UNIT- I: Introduction of Cybercrime: Types, The Internet spawns crime, Worms versus

viruses, Computers' roles in crimes, Introduction to digital forensics, Introduction to Incident -

Incident Response Methodology – Steps - Activities in Initial Response, Phase after detection
of an incident .

INTRODUCTION TO CYBERCRIME
India as we all know is the second most populous country in the world with population around
138 cores and out of which millions and millions of internet subscribers. According to telecom
regulatory Authority of India in March 2021 there are about 825.30 million active subscribers in
India. With their average data consumption over 20 GB a month. This is all possible because of
accessibility of internet and cheaper rates in India.

It is surprising to know that the first ever cybercrime was recorded in the year 1820. It is
believed and argued that cyber or digital crime in India started since 2005.

1.What is cybercrime?
Cybercrimes or digitalized crimes can be considered as the crimes that are committed using
electronic devices namely smart phones or interconnected computers. There can be variety of
motives to commit a cybercrime such as sexual exploitation prime fraud or even vengeance.
With the time the number of cybercrime cases in India are as well increasing with an
exponential number. This number is proportionate to the number of subscribers that are
increasing day by day. The Ministry of home affairs reported around 51,000 cybercrime cases in
the year 2020.

Cybercrime or a computer-oriented crime is a crime that includes a computer and a

network. The computer may have been used in the execution of a crime or it may be the target.

Cybercrime is the use of a computer as a weapon for committing crimes such as committing
fraud, identity theft, or breaching privacy. Cybercrime, especially through the Internet, has
grown in importance as the computer has become central to every field like commerce,
entertainment, and government. Cybercrime may endanger a person or a nation’s security and
financial health. Cybercrime encloses a wide range of activities, but these can generally be
divided into two categories: Crimes that aim at computer networks or devices. These types of
crimes involve different threats (like virus, bugs etc.) and denial-of-service (DoS) attacks.

Crimes that use computer networks to commit other criminal activities. These types of crimes
include cyber stalking, financial fraud or identity theft.

Classification of Cyber Crime:

Cyber Terrorism –

Cyber terrorism is the use of the computer and internet to perform violent acts that result in loss of life.
This may include different type of activities either by software or hardware for threatening life of
citizens.

In general, Cyber terrorism can be defined as an act of terrorism committed through the use of
cyberspace or computer resources.

∙ Cyber Extortion –

Cyber extortion occurs when a website, e-mail server or computer system is subjected to or threatened
with repeated denial of service or other attacks by malicious hackers. These hackers demand huge
money in return for assurance to stop the attacks and to offer protection.

* Cyber Warfare –

Cyber warfare is the use or targeting in a battle space or warfare context of computers, online control
systems and networks. It involves both offensive and defensive operations concerning to the threat of
cyber attacks, espionage and sabotage.

* Internet Fraud –

Internet fraud is a type of fraud or deceit which makes use of the Internet and could include hiding of
information or providing incorrect information for the purpose of deceiving victims for money or
property. Internet fraud is not considered a single, distinctive crime but covers a range of illegal and illicit
actions that are committed in cyberspace.

* Cyber Stalking –

This is a kind of online harassment wherein the victim is subjected to a barrage of online messages and
emails. In this case, these stalkers know their victims and instead of offline stalking, they use the Internet
to stalk. However, if they notice that cyber stalking is not having the desired effect, they begin offline
stalking along with cyber stalking to make the victims’ lives more miserable.

Challenges of Cyber Crime:

People are unaware of their cyber rights-

The Cybercrime usually happen with illiterate people around the world who are unaware about their
cyber rights implemented by the government of that particular country.

* Anonymity-

Those who Commit cyber crime are anonymous for us so we cannot do anything to that person.
 * Less numbers of case registered-

Every country in the world faces the challenge of cyber crime and the rate of cyber crime is
increasing day by day because the people who even don’t register a case of cyber crime and this
is major challenge for us as well as for authorities as well.

* Mostly committed by well educated people-

Committing a cyber crime is not a cup of tea for every individual. The person who commits
cyber crime is a very technical person so he knows how to commit the crime and not get caught
by the authorities.

* No harsh punishment-

In Cyber crime there is no harsh punishment in every cases. But there is harsh punishment in
some cases like when somebody commits cyber terrorism in that case there is harsh
punishment for that individual. But in other cases there is no harsh punishment so this factor
also gives encouragement to that person who commits cyber crime.

Prevention of Cyber Crime:

Below are some points by means of which we can prevent cyber crime:

* Use strong password –

Maintain different password and username combinations for each account and resist the
temptation to write them down. Weak passwords can be easily cracked using certain attacking
methods like Brute force attack, Rainbow table attack etc, So make them complex. That means
combination of letters, numbers and special characters.

* Use trusted antivirus in devices –

Always use trustworthy and highly advanced antivirus software in mobile and personal
computers. This leads to the prevention of different virus attack on devices.

* Keep social media private –

Always keep your social media accounts data privacy only to your friends. Also make sure only
to make friends who are known to you.

* Keep your device software updated –

Whenever you get the updates of the system software update it at the same time because
sometimes the previous version can be easily attacked.
 * Use secure network –

Public Wi-Fi are vulnerable. Avoid conducting financial or corporate transactions on these
networks.

* Never open attachments in spam emails –

A computer get infected by malware attacks and other forms of cybercrime is via email
attachments in spam emails. Never open an attachment from a sender you do not know.

Software should be updated – Operating system should be updated regularly when it comes to
internet security. This can become a potential threat when cybercriminals exploit flaws in the
system.

1.2.TYPES:

Types of cybercrimes:

There are numerous types of cybercrimes, and are some of the most common
forms of Cybercrimes:

* Distributed denial of Service Attack

This type of attack that is distributed denial of service attack is a malpractice and an attempt to
disturb the normal inflow of the targeted server, service, and network by overcrowding the
target with floods and floods of traffic. This attack causes inconvenience, hanging of servers,
failure in showing results etc.

* Phishing
Fishing is a kind of cybercrime in which the victim or the target is approved by way of sending
spam emails, telephonic calls, SMSes by someone who impersonated himself to be a legitimate
person or organization in order to gain your personal information. They usually send such
message that requires to fill in your details like, bank information or social medial passwords in
order to access the information. This is done to gain unlawful access of your personal accounts
and to commit frauds and withdraw money.

* Spamming
The act of spamming is a cybercrime which involves sending of unwonted and requested bulk
message via email ID or two in individual. There are various types of spamming such as engine
spamming, blogs spamming, ad spamming, social spamming etc. It disturbs the administrator of
a website.

* Hacking
It is an act of first identifying a backdoor into others' computer in order to gain unlawful and
unauthorized access to the data inside such computer. This back door is exploited to gain access
to the computer.

* Cross Site Scripting

Cross-Site Scripting (XSS) assaults are a kind of instillation, in which mischievous scripts are
introduced into otherwise trustworthy websites. XSS assaults happens while an attacker uses a
web application to direct mischievous code, usually in the form of a browser side script, to a
different end user. Failings that lead these assaults to thrive are fairly prevalent and occur
wherever a web application uses input from a user within the output it creates without
certifying or encrypting it.

* Identity Theft
This is an act of stealing personal information of a targeted individual and later using such
information to impersonate him/her. With the help of the acquired information the offender
pretends to be the targeted person in order to commit fraud, or violate laws being the victim.

* Piracy Violation and IPR Infringement

Most people download movies, games and other digital content from websites and providers
such as TORRENT which is pirated material. Pirated material is such material which is not free to
use for all and is distributed freely by third party and not the actual developer of such material.
Similar offenders also use the trademark and goodwill of other famous companies in order to
commit fraud against people.

* Brute Force Attacks

In this type of cyber security attack the assaulter tries and testes various types of alphabetic and
numerical combination until it finds the correct password to the victims account.

* Malware
This can be considered as a wide term used for various types of viruses or program that are
designed to access the information of the victim without his knowledge and consent.

* Trojans
1.3.The Internet spawns crime:
Internet crime is any crime or illegal online activity committed on the Internet, through the
Internet or using the Internet. The widespread Internet crime phenomenon encompasses
multiple global levels of legislation and oversight. In the demanding and continuously changing
IT field, security experts are committed to combating Internet crime through preventative
technologies, such as intrusion detection networks and packet sniffers.

Advertisements:

Internet crime is a strong branch of cybercrime. Identity theft, Internet scams and cyberstalking
are the primary types of Internet crime. Because Internet crimes usually engage people from
various geographic areas, finding and penalizing guilty participants is complicated.

Techopedia Explains Internet Crime

Internet crimes, such as the Nigerian 419 fraud ring, are a constant threat to Internet users. The
U.S. Federal Bureau of Investigation (FBI) and Federal Trade Commission (FCC) have dedicated
and appointed IT and law enforcement experts charged with ending the far-reaching and
damaging effects of Internet crime.

Examples of Internet crime legislation include:

U.S. Computer Fraud and Abuse Act, Section 1030: Amended in 2001 through the U.S. Patriot
Act

CAN SPAM Act of 2003

Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of
2011

As the U.S. works to combat Internet crime, other countries are experiencing increased
cybercriminal activity. In 2001, Websense (an organization focused on network abuse research)
reported the alarming spread of Internet crime in Canada. This global shift is under review by
the Canadian government.

Types of Internet crime include:

1.Cyberbullying and harassment

2.Financial extortion

3.Internet bomb threats

4.Classified global security data theft

5.Password trafficking

6.Enterprise trade secret theft

7.Personally data hacking

8.Copyright violations, such as software piracy

9.Counterfeit trademarks

11.Illegal weapon trafficking

12.Online child pornography

13.Credit card theft and fraud

14.Email phishing

15.Domain name hijacking

16.Virus spreading

To prevent becoming an Internet crime, online vigilance and common sense are critical. Under
no circumstances should a user share personal information (like full name, address, birth date
and Social Security number) to unknown recipients. Moreover, while online, a user should
remain suspicious about exaggerated or unverifiable claims.

1.4. Worms versus viruses:

1. Worms :
Worms are similar to a virus but it does not modify the program. It replicates itself more and
more to cause slow down the computer system. Worms can be controlled by remote. The main
objective of worms is to eat the system resources. The WannaCry ransomware worm in 2000
exploits the Windows Server Message Block (SMBv1) which is a resource-sharing protocol.

2. Virus:
A virus is a malicious executable code attached to another executable file that can be harmless
or can modify or delete data. When the computer program runs attached with a virus it
performs some action such as deleting a file from the computer system. Viruses can’t be
controlled by remote. The ILOVEYOU virus spreads through email attachments.
* Difference between Worms and Virus :
1.5.Computer roles in crime:

Computers serve a major role in crime which is usually referred to as “Cybercrime”. This
cybercrime is performed by a knowledgeable computer user who is usually referred to
as a “hacker”,
who illegally browses or steals a company’s information or a piece of individual private
information and uses this information for malevolent uses. In some cases, this person or
group of individuals may become evil and they destroy and corrupt data files.
This cyber or computer-based crime is also known as hi-tech crime or electronic crime.
As the computer is the main source of communication across the world, thus this can be
used as a source of stealing information and this information can be used for their own
benefits.
The role of a computer in the crime may vary depending upon the activity that a person
does, for instance, a person may steal the details and misuse them on one hand, and on
the other hand, a terrorist may use the information to do violent activities and some
persons may steal financial information for trading purposes and so on, but these all
activities can be done by the means of a computer only.
There are several examples of crime that use computers they are as follows:
∙ Espionage:
This is a process of spying on a person or business.

∙ Malware creation:
The process of creating malware like viruses etc.

∙ Cybersquatting:
It is a process of gaining personal information and trying to resell them.

∙ Harvesting:
Here, hackers usually steal a person’s private information from an account
and use it for illegal activities.

∙ Wiretapping:
Here, the hacker connects a device to a phone line and tries to listen to the
conversations.

1.6.Introduction to digital forensics:

Digital forensics is the process of storing, analyzing, retrieving, and preserving
electronic data that may be useful in an investigation. It includes data from hard
drives in computers, mobile phones, smart appliances, vehicle navigation systems,
electronic door locks, and other digital devices.
TYPES:

∙ Disk Forensics:
It deals with extracting raw data from the primary or secondary storage of the
device by searching active, modified, or deleted files.
∙ Network Forensics:
It is a sub-branch of Computer Forensics that involves monitoring and
analyzing the computer network traffic.
∙ Database Forensics:
It deals with the study and examination of databases and their related
metadata.
∙ Malware Forensics:
It deals with the identification of suspicious code and studying viruses, worms,
etc.
∙ Email Forensics:
 It deals with emails and their recovery and analysis, including deleted emails,
calendars, and contacts.
∙ Memory Forensics:
Deals with collecting data from system memory (system registers, cache, RAM)
in raw form and then analyzing it for further investigation.
∙ Mobile Phone Forensics:
It mainly deals with the examination and analysis of phones and smart phones
and helps to retrieve contacts, call logs, incoming, and outgoing SMS, etc., and
other data present in it.

Computers serve a major role in crime which is usually referred to as

“Cybercrime”. This cybercrime is performed by a knowledgeable computer user
who is usually referred to as a “hacker”, who illegally browses or steals a

AAASFSSH
sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASWHY6 this
CHARACTERISTICS: uses. In so cases, this
\CC of individuals may become evil and they destroy and corrupt data files. This

cyber or computer-based cri m is also known as hi-tech crime or

electronic crime.
CC\\The role of a computer in the crime may vary depending upon the activity
that a

Identification:Identifying what evidence is present,where is stored,and how it is

stored.electronic devices can be personal computers, mobile phones
Preservation: Data is isolated, secured, and preserved. It includes prohibiting
unauthorized personnel from using the digital device so that digital evidence,
mistakenly or purposely, is not tampered with and making a copy of the original
evidence.
∙ Analysis: Forensic lab personnel reconstruct fragments of data and draw
conclusions based on evidence.
∙ Documentation: A record of all the visible data is created. It helps in
recreating and reviewing the crime scene. All the findings from the
investigations are documented.
∙ Presentation: All the documented findings are produced in a court of law for
further investigations.

1.7.INTRODUCTION TO INCIDENT:
INCIDENT RESPONSE METHODOLOY:

∙ . The incident response process is the set of procedures taken by an

 organization in response to a cybersecurity incident.
∙ Companies should document their incident response plans and
procedures along with information regarding who is responsible for
performing the various activities they contain.

1.Preparation: - The most important phase of incident response is preparing for

an inevitable security breach. Preparation helps organizations determine how well
their CIRT will be able to respond to an incident and should involve policy,
response plan/strategy, communication, documentation, determining the CIRT
members, access control, tools, and training.

2.Identification - Identification is the process through which incidents are

detected, ideally promptly to enable rapid response and therefore reduce costs
and damages. For this step of effective incident response, IT staff gathers events
from log files, monitoring tools, error messages, intrusion detection systems, and
firewalls to detect and determine incidents and their scope.
3.Containment - Once an incident is detected or identified, containing it is a
top priority. The main purpose of containment is to contain the damage and
prevent further damage from occurring (as noted in step number two, the earlier
incidents are detected, the sooner they can be contained to minimize damage).
It’s important to note that all of SANS’ recommended steps within the
containment phase should be taken, especially to “prevent the destruction of any
evidence that may be needed later for prosecution.”

4.Eradication - Eradication is the phase of effective incident response that

entails removing the threat and restoring affected systems to their previous state,
ideally while minimizing data loss.

5.Recovery - Testing, monitoring, and validating systems while putting them back
into production in order to verify that they are not re-infected or compromised
are the main tasks associated with this step of incident response.
∙ This phase also includes decision making in terms of the time and date to
restore operations, testing and verifying the compromised systems,
monitoring for abnormal behaviors, and using tools for testing, monitoring,
and validating system behavior.
6.Lessons Learned: One of the most important and often overlooked stages.
During this stage, the incident response team and partners meet to determine
how to improve future efforts. This can involve evaluating current policies and
procedure.

1.8.Incident Response – Six Steps

1.Preparation: Developing policies and procedures to follow in the event of a
cyber breach. This will include determining the exact composition of the response
team and the triggers to alert internal partners. Key to this process is effective
training to respond to a breach and documentation to record actions taken for
later review.
2.Identification :This is the process where you determine whether you’ve been
breached. A breach, or incident, could originate from many different areas.
3.Containment: One of the first steps after identification is to contain the damage
and prevent further penetration. This can be accomplished by taking specific
sub-networks offline and relying on system backups to maintain operations. Your
company will likely remain in a state of emergency until the breach is contained.
4.Eradication: This stage involves neutralizing the threat and restoring internal
systems to as close to their previous state as possible. This can involve secondary
monitoring to ensure that affected systems are no longer vulnerable to
subsequent attack.
5.Recovery: This is the process of restoring and returning affected systems and
devices back into your business environment. During this time, it’s important to
get your systems and business operations up and running again without the fear
of another breach.
6.Lessons Learned: One of the most important and often overlooked stages.
During this stage, the incident response team and partners meet to determine
how to improve future efforts. This can involve evaluating current policies and
procedures

1.9.Activities in Initial Response: Initial response Perform an initial

investigation, recording the basic details surrounding the incident, assembling the
incident response team, and notifying the individuals who need to know about
the incident.

Phases after detection of an incident: The NIST incident response

lifecycle breaks incident response down into four main phases:

1.Preparation;

2. Detection and Analysis;

3.Containment,

4.Eradication, and Recovery; and

5. Post-Event Activity