UNIT-1

Cyber Security

Cyber crime
Cyber crime, as the name suggests, is the use of digital technologies such as computers and the internet
to commit criminal activities. Malicious actors (often called “cyber criminals”) exploit computer
hardware, software, and network vulnerabilities for various purposes, from stealing valuable data to
disrupting the target‟s business operations. The different types of cyber crime include:
 Hacking: Gaining unauthorized access to a computer system or account, often to inflict further
damage on the target
 Phishing: Impersonating legitimate companies or individuals to trick users into revealing sensitive
information
 Malware: Spreading malicious software such as viruses, worms, Trojans, and ransomware within a
device or network
 Identity theft: Stealing personal data such as names, addresses, and social security numbers to
fraudulently assume someone‟s identity.

The Impact of Cyber Crime

Cyber crime can affect individuals, businesses, and society in a variety of ways:

 Financial losses: Both individuals and businesses can suffer economic damage due to cyber crime.
For example, a cyber attack that steals payment card information can lead to credit card fraud and
identity theft.
 Personal effects: After a cyber attack, individuals may need to spend time protecting themselves and
preventing further damage. Becoming a cyber crime victim can also be psychologically detrimental,
resulting in anxiety and stress.
 Business disruption: Some cyber crimes, such as denial of service (DoS) attacks, are designed to
disrupt a company‟s operations for as long as possible. This can lead to website downtime, loss of
customers and profits, and reputational damage.
 Public safety: Cyber criminals may target critical infrastructure such as power grids or
manufacturing plants. This can disrupt essential services and even create risks to public safety.

Important Definitions related to Cyber Security:

Cyberterrorism:

 Cyberterrorism seems to be a controversial term. The use of information technology

and means by terrorist groups & agents is called as Cyberterrorism.
 “The premeditated use of disruptive activities, or the threat thereof, against computers
and/or networks, with the intention to cause harm or further social, ideological,
 religious, political or similar objectives or to intimidate any person in furtherance of
such objectives.”

Cybernetics:
 Cybernetics deals with information and its use. Cybernetics is the science that overlaps
the fields of neurophysiology, information theory, computing machinery and
automation. Worldwide, including India, cyberterrorists usually use computer as a tool,
target for their unlawful act to gain information.
 Internet is one of the means by which the offenders can gain priced sensitive
information of companies, firms, individuals, banks and can lead to intellectual
property (IP) crimes, selling illegal articles, pornography/child pornography, etc.
This is done using methods such as Phishing, Spoofing, Pharming, Internet Phishing,
wire transfer, etc. and use it to their own advantage without the consent of the
individual.

Phishing:
 Phishing is a cyber-attack that uses disguised email as a weapon. The goal is to trick
the email recipient into believing that the message is something they want or need a
request from their bank, for instance, or a note from someone in their company and to
click a link or download an attachment.
 Phishing is an attempt by an individual or a group to thieve personal confidential
information such as passwords, credit card information from unsuspecting victims for
identity theft, financial gain & other fraudulent activities.

Cyberspace:
 This is a term coined by William Gibson, a science fiction writer in 1984. Cyberspace
is where users mentally travel through matrices of data. Conceptually, cyberspace is the
nebulous place where humans interact over computer networks.
 The term “cyberspace” is now used to describe the Internet and other computer
networks. In terms of computer science, “cyberspace” is a worldwide network of
computer networks that uses the Transmission Control Protocol/Internet Protocol
(TCP/IP) for communication to facilitate transmission and exchange of data.
 Cyberspace is most definitely a place where you chat, explore, research and play.

Cybersquatting:
 The term is derived from “squatting” which is the act of occupying an
abandoned/unoccupied space/ building that the user does not own, rent or otherwise
have permission to use.
 Cybersquatting, however, is a bit different in that the domain names that are being
squatted are (sometimes but not always) being paid for by the cybersquatters through
 the registration process.
 Cybersquatting means registering, selling or using a domain name with the intent of
profiting from the goodwill of someone else‟s trademark. In this nature, it can be
considered to be a type of cybercrime. Cybersquatting is the practice of buying
“domain names” that have existing businesses names.
 In India, Cybersquatting is considered to be an Intellectual Property Right (IPR). In
India, Cybersquatting is seen to interfere with “Uniform Dispute Resolution Policy” (a
contractual obligation to whichall domain name registrants are presently subjected to).

Cyberwarfare:
 Cyberwarfare means information attacks against an unsuspecting opponent‟s computer
networks, destroying and paralyzing nations. This perception seems to be correct as the
terms cyberwarfare and Cyberterrorism have got historical connection in the context of
attacks against infrastructure.
 The term “information infrastructure” refers to information resources, including
communication systems that support an industry, institution or population. These type
of Cyber attacks are often presented as threat to military forces and the Internet has
major implications for espionage and warfare.

CYBERCRIME AND INFORMATION SECURITY

 Lack of information security gives rise to cybercrimes.

 Let us refer to the amended Indian Information Technology Act (ITA) 2000 in the context of
cybercrime. From an Indian perspective, the new version of the Act (referred to as ITA 2008)
provides a new focus on “Information Security in India".
 "Cyber security” means protecting information, equipment, devices, computer, computer
resource, communication device and information stored therein from unauthorized access, use,
disclosure, disruption, modification or destruction.
 The term incorporates both the physical security of devices as well as the information stored
therein.
 It covers protection from unauthorized access, use, disclosure, disruption, modification and
destruction.
 Cybercrimes occupy an important space in information security domain because of their
impact.
 The other challenge comes from the difficulty in attaching a quantifiable monetary value to
the corporate data and yet corporate data get stolen/lost (through loss/theft of laptops).
 Awareness about “data privacy” too tends to be low in most organizations. When we speak of
financial losses to the organization and significant insider crimes, such as leaking customer
data, such “crimes” may not be detected by the victimized organization and no direct costs
may be associated with the theft
 Cybercrime trend over the years

Information Security
 Information security is the practice of protecting information by mitigating information risks.
It involves the protection of information systems and the information processed, stored and
transmitted by these systems from unauthorized access, use, disclosure, disruption,
modification or destruction.
 This includes the protection of personal information, financial information, and sensitive or
confidential information stored in both digital and physical forms. Effective information
security requires a comprehensive and multi-disciplinary approach, involving people,
processes, and technology.
 Information can be anything like Your details or we can say your profile on social media, your
data on mobile phone, your biometrics etc. Thus Information Security spans so many research
areas like Cryptography, Mobile Computing, Cyber Forensics, Online Social Media, etc.
 During First World War, Multi-tier Classification System was developed keeping in mind the
sensitivity of the information. With the beginning of Second World War, formal alignment of
the Classification System was done. Alan Turing was the one who successfully decrypted
Enigma Machine which was used by Germans to encrypt warfare data.
Why we use Information Security?

We use information security to protect valuable information assets from a wide range of threats,
including theft, espionage, and cybercrime. Information security is necessary to ensure the
confidentiality, integrity, and availability of information, whether it is stored digitally or in other
forms such as paper documents. Here are some key reasons why information security is important:
1. Protecting sensitive information: Information security helps protect sensitive information from
being accessed, disclosed, or modified by unauthorized individuals.
2. Mitigating risk: By implementing information security measures, organizations can mitigate the
risks associated with cyber threats and other security incidents.
3. Compliance with regulations: Many industries and jurisdictions have specific regulations
governing the protection of sensitive information. Information security measures help ensure
compliance with these regulations, reducing the risk of fines and legal liability.
4. Protecting reputation: Security breaches can damage an organization‟s reputation and lead to lost
business. Effective information security can help protect an organization‟s reputation by
minimizing the risk of security incidents.
5. Ensuring business continuity: Information security helps ensure that critical business functions
can continue even in the event of a security incident. This includes maintaining access to key
systems and data, and minimizing the impact of any disruptions.

Information Security programs are build around 3 objectives, commonly known as CIA –
Confidentiality, Integrity, Availability.

1. Confidentiality – means information is not disclosed to unauthorized individuals, entities and

process.
For example if we say I have a password for my Gmail account but someone saw while I was
doing a login into Gmail account. In that case my password has been compromised and
Confidentiality has been breached.
2. Integrity – means maintaining accuracy and completeness of data. This means data cannot be
edited in an unauthorized way.
For example if an employee leaves an organisation then in that case data for that employee in all
departments like accounts, should be updated to reflect status to JOB LEFT so that data is
complete and accurate and in addition to this only authorized person should be allowed to edit
employee data.
3. Availability – means information must be available when needed.
For example Denial of service attack is one of the factor that can hamper the availability of
information.

Apart from this there is one more principle that governs information security programs. This is Non
repudiation.

 Non repudiation – means one party cannot deny receiving a message or a transaction nor can the
other party deny sending a message or a transaction. For example in cryptography it is sufficient to
show that message matches the digital signature signed with sender‟s private key and that sender
could have a sent a message and nobody else could have altered it in transit.
 Authenticity – means verifying that users are who they say they are and that each input arriving at
destination is from a trusted source.This principle if followed guarantees the valid and genuine
message received from a trusted source through a valid transmission.

 Accountability – means that it should be possible to trace actions of an entity uniquely to that
entity. For example as we discussed in Integrity section Not every employee should be allowed to
do changes in other employees data.

Advantages

1. Improved security: By identifying and classifying sensitive information, organizations can

better protect their most critical assets from unauthorized access or disclosure.
2. Compliance: Many regulatory and industry standards, such as HIPAA and PCI-DSS, require
organizations to implement information classification and data protection measures.
3. Improved efficiency: By clearly identifying and labeling information, employees can quickly and
easily determine the appropriate handling and access requirements for different types of data.
4. Better risk management: By understanding the potential impact of a data breach or unauthorized
disclosure, organizations can prioritize resources and develop more effective incident response
plans.
5. Cost savings: By implementing appropriate security controls for different types of information,
organizations can avoid unnecessary spending on security measures that may not be needed for
less sensitive data.
6. Improved incident response: By having a clear understanding of the criticality of specific data,
organizations can respond to security incidents in a more effective and efficient manner.

Uses of Information Security :

Information security has many uses, including:

1. Confidentiality: Keeping sensitive information confidential and protected from unauthorized
access.
2. Integrity: Maintaining the accuracy and consistency of data, even in the presence of malicious
attacks.
3. Availability: Ensuring that authorized users have access to the information they need, when they
need it.
4. Compliance: Meeting regulatory and legal requirements, such as those related to data privacy and
protection.
5. Risk management: Identifying and mitigating potential security threats to prevent harm to the
organization.
6. Disaster recovery: Developing and implementing a plan to quickly recover from data loss or
system failures.
7. Authentication: Verifying the identity of users accessing information systems.
8. Encryption: Protecting sensitive information from unauthorized access by encoding it into a
secure format.
9. Network security: Protecting computer networks from unauthorized access, theft, and other types
of attacks.
10. Physical security: Protecting information systems and the information they store from theft,
damage, or destruction by securing the physical facilities that house these systems.

WHO ARE CYBERCRIMINALS?

Cybercrime involves such activities

 credit card fraud;
 cyberstalking;
 defaming another online;
 gaining unauthorized access to computer systems;
 ignoring copyright, software licensing and trademark protection;
 overriding encryption to make illegal copies;
 software piracy and stealing another’s identity (known as identity theft) to perform criminal acts

Types of Cybercriminals:

1. Type I: Cybercriminals – hungry for recognition

 Hobby hackers;
 IT professionals (social engineering is one of the biggest threat);
 Politically motivated hackers;
 Terrorist organizations.

2. Type II: Cybercriminals – not interested in recognition

 Psychological perverts;
 financially motivated hackers (corporate espionage);
 state-sponsored hacking (national espionage, sabotage)
 organized criminals
3. Type III: Cybercriminals – the insiders
 Disgruntled or former employees seeking revenge;
 Competing companies using employees to gain economic advantage through
damage and/ortheft.
CLASSIFICATIONS OF CYBERCRIMES

“Crime is defined as an act or the commission of an act that is forbidden, or the omission of a duty that is
commanded by a public law and that makes the offender liable to punishment by that law”. Cyber crimes are
classified as follows:
 Cybercrime against individual
 Cybercrime against property
 Cybercrime against organization
 Cybercrime against society
 Crimes emanating from Usenet newsgroup

Cybercrime against individual

1. E-Mail Spoofing: A spoofed E-Mail is one that appears to originate from one source but actually has been
sent from another source.
2. Online Frauds:
 The most common types of online fraud are called phishing and spoofing. Phishing is the process of
collecting your personal information through e-mails or websites claiming to be legitimate. This
information can include usernames, passwords, credit card numbers, social security numbers, etc.
 Spyware and viruses are both malicious programs that are loaded onto your computer without your
 knowledge. The purpose of these programs may be to capture or destroy information, to ruin computer
performance or to overload you with advertising.
 Viruses can spread by infecting computers and then replicating. Spyware disguises itself as a legitimate
application and embeds itself into your computer where it then monitors your activity and collects
information.

3. Phishing, Spear Phishing and its various other forms such as Vishing and Smishing:
 Phishing is the process of collecting your personal information through e-mails or websites claiming to
be legitimate. This information can include usernames, passwords, credit card numbers, social security
numbers, etc. Often times the e-mails directs you to a website where you can update your personal
information. Because these sites often look “official,” they hope you‟ll be tricked into disclosing
valuable information that you normally would not reveal. This often times, results in identity theft and
financial loss.
 Spear Phishing is a method of sending a Phishing message to a particular organization to gain
organizational information for more targeted social engineering. Here is how Spear Phishing scams
work; Spear Phishing describes any highly targeted Phishing attack. Spear phishers send E-Mail that
appears genuine to all the employees or members within a certain company, government agency,
organization or group. The message might look as if it has come from your employer, or from a
colleague who might send an E-Mail message to everyone in the company; it could include requests for
usernames or passwords. While traditional Phishing scams are designed to steal information from
individuals, spear phishing scam works to gain access to a company's entire computer system.
 Vishing (voice phishing) is a type of phishing attack that is conducted by phone and often targets
users Voice over IP (VoIP) services like Skype.
It‟s easy to for scammers to fake caller ID, so they can appear to be calling from a local area code or even
from an organization you know. If you don‟t pick up, then they‟ll leave a voicemail message asking you to

call back. Sometimes these kinds of scams will employ an answering service or even a call center that‟s
unaware of the crime being perpetrated.
 Smishing (SMS phishing) is a type of phishing attack conducted using SMS (Short Message
Services) on cell phones. Just like email phishing scams, smishing messages typically include a
threat or enticement to click a link or call a number and hand over sensitive information. Sometimes
they might suggest you install some security software, which turns out to be malware.
 4. Spamming: People who create electronic Spam are called spammers. Spam is the abuse of
electronic messaging systems (including most broadcast media, digital delivery systems) to send unrequested
bulk messages indiscriminately. Although the most widely recognized form of Spam is E-Mail Spam.

5. Cyber defamation: It is a cognizable (Software) offense. “Whoever, by words either spoken or intended to
be read, or by signs or by visible representations, makes or publishes any imputation concerning any person
intending to harm, or knowing or having reason to believe that such imputation will harm, the reputation of
such person, is said, except in the cases hereinafter expected, to defame that person.”
In other words, cyber defamation occurs when defamation takes place with the help of computers and/or
the Internet. For example, someone publishes defamatory matter about someone on a website or sends an E-
Mail containing defamatory information to all friends of that person.

6. Cyberstalking and harassment: The dictionary meaning of “stalking” is an “act or process of following
prey stealthily – trying to approach somebody or something.” Cyberstalking has been defined as the use of
information and communications technology, particularly the Internet, by an individual or group of individuals
to harass another individual, group of individuals, or organization. The behavior includes false accusations,
monitoring, transmission of threats, ID theft, damage to data or equipment etc.
They are 2 types of stalkers:
Online Stalkers: aim to start the interaction with the victim directly with the help of the internet.
Offline Stalkers: the stalker may begin the attack using traditional methods such as following the victim,
watching the daily routine of the victim.

7. Computer Sabotage: The use of the Internet to stop the normal functioning of a computer system through
the introduction of worms, viruses or logic bombs, is referred to as computer sabotage. It can be used to
gain economic advantage over a competitor, to promote the illegal activities of terrorists or to steal data or
programs for extortion purposes.
Logic bombs are event-dependent programs created to do something only when a certain event (known as a
trigger event) occurs. Some viruses may be termed as logic bombs because they lie dormant all through the
year and become active only on a particular date.
8. Password Sniffing: is a hacking technique that uses a special software application that allows a hacker to
steal usernames and passwords simply by observing and passively recording network traffic. This often
happens on public WiFi networks where it is relatively easy to spy on weak or unencrypted traffic.
And yet, password sniffers aren‟t always used for malicious intent. They are often used by IT
professionals as a tool to identify weak applications that may be passing critical information unencrypted over
the Local Area Network (LAN). IT practitioners know that users download and install risky software at times in
their environment, running a passive password sniffer on the network of a business to identify leaky
applications is one legitimate use of a password sniffer.

Cybercrime against property

1. Credit Card Frauds:

 Credit card fraud is an inclusive term for fraud committed using a payment card, such as a credit
card or debit card. The purpose may be to obtain goods or services, or to make payment to another
account, which is controlled by a criminal. The Payment Card Industry Data Security Standard (PCI
DSS) is the data security standard created to help businesses process card payments securely and
reduce card fraud.

 Credit card fraud can be authorised, where the genuine customer themselves processes a
payment to another account which is controlled by a criminal, or unauthorised, where the
account holder does not provide authorisation for the payment to proceed and the transaction is
carried out by a third party.

 Credit cards are more secure than ever, with regulators, card providers and banks taking
considerable time and effort to collaborate with investigators worldwide to ensure fraudsters are
not successful. Cardholders' money is usually protected from scammers with regulations that
make the card provider and bank accountable. The technology and security measures behind
credit cards are becoming increasingly sophisticated making it harder for fraudster to steal money.

2. Intellectual Property (IP) Crimes:

 With the growth in the use of internet these days the cyber crimes are also growing. Cyber theft of
Intellectual Property (IP) is one of them. Cyber theft of IP means stealing of copyrights, software
piracy, trade secrets, patents etc., using internet and computers.
 Copyrights and trade secrets are the two forms of IP that is frequently stolen. For example, stealing
of software, business strategies etc. Generally, the stolen material is sold to the rivals or others for
 further sale of the product. This may result in the huge loss to the company who originally created it.
 Another major cyber theft of IP faced by India is piracy. These days one can get pirated version of
movies, software etc. The piracy results in a huge loss of revenue to the copyright holder. It is
difficult to find the cyber thieves and punish them because everything they do is over internet, so
they erase the data immediately and disappear within fraction of a second.

Internet time theft:

 Such a theft occurs when an unauthorized person uses the Internet hours paid for by another person.
Basically, Internet time theft comes under hacking because the person who gets access to someone
else’s ISP user ID and password, either by hacking or by gaining access to it by illegal means, uses it to
access the Internet without the other person’s knowledge.
 However, one can identify time theft if the Internet time has to be recharged often, even when one’s
own use of the Internet is not frequent. The issue of Internet time theft is related to the crimes conducted
through identity theft.

Cybercrime against Organization

1. Unauthorized accessing of Computer: Hacking is one method of doing this and hacking is punishable
offense. Unauthorized computer access, popularly referred to as hacking, describes a criminal action
whereby someone uses a computer to knowingly gain access to data in a system without permission to
access that data.
2. Password Sniffing:
 Password Sniffers are programs that monitor and record the name and password of network users as
they login, jeopardizing security at a site. Whoever installs the Sniffer can then impersonate an
authorized user and login to access restricted documents.
 Laws are not yet set up to adequately prosecute a person for impersonating another person
online. Laws designed to prevent unauthorized access to information may be effective in
apprehending crackers using Sniffer programs.
3. Denial-of-service Attacks (DoS Attacks):
 It is an attempt to make a computer resource (i.e.., information systems) unavailable to its intended
users. In this type of criminal act, the attacker floods the bandwidth of the victim‟s network or fills
his E-Mail box with spam mail depriving him of the services he is entitled to access or provide.
 The goal of DoS is not to gain unauthorized access to systems or data, but to prevent intended users
(i.e., legitimate users) of a service from using it.
  A DoS attack may do the following:
a. Flood a network with traffic, thereby preventing legitimate network traffic.
b. Disrupt connections between two systems, thereby preventing access to a service.
c. Prevent a particular individual from accessing a service.
d. Disrupt service to a specific system or person.

4. Virus attacks/dissemination of Viruses:

 Computer virus is a program that can “infect” legitimate (valid) programs by modifying them to
include a possibly “evolved” copy of itself. Viruses spread themselves, without the knowledge or
permission of the users, to potentially large numbers of programs on many machines.

 A computer virus passes from computer to computer in a similar manner as a biological virus
passes from person to person. Viruses may also contain malicious instructions that may cause
damage or annoyance; the combination of possibly Malicious Code with the ability to spread is
what makes viruses a considerable concern. Viruses can often spread without any readily visible
symptoms.

 Viruses can take some typical actions:

a. Display a message to prompt an action which may set of the virus
b. Delete files inside the system into which viruses enters
c. Scramble data on a hard disk
d. Cause erratic screen behavior
e. Halt the system (PC)
f. Just replicate themselves to propagate further harm

5. E-Mail bombing/Mail bombs:

 E-Mail bombing refers to sending a large number of E-Mails to the victim to crash victim’s E-Mail
account (in the case of an individual) or to make victim’s mail servers crash (in the case of a
company or an E-Mail service provider).

 Computer program can be written to instruct a computer to do such tasks on a repeated basis. In
recent times, terrorism has hit the Internet in the form of mail bombings. By instructing a computer
to repeatedly send E-Mail to a specified person’s E-Mail address, the cybercriminal can overwhelm
the recipient’s personal account and potentially shut down entire systems. This may or may not be
illegal, but it is certainly disruptive.
6. Salami Attack/Salami technique: These attacks are used for committing financial crimes. The idea here is
to make the alteration so insignificant that in a single case it would go completely unnoticed; For example a
bank employee inserts a program, into the bank’s servers, that deducts a small amount of money (say Rs.
2/- or a few cents in a month) from the account of every customer. No account holder will probably notice
this unauthorized debit, but the bank employee will make a sizable amount every month.
7. Logic Bomb: A Logic Bomb is a piece of often-malicious code that is intentionally inserted into software.
It is activated upon the host network only when certain conditions are met. Some viruses may be termed as
logic bombs because they lie dormant all through the year and become active only on a particular date.
8. Trojan Horse: A Trojan Horse, Trojan for short, is a term used to describe malware that appears, to the
user, to perform a desirable function but, in fact, facilitates unauthorized access to the user‟s computer
system.
9. Data Diddling: A data diddling (data cheating) attack involves altering raw data just before it is processed
by a computer and then changing it back after the processing is completed. Electricity Boards in India have
been victims to data diddling programs inserted when private parties computerize their systems.
10. Newsgroup Spam/Crimes emanating from Usenet newsgroup: This is one form of spamming. The word
“Spam” was usually taken to mean Excessive Multiple Posting (EMP). The advent of Google Groups, and
its large Usenet archive, has made Usenet more attractive to spammers than ever. Spamming of Usenet
newsgroups actually predates E-Mail Spam.
11. Industrial spying/Industrial espionage: Spying is not limited to governments. Corporations, like
governments, often spy on the enemy. The Internet and privately networked systems provide new and
better opportunities for espionage. “Spies” can get information about product finances, research and
development and marketing strategies, an activity known as “industrial spying.”
12. Computer network intrusions:
 “Crackers” who are often misnamed “Hackers can break into computer systems from anywhere in
the world and steal data, plant viruses, create backdoors, insert Trojan Horses or change user
names and passwords.
 Network intrusions are illegal, but detection and enforcement are difficult.

Current laws are limited and many intrusions go undetected. The cracker can bypass existing
password protection by creating a program to capture logon IDs and passwords. The practice of
“strong password” is therefore important.
13. Software piracy: This is a big challenge area indeed. Cybercrime investigation cell of India defines
“software piracy” as theft of software through the illegal copying of genuine programs or the counterfeiting
and distribution of products intended to pass for the original. There are many examples of software piracy:
1. end-user copying: friends loaning disks to each other, or organizations under-reporting the number
of software installations they have made, or organizations not tracking their software licenses;
2. hard disk loading with illicit means: hard disk vendors load pirated software;
3. counterfeiting: large-scale duplication and distribution of illegally copied software;
4. Illegal downloads from the Internet: by intrusion, by cracking serial numbers, etc. Beware that
those who buy pirated software have a lot to lose:
 getting untested software that may have been copied thousands of times over,
 the software, if pirated, may potentially contain hard-drive-infecting viruses,
 getting untested software that may have been copied thousands of times over,
 there is no technical support in the case of software failure, that is, lack of technical
product support available to properly licensed users,
 there is no warranty protection,
 there is no legal right to use the product, etc.
Cybercrime against Society
1. Forgery: Counterfeit currency notes, postage and revenue stamps, marksheets, etc. can be forged using
sophisticated computers, printers and scanners. Outside many colleges there are miscreants soliciting the
sale of fake mark-sheets or even degree certificates. These are made using computers and high quality
scanners and printers. In fact, this is becoming a booming business involving large monetary amount given
to student gangs in exchange for these bogus but authentic looking certificates.
2. Cyberterrorism: Cyberterrorism is a controversial term. Cyberterrorism is the use of the Internet to
conduct violent acts that result in, or threaten, loss of life or significant bodily harm, in order to achieve
political or ideological gains through threat or intimidation. It is also sometimes considered an act of
Internet terrorism where terrorist activities, including acts of deliberate, large-scale disruption of computer
networks, especially of personal computers attached to the Internet by means of tools such as computer
viruses, computer worms, phishing, and other malicious software and hardware methods and programming
scripts.

3. Web Jacking: Web jacking occurs when someone forcefully takes control of a website (by cracking the
password and later changing it). Thus, the first stage of this crime involves “password sniffing”. The actual
owner of the website does not have any more control over what appears on that website.

Crimes emanating from Usenet newsgroup:

By its very nature, Usenet groups may carry very offensive, harmful, inaccurate or otherwise
inappropriate material, or in some cases, postings that have been mislabeled or are deceptive in another way.
Therefore, it is expected that you will use caution and common sense and exercise proper judgment when using
Usenet, as well as use the service at your own risk.
Usenet is a popular means of sharing and distributing information on the Web with respect to specific
topic or subjects. Usenet is a mechanism that allows sharing information in a many-to-many manner. The
newsgroups are spread across 30,000 different topics.

A GLOBAL PERSPECTIVE ON CYBERCRIMES

In Australia, cybercrime has a narrow statutory meaning as used in the Cyber Crime Act 2001, which
details offenses against computer data and systems. However, a broad meaning is given to cybercrime at an
international level. In the Council of Europe‟s (CoE‟s) Cyber Crime Treaty, cybercrime is used as an umbrella
term to refer to an array of criminal activity including offenses against computer data and systems, computer-
related offenses, content offenses and copyright offenses.
 This wide definition of cybercrime overlaps in part with general offense categories that need not be
Information & Communication Technology (ICT)-dependent, such as white-collar crime and economic crime.
Although this status is from the International Telecommunication Union (ITU) survey conducted in 2005, we
get an idea about the global perspective. ITU activities on countering Spam can be read by visiting the link
www.itu.int/spam (8 May 2010). The Spam legislation scenario mentions “none” about India as far as E-Mail
legislation in India is concerned.
The linkage of cybersecurity and critical infrastructure protection has become a big issue as a number of
countries have began assessment of threats, vulnerabilities and started exploring mechanisms to redress them.
Recently, there have been a number of significant developments such as
1. August 4, 2006 Announcement: The US Senate ratifies CoE Convention on Cyber Crime. The
convention targets hackers, those spreading destructive computer viruses, those using the Internet for the
sexual exploitation of children or the distribution of racist material, and terrorists attempting to attack
infrastructure facilities or financial institutions. The Convention is in full accord with all the US

constitutional protections, such as free speech and other civil liberties, and will require no change to
the US laws.
2. In August 18, 2006, there was a news article published “ISPs Worry About „Drastic Obligations‟ on
Web Site Blocking.” European Union (EU) officials want to debar suspicious websites as part of a 6-
point plan to boost joint antiterrorism activities. They want to block websites that incite terrorist action.
Once again it is underlined that monitoring calls, Internet and E-Mail traffic for law enforcement
purposes is a task vested in the government, which must reimburse carriers and providers for retaining
the data.
3. CoE Cyber Crime Convention (1997–2001) was the first international treaty seeking to address Internet
crimes by harmonizing national laws, improving investigative techniques and increasing cooperation
among nations. More than 40 countries have ratified the Convention to date
Cybercrime and the Extended Enterprise:
It is a continuing problem that the average user is not adequately educated to understand
the threats and how to protect oneself. Actually, it is the responsibility of each user to become
aware of the threats as well as the opportunities that “connectivity” and “mobility” presents them
with. In this context, it is important to understand the concept of “extended enterprise.” This
term represents the concept that a company is made up not just of its employees, its board
members and executives, but also its business partners, its suppliers and evenits customers.

Extended Enterprise

The extended enterprise can only be successful if all of the component groups and individuals
have the information they need in order to do business effectively. An extended enterprise is a
“loosely coupled, self- organizing network” of firms that combine their economic output to
provide “products and services” offerings to the market. Firms in the extended enterprise may
operate independently. Seamless flow of “information” to support instantaneous “decision-
making ability” is crucial for the “external enterprise”. This becomes possible through the
“interconnectedness”. Due to the interconnected features of information & communication
technologies, security overall can only be fully promoted when the users have full awareness of
existing threats & dangers.
Given the promises and challenges in the extended enterprise scenario, organizations in
the international community have a special role in sharing information on good practices and
creating open and accessible enterprise information flow channels for exchanging of ideas in a
collaborative manner.

CYBERCRIME ERA: SURVIVAL MANTRA FOR THE NETIZENS

The term “Netizen” was coined by Michael Hauben. Quite simply, “Netizens” are the Internet
users. Therefore, by corollary, “Netizen” is someone who spends considerable time online and
also has a considerable presence online (through websites about the person, through his/her
active blog contribution and/or also his/her participation in the online chat rooms). The 5P
Netizen mantra for online security is:
a. Precaution
b. Prevention
c. Protection
d. Preservation
e. Perseverance
For ensuring cyber safety, the motto for the “Netizen” should be “Stranger is Danger!” If
you protect your customer‟s data, your employee‟s privacy and your own company, then
you are doing your job in the grander scheme of things to regulate and enforce rules on
the Net through our community. NASSCOM urges that cybercrime awareness is
important, and any matter should be reported at once. This is the reason they have
established cyberlabs across major cities in India
More importantly, users must try and save any electronic information trail on their
computers. That is all one can do until laws become more stringent or technology
more advanced. Some agencies have been advocating for the need to address
protection of the Rights of Netizens. There are agencies that are trying to provide
guidance to innocent victims of cybercrimes. However, these NGO like efforts cannot
provide complete support to the victims of cybercrimes and are unable to get the
necessary support from the Police. There are also a few incidents where Police have
pursued false cases on innocent IT professionals. The need for a statutorily
empowered agency to protect abuse of ITA 2000 in India was, therefore, a felt need
for quite some time.
 Cyber Offenses

How Criminals Plan the Attacks

 Criminals use many methods and tools to locate the vulnerabilities of their target.
 The target can be an individual and/or an organization.
 Criminals plan passive and active attacks
 Active attacks are usually used to alter the system (i.e., computer network) whereas
passive attacks attempt to gain information about the target.

 Active attacks may affect the availability, integrity and authenticity of data whereas
passive attacks lead to violation of confidentiality.

The following phases are involved in planning cybercrime:

1. Reconnaissance (information gathering) is the first phase and is treated as passive

attacks.
2. Scanning and scrutinizing the gathered information for the validity of the information as
well as to identify the existing vulnerabilities.
3. Launching an attack (gaining and maintaining the system access).

Reconnaissance

 The literal meaning of “Reconnaissance” is an act of finding something or somebody

(especially to gain information about an enemy or potential enemy).

 In the world of “hacking,” reconnaissance phase begins with “Footprinting” – this is the
preparation toward pre-attack phase, and involves accumulating data about the target‟s
environment and computer architecture to find ways to intrude into that environment.
 Footprinting gives an overview about system vulnerabilities and provides a judgment
about possible exploitation of those vulnerabilities.
 The objective of this preparatory phase is to understand the system, its networking ports
and services, and any other aspects of its security that are needful for launching the
attack.
 Thus, an attacker attempts to gather information in two phases: passive and active
attacks. Let us understand these two phases.

Passive Attacks

A passive attack involves gathering information about a target without his/her (individual‟s
or company‟s) knowledge. It can be as simple as watching a building to identify what time
employees enter the building premises. However, it is usually done using Internet searches or by
Googling (i.e., searching the required information with the help of search engine Google) an
individual or company to gain information.
 1. Google or Yahoo search: People search to locate information about employees.
2. Surfing online community groups like Orkut/Facebook will prove useful to gain the
information about an individual.
3. Organization‟s website may provide a personnel directory or information about key
employees, for example, contact details, E-Mail address, etc. These can be used in a
social engineering attack to reach the target (see Section 2.3).
4. Blogs, newsgroups, press releases, etc. are generally used as the mediums to gain
information about the company or employees.
5. Going through the job postings in particular job profiles for technical persons can provide
information about type of technology, that is, servers or infrastructure devices a company
maybe using on its network.

Active Attacks
An active attack involves probing the network to discover individual hosts to confirm the
information (IP addresses, operating system type and version, and services on the network)
gathered in the passive attack phase. It involves the risk of detection and is also called “Rattling
the doorknobs” or “Active reconnaissance.” Active reconnaissance can provide confirmation to
an attacker about security measures in place (e.g., whether the front door is locked?), but the
process can also increase the chance of being caught or raise a suspicion.

Scanning and Scrutinizing Gathered Information

Scanning is a key step to examine intelligently while gathering information about the
target.

The objectives of scanning are as follows:

1. Port scanning: Identify open/close ports and services.

2. Network scanning: Understand IP Addresses and related information about the
computer network systems.
3. Vulnerability scanning: Understand the existing weaknesses in the system.

Attack (Gaining and Maintaining the System Access)

After the scanning and enumeration, the attack is launched using the following steps:

1. Crack the password.

2. exploit the privileges.
3. execute the malicious commands/applications.
4. hide the files (if required).
5. cover the tracks – delete the access logs, so that there is no trail illicit activity.

Social Engineering
  Social engineering is the “technique to influence” and “persuasion to deceive” people to
obtain the information or perform some action.
 Social engineers exploit the natural tendency of a person to trust social engineers‟ word,
rather than exploiting computer security holes.
 It is generally agreed that people are the weak link in security and this principle makes
social engineering possible.
 A social engineer usually uses telecommunication (i.e., telephone and/or cell phone) or
Internet to get them to do something that is against the security practices and/or policies
of the organization.
 Social engineering involves gaining sensitive information or unauthorized access
privileges by building inappropriate trust relationships with insiders.
 It is an art of exploiting the trust of people, which is not doubted while speaking in a
normal manner.
 The goal of a social engineer is to fool someone into providing valuable information or
access to that information.
 Social engineer studies the human behavior so that people will help because of the desire
to be helpful, the attitude to trust people, and the fear of getting into trouble.
 The sign of truly successful social engineers is that they receive information without any
suspicion.
A simple example is calling a user and pretending to be someone from the service desk
working on a network issue; the attacker then proceeds to ask questions about what the user
is working on, what file shares he/she uses, what his/her password is, and so on…

Box | Social Engineering Example

Mr. Joshi: Hello?
The Caller: Hello, Mr. Joshi. This is Geeta Thomas from Tech Support. Due to some disk space
constraints on the file server, we will be moving few user‟s home directories to another disk. This
activity will be performed tonight at 8:00 p.m. Your account will be a part of this move and will be
unavailable temporarily.
Mr. Joshi: Ohh … okay. I will be at my home by then, anyway.
Caller: Great!!! Please ensure to log off before you leave office. We just need to check a couple
of things. What is your username?
Mr. Joshi: Username is “pjoshi.” None of my files will be lost in the move, right?
Caller: No sir. But we will have to check your account to ensure the same. What is the passwordof
that account?
Mr. Joshi: My password is “ABCD1965,” all characters in upper case.
Caller: Ok, Mr. Joshi. Thank you for your cooperation. We will ensure that all the files are there.
Mr. Joshi: Thank you. Bye.
Caller: Bye and have a nice day.
Classification of Social Engineering

Human-Based Social Engineering

 Human-based social engineering refers to person-to-person interaction to get the

required/desired information.
 An example is calling the help desk and trying to find out a password.
1. Impersonating an employee or valid user:
 “Impersonation” is perhaps the greatest technique used by social engineers to deceive
people.
 Social engineers “take advantage” of the fact that most people are basically helpful, so it
seems harmless to tell someone who appears to be lost where the computer room is
located, or to let someone into the building who “forgot” his/her badge, etc., or
pretending to be an employee or valid user on the system.
2. Posing as an important user:
 The attacker pretends to be an important user – for example, a Chief Executive Officer
(CEO) or high-level manager who needs immediate assistance to gain access to a system.
 The attacker uses intimidation so that a lower-level employee such as a help-desk worker
will help him/her in gaining access to the system. Most of the low-level employees will
not ask any question to someone who appears to be in a position of authority.
3. Using a third person:
 An attacker pretends to have permission from an authorized source to use a system. This
trick is useful when the supposed authorized personnel is on vacation or cannot be
contacted for verification.
4. Calling technical support:
 Calling the technical support for assistance is a classic social engineering example.
 Help-desk and technical support personnel are trained to help users, which makes them
good prey for social engineering attacks.
5. Shoulder surfing:
 It is a technique of gathering information such as usernames and passwords by watching
over a person‟s shoulder while he/she logs into the system, thereby helping an attacker to
gain access to the system.
6. Dumpster diving:
 It involves looking in the trash for information written on pieces of paper or
computer printouts.
 This is a typical North American term; it is used to describe the practice of rummaging
through commercial or residential trash to find useful free items that have been discarded.
 It is also called dumpstering, binning, trashing, garbing or garbage gleaning.
 “Scavenging” is another term to describe these habits.
 In the UK, the practice is referred to as “binning” or “skipping” and the person doing it
is a “binner” or a “skipper.”
Computer-Based Social Engineering

 Computer-based social engineering refers to an attempt made to get the required/desired

information by using computer software/Internet.
 For example, sending a fake E-Mail to the user and asking him/her to re-enter a
password in a webpage to confirm it.
1. Fake E-Mails:
 The attacker sends fake E-Mails (see Box 2.7) to users in such that the user finds it as a
real e-mail.
 This activity is also called “Phishing”.
 It is an attempt to attract the Internet users (netizens) to reveal their personal information,
such as usernames, passwords and credit card details by impersonating as a
trustworthy and legitimate organization or an individual.
 Banks, financial institutes and payment gateways are the common targets.
 Phishing is typically carried out through E-Mails or instant messaging and often directs
users to enter details at a website, usually designed by the attacker with abiding the look
and feel of the original website.
 Thus, Phishing is also an example of social engineering techniques used to fool netizens.
 The term “Phishing” has been evolved from the analogy that Internet scammers are using
E-Mails attract to fish for passwords and financial data from the sea of Internet users (i.e.,
netizens).
 The term was coined in 1996 by hackers who were stealing AOL Internet accounts by
scamming passwords without the knowledge of AOL users.
 As hackers have a tendency of replacing “f” with “ph,” the term “Phishing” came into
being.
2. E-Mail attachments:
 E-Mail attachments are used to send malicious code to a victim‟s system, which will
automatically (e.g., keylogger utility to capture passwords) get executed.
 Viruses, Trojans, and worms can be included cleverly into the attachments to entice a
victim to open the attachment.
3. Pop-up windows:
 Pop-up windows are also used, in a similar manner to E-Mail attachments. Pop-up
windows with special offers or free stuff can encourage a user to unintentionally install
malicious software.

Cyberstalking

 The dictionary meaning of “stalking” is an “act or process of following prey stealthily –

trying to approach somebody or something.”
 Cyberstalking has been defined as the use of information and communications
technology, particularly the Internet, by an individual or group of individuals to harass
another individual, group of individuals, or organization.
 The behavior includes false accusations, monitoring, transmission of threats, ID theft,
 damage to data or equipment, solicitation of minors for sexual purposes, and gathering
information for harassment purposes.
 Cyberstalking refers to the use of Internet and/or other electronic communications
devices to stalk another person.
 It involves harassing or threatening behavior that an individual will conduct
repeatedly, for example, following a person, visiting a person‟s home and/or at business
place, making phone calls, leaving written messages, or vandalizing against the person‟s
property. As the Internet has become an integral part of our personal and professional
lives, cyberstalkers take advantage of ease of communication and an increased access to
personal information available with a few mouse clicks or keystrokes.

Types of Stalkers

There are primarily two types of stalkers.

1. Online stalkers:
 They aim to start the interaction with the victim directly with the help of the Internet.
 E-Mail and chat rooms are the most popular communication medium to get connected
with the victim, rather than using traditional instrumentation like telephone/cell
phone.
 The stalker makes sure that the victim recognizes the attack attempted on him/her.
 The stalker can make use of a third party to harass the victim.
2. Offline stalkers:
 The stalker may begin the attack using traditional methods such as following the
victim, watching the daily routine of the victim, etc.
 Searching on message boards/newsgroups, personal websites, and people finding
services or websites are most common ways to gather information about the victim
using the Internet.
 The victim is not aware that the Internet has been used to perpetuate an attack against
them.

Cases Reported on Cyberstalking

 The majority of cyberstalkers are men and the majority of their victims are women.
 Some cases also have been reported where women act as cyberstalkers and men as the
victims as well as cases of same-sex cyberstalking.
 In many cases, the cyberstalker and the victim hold a prior relationship, and the
cyberstalking begins when the victim attempts to break off the relationship, for example,
ex-lover, ex-spouse, boss/subordinate, and neighbor.
 However, there also have been many instances of cyberstalking by strangers.

How Stalking Works?

 It is seen that stalking works in the following ways:

1. Personal information gathering about the victim: Name; family background; contact
details such as cell phone and telephone numbers (of residence as well as office);
address of residence as well as of the office; E-Mail address; date of birth, etc.
2. Establish a contact with victim through telephone/cell phone. Once the contact is
established, the stalker may make calls to the victim to threaten/harass.
3. Stalkers will almost always establish a contact with the victims through E-Mail. The
letters may have the tone of loving, threatening or can be sexually explicit. The
stalkermay use multiple names while contacting the victim.
4. Some stalkers keep on sending repeated E-Mails asking for various kinds of favors or
threaten the victim.
5. The stalker may post the victim‟s personal information on any website related to
illicit services such as sex-workers‟ services or dating services, posing as if the
victim has posted the information and invite the people to call the victim on the given
contact details (telephone numbers/cell phone numbers/E-Mail address) to have
sexual services. The stalker will use bad and/or offensive/attractive language to
invite the interested persons.
6. Whosoever comes across the information, start calling the victim on the given
contact details ( telephone/cell phone nos), asking for sexual services or
relationships.
7. Some stalkers subscribe/register the E-Mail account of the victim to innumerable
pornographic and sex sites, because of which victim will start receiving such kind of
unsolicited E-Mails.

Real-Life Incident of Cyberstalking

Case Study

The Indian police have registered first case of cyberstalking in Delhi – the brief account of the
case has been mentioned here. To maintain confidentiality and privacy of the entities involved,
we have changed their names.

 Mrs. Joshi received almost 40 calls in 3 days mostly at odd hours from as far away as
Kuwait, Cochin, Bombay, and Ahmadabad.
 The said calls created havoc in the personal life destroying mental peace of Mrs. Joshi
who decided to register a complaint with Delhi Police.
 A person was using her ID to chat over the Internet at the website www.mirc.com, mostly
in the Delhi channel for four consecutive days.
 This person was chatting on the Internet, using her name and giving her address, talking
in obscene language.
 The same person was also deliberately giving her telephone number to other chatters
 encouraging them to call Mrs. Joshi at odd hours.
 This was the first time when a case of cyberstalking was registered.
 Cyberstalking does not have a standard definition but it can be defined to mean
threatening, unwarranted behavior, or advances directed by one person toward another
person using Internet and other forms of online communication channels as medium.

Cybercafe and Cybercrimes

 In February 2009, Nielsen survey on the profile of cybercafes users in India, it was found
that 90% of the audience, across eight cities and 3,500 cafes, were male and in the age
group of 15–35 years; 52% were graduates and postgraduates, though almost over 50%
were students.
 Hence, it is extremely important to understand the IT security and governance practiced
in the cybercafes.
 In the past several years, many instances have been reported in India, where cybercafes
are known to be used for either real or false terrorist communication.
 Cybercrimes such as stealing of bank passwords and subsequent fraudulent withdrawal of
money have also happened through cybercafes.
 Cybercafes have also been used regularly for sending obscene mails to harass people.
 Public computers, usually referred to the systems, available in cybercafes, hold two types
of risks.
 First, we do not know what programs are installed on the computer – that is, risk of
malicious programs such as key loggers or Spyware, which maybe running at the
background that can capture the keystrokes to know the passwords and other confidential
information and/or monitor the browsing behavior.
 Second, over-the-shoulder surfing can enable others to find out your passwords.
Therefore, one has to be extremely careful about protecting his/her privacy on such
systems, as one does not know who will use the computer after him/her.
 Indian Information Technology Act (ITA) 2000, does not define cybercafes and
interprets cybercafes as “network service providers” referred to under the Section 79,
which imposed on them a responsibility for “due diligence” failing which they would be
liable for the offenses committed in their network.
 Cybercriminals prefer cybercafes to carry out their activities.
 The criminals tend to identify one particular personal computer (PC) to prepare it for
their use.
 Cybercriminals can either install malicious programs such as keyloggers and/or Spyware
or launch an attack on the target.
 Cybercriminals will visit these cafes at a particular time and on the prescribed frequency,
maybe alternate day or twice a week.
 A recent survey conducted in one of the metropolitan cities in India reveals the following
facts:
1. Pirated software(s) such as OS, browser, office automation software(s) (e.g.,
 Microsoft Office) are installed in all the computers.
2. Antivirus software is found to be not updated to the latest patch and/or antivirus
signature.
3. Several cybercafes had installed the software called “Deep Freeze” for protecting
the computers from prospective malware attacks. Deep Freeze can wipe out the
details of all activities carried out on the computer when one clicks on the
“restart” button. Such practices present challenges to the police or crime
investigators when they visit the cybercafes to pick up clues after the Internet
Service Provider (ISP) points to a particular IP address from where a threat mail
was probably sent or an online Phishing attack was carried out, to retrieve logged
files.
4. Annual maintenance contract (AMC) found to be not in a place for servicing the
computers; hence, hard disks for all the computers are not formatted unless the
computer is down. Not having the AMC is a risk from cybercrime perspective
because a cybercriminal can install a Malicious Code on a computer and conduct
criminal activities without any interruption.
5. Pornographic websites and other similar websites with indecent contents are not
blocked.
6. Cybercafe owners have very less awareness about IT Security and IT Governance.
7. Government/ISPs/State Police (cyber cell wing) do not seem to provide IT
Governance guidelines to cybercafe owners.
8. Cybercafe association or State Police (cyber cell wing) do not seem to conduct
periodic visits to cybercafes – one of the cybercafe owners whom we interviewed
expressed a view that the police will not visit a cybercafe unless criminal activity
is registered by filing an First Information Report (FIR). Cybercafe owners feel
that police either have a very little knowledge about the technical aspects involved
in cybercrimes and/or about conceptual understanding of IT security. There are
thousands of cybercafes across India.
In the event that a central agency takes up the responsibility for monitoring cybercafes,
an individual should take care while visiting and/or operating from cybercafe. Here are a few tips
for safety and security while using the computer in a cybercafe:

1. Always logout:
2. Stay with the computer:
3. Clear history and temporary files:
4. Be alert:
5. Avoid online financial transactions:
6. Change passwords:
 7. Use Virtual keyboard:
8. Security warnings:

Botnets: The Fuel for Cybercrime

Botnet

 The dictionary meaning of Bot is “(computing) an automated program for doing some
particular task, often over a network.”
 Botnet is a term used for collection of software robots, or Bots, that run autonomously
and automatically.
 The term is often associated with malicious software but can also refer to the network of
computers using distributed computing software.
 In simple terms, a Bot is simply an automated computer program One can gain the
control of computer by infecting them with a virus or other Malicious Code that gives the
access.
 Computer system maybe a part of a Botnet even though it appears to be operating
normally.
 Botnets are often used to conduct a range of activities, from distributing Spam and
viruses to conducting denial-of-service (DoS) attacks.
 A Botnet (also called as zombie network) is a network of computers infected with a
malicious program that allows cybercriminals to control the infected machines remotely
without the users‟ knowledge.
 “Zombie networks” have become a source of income for entire groups of cybercriminals.
The invariably low cost of maintaining a Botnet and the ever diminishing degree of
knowledge required to manage one are conducive to the growth in popularity and,
consequently, the number of Botnets.
 If someone wants to start a “business” and has no programming skills, there are plenty of
“Bot for sale” offers on forums.
 „encryption of these programs‟ code can also be ordered in the same way to protect them
from detection by antivirus tools.
 Another option is to steal an existing Botnet.
 One can reduce the chances of becoming part of a Bot by limiting access into the system.
 Leaving your Internet connection ON and unprotected is just like leaving the front door
of the house wide open.

One can ensure following to secure the system:

1. Use antivirus and anti-Spyware software and keep it up-to-date:

2. Set the OS to download and install security patches automatically:
 3. Use a firewall to protect the system from hacking attacks while it is connected on the
Internet: A firewall is a software and/or hardware that is designed to block unauthorized
access while permitting authorized communications.
4. Disconnect from the Internet when you are away from your computer:
5. Downloading the freeware only from websites that are known and trustworthy:
6. Check regularly the folders in the mail box – “sent items” or “outgoing” – for those
messages you did not send:
7. Take an immediate action if your system is infected:

Attack Vector

 An “attack vector” is a path, which an attacker can gain access to a computer or to a

network server to deliver a payload or malicious outcome.
 Attack vectors enable attackers to exploit system vulnerabilities, including the human
element.
 Attack vectors include viruses, E-Mail attachments, webpages, pop-up windows, instant
messages, chat rooms, and deception. All of these methods involve programming (or, in a
few cases, hardware), except deception, in which a human operator is fooled into removing
or weakening system defenses.
 To some extent, firewalls and antivirus software can block attack vectors.
 However, no protection method is totally attack-proof.
 A defense method that is effective today may not remain so for long because attackers are
constantly updating attack vectors, and seeking new ones, in their quest to gain unauthorized
access to computers and servers.