Cyber Security 5 Unit Notes

ST.
MARTIN'S ENGINEERING COLLEGE

(An UGC Autonomous Institute)
Dhulapally, Secunderabad-500 100 NBA & NAAC A+ Accredited
DEPARTMENT OF ELECTRONICS & COMMUNICATION ENGINEERING

Academic Year 2020-21
JNTUH – R 18 Regulations
III Year -I Semester
LECTURE NOTES
ON
CYBER SECURITY
CYBER SECURITY
CYBER SECURITY
B.Tech. III Year I L T P C
3 0 0 0
Course objectives:
To familiarize various types of cyber-attacks and cyber-crimes
To give an overview of the cyber laws
To study the defensive techniques against these attacks
Course Outcomes: The students will be able to understand cyber-attacks, types of

cybercrimes, cyber laws and also how to protect them self and ultimately the entire
Internet community from such attacks.
UNIT - I
Introduction to Cyber Security: Basic Cyber Security Concepts, layers of security,

Vulnerability,threat, Harmful acts, Internet Governance – Challenges and Constraints,
Computer Criminals, CIA Triad, Assets and Threat, motive of attackers, active
attacks, passive attacks, Software attacks, hardware attacks, Spectrum of attacks,
Taxonomy of various attacks, IP spoofing, Methods of defense,Security Models, risk
management, Cyber Threats-Cyber Warfare, Cyber Crime, Cyber terrorism,Cyber
Espionage, etc., Comprehensive Cyber Security Policy.
UNIT - II
Cyberspace and the Law & Cyber Forensics: Introduction, Cyber Security
Regulations, Roles of International Law. The INDIAN Cyberspace, National Cyber
Security Policy.Introduction, Historical background of Cyber forensics, Digital
Forensics Science, The Need for Computer Forensics, Cyber Forensics and Digital
evidence, Forensics Analysis of Email, Digital Forensics Lifecycle, Forensics
Investigation, Challenges in Computer Forensics, Special Techniques for Forensics
Auditing.
UNIT - III
Cybercrime: Mobile and Wireless Devices: Introduction, Proliferation of Mobile

and Wireless Devices, Trends in Mobility, Credit card Frauds in Mobile and Wireless
Computing Era, Security Challenges Posed by Mobile Devices, Registry Settings for
Mobile Devices, Authentication service Security, Attacks on Mobile/Cell Phones,
Mobile Devices: Security Implications for Organizations,Organizational Measures for
Handling Mobile, Organizational Security Policies and Measures in Mobile
Computing Era, Laptops.
CYBER SECURITY
UNIT- IV
Cyber Security: Organizational Implications: Introduction, cost of cybercrimes

and IPR issues, web threats for organizations, security and privacy implications,
social media marketing: security risks and perils for organizations, social computing
and the associated challenges for organizations.Cybercrime and Cyber terrorism:
Introduction, intellectual property in the cyberspace, the ethical dimension of
cybercrimes the psychology, mindset and skills of hackers and other cyber criminals.
UNIT - V
Privacy Issues: Basic Data Privacy Concepts: Fundamental Concepts, Data Privacy
Attacks, Data linking and profiling, privacy policies and their specifications, privacy
policy languages, privacy in different domains- medical, financial, etc.
Cybercrime: Examples and Mini-Cases
Examples: Official Website of Maharashtra Government Hacked, Indian Banks Lose

Millions of Rupees, Parliament Attack, Pune City Police Bust Nigerian Racket, e-mail
spoofing instances.Mini-Cases: The Indian Case of online Gambling, An Indian Case
of Intellectual Property Crime,Financial Frauds in Cyber Domain.
TEXT BOOKS:
1. Nina Godbole and Sunit Belpure, Cyber Security Understanding Cyber Crimes,
Computer
Forensics and Legal Perspectives, Wiley
2. B. B. Gupta, D. P. Agrawal, Haoxiang Wang, Computer and Cyber Security:

Principles,
Algorithm, Applications, and Perspectives, CRC Press, ISBN 9780815371335, 2018.
REFERENCES:
1. Cyber Security Essentials, James Graham, Richard Howard and Ryan Otson, CRC
Press.
2. Introduction to Cyber Security, Chwan-Hwa(john) Wu,J. David Irwin, CRC Press

T&F Group.
CYBER SECURITY
CYBER SECURITY
UNIT - I
Introduction to Cyber Security:
Cyber Security provides basic and advanced concepts of Cyber Security technology.
Our Cyber Security is designed for beginners and professionals. Our Cyber Security
includes all topics of Cyber Security such as what is Cyber Security, cyber security
goals, types of cyber attacks, types of cyber attackers, technology, e-commerce,
policies, digital signature, cyber security tools, security risk analysis, challenges etc.
Cyber security is primarily about people, processes, and technologies working

together to encompass the full range of threat reduction, vulnerability reduction,
deterrence, international engagement, incident response, resiliency, and recovery
policies and activities, including computer network operations, information assurance,
law enforcement, etc."
Cyber security is the protection of Internet-connected systems, including hardware,

software, and data from cyber attacks. It is made up of two words one is cyber and
other is security. Cyber is related to the technology which contains systems, network
and programs or data. Whereas security related to the protection which includes
systems security, network security and application and information security.
It is the body of technologies, processes, and practices designed to protect networks,

devices, programs, and data from attack, theft, damage, modification or unauthorized
access. It may also be referred to as information technology security.
Layers of security:
The 7 layers of cyber security should center on the mission critical assets you are
seeking to protect.
1: Mission Critical Assets – This is the data you need to protect*
2: Data Security – Data security controls protect the storage and transfer of data.
3: Application Security – Applications security controls protect access to an

application, an application’s access to your mission critical assets, and the internal
security of the application.
4: Endpoint Security – Endpoint security controls protect the connection between

devices and the network.
5: Network Security – Network security controls protect an organization’s network

and prevent unauthorized access of the network.
CYBER SECURITY
6: Perimeter Security – Perimeter security controls include both the physical and
digital security methodologies that protect the business overall.
7: The Human Layer – Humans are the weakest link in any cybersecurity posture.
Human security controls include phishing simulations and access management
controls that protect mission critical assets from a wide variety of human threats,
including cyber criminals, malicious insiders, and negligent users.
Vulnerability:
Definition - What does Vulnerability mean? Vulnerability is a cyber-security term

that refers to a flaw in a system that can leave it open to attack. Vulnerability may also
refer to any type of weakness in a computer system itself, in a set of procedures, or in
anything that leaves information security exposed to a threat.
Five Cyber Security vulnerabilities:
1) Injection vulnerabilities:
Injection vulnerabilities occur every time an application sends untrusted data to an

interpreter. Injection flaws are very common and affect a wide range of solutions. The
most popular injection vulnerabilities affect SQL, LDAP, XPath, XML parsers and
program arguments.As explained in the OWASP “Top 10” guide, the injection flaws
are quite easy to discover by analyzing the code, but frequently hard to find during
testing sessions when systems are already deployed in production environments.The
possible consequences of a cyber-attack that exploits an Injection flaw are data loss
and consequent exposure of sensitive data, lack of accountability, or denial of
access.An attacker could run an Injection attack to completely compromise the target
system and gain control on it.The business impact of an Injection attack could be
dramatic, especially when hacker compromise legacy systems and access internal
data.SQL injection vulnerabilities are among most exploited flaws, despite the high
level of awareness on the various techniques of hacking that exploit this category of
bugs the impact of such attacks is very serious.A study released by the Ponemon
Institute in October 2014 titled “The SQL Injection Threat Study” investigated on the
reply of organizations to the SQL injection threat.The study revealed that despite
about one-third believing that their organization has the necessary technology to
detect and mitigate the cyber threat, the success rate of SQL injection attacks is too
high.Injection vulnerabilities could affect various software and their impact depends
on the level of diffusion of the vulnerable application.A classic example of the
possible effect of the presence of injection flaws is the critical vulnerability dubbed
Bash Bug affecting the Linux and UNIX command-line shell. The flaw, coded
as CVE-2014-6271, is remotely exploitable and affects Linux and Unix command-
line shell potentially exposing to risk of cyber-attacks websites, servers, PCs, OS X
Macs, various home routers, and many other devices.The vulnerability has existed for
several decades and it is related to the way bash handles specially formatted
environment variables, namely exported shell functions. To run an arbitrary code on
CYBER SECURITY
affected systems it is necessary to assign a function to a variable, trailing code in the
function definition will be executed.Such kind of vulnerabilities could have a
dramatic effect on a large scale, let’s think for example to the dangers for the Internet-
of-things devices like smart meters, routers, web cameras and any other device that
runs software affected by this category of flaws.
2) Buffer Overflows:
A buffer overflow vulnerability condition exists when an application attempts to put

more data in a buffer than it can hold. Writing outside the space assigned to buffer
allows an attacker to overwrite the content of adjacent memory blocks causing data
corruption, crash the program, or the execution of an arbitrary malicious code.Buffer
overflow attacks against are quite common and very hard to discover, but respect the
injection attacks they are more difficult to exploit. The attacker needs to know the
memory management of the targeted application, the buffers it uses, and the way to
alter their content to run the attack.In a classic attack scenario, the attacker sends data
to an application that store it in an undersized stack buffer, causing the overwriting of
information on the call stack, including the function’s return pointer. In this way, the
attacker is able to run its own malicious code once a legitimate function is completed
and the control is transferred to the exploit code contained in the attacker’s data.There
are several types of buffer overflow; most popular are the Heap buffer overflow and
the Format string attack. Buffer overflow attacks are particularly dangerous; they can
target desktop applications, web servers, and web applications.An attacker can exploit
a buffer overflow to target a web application and execute an arbitrary code. He can
corrupt the execution stack of a web application by sending specifically crafted
data.Buffer overflows affecting widely used server products represent a significant
risk to users of these applications, in the last years, many buffer overflow
vulnerabilities were discovered in a number of SCADA components.Considering that
the number of cyber-attacks against SCADA is increasing even more it is likely that
these buffer overflow vulnerabilities will be exploited with increasing frequency.A
number of crimeware kit could be sold in the underground ecosystem to attack this
particular category of targets causing serious damages.
3) Sensitive Data Exposure
Sensitive data exposure occurs every time a threat actor gains access to the user
sensitive data.Data could be stored (at rest) in the system or transmitted between two
entities (i.e. servers, web browsers), in every case a sensitive data exposure flaw
occurs when sensitive data lack of sufficient protection.Sensitive data exposure refers
the access to data at rest, in transit, included in backups and user browsing data.The
attacker has several options such as the hack of data storage, for example by using a
malware-based attack, intercept data between a server and the browser with a Man-In-
The-Middle attack, or by tricking a web application to do several things like changing
the content of a cart in an e-commerce application, or elevating privileges.The
principal sensitive data exposure flaw is the lack of encryption for sensitive data, but
CYBER SECURITY
even if encryption mechanisms are implemented, other events concur to the exposure
of information. The adoption of weak key generation and management, and weak
algorithm usage is very common in many industries and applications.A number of
incidents recently occurred have demonstrated the critic of this category of flaw, let’s
think to the wrong implementation of encryption algorithms and the lack of
encryption for mobile and cloud solutions.In September 2014, the CERT
Coordination Center at Carnegie Mellon University (CERT/CC) published the results
of the tests conducted by its experts on popular Android applications that fail to
properly validate SSL certificates.The failure of the certificate pinning procedure
exposes users to the risk of MitM attacks and consequent theft of sensitive
information.The CERT confirmed that the problems is widespread, the circumstance
was confirmed by another study conducted by security experts at FireEye
that evaluated the level of security offered by 1,000 of the most popular free apps
offered on Google Play.FireEye provided shocking results. 68% of the apps don’t
check server certificates and 77% ignore SSL errors. According to the CERT, the
applications are using vulnerable libraries, such as the Flurry and Chartboost ad
libraries. For this reason, Android users are exposed to the risk of attacks. Despite the
fact that FireEye the developers about the flaws, the CERT pointed out that only a few
companies took steps to secure their products.As highlighted by the numerous studies
of the topic, attackers typically don’t break crypto directly; they operate to exploit a
sensitive data exposure flaw. This means that threat actors operate to steal encryption
keys, run man-in-the-middle attacks, steal clear text data off the server, while in
transit, or from the user’s browser.The exploitation of sensitive data exposure flaw
could be dramatic for every organization in every industry, the principal losses for
data breaches are related to the business value of the compromised data and the
impact to the reputation of the victim organization.Sensitive data exposure attacks
could be run by any category of attackers, including cyber criminals, state-sponsored
hackers and hacktivists, in the majority of case this kind of attacks are part of a first
stage offensive that involve also other hacking techniques.Every organization that
manages sensitive data (i.e. healthcare and banking data, personal information) is
potentially exposed to the attacks that could involve a large number of users; millions
of users are already open to cyber-attacks.
4) Broken Authentication and Session Management:
The exploitation of a broken Authentication and Session Management flaw occurs

when an attacker uses leaks or flaws in the authentication or session management
procedures (e.g. Exposed accounts, passwords, session IDs) to impersonate other
users.This kind of attack is very common; many groups of hackers have exploited
these flaws to access victim’s accounts for cyber espionage or to steal information
that could advantage their criminal activities.As explained by the OWASP, one of the
main problems is related to the custom implementation of authentication and session
management schemes, in the majority of cases these schemes result flawed and
hackers are able to compromise them. This category of flaws affects web applications,
CYBER SECURITY
in the majority of cases functionalities such as the logout, password management,
remember me, timeouts, secret question, and account update are affected by broken
authentication vulnerabilities.The bad news is that once this kind of flaw is
successfully exploited, the attacker can impersonate the victim doing anything he
could do with the privileges granted to his account.Unfortunately, the exploitation of a
broken Authentication and Session Management flaw is hard to mitigate due to the
large number of authentication schemes implemented by each victim. Not all
authentication and session management systems are equal, complicating the adoption
of best practices on a large scale.There are several ways to bypass authentication
mechanisms, including “Brute-forcing” the targeted account, using a SQL Injection
attack, retrieving a session identifier from an URL, relying on the session timeout,
reusing an already used session token or compromising a user’s browser.The most
popular attack scenario relies on the session, authentication mechanisms are usually
based on tokens associated with each session on the server side. An attacker that is
able to retrieve the session identifier could impersonate victims without providing
login credentials again.The possible business impact of broken authentication and
session attacks is severe because an attacker could takeover users account and
impersonate him to conduct various malicious activities.Such practice is very
common in both cyber-criminal ecosystem and state-sponsored hacking.
5) Security Misconfiguration:
I consider this category of vulnerability the most common and dangerous. It is quite
easy to discover web servers and applications that have been misconfigured resulting
in opening to cyber-attacks. Below some typical example of security misconfiguration
flaws:
Running outdated software.
Applications and products running in production in debug mode or that still include
debugging modules.
Running unnecessary services on the system.
Not configuring problems the access to the server resources and services that can
result in the disclosure of sensitive information or that can allow an attacker to
compromise it.
Not changing factory settings (i.e. default keys and passwords).
Incorrect exception management that could disclose system information to the

attackers, including stack traces.
Use of default accounts.
The exploitation of one of the above scenarios could allow an attacker to compromise
a system. Security misconfiguration can occur at every level of an application stack.
CYBER SECURITY
An attacker can discover that the target is using outdated software or flawed database
management systems.In many cases, it is quite easy for an attacker to search for this
kind of vulnerability. The availability of automated scanners on the market allows the
detection of systems not correctly configured or correctly patched.Security
misconfiguration vulnerabilities could have a dramatic impact when systems targeted
by hackers are widely adopted. For example, the presence on the market of routers
with hardcoded credentials or network appliances using default SSH keys that allow
an attacker to establish remote and unauthorized connection to the device.These kind
of vulnerabilities could have a severe impact for the new paradigm of the Internet of
Things, poorly configured IoT devices could be exploited by hackers to compromise
the software they run and recruit them in large “thingbot.”Recovery cost could be
very expensive and the impact on the organizations that are using flawed devices
could be severe.Security misconfiguration is very insidious for any organization and
cause incident difficult to mitigate that can have catastrophic impact.
Threat:
Cyber security threats are a very real part of running a company, given just how much
business is now conducted online. Cyber security can be a convoluted issue to
deconstruct. Talk amongst businesses of cyber security threats as pressing issues can
leave you overwhelmed and confused. Without knowing what actual cyber security
threats are, it can feel like you’re floundering around in the dark. Cyber security
threats include a whole range of vulnerabilities and cyber-attacks. Here, we’ll just
cover some of the most common cyber security threats.
‘Cyber security threats’ isn’t some nebulous, new concept. It’s a trending term used as
a catch-all to cover the various types of attacks and risks to networks, devices, and
computers. Such threats have existed for as long as the internet itself. Just check out
the Morris worm! The grouping of the words ‘cyber security threats’ helps to hammer
home that these threats are very real. If your company is exposed to risk, it’s open to
an attack by malware, phishing, data breaches, DDoS, ransomware and more.
Common Cyber Security Threats:
Malware
What is Malware.
Malware makes up 18% of the top cybercrimes affecting Australian organisations.

The term malware is a contraction of ‘malicious software.’ It’s a catch-all term for
any number of malicious programs that infect your system with the intent to corrupt
or steal your data. It could be a trojan, worm, virus, spyware. or ransomware. It’s
almost always introduced to the system through an email attachment, or an unsafe
CYBER SECURITY
download. This is often through a trusted site, in order to trick you into allowing it
through your anti-virus software. Malware stands as one of the biggest and most
prolific cyber security threats. When protecting your business from a malware attack,
user vigilance is key.
So, who is behind the malware threatening your organisation? In most cases, Malware
is created by a team of hackers, not a single person. The creation of malware is most
often driven by money. However, it can be a tool for protest, a means to test security,
or, in extreme cases, a government method of warfare. The creators of the malware
will either use it themselves or sell it on the Dark Web.
Detecting Malware
Some strains of malware — like ransomware and adware — are known to you
immediately, while others are harder to detect. Anti-malware software, like those
offered by Stanfield IT, will ensure malware is detected before it infects your PC,
Mac, or mobile device. Malware is a major threat to small and medium businesses.
The damage it can cause is excessive. It can collect personal details, attack other
computers and networks, delete files from your computer, or even corrupt your whole
hard drive.
Avoiding a Malware Attack
Malware is all over the internet, but predominantly can’t infect your device unless you
let it. For example, the Malware will prompt you to open an email or download a file.
Employees being vigilant and informed when it comes to suspicious-looking
attachments is vital. When it comes to cyber-security threats, education and awareness
are key, making a big difference to the level of risk your company is under.
Phishing
What is Phishing.
Sitting high on our list of cyber security threats, phishing is primarily aimed at the
less-technologically savvy. Phishing makes up 19% of the top cyber crimes affecting
Australian organisations.
Phishing attacks have been in operation for nearly 25 years and usually randomly
target individuals. A phishing attack is when you receive an email appearing to be
from an organisation or person that you trust. This could be your bank, for example. It
will usually flag a vague ‘fraudulent activity’ as an urgent enticement for you to take
action and click on the email link. The link will lead to a dummy site that looks like
the real thing, but is a trap to capture your login credentials.
CYBER SECURITY
Detecting Phishing
Phishing scams have become clever and very good at mimicking the real deal, such as
emails from your bank. Just remember that your bank will never ask you to enter your
password via an email link.
In 2018, the number one disguise for distributing malware in phishing attacks were
fake invoices, followed by email delivery failure notices. You’ll often see phishing
emails disguised as Apple, with the sender appearing to be ‘Apple Payment.’ It’s
important to not only educate your staff around phishing, but your clients or
customers, too.
There are 1.5 million new phishing sites created every month and can result in
customer accounts being jeopardised. Make it known how to identify emails or pop-
ups that may look like they’re from your company but are, in fact, phishing.
Avoiding a Phishing Attack
Strategies like implementing two-factor authentication can greatly decrease cyber

security threats. Even if they succeed in capturing your password in a phishing attack,
it will not be enough to access your information if you have two-factor authentication.
Other security measures include always keeping your browser updated, using anti-
virus software, and not clicking on popups. Making sure staff are aware of these
simple measures will help secure them — and your business — from a phishing
attack. Also ensure your staff are across the signs of phishing emails. Bad grammar
and spelling, strange greetings, a misleading URL, urgent or threatening language,
and requests for personal information are common indicators.
Data Breaches
What is a Data Breach.
Data breaches represent some big bucks for hackers and cyber criminals. Malware
program can easily hold your information hostage until you cough up the asking price.
Ransomware, in particular, has seen a huge surge as one of the more common cyber
security threats. Victims will often pay the price to recover their data that hasn’t been
backed up.
Who is at Risk of a Data Breach
It’s important to note that smaller businesses are often targeted more due to the
relative ease of infiltration. Bigger companies, like Amazon and Google, will have
world-class digital security protecting them from such cyber security threats.
CYBER SECURITY
Data breaches aren’t only a threat for small companies, and often target organisations
with extremely sensitive and confidental information, like in healthcare. It’s not only
the security and information of your company a data breach can jeopardise.
Individuals within (employees or investors) or external to (clients or customers) the
company are affected, too. This could include an individual’s medical information,
account details, financial information, passwords, or contact details being taken.
Dealing with a Data Breach
Of course, prevention is always better than cure. Having appropriate, up-to-date

security programs and software across your business will reduce the risk of being
targeted. However, it’s also important to have a data breach response strategy in
place. Establishing a data breach response team is an impotant way to be prepared in
case of a breach and minimalise damage. This team will help your company quickly
and effectively manage a data breach by providing the strategy for containing,
assessing, and managing the incident from start to finish.
Data breaches are one of the most serious forms of cyber security attacks. 64% of
reported data breaches by December 2018 were due to malicious or criminal attacks.
The other breaches came down to human error. Having a data breach response team at
the ready can reduce any harm suffered by affected individuals and preserve and build
public trust.
DDoS Attack and Botnets
What are DDoS Attacks and Botnets.
DDoS (Distributed Denial of Service) and botnets often go hand in hand as double-
whammy cyber security threats. A botnet is a network of bots across ‘infected’
computers that can be remotely controlled at the source. A botnet could be used in a
DDoS attack where the network of computers all apply pressure to a targeted website
or server until it eventually crashes. The hacker behind such an attack could easily be
using your computer in this attack without your knowledge.
Detecting a DDoS or Botnet Attack
There are two types of DDoS attacks — application layer attacks and network layer
attacks. The former include HTTP floods, slow attacks, zero-day assaults, as well as
attacks that target vulnerabilities in operation systems, web applications, and
communication protocols.
The goal of these attacks is to overwhelm a target application with requests that seem
innocent and legitimate. The result? High CPU and memory use that may hang or
crash the application. Network layer attacks include UDP and SYN floods; NTP,
DNS, and SSDP amplification; and IP fragmentation. These attacks are nearly always
CYBER SECURITY
done by botnets who try to consume the target’s upstream bandwidth and thus saturate
the network.
Avoiding a DDoS or Botnet Attack
Both DDoS and botnet attacks can be controlled through the correct protection
service, such as Fortinet Enterprise Subscription. Many of these services can work
through the Cloud to limit cyber security threats. Setting up all employees with two-
factor authentication can help mitigate botnet attacks in your company. Botnets give a
hacker unlimited attempts at guessing a password. With two-factor authentication,
they will not be able to access your account from their device without your
authorisation. This is true even if they eventually guess the password correctly.
Ransomware
What is Ransomware?
Briefly addressed above, ransomware deserves a mention of its own as it poses a high
risk to small businesses. Ransomware is a type of malware and makes up 18% of the
top cybercrimes affecting Australian organisations. Ransomware, as its name
suggests, stops access to systems or personal files unless a ransom payment is made.
This is done by first fully encrypting your information. It’s then locked away and
rendered completely inaccessible without a specific decryption key.
The attackers may threaten to completely destroy the data if their demands are not
met. These payments are to be sent via cryptocurrency or credit card. Cryptocurrency
is a popular method as it’s incredibly difficult to trace, meaning most perpetrators are
not prosecuted. Ransomware, however, has existed since the late 1980s, where
payments were demanded to be sent via snail mail!
Detecting a Ransonware Threat
So, how does ransomware infect a device in your business in the first place? The most
commonly used method today is through malicious spam (malspam). Malspam refers
to emails that may contain attachments or links to websites that, once open or clicked,
will affect your computer. Like malware, the email will try to appear legitimate, but
you can flag them by poor or strange use of language. Scare tactics may be used —
like saying account information has been breached or posing as a figure of authority.
A newer form of ransomware cyber security threats, which was rife in 2016, is
malvertising (malicious advertising). Malvertisng distributes malware without
needing the user to do anything. In this scenario, users can be redirected to criminal
servers without even clicking on an ad.
Avoiding a Ransomware Attack
CYBER SECURITY
The best way to avoid ransomware threats is to set up proper cyber-security measures
in your business. This will ensure these emails or ads don’t pop up on employee
computers and mobile devices in the first place. Educating the team about the signs of
ransomware is also an easy, effective way of making sure these sorts or links and
attachments are not clicked on.
Harmful acts:
Cyber crimes can be defined as the unlawful acts where the computer is used either as
a tool or a target or both. This is general term that covers crimes such as phishing,
spoofing, DoS (Denial of Service) attack, credit card fraud, online transaction fraud,
cyber defamation, child pornography, kidnapping a person using chat rooms, stalking
a person using Internet as medium, unauthorised access to computer system, cyber
terrorism, creation and distribution of virus, spamming etc.
Cyber crime can be categorised into :
Cyber crime against person
Cyber crime against property
Cyber crime against government
Cyber crime against society
1. Cyber crime against person :
In this category crime is committed against a person using electronic service as a

medium. Below are some offences that comes under this category :
a. Cyber stalking : The term stalking means unwanted or obsessive attention by an

individual or group towards another person. Cyber stalking refers to threat that is
created through the use of computer technology such as Internet, e-mails, SMS,
webcams, phones calls, websites or even videos.
b. cyber crime Hacking : This means gaining unauthorised access over computer
system with the intent of personal gain or misuse. It generally destroys the whole data
present in computer system. Screenshot 2 shows message that hacker can post once
your system is compromised.
c. Cracking : Cracking refers to digitally removing the copy write protection code that
prevents copied or pirated software from running on computers that haven’t been
authorised to run it by the vendor of the software. The person who carries out this task
if called as Cracker.
There is difference between Hacker and a Cracker. Hacker uses their knowledge to
find the flaws in the security of systems where as Cracker uses their knowledge to
break the law.
CYBER SECURITY
d. Defamation : It involves action of damaging the good reputation of someone using
computer or electronic service as medium. For eg., Posting vulgar message and/or
photos about a person on his/her social network profile such as facebook, twitter etc.
e. Online fraud : This refers to acts of stealing confidential details of victim such as
banking credentials using phishing sites and thereafter withdrawing money from
victims account, online lottery scams such as nigeria lottery scams. Screenshot 3
shows online lottery scam claiming that you have won $ 5,00,000 amount!
f. Child pronography : This involves the use of electronic device and services to
create, distribute or access materials that sexually exploit minor childrens. For
eg., Recording heinous act done with child on mobile device and distributing on porn
site.
g. Spoofing : The term spoofing means imitate something while exaggerating its
characteristic features with some personal gain or profit. Spoofing of user identity can
be described as a situation in which one person or program successfully
masquerades (means pretending to be someone one is not) as another by falsifying
data. Spoofing can be done using email or SMS or WhatApp. For eg.,Constantly
mailing a person claiming from bank and requesting banking credentials. Screenshot 4
shows hacker claiming to be from WhatsApp and sending an attachment (possibly
a trojan or virus).
2. Cyber crime against person :
In this category crime is committed against property of person using electronic service
as a medium. Below are some offences that comes under this category :
a.Transmitting virus : A computer virus is a malware program that reproduces

itself into another computer programs, disk drive, files or booting sector of hard drive.
Once this replication of so called virus is succeeded the areas affected are termed
as “infected”. Hacker generally transmit virus to target system using email attachment
as medium. When victim opens the attachment (which is infected with virus) this
virus gets replicated throughout the system and thereby slowing down your system.
b. Cyber Squatting : The term squatting means unlawfully occupying an uninhabited

place. Cyber Squatting is where two or more persons claim for the same Domain
Name or any service available on Internet such as facebook profile etc. The hacker
claims that he/she had first registered the name before other person or he/she is the
owner for twitter handle.
For eg., the first case in India registered for cyber squatting was Yahoo Inc. v/s
Aakash Arora in 1999 where the defendant launched a YahooIndia.com website
nearly identical to the plaintiff’s popular website Yahoo.com and also provided
almost similar services. However, the court ruled in favour of Yahoo Inc.
CYBER SECURITY
c. Cyber Vandalism : Vandalism refers to action involving deliberate destruction or
damage of public or private property. Cyber vandalism means destroying or damaging
the data when a network service is unavailable.
For eg., The Tribune of Pakistan had reported in November 2012 that hackers (group
named as ‘eboz’ in Pakistan) replaced Google’s Pakistan logo with a picture of two
penguins walking up a bridge at sunset.
d. Intellectual Property Crimes : Intellectual property are intangible property that is

the result of creativity such as copyrights, trademark, patent etc. Intellectual Property
Right (IPR) crime is any unlawful act by which the owner is deprived of his/her rights
completely or partially. These are the most common offence occurring in India and
includes software piracy, infringement of patents, designs, trademark, copyright, theft
of source code etc.
For eg., The popular case of trademark of Bikanervala v/s New Bikanerwala filed in
2005. The plaintiff (here Bikanervala) had filed IPR case with defendant (here New
Bikanerwala) since they were running new outlet in Delhi by using trademark
registered with plaintiff. The court had allowed plaintiff’s application and the
defendant was restrained by means of an ad interim injunction.
3. Cyber crime against government:
In this category crime is committed against government by using Internet facilities.

Below are some offences that comes under this category :
a. Cyber Warfare : Cyber warfare is Internet-based conflict that involves politically

motivated attacks on information and its related systems. It can disable official
websites and networks, disrupt or even disable essential services such as Internet
connection, steal or alter classified data such as sensex details on official website, and
cripple financial systems such as blocking payment gateways.
For eg., National Security Agency (NSA) of US spying on large scale on many
countries. This spying was blown up by former NSA agent Edward Snowden.
b. Cyber Terrorism : Cyber Terrorism is politically motivated use of computers and

information technology to cause severe disruption or widespread fear amongst people.
For eg., the recent example of 2015 dimapur mob lynching rape accused is due to
outspread of message on chatting app called Whatsapp amount locals of Dimapur
district in Nagaland.
4. Cyber crime against society at large :
An unlawful activities done with the intention of causing harm to the cyberspace that
can affect entire society or large number of persons. Below are offences that comes
under this category:
CYBER SECURITY
a. Online Gambling : The term gambling means involving in activities that allows
chance for money. Online gambling is one of the most lucrative businesses that is
growing today in the list of cyber crimes in India. It is also known as Internet
gambling or iGambling. The cyber crime incident such as online lottery
scam (particularly those of Nigeria lottery scam), online jobs i.e. work from remote
location etc.
b. Cyber Trafficking : The term trafficking means dealing or involving in trade

activities that is considered to be illegal and is prohibited by cybercrime law. Cyber
Trafficking refers to unlawful activities carried out using computer and/or computer
services. For eg., selling kidnapped child to human trafficking group using WhatsApp
as medium.
Internet Governance – Challenges and Constraints:
Internet governance is the development and application of shared principles, norms,

rules, decision-making procedures, and programs that shape the evolution and use of
the Internet. This article describes how the Internet was and is currently governed,
some of the controversies that occurred along the way, and the ongoing debates about
how the Internet should or should not be governed in the future.
Internet governance should not be confused with e-governance, which refers to

governments' use of technology to carry out their governing duties.
Cybersecurity strategies and cybercrime (or cybercrime prevention) strategies are

terms that have been used interchangeably. While cybersecurity and cybercrime
strategies complement each other and include some areas of overlap, they are not
identical (Seger, 2012) (see Image 1 below). Cybercrime prevention strategies set out
the efforts to directly and indirectly deal with cybercrime, such as law enforcement
responses and the promotion of national and international cooperation between
governments, businesses, academic institutions, organizations, and the public, in order
to control and/or reduce cybercrime. Put simply, cybercrime strategies focus
exclusively on crime prevention and criminal justice policies, programmes, and
practices (Seger, 2012). By contrast, cybersecurity strategies provide guidance on
cybersecurity matters (which can include cybercrime prevention), and map out
objectives, action plans, measures, and the responsibilities of institutions in meeting
these objectives. These strategies include legal, procedural, technical, and institutional
measures designed to safeguard systems, networks, services, and data.
National cybersecurity strategies elucidate countries' cybersecurity and cybercrime

prevention aspirations at the national and international level. These strategies outline
the principles on which the strategy is based, prescribe the interests that this strategy
seeks to protect, identify the tools used to promote and protect these interests, identify
cyberthreats and the challenges these threats pose to national and economic security,
delineate cybersecurity policy priorities, and allocate resources to these priorities.
These strategies "encourage policy-makers to identify strategic objectives ('ends'), to
CYBER SECURITY
pinpoint the resources available to reach those objectives ('means'), and to provide a
guide on how such resources are to be applied to reach stated objectives ('ways')"
The objectives of cybersecurity strategies include national security-related objectives

and information and communication technology-related objectives. For instance,
Sweden's cybersecurity "strategy is based on the objectives for Sweden's security:
protecting the lives and health of the population, the functioning of society, and
capacity to uphold fundamental values such as democracy, the rule of law and human
rights and freedoms.The strategy is also based on the overall [information technology
policy objective – for Sweden to become the world leader in harnessing the
opportunities of digital transformation”
Computer Criminals:
Cyber crimes have quickly become one of the fastest rising forms of modern crime.
According to cyber experts, approximately 1 million potential cyber attacks are
attempted per day, and with the evolution of mobile and cloud technologies, this
number is likely to increase. To help mitigate this growth, businesses and corporations
have been expanding their cyber security teams and efforts. Yet, in order to accurately
identify potential hackers and/or attacks, cyber security teams should possess a firm
understanding of who cyber criminals are, what techniques they use and what
counter-initiatives can be implemented in order to protect and prevent future cyber
crimes.
Types of Cyber Criminals:
Cyber criminals, also known as hackers, often use computer systems to gain access to
business trade secrets and personal information for malicious and exploitive purposes.
Hackers are extremely difficult to identify on both an individual and group level due
to their various security measures, such as proxies and anonymity networks, which
distort and protect their identity. Cyber security experts assert that cyber criminals are
using more ruthless methods to achieve their objectives and the proficiency of attacks
is expected to advance as they continue to develop new methods for cyber attacks.
The growth of the global cyber criminal network, which is largely credited to the
increased opportunity for financial incentives, has created a number of different types
of cyber criminals, many of which pose a major threat to governments and
corporations.
1. Identity Thieves:
Identity thieves are cyber criminals who try to gain access to their victims’ personal
information – name, address, phone number, place of employment, bank account,
credit card information and social security number. They use this information to make
financial transactions while impersonating their victims. Identity theft is one of the
oldest cyber crimes, gaining prominence during the early years of the Internet.
CYBER SECURITY
Initially, these cyber criminals leveraged basic hacking techniques, such as modifying
data and leveraging basic identity fraud to uncover the desired information. Today,
the practice has progressed in scope and technique due to advances in computing, and
now, many identity thieves can hack into a government or corporate database to steal
a high-volume of identities and personal information. This expansion of strategy has
resulted in major losses for companies and consumers, with recent studies indicating
that approximately $112 billion has been stolen by identity thieves over the past six
years.
2. Internet Stalkers:
Internet stalkers are individuals who maliciously monitor the online activity of their
victims to terrorize and/or acquire personal information. This form of cyber crime is
conducted through the use of social networking platforms and malware, which are
able to track an individual’s computer activity with very little detection. The motives
for such attacks can differ depending on the cyber criminal, but many internet stalkers
seek to acquire important information that they can use for bribery, slander, or both.
Businesses should be aware of internet stalkers, as well as the strategies that they
utilize, in case their employees are ever victims of this cyber attack. If left
unaddressed, internet stalkers could cause emotional distress to the team or even
obtain data for blackmail.
3. Phishing Scammers:
Phishers are cyber criminals who attempt to get ahold of personal or sensitive
information through victims’ computers. This is often done via phishing websites that
are designed to copycat small-business, corporate or government websites.
Unsuspecting computer users often fall prey to such activities by unknowingly
providing personal information including home addresses, social security numbers,
and even bank passwords. Once such information is obtained, phishers either use the
information themselves for identity fraud scams or sell it in the dark web. It’s
important for businesses to constantly be aware of phishing scams, particularly scams
that may be trying to copycat their own business site. Such sites can tarnish the
company’s reputation and brand, which could potentially lead to a decrease in
earnings.
4. Cyber Terrorists:
Cyber terrorism is a well-developed, politically inspired cyber attack in which the

cyber criminal attempts to steal data and/or corrupt corporate or government computer
systems and networks, resulting in harm to countries, businesses, organizations, and
even individuals. The key difference between an act of cyber terrorism and a regular
cyber attack is that within an act of cyber terrorism, hackers are politically motivated,
as opposed to just seeking financial gain.
CYBER SECURITY
CIA Triad:
The CIA (Confidentiality, Integrity, and Availability) triad is a well-known model for
security policy development. The model consists of these three concepts:
Confidentiality – ensures that sensitive information are accessed only by an

authorized person and kept away from those not authorized to possess them. It is
implemented using security mechanisms such as usernames, passwords, access
control lists (ACLs), and encryption. It is also common for information to be
categorized according to the extent of damage that could be done should it fall into
unintended hands. Security measures can then be implemented accordingly.
Integrity – ensures that information are in a format that is true and correct to its
original purposes. The receiver of the information must have the information the
creator intended him to have. The information can be edited by authorized
persons only and remains in its original state when at rest. Integrity is implemented
using security mechanism such as data encryption and hashing. Note that the changes
in data might also occur as a result of non-human-caused events such as an
electromagnetic pulse (EMP) or server crash, so it’s important to have the backup
procedure and redundant systems in place to ensure data integrity.
Availability – ensures that information and resources are available to those who need
them. It is implemented using methods such as hardware maintenance, software
patching and network optimization. Processes such as redundancy, failover, RAID
and high-availability clusters are used to mitigate serious consequences when
hardware issues do occur. Dedicated hardware devices can be used to guard against
downtime and unreachable data due to malicious actions such as distributed denial-of-
service (DDoS) attacks.
DEPARTMENT OF CSE CYBER SECURITY

Assets and Threat:
An asset is any data, device or other component of an organisation’s systems that is

valuable – often because it contains sensitive data or can be used to access such
information.
For example, an employee’s desktop computer, laptop or company phone would be

considered an asset, as would applications on those devices. Likewise, critical
infrastructure, such as servers and support systems, are assets.
An organisation’s most common assets are information assets. These are things such
as databases and physical files – i.e. the sensitive data that you store.
A related concept is the ‘information asset container’, which is where that information
is kept. In the case of databases, this would be the application that was used to create
the database. For physical files, it would be the filing cabinet where the information
resides.
Threat:
A threat is any incident that could negatively affect an asset – for example, if it’s lost,
knocked offline or accessed by an unauthorised party.
Threats can be categorised as circumstances that compromise the confidentiality,

integrity or availability of an asset, and can either be intentional or accidental.
Intentional threats include things such as criminal hacking or a malicious insider

stealing information, whereas accidental threats generally involve employee error, a
technical malfunction or an event that causes physical damage, such as a fire or
natural disaster.
Motive of attackers:
The need to understand the motivations of cyber-attackers is great, given that

"cybersecurity risks pose some of the most serious economic and national security
challenges of the 21st Century". However, the motivations behind cyber-attacks
intended to cause economic impacts may be different from those posing a threat to
national security. And, in many cases, the real purpose and primary objective of a
cyber-attack may be hidden or obscured, even if the attacker claims responsibility.
Nonetheless, to help tease out and understand common motivations, cyber-attackers

may be categorized, noting that a given attacker may belong to more than one
category. For example, politically motivated cyber-attacks may be carried out by
members of extremist groups who use cyberspace to spread propaganda, attack
websites, and steal money to fund their activities or to plan and coordinate physical-
world crime.Generally, the reason for non-politically motivated attacks is generally

financial, and most attacks are considered as cyber-crime , but many cyber-attacks are
motivated by deeply-rooted socio-cultural issues.
As shown in Figure 1, cyber-attackers can be broadly considered "insiders" or

"outsiders", meaning that they act from within an organization or attempt to penetrate
it from the outside.
Figure 1. Categories of cyber-attackers
The three basic categories of insiders are: i) disgruntled employees, who may launch
retaliatory attacks or threaten the safety of internal systems; ii) financially motivated
insiders, who may misuse company assets or manipulate the system for personal gain
(although some insiders may be acting on ethical grounds or for other reasons); and
unintentional insiders, who may unwittingly facilitate outside attacks, but are not
strictly speaking primary attackers..
Outsiders can be classified based on their organization, motives, and professional

level: organized attackers, hackers, and amateurs.
Organized attackers: include organizations of terrorists, hacktivists, nation states, and

criminal actors. Terrorists are those who seek to make a political statement or attempt
to inflict psychological and physical damage on their targets, in order to achieve their

political gain or create fear in opponents or the public. Hacktivists seek to make a
political statement, and damage may be involved, but the motivation is primarily to
raise awareness, not encourage change through fear. Nation-state attackers gather
information and commit sabotage on behalf of governments and are generally highly
trained, highly funded, tightly organized, and are often backed by substantial
scientific capabilities. In many cases, their highly sophisticated attacks are directed
toward specific goals, but their specific motives may be mixed. Criminal actors are
usually "organized groups of professional criminals" and they may act within
complex criminal ecosystems in cyberspace that are both "stratified and service
oriented". Perpetrators of organized crime are typically focused on control, power,
and wealth.
Hackers: may be perceived as benign explorers, malicious intruders, or computer

trespassers. This group includes individuals who break into computers primarily for
the challenge and peer status attained from obtaining access . In some cases, hacking
is not a malicious activity; a "white hat" hacker is someone who uncovers weaknesses
in computer systems or networks in order to improve them, often with permission or
as part of a contract with the owners. In contrast, "black hat" hacking refers to
malicious exploitation of a target system for conducting illegal activities. In most
cases, black hat hackers could be hired by or be sponsored by criminal organization or
governments for financial gain or political purpose. Thus, hacking can involve
espionage (i.e., to obtain secrets without the permission of the holder of the
information, primarily for personal, political, or criminal purposes), extortion (i.e., to
extract money, property, or other concessions by threatening harm), theft (i.e., to steal
valuable data, information, intellectual property, etc.), vandalism (i.e., to cause
damage)
Amateurs: less-skilled hackers, also known as "script kiddies" or "noobs" often use
existing tools and instructions that can be found on the Internet. Their motivations
vary: some may simply be curious or enjoy the challenge, others may be seeking to
build up and demonstrate their skills to fulfill the entry criteria of a hacker group.
However benign their intentions may be, the tools used by amateurs can be very basic
but powerful. Despite their lower skill skills, they can cause a lot of damage or, after
gaining enough experience, may eventually "graduate" to professional hacking.
Although these categories are presented as discrete groups, there can be some overlap
or difficulty placing a given situation into a particular box. For example, a group of
hackers can act in a coordinated fashion, and in this sense could be considered
"organized attackers."
The categories of cyber-attackers enable us to better understand the attackers'

motivations and the actions they take. As shown in Figure 2, operational cyber
security risks arise from three types of actions: i) inadvertent actions (generally by
insiders) that are taken without malicious or harmful intent; ii) deliberate actions (by
insiders or outsiders) that are taken intentionally and are meant to do harm; and iii)

inaction (generally by insiders), such as a failure to act in a given situation, either
because of a lack of appropriate skills, knowledge, guidance, or availability of the
correct person to take action. Of primary concern here are deliberate actions, of which
there are three categories of motivation.
Political motivations: examples include destroying, disrupting, or taking control of

targets; espionage; and making political statements, protests, or retaliatory actions.
Economic motivations: examples include theft of intellectual property or other

economically valuable assets (e.g., funds, credit card information); fraud; industrial
espionage and sabotage; and blackmail.
Socio-cultural motivations: examples include attacks with philosophical, theological,

political, and even humanitarian goals. Socio-cultural motivations also include fun,
curiosity, and a desire for publicity or ego gratification.
Figure 2. Types of cyber-attacker actions and their motivations when deliberate
Active attacks, passive attacks:
Active Attack: It attempts to alter system resources or affect their operation.
Passive Attack: It attempts to learn or make use of information from the system but
does not affect system resources.
Passive attacks are in the nature of eavesdropping on, or monitoring of
transmissions.

Active and Passive attacks:
Active attacks: An Active attack attempts to alter system resources or effect their
operations. Active attack involve some modification of the data stream or creation of
false statement. Types of active attacks are as following:
Masquerade –
Masquerade attack takes place when one entity pretends to be different entity. A
Masquerade attack involves one of the other form of active attacks.
Modification of messages –
It means that some portion of a message is altered or that message is delayed or
reordered to produce an unauthorised effect. For example, a message meaning “Allow
JOHN to read confidential file X” is modified as “Allow Smith to read confidential
file X”.
Repudiation
This attack is done by either sender or receiver. The sender or receiver can deny later
that he/she has send or receive a message. For example, customer ask his Bank “To
transfer an amount to someone” and later on the sender(customer) deny that he had
made such a request. This is repudiation.
4. Replay It involves the passive capture of a message and its subsequent the
transmission to produce an authorized effect.

Software attacks and hardware attacks:
There are too many types of software attacks. Almost all types of software attack are
designed by people who are motivated to steal and even prove to be hackers. Some of
these attacks are virus, worm, Trojan, root kit, hybrid, scanners and hackers among
others.
Virus:
Computer virus is a type of software attack that interferes with the normal function of
a computer program. The virus spread directly to other files in a computer system
because it attempts to install itself on a user’s system. The virus is spread directly or
via emails through the use of infected files and devices.
There are very different types of virus such us polymorphic virus that changes with
each infection, armored viruses, multipartite virus tunneling viruses among other
types of computer viruses.
Worm:
A worm is similar to a virus. The main difference is that this type of software attacks
can spread itself without the involvement of the user. Other computers are typically
scanned for vulnerabilities which are designed to exploit by the worm. Once it has
identified the machine, it will attack it and copy its file over the machine to spread
itself. The examples of warms include Morris warm and Mydoom warm
Trojan:
These are types of software attacks that have derived their name from a trojan horse
of Greek mythology. The purpose of this software is to deliver a payload such as a
virus or a root kit even though it appears to work as normal program.
Root kit:
A type of software attacks that opens up a port once it is installed to allows

communication the attacker as it takes full control of the system is root kit. The other
name for root kit is a door. Hackers are given more control of machine. The monitor
of the victim can be turned off by an attacker by the help of seven sub seven root kit.
The attacker can also turn on the installed web cam without the knowledge of the
victim.
Hybrids:
The dangerous types of software attacks that can the features of the different
characteristic described above are hybrid. It is malicious code that resides in live
memory and can spread to without the help of the user. Fighting malicious code is a
type of hybrid that it spread throughout the network through worm’s propagation
method.

Scanner:
There are different types of scanners. Different scanners are used to serve different
purposes such as looking for open ports and to ping the presence of machine. The
scanners are always used to elicit the different information about the type and
different versions of services that are running. Other types of scanner are specialized
in looking for vulnerability of particular type of service.
Hackers
This is a type of software attack that allows an individual to directly attack a system
that has already been exploited by an automated tool. They can break password to
interfere with the software. These types of software attacks that are rare as compared
to the software attacks that have been mentioned above.
Hardware attacks:
One of the main consequences of the world economic crisis was budget cuts for
manufacturing and security validation, in both public and private sectors.
Unfortunately, the cost is considered the factor that most influences the final choice
for buyers. This led to the decline in the use of authorized resellers.
Orders today are usually made directly to manufacturers located in the Far East due to
cheaper production costs. Those areas are considered to be conflicting because their
governments are responsible for the majority of cyber attacks against western
companies.
The risk of acquiring hardware components with a backdoor is concrete. Asian

governments aren’t exclusively accused of stealthily designing backdoors. Recently,
Edward Snowden revealed that the NSA requested that the US manufacture to plant a
backdoors in exported products.
Malicious hardware modifications from insiders represent a serious threat. System

complexity, the large number of designers and engineers involved in every project
and the delocalization of production in risky countries due to low cost poses a security
threat.
A malicious individual could alter a small component in the overall system for
espionage or sabotage. Such attacks can be especially devastating in security-critical
industries, such as the military.
The introduction of hardware Trojans could happen in each phase of the supply chain,
depending on the methods adopted by attackers and on the technology used for
hacking.
Common hardware attacks include:

Manufacturing backdoors, for malware or other penetrative purposes; backdoors
aren’t limited to software and hardware, but they also affect embedded radio-
frequency identification (RFID) chips and memory
Eavesdropping by gaining access to protected memory without opening other

hardware
Inducing faults, causing the interruption of normal behavior
Hardware modification tampering with invasive operations; hardware or jailbroken

software
Backdoor creation; the presence of hidden methods for bypassing normal computer
authentication systems
Counterfeiting product assets that can produce extraordinary operations, and those
made to gain malicious access to systems
Hardware attacks pertain to the following devices:
Access control systems such as authentication tokens
Network appliances
Industrial control systems
Surveillance systems
Components of communication infrastructure
Attackers could also act at lower levels to affect the work of microcircuits,
fundamental components of any electronic device. Recently researchers have explored
the possibility of modifying hardware behavior by managing the concentration of
dopant in electronic components or altering its polarity.
Ticking time bombs– An attacker could program a time bomb backdoor into HDL
code that automatically triggers backdoors after a pre-determined fixed amount of
time after the power-on of a device. A device could be forced to crash or operate
maliciously after a determined number of clock cycles. It’s clear that this type of
attack could be very dangerous. An attacker could design a kill switch function that
could be undetectable by any validation methods.
Cheat codes– An attacker could program backdoor triggers based on specific input
data, otherwise known as “cheat codes.” A “cheat code” is secret data that the attacker
uses to identify themselves to hardware backdoor logic. It’ll then initiate a malicious
operation mode. Of course, the code must be unique to avoid being accidentally
provided during validation tests. As opposed to time bombs, this kind of backdoor

needs a second attack vector, the “cheat code.” The attacker could provide “cheat
codes” which send a single data value containing the entire code (single-shot “cheat
codes”) or a large cheat code in multiple pieces (sequential “cheat codes.”)
Hardware attacks aren’t exclusive to state-sponsored operations. Criminal

organizations could be interested to commercialize counterfeiting products or steal
sensitive information to resell. Asian countries are the main areas where
manufacturers have production plants. But cheap production costs could hide serious
threats. The main motivations of hardware attacks are:
Hardware cloning
Breaking services, obtaining them with piracy
Imitating user authentication for system access
Information leakage
Unlocking devices, to gain access to an internal shell or to increase control of a

system
Unlocking hidden features
Spectrum of attacks:
Types of spectrum
Anxiety, stress, and dissociation. Several types of spectrum are in use in these areas.
Obsessions and compulsions. An obsessive–compulsive spectrum – this can include a

wide range of disorders .
General developmental disorders. An autistic spectrum – in its simplest form this

joins together autism and Asperger.
Psychosis. The schizophrenia spectrum or psychotic spectrum – there are numerous

psychotic spectrum disorders
Taxonomy of various attacks:
The purpose of the Cyber Attacks section is to provide a general overview

regarding cyber attacks, and to show some pragmatic ways to classify them and
organize them via taxonomies.
Cyber attack: An offensive action by a malicious actor that is intended to undermine

the functions of networked computers and their related resources, including

unauthorized access, unapproved changes, and malicious destruction. Examples of
cyber attacks include Distributed Denial of Service (DDoS) and Man-in-the-
Middle (MITM) attacks.
The terms cyber attack, cyber threat, and cyber risk are interrelated as follows. A
cyber attack is an offensive action, whereas a cyber threat is the possibility that a
particular attack may occur, and the cyber risk associated with the subject threat
estimates the probability of potential losses that may result.
For example, a Distributed Denial of Service (DDoS) cyber attack by a botnet is

a cyber threat for many enterprises with online retail websites, where the
associated cyber risk is a function of lost revenues due to website downtime and the
probability that a DDoS cyber attack will occur.
Cyber Attack Malware Taxonomy
MALW REQU SELF- APPEAR CAN CAN CAN

ARE IRES SPREA S CARR COMM ATTAC
TYPE HOST DING? LEGITI Y O K OS
FILE MATE HARM WITH KERNE
TO (HARML FUL COMM L &
INFEC ESS)? PAYL AND & FIRMW
T? OAD? CONT ARE?
ROL
SERVE
R?
Virus A A N/A A N/A A
Worm A A N/A A N/A A
Trojan A A A A N/A A
Bots/Botne N/A N/A N/A A A A

t
Spyware A A N/A A A A
Rootkit N/A N/A N/A A N/A A
Blended A A A A A A
Threat

IP spoofing:
IP spoofing is the creation of Internet Protocol (IP) packets which have a modified
source address in order to either hide the identity of the sender, to impersonate
another computer system, or both. It is a technique often used by bad actors to
invoke DDoS attacks against a target device or the surrounding infrastructure.
Sending and receiving IP packets is a primary way in which networked computers and
other devices communicate, and constitutes the basis of the modern internet. All IP
packets contain a header which precedes the body of the packet and contains
important routing information, including the source address. In a normal packet, the
source IP address is the address of the sender of the packet. If the packet has been
spoofed, the source address will be forged.
IP Spoofing is analogous to an attacker sending a package to someone with the wrong

return address listed. If the person receiving the package wants to stop the sender
from sending packages, blocking all packages from the bogus address will do little
good, as the return address is easily changed. Relatedly, if the receiver wants to
respond to the return address, their response package will go somewhere other than to
the real sender. The ability to spoof the addresses of packets is a core vulnerability
exploited by many DDoS attacks.
DDoS attacks will often utilize spoofing with a goal of overwhelming a target with
traffic while masking the identity of the malicious source, preventing mitigation
efforts. If the source IP address is falsified and continuously randomized, blocking
malicious requests becomes difficult. IP spoofing also makes it tough for law
enforcement and cyber security teams to track down the perpetrator of the attack.
spoofing is also used to masquerade as another device so that responses are sent to
that targeted device instead. Volumetric attacks such as NTP Amplification and DNS
amplification make use of this vulnerability. The ability to modify the source IP is
inherent to the design of TCP/IP, making it an ongoing security concern.
Tangential to DDoS attacks, spoofing can also be done with the aim of masquerading
as another device in order to sidestep authentication and gain access to or “hijack” a
user’s session.
To protect against IP spoofing (packet filtering):
While IP spoofing can’t be prevented, measures can be taken to stop spoofed packets
from infiltrating a network. A very common defense against spoofing is ingress
filtering, outlined in BCP38 (a Best Common Practice document). Ingress filtering is
a form of packet filtering usually implemented on a network edge device which
examines incoming IP packets and looks at their source headers. If the source headers
on those packets don’t match their origin or they otherwise look fishy, the packets are
rejected. Some networks will also implement egress filtering, which looks at IP
packets exiting the network, ensuring that those packets have legitimate source

headers to prevent someone within the network from launching an outbound
malicious attack using IP spoofing.
Methods of Defense:
The legal and ethical restrictions on computer-based crime. But unfortunately,

computer crime is certain to continue for the foreseeable future. For this reason, we
must look carefully at controls for preserving confidentiality, integrity, and
availability. Sometimes these controls can prevent or mitigate attacks; other, less
powerful methods can only inform us that security has been compromised, by
detecting a breach as it happens or after it occurs.
Harm occurs when a threat is realized against vulnerability. To protect against harm,
then, we can neutralize the threat, close the vulnerability, or both. The possibility for
harm to occur is called risk. We can deal with harm in several ways. We can seek to
prevent it, by blocking the attack or closing the vulnerability
deter it, by making the attack harder but not impossible
deflect it, by making another target more attractive (or this one less so)
detect it, either as it happens or some time after the fact
recover from its effects
Security Models:
The Cyber Security Model (CSM) is part of the Defence Cyber Protection Partnership
(DCPP) which was set up by the Ministry of Defence (MOD) to manage and
strengthen cyber security for the defence sector and its suppliers.
The model, which is a joint initiative between the MOD and industry, is in place to
ensure that suppliers to the MOD are managing their cyber security risk appropriately,
and that they are capable of protecting the MOD’s sensitive information.
The CSM is also the DCPP’s response to the task of designing an appropriate and
proportionate set of controls to build on the Government’s Cyber Essentials scheme.
Since January 2016, all suppliers dealing with contracts which include sensitive,
MOD-identifiable information must be Cyber Essentials certified as a minimum.
However, some contracts carry an additional risk and require stricter security controls
to be in place. The MOD felt that the Cyber Essentials scheme did not represent a
broad enough degree of security because it only covered five major security controls
and did not include wider aspects of cyber security such as governance and risk
management, and this is why the CSM was introduced.

The Cyber Security Model Work
The Cyber Security Model is a three-stage process.
The first stage of the process is a cyber risk assessment of your organisation’s
security. This is based on a questionnaire which will determine the level of risk and
the complexity of the project.
The second stage of the assessment involves the contracting authority deciding on the
appropriate level of cyber risk for a contract, and the supplier implementing the
relevant controls to meet this level.
The third stage is a supplier assurance questionnaire, a self-assessment questionnaire

which enables a supplier to demonstrate that they have the ability to meet the
requirements needed for the contract.
Risk management:
Cyber Security Risk Management
Risk management refers to the process of identifying, assessing, and controlling

threats to a company’s finances. These risks or threats could come from a number of
sources including legal liabilities, strategic management mistakes, accidents, and
natural disasters. As we move toward an increasingly digital way of life, cyber
security introduces additional risks that have to be managed appropriately.
It’s possible to invest in various types of insurance to protect physical assets from
losses, but digital data isn’t tangible – and therefore isn’t covered under these kinds of
policies.
Cyber security risk management relies on user education, strategy, and technology to
protect an organization against attacks that could compromise systems, allow data to
be stolen, and ultimately damage the company’s reputation. The rate of cyber attacks
continues to grow both in terms of volume and severity. As such, businesses who
want to protect themselves to the best of their ability must begin focusing efforts on
cyber security risk management.
Cybersecurity Risk Management Process
You want to begin the process by starting with a cyber security framework that’s been
developed from each area of your business to determine what your desired risk
posture should be.
It’s a good idea to use technology that can help you find an app data across the
organization. Once the data is mapped, you’ll be able to make better decisions on how
the data is governed and reduce your risk. For instance, even with training and strong

security culture, it’s possible for sensitive information to leave a company by
accident. Leaving data stored in hidden rows across spreadsheets or included in notes
within employee presentations or email threads leave your room for accidental data
leakage. By scanning the company for sensitive data at rest and then removing any of
that data stored where it does not belong, you greatly reduce the risk of accidental
data loss.
Use the Community Maturity Model
Initial
This is the starting point for using a new or undocumented repeat process.
Repeatable
At this stage, the process is documented well enough that repeating the same steps can
be attempted.
Defined
At this level, the process has been defined and is confirmed as a standard business
process.
Managed
At this level, the process is quantitatively managed according to the agreed-upon

metrics.
Optimizing
At the final stage, the process management process includes deliver it action to
optimize and improve it.
Once you’ve determined the desired risk posture, take a look at your existing
technology infrastructure to set the baseline for the current risk posture, then
determine what must be done to move from the current state to the desired state.
As long as your organization is taking proactive steps to understand all the potential
risks, you decrease the likelihood of running into a security incident that could hurt
the company.
A vital part of the risk management process is to conduct a risk and reward
calculation. This helps prioritize security enhancements that will give you the greatest
improvements at the lowest cost. Some companies may be comfortable with 99% of
all security upgrades being made but others especially those in highly regulated
industries, will want to be closer to 100%. Because of this, there should be
incremental steps and goals such as a 5% Improvement achieved within 6 months,
that can be measured to determine if the company is making progress toward its final
goal.

That said, even small security vulnerabilities can lead to massive losses if systems are
connected in a way that allows access to an unimportant area to bridge entry into
systems that contain sensitive data.
The only way to ensure a system is fully secure is to make sure no one can access it –
which isn’t practical. The more you lock down a system, the harder it becomes for
authorized personnel to conduct business as usual. If authorized users determine they
cannot access the data they need to perform their jobs, they may look for workarounds
that could easily result in compromised systems.
Mitigating Security Risks
So you will never be able to eliminate all cyber threats and security risks, there are a
number of precautions you can take to mitigate risks when it comes to cybersecurity.
Among these are the option to:
Limit devices with internet access
Limit the number of staff members with administrator credentials and control the
rights for each administrator
Limit administrative rights
Use antivirus programs and endpoint security
Require users to implement two-factor authentication to gain access to certain files

and systems
Install network access controls
Allow automatic updates and patches for operating systems
Place limits on older operating systems
Use firewalls
To take risk mitigation a step further, your organization may also want to consider
advanced encryption, redaction, an element level security. Advanced encryption has
to be implemented systematically and strategically to protect data from cybercriminals
and insider threats. This includes standards-based cryptography, advanced key
management, granular role-based access and separation of duties, and algorithms that
drastically decrease exposure.
Data encryption can help protect against outside breaches, but it doesn’t do much to
prevent internal data theft. Employees with access to sensitive data will have the
credentials needed to decrypt it as part of their daily work, so organizations must also
take action to prevent that data from being removed from the corporate system
through flash drives and other removable media.

Redaction creates a balance between data protection and the ability to share it. With
redaction, companies can share the information they need to share with minimal effort
by hiding sensitive information such as names, social security numbers, addresses,
and more.
Redaction is an important part of data security, but companies need to be able to do it

at the property level based on employee roles. Companies also need to be able to
implement custom and out of the box rules as necessary. With Purchase Control, user
permission can be controlled at a highly granular level should go a long way toward
preventing accounts payable fraud.
Cyber Threats:
A cyber or cyber security threat is a malicious act that seeks to damage data, steal
data, or disrupt digital life in general. Cyber attacks include threats like computer
viruses, data breaches, and Denial of Service (DoS) attacks.
Cyber Warfare:
Cyber warfare is the use of technology to attack a nation, causing comparable harm to
actual warfare. There is significant debate among experts regarding the definition of
cyber warfare, and even if such a thing exists.One view is that the term 'cyberwarfare'
is a misnomer, since no offensive cyber actions to date could be described as 'war'. An
alternative view is that 'cyberwarfare' is a suitable label for cyber attacks which cause
physical damage to people and objects in the real world. Cyber warfare refers to the
use of digital attacks -- like computer viruses and hacking -- by one country to disrupt
the vital computer systems of another, with the aim of creating damage, death and
destruction.
Cybercrime:
computer-oriented crime, is a crime that involves a computer and a network. The

computer may have been used in the commission of a crime, or it may be the
target. Cybercrime may threaten a person or a nation's security and financial health.
Cyber terrorism:
Cyber-terrorism is “the use of computer network tools to shut down critical national
infrastructures (such as energy, transportation, government operations) or to coerce or
intimidate a government or civilian population.” The premise of cyber terrorism is
that as nations and critical infrastructure.

Center for the Study of Terrorism and Irregular Warfare at the Naval Postgraduate
School in Monterey, California, cyber terrorism capabilities can be group
into three main categories; “simple- unstructured”, “advance-structured” and
“complex-coordinated” [4].
Cyber Espionage:
Cyber spying, or cyber espionage, is the act or practice of obtaining secrets and
information without the permission and knowledge of the holder of the information
from individuals, competitors, rivals, groups, governments and enemies for personal,
economic, political or military advantage using methods on the Internet networks or
individual computers through the use of proxy servers, cracking techniques
and malicious software including Trojan horses and spyware. It may wholly be
perpetrated online from computer desks of professionals on bases in far away
countries or may involve infiltration at home by computer trained
conventional spies and moles or in other cases may be the criminal handiwork
of amateur malicious hackers and software programmers.
Comprehensive Cyber Security Policy:
Cyber security has become an integral aspect of national security. Its area of influence
extends far beyond military domains to cover all aspects of a nation’s governance,
institutions, and business establishments; in effect, every citizen who walks the
streets. The author defines its overwhelming possible damage to a targeted nation and
its populace and analyses our preparedness status.
National security today is far more comprehensive than understood in its narrow
military terms. There are more players in its architecture now than what existed 20
years ago. The existence of two major fault lines in our current system has contributed
to slow development in the understanding of national security interests and objectives.
The first refers to our institutions of governance which are based on sector-specific
knowledge and management systems and these are unable to collaborate in delivering
multi-disciplinary and multi-sectoral responses to evolving national or international
situations. The second is the inability or failure to increase salience across the
spectrum, which is not amenable to national and regional situations referred above.
It’s an opportune moment to end the “silo” mentality and create trans-sectoral
synergies in all areas of activities.
The need for a competent cyber security infrastructure as part of the national security
policy cannot be overemphasized. The Kargil Review Committee (KRC), India’s
first-ever political review of national security management, laid the foundation and
brought to the table several areas of concern, future threats and rightly identified
cyberspace as a main challenge.

The National Cyber Security Policy (2013) (NCSP) was a major step in the direction
to prepare India to address the threats and challenges in cyberspace. Its
recommendations were comprehensive and designed to be covered over a period of 10
years. There is a considerable gap in its vision and results. The proposed policy will
no doubt examine the shortcomings of its predecessor and also create solutions for the
future. Fortunately, the National Telecom Policy – 2013 (NTP-2013) came at the
right time so as to create a road map and its successor NTP-2018 aids in progressing
in the right direction. Both NSCP and NTP will have to effectively coalesce to make a
comprehensive policy for 2030.
The challenges today are many such as growing Chinese influence in Indian telecom
space, threats from other inimical institutions both inside and outside the country, a
social media that is becoming a powerful tool for dissemination of “information”
making it difficult to sift fact from fiction, fake news, disinformation and
misinformation and daily attacks on critical information infrastructure. There are
other vulnerabilities that need to flagged and acted upon.
In my professional view, the following three should be considered for next
NCSP: Create Awareness
India has to create awareness about the perils existing in cyberspace and that not a
single person or institution is immune to it. Today, there are three branches of society
namely the Government, Corporate and Civil society that rely on digital
communication for a variety of purposes. Creation of Awareness is, therefore, the first
line of defence. More needs to be done to create awareness within the government,
corporate world and civil society. It cannot be a top-down activity but a bottom-up
methodology. While government and the corporate world are better placed perhaps to
create their own programs, it is the civil society at large comprising of housewives,
small-time businesses, self-employed entrepreneurs, student community and others
who need to bring into this ambit. Government and corporates should help bridge this
gap as a major responsibility.
Even in the government and corporate world, there is a major and urgent need to
create awareness not only of cybersecurity but also national security.
There is a compelling case for the study of national security in all government
institutions and cyber security must remain at its centre at all times. Each
ministry/department will, therefore, need to create specific verticals for this purpose
to educate lower bureaucracy and middle-level managers on the subject. This,
importantly, has to be done at entry levels.
Further, in the case of the corporate sector and allied business activity, the
government should advise them to create cyber security cells to manage digital
security/information security. This is important as more and more private sector
research and technology is being inducted into the government sector, therefore,

calling for better safety and security. A large firm with over 5000 crore turnover
having dealings with the government should have a full-time CISO and dedicated
personnel. Lesser enterprises too should look for the creation of cells for the purpose.
The Ministry of Corporate Affairs, Ministry of Skill Development, Ministry of
Communications and Ministry of Commerce should be nodal agencies to help create
the necessary infrastructure with the assistance of Indian technology leaders.
State governments are first responders to any threat to public safety, security and
stability. This responsibility is executed through the State Police forces. Why only the
State Police Forces? The other departments of the state governments also require to be
made aware of the threats and challenges. The threats from cyber space also must
attract the attention of state governments. The need for cyber awareness must become
important in this sector, as well.
Awareness is necessary for the banking sector, stock exchanges, financial institutions,
manufacturing sector and others relying heavily on digital communications.
India’s public sector broadcasters should be drawn into efforts to give wide publicity
to cyber threats and advise to the layman on observing cyber hygiene. This campaign
should be undertaken by Prasar Bharati and its major platforms Doordarshan and All
India Radio. Private media houses too must undertake this exercise as a corporate
social responsibility.

UNIT-II
Cyberspace and the Law & Cyber Forensics
Introduction:
Cyberspace is the electronic medium of computer networks, in which online

communication takes place.
The term “cyberspace” stands for the global network of interdependent information
technology infrastructures, telecommunications networks and computer processing
systems.
Cyberspace is the “place” where a telephone conversation appears to occur. Not

inside your actual phone, the plastic device on your desk.
Cybersecurity denotes the technologies and procedures intended to safeguard

computers, networks, and data from unlawful admittance, weaknesses, and attacks
transported through the Internet by cyber delinquents.
ISO 27001 (ISO27001) is the international Cybersecurity Standard that delivers a

model for creating, applying, functioning, monitoring, reviewing, preserving, and
improving an Information Security Management System.
The Ministry of Communication and Information Technology under the government

of India provides a strategy outline called the National Cybersecurity Policy. The
purpose of this government body is to protect the public and private infrastructure
from cyber-attacks.
Cyber security Laws:
The cybersecurity policy is a developing mission that caters to the entire field of
Information and Communication Technology (ICT) users and providers. It includes −
Home users
Small, medium, and large Enterprises
Government and non-government
entities
It serves as an authority framework that defines and guides the activities associated
with the security of cyberspace. It allows all sectors and organizations in designing
suitable cybersecurity policies to meet their requirements. The policy provides an
outline to effectively protect information, information systems and networks.
It gives an understanding into the Government’s approach and strategy for security of
cyber space in the country. It also sketches some pointers to allow collaborative
working across the public and private sectors to safeguard information and
information systems. Therefore, the aim of this policy is to create a cybersecurity
framework, which leads to detailed actions and programs to increase the security
carriage of cyberspace.
Cyber Crime
The Information Technology Act 2000 or any legislation in the Country does not
describe or mention the term Cyber Crime. It can be globally considered as the
gloomier face of technology. The only difference between a traditional crime and a
cyber-crime is that the cyber-crime involves in a crime related to computers. Let us
see the following example to understand it better −
Traditional Theft − A thief breaks into Ram’s house and steals an object kept in the
house.
Hacking − A Cyber Criminal/Hacker sitting in his own house, through his computer,
hacks the computer of Ram and steals the data saved in Ram’s computer without
physically touching the computer or entering in Ram’s house.
The I.T. Act, 2000 defines the terms −
access in computer network in section 2(a)
computer in section 2(i)
computer network in section (2j)
data in section 2(0)
information in section 2(v).
To understand the concept of Cyber Crime, you should know these laws. The object
of offence or target in a cyber-crime are either the computer or the data stored in the
computer.
Nature of Threat
Among the most serious challenges of the 21st century are the prevailing and possible
threats in the sphere of cybersecurity. Threats originate from all kinds of sources, and
mark themselves in disruptive activities that target individuals, businesses, national
infrastructures, and governments alike. The effects of these threats transmit significant
risk for the following −
public safety
security of nations
stability of the globally linked international community

Malicious use of information technology can easily be concealed. It is difficult to
determine the origin or the identity of the criminal. Even the motivation for the
disruption is not an easy task to find out. Criminals of these activities can only be
worked out from the target, the effect, or other circumstantial evidence. Threat actors
can operate with considerable freedom from virtually anywhere. The motives for
disruption can be anything such as −
simply demonstrating technical
prowess theft of money or information
extension of state conflict, etc.
Criminals, terrorists, and sometimes the State themselves act as the source of these
threats. Criminals and hackers use different kinds of malicious tools and approaches.
With the criminal activities taking new shapes every day, the possibility for harmful
actions propagates.
Cyber Forensics:
The process of gathering and documenting proof from a computer or a computing

device in a form presentable to the court by applying the techniques of investigation
and analysis is called Cyber Forensics. Cyber Forensics is also called Computer
Forensics. The aim of cyber forensics is to determine who is responsible for what
exactly happened on the computer while documenting the evidence and performing a
proper investigation. The storage media of the device under investigation is made into
a digital copy by the investigators and the investigation is performed on the digital
copy while making sure the device under investigation is not contaminated
accidentally.
Need for Cyber Forensics:
Cyber Forensics is needed for the investigation of crime and law enforcement. There
are cases like hacking and denial of service (DOS) attacks where the computer system
is the crime scene. The proof of the crime will be present in the computer system. The
proofs can be browsing history, emails, documents, etc. These proofs on the computer
system alone can be used as evidence in the court of law to sort out allegations or to
protect the innocent people from charges.
How do Cyber Forensics Experts Work?
1. Copying the hard drive of the system under investigation: Copying or imaging the
hard drive means making a copy of the files and folders present on the hard drive. The
replica of the drive is created on another drive-by copying every bit of data on the
drive from the system under investigation.

2. Verification of the copied data: After the data is copied from the hard drive of the
system under investigation to another hard drive, the forensic experts make sure if the
copied data is exactly the same as the original data.
3. Ensuring the copied data is forensically sound: Based on the operating system used
in the computer, the data written to the hard drive is in a format compatible with the
operating system. Hence the forensic experts must make sure the data while being
copied from the drive of the system under investigation into another drive is not
altered in any way. That is, the data is copied using a write-blocking device in a
forensically sound manner.
4. Deleted files recovery: The files deleted by the user on the computer can be
recovered by forensic experts. The files are not deleted permanently by the computer
and forensic experts know how to recover the deleted files.
5. Finding data in free space: The operating system sees the free space in the hard
drive as space available to store the new files and folders but temporary files and files
that were deleted years ago are stored here until the time new data is written into the
free space. Forensic experts search through this free space to recreate those files.
6. Performing keyword search: Forensic experts make use of software that can go
through the entire data for the given keywords and output the relevant data.
7. The technical report: The technical report must be an easy to understand document
for anyone irrespective of the background. It should mainly focus on what is the
offense, who is the offender and how did he commit the crime along with all the
technicalities.
Advantages
Similar types of data and relevant data can be compared from different source systems
to get a complete understanding of the scenario.
Those data over a period that is relevant can be made trending using cyber forensics.
The entire data can be scanned to identify and extract specific risks for future
analysis.
The efficiency of the control environment and policies can be tested by determining
the attributes that violate the rules.
Cyber forensics is used to set the trends of identification which the company people,
consultants and forensic analysts are not aware of.
Cyber Security Regulations:
A cybersecurity regulation comprises directives that safeguard information

technology and computer systems with the purpose of forcing companies and

organizations to protect their systems and information
from cyberattacks like viruses, worms, Trojan horses, phishing, denial of service
(DOS) attacks, unauthorized access (stealing intellectual property or confidential
information) and control system attacks. There are numerous measures available to
prevent cyberattacks.
Cybersecurity measures include firewalls, anti-virus software, intrusion

detection and prevention systems, encryption, and login passwords. There have been
attempts to improve cybersecurity through regulation and collaborative efforts
between the government and the private sector to encourage voluntary improvements
to cybersecurity. Industry regulators, including banking regulators, have taken notice
of the risk from cybersecurity and have either begun or planned to begin to include
cybersecurity as an aspect of regulatory examinations.
Roles of International Laws:
basic types of international law: a) “Treaty Law”: formal agreements among states to
be legally bound b) “Customary International Law”: general & consistent practice
followed out of a sense of obligation • Change in international law is generally slow
but technology is changing fast
The INDIAN Cyberspace:
Indian cyberspace was born in 1975 with the establishment of National Informatics
Centre (NIC) with an aim to provide govt with IT solutions. Three networks (NWs)
were set up between 1986 and 1988 to connect various agencies of govt. These NWs
were, INDONET which connected the IBM mainframe installations that made up
India’s computer infrastructure, NICNET (the NIC NW) a nationwide very small
aperture terminal (VSAT) NW for public sector organisations as well as to connect
the central govt with the state govts and district administrations, the third NW setup
was ERNET (the Education and Research Network), to serve the academic and
research communities.
National Cyber Security Policy:
The National Cyber Security Policy document outlines a roadmap to create a

framework for comprehensive, collaborative and collective response to deal with the
issue of cyber security at all levels within the country.
The need to protect information
National Cyber Security Policy 2013 should be seen as about protecting of

information, such as personal information, financial/banking information, sovereign
data etc.

Information empowers, and in order to empower people with information, we need
to secure the information/data.
There is a need to distinguish between data which can freely flow and data which
needs to be protected.
The “National Cyber Security Policy” has been prepared in consultation with all
relevant stakeholders, user entities and public.
This policy aims at facilitating the creation of secure computing environment and
enabling adequate trust and confidence in electronic transactions and also guiding
stakeholders actions for the protection of cyberspace.
The National Cyber Security Policy document outlines a roadmap to create a

framework for comprehensive, collaborative and collective response to deal with the
issue of cyber security at all levels within the country.
The policy recognises the need for objectives and strategies that need to be adopted
both at the national level as well as international level.
The objectives and strategies outlined in the National Cyber Security Policy
Articulate our concerns, understanding, priorities for action as well as directed
efforts.
Provide confidence and reasonable assurance to all stakeholders in the country

(Government, business, industry and the general public) and global community, about
the safety, resiliency and security of cyberspace.
Adopt a suitable posturing that can signal our resolve to make determined efforts to
effectively monitor, deter and deal with cyber crime and cyber attacks.
Introduction Historical background of Cyber forensics:
It is difficult to pinpoint when computer forensics history began. Most experts agree
that the field of computer forensics began to evolve more than 30 years ago. The field
began in the United States, in large part, when law enforcement and military
investigators started seeing criminals get technical. Government personnel charged
with protecting important, confidential, and certainly secret information conducted
forensic examinations in response to potential security breaches to not only
investigate the particular breach, but to learn how to prevent future potential breaches.
Ultimately, the fields of information security, which focuses on protecting
information and assets, and computer forensics, which focuses on the response to hi-
tech offenses, started to intertwine. Over the next decades, and up to today, the field
has exploded. Law enforcement and the military continue to have a large presence in
the information security and computer forensic field at the local, state, and federal
level. Private organizations and corporations have followed suit – employing internal
information security and computer forensic professionals or contracting such
professionals or firms on an as-needed basis. Significantly, the private legal industry
has more recently seen the need for computer forensic examinations in civil legal
disputes, causing an explosion in the e-discovery field.
The computer forensic field continues to grow on a daily basis. More and more large
forensic firms, boutique firms, and private investigators are gaining knowledge and
experience in the field. Software companies continue to produce newer and more
robust forensic software programs. And law enforcement and the military continue to
identify and train more and more of their personnel in the response to crimes
involving technology.
Digital Forensics Science:
They're the people who collect, process, preserve, and analyze computer-related
evidence. They help identify network vulnerabilities and then develop ways to
mitigate them. They go deep inside networks, computers, and smartphones in search
of evidence of criminal activity.
Digital Forensics in Cyber Security is Used
These days, anyone who uses the internet benefits from digital forensics in cyber
security. That's because any company that collects data from internet users employs
people who fight and investigate cybercrime.
Agencies and organizations have to be hyper-vigilant with the data they collect and
protect, so they are constantly testing their systems, looking for vulnerabilities and
aggressively pursuing the people who hack into networks in order to commit crimes.
Facebook, Twitter, Instagram, Homeland Security, the FBI, Target Corp., the
military, local and state law enforcement, and nearly every bank uses digital forensics
in cyber security to protect people using the internet.
Skills are Needed for Digital Forensics in Cyber Security
As you can imagine, not just anyone with a laptop and internet access can be a digital
forensics professional. It takes a lot of knowledge and plenty of skills, including:
a deep understanding of computers, technology across a broad spectrum, and

cybersecurity principles and practices,
a working knowledge of computers, networks, and
coding, in-depth investigative abilities,
critical-thinking skills and analytical talent
the ability to effectively communicate and work with a wide range of people

What makes the job so interesting is that sometimes the evidence is easily accessible,
but other times it's hidden deep within the computer or network. Often, it's been
deleted by the suspect. It's the job of the professionals to use their knowledge and
skills to find the evidence, where ever it may be hiding.
The Need for Computer Forensics:
Not only does computer forensics tell the tale of who took the files on the device, it
can also encompass a few systems or even a network. Network-size forensics tends to
focus on security, as in malware or firewall and ID logs.
“Oftentimes we’re identifying the machines that we’d like to look at. We’re going out
and acquiring those machines, whether they’re physical or VMs or cloud instances,
and making good decisions about what to collect,” Brian said. “There’s a real
tendency in the industry to over collect, especially in data breach situations.”
Why would a company want to collect this forensic data at all? Usually you have
some search parameters and target goals in mind for discovery. Plus, if you have
widespread malware, you don’t have to collect a hundred copies to run successful
analysis on it.
“It could be a very nuanced situation. They’re very fluid,” Brian said. “You have to
make good smart decisions as you’re going along. What’s going to give me the
biggest bang for the buck?”
Atlantic Data Forensics does a lot of intellectual property theft cases and employment
law cases.
IP Theft: Two engineers and a sales guy decided they could compete with their
current employer… and took some files with them before they left.
Employment: This could include wrongful termination, sexual harassment, hostile

workplace environment, and specious claims.
“In any state in the US, you have about three years after you’re terminated or left your
employer, where you can go back and sue them,” Brian said. Employment attorneys
usually wait about a year (long enough for a company to get rid of the computer and
accounts of a former employee).
Takeaway #1: When somebody leaves a high value proposition position, especially if
it ends in an unusual way, it’s not a bad idea to freeze those drives.
Cyber Forensics and Digital evidence:
Digital evidence is information stored or transmitted in binary form that may be relied
on in court. It can be found on a computer hard drive, a mobile phone, among other

place s. Digital evidence is commonly associated with electronic crime, or e-crime,
such as child pornography or credit card fraud. However, digital evidence is now used
to prosecute all types of crimes, not just e-crime. For example, suspects' e-mail or
mobile phone files might contain critical evidence regarding their intent, their
whereabouts at the time of a crime and their relationship with other suspects.In an
effort to fight e-crime and to collect relevant digital evidence for all crimes, law
enforcement agencies are incorporating the collection and analysis of digital evidence,
also known as computer forensics, into their infrastructure. Law enforcement agencies
are challenged by the need to train officers to collect digital evidence and keep up
with rapidly evolving technologies such as computer operating systems.
Forensics Analysis of Email:
E-mail has emerged as the most important application on Internet for communication
of messages, delivery of documents and carrying out of transactions and is used not
only from computers but many other electronic gadgets like mobile phones. Over a
period of year’s e-mail protocols have been secured through several security
extensions and producers, however, cybercriminals continue to misuse it for
illegitimate purposes by sending spam, phishing e-mails, distributing child
pornography, and hate emails besides propagating viruses, worms, hoaxes and Trojan
horses. Further, Internet infrastructure misuse through denial of service, waste of
storage space and computational resources are costing everyInternet user directly or
indirectly. It is thus essential to identify and eliminate users and machines misusing e-
mail service. E-mail forensic analysis is used to study the source and content of e-mail
message as evidence, identifying the actual sender, recipient and date and time it was
sent, etc. to collect credible evidence to bring criminals to justice. This paper is an
attempt to illustrate e-mail architecture from forensics perspective. It describes roles
and responsibilities of different e-mail actors and components, itemizes meta-data
contained in e-mail headers, and lists protocols and ports used in it. It further
describes various tools and techniques currently employed to carry out forensic
investigation of an e-mail message.
Digital Forensics Lifecycle:
There are many type of Cyber crimes taking place in the digital world, it is important
for the investigator to collect, analyze, store and present the evidence in such a
manner that court will believe in such digital evidences and give appropriate
punishment to the Cyber criminal.
The steps in a digital forensics follow an life cycle approach and consists of following
steps
Requirement Analysis – This preliminary step we should check our technological

feasibility. Then investigator has to determine how we can protect the stored data
from misuse and tampering that is known as chain of custody, that means investigator

has to prove that nobody has alter or tampered the evidential data after it has been
collected by him.
Retrieval of Data – It is most crucial to identify the source and destination media.
Generally the suspected computer or server storage is worked as a source media and
data available on that is taken on to the other media for further investigation. So the
investigator should has knowledge of different kind of storage devices, and how the
data of that storage device is taken in to own storage devices without loss and
alteration of the data, which can be further use as legal evidence in the court.
Reliability – It is also vital to determine that, how much authenticated the data is?
Therefore, the image we have created must be identical to original data. To check the
originality of the data we should create the hashes of original data before we create
the image. Immediately after creating the image, create the hash of image data. These
two hashes must be match and if they don’t match then it shows something wrong
happened with the imaging process and thus data is unreliable. That is suggested to
use any complex algorithm to build the hash of the data like MD5 or SHA-1, which is
very difficult to spoof.
Review of Evidence – After getting all the data from the suspected resources it is
most important things that how we get the data that can consider as evidence in the
court of law. We require proper chain of evidence that can’t be challenge from the
opposing party and that is only possible if all the evidence is relevant to the case.
After collecting the large set of information it is important to extract the evidence data
from media, therefore some tools like Forensic Tool Kit and EnCase are used for the
analysis of collected information from the suspected computer. For Linux
environment Coronor’s Toolkit is used for evidence collection and analysis. The
analysis of the physical media layer of abstraction, which translates a custom storage
layout and contents to a standard interface, IDE or SCSI for example. The boundary
layer is the bytes of the media. Examples include a hard disk, compact flash, and
memory chips. The analysis of this layer includes processing the custom layout and
even recovering deleted data after it has been overwritten
Representation of Evidence – Here due to lots of uncertainty in the validity and

acceptability in the digital evidence it is equally important to represent the evidence in
such a form that can be understood by the court. For many types of digital data
records or logging data for processes it is obvious that they can potentially be relevant
as digital evidence in the case of disputes. But sometimes court will not accept the
same data as valid evidence because of the improper representation of the digital
evidence.
Repository of Data – After the successful investigation it is also equally important

that how you can archive the data in repository for future use. First important thing is
to determine what are the data that can be useful for future use and how long we have
to store that data. So, in the legal procedure, the completed case may be re-open in

future or opponent may go for appeal or revision in the higher court. Since it is very
difficult to store all the data related to the case in the repository, investigator has to
find that; what are the important datasets that can be useful for the future use and only
those data is stored in the repository. Therefore, the removal of the data from the
repository are depend on the likelihood of the case will be appealed.
Forensics Investigation:
Computer forensics is the application of investigation and analysis techniques to

gather and preserve evidence from a particular computing device in a way that is
suitable for presentation in a court of law.
There are five critical steps in computer forensics, all of which contribute to a
thorough and revealing investigation.
Policy and Procedure Development.
Evidence Assessment.
Evidence Acquisition.
Evidence Examination.
Documenting and Reporting.
Policy and Procedure Development:
Whether related to malicious cyber activity, criminal conspiracy or the intent to

commit a crime, digital evidence can be delicate and highly sensitive. Cybersecurity
professionals understand the value of this information and respect the fact that it can
be easily compromised if not properly handled and protected. For this reason, it is
critical to establish and follow strict guidelines and procedures for activities related to
computer forensic investigations. Such procedures can include detailed instructions
about when computer forensics investigators are authorized to recover potential
digital evidence, how to properly prepare systems for evidence retrieval, where to
store any retrieved evidence, and how to document these activities to help ensure the
authenticity of the data.
Law enforcement agencies are becoming increasingly reliant on designated IT

departments, which are staffed by seasoned cybersecurity experts who determine
proper investigative protocols and develop rigorous training programs to ensure best
practices are followed in a responsible manner. In addition to establishing strict
procedures for forensic processes, cybersecurity divisions must also set forth rules of
governance for all other digital activity within an organization. This is essential to
protecting the data infrastructure of law enforcement agencies as well as other
organizations.

An integral part of the investigative policies and procedures for law enforcement
organizations that utilize computer forensic departments is the codification of a set of
explicitly-stated actions regarding what constitutes evidence, where to look for said
evidence and how to handle it once it has been retrieved. Prior to any digital
investigation, proper steps must be taken to determine the details of the case at hand,
as well as to understand all permissible investigative actions in relation to the case;
this involves reading case briefs, understanding warrants, and authorizations and
obtaining any permissions needed prior to pursuing the case.
Evidence Assessment:
A key component of the investigative process involves the assessment of potential

evidence in a cyber crime. Central to the effective processing of evidence is a clear
understanding of the details of the case at hand and thus, the classification of cyber
crime in question. For instance, if an agency seeks to prove that an individual has
committed crimes related to identity theft, computer forensics investigators use
sophisticated methods to sift through hard drives, email accounts, social networking
sites, and other digital archives to retrieve and assess any information that can serve
as viable evidence of the crime. This is, of course, true for other crimes, such as
engaging in online criminal behavior like posting fake products on eBay or Craigslist
intended to lure victims into sharing credit card information. Prior to conducting an
investigation, the investigator must define the types of evidence sought (including
specific platforms and data formats) and have a clear understanding of how to
preserve pertinent data. The investigator must then determine the source and integrity
of such data before entering it into evidence.
Evidence Acquisition:
Perhaps the most critical facet of successful computer forensic investigation is a

rigorous, detailed plan for acquiring evidence. Extensive documentation is needed
prior to, during, and after the acquisition process; detailed information must be
recorded and preserved, including all hardware and software specifications, any
systems used in the investigation process, and the systems being investigated. This
step is where policies related to preserving the integrity of potential evidence are most
applicable. General guidelines for preserving evidence include the physical removal
of storage devices, using controlled boot discs to retrieve sensitive data and ensure
functionality, and taking appropriate steps to copy and transfer evidence to the
investigator’s system.
Acquiring evidence must be accomplished in a manner both deliberate and legal.

Being able to document and authenticate the chain of evidence is crucial when
pursuing a court case, and this is especially true for computer forensics given the
complexity of most cybersecurity cases.
Evidence Examination:

In order to effectively investigate potential evidence, procedures must be in place for
retrieving, copying, and storing evidence within appropriate databases. Investigators
typically examine data from designated archives, using a variety of methods and
approaches to analyze information; these could include utilizing analysis software to
search massive archives of data for specific keywords or file types, as well as
procedures for retrieving files that have been recently deleted. Data tagged with times
and dates is particularly useful to investigators, as are suspicious files or programs
that have been encrypted or intentionally hidden.
Analyzing file names is also useful, as it can help determine when and where specific
data was created, downloaded, or uploaded and can help investigators connect files on
storage devices to online data transfers (such as cloud-based storage, email, or other
Internet communications). This can also work in reverse order, as file names usually
indicate the directory that houses them. Files located online or on other systems often
point to the specific server and computer from which they were uploaded, providing
investigators with clues as to where the system is located; matching online filenames
to a directory on a suspect’s hard drive is one way of verifying digital evidence. At
this stage, computer forensic investigators work in close collaboration with criminal
investigators, lawyers, and other qualified personnel to ensure a thorough
understanding of the nuances of the case, permissible investigative actions, and what
types of information can serve as evidence.
Documenting and Reporting:
In addition to fully documenting information related to hardware and software specs,

computer forensic investigators must keep an accurate record of all activity related to
the investigation, including all methods used for testing system functionality and
retrieving, copying, and storing data, as well as all actions taken to acquire, examine
and assess evidence. Not only does this demonstrate how the integrity of user data has
been preserved, but it also ensures proper policies and procedures have been adhered
to by all parties. As the purpose of the entire process is to acquire data that can be
presented as evidence in a court of law, an investigator’s failure to accurately
document his or her process could compromise the validity of that evidence and
ultimately, the case itself.
For computer forensic investigators, all actions related to a particular case should be
accounted for in a digital format and saved in properly designated archives. This helps
ensure the authenticity of any findings by allowing these cybersecurity experts to
show exactly when, where, and how evidence was recovered. It also allows experts to
confirm the validity of evidence by matching the investigator’s digitally recorded
documentation to dates and times when this data was accessed by potential suspects
via external sources.
Now more than ever, cybersecurity experts in this critical role are helping government
and law enforcement agencies, corporations and private entities improve their ability

to investigate various types of online criminal activity and face a growing array of
cyber threats head-on. IT professionals who lead computer forensic investigations are
tasked with determining specific cybersecurity needs and effectively allocating
resources to address cyber threats and pursue perpetrators of said same. A master’s
degree in cybersecurity has numerous practical applications that can endow IT
professionals with a strong grasp of computer forensics and practices for upholding
the chain of custody while documenting digital evidence. Individuals with the talent
and education to successfully manage computer forensic investigations may find
themselves in a highly advantageous position within a dynamic career field.
Challenges in Computer Forensics:
Six challenges that must be addressed if digital forensics efforts are to be effective in
combatting cyber crimes.
Special Techniques for Forensics Auditing:
A Forensic Audit is an examination of a company’s financial records to derive

evidence which can be used in a court of law or legal proceeding.

For example, Telemart, on the recommendation of its Chief Financial Officer (CFO),
entered into a contract with RJ Inc for the supply of carts. At the time, RJ Inc was not
authorized to conduct business, as its license was suspended due to certain
irregularities in taxes paid. The CFO had knowledge of this fact, but
still recommended that Telemart enter into a contract with RJ Inc because he was
secretly receiving compensation from RJ for doing so.
A forensic audit can reveal such cases of fraud.
Why is a forensic audit conducted?
Forensic audit investigations are made for several reasons, including the following:
Corruption
In a Forensic Audit, while investigating fraud, an auditor would look out for:
Conflicts of interest – When a fraudster uses his/her influence for personal gains
detrimental to the company. For example, if a manager allows and approves
inaccurate expenses of an employee with whom he has personal relations. Even
though the manager is not directly financially benefitted from this approval, he is
deemed likely to receive personal benefits after making such inappropriate approvals.
Bribery – As the name suggests, offering money to get things done or influence a
situation in one’s favor is bribery. For example, Telemith bribing an employee of
Technosmith company to provide certain data to aid Telesmith in preparing a tender
offer to Technosmith.
Extortion – If Technosmith demands money in order to award a contract to Telemith,

then that would amount to extortion.
Asset Misappropriation
This is the most common and prevalent form of fraud. Misappropriation of cash,
creating fake invoices, payments made to non-existing suppliers or employees, misuse
of assets, or theft of Inventory are a few examples of such asset misappropriation.
Financial statement fraud
Companies get into this type of fraud to try to show the company’s financial
performance as better than what it actually is. The goal of presenting fraudulent
numbers may be to improve liquidity, ensure top management continue receiving
bonuses, or to deal with pressure for market performance.

Some examples of the form that financial statement fraud takes are the intentional
forgery of accounting records, omitting transactions – either revenue or expenses,
non-disclosure of relevant details from the financial statements, or not applying the
requisite financial reporting standards.
Procedure for a forensic audit investigation
A forensic auditor is required to have special training in forensic audit techniques and
in the legalities of accounting issues.
A forensic audit has additional steps that need to be performed in addition to regular
audit procedures.
Plan the investigation – When the client hires a Forensic auditor, the auditor is
required to understand what the focus of the audit is. For example, the client might be
suspicious about possible fraud in terms of the quality of raw materials supplied. The
forensic auditor will plan their investigation to achieve objectives such as:
Identify what fraud, if any, is being carried out
Determine the time period during which the fraud has occurred
Discover how the fraud was concealed
Identify the perpetrators of the fraud
Quantify the loss suffered due to the fraud
Gather relevant evidence that is admissible in the court
Suggest measures that can prevent such frauds in the company in future
Collecting Evidence – By the conclusion of the audit, the forensic auditor is required
to understand the possible type of fraud that has been carried out and how it has been
committed. The evidence collected should be adequate enough to prove the identity of
the fraudster(s) in court, reveal the details of the fraud scheme, and document the
amount of financial loss suffered and the parties affected by the fraud.
A logical flow of evidence will help the court in understanding the fraud and the
evidence presented. Forensic auditors are required to take precautions to ensure that
documents and other evidence collected are not damaged or altered by anyone.
Common techniques used for collecting evidence in a forensic audit include the
following:
Substantive techniques – For example, doing a reconciliation, review of documents,

etc

Analytical procedures – Used to compare trends over a certain time period or to get
comparative data from different segments
Computer-assisted audit techniques – Computer software programs that can be used

to identify fraud
Understanding internal controls and testing them so as to understand the loopholes

which allowed the fraud to be perpetrated.
Interviewing the suspect(s)
Reporting – A report is required so that it can be presented to a client about the fraud.
The report should include the findings of the investigation, a summary of the
evidence, an explanation of how the fraud was perpetrated, and suggestions on how
internal controls can be improved to prevent such frauds in the future. The report
needs to be presented to a client so that they can proceed to file a legal case if they so
desire.
Court Proceedings – The forensic auditor needs to be present during court

proceedings to explain the evidence collected and how the suspect was identified.
They should simplify the complex accounting issues and explain in layman’s
language so that people who have no understanding of the accounting terms can still
understand the fraud that was carried out.

UNIT-III
Cybercrime: Mobile and Wireless Devices:
Introduction
Types of Wireless and Mobile Device Attacks
SMiShing :
Smishing become common now as smartphones are widely used. SMiShing uses
Short Message Service (SMS) to send fraud text messages or links. The criminals
cheat the user by calling. Victims may provide sensitive information such as credit
card information, account information, etc. Accessing a website might result in the
user unknowingly downloading malware that infects the device.
Wardriving :
War driving is a way used by attackers to find access points wherever they can be.
With the availability of free Wi-Fi connection, they can drive around and obtain a
very huge amount of information over a very short period of time.
WEPattack :
Wired Equivalent Privacy (WEP) is a security protocol that attempted to provide a
wireless local area network with the same level of security as a wired LAN. Since
physical security steps help to protect a wired LAN, WEP attempts to provide similar
protection for data transmitted over WLAN with encryption.
WEP uses a key for encryption. There is no provision for key management with
Wired Equivalent Privacy, so the number of people sharing the key will continually
grow. Since everyone is using the same key, the criminal has access to a large amount
of traffic for analytic attacks.
WPAattack :
Wi-Fi Protected Access (WPA) and then WPA2 came out as improved protocols to
replace WEP. WPA2 does not have the same encryption problems because an attacker

cannot recover the key by noticing traffic. WPA2 is susceptible to attack because
cyber criminals can analyze the packets going between the access point and an
authorized user.
Bluejacking :
Bluejacking is used for sending unauthorized messages to another Bluetooth device.
Bluetooth is a high-speed but very short-range wireless technology for exchanging
data between desktop and mobile computers and other devices.
Replayattacks :
In Replay attack an attacker spies on information being sent between a sender and a
receiver. Once the attacker has spied on the information, he or she can intercept it and
retransmit it again thus leading to some delay in data transmission. It is also known as
playback attack.
Bluesnarfing :
It occurs when the attacker copies the victim’s information from his device. An
attacker can access information such as the user’s calendar, contact list, e-mail and
text messages without leaving any evidence of the attack.
RFJamming :
Wireless signals are susceptible to electromagnetic interference and radio-frequency
interference. Radio frequency (RF) jamming distorts the transmission of a satellite
station so that the signal does not reach the receiving station.
Proliferation of Mobile and Wireless Devices:
The trend is for smaller devices and more processing power. A few years ago, the
choice was between a wireless phone and a simple PDA. Now the buyers have a
choice between high-end PDAs with integrated wireless modems and small phones
with wireless Web-browsing capabilities. A long list of options is available to the
mobile users. A simple hand-held mobile device provides enough computing power to
run small applications, play games and music, and make voice calls. A key driver for
the growth of mobile technology is the rapid growth of business solutions into hand-
held devices.
As the term "mobile device" includes many products. We first provide a clear
distinction among the key terms: mobile computing, wireless computing and hand-

held devices. Figure below helps us understand how these terms are related. Let us
understand the concept of mobile computing and the various types of devices.
Mobile computing is "taking a computer and all necessary files and software out into
the field." Many types of mobile computers have been introduced since 1990s. They
are as follows:
1. Portable computer: It is a general-purpose computer that can be easily moved from

one place to another, but cannot be used while in transit, usually because it requires
some "setting-up" and an AC power source.
2. Tablet PC: It lacks a keyboard, is shaped like a slate or a paper notebook and has
features of a touchscreen with a stylus and handwriting recognition software. Tablets
may not be best suited for applications requiring a physical keyboard for typing, but
are otherwise capable of carrying out most tasks that an ordinary laptop would be able
to perform.
3. Internet tablet: It is the Internet appliance in tablet form. Unlike a Tablet PC, the
Internet tablet does not have much computing power and its applications suite is
limited. Also it cannot replace a general-purpose computer. The Internet tablets
typically feature an MP3 and video player, a Web browser, a chat application and a
picture viewer.

4. Personal digital assistant (PDA): It is a small, usually pocket-sized, computer with
limited functionality. It is intended to supplement and synchronize with a desktop
computer, giving access to contacts, address book, notes, E-Mail and other features.5.
Ultramobile (PC): It is a full-featured, PDA-sized computer running a general-
purpose operating system (OS).
6. Smartphone: It is a PDA with an integrated cell phone functionality. Current

Smartphones have a wide range of features and installable applications.
7. Carputer: It is a computing device installed in an automobile. It operates as a

wireless computer, sound system, global positioning system (GPS) and DVD player.
It also contains word processing software and is Bluetooth compatible.
8. Fly Fusion Pentop computer: It is a computing device with the size and shape of a
pen. It functions as a writing utensil, MP3 player, language translator, digital storage
device and calculator.
Trends in Mobility:
Mobile computing is moving into a new era, third generation ( 3G), which promises
greater variety in applications and have highly improved usability as well as speedier
networking. "iPhone" from Apple and Google-led "Android" phones are the best

examples of this trend and there are plenty of other developments that point in this
direction. This smart mobile technology is rapidly gaining popularity and the attackers
(hackers and crackers) are among its biggest fans.
It is worth noting the trends in mobile computing; this will help readers to readers to
realize the seriousness of cybersecurity issues in the mobile computing domain.
Figure below shows the different types of mobility and their implications.
The new technology 3G networks are not entirely built with IP data security.
Moreover, IP data world when compared to voice-centric security threats is new to
mobile operators. There are numerous attacks that can be committed against mobile
networks and they can originate from two primary vectors. One is from outside the
mobile network - that is, public Internet, private networks and other operator's
networks - and the other is within the mobile networks- that is, devices such as data-
capable handsets and Smartphones, notebook computers or even desktop computers
connected to the 3G network.
Popular types of attacks against 3G mobile networks are as follows:
1. Malwares, viruses and worms: Although many users are still in the transient
process of switching from 2G,2.5G2G,2.5G to 3G,3G, it is a growing need to educate

the community people and provide awareness of such threats that exist while using
mobile devices. Here are few examples of malware(s) specific to mobile devices:
Skull Trojan: I targets Series 60 phones equipped with the Symbian mobile OS.
Cabir Worm: It is the first dedicated mobile-phone worm infects phones running on
Symbian OS and scans other mobile devices to send a copy of itself to the first
vulnerable phone it finds through Bluetooth Wireless technology. The worst thing
about this worm is that the source code for the Cabir-H and Cabir-I viruses is
available online.
Mosquito Trojan: It affects the Series 60 Smartphones and is a cracked version of

"Mosquitos" mobile phone game.
Brador Trojan: It affects the Windows CE OS by creating a svchost. exe file in the
Windows start-up folder which allows full control of the device. This executable file
is conductive to traditional worm propagation vector such as E-Mail file attachments.
Lasco Worm: It was released first in 2005 to target PDAs and mobile phones running
the Symbian OS. Lasco is based on Cabir's source code and replicates over Bluetooth
connection.
2. Denial-of-service (DoS): The main objective behind this attack is to make the
system unavailable to the intended users. Virus attacks can be used to damage the
system to make the system unavailable. Presently, one of the most common cyber
security threats to wired Internet service providers (iSPs) is a distributed denial-of-
service (DDos) attack .DDoS attacks are used to flood the target system with the data
so that the response from the target system is either slowed or stopped.
3. Overbilling attack: Overbilling involves an attacker hijacking a subscriber's IP

address and then using it (i.e., the connection) to initiate downloads that are not "Free
downloads" or simply use it for his/her own purposes. In either case, the legitimate
user is charged for the activity which the user did not conduct or authorize to conduct.
4. Spoofed policy development process (PDP): These of attacks exploit the

vulnerabilities in the GTP [General Packet Radio Service (GPRS) Tunneling
Protocol].
5. Signaling-level attacks: The Session Initiation Protocol (SIP) is a signaling protocol

used in IP multimedia subsystem (IMS) networks to provide Voice Over Internet
Protocol (VoIP) services. There are several vulnerabilities with SIP-based VolP
systems.
Credit card Frauds in Mobile and Wireless Computing Era:

These are new trends in cybercrime that are coming up with mobile computing -
mobile commerce (M-Commerce) and mobile banking (M-Banking). Credit card
frauds are now becoming commonplace given the ever-increasing power and the ever-
reducing prices of the mobile hand-held devices, factors that result in easy availability
of these gadgets to almost anyone. Mobile credit card transactions are now very
common; new technologies combine low-cost mobile phone technologies with the
capabilities of a point-of-sale (POS) terminal.
Today belongs to "mobile compüting," that is, anywhere anytime computing. The
developments in wireless technology have fuelled this new mode of working for
white collar workers. This is true for credit card processing too; wireless credit card
processing is a relatively new service that will allow a person to process credit cards
electronically, virtually anywhere. Wireless credit card processing is a very desirable
system, because it allows businesses to process transactions from mobile locations

quickly, efficiently and professionally. It is most often used by businesses that operate
mainly in a mobile environment. These businesses include mobile utility repair
service businesses, locksmiths, mobile windshield repair and others. Some upscale
restaurants are using wireless processing equipment for the security of their credit
card paying customers. Figure below shows the basic flow of transactions involved in
purchases done using credit cards. If Credit card companies, normally, do a good job
of helping consumers resolve identity (ID) they) theft problems once they occur. But
they of could reduce ID fraud even more if they give consumers better to monitor
their accounts and limit high-risk transactions.
There is a system available from an Australian company "Alacrity" called closed-loop

environment for for wireless (CLEW). Figure above shows the flow of events with

CLEW which is a registered trademark of Alacrity used here only to demonstrate the
flow in this environment.
As shown in Figure, the basic flow is as follows:
Merchant sends a transaction to bank
The bank transmits the request to the authorized cardholder
The cardholder approves or rejects (password protected)
The bank/merchant is notified
The credit card transaction is completed.
Security Challenges Posed by Mobile Devices:
Mobile device attacks can be split into 4 main categories:
OS Attacks: Loopholes in operating systems create vulnerabilities that are open to

attack. Vendors try to solve these with patches.
Mobile App Attacks: Poor coding and improper development creates loopholes and
compromises security.
Communication Network Attacks: Communications such as Bluetooth and Wi-Fi

connections make devices vulnerable.
Malware Attacks: There has been a constant rise in malware for mobile devices. The
focus is on deleting files and creating chaos.
These categories are a generalization of the various types of attacks and now we’ll
take a closer look into the types of issues that are currently plaguing mobiles. This is
not an exhaustive list by any means, but one will begin to understand just how at risk
mobile devices are.
1. Physical Security
Lookout Labs estimated that a mobile phone was lost in the USA every 3.5 seconds in
2011 – and that nearly all who found lost devices tried to access the information on
the phone. Now, I hope the “access” was an attempt to determine the owner, but who
knows? Even temporarily misplacing a phone can put sensitive data at risk.
2.Multiple User Logging
Mobile phones have come a long way, but they are still not versatile machines like
computers. Multiple users on mobile devices still have trouble in opening unique
protected accounts. Simply put, what one user does on a mobile device is hardly a

private affair. Customizable 3rd party solutions are available, but it’s much safer
when phones are not shared.
3. Secure Data Storage
Mobile phones need good file encrypting for strong security. After all, who wants
sensitive corporate data to end up in the wrong hands? Without the proper encryption,
not only are personal documents up for grabs, but also passwords to bank, credit card
and even business apps. Encrypting sensitive data ensures would-be thieves gain a
whole lot of nothing.
4.Mobile Browsing
Perhaps one of the best features of mobile devices is the ability to browse the web on
the go, but this also opens up the mobile phones to security risks. The problem is that
users cannot see the whole URL or link, much less verify whether the link or URL is
safe. That means that users could easily browse their way into a phishing-related
attack.
For a deeper look into mobile device security, check out the iPhone forensics course
offered by the InfoSec Institute.
5. Application Isolation
There are mobile applications for just about everything, from social networking to
banking. Before installing any app that comes your way, be sure to read the
application access request for permission agreement. This often overlooked agreement
contains valuable information regarding specific permissions on how the app is to
access your device.
Be mindful of what your application purports to do and what it is that it actually does.
Chances are a calculator application does not need access to the internet or your
personal information.
6. System Updates
People have a tendency to point fingers at mobile device vendors when it comes to
security mishaps, but they aren’t always to blame. Updates and patches designed to
fix issues in mobile devices are not quite as cut and dry as with PCs. Mobile devices
vendors often release updates and patches, but unfortunately carriers don’t always
stream them due to commercial or bureaucratic reasons.
7.Mobile Device Coding Issues
Sometimes developers make honest mistakes, inadvertently creating security

vulnerabilities via poor coding efforts. Many times there is bad implementation of
encrypted channels for data transmission or even improper password protection.

Ineffective development can lead to security weaknesses whether in PCs or mobile
phones.
8. Bluetooth Attacks
As easy as Bluetooth is to use, it can be just as easy for attackers to gain access to
one’s phone and everything stored within. It’s fairly simple for a hacker to run a
program to locate available Bluetooth connections and Bingo – they’re in. It’s
important to remember to disable the Bluetooth functionality when not in use.
9.Malware on the Rise
As is the case with computers, malware is rather damaging to mobile phones. The
news does not get any better either. 2014 is projected to be far worse, leaving industry
leaders and mobile device users no choice but to become proactive about mobile
protection. For example, take the Android malware incident in January which
impacted more than 600,000 phones.
10.Serious Threats in New Features
Newly added features and updates are serious risks too. The Neat Field
Communication, or NFC, technology is a prime example. NFC is designed to allow
people to use their mobile phones as a wallet to purchase products. Unfortunately, all
one needs to do to take over the mobile device is brush a NFC chip embedded tag
over the phone.
It should not come as a surprise that security is such a problem considering the wide
variety of mobile devices and smartphones available today. Every phone and mobile
OS has its own unique security issues and one should always take precaution,
especially as we are becoming increasingly dependent on our mobile devices.
Registry Settings for Mobile Devices:
Register mobile devices with the system
End users must register their devices with the system in order to be protected by it. To
assist with this, you can send an email message inviting them to register their mobile
devices.
Inviting users to register their
devices 1.Select General > Devices.
2. Click Register New Device (s).

3. Search for the user or user group of interest. These are pulled from your user
directory service.
4. Select the check box next to the users you want to register.
5. Click the right arrow (>) to move the selected end users into the right pane.
6. If you want to resend the email to selected users who have previously been sent a
device registration request, select the Resend email requests check box.

7. Select a policy to apply to the device when it is enrolled. (If you do not select a
policy here, the default policy is applied to the user or group). Click OK to send a
device registration request email message to the selected users.
Running the registration wizard (end users)
End users receive an email message prompting them to register their device or devices
with Mobile Security. The registration request message includes a link to start the
registration process.
Here is the procedure end users perform:
1. Open the invitation to register on their mobile device. If they don't receive corporate
email on their device, they can use Webmail or forward the message to a personal
account in order to access it. See knowledgebase article 6125 for best practices
handling this issue.
2. Click Start Registration.

3. Provide a user name and password when prompted. These are the end user's
network or cloud service

credentials.
4. Indicate whether the device is owned by the user or their organization. A personal
profile is applied to personal devices; and a corporate profile is applied to corporate
devices. You can change these settings later if desired.

5. Click Install.
The following iOS configuration profiles are deployed to the device:
Websense Mobile Email Profile – If enabled, contains information for defining email
accounts to install on the device.
Websense Mobile Exchange Profile – If enabled, contains information for defining

Microsoft Exchange ActiveSync accounts to install on the device.
Websense Mobile Wifi Profile – If enabled, contains information that allows user
devices to automatically connect to your wireless networks.
Websense VPN Profile – If enabled, contains information and certificates required to

establish a VPN connection to the cloud service server.

Websense Mobile Setting Profile – Contains mobile device manager policies that
secure the mobile device.
All installed profiles are shown in your iOS device

under Settings > General > Profiles.
Authentication service Security
There are two components of security in mobile computing: security of devices and
security in networks. 2. A secure network access involves mutual authentication
between the device and the base stations or Web servers. 3. Thisisto ensure that only
authenticated devices can be connected to the network for obtaining the requested
services. 4. No Malicious Code can impersonate the service provider to trick the
device into doing something it does not mean to. 5. Thus, the networks also play a
crucial role in security of mobile devices. Some eminent kinds of attacksto which
mobile devices are subjected to are: push attacks, pull attacks and crash attacks. 6.
Authentication services security is important given the typical attacks on mobile
devices through wireless networks: DoS attacks, traffic analysis, eavesdropping,
manin-the-middle attacks andsessionhijacking. 1. Cryptographic Security for Mobile
Devices We will discuss a technique known as cryptographically generated addresses

(CGA).CGAisInternet Protocol version 6 (IPv6) that addresses up to 64 address
bitsthat are generated by hashing owner’s public-key address. The address the owner
uses is the corresponding private keyto assert address ownership.
Fig: Push
attack on mobile devices. DDos implies distributed denial-of-service attack.
LDAP Security for Hand-Held Mobile Computing Devices
LDAP is a software protocol for enabling anyone to locate individuals, organizations

and other resources such as files and devices on the network (i.e., on the public
Internet or on the organization’s Intranet). In a network, a directory tells you where an
entity is located in the network.

Fig: Pull attack on mobile devices.
RAS Security for Mobile Devices
RAS is an important consideration for protecting the business-sensitive data that may
reside onthe employees’ mobile devices. In terms ofcyber security, mobile devices are
sensitive.
Media Player Control Security
Given the lifestyle of today’s young generation, it is quite common to expect them
embracing the mobile hand-held devices as a means for information access, remote
working and entertainment.
Music and video are the two important aspects in day-to-day aspects for the young
generation.
Given this, it is easy to appreciate how this can be a source for cyber security
breaches. Various leading software development organizations have been warning the
users about the potential security attacks on their mobile devices through the “music
gateways.”
There are many examples to show how a media player can turn out to be a source of
threat to information held on mobile devices.
For example, in the year 2002, Microsoft Corporation warned about this.
According to this news item, Microsoft had warned people that a series of flaws in its
Windows Media Player could allow a malicious hacker to hijack people’s computer
systems and perform a variety of actions.
According to this warning from Microsoft, in the most severe exploit of a flaw, a
hacker could take over a computer system and perform any task the computer’s owner
is allowed to do, such as opening files or accessing certain parts of a network.
Networking API Security for Mobile Computing Applications
With the advent of electronic commerce (E-Commerce) and its further o ff-shoot into
M- Commerce, online payments are becoming a common phenomenon with the
payment gateways accessed remotely and possibly wirelessly.
With the advent of Web services and their use in mobile computing applications
consideration.

Already, there are organizations announcing the development of various APIs to
enable software and hardware developers to write single applications that can be used
to target multiple securityplatforms present in a range of devices such as mobile
phones, portable media players, set-top boxes and home gateways.
Most of these developments are targeted specifically at securing a range of embedded

and consumer products, including those running OSs such as Linux, Symbian,
Microsoft Windows CE and Microsoft Windows Mobile (the last three are the most
commonly used OSs for mobile devices).
Technological developments such as these provide the ability to significantly improve

cyber security of a wide range of consumer as well as mobile devices.
Providing a common software framework, APIs will become an important enabler of

new and higher value services.
Attacks on Mobile/Cell Phones:
Mobile Phone Theft
Mobile phones have become an integral part of ever body’s life and the mobile phone
has transformed from being a luxury to a bare necessity.
Increase in the purchasing power and availability of numerous low cost handsets have
also lead to an increase in mobile phone users.
Theft of mobile phones has risen dramatically over the past few years.
Many Insurance Companies have stopped offering Mobile Theft Insurance due to a
large number of false claims.
The following factors contribute for outbreaks on mobile devices
Enough target terminals: The first Palm OS virus was seen after the number of Palm
OS devices reached 15 million. The first instance of a mobile virus was observed
during June 2004 when it was discovered that an organization “Ojam” had engineered
an antipiracy Trojan virus in older versions of their mobile phone game known as
Mosquito. This virus sent SMS text messages to the organization without the users’
knowledge.
Enough functionality: Mobile devices are increasingly being equipped with o ffice
functionality and already carry critical data and applications, which are often
protected insufficiently or not at all. The expanded functionality also increases the
probability of malware.

Enough connectivity: Smartphones offer multiple communication options, such as
SMS, MMS, synchronization, Bluetooth, infrared (IR) and WLAN connections.
Therefore, unfortunately, the increased amount of freedom also offers more choices
for virus writers.
Mobile Viruses
A mobile virus is similar to a computer virus that targets mobile phone data or
applications/software installed in it.
Virus attacks on mobile devices are no longer an exception or proof-of-concept

nowadays. In total, 40 mobile virus families and more than 300 mobile viruses have
been identified.
First mobile virus was identified in 2004 and it was the beginning to understand that
mobile devices can act as vectors to enter the computer network.
Mobile viruses get spread through two dominant communication protocols –

Bluetooth and MMS.
Bluetooth virus can easily spread within a distance of 10–30 m, through Bluetooth-
activated phones (i.e., if Bluetooth is always ENABLED into a mobile phone)
whereas MMS virus can send a copy of itself to all mobile users whose numbers are
available in the infected mobile phone’s address book.
Following are some tips to protect mobile from mobile malware attacks.
Download or accept programs and content (including ring tones, games, video clips
and photos) only from a trusted source.
If a mobile is equipped with Bluetooth, turn it OFF or set it to non-discoverable mode

when it is not in use and/or not required to use.
If a mobile is equipped with beam (i.e., IR), allow it to receive incoming beams, only
from the trusted source.
Download and install antivirus software for mobile devices.
Mishing
Mishing is a combination of mobile phone and Phishing Mishing attacks are

attempted using mobile phone technology.
M-Commerce is fast becoming a part of everyday life. If you use your mobile phone
for purchasing goods/services and for banking, you could be more vulnerable to a
Mishing scam.
A typical Mishing attacker uses call termed as Vishing or message (SMS) known as
Smishing.

Attacker will pretend to be an employee from your bank or another organization and
will claim a need for your personal details.
Attackers are very creative and they would try to convince you with di fferent reasons
why they need this information from you.
Vishing
Vishing is the criminal practice of using social engineering over the telephone system,
most often using features facilitated by VoIP, to gain access to personal and financial
information from the public for the purpose of financial reward. The term is a
combination of V – voice and Phishing.
Vishing is usually used to steal credit card numbers or other related data used in ID
theft schemes from individuals.
The most profitable uses of the information gained through a Vishing attack include
ID theft;
Purchasing luxury goods and services;
Transferring money/funds;
Monitoring the victims’ bank accounts;
Making applications for loans and credit cards.
How Vishing Works
The criminal can initiate a Vishing attack using a variety of methods, each of which
depends upon information gathered by a criminal and criminal’s will to reach a
particular audience.
Internet E-Mail: It is also called Phishing mail.
Mobile text messaging.
Voicemail: Here, victim is forced to call on the provided phone number, once he/she
listens to voicemail.
Direct phone call: Following are the steps detailing on how direct phone call works:
The criminal gathers cell/mobile phone numbers located in a particular region and/or
steals cell/ mobile phone numbers after accessing legitimate voice messaging
company.
The criminal often uses a war dialer to call phone numbers of people from a specific
region, and that to from the gathered list of phone numbers.

When the victim answers the call, an automated recorded message is played to alert
the victim that his/her credit card has had fraudulent activity and/or his/her bank
account has had unusual activity.
When the victim calls on the provided number, he/she is given automated instructions
to enter his/her credit card number or bank account details with the help of phone
keypad.
Once the victim enters these details, the criminal (i.e., visher) has the necessary
information to make fraudulent use of the card or to access the account.
Such calls are often used to harvest additional details such as date of birth, credit card
expiration date, etc.
Some of the examples of vished calls, when victim calls on the provided number after
receiving phished E-Mail and/or after listening voicemail, are as follows:
Automated message: Thank you for calling (name of local bank). Your business is
important to us. To help you reach the correct representative and answer your query
fully, please press the appropriate number on your handset after listening to options.
Press 1 if you need to check you’re banking details and live balance.
Press 2 if you wish to transfer funds.
Press 3 to unlock your online profile.
Press 0 for any other query.
Regardless of what the victim enters (i.e., presses the key), the automated system
prompts him to authenticate himself: “The security of each customer is important to
us. To proceed further, we require that you authenticate your ID before proceeding.
Please type your bank account number, followed by the pound key.”
The victim enters his/her bank account number and hears the next prompt: “Thank
you. Now please type your date of birth, followed by the pound key. For example 01
January 1950 press 01011950.”
The caller enters his/her date of birth and again receives a prompt from the automated
system:
“Thank you. Now please type your PIN, followed by the pound key.”
The caller enters his PIN and hears one last prompt from the system: “Thank you. We
will now transfer you to the appropriate representative.”
How to Protect from Vishing Attacks

Following are some tips to protect oneself from Vishing attacks.
Be suspicious about all unknown callers.
Do not trust caller ID. It does not guarantee whether the call is really coming from
that number, that is, from the individual and/or company – caller ID Spoofing is easy.
Be aware and ask questions, in case someone is asking for your personal or financial
information.
Call them back.
Report incidents:
Smishing
Smishing is a criminal offense conducted by using social engineering techniques

similar to Phishing. The nameisderivedfrom“SMSPhISHING.” SMS – Short Message
Service– is the text messages communication component dominantly used into mobile
phones. To know how SMS can be abused byusing different methods and techniques
other than information gathering under cybercrime.
How to Protect from Smishing Attacks
Following are some tips to protect oneself from Smishing attacks:
Do not answer a text message that you have received asking for your PI.
Avoid calling any phone numbers, as mentioned in the received message, to cancel a
membership and/or confirming a transaction which you have not initiated but
mentioned in the message.
Always call on the numbers displayed on the invoice and/or appearing in the bank
statements/passbook.
3. Never click on a hot link received through message on your Smartphone or PDA.
Hot links are links that you can click, which will take you directly to the Internet sites.
Hacking Bluetooth
Bluetooth is an open wireless technology standard used for communication (i.e.,

exchanging data) over short distances between fixed and/or mobile devices.
Bluetooth is a short-range wireless communication service/technology that uses the

2.4- GHz frequency range for its transmission/communication.

S. Name of the Description
No.
Tool
This tool enables to search for Bluetooth enable device and will try to
extract asmuch information as possible for each newlydiscovered
1 BlueScanner device after connecting it with the target.
2 BlueSniff This isa GUI-based utility for finding discoverable
and hidden Bluetooth enabled devices.
3 BlueBugger The buggers exploit the vulnerability of the device and access the
images,phonebook, messages and other personal information.
If a Bluetooth of a device is switched ON, then Bluesnarfing makes it

possible to connect to the phone without alerting the owner and to gain
4 Bluesnarfer access to restricted portions of the stored data.
5 BlueDiving Bluediving is testing Bluetooth penetration. It implements attacks like

Bluebug and BlueSnarf.
Bluejacking, Bluesnarfing, Bluebugging and Car Whisperer are common attacks that
have emerged as Bluetooth-specific security issues.
Bluejacking: It means Bluetooth Jacking where Jacking is short name for hijack – act
of taking over something. Bluejacking is sending unsolicited messages over Bluetooth
to Bluetooth-enabled devices such as mobile phones, PDAs or computers.
Bluesnarfing: It is the unauthorized access from a wireless device through a Bluetooth

connection between cell phones, PDAs and computers. This enables the attacker to
access a calendar, contact list, SMS and E-Mails as well as enable attackers to copy
pictures and private videos.
Bluebugging: It allows attackers to remotely access a user’s phone and use its features
without user’s attention.
Car Whisperer: It is a piece of software that allows attackers to send audio to and
receive audio from a Bluetooth-enabled car stereo.
Mobile Devices: Security Implications for Organizations:
Managing diversity and proliferation of hand-held devices
We have talked about the micro issues of purelytechnical nature in mobile device
security. Given the threats to information systems through usage of mobile devices,

the organizations need to establish security practices at a level appropriate to their
security objectives, subject to legaland other externalconstraints.
Unconventional/stealth storage devices
We would like to emphasize upon widening the spectrum of mobile devices and focus
on secondary storage devices, such as compact disks (CDs) and Universal Serial Bus
(USB) drives (also called zip drive, memory sticks) used by employees.
As the technology is advancing, the devices continue to decrease in size and emerge
in new shapes and sizes – unconventional/stealth storage devices available nowadays
are difficult to detect and have become a prime challenge for organizational security.
Fig: Unconventional/stealth storage devices.
The features of the software allows system administrator to:
Monitor which users or groups can access USB Ports,
Wi-Fi and Bluetooth adapters, CD read-only memories (CD-ROMs) and other

removable devices.
Control the access to devices depending on the time of the day and day of the week.
Createthe white list of USB devices whichallows you to authorize onlyspecific

devices that will not be locked regardless of any other settings.
Set devices in read-only mode.
Protect disks from accidental or intentional
formatting. Threats through lost and stolen devices
This is a new emerging issue for cyber security. Often mobile hand-held devices are
lost while people are on the move. Lost mobile devices are becoming even a larger
security risk to corporations.

A report based on a survey of London’s 24,000 licensed cab drivers quotes that 2,900
laptops, 1,300 PDAs and over 62,000 mobile phones were left in London in cabs in
the year 2001 over the last 6-month period.
Protecting data on lost devices
Readers can appreciate the importance of data protection especially when it resides on
a mobile hand-held device. At an individual level, employees need to worry about
this.
Educating the laptop users
Often it so happens that corporate laptop users could be putting their company’s
networks at risk by downloading non-work-related software capable of spreading
viruses and Spyware.
Fig: Most important management or support issues for laptops.

Organizational Measures for Handling Mobile Devices-Related Security Issues:
We have discussed micro- and macro level security issues with mobile devices used
for mobile computing purposes and what individuals can do to protect their personal
data on mobile devices. We discuss what organizations can do toward safeguarding
their information systems in the mobile computing paradigm.
Encrypting Organizational Databases
Critical and sensitive data reside on databases [say, applications such as customer
relationship management (CRM) that utilize patterns discovered through data
warehousing and data mining (DM) techniques] and with the advances in technology,

access to these data is not impossible through hand-held devices. It is clear that to
protect the organizations’ data loss, such databases need encryption.
Including Mobile Devices in Security Strategy
These discussion so far makes a strong business case – in recognition of the fact that
our mobile workforce is on the rise, organizational IT departments will have to take
the accountability for cyber security threats that come through inappropriate access to
organizational data from mobile-device–user employees. Encryption of corporate
databases is not the end of everything.
A few things that enterprises can use are:
Implement strong asset management, virus checking, loss prevention and other
controls for mobile systems that will prohibit unauthorized access and the entry of
corrupted data.
Investigate alternatives that allow a secure access to the company information through
a firewall, such as mobile VPNs.
Develop a system of more frequent and thorough security audits for mobile devices.
Incorporate security awareness into your mobile training and support programs so that
everyone understands just how important an issue security is within a company’s
overall IT strategy.
Notify the appropriate law-enforcement agency and change passwords. User accounts
are closely monitored for any unusual activity for a period of time.
Organizational Security Policies and Measures in Mobile Computing Era:
Importance of Security Policies relating to Mobile Computing Devices:
Proliferation of hand-held devices used makes the cyber security issue graver than
what we would tend to think. People (especially, the youth) have grown so used to
their handhelds that they are treating them like wallets! The survey asked the
participants about the likelihood of six separate scenarios involving the use of cell
phones to communicate sensitive and confidential information occurring in their
organizations.
The scenarios described the following:
A CEO’s administrative assistant uses a cell phone to arrange ground transportation

that reveals the CEO’s identity and location.
The finance and accounting staff discusses earnings of press release and one
participant on the call is using a cell phone.

A conference call among senior leaders in the organization in which cell phones are
sometimes used.
A sales manager conducting business in Asia uses, his/her cell phone to communicate
with the home office.
An external lawyer asks for proprietary and confidential information while using his
cell phone.
A call center employee assists a customer using a cell phone to establish an account
and collects personal information (including SSN).
Operating Guidelines for Implementing Mobile Device Security Policies
In situations such as those described above, the ideal solution would be to prohibit all
confidential data from being stored on mobile devices, but this may not always be
practical. Organizations can, however, reduce the risk that confidential information
will be accessed from lost or stolen mobile devices through the following steps:
Determine whether the employees in the organization need to use mobile computing
devices at all, based on their risks and benefits within the organization, industry and
regulatory environment.
Implement additional security technologies, as appropriate to fit both the organization

and the types of devices used.
Standardize the mobile computing devices and the associated security tools being
used with them. As a matter of fundamental principle, security deteriorates quickly as
the tools and devices used become increasingly disparate.
Develop a specific framework for using mobile computing devices, including

guidelines for data- syncing, the use of firewalls and anti-malware software and the
types of information that can be stored on them.
Centralize management of your mobile computing devices. Maintain an inventory so

that you know who is using what kinds of devices.
Establish patching procedures for software on mobile devices. This can often be
simplified by integrating patching with syncing or patch management with the
centralized inventory database.
Label the devices and register them with a suitable service that helps return recovered
devices to the owners.
Establish procedures to disable remote access for any mobile devices reported as lost
or stolen. Many devices allow the users to store usernames and passwords for website

portals, which could allow a thief to access even more information than on the device
itself.
Remove data from computing devices that are not in use or before re-assigning those
devices to new owners (in case of company-provided mobile devices to employees).
This is to preclude incidents through which people obtain “old” computing devices
that still had confidential company data.
Provide education and awareness training to personnel using mobile devices. People
cannot be expected to appropriately secure their information if they have not been told
how.
Organizational Policies for the Use of Mobile Hand-Held Devices
Securing mobile devices is creating company policies that address the unique issues
these devices raise. Such questions include what an employee should do if a device is
lost or stolen.
There are many ways to handle the matter of creating policy for mobile devices. One
way is creating a distinct mobile computing policy. Another way is including such
devices under existing policy.

UNIT- IV
Cyber Security: Organizational Implications:
Introduction:
Living in a world where everything and everybody is connected, protection and

security of data has grown all the more critical. As long as one is connected to the
Internet, anyone can become a viable victim to a cyber attack, thus wariness and
proper protection must be installed to prevent any detrimental incidents. Thus, from
protecting user data against the growing number of threats to ensuring the continuity
of businesses, cyber security—or measures taken to protect a computer system against
unauthorized attacks—is an essential element for any organization. With the advance
of the Internet and alike, security threats and cyber-attacks are multiplying acutely all
over the globe, targeting individuals and targets alike. As these threats and attacks
continue to mount, understanding and managing security risks have become critical
issues for leaders in both business and government. Below are several essential facts
that define the current information security landscape:
The estimated annual cost for cybercrime committed globally adds up to 100 billion
dollars.
Currently, there are more than 6 billion social network usersworldwide with more
than 64% of internet users accessing social media services online. Social media is the
most vulnerable means of cyber attacks. One in 10 social media users are victims of
cyber attacks and the numbers are on a rise.
From 2016 to 2019 global cyber crime costs are expected to greatly increase, reaching
US 1 trillion dollars.
US government spent US 14 billion dollars on cyber security in 2016 with plans to

spend US 19 billion dollars in 2017.
As it can be seen, the implications, both financially and internally for companies and
governments alike, are tremendous. Take, for example, a few recent incidents: Sony
and Target’s breaches earlier in 2014 and 2013, respectively, had the biggest impact
on information technology security. It was evident that high-profile hacks against the
government and companies like Sony and Target were largely met with legislative
inaction and administrative uncertainty on how best to address evolving cyber threats.
The breach of the Office of Personnel Management exposed the details of at least 21.5
million government employees. Additionally, repeated claims of Russian and Chinese
hacking of American businesses and public agencies continued to surface as an
ongoing issue within the public sphere, as well as reports indicating that several
thousand FBI staffers had their data leaked following such an attack. Accordingly,
such security is important to every American who uses the Internet in order to ensure

that their communications remain protected. Unfortunately, there are always going to
be “bad guys,” in this case, those who try to steal people’s information for their own
financial or personal gain. Thus, as these threats continue to mount, understanding
and managing security risks have become critical issues for leaders in both business
and government.
The Cost of Cybercrime:
Most people paying attention would expect that the cost of cybercrime has gone up in
recent years. But a new report has put a number on it: Worldwide cybercrime costs an
estimated $600 billion USD a year.That’s up from $500 billion USD in 2014, the last
time security vendor McAfee and think tank the Center for Strategic and International
Studies released a similar study. The new estimate amounts to 0.8 percent of global
GDP, up from 0.7 percent in 2014.“Cybercrime is relentless, undiminished, and
unlikely to stop,” writes report author James Lewis, senior vice president at CSIS. “It
is just too easy and too rewarding, and the chances of being caught and punished are
perceived as being too low.”
Lewis points to poorly-protected IoT devices as a particular problem. Insecure IoT

devices “provide new, easy approaches to steal personal information or gain access to
valuable data or networks,” he writes. They also power botnets that can create
massive denial-of-service attacks.
Among the other reasons for the growth in the cost of cybercrime:
Cybercriminals are embracing new attack technologies.
Many new Internet users come from countries with weak cybersecurity.
Online crime is becoming easier through cybercrime-as-a-service and other business

schemes.
Cybercriminals are becoming more financially sophisticated, making it easier to

monetize their exploits.
Lewis also suggests that the Tor anonymous browser and Bitcoin are favorite tools of
cybercriminals.“Bitcoin has long been the favored currency for darknet marketplaces,
with cybercriminals taking advantage of its pseudonymous nature and decentralized
organization to conduct illicit transactions, demand payments from victims, and
launder the proceeds from their crimes,” he writes. “Cybercriminals benefit from the
fact that no personally identifying information is linked to the use and exchange of
Bitcoin, allowing criminals to operate with near impunity.”Tor developers have
defended their project by saying it protects users’ privacy by shielding them from
corporate tracking and government surveillance. And Bitcoin defenders say the

cryptocurrency’s anonymous transactions help improve security.The report estimates
that computer and Internet users face 80 billion malicious scans each day. There are
33,000 phishing attacks and 4,000 ransomware daily, with about 780,000 records lost
to hacking.The report proposes several steps to reduce cybercrime, although security
researchers have been pushing several of the recommendations for years.
Among the proposals:
Uniform implementation of basic security measures like regular software updates and
patches.
Increased international law enforcement cooperation.
Tougher cybersecurity laws in several countries.
Penalties for nations that harbor cybercriminals.
“Without these kinds of action, cybercrime will continue to grow as the number of
connected devices grows and as the value of online activities increases,” Lewis writes.
Web Threats:
IT security professionals are on the front lines against web threats. A web threat is
anything on the Internet that facilitates cybercrimes, including computer viruses,
denial-of-service attacks and malware that target computer networks and devices.
Other cybercrimes include cyber stalking, fraud and identity theft, information
warfare, and phishing scams, all of which use computer networks and devices to
facilitate other crimes. Financial damages, identity theft, loss of confidential
information or data, damage to a company’s brand or a person’s reputation, and
declining consumer confidence are just some of the risks posed by Web threats.
Web Threats Are Serious Threats
Every individual on every desktop and mobile computing device connected to the
Internet is vulnerable to Web threats. Organizations worldwide are more dependent
than ever on conducting business through the Internet. That dependence, combined
with ever-changing Web threats, means most organizations are at risk every day of
losing data, productivity and revenue. The increasing need for protection against the
losses caused by Web threats is driving the growth of information systems (IS)
security jobs.
Web threats often enter networks without user knowledge. They can also be triggered
by clicking on a hyperlink or executable file attachment in a spam email. Once in a
system, Web threats spawn variants, creating a chain reaction that spreads through the
Web to infect more machines and perform more malicious activities.
Fighting Back Against Cyber Threats With IT Security

IT professionals specializing in IS security work need to stay up-to-date on cyber
threats. Typically, they manage known threats from known sources through URL
filtering and content inspection solutions. These require frequent updates, but are
generally effective. It has become clear in recent years that multi-layered protection is
necessary to fully protect consumers and businesses from web threats.
The “layers” referred to include the cloud, the Internet gateway, network servers and
individual computers. The multi-layer approach integrates antivirus, anti-phishing,
anti-spyware and anti-spam protection with website analysis using multiple
techniques, such as source reputation and content clearing.
Top 10 Web Threats
Web threats are more damaging and extensive than ever. Nearly any website can
either host malware or send the user to one that does. And infections are more likely
to result from a visit to a legitimate website that has been compromised with spyware
than from a phony site set up specifically to spread malware.
Last year, IT security firm Symantec released a list of history’s 10 most notorious
Web threats:
I Love You (2000): This worm used a friendly phrase to entice users to open it.
Ultimately, the Pentagon, CIA and British Parliament’s email systems were shut
down in an effort to fight it.
Conficker (2009): Conficker allows its creators to remotely install software on

infected machines. Later, it could possibly be used to create a botnet that can be
rented out to criminals seeking to steal identities and direct users to online scams and
phishing sites.
Melissa (1999): Named for the exotic dancer its creator was obsessed with, this virus
kicked off a long period of high-profile threats between 1999 and 2005.
Slammer (2003): A fast-moving, aggressive worm, Slammer brought much of the

Internet down in January, 2003.
Nimda (2001): This mass-mailing worm uses multiple methods to spread itself and
became the Internet’s most widespread worm in 22 minutes. Its name is “admin” in
reverse.
Code Red (2001): Websites with the Code Red worm were defaced by the phrase
“Hacked By Chinese!”
Blaster (2003): The Blaster worm launched a denial of service attack against
Microsoft’s Windows Update website.

Sasser (2004): Capable of spreading without user intervention, Sasser caused Delta
Airlines to cancel some of its flights.
Storm (2007): Another worm directed at Microsoft, it was observed sending almost
1,800 emails from a single machine in a five-minute period.
Morris (1988): An old worm that remains famous and allows current worms to exist,
Morris was created innocently in an attempt to gauge the size of the Internet.
Security and privacy implications:
Cyber-security systems, which protect networks and computers against cyber attacks,
are becoming common due to increasing threats and government regulation. At the
same time, the enormous amount of data gathered by cyber-security systems poses a
serious threat to the privacy of the people protected by those systems. To ground this
threat, we survey common and novel cyber-security technologies and analyze them
according to the potential for privacy invasion. We suggest a taxonomy for privacy
risks assessment of information security technologies, based on the level of data
exposure, the level of identification of individual users, the data sensitivity and the
user control over the monitoring, and collection and analysis of the data. We discuss
our results in light of the recent technological trends and suggest several new
directions for making these mechanisms more privacy-aware
Social media security risks for businesses:
1. Not paying attention on social media
Not paying attention to your social media presence can have serious consequences. If
you leave an account unmonitored and it becomes the target of a malicious attack like
a virus, you won’t know if it spreads to your followers. And if your followers start
receiving spammy messages from your account they will quickly lose trust and
confidence in your brand.
2. Human error
Human error is the most common social media security threat. Disgruntled employees
airing their dirty laundry or sharing naughty photos on company accounts are mere
appetizers in a buffet of security and compliance risks (although still threatening to
your reputation).
Human error often causes more severe security risks such as phishing attacks, scams,
and other cyber annoyances. People unknowingly click on a phishing link, interact
with a fake account, or accidently fill out a spammy form with sensitive information.
Compliance issues, relevant to organizations working within regulated industries, are
most often triggered by employees or customers accidently sharing confidential
personal information on public forums.
3. Malicious apps

The internet is smattered with malicious software and it’s only getting worse.
Spyware, for example, is any software that collects personal information or sends
spammy ads without your consent. Adware tracks personal and sensitive information
in much the same way. All malicious apps steal things like personal or sensitive
information, passwords, and data without you knowing. Just like having street smarts,
think before you click or share information.
4. Social scams and phishing attacks
Similar to malicious apps that try to collect sensitive data, phishing scams use social
media to trick people into giving personal information such as banking details and
passwords. Phishing attempts are up this year by 150 percent on major social
networks like Facebook, Twitter, Instagram, and LinkedIn. Social scams range from
fake customer service accounts or fake accounts of your friends, to spammy contests
in social comments that lure you to ‘buy this’ or ‘click here.’
5. Malware attacks and hacks
There are good hackers and bad hackers. Some try to improve internet security by
forcing IT departments and protection products to constantly innovate, while others
hack for fun or to make a buck. Attacks can be focused and targeted, where ‘cyber
gangs’ go after individual organizations with advanced malware campaigns. Other
hacks come slowly, with smaller phishing efforts adding up over time. Hacks and
malware attacks are the biggest security threats to businesses on social media.
Social computing and the associated challenges for organizations:
Ten issues with social computing in business:
Lack of social media literacy amongst workers. Anecdotally, the farther a business is
from the technology industry, the less likely that line workers will be familiar with the
latest software innovations. Those who haven't been maintaining blogs, updating wiki
sites, using social networks, sharing information socially, etc. will require more
education than those who do. Even the basics of netiquette as well as key techniques
to get the most from social computing platforms such as encouraging the building of
links between data, tagging information, or establishing weak ties over the network
are often poorly understood even by frequent users of social computing tools. In short,
social computing requires some literacy efforts in most organizations to achieve
effectiveness, just like personal computing skills did a few decades ago.
A perception that social tools won't work well in a particular industry. There is often
an assumption in many specialized industries -- such as medicine or manufacturing,
just to cite two random examples -- that social tools won't be a good fit for their
specific vertical; that they are unique in some way that makes social business models
inappropriate or a non-starter in some way. While many enterprise Web 2.0

advances have spread rather unevenly in many industries -- with media and financial
services often leading the way in early adoption -- more and more evidence is
accumulating that social computing tools have use in most, if not all, industries.
However, more than five years after social software became common in private life,
it's still surprisingly common encounter a culture of resistance (though often to
change in general, and not just enterprise social tools) in organizations that have fewer
competitive pressures, are highly specialized, or are unusually late adopters of
technology.
Social software is still perceived as too risky to use for core business activities. There
is still a broad sense with many that I talk to that social computing applications are
more suitable for knowledge workers isolated from the mission critical functions of an
organization or in more fungible areas such as marketing and advertising. There's a
sense that social computing is not for operations or key business capabilities. This can
be ascribed variously to concerns about unpredictability, loss of control, or worries of
introducing potential distractions to activities that directly and immediately affect the
conditions of the business, including the bottom line. Interestingly, in my analysis of
case studies and discussions with implementers, this is the very place where social
tools have the most impact when deployed, usually by improving decisions, making
key data (or potential experts with the information you need) more accessible and
discoverable, and so on. In fact, no case that I can find has emerged of social tools
disrupting the workplace in any significant manner, and almost all reports, some of
which are indeed integrating social tools into key business processes, are positive.
This concern will likely persist for a while yet, pending the arrival of a preponderance
of research and internal results belies it.
Can't get enough senior executives engaged with social tools. I've been known to say
that most senior executives in large organizations are often read-only users of their IT
systems, whether it's Outlook, their Blackberry, or operational dashboards. Despite
even the earliest Enterprise 2.0 case studies confirming that social tool adoption is
greatly improved by an organization's top personnel leading by example, these are
often the folks that have the least time to participate and little practical experience in
doing so,just part of the enterprise social computing spectrum, though a very
important one.) It's something I'm beginning to hear often, and that is lack of
engagement by senior executives in most social computing efforts, public or private.
I'm personally torn by whether this is critical for success in the long term, since social
computing is largely about tapping into the cognitive surpluses within an organization
and across the network, but it certainly is a key factor in the short term by slowing the
effectiveness of adoption internally.
There is vapor lock between IT and the social computing initiative. The famous
IT/business divide is often holding up social computing initiatives, often by months --
and in some cases for a year or more -- as IT tries to find (and sometimes build) social
computing applications that meet requirements for internal software, architecture,
security, and governance standards, while still exhibiting the latest best practices on

the social computing side. That many of the best social computing applications come
from newer, smaller firms that often don't focus on traditional enterprise requirements
only exacerbates the issues. IT shops also tend to have limited understanding of the
business side of social computing and try to shoehorn existing solutions on hand to
solve business needs. While this isn't automatically a bad practice, the classic example
of SharePoint and Enterprise 2.0 illustrates how this can often become a charged issue
and hold up efforts while it is resolved.
Need to prove ROI before there will be support for social software. This is a classic
anti-pattern for enterprise software acquisition in general (and Enterprise 2.0 in
particular), and while there are certainly twists that are unique to social computing,
the ROI proof objection has increasingly fallen by wayside with the growing number
of successful case studies.
Security concerns are holding up pilot projects/adoption plans. Because social tools
make many things that were normally private much more public -- including policies,
procedures, critical methods, corporate data, and intellectual property -- many
organizations would rather wait for best practices in dealing with this important issue
to solidify before climbing very far up the social computing adoption curve. We've
seen a surprisingly increase and friendly reception lately for tools that address security
as well as governance with social computing tools. I'll explore some of these in an
upcoming post.
The needs around community management have come as a surprise. Social tools
create participant audiences with a shared understanding and sense of community, as
well as an internally guided direction. Without suitable management (help, support,
guidance, moderation, administration, and planning) communities will (and should)
eventually take on a life of their own, but perhaps without your
involvement. Community management is the facility through which they stay
connected to the organization and its goals/needs while satisfying their own internal
requirements. The staffing skills, team sizes, techniques, and tools of community
management for the full spectrum of enterprise social computing needs is still
something that we're learning as an industry. This is also an emerging story that I'll be
covering this year as social computing matures in more and more organizations.
Difficulties sustaining external engagement. As I discussed last year in covering 12

best practices for online customer communities, many organizations have trouble
engaging the broader world using their own social computing initiatives. They build
communities but their target audiences often ends up preferring the ones they built for
themselves, especially if they perceive too cynical an approach or one that is too
narrow for their needs (focusing on just a product from one company instead of an
entire vertical or niche). Creating thriving social computing environments is still as
much an art as a science and while engagement can always be generated through
expensive traditional marketing and PR channels, learning the emerging rules for
social business can really help.

Struggling to survive due to unexpected success. More and more frequently lately I'm
coming across enterprise social computing stories that had considerable and
unexpected early success. This led to attention and scrutiny from across the
organization and a subsequent struggle to fund a fast growing venture amid
internecine turf wars, battles over control, and the battles with competing efforts.
With social computing a foreign way of doing business for many organizations, the
rapid growth of new effort can spell disaster without careful oversight, planning, and
expectation setting. Building a strong network of friendly and well-respected sponsors
internally can help this issue in particular.
Cybercrime and Cyber terrorism: Introduction:
Cyberattacks can come in the form of viruses, malware, email phishing, social media
fraud - the spectrum of cyber threats is limitless. We are more interconnected than
ever before, but for all of the advantages, that connectivity leaves us vulnerable to the
risks of fraud, theft, abuse, and attack. Cybercrime can have wide-ranging impacts, at
the individual, local, state, and national levels.
Organized cybercrime, state-sponsored hackers, and cyber espionage can pose

national security risks to our country and our critical infrastructure.
Transportation, power, and other services may be disrupted by large scale cyber
incidents. The extent of the disruption is highly uncertain as it will be determined by
many unknown factors such as the target and size of the incident.
Vulnerability to data breach and loss increases if an organization's network is

compromised. Information about a company, its employees, and its customers can be
at risk.
Individually-owned devices such as computers, tablets, mobile phones, and gaming

systems that connect to the Internet are vulnerable to intrusion. Personal information
may be at risk without proper security.
Intellectual property in the cyberspace:
In common use, property is simply ‘one’s own thing’ and refers to the relationship
between individuals and the objects which they see as being their own to dispense
with as they see fit. Scholars in the social sciences frequently conceive of property as
a ‘bundle of rights and obligations’. They stress that property is not a relationship
between people and things, but a relationship between people with regard to things.
Property is often conceptualized as the rights of ‘ownership’ as defined in law. Private
property is that which belongs to an individual; public property is that which belongs
to a community collectively or a State. Property is usually thought of in terms of a

bundle of rights as defined and protected by the sovereign. Traditionally, that bundle
of rights includes: z control use of the property z benefit from the property (e. g.:
mining rights and rent) z transfer or selling of the property z exclude others from the
property Intellectual Property Protection in Cyberspace 6 The term intellectual
property reflects the idea that this subject matter is the product of the mind or the
intellect, and that intellectual property rights may be protected at law in the same way
as any other form of property. Intellectual property laws are territorial such that the
registration or enforcement of IP rights must be pursued separately in each
jurisdiction of interest. However, these laws are becoming increasingly harmonised
through the effects of international treaties such as the Berne Convention, Paris
Convention and WTO Agreement on TradeRelated Aspects of Intellectual Property
Rights. Intellectual property laws confer a bundle of exclusive rights in relation to the
particular form or manner in which ideas or information are expressed or manifested,
and not in relation to the ideas or concepts themselves. The term “intellectual
property” denotes the specific legal rights which authors, inventors and other IP
holders may hold and exercise, and not the intellectual work itself. Intellectual
property laws are designed to protect different forms of intangible subject matter,
although in some cases there is a degree of overlap. Like other forms of property,
intellectual property (or rather the exclusive rights which subsist in the IP) can be
transferred or licensed to third parties. There are various kinds of tools of protection
that come under the umbrella term ‘intellectual property’. Important among these are
the following: z Patents z Trademarks z Geographical Indications z Layout Designs of
Integrated Circuits z Trade Secrets z Copyrights z Industrial Designs Out of this tool
kitty mainly it is copyright and trademark which are of relevance when we discuss
intellectual property protection in cyberspace. Before proceeding to discuss the exact
application of IP laws and their implication in cyberspace, it becomes imperative to
know in some greater detail about them. 8.2 OBJECTIVES After reading this unit,
you should be able to: z explain the term intellectual property; z describe the basic
concept of copyright and the rights included in the term copyright; z explain
infringement of copyright and what are the remedies; z explain the concept of
trademark the rights of trademark and remedies for their search; and z describe the
challenges faced by IPR in cyberspace. Intellectual Property in Cyberspace. Basic
Concept Copyright is a right given by law to the creators of literary, dramatic, musical
and artistic works and producers of cinematograph films and sound recordings to do
or authorize the doing of certain acts with regard to their creations. It is a kind of
protection against unauthorized use or misuse of a work, but for a limited duration.
Generally the rights include the rights of authorship, reproduction, distribution,
communication to the public, broadcasting, adaptation and translation. The exact
nomenclature and scope of the rights may vary from country to country and from a
class of work to another class of work. However, international treaties such as the
Berne Convention for the protection of Literary and Artistic Works and the
Agreement on Trade Related Aspects of Intellectual Property Rights have brought in
some kind of harmonization in these rights. In India, copyright is governed by the
Copyright Act, 1957, the Copyright Rules, 1958 and the International Copyright

Order, 1999. The Copyright Act provides the basic law so far as copyrights are
concerned, the Copyright Rules contain the rules and regulations as well as various
procedures and the International Copyright Order extends copyright protection to
works of nationals of specified foreign countries. The Copyright Act classifies the
works in which copyright subsists in India in to the following three classes: (a)
literary, dramatic, musical and artistic works (b) cinematograph films, and (c) sound
recordings. The scope of ‘literary work’ includes any “work which is expressed in
print or writing, irrespective of the question whether the quality or style is high”. It
also includes computer programs and computer databases. Dramatic work includes
any piece for recitation, choreographic work or entertainment in dumb show, the
scenic arrangement or acting, form of which is fixed in writing or otherwise but does
not include a cinematograph film. Musical work means a work consisting of music
and includes any graphical notation of such work but does not include any words or
any action intended to be sung, spoken or performed with the music. Artistic work
means a painting, a sculpture, a drawing (including a diagram, map, chart or plan), an
engraving or a photograph, whether or not any such work possesses artistic quality; a
work of architecture; and any other work of artistic craftsmanship. The Copyright Act
defines cinematograph film as “any work of visual recording on any medium
produced through a process from which a moving image may be produced by any
means and, includes a sound recording accompanying such visual recording”. Sound
recording (phonogram) is a recording of sounds from which sounds can be produced
regardless of the medium on which such recording is made or the method by which
the sounds are produced. Please answer the following Self Assessment Question. Self
Assessment Question 1 Spend 2 Min. Copyright is governed by..........................Act.
Intellectual Property Protection in Cyberspace 8 8.3.2 Rights Included in the term
‘Copyright’ Copyright is a bundle of rights and this bundle can be broadly classified
into two categories, viz. economic rights and moral rights. Economic rights are so
called because “they imply as a rule that within the limitations set by the copyright
law the owner of the copyright may make all public use of the work conditional on
payment of remuneration”. These rights enable the copyright owner to reap economic
returns for his work. The major economic rights available in the Indian copyright Act
are the following: (a) Right of Reproduction (b) Right to Issue Copies of a Work (c)
Rights of Public Performance (d) Right of Communication to the Public (e)
Adaptation Right (f) Translation Right Right of reproduction is the most fundamental
of all economic rights. The right envisages that copyright owner has the exclusive
right to authorize the making of one or more copies of a work or of a substantial part
of it in any material form, including sound and visual recording. The most common
kind of reproduction is printing an edition of a book. Storing of a work in any medium
by electronic means is also reproduction. The Copyright Act gives the right of
reproduction in all classes of works. Moral Rights are generally provided with a view
to assert the authorship on a work and also to uphold the right of integrity. The Indian
Copyright Act provides this as special rights of authors to claim authorship of the
work and to restrain or claim damages in respect of any distortion, mutilation,
modification or other act in relation to the said work which is done before the

expiration of the term of copyright if such distortion, mutilation, modification or other
act would be prejudicial to his honour or reputation. Moral rights are independent of
the economic rights and remain with the author even after he has transferred his
economic rights. In the era of digital technologies, moral rights, particularly right of
integrity, are very necessary to safeguard against misuse and distortion of an author’s
work. Copyright, being a property right, can be transferred or assigned to another
person. It can also be inherited during the time it exists. Without transferring or
assigning, a copyright owner can license specified uses by others. 8.3.3 Infringement
of Copyright and Remedies Thereof Any copying or duplication, adaptation,
translation, public performance, communication to the public or broadcast done
without the authorization of the copyright owner, or even where any work has been
licensed or assigned, any violation of the conditions of the licence or assignment
constitutes copyright infringement. Any import of infringing copies also constitutes
copyright infringement. Even such copies made outside India cannot be imported into
India without infringing copyright where such copies, if made in India, would infringe
copyright, even if it may not be an infringement in the country of origin. Since
copyright is a proprietary right, the owner has to administer his own rights. The
Copyright Act provides for collective Intellectual Property in Cyberspace 9
administration of rights through registered copyright societies. These societies have to
be formed voluntarily by the copyright owners. Only the owner of copyright or the
society who have the rights can institute civil and criminal proceedings against
infringement of his works. Civil remedies include injunction, and damages. Copyright
infringement is also a cognizable offence. Copyright infringement is punishable with
imprisonment for a term ranging from six months to three years and with a fine
ranging from Rs. 50,000 to Rs. Two lakh. District Courts have been given jurisdiction
to try the suits relating to copyright violation within the vicinity of which the owner of
the copyright resides or carries on business. 8.3.4 Limitations/Exceptions to
Copyright The rights granted by copyright are exclusive in nature. This exclusivity is
sometimes criticised as monopoly in favour of the right owners. Therefore, in order to
balance these opposing private and public interests the legislature provides the
remedy in the form of drawing limitations/exceptions to copyright. This is achieved
by two means; firstly, limiting the duration in which a work enjoys copyright
protection, and secondly, allowing certain uses without specific authorization by the
owner of copyrights, known as fair use provisions in copyright parlance. Copyright is
an intellectual property right and like all other intellectual property rights it is for a
limited duration. This limitation emanates from the basic concept of intellectual
property right that while creators of intellectual property have the right to control the
reproduction and other uses of their works, they being essential elements in the
scientific and cultural progress of humanity, the society has the right to access and
share the same so that social and cultural life of humanity gets enriched. While the
Berne Convention provides for a minimum period of protection which is life term of
the author plus 50 years thereafter, national governments are free to provide a longer
term of protection. In India, original literary, dramatic, musical and artistic works
enjoy copyright protection for the lifetime of the author plus 60 years if they are

published within the lifetime of the author. Many types of exploitation of a
copyrighted work which are for social purposes such as education, religious
ceremonies, and so on are exempted from the operation of the rights granted in the
Act. For example, playing music at religious ceremonies, including marriage
processions and marriage festivities, official functions of central and state
governments and local bodies will not be affected by copyright. This is done in
keeping with the social and cultural traditions of the country. 8.3.5 Registration of
Copyright The Copyright Act provides for registration of works. However, the
registration under the Act is voluntary and not obligatory. Registration does not itself
confer copyright but the particulars entered in the Register of Copyright maintained in
the Copyright Office constitute prima facie evidence of ownership of copyright in
copyright cases. As per the provisions of the Act, copyright subsists in any work as
soon as it is created, without any formality like registration being observed. 8.3.6
International Nature of Copyright Protection Copyrights are national in nature. This
means that your rights are recognised by your national laws and extend to the
territorial limits of your country. However, international treaties like the Berne
Convention for the Protection of Literary and Artistic Works Intellectual Property
Protection in Cyberspace 10 (1886) the Universal Copyright Convention (1952) and
the Agreement on Trade Related Aspects of Intellectual Property Rights (1994)
ensure protection of copyrights of nationals of a member country in all other member
countries. Through the principle of ‘National Treatment’ it is ensured that foreigners
if they are nationals of a membercountry, are given the same rights enjoyed by the
nationals, except in the matter of term of protection. India is part of the international
copyright regime through its membership of Berne Convention for the Protection of
Literary and Artistic Works, Convention Establishing the World Intellectual Property
Organization (WIPO), Universal Copyright Convention, Convention for the
Protection of Producers of Phonograms Against Unauthorized Duplication of Their
Phonograms, Multilateral Convention for the Avoidance of Double Taxation of
Copyright Royalties and Additional Protocol, and the Agreement on Trade Related
Aspects of Intellectual Property Rights (TRIPS)
The ethical dimension of cybercrimes the psychology:
We saw that the ‘good life’ is what ethical action seeks to protect and promote. We’ll
say more later about the ‘good life’ and why we are ethically obligated to care about
the lives of others beyond ourselves. But for now, we can define an ethical issue as
‘important’ or ‘significant’ when its associated harms or benefits have a substantial
possibility of making a difference to certain individuals’ chances of having a good
life, or the chances of a group to live well: that is, to flourish in society together.
Some harms and benefits are not ethically significant. Say I prefer Coke to Pepsi. If I
ask for a Coke and you hand me a Pepsi, even if I am disappointed, you haven’t
impacted my life in any ethically significant way. Some harms and benefits are too
trivial to make a meaningful difference to how our life goes. Also, ethics implies
human choice; a harm that is done to me by a wild tiger or a bolt of lightning might
be

very significant, but won’t be ethically significant, for it’s unreasonable to expect a
tiger or a bolt of lightning to take my life or welfare into account.3 In many technical
contexts, such as the engineering, manufacture, and use of aeronautics, nuclear power
containment structures, surgical devices, buildings, and bridges, it is very easy to see
the ethically significant harms that can come from poor technical choices, and very
easy to see the ethically significant benefits of choosing to follow the best technical
practices known to us. All of these contexts present obvious issues of ‘life or death’ in
practice; innocent people will die if we disregard public welfare and act negligently or
irresponsibly, and people will generally enjoy better lives if we do things right.
Because ‘doing things right’ in these contexts preserves or even enhances the
opportunities that other people have to enjoy a good life, good technical practice in
such contexts is also ethical practice. A civil engineer who willfully or recklessly
ignores a bridge design specification, resulting in the later collapse of said bridge and
the deaths of a dozen people, is not just bad at his or her job. Such an engineer is also
guilty of an ethical failure—and this would be true even if they just so happened to be
shielded from legal, professional, or community punishment for the collapse. In the
context of cybersecurity practice, the potential harms and benefits are no less real or
ethically significant, up to and including matters of life and death. But due to the fact
that cybersecurity efforts are often carried out ‘behind the scenes,’ largely hidden
away from customers, clients, and other users, the ethical nature of cybersecurity
practice can be harder to recognize. This part of the module seeks to make these
issues more visible.
Mindset and skills of hackers and other cyber criminals:
Alok (name changed on request) is in his early teens, not the age when he should be
making thousands of dollars. Alok is a hacker who lives on the dangerous by-lanes of
the internet—the dark web. Accessible only through browsers designed to promote
anonymity and confuse law enforcement, the dark web is where the nefarious
elements of the internet hang out.
The baby-faced Alok has been working with a hacker collective on the dark web for
nearly three years now. In those three years, he has been party to several instances of
theft and trading, particularly of credit card information, on the dark web and its
marketplaces. He was never a leader, but one of the foot soldiers, yet he managed to
earn bitcoins that are now worth thousands of dollars. Alok hides his wealth from his
parents.
These days, Alok is in the throes of a moral crisis. It may have paid him well, but he
is not sure if he wants to continue being what those in the security business calls a
black hat hacker—someone who uses his skills for negative, often illegal ends. As he
grows up, Alok is going through the realisation of his own power and of the ways in
which he can use it.

Meet the hacker
If the mental picture that lights up in your mind when you hear of Alok the hacker is
of a young, bespectacled guy sitting in a dark room, with his face lit up by the bluish
glow of his computer monitor, you are not too far away from reality. That’s where the
journey of most hackers start—staying up in the middle of the night, trying different
things, finding and learning new ways to manipulate code and find vulnerabilities.
Like Alok, somewhere along the way, they see a fork on the road, one that could take
them towards using their power to make code dance to their tunes for the good, the
other that takes them to the direction where they could wreak havoc. It’s 2017 and
coding is power and exceptional coders have an inordinate amount of power. Efforts
to target cyber installations of ISIS is just one such example.
For most people, the hacker is a mysterious being. There is so little that the person on
the street knows about these digital lock-pickers and much of the little they do know
has been influenced by how the hacker is portrayed in popular culture.
The term hacker itself has become more complicated over the years. Its usage—
alternating between black hat and white hat (the good guys)—means that the meaning
oscillates between something of an outlaw in the Wild West of the internet while at
the same time conjuring up images of the sheriff of the town as well.
The Hacker mind

Why do hackers, well, hack? It often starts with a need for thrills, for validation. It is
not always the money on offer that attracts them to turn rogue; it is a need for the
adrenalin rush that comes from breaking impenetrable defences and proving
themselves to other hackers. According to several coders I have met, that moment of
triumph of knowing of their own power, is something of a crucial rite of passage.
Alok, the young hacker, remembers his first hack, finding a vulnerability in how a
startup in Bangalore stored user data and getting a T-shirt as swag from the company
after he reached out to them and warned them about it.
The sense of idealism and an overwhelming belief in the power of technology to set
right the ills of the society is real and drives many young coders. Hackers tend to have
an acute, heightened sense of what is right and what is wrong, and much of their
behaviour is based ..
That is what, in particular, leads to the formation of hacktivist collectives like

Anonymous which tries to correct what they claim are social or injustices
Hackers will exert huge influence over our lives as we move towards an even more
connected world. Civil society and governments need to invest in understanding them
and trying to channelise their power in making the world a better place.

UNIT-V
Privacy Issues:
Basic Data Privacy Concepts: Fundamental Concepts:
Data privacy or information privacy is a branch of data security concerned with the
proper handling of data – consent, notice, and regulatory obligations. More
specifically, practical data privacy concerns often revolve around:
Whether or how data is shared with third
parties. How data is legally collected or stored.
Regulatory restrictions such as GDPR, HIPAA, GLBA, or CCPA.
In this guide, we’ll look at why data privacy is important, and how it is linked to data
security. Then we’ll take a look at the legislation that covers data privacy in several
key countries, and In several key industries. Finally, we’ll give you some ways to
improve your data privacy in both personal and business environments.
“This really opened my eyes to AD security in a way defensive work never did.”
As we’ll see, the security and privacy of data are intimately connected, and so
ensuring data privacy means making use of a complete security solution like that
offered by Varonis.
Data Privacy vs. Data Security
Different Definitions of Data Privacy
Data Privacy Laws, Acts and
Timeline Data Privacy Best Practices
Varonis and Data Privacy
Data Privacy News and Resources
Data Privacy FAQ
Why is Data Privacy Important?
There are two drivers for why data privacy is one of the most significant issues in our
industry.
Data is one of the most important assets a company has. With the rise of the data
economy, companies find enormous value in collecting, sharing and using data.
Companies such as Google, Facebook, and Amazon have all built empires atop the
data economy. Transparency in how businesses request consent, abide by their
privacy policies, and manage the data that they’ve collected is vital to building trust

and accountability with customers and partners who expect privacy. Many companies
have learned the importance of privacy the hard way, through highly
publicized privacy fails.
Second, privacy is the right of an individual to be free from uninvited surveillance. To

safely exist in one’s space and freely express one’s opinions behind closed doors is
critical to living in a democratic society.
“Privacy forms the basis of our freedom. You have to have moments of reserve,
reflection, intimacy, and solitude,” says Dr. Ann Cavoukian, former Information &
Privacy Commissioner of Ontario, Canada.
Dr. Cavoukian knows a thing or two about data privacy. She is best known for her
leadership in the development of Privacy by Design (PbD), which now serves as a
cornerstone for many pieces of contemporary data privacy legislation.
Data Privacy Attacks:
Data Privacy Definition. Data Privacy describes the practices which ensure that
the data shared by customers is only used for its intended purpose. ...
Information privacy is the right of individuals to have control over how their personal
information is collected and used.
Common types of cyber attacks
Malware
Malware is a term used to describe malicious software, including spyware,

ransomware, viruses, and worms. Malware breaches a network through a
vulnerability, typically when a user clicks a dangerous link or email attachment that
then installs risky software. Once inside the system, malware can do the following:
Blocks access to key components of the network (ransomware)
Installs malware or additional harmful software
Covertly obtains information by transmitting data from the hard drive (spyware)
Disrupts certain components and renders the system inoperable
Phishing
Phishing is the practice of sending fraudulent communications that appear to come

from a reputable source, usually through email. The goal is to steal sensitive data like
credit card and login information or to install malware on the victim’s machine.
Phishing is an increasingly common cyberthreat.
Man-in-the-middle attack

Man-in-the-middle (MitM) attacks, also known as eavesdropping attacks, occur when
attackers insert themselves into a two-party transaction. Once the attackers interrupt
the traffic, they can filter and steal data.
Two common points of entry for MitM attacks:
1. On unsecure public Wi-Fi, attackers can insert themselves between a visitor’s

device and the network. Without knowing, the visitor passes all information through
the attacker.
2. Once malware has breached a device, an attacker can install software to process all
of the victim’s information.
Denial-of-service attack
A denial-of-service attack floods systems, servers, or networks with traffic to exhaust

resources and bandwidth. As a result, the system is unable to fulfill legitimate
requests. Attackers can also use multiple compromised devices to launch this attack.
This is known as a distributed-denial-of-service (DDoS) attack.
SQL injection
A Structured Query Language (SQL) injection occurs when an attacker inserts

malicious code into a server that uses SQL and forces the server to reveal information
it normally would not. An attacker could carry out a SQL injection simply by
submitting malicious code into a vulnerable website search box.
Zero-day exploit
A zero-day exploit hits after a network vulnerability is announced but before a patch
or solution is implemented. Attackers target the disclosed vulnerability during this
window of time. Zero-day vulnerability threat detection requires constant awareness.
DNS Tunneling
DNS tunneling utilizes the DNS protocol to communicate non-DNS traffic over port
53. It sends HTTP and other protocol traffic over DNS. There are various, legitimate
reasons to utilize DNS tunneling. However, there are also malicious reasons to use
DNS Tunneling VPN services. They can be used to disguise outbound traffic as DNS,
concealing data that is typically shared through an internet connection. For malicious
use, DNS requests are manipulated to exfiltrate data from a compromised system to
the attacker’s infrastructure. It can also be used for command and control callbacks
from the attacker’s infrastructure to a compromised system.

Data linking and profiling:
Data profiling is the process of reviewing source data, understanding structure,

content and interrelationships, and identifying potential for data projects.
Data profiling is a crucial part of:
Data warehouse and business intelligence (DW/BI) projects—data profiling can

uncover data quality issues in data sources, and what needs to be corrected in ETL.
Data conversion and migration projects—data profiling can identify data quality
issues, which you can handle in scripts and data integration tools copying data from
source to target. It can also uncover new requirements for the target system.
Source system data quality projects—data profiling can highlight data which suffers
from serious or numerous quality issues, and the source of the issues (e.g. user inputs,
errors in interfaces, data corruption).
Data profiling involves:
Collecting descriptive statistics like min, max, count and sum.
Collecting data types, length and recurring patterns.
Tagging data with keywords, descriptions or categories.
Performing data quality assessment, risk of performing joins on the data.
Discovering metadata and assessing its accuracy.
Identifying distributions, key candidates, foreign-key candidates, functional

dependencies, embedded value dependencies, and performing inter-table analysis.
Types of data profiling
There are three main types of data profiling:
Structure discovery
Validating that data is consistent and formatted correctly, and performing

mathematical checks on the data (e.g. sum, minimum or maximum). Structure
discovery helps understand how well data is structured—for example, what
percentage of phone numbers do not have the correct number of digits.
Content discovery
Looking into individual data records to discover errors. Content discovery identifies
which specific rows in a table contain problems, and which systemic issues occur in
the data (for example, phone numbers with no area code).
Relationship discovery

Discovering how parts of the data are interrelated. For example, key relationships
between database tables, references between cells or tables in a spreadsheet.
Understanding relationships is crucial to reusing data; related data sources should be
united into one or imported in a way that preserves important relationships
Privacy policy languages:
Privacy policy languages can help with several of the stages involved in managing
privacy policies (writing, reviewing, testing, approving, issuing, combining,
analyzing, modifying, withdrawing, retrieving and enforcing policy). Privacy policy
languages were designed to express the privacy controls that both organizations and
users want to express. Most of the privacy policy languages were designed for
specific purposes with specific features and characteristics. Most of the initiatives for
designing these languages have occurred in the last ten years. In 1997, the World
Wide Web Consortium (W3C) began development of the Platform for Privacy
Preferences (P3P) to express website privacy policies in machine-readable format. A
P3P Preference Exchange Language (APPEL) was also designed by W3C in 1997 to
express an individual’s privacy preferences, to query the data represented by P3P, and
to make decisions accordingly. CPExchange was developed in 2000 to facilitate
business-to-business communication about privacy policies. Later, the industry felt
the need for languages to express the internal privacy policies of the organizations
themselves. With that goal IBM designed the Enterprise Privacy Authorization
Language (EPAL) in 2003.. During the same period a consortium of organizations
joined to design the eXtensible Access Control Markup Language (XACML) for
expressing both privacy and security policies in a machine readable format. There
were other initiatives such as DPAL and XPref in 2003 and 2004. Advances in
technology and the rapid use of pervasive computing systems created a necessity for
protecting context sensitive information transferred through the system (e.g., time of
day and location). In 2005, the Internet Engineering Task Force (IETF) started an
initiative to design Geopriv, a language that can be used to express policies to provide
access on the basis of presence and location information. Privacy policy languages are
expected to be fairly simple and small. Therefore they have been designed as light-
weight XML markup languages. These privacy policy languages are not expected to
perform high-level mathematical operations or complicated flow controls. To be
included in the analysis of this research, the languages had to meet the following
selection criteria: (1) the language specification should explicitly address the
expression of privacy policies, because we wanted to analyze the expressiveness of
privacy policy languages; and, (2) the languages should have been designed for
facilitating the process of enforcement. All languages that we plan to analyze can
specify privacy / security / management policies in some kind of machine-readable
format. Using the selection criteria we narrowed our analysis to the following
languages (arranged in chronological order based on when development work began
on them): Platform for Privacy Preferences (P3P).A P3P Preference Exchange
Language (APPEL), Customer Profile Exchange (CPExchange), Privacy Rights

Markup Language (PRML), XML Access Control Language (XACL), Platform for
Enterprise Privacy Practices (E-P3P), Security Assertion Markup Language (SAML) ,
eXtensible Access Control Markup Language (XACML),Enterprise Privacy
Authorization Language (EPAL), X-Path Based Preference Language (XPref),
Declarative Privacy Authorization Language (DPAL), and Geographic Location /
Privacy (Geopriv).
Privacy in different domains- medical, financial:
The Value and Importance of Health Information Privacy
Ethical health research and privacy protections both provide valuable benefits to
society. Health research is vital to improving human health and health care. Protecting
patients involved in research from harm and preserving their rights is essential to
ethical research. The primary justification for protecting personal privacy is to protect
the interests of individuals. In contrast, the primary justification for collecting
personally identifiable health information for health research is to benefit society. But
it is important to stress that privacy also has value at the societal level, because it
permits complex activities, including research and public health activities to be
carried out in ways that protect individuals’ dignity. At the same time, health research
can benefit individuals, for example, when it facilitates access to new therapies,
improved diagnostics, and more effective ways to prevent illness and deliver care.The
intent of this is to define privacy and to delineate its importance to individuals and
society as a whole. The value and importance of health research will be addressed.

Cyber Security 5 Unit Notes

Uploaded by

Copyright:

Available Formats

Cyber Security 5 Unit Notes

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cyber Security 5 Unit Notes

Uploaded by

Copyright:

Available Formats

ST.

MARTIN'S ENGINEERING COLLEGE

DEPARTMENT OF ELECTRONICS & COMMUNICATION ENGINEERING

III Year -I Semester

B.Tech. III Year I L T P C

To familiarize various types of cyber-attacks and cyber-crimes

To give an overview of the cyber laws

To study the defensive techniques against these attacks

Course Outcomes: The students will be able to understand cyber-attacks, types of

Introduction to Cyber Security: Basic Cyber Security Concepts, layers of security,

Cybercrime: Mobile and Wireless Devices: Introduction, Proliferation of Mobile

Cyber Security: Organizational Implications: Introduction, cost of cybercrimes

Cybercrime: Examples and Mini-Cases

Examples: Official Website of Maharashtra Government Hacked, Indian Banks Lose

Forensics and Legal Perspectives, Wiley

2. B. B. Gupta, D. P. Agrawal, Haoxiang Wang, Computer and Cyber Security:

Algorithm, Applications, and Perspectives, CRC Press, ISBN 9780815371335, 2018.

2. Introduction to Cyber Security, Chwan-Hwa(john) Wu,J. David Irwin, CRC Press

Introduction to Cyber Security:

Cyber security is primarily about people, processes, and technologies working

Cyber security is the protection of Internet-connected systems, including hardware,

It is the body of technologies, processes, and practices designed to protect networks,

1: Mission Critical Assets – This is the data you need to protect*

3: Application Security – Applications security controls protect access to an

4: Endpoint Security – Endpoint security controls protect the connection between

5: Network Security – Network security controls protect an organization’s network

Definition - What does Vulnerability mean? Vulnerability is a cyber-security term

Five Cyber Security vulnerabilities:

Injection vulnerabilities occur every time an application sends untrusted data to an

A buffer overflow vulnerability condition exists when an application attempts to put

3) Sensitive Data Exposure

4) Broken Authentication and Session Management:

The exploitation of a broken Authentication and Session Management flaw occurs

Running outdated software.

Running unnecessary services on the system.

Not changing factory settings (i.e. default keys and passwords).

Incorrect exception management that could disclose system information to the

Use of default accounts.

Common Cyber Security Threats:

Malware makes up 18% of the top cybercrimes affecting Australian organisations.

Avoiding a Malware Attack

Avoiding a Phishing Attack

Strategies like implementing two-factor authentication can greatly decrease cyber

What is a Data Breach.

Who is at Risk of a Data Breach

Dealing with a Data Breach

Of course, prevention is always better than cure. Having appropriate, up-to-date

DDoS Attack and Botnets

What are DDoS Attacks and Botnets.

Detecting a DDoS or Botnet Attack

Avoiding a DDoS or Botnet Attack

Detecting a Ransonware Threat

Avoiding a Ransomware Attack

Cyber crime can be categorised into :

Cyber crime against person

Cyber crime against property

Cyber crime against government

Cyber crime against society

1. Cyber crime against person :

In this category crime is committed against a person using electronic service as a