Introduction to cyber crime

Definition-Cybercrime encompasses a wide range of criminal activities that are carried

out using digital devices and/or networks. These crimes involve the use of technology to

commit fraud, identity theft, data breaches, computer viruses, scams, and expanded upon in

other malicious acts. Cybercriminals exploit vulnerabilities in computer systems and networks

to gain unauthorized access, steal sensitive information, disrupt services, and cause financial

or reputational harm to individuals, organizations, and governments.

Origins of the words Cybercrime-

The word "cybercrime" is a combination of two parts:

1. Cyber: Derived from the word "cybernetics," which comes from the Greek
word "kybernetes," meaning "steersman" or "governor." The term
"cybernetics" was popularized by mathematician Norbert Wiener in the
1940s to describe the control and communication in animals and machines.
Over time, "cyber" came to be associated with computers, networks, and
digital technologies, especially with the rise of the internet.
2. Crime: This part comes from the Latin word "crimen," meaning an accusation
or charge. In English, it evolved to mean an act punishable by law, especially
one that is considered harmful to society.

When combined, "cybercrime" refers to criminal activities carried out using

computers or the internet. The term likely became common in the 1990s, as digital
technology and the internet became more widespread, bringing with it new types
of crime such as hacking, online fraud, and identity theft.
Origins of the words Information Security-

The term "information security" refers to the practice of protecting information from unauthorized access,
disclosure, alteration, destruction, or disruption. The origins of the words "information" and "security" are
rooted in Latin, but their combination into the specific concept of "information security" has evolved over time.

"Information"

 Origin: The word "information" comes from the Latin word informare, meaning "to give form to" or "to
shape." In its modern sense, information refers to data, knowledge, or facts that are communicated or
shared.
 Historical Usage: In the context of security, "information" initially referred to tangible data like written
records, which later expanded to include more abstract forms of data with the development of digital
technologies.

"Security"

 Origin: The word "security" comes from the Latin securitas, which means "freedom from care" or
"safe." It combines se- (meaning "without") and cura (meaning "care" or "concern"). Over time, it came
to mean protection from danger or harm.
 Historical Usage: Historically, security has been associated with physical protection (e.g., securing
property, fortifications, and persons). As society evolved, the concept extended to less tangible assets,
such as data and information.

"Information Security" as a Concept

The combination of the two words into "information security" is relatively modern. Its origins trace back to the
20th century, particularly with the rise of computers and the digitization of data. In the early days of computing,
security focused primarily on physical access to computers. However, as computers became interconnected,
protecting data in digital form became paramount. The first known use of "information security" dates to the
mid-1970s, when organizations began to focus on safeguarding data from unauthorized access or alteration in
computer systems.

Modern Usage

 Cybersecurity: The term "information security" has evolved, especially in the digital age. Today, it
includes broader concepts like cybersecurity, data privacy, encryption, and risk management.
 Standards: In modern contexts, frameworks and standards like ISO/IEC 27001 and NIST have
formalized the practice of information security, further shaping its meaning and scope.

Thus, "information security" grew from ancient roots to modern application as the protection of both tangible
and intangible data.
 Characteristics of Information-
 Timeliness: Information should be available to decision-makers before it loses its ability to influence
them.
 Accuracy: Inaccurate information can cause serious problems.
 Relevance: Relevant information can make a difference in decision making.
 Completeness: Information should include all the facts, figures, and data required by the receiver.
 Accessibility: Accessibility is an important characteristic of information architecture in interface
design.
 Reliability: Reliable information is free from error and bias, and faithfully represents what it is meant to
represent.
 Understandability: Understandability is the quality of information that lets reasonable informed users
to see its significance.

What is the need of Information Security:-

Information security is essential to protect sensitive data from unauthorized access, misuse, disclosure,
destruction, alteration, or disruption. The key reasons why information security is needed include:

1. Confidentiality:

 Information security ensures that sensitive data (such as personal, financial, or health information) is
only accessible to authorized individuals or systems. Without this protection, data breaches can occur,
leading to privacy violations or data theft.

2. Integrity:

 It guarantees that data is accurate and unaltered. Information security measures protect data from being
tampered with, ensuring that it remains trustworthy and reliable. This is critical for preventing data
corruption or unauthorized modifications.

3. Availability:

 Security mechanisms ensure that information and systems are accessible to authorized users when
needed. Denial-of-service attacks, hardware failures, or natural disasters can disrupt access to data, so
security ensures that systems remain functional and resilient.

4. Compliance with Legal and Regulatory Requirements:

 Many industries are bound by laws and regulations (like GDPR, HIPAA, etc.) to protect sensitive data.
Non-compliance can result in heavy penalties, legal issues, and damage to reputation. Information
security helps organizations stay compliant with these regulations.
5. Prevent Financial Loss:

 Cyberattacks, data breaches, and ransomware can lead to significant financial losses for organizations.
Information security measures protect against such incidents, saving costs associated with loss of
business, recovery, and legal fines.

6. Preserve Trust and Reputation:

 Organizations that experience data breaches often lose customer trust. Ensuring robust information
security helps build and maintain a positive reputation with clients, partners, and the public.

7. Protection Against Cyber Threats:

 With the rise of cybercrime, organizations face threats like hacking, phishing, malware, and
ransomware. Information security helps detect and prevent these threats, safeguarding sensitive
information and systems from being compromised.

8. Intellectual Property Protection:

 Organizations and individuals must protect intellectual property such as patents, trade secrets, and
proprietary technology. Information security helps prevent theft or espionage of such valuable assets.

9. Business Continuity:

 Security measures help ensure that an organization can continue to operate even during or after a
cyberattack or data loss. This is crucial for maintaining critical operations and minimizing downtime.

10. Minimization of Insider Threats:

 Not all security threats come from external attackers; sometimes, threats come from within the
organization (whether maliciously or accidentally). Information security helps in monitoring, controlling
access, and reducing risks from insider threats.

Who are Cybercriminals:-

Cybercriminals are individuals or groups who use digital technologies to carry out illegal activities, primarily
through the internet or other connected networks. They exploit vulnerabilities in computer systems, networks,
or software to commit crimes such as:

1. Hacking: Unauthorized access to systems or data.

2. Phishing: Deceptive techniques to steal sensitive information like usernames, passwords, or credit card
details.
3. Malware Deployment: Using malicious software (viruses, ransomware, spyware, etc.) to damage,
disrupt, or steal from systems.
4. Identity Theft: Stealing personal information to impersonate someone for financial gain or fraud.
5. Financial Fraud: Online scams, credit card fraud, or manipulating financial systems for illicit profit.
6. Cyberterrorism: Using cyberattacks to instill fear or disrupt critical infrastructure.
7. Data Theft: Stealing sensitive corporate or government data for blackmail, ransom, or selling on the
black market.
Cybercriminals operate in various forms, from lone hackers to organized crime syndicates, and their
motivations range from financial gain to political activism (hacktivism) or simply causing disruption for
personal satisfaction. Many cybercriminals exploit the anonymity that the internet provides to evade detection
by law enforcement.

Classification of Cyber Crime-

Cybercrime can be classified into several categories based on the nature of the offense, the target, or the
motivation behind the crime. Here are the primary classifications:

1. Crimes Against Individuals

These involve offenses where the primary target is an individual or a group of individuals. Common examples
include:

 Identity Theft: Stealing personal information to commit fraud or financial theft.

 Phishing and Social Engineering: Manipulating individuals into revealing sensitive information
(passwords, financial details).
 Cyberstalking: Harassment or intimidation of individuals through online platforms.
 Online Defamation: Spreading false information about a person to damage their reputation.
 Online Harassment and Cyberbullying: Repeatedly targeting individuals to harass, abuse, or
humiliate them.

2. Crimes Against Property

These crimes target computers, networks, or data to cause damage, steal valuable information, or disrupt
services:

 Hacking: Unauthorized access to a system or network to steal data or disrupt services.

 Data Theft: Stealing confidential or sensitive data for malicious purposes.
 Ransomware Attacks: Holding data or systems hostage through encryption and demanding payment
for release.
 Intellectual Property Theft: Copying or distributing copyrighted material (music, software, etc.)
illegally.
 Denial of Service (DoS) Attacks: Overwhelming a system or network to render it inoperable.

3. Crimes Against Government or Organizations

These offenses target institutions, public or private, often for political, financial, or ideological reasons:

 Cyberterrorism: Using cyberattacks to cause fear, disrupt critical infrastructure, or achieve political
goals.
 Espionage and Data Breaches: Stealing classified or sensitive government or corporate information.
 Hacktivism: Political or ideological cyberattacks aimed at causing disruption or drawing attention to a
cause.
 Website Defacement: Altering the appearance of a government or organizational website for
ideological purposes.

4. Financial Crimes and Fraud

Cybercriminals use various methods to defraud individuals, businesses, or financial institutions:

 Online Scams and Fraud: Email scams, fake websites, and fraudulent online sales aimed at stealing
money.
 Credit Card Fraud: Stealing credit card information to make unauthorized purchases.
 Cryptocurrency Fraud: Manipulating or stealing cryptocurrency for financial gain.
 Banking Trojans: Malware that specifically targets financial institutions or online banking platforms to
steal credentials or funds.

5. Crimes Involving Cyber Weapons and Warfare

These offenses involve the use of cyber tools to cause widespread disruption or destruction:

 Cyber Warfare: State-sponsored or politically motivated cyberattacks targeting another nation’s

infrastructure, defense systems, or government institutions.
 Weaponized Malware: Using sophisticated viruses or malware (like Stuxnet) to damage physical
infrastructure, such as power grids or nuclear facilities.

6. Child Exploitation and Abuse

Crimes in this category involve the exploitation or abuse of children through the internet:

 Child Pornography: Producing, distributing, or consuming explicit content involving children.

 Online Child Grooming: Predators manipulating children online with the intent of sexual exploitation.

A Golbal Perspective on Cybercrime-

A Global Perspective on Cybercrimes is like looking at naughty actions happening all around the world using
computers and the internet.

More Details: 1.

No Borders: Cybercrimes don't follow country lines. They can happen anywhere, and bad
actors from different countries might even work together.

Digital Challenges Everywhere: It's not just a problem in one place. People worldwide face
similar digital troubles, and everyone needs to be careful online.

CyberCrime Era-
The Cybercrime Era is like living in a time where digital mischief is a common challenge. Survival Mantra for
the Netizens means having a set of rules or practices to stay safe in this digital age.
Survival Mantra for Netizens

1. Be Cyber-Aware: Stay alert and aware of potential online threats.

2. Use Strong Passwords: Create and regularly update strong, unique passwords.

3. Keep Software Updated: Ensure your computer and apps have the latest security updates.

4 . Keep Software Updated: Ensure your computer and apps have the latest security updates.

5. Be Sceptical of Emails: Don't trust every email; be cautious, especially with links or attachments.

6 . Use Trusted Websites: Stick to reputable websites to minimise risks. Secure Personal Information: Be
cautious about sharing sensitive info online.

7. Install Antivirus Software: Have reliable antivirus software to protect against digital threats.

The 5P Netizen Mantra for online Security-

The term “Netizen” was coined by Michael Hauben. Quite simply, “Netizens” are the Internet
considerable presence online (through websites about the person, through his/her active blog
contribution
and/or also his/her participation in the online chat rooms).
The 5P Netizen mantra for online security is:
a. Precaution
b. Prevention
c. Protection
d. Preservation
e. Perseverance
How Cybercriminals Plan Attacks
Cybercriminals commit cybercrimes using different tools and techniques. But, the basic process of
performing the attacks is same in general. The process or steps involved in committing the
cybercrime can be specified in 5 steps namely:

1) Reconnaissance
2) Scanning and Scrutinizing
3) Gaining Access
4) Maintaining Access and
5) Covering the tracks

The simplified or condensed process consists of 3 steps namely:

1) Reconnaissance
2) Scanning and Scrutinizing and
3) Launching an Attack
Reconnaissance
Reconnaissance is an act of exploring to find someone or something. Reconnaissance phase begins
with Footprinting. Footprinting involves gathering information about the target’s environment to
penetrate it. It provides an overview of system vulnerabilities. The objective of this phase
(reconnaissance) is to understand the system, its networking ports and services, and any other
related data. An attacker attempts to gather information in two phases:

a) passive and b) active attacks.

Passive Attacks
This attack is used to gather information about a target without their knowledge. These attacks
include:

 Google or Yahoo search

 Facebook, LinkedIn, other social sites
 Organization’s website (target)
 Blogs, newsgroups, press releases, etc
 Job postings on Naukri, Monster, Craiglist, etc
 Network sniffing
Active Attacks
This attack involves exploring the network to discover individual hosts to confirm the data gathered
using passive attacks. This attack involves the risk of being detected and so it is called “Active
Reconnaissance”. This attack allows the attacker to know the security measures in place.

Scanning and Scrutinizing

Scanning involves intelligent examination of gathered information about target. The objectives of
scanning are:

 Port scanning
 Network scanning
 Vulnerability scanning

Scrutinizing is also called enumeration. 90% of the time in hacking is spent in reconnaissance,
scanning and scrutinizing information. The objectives are:

 Find valid user accounts or groups

 Find network resources or shared resources
 OS and different applications running on the target

Launch an Attack
An attack follows the below steps:

 Crack the password

 Exploit the privileges
 Execute malicious software (backdoor)
 Hide or destroy files (if required)
 Cover the tracks

Social Engineering-
Social engineering is a type of cyber attack that involves manipulating people to gain
access to sensitive information or devices. Social engineering attacks exploit human error,
such as trust, respect for authority, or sympathy, rather than vulnerabilities in software or
operating systems
Social engineering is the term used for a broad range of malicious activities
accomplished through human interactions. It uses psychological manipulation
to trick users into making security mistakes or giving away sensitive
information.

Social engineering attacks happen in one or more steps. A perpetrator first

investigates the intended victim to gather necessary background information,
such as potential points of entry and weak security protocols, needed to
proceed with the attack. Then, the attacker moves to gain the victim’s trust
and provide stimuli for subsequent actions that break security practices, such
as revealing sensitive information or granting access to critical resources.

Social Engineering Attack Life Cycle-

1. Preparing the ground for the attack.
2. Deceiving the victim.
3. Obtaining the information.
4. Closing the interaction.

What makes social engineering especially dangerous is that it relies on

human error, rather than vulnerabilities in software and operating
systems. Mistakes made by legitimate users are much less predictable,
making them harder to identify and thwart than a malware-based
intrusion.
 Social engineering attack techniques

Social engineering attacks come in many different forms and can be performed
anywhere where human interaction is involved. The following are the five most
common forms of digital social engineering assaults.

Baiting

As its name implies, baiting attacks use a false promise to pique a victim’s
greed or curiosity. They lure users into a trap that steals their personal
information or inflicts their systems with malware.

The most reviled form of baiting uses physical media to disperse malware. For
example, attackers leave the bait—typically malware-infected flash drives—in
conspicuous areas where potential victims are certain to see them (e.g.,
bathrooms, elevators, the parking lot of a targeted company). The bait has an
authentic look to it, such as a label presenting it as the company’s payroll list.

Victims pick up the bait out of curiosity and insert it into a work or home
computer, resulting in automatic malware installation on the system.

Baiting scams don’t necessarily have to be carried out in the physical world.
Online forms of baiting consist of enticing ads that lead to malicious sites or
that encourage users to download a malware-infected application.

Scareware

Scareware involves victims being bombarded with false alarms and fictitious
threats. Users are deceived to think their system is infected with malware,
prompting them to install software that has no real benefit (other than for the
perpetrator) or is malware itself. Scareware is also referred to as deception
software, rogue scanner software and fraudware.

A common scareware example is the legitimate-looking popup banners

appearing in your browser while surfing the web, displaying such text such as,
“Your computer may be infected with harmful spyware programs.” It either
offers to install the tool (often malware-infected) for you, or will direct you to a
malicious site where your computer becomes infected.

Scareware is also distributed via spam email that doles out bogus warnings, or
makes offers for users to buy worthless/harmful services.
Pretexting

Here an attacker obtains information through a series of cleverly crafted lies.

The scam is often initiated by a perpetrator pretending to need sensitive
information from a victim so as to perform a critical task.

The attacker usually starts by establishing trust with their victim by

impersonating co-workers, police, bank and tax officials, or other persons who
have right-to-know authority. The pretexter asks questions that are ostensibly
required to confirm the victim’s identity, through which they gather important
personal data.

All sorts of pertinent information and records is gathered using this scam, such
as social security numbers, personal addresses and phone numbers, phone
records, staff vacation dates, bank records and even security information
related to a physical plant.

Phishing

As one of the most popular social engineering attack types, phishing scams are
email and text message campaigns aimed at creating a sense of urgency,
curiosity or fear in victims. It then prods them into revealing sensitive
information, clicking on links to malicious websites, or opening attachments
that contain malware.

An example is an email sent to users of an online service that alerts them of a

policy violation requiring immediate action on their part, such as a required
password change. It includes a link to an illegitimate website—nearly identical
in appearance to its legitimate version—prompting the unsuspecting user to
enter their current credentials and new password. Upon form submittal the
information is sent to the attacker.

Given that identical, or near-identical, messages are sent to all users in

phishing campaigns, detecting and blocking them are much easier for mail
servers having access to threat sharing platforms.

Spear phishing

This is a more targeted version of the phishing scam whereby an attacker

chooses specific individuals or enterprises. They then tailor their messages
based on characteristics, job positions, and contacts belonging to their victims
to make their attack less conspicuous. Spear phishing requires much more
effort on behalf of the perpetrator and may take weeks and months to pull off.
They’re much harder to detect and have better success rates if done skillfully.
 A spear phishing scenario might involve an attacker who, in impersonating an
organization’s IT consultant, sends an email to one or more employees. It’s
worded and signed exactly as the consultant normally does, thereby deceiving
recipients into thinking it’s an authentic message. The message prompts
recipients to change their password and provides them with a link that
redirects them to a malicious page where the attacker now captures their
credentials.

Social engineering prevention

Social engineers manipulate human feelings, such as curiosity or fear, to carry

out schemes and draw victims into their traps. Therefore, be wary whenever
you feel alarmed by an email, attracted to an offer displayed on a website, or
when you come across stray digital media lying about. Being alert can help
you protect yourself against most social engineering attacks taking place in the
digital realm.

Moreover, the following tips can help improve your vigilance in relation to
social engineering hacks.

 Don’t open emails and attachments from suspicious sources – If you

don’t know the sender in question, you don’t need to answer an email. Even if
you do know them and are suspicious about their message, cross-check and
confirm the news from other sources, such as via telephone or directly from a
service provider’s site. Remember that email addresses are spoofed all of the
time; even an email purportedly coming from a trusted source may have
actually been initiated by an attacker.
 Use multifactor authentication – One of the most valuable pieces of
information attackers seek are user credentials. Using multifactor
authentication helps ensure your account’s protection in the event of system
compromise. Imperva Login Protect is an easy-to-deploy 2FA solution that can
increase account security for your applications.
 Be wary of tempting offers – If an offer sounds too enticing, think twice
before accepting it as fact. Googling the topic can help you quickly determine
whether you’re dealing with a legitimate offer or a trap.
 Keep your antivirus/antimalware software updated – Make sure
automatic updates are engaged, or make it a habit to download the latest
signatures first thing each day. Periodically check to make sure that the
updates have been applied, and scan your system for possible infections.
 What is Cyberstalking?
Cyberstalking is the use of the internet or digital tools to repeatedly harass, threaten, or
stalk someone. It includes sending unwanted messages, hacking accounts, or spreading
lies online. The goal is often to scare or distress the victim. Cyberstalkers often use
social media, email, or other online platforms. Cyberstalking involves using digital
platforms to intimidate or control someone by continuously monitoring or harassing them
online, they can track the victim’s online activity.
Cyberstalkers may impersonate their victims, post false information, or make threatening
comments. They often create multiple accounts to avoid detection and can track the
victim’s location or personal activities using GPS or spyware. Cyberstalking can results
into offline threats and is a serious situation of destruction of privacy which can often
requires legal action to stop. Cyberstalking is harmful and illegal.

Some of the Examples of Cyberstalking are as follows

1. Repeated Unwanted Messages
2. False Profiles
3. Tracking Online Activity
4. Hacking Accounts
5. Posting Private Information
6. Threatening Comments
7. Monitoring via GPS or Spyware
Consequences of Cyberstalking
 Legal consequences can include fines, restraining orders, or sentence to
imprisonment.
 Victims may experience anxiety, depression, and fear which can affects their mental
health.
 Public harassment or false information can harm the victim’s reputation causing
reputational damage.
 Personal privacy is compromised, making the victim feel vulnerable.
 Financial costs may arise from legal fees, security measures, or identity theft.
 Fear of being targeted can lead to social withdrawal and isolation.
 Cyberstalking can also escalate to physical threats or harm.

Types of Cyber Stalking
 Webcam Hijacking: Internet stalkers would attempt to trick you into downloading and
putting in a malware-infected file that may grant them access to your webcam. the
method is therefore sneaky in that it’s probably you wouldn’t suspect anything
strange.
 Observing location check-ins on social media: In case you’re adding location
check-ins to your Facebook posts, you’re making it overly simple for an internet
stalker to follow you by just looking through your social media profiles.
 Catfishing: Catfishing happens via social media sites, for example, Facebook, when
internet stalkers make counterfeit user-profiles and approach their victims as a
companion of a companions.
 Visiting virtually via Google Maps Street View: If a stalker discovers the victim’s
address, then it is not hard to find the area, neighbourhood, and surroundings by
using Street View. Tech-savvy stalkers don’t need that too.
 Installing Stalkerware: One more method which is increasing its popularity is the
use of Stalkerware. It is a kind of software or spyware which keeps track of the
location, enable access to text and browsing history, make an audio recording, etc.
And an important thing is that it runs in the background without any knowledge to the
victim.
 Looking at geotags to track location: Mostly digital pictures contain geotags which
is having information like the time and location of the picture when shot in the form of
metadata. Geotags comes in the EXIF format embedded into an image and is
readable with the help of special apps. In this way, the stalker keeps an eye on the
victim and gets the information about their whereabouts.

How to Help Protect Yourself Against Cyberstalking
 Develop the habit of logging out of the PC when not in use.
 Remove any future events you’re close to attending from the social networks if they’re
recorded on online approaching events and calendars.
 Set strong and distinctive passwords for your online accounts.
 Cyber Stalkers can exploit the low security of public Wi-Fi networks to snoop on your
online activity. Therefore, avoid sending personal emails or sharing your sensitive info
when connected to an unsecured public Wi-Fi.
 Make use of the privacy settings provided by the social networking sites and keep all
info restricted to the nearest of friends.
 Do a daily search on the internet to search out what information is accessible
regarding you for the public to check.

How to Report Cyberstalking
To report cyberstalking you must follow such steps:
 Document Evidence: Save screenshots, messages, emails, and URLs showing the
harassment.
 Block and Report: Immediately block the stalker and report their behavior to the
platform or service.
 Contact Authorities: Report the incident to local law enforcement or a cybercrime
department and provide them all of the evidences.
 File a Complaint: Contact relevant cybercrime reporting agencies or hotlines, like the
Internet Crime Complaint Center (IC3) or local equivalents.
 Inform Your ISP: Notify your internet service provider (ISP) about the cyberstalking.
 Seek Legal Advice: Consult a lawyer to understand your rights and potential legal
actions for the help in the court of law.
 Get Support: Reach out to organizations or support groups for help and guidance.
 Cyberstalking Laws
In India, cyberstalking and related offenses are covered by laws like the Information
Technology Act, 2000 and the Indian Penal Code. Here are key points:
 Identity Theft: It’s illegal to impersonate someone online under Section 66C of
the Information Technology Act.
 Obscene Material: Sharing or publishing obscene content online is prohibited
by Section 67 of the Information Technology Act.
 Stalking: Section 354D of the Indian Penal Code deals with stalking, including
online stalking where someone follows or monitors another person electronically.
 Insulting Modesty: Section 509 of the Indian Penal Code makes it illegal to insult a
person’s modesty, including online harassment.
 Threats: Sections 503 and 506 of the Indian Penal Code address criminal
intimidation, including threats made online.
These laws provide legal protection against cyberstalking and allow victims to seek help
and justice through legal channels in India.

Cybercafe and Cybercrimes-

Cyber cafes are popular places for cyber criminals to conduct their activities, and cyber
crime can occur in cyber cafes in a number of ways:
 Cyber cafes as network service providers
Cyber cafes are considered network service providers, and are liable for any offenses that occur on
their network.
 Cyber cafes without ID checks
Cyber cafes that don't check ID cards can make it easier for cyber criminals to commit fraud.
 Web cameras
Cyber cafes may use web cameras to photograph users, which can be used to commit cyber fraud.
 Virtual Private Networks (VPNs)
VPNs can make it difficult to trace a user's identity or location, which can make it harder for the
police to catch cyber criminals.

Cybercriminals prefer cybercafes to carry out their activities. The criminals tend to identify one
particular personal computer PC to prepare it for their use. Cybercriminals will visit these cafes at a
particular time and on the prescribed frequency, maybe alternate day or twice a week.
A recent survey conducted in one of the metropolitan cities in India reveals the following facts,

 Pirated software(s) such as OS, browser, office automation software(s) (e.g., Microsoft Office)
are installed in all the computers.
 Antivirus software is found to be not updated to the latest patch and/or antivirus signature.
  Several cybercafes had installed the software called "Deep Freeze" for protecting the
computers from prospective malware attacks.
 Annual maintenance contract (AMC) found to be not in a place for servicing the computers;
hence, hard disks for all the computers are not formatted unless the computer is down. Not
having the AMC is a risk from cybercrime perspective because a cybercriminal can install a
Malicious Code on a computer and conduct criminal activities without any interruption.
 Pornographic websites and other similar websites with indecent contents are not blocked.
 Cybercafe owners have very less awareness about IT Security and IT Governance.
 Government/ISPs/State Police (cyber cell wing) do not seem to provide IT Governance
guidelines to cybercafe owners.
 Cybercafe association or State Police (cyber cell wing) do not seem to conduct periodic visits
to cybercafes - one of the cybercafe owners whom we interviewed expressed a view that the
police will not visit a cybercafe unless criminal activity is registered by fling an First Information
Report (FIR). Cybercafe owners feel that police either have a very little knowledge about the
technical aspects. involved in cybercrimes and/or about conceptual understanding of IT
security.

There are thousands of cybercafes across India. In the event that a central agency takes up the
responsibility for monitoring cybercafes, an individual should take care while visiting and/or operating
from cybercafe.
Here are a few tips for safety and security while using the computer in a cybercafe:
1. Always logout: While checking E-Mails or logging into chatting services such as instant
messaging or using any other service that requires a username and a password, always click "logout"
or sign out" before leaving the system. Simply closing the browser window is not enough, because if
somebody uses the same service after you then one can get an easy access to your account.
However, do not save your login information through options that allow automatic login. Disable such
options before logon.
body uses the same service after you then one can get an easy access to your account. However, do
not save your login information through options that allow automatic login. Disable such options
before logon.
2. Stay with the computer: While surfing/browsing, one should not leave the system unattended for
any period of time. If one has to go out, logout and close all browser windows.
3. Clear history and temporary files: Internet Explorer saves pages that you have visited in the
history folder and in temporary Internet files.Your passwords may also be stored in the browser if that
option has been enabled on the computer that you have used.Therefore, before you begin browsing,
do the following in case of the browser Internet Explorer:

 Go to Tools →→ Internet options →→ click the Content tab →→ click Auto Complete. If the
checkboxes for passwords are selected, deselect them. Click OK twice.
 After you have finished browsing, you should clear the history and temporary Internet files
folders. For this, go to Tools →→ Internet options again →→ click the General tab →→ go to
Temporary Internet Files →→ click Delete Files and then click Delete Cookies.
 Then, under history, click clear history. Wait for the process to finish before leaving the
computer.

4. Be alert: One should have to stay alert and aware of the surroundings while using a public
computer. Snooping over the shoulder is an easy way of getting your username and password.
5. Avoid online financial transactions: Ideally one should avoid online banking, shopping or other
transactions that require one to provide personal, confidential and sensitive information such as credit
card or bank account details. In case of urgency one has to do it; however, one should take the
precaution of changing all the passwords as soon as possible. One should change the passwords
using a more trusted computer, such as at home and/or in office.
6. Change password
7. Virtual keyboard: Nowadays almost every bank has provided the virtual keyboard on their
website.
8. Security warnings: One should take utmost care while accessing the websites of any
banks/financial institution.
Individual should take care while accessing computers in public places, that is, accessing the Internet
in public places such as hotels, libraries and holiday resorts. Moreover, one should not forget that
whatever is applicable for cybercafes (i.e., from information security perspective) is also true in the
case of all other all public places where the Internet is made available. Hence, one should follow all
tips about safety and security while operating the systems from these facilities.

Botnets the Fuel for Cyber Crime:-

The dictionary meaning of Bot is "(computing) an automated program for doing some particular task,
often over a network.
Botnet is a term used for collection of software robots, or Bots, that run autonomously and
automatically. The term is often associated with malicious software but can also refer to the network
of computers using distributed computing software.
In simple terms, a Bot is simply an automated computer program. One can gain the control of your
computer by infecting them with a virus or other Malicious Code that gives the access. Your computer
system maybe a part of a Botnet even though it appears to be operating normally. Botnets are often
used to conduct a range of activities, from distributing Spam and viruses to conducting denial-of-
service (DoS) attacks.
A Botnet (also called as zombie network) is a network of computers infected with a malicious program
that allows cybercriminals to control the infected machines remotely without the users' knowledge.
"Zombie networks" have become of income for entire groups of cybercriminals. The invariably low
cost of maintaining a Botnet and the ever diminishing degree of knowledge require to manage one
are conducive to the growth in popularity and, consequently, the number of Botnets.
 Botnet Communication
At first, those who want to be botmaster finds the target system (here target system
means finding the vulnerable system), then use popular social engineering techniques
like phishing, click fraud, etc to install a small (Kbs) executable file into it. A small patch
has been included in the code, making it not visible even with the running background
process. A naive user won’t even come to know that his/her system became part of a bot
army. After infection, the bot looks for the channel through which it can communicate
with its master. Mostly Channel (command and Control channel) uses the existing
protocol to request the command and receive updates from the master, so if anyone tries
to look at the traffic behavior then it will be quite difficult to figure it out. Botmaster is
used to write scripts to run an executable file on different OS.
For Windows: Batch Program
For Linux: BASH Program
The following are the major things that can be performed on bots:
 Web-Injection: Botmaster can inject snippets of code to any secured website that
which bot used to visit.
 Web filters: Here on use a special symbol like:”!” for bypassing a specific domain,
and “@” for the screenshot used.
 Web-fakes: Redirection of the webpage can be done here.
 DnsMAP: Assign any IP to any domain which the master wants to route to the bot
family.
 Types of Botnet
Here are the types of botnets mentioned below based on the Channel.
Internet Relay Chat (IRC) Botnet
Internet Relay Chat (IRC) acts as the C&C Channel. Bots receive commands from a
centralized IRC server. A command is in the form of a normal chat message. The
limitation of the Internet Relay Chat(IRC) Botnet is that the Entire botnet can be
collapsed by simply shutting down the IRC Server.
Peer-to-Peer (P2P) Botnet
It is formed using the P2P protocols and a decentralized network of nodes. Very difficult
to shut down due to its decentralized structure. Each P2P bot can act both as the client
and the server. The bots frequently communicate with each other and send “keep alive”
messages. The limitation of Peer-to-Peer Botnets is that it has a higher latency for data
transmission.
Hyper Text Transfer Protocol (HTTP) Botnet
Centralized structure, using HTTP protocol to hide their activities. Bots use specific
URLs or IP addresses to connect to the C&C Server, at regular intervals. Unlike IRC
bots, HTTP bots periodically visit the C&C server to get updates or new commands.
How Does it Work?
The working of the Botnet can be defined as either you writing code to build software or
using it from the available (Leaked) botnet like ZEUS Botnet(king of all botnet), Mirai
botnet, BASHLITE, etc. then finding the vulnerable system where you can install this
software through some means like social engineering (e.g Phishing) soon that system
becomes a part of a bot army. Those who control it are called the botmaster which
communicates its bot army using a command and control channel.
 How a Botnet work

Types of Botnet Attacks

Below mentioned are the attacks performed by the Botnets.
 Phishing: Botnets help in distributing malware and suspicious activities via Phishing
emails. These include a multiple number of bots and the whole process is automated
and it is difficult to shut down.
 Distributed Denial-of-Service(DDoS) Attack: DDoS Attack is a type of attack
performed by the Botnets in which multiple requests are sent that leads to the crash
of a particular application or server. DDoS Attacks by Network Layer use SYN
Floods, UDP Floods, etc to grasp the target’s bandwidth and let them protect from
being attacked.
 Spambots: Spambots are a type of Botnet Attack, where they take emails from
websites, guestbooks, or anywhere an email id is required to log in. This section
covers more than 80 percent of spam.
 Targeted Intrusion: This is one of the most dangerous attacks as they attack the
most valuable thing or data, valuable property, etc.
How to Protect Against Botnets?
 The most important way to protect from Botnets is to give training to users about
identifying suspicious links.
 Keep the system software always updated to become safe from the Botnets.
 Using two-factor authentication is a way to be safe from the Botnet.
 There are several antiviruses present in the market which keeps you protected from
Botnets.
 Try to change passwords on a regular basis for better protection from Botnets.

What is an attack vector?

An attack vector, or threat vector, is a way for attackers to enter a network or system. Common attack
vectors include social engineering attacks, credential theft, vulnerability exploits, and insufficient
protection against insider threats. A major part of information security is closing off attack vectors
whenever possible.

Suppose a security firm is tasked with guarding a rare painting that hangs in a museum. There are a
number of ways that a thief could enter and exit the museum — front doors, back doors, elevators,
and windows. A thief could enter the museum in some other way too, perhaps by posing as a
member of the museum's staff. All of these methods represent attack vectors, and the security firm
may try to eliminate them by placing security guards at all doors, putting locks on windows, and
regularly screening museum staff to confirm their identity.

Similarly, digital systems all have areas attackers can use as entry points. Because modern computing
systems and application environments are so complex, closing off all attack vectors is typically not
possible. But strong security practices and safeguards can eliminate most attack vectors, making it far
more difficult for attackers to find and use them.

What are some of the most common attack

vectors?
Phishing: Phishing involves stealing data, such as a user's password, that an attacker can use to break
into a network. Attackers gain access to this data by tricking the victim into revealing it. Phishing
remains one of the most commonly used attack vectors — many ransomware attacks, for instance,
start with a phishing campaign against the victim organization.

Email attachments: One of the most common attack vectors, email attachments can contain
malicious code that executes after a user opens the file. In recent years, multiple major ransomware
attacks have used this threat vector, including Ryuk attacks.

Account takeover: Attackers can use a number of different methods to take over a legitimate user's
account. They can steal a user's credentials (username and password) via phishing attack, brute force
attack, or purchasing them on the underground market. Attackers can also try to intercept and use a
session cookie to impersonate the user to a web application.

Lack of encryption: Unencrypted data can be viewed by anyone who has access to it. It can be
intercepted in transit between networks, as in an on-path attack, or simply viewed inadvertently by an
intermediary along the network path.
Insider threats: An insider threat is when a known and trusted user accesses and distributes
confidential data, or enables an attacker to do the same. Such occurrences can be either intentional or
accidental on the part of the user. External attackers can try to create insider threats by contacting
insiders directly and asking, bribing, tricking, or threatening them into providing access. Sometimes
malicious insiders act of their own accord, out of dissatisfaction with their organization or for some
other reason.

Vulnerability exploits: A vulnerability is a flaw in software or hardware — think of it as being like a

lock that does not work properly, enabling a thief who knows where the faulty lock is to enter a
secured building. When an attacker successfully uses a vulnerability to enter a system, this is called a
vulnerability "exploit." Applying the software or hardware vendor's updates can fix most
vulnerabilities. But some vulnerabilities are "zero-day" vulnerabilities — unknown vulnerabilities for
which there is no known fix.

Browser-based attacks: To display webpages, Internet browsers load and execute code they receive
from remote servers. Attackers can inject malicious code into a website or direct users to a fake
website, tricking the browser into executing code that downloads malware or otherwise compromises
user devices. With cloud computing, employees often access data and applications solely through
their Internet browser, making this threat vector of particular concern.

Application compromise: Instead of going after user accounts directly, an attacker may aim to infect
a trusted third-party application with malware. Or they could create a fake, malicious application that
users unknowingly download and install (a common attack vector for mobile devices).

Open ports: A port is a virtual entryway into a device. Ports help computers and servers associate
network traffic with a given application or process. Ports that are not in use should be closed.
Attackers can send specially crafted messages to open ports to try to compromise the system, just as
a car thief might try opening doors to see if any are unlocked.