.
Step 5t Pedophiles get E-Mail address of the child/teen and start making contacts on the
victim's E-Mail address as well. Sometimes, these E-Mails contain sexually explicit
language.
Step 6: They start sending pornographic images/text to the victim including child
pornographic images in order to help child/teen shed his/her inhibitions so that a feeling is
created in the mind of the victim that what is being fed to him is normal and that everybody
does it.
Step 7: At the end of it, the pedophiles set up a meeting with the child/teen out of the house
and then drag him/her into the net to further sexually assault him/her or to use him/her as a
sex object.

14. Software Piracy

Cybercrime investigation cell of India defines "software piracy" as theft of software
through the illegal copying of genuine programs or the counterfeiting and distribution of
products intended to pass for the original”. There are many examples of software piracy: end-
user copying - friends loaning disks to each other, or organizations under-reporting the
number of software installations they have made, or organizations not tracking their software
licenses, hard disk loading with illicit means - hard disk vendors load pirated software;
counterfeiting - large-scale duplication and distribution of illegally copied software; illegal
downloads from the Internet - by intrusion, by cracking serial numbers, etc.
Beware that those who buy pirated software have a lot to lose:
(a) getting untested software that may have been copied thousands of times over,
(b) the software, if pirated, may potentially contain hard-drive-infecting viruses,
(c) there is no technical support in the case of software failure, that is, lack of technical
product support available to properly licensed users,
(d) there is no warranty protection,
(e) there is no legal right to use the product, etc.

15. Computer Sabotage

The use of the Internet to hinder the normal functioning of a computer system through
the introduction of worms, viruses or logic bombs, is referred to as computer sabotage. It can
be used to gain economic advantage over a competitor, to promote the illegal activities of
terrorists or to steal data or programs for extortion purposes. Logic bombs are event-
dependent programs created to do something only when a certain event (known as a trigger
event) occurs. Some viruses may be termed as logic bombs because they lie dormant all
through the year and become active only on a particular date.

PROF. NARENDRA N & PROF. SWATHI N, CSE, NCET 16

Module - 1

16.E-Mail Bombing/ Mail Bombs

PROF. NARENDRA N & PROF. SWATHI N, CSE, NCET 17

Module - 1

E-Mail bombing refers to sending a large number of E-Mails to the victim to crash victim's
E- Mail account (in the case of an individual) or to make victim's mail servers crash (in the
case of a company or an E-Mail service provider). Computer program can be written to
instruct a computer to do such tasks on a repeated basis. In recent times, terrorism has hit the
Internes in the form of mail bombings. By instructing a computer to repeatedly send E-Mail
to a specified person's E-Mail address, the cybercriminal can overwhelm the recipient's
personal account and potentially shut down entire systems. This may or may not be illegal,
but it is certainly disruptive.

17. Usenet Newsgroup as the Source of Cybercrimes

Usenet is a popular means of sharing and distributing information on the Web with respect to
specific topic or subjects. Usenet is a mechanism that allows sharing information in a many-
to-many manner. The newsgroups are spread across 30,000 different topics. In principle, it is
possible to prevent the distribution of specific newsgroup. In reality, however, there is no
technical method available for controlling the contents of any newsgroup. It is merely subject
to self-regulation and net etiquette. It is feasible to block specific news-groups, however, this
cannot be considered as a definitive solution to illegal or harmful content. It is possible to put
Usenet to following criminal use:
1. Distribution/sale of pornographic material;
2. distribution/sale of pirated software packages;
3. distribution of hacking software;
4. sale of stolen credit card numbers.
5. sale of stolen data/stolen property.

18. Computer Network Intrusions

Computer Networks pose a problem by way of security threat because people can get into
them from anywhere.
The popular movie "War Games" illustrated an extreme but useful example of this.
"Crackers" who are often misnamed "Hackers” can break into computer systems from
anywhere in the world and steal data, plant viruses, create backdoors, insert Trojan Horses or
change user names and passwords. Network intrusions are illegal, but detection and
enforcement are difficult. Current laws are limited and many intrusions go undetected.
The cracker can bypass existing password protection by creating a program to capture logon
IDs and passwords. The practice of "strong password" is therefore important. Importance of
passwords and password rules explains about password cracking tools in the context of
vulnerability scanning and penetration testing.

19. Password Sniffing

PROF. NARENDRA N & PROF. SWATHI N, CSE, NCET 18

Module - 1

Password Sniffers are programs that monitor and record the name and password of network
users as they login, jeopardizing security at a site. Whoever installs the Sniffer can then
impersonate an authorized user and login to access restricted documents. Laws are not yet set
up to adequately prosecute a person for impersonating another person online. Laws designed
to prevent unauthorized access to information may be effective in apprehending crackers
using Sniffer programs. "Password cracking" and "password sniffing".

20. Credit Card Frauds

Information security requirements for anyone handling credit cards have been increased
dramatically recently.
Millions of dollars may be lost annually by consumers who have credit card and calling card
numbers stolen from online databases. Security measures are improving, and traditional
methods of law enforcement seem to be sufficient for prosecuting the thieves of such
information. Bulletin boards and other online services are frequent targets for hackers who
want to access large databases of credit card information. Such attacks usually result in the
implementation of stronger security systems. Security of cardholder data has become one of
the biggest issues facing the payment card industry.
Payment Card Industry Data Security Standard (PCI-DSS) is a set of regulations developed
jointly by the leading card schemes to prevent cardholder data theft and to help combat
credit card fraud. We urge readers to visit the PCI-DSS-related URLs.

21. Identity Theft

Identity theft is a fraud involving another person identity for an illicit purpose. This occurs
when a criminal uses someone else's identity for his/her own illegal purposes. Phishing and
identity theft are related offenses. Examples include fraudulently obtaining credit, stealing
money from the victim's bank accounts, using the victim's credit card number (recall the
discussion in the previous section about credit card frauds), establishing accounts with utility
companies, renting an apartment or even filing bankruptcy using the victim's name. The
cyber impersonator can steal unlimited funds in the victim's name without the victim even
knowing about it for months, sometimes even for years!
Thus far, we have provided an overview of various types of well-known cybercrimes. In
most cybercrime forms, computers and/or other digital devices end up getting used as one or
a combination of the following:
1. As the tool for committing cybercrime;
2. crime involving attack against the computer;
3. use for storing information related to cybercrime/information useful for committing
cybercrime.

PROF. NARENDRA N & PROF. SWATHI N, CSE, NCET 19

Module - 1

Cybercrimes: An Indian Perspective

India has the fourth highest number of Internet users in the world. According to the statistics posted on the site http://www.iamai.in/), there are 45 million Internet users in India, 37% of all Internet accesses happen from
cybercafes and 57% of Indian Internet users are between 18 and 35 years. The population of educated youth is high in India. It is reported that compared to the year 2006, cybercrime under the Information Technology (IT)
Act recorded a whopping 50% increase in the year 2007." A point to note is that the majority of offenders were under 30 years. The maximum cybercrime cases, about 46%, were related to incidents of cyber pornography,
followed by hacking. In over 60% of these cases, offenders were between 18 and 30 years, according to the "Crime in 2007" report of the National Crime Record Bureau (NCRB).

The Indian Government is doing its best to control cybercrimes. For example, Delhi Police have now trained 100 of its officers in handling cybercrime and placed them in its Economic Offences Wing. As at the time of
writing chis, the officers were trained for 6 weeks in computer hardware and software, computer networks comprising data communication networks, network protocols, wireless networks and network security.

Cybercrimes: Cases of Various Categories under ITA 2000

217 cases were registered under IT Act during the year 2007 as compared to 142 cases during the previous year (2006), thereby reporting an increase of 52.B% in 2007 over 2006. 22.3% cases (49 out of 217 cases) were
reported from Maharashtra followed by Karnataka (40), Kerala (38) and Andhra Pradesh and Rajasthan (16 each).

45.6% (99 cases of the total 217 cases registered under IT 2000 were related to obscene publication/transmission in electronic form, known as cyber pornography. 86 persons were arrested for committing such offenses during
2007. There were 76 cases of hacking with computer system during the year wherein 48 persons were arrested. Out of the total (76] hacking cases, the cases relating to loss/damage of computer resource/utility under Section
66[1) of the IT Act were 39.5% (30 cases] whereas the cases related to hacking under Section 66[2] of IT Act were 60.5% (46 cases).

Maharashtra (19) and Kerala (4) registered maximum cases under Section 66[1) of the IT Act out of total 30 such cases at the National level. Out of the total 46 cases relating to hacking under Section 66(2). most of the cases
(31| were reported from Karnataka followed by Kerala
(7) and Andhra Pradesh (3). 29.9% of the 154 persons arrested in cases relating to ITA 2000 were from Maharashtra (46) followed by Karnataka and Madhya Pradesh (16 each). The age- wise profile of persons arrested h
cybercrime cases under ITA 2000 showed that 63.0% of the offenders were in the age group 18-30 years (97 out of 154) and 29.9% of the offenders were in the age group 30-45 years (46 out of 154).

Tami Nadu reported two offenders whose ages were below 18 years.

PROF. NARENDRA N & PROF. SWATHI N, CSE, NCET 20

Module - 1
India is said to be the "youth country" given the population age distribution. From the potential
resources perspective, this is supposed to be a great advantage: assuming that these youths will
get appropriate training to develop the required professional skills in them. However, from
cybercrime perspective, this youth aspect does not seem good as revealed by cybercrime statistic
in India. Crime head-wise and age-group-wise profile of the offenders arrested under ITA 2000
revealed that 55.8% (86 out of 154) of the offenders were arrested under *Obscene publication/
transmission in electronic form" of which 70.9% (61 out of 86] were in the age group 18-30
years 50% (24 out of 48) of the total persons arrested for "Hacking with Computer Systems"
were in the age group of 18-30 years.

CYBEROFFENSES: HOW CRIMINALS PLAN THEM

Introduction
Technology is a “double-edged sword” as it can be used for both good and bad purposes. People
with the tendency to cause damages or carrying out illegal activities will use it for bad purpose.
Computers and its tools they are used as either target of offense or means for committing an
offense.
In today’s world of Internet and computer networks, a criminal activity can be carried out across
national borders with “false sense of anonymity” without realizing, we seem to pass on
tremendous amount of information about ourselves i.e,Personally Identifiable Information such
as date of birth, personal E-Mail address, bank account details, and/or credit card details, etc.
Chapter 1 provided an overview of hacking, industrial espionage, network intrusions, password
sniffing, computer viruses, etc. They are the most commonly occurring crimes that target the
computer. Cybercriminal use the World Wide Web and Internet to an optimum level for all
illegal activities to store data, contacts, account information, etc. The criminals take advantage of
the widespread lack of awareness about cybercrimes and cyber laws among the people who are
constantly using the IT infrastructure for official and personal purposes. People who commit
cybercrimes are known as “Crackers”

Categories of Cybercrime
Cybercrime can be categorized based on the following:
 The target of the crime and
 Whether the crime occurs as a single event or as a series of events.
1. Crimes targeted at individuals: ‘The goal is to exploit human weakness such as greed and
naivery. These crimes include financial frauds, sale of non-existent or stolen items, child
pornography, copyright violation, harassment, etc. with the development in the IT and the
Internet; thus, criminals have a new tool that allows them to expand the pool of potential victims.
However, this also makes difficult to trace and apprehend the criminals.
2. Crimes targeted at property: This includes stealing mobile devices such as cell phone,
laptops personal digital assistant (PDAs), and removable Medias (CDs and pen drives);
transmitting harmful programs that can disrupt functions of the systems and/or can wipe out data
PROF. NARENDRA N & PROF. SWATHI N, CSE, NCET 21
Module - 1
from hard disk, and can create the malfunctioning of the attached devices in the system such as
modem, CD drive, etc
3. Crimes targeted at organizations: Cyberterrorism is one of the distinct crimes against
organizations/governments, Attackers (individuals or groups of individuals) use computer tools
and the Internet to usually terrorize the citizens of a particular country by stealing the private
information, and also to damage the programs and files or plant programs to get control of the
network and/or system.
4. Single event of cybercrime: It is the single event from the perspective of the victim. For
example, unknowingly open an attachment that may contain virus that will infect the system
(PC/laptop).This is known as hacking or fraud.
5. Series of events: This involves attacker interacting the victims repetitively. For example,
attacker interacts with the victim on the phone and/or via chat rooms to establish relationship
first and then they exploit that relationship to commit the sexual assault.
HOW CRIMINALS PLAN THE ATTACKS
Cybercriminals commit cybercrimes using different tools and techniques. But, the basic process
of performing the attacks is same in general.
The following phases are involved in planning cybercrime:

1. Reconnaissance (information gathering) is the first phase and is treated as passive attacks.
2. Scanning and scrutinizing the gathered information for the validity of the information
as well as to identify the existing vulnerabilities.
3. Launching an attack (gaining and maintaining the system access).
Reconnaissance is an act of exploring to find someone or something. Reconnaissance phase
begins with “Foot printing”. Foot printing involves gathering information about the target’s
environment to penetrate it. It provides an overview of system vulnerabilities. The objective of
this phase (reconnaissance) is to understand the system, its networking ports and services, and
any other related data.
An attacker attempts to gather information in two phases:
a) passive
b) Active

PASSIVE ATTACK

A passive attack involves gathering information about a target without his/her (individual’s or
company’s) knowledge. It can be as simple as watching a building to identify what time
employees enter the building premises. However, it is usually done using Internet searches or by
Googling (i.e., searching the required information with the help of search engine Google) an
individual or company to gain information.
1. Google or Yahoo search: People search to locate information about employees
2. Surfing online community groups like Orkut/Facebook will prove useful to gain
the information about an individual.
PROF. NARENDRA N & PROF. SWATHI N, CSE, NCET 22
Module - 1
3. Organization's website may provide a personnel directory or information about key
employees, for example, contact details, E-Mail address, etc. These can be used in a
social engineering attack to reach the target (see Section 2.3).

4. Blogs, newsgroups, press releases, etc. are generally used as the mediums to gain
information about the company or employee.

5. Going through the job postings in particular job profiles for technical persons can provide
information about type of technology, that is, servers or infrastructure devices a company
maybe using on its network.

TOOLS USED DURING PASSIVE ATTACKS

ACTIVE ATTACKS

1. This attack involves exploring the network to discover individual hosts to confirm the
data gathered using passive attacks.
2. This attack involves the risk of being detected and so it is called “Active
Reconnaissance”. This attack allows the attacker to know the security measures in place.
3. An active attack involves probing the network to discover individual hosts to confirm the
information (AP addresses, operating system type and version, and services on the network)
gathered in the passive attack phase.
PROF. NARENDRA N & PROF. SWATHI N, CSE, NCET 23
Module - 1
4. It involves the risk of detection and is also called “Rattling the doorknobs” or
“Active reconnaissance.”
5. Active reconnaissance can provide confirmation to an attacker about security measures in
place (e.g.. whether the front door is locked?), but the process can also increase the
chance of being caught or raise a suspicion.

TOOLS USED DURING ACTIVE ATTACKS

PROF. NARENDRA N & PROF. SWATHI N, CSE, NCET 24

Module - 1

SCANNING AND SCRUTINIZING GATHERED INFORMATION

Scanning is a key step to examine intelligently while gathering information about the target. The
objectives of scanning are as follows:
1. Port scanning: Identify open/close ports and services.
2. Network scanning: Understand IP Addresses and related information about the computer
network systems.
3. Vulnerability scanning: Understand the existing weaknesses in the system.
Scrutinizing is also called enumeration. 90% of the time in hacking is spent in
reconnaissance, scanning and scrutinizing information. The objectives are:

 Find valid user accounts or groups

 Find network resources or shared resources
 OS and different applications running on the target.

PORTS and PORTS SCANNING

A port is an interface on a computer to which one can connect a device. TCP/IP Protocol
suite made out of the two protocols, TCP and UDP, is used universally to communicate on
the Internet. Each of these has ports 0 through 65536 (ie., the range is from 2° to 2'¢ for
binary address calculation),
The port numbers are divided into three ranges:
1. Well-known ports (from 0 to 1023):
2. registered ports:
3. dynamic and/or private ports

Port Scanning
A “port” is a place where information goes info and out of a computer and so, with port
scanning. ‘one can identify open doors to a computer. Ports are basically entry/exit points that
any computer has, to be able to communicate with external machines. Each computer is
enabled with three or more external ports.

These are the ports used by the computer to communicate with the other computers, printer,
modem, mouse, video game, scanner, and other peripherals. The important characteristic
about these “external ports" is that they are indeed external and visible to the naked eye. Port
scanning is often one of the first things an attacker will do when attempting to penetrate a
particular computer. Tools such as Nmap offer an automated mechanism for an attacker to not
only scan the system to find out what ports are “open” (meaning being used), but also help to
identify what operating system (OS) is being used by the system.

PROF. NARENDRA N & PROF. SWATHI N, CSE, NCET 25

Module - 1

In “port scan," a host scans for listening ports on a single target host. In “port sweep,”" a host
scans multiple hosts for a specific listening port. The result of a scan on a port is usually
generalized into one of the following three categories:

1. Open or accepted: The host sent a reply indicating that a service is listening on the port.

2. Closed of not listening: The host sent a reply indicating that connections will be denied to
the port.

3. Filtered or blocked: There was no reply from the host.

TCP/IP suite of protocols is used to communicate with other computers for specific message
formats. ‘Most of these protocols are tied to specific port numbers that are used to transfer
particular message formats as data. Security administrators as well as attackers have a special
eye on few well-known ports and protocols associated with it there was no reply from the
host.

ATTACK (gaining and maintaining the system access)

After the scanning and enumeration, the attack is launched using the following steps:
1. Crack the password
2. Exploit the privileges
3. Execute the malicious commands/applications;
4. Hide the files (if required);
5. Cover the tracks — delete the access logs, so that there is no trail illicit activity.

SOCIAL ENGINEERING
Social engineering is the “technique to influence” and “persuasion to deceive” people to
obtain the information or perform some action. Social engineers exploit the natural tendency
of a person to trust social engineers! Word, rather than exploiting computer security holes. It
is generally agreed that people are the weak link in security and this principle makes social
engineering possible. A social engineer usually uses telecommunication (ie. telephone and/or
cell phone) or Internet to get them do something that is against the security practices and/or
policies of the organization.
It is an art of exploiting the trust of people, which is not doubted while speaking in a normal
manner. The goal of a social engineer is to fool someone into providing valuable
information or access to that information. Social engineer studies the human behavior so
that people will help because of the desire to be helpful, the attitude to trust people, and the
fear of getting into trouble. The sign of truly successful social engineers is that they receive
information without any suspicion. A simple example is calling a user and pretending to be
someone from the service desk working on a network issue; the attacker then proceeds to ask
questions about what the user is working on, what file shares he/she uses, what his/her

PROF. NARENDRA N & PROF. SWATHI N, CSE, NCET 26

 Module - 1

password is, and so on.

Classification of Social Engineering
Human-Based Social Engineering
Human-based social engineering refers to person-to-person interaction to get the
required/deposited information. An example is calling the help desk and trying to find out a
password.
1. Impersonating an employee or valid user: “Impersonation” (e.g., posing oneself as
an employee of the same organization) is perhaps the greatest technique used by social
engineers to deceive people. Social engineers “take advantage” of the fact that most
people are basically helpful, so it seems harmless to tell someone who appears to be
lost where the computer room is located, or to let someone into the building who
“forgot” his/her badge, etc., or pretending to be an employee or valid user on the
system.
2. Posing as an important user: ‘The attacker pretends to be an important user for
example, a Chief Executive Officer (CEO) or high-level manager who needs
immediate assistance to gain access to a system. The attacker uses intimidation so that
a lower-level employee such as a help-desk worker will help him/her in gaining access
to the system. Most of the low-level employees will not ask any question to someone
who appears to be in a position of authority.
3. Using a third person: An attacker pretends to have permission from an authorized
source to use a system. This trick is useful when the supposed authorized personnel is
on vacation or cannot be contacted for verification.
4. Calling technical support: Calling the technical support for assistance is a classic
social engineering example. Help-desk and technical support personnel are trained to
help users, which makes them good prey for social engineering attacks.
5. Shoulder surfing: It is a technique of gathering information such as usernames and
passwords by watching over a person's shoulder while he/she logs into the system,
thereby helping an attacker to gain access to the system.
6. Dumpster diving: It involves looking in the trash for information written on pieces of
paper or computer printouts. This is a typical North American term: it is used to
describe the practice of rummaging through commercial or residential trash to find
useful free items that have been discarded. It is also called dumpstering, binning,
trashing, garbing or garbage cleaning, “Scavenging” is another term to describe these
habits. In the UK, the practice is referred to as “binning” or “skipping” and the person
doing it is a “binner” or a “skipper.”

Computer-Based Social Engineering

Computer-based social engineering refers to an attempt made to get the required/deposited
information by using computer software/Internet. For example, sending a fake E-Mail to the
user and asking him/her to re-enter a password in a webpage to confirm it.
Fake E-Mails: ‘The attacker sends fake E-Mails (see Box 2.7) to numerous users in stitch that the
user finds it as. A legitimate mail. This activity is also called “Phishing” .

 It is an attempt to entice the Internet users (netizens) to reveal their sensitive personal
information, such as user names, passwords and credit card details by impersonating

PROF. NARENDRA N & PROF. SWATHI N, CSE, NCET 27

Module - 1

as a trustworthy and legitimate organization and/or an individual. Banks, financial

institutes and payment gateways are the common targets.
 Phishing is typically carried out through E-Mails or instant messaging and often
directs users to enter details at a website, usually designed by the attacker with abiding
the look and feel of the original website.
 Thus, Phishing is also an example of social engineering techniques used to fool
netizens. The term “Phishing” has been evolved from the analogy that Internet
scammers are using E-Mails lures to fish for passwords and financial data from the sea
of Internet users (ie.,netizens).
 The term was coined in 1996 by hackers who were stealing AOL Internet accounts by
scamming passwords without the knowledge of AOL users.

2. E-Mail attachments: E-Mail attachments are used to send malicious code to a

nietizens system, which will automatically (e.g., key logger utility to capture
passwords) get executed. Viruses, Trojans, and worms can be included cleverly into
the attachments to entice a victim to open the attachment. We will address key logger,
viruses, Trojans, and worms.

3. Pop-up windows: Pop-up windows are also used, in a similar manner to E-Mail
attachments. Pop-up windows with special offers or free stuff can encourage a user to
unintentionally install malicious software.

Social engineering indeed is a serious concern as revealed by the following past

statistics on numbers:

1. As per Microsoft Corporation recent (October 2007) research, there is an

increase in the number of security attacks designed to steal personal information (Pl)
ot the instances of tricking people to provide it through social engineering. According
to an FBI survey, on average 41% of security-related losses are the direct result of
employees stealing information from their companies. The average cost per internal
incident was US$ 1.8 million.

2. The Federal Trade Commission (FTC) report of 2005 shows that “more than
one million consumer fraud and ID theft complaints have been filed with federal,
state, and local law enforcement agencies and private organizations” (2005, Consumer
Fraud and Identity ‘Theft section, Para 1; we will discuss ID Theft in Chapter 5).

3. According to a 2003 survey (released on 2 April 2006 by the United States

Department of Justice (Identity Theft Hits Three Percent, Para 1)], “An estimated 3.6
million — or 3.1% — of American households became victims of ID theft in 2004.”
This means that now, more than ever, individuals are at a high risk of having their PI
stolen and used by criminals for their own personal gain.

 It is an attempt to entice the Internet users (netizens) to reveal their sensitive personal
information, such as user names, passwords and credit card details by impersonating
as a trustworthy and legitimate organization and/or an individual. Banks, financial

PROF. NARENDRA N & PROF. SWATHI N, CSE, NCET 28

Module - 1

institutes and payment gateways are the common targets.

 Phishing is typically carried out through E-Mails or instant messaging and often
directs users to enter details at a website, usually designed by the attacker with abiding
the look and feel of the original website.
 Thus, Phishing is also an example of social engineering techniques used to fool
netizens. The term “Phishing” has been evolved from the analogy that Internet
scammers are using E-Mails lures to fish for passwords and financial data from the sea
of Internet users (ie.,netizens).
 The term was coined in 1996 by hackers who were stealing AOL Internet accounts by
scamming passwords without the knowledge of AOL users.

4. E-Mail attachments: E-Mail attachments are used to send malicious code to a

nietizens system, which will automatically (e.g., key logger utility to capture
passwords) get executed. Viruses, Trojans, and worms can be included cleverly into
the attachments to entice a victim to open the attachment. We will address key logger,
viruses, Trojans, and worms.

5. Pop-up windows: Pop-up windows are also used, in a similar manner to E-Mail
attachments. Pop-up windows with special offers or free stuff can encourage a user to
unintentionally install malicious software.

Social engineering indeed is a serious concern as revealed by the following past

statistics on numbers:

4. As per Microsoft Corporation recent (October 2007) research, there is an

increase in the number of security attacks designed to steal personal information (Pl)
ot the instances of tricking people to provide it through social engineering. According
to an FBI survey, on average 41% of security-related losses are the direct result of
employees stealing information from their companies. The average cost per internal
incident was US$ 1.8 million.

5. The Federal Trade Commission (FTC) report of 2005 shows that “more than
one million consumer fraud and ID theft complaints have been filed with federal,
state, and local law enforcement agencies and private organizations” (2005, Consumer
Fraud and Identity ‘Theft section, Para 1; we will discuss ID Theft in Chapter 5).

6. According to a 2003 survey (released on 2 April 2006 by the United States

Department of Justice (Identity Theft Hits Three Percent, Para 1)], “An estimated 3.6
million — or 3.1% — of American households became victims of ID theft in 2004.”
This means that now, more than ever, individuals are at a high risk of having their PI
stolen and used by criminals for their own personal gain.

PROF. NARENDRA N & PROF. SWATHI N, CSE, NCET 29