Unit-1

What is cybercrime?

• Cyber-crime, or computer oriented crime, is crime that involves a computer and a network. The
computer may have been used in the commission of a crime, or it may be the target.
• Cybercrimes can be defined as: Offences that are committed against individuals or groups of
individuals with a criminal motive to intentionally harm the reputation of the victim or cause
physical or mental harm, or loss, to the victim directly or indirectly, using modern
telecommunication networks such as Internet (networks including but not limited to Chat rooms,
emails, notice boards and groups) and mobile phones (Bluetooth/SMS/MMS) .
• Cybercrime may threaten a person or a nation's security and financial health.
Challenges
• Lack of awareness and the culture of cyber security, at individual as well as organizational level.
An organization works on following security measures,
1.Network Security
2.Application security
3.End point security
4.Data security
5.ID management
6.Data Base Management
7.Cloud Security
8.Mobile Security
9.End User Education
• Lack of trained and qualified manpower to implement the counter measures.
• No e-mail account policy especially for the defense forces, police and the security agency
personnel.
• Cyber-attacks have come not only from terrorists but also from neighboring countries contrary to
our National interests.
• The minimum necessary eligibility to join the police doesn’t include any knowledge of computers
sector so that they are almost illiterate to cyber-crime.
• The speed of cyber technology changes always beats the progress of govt. sector so that they are
not able to identify the origin of these cyber-crimes.
• Promotion of Research & Development in ICTs is not up to the mark. Security forces and Law
enforcement personnel are not equipped to address high-tech crimes. Present protocols are not
self-sufficient, which identifies the investigative responsibility for crimes that stretch
internationally. Budgets for security purpose by the government especially for the training of law
enforcement, security personnel’s and investigators in ICT are less as compare to other crimes.
3 Pillars of Cyber Security

• People
• Process
• Technology
Classification of cyber crime

• Hacking
• Cyber stalking
• Phishing
• Money Laundring
Classification of cyber crime cont..
• Hacking- A hacker is an unauthorized user who attempts to or gains an access to an information system.
Hacking is a crime even if there is no visible damage to the system, since it is an intrusion in to the
privacy of someone’s data. There are classes of Hackers.
• White Hat Hackers - They believe that information sharing is good, and that it’s
their responsibility to share their expertise by facilitating access to information.
• Black Hat Hackers - They cause damage after intrusion. They may steal or modify information or
insert viruses or worms which may damage the system. They are also called “crackers‟.
• Grey Hat Hackers –
• A grey hat is a computer hacker or computer security expert who may sometimes violate laws or
typical ethical standards, but usually does not have the malicious intent typical of a black hat
hacker.
• The term came into use in the late 1990s, derived from the concepts of "white hat" and "black hat"
hackers.
• Occasionally violates hacker ethics.
• Network hackers try to gain unauthorized access to private networks for curiosity, challenge and
distributing information.
• Gray hat hackers enact a blend of both black hat and white hat activities. Gray hat hackers
often look for vulnerabilities in a system without the owner's permission or knowledge. If issues are
found, they report them to the owner, sometimes requesting a small fee to fix the problem.
• Cyber Stalking-
One such cyber crime is cyber stalking, also known as online stalking or internet stalking. Simply
put, cyber stalking is the use of technology, the internet in particular to harass a person. This
harassment includes monitoring someone's online activities, threats, identity theft, data theft, forging
their data, etc.
Limiting the amount of personal information that is public is an effective way to prove someone
is cyberstalking you. If personal information and photographs are not easily accessible to the general
public, a cyberstalker may have difficulty explaining how they accessed it.
• Phishing-Phishing attacks are the practice of sending fraudulent communications that appear
to come from a reputable source. It is usually done through email. The goal is to steal sensitive
data like credit card and login information, or to install malware on the victim's machine.
4 types of phishing include-
1. whaling
2.vishing
3.smishing
4.spear
5.Clone Phishing

• Software Piracy-It is an illegal reproduction and distribution of software for business or personal
use. This is considered to be a type of infringement of copy right and a violation of a license
agreement.
• Money Laundering- Money laundering makes money collected through criminal activities or ‘dirty’
money look clean or legitimate.
• It can be defined as conversion of black money into white money.
• It enables people who committed these crimes to enjoy the profits without revealing the origin of their
source. They can do this in a lot of ways like obscuring the origin of cash, changing its form, or
transferring them to accounts where the funds don’t get much attention. They can eventually clean all
the money when running through valid businesses and transactions and can enter the economy without
raising doubts.
• Password Sniffers-Password Sniffing is a hacking technique that uses a special software application
that allows a hacker to steal usernames and passwords simply by observing and passively recording
network traffic.
• This often happens on public WiFi networks where it is relatively easy to spy on weak or unencrypted
traffic.
• Credit card Fraud-
• Credit card fraud can occur when unauthorized users gain access to an individual's credit card
information in order to make purchases, other transactions, or open new accounts.
• This unauthorized access occurs through phishing, skimming, and information sharing by a user,
oftentimes unknowingly. However, this type of fraud can be detected through means of artificial
intelligence and machine learning as well as prevented by issuers, institutions, and individual
cardholders.
• Web jacking- Just as conventional hijacking of an airplane is done by using force, similarly web
jacking means forcefully taking over control of a website.
• Cyber Defamation- This occurs when defamation takes place with the help of computers and/or
the Internet. E.g. a person publishes defamatory matter about another on a website.
• Cyber Terrorism-Cyber terrorism is often defined as any premeditated, politically motivated
attack against information systems, programs and data that threatens violence or results in
violence.
• The definition is sometimes expanded to include any cyber attack that intimidates or generates
fear in the target population.
While the obvious targets might be governments, banks, and utilities (e.g. water, oil, electricity, gas,
chemical, and communication infrastructure), as attacks on these have the ability to cause the most
economic, political, and physical havoc and damage to the critical national infrastructure.
• Email Bombing-This refers to sending a large number of emails to the victim resulting in the
victim's email account (in case of an individual) or mail servers (in case of a company or an email
serviceprovider) crashing.

• Virtual crime- Virtual crime or in-game crime refers to a virtual criminal act that takes place in a
massively multiplayer online game (MMOG).
Internet Time Theft
• Occurs when an unauthorized person uses the internet hours paid for by another person.
• Comes under hacking.
• The person get access to someone else’s ISP user ID and password, either by hacking or
by gaining access to it by illegal means and uses the internet without the other person’s
knowledge.
• This theft can be identified when internet time is recharged often, despite infrequent
usage.
• E.g. Colonel Bajwa’s case- the Internet hours were used up by any other person. This was
perhaps one of the first reported cases related to cyber-crime in India. However this case
made the police infamous as to their lack of understanding of the nature of cyber-crime.
Email Spoofing

• In the context of computers, to spoof one’s email address means that the sender is acting as if the
email is coming from someone it is not. How someone (or something) sends an email made to look
like it comes from somewhere or somewhere it does not, is a little more technical to explain.
Usually, it’s a tool of a phishing attack, designed to take over your online accounts, send malware, or
steal funds.
How it is done?

Spoofing via display name

Display name spoofing is a type of email spoofing, in which only the email sender’s display name
is forged. Somebody can do this by registering a new Gmail account with the same name as the
contact you want to impersonate. Mind you, the mailto: will display a different email address. If
you’ve ever received an email from Jeff Bezos asking you to loan some money – you’ve encountered
an example of spoofing via display name.
Spoofing via legitimate domains
• Suppose the attacker is aiming at higher believability. In that case, he may also use a trusted email
address in the From header, such as “Customer Support Specialist” . This means both the display
name and email address will show misleading information.
• This attack doesn’t need to hijack the account or penetrate the targeted company’s internal
network. It only uses compromised Simple Mail Transfer Protocol (SMTP) servers that permit
connections without authentication and allow you to manually specify the “To” and “From”
addresses.
• The attacker can always set up a malicious SMTP server himself.
• The situation is dire because many enterprise email domains aren’t using any countermeasures for
verification. Still, there are some techniques that you could use to protect your domain – more on
that later.
 Spoofing via lookalike domains
• Suppose a domain is protected, and domain spoofing isn’t possible. In that case, the attacker is
most likely going to set up a lookalike domain. In this type of attack, the fraudster registers and
uses a domain that is similar to the impersonated domain, e.g.”@doma1n.co” instead
of”@domain.co”. This change could be minimal enough not to be noticed by an inattentive reader.
It’s effective because when exactly was the last time you bothered to read an email header?
How to stop?

• Now, there are special checks in place (and more being put into place) to prevent exactly this
problem. One is called SPF or “Sender Policy Framework” which was developed by Meng Weng
Wong in 2003. Basically, each time an email is sent, the receiving server compares the IP of the
origin with the IP listed in the SPF record with the appropriate domain.
• EXAMPLE 1: So, for example, let’s say someone tried to spoof Bill Gates
([email protected]):
• They would send an email on his behalf the recipient server would then talk back to microsoft.com
and say“Hey, I have an email that is coming from 123.123.123.123 stating that
it was sent [email protected].”microsoft.com would then tells the recipient server,
“No, sorry, it should be comingfrom 111.111.111.111.”
• Two basic reasons people (and machines) spoof:
1)Malicious: To cause useless internet traffic - ultimately hoping to bog down servers or bring
them to a halt.

2)Because you were unlucky enough to have clicked the wrong thing at the wrong time.
How did they get my email address?

• People click a link in a phishing email and freely submit their email address to the list.
• People send forwards (such as today’s latest funny) to mass groups of people, exposing their email
address and everyone else’s. All you need is for one of those receiving email boxes to have a
scraper in it (something that pulls all the email addresses it can find and adds it to a list).
Spamming
• Spam is any kind of unwanted, unsolicited digital communication that gets sent out in bulk.
Often spam is sent via email, but it can also be distributed via text messages, phone calls, or social
media.
• However, spam email can also contain a malicious attempt to gain access to your computer.
• The acronym for “Sales Promotion and Marketing”.
• Involves sending messages by email to numerous recipients at the same time(mass emailing).
• Spammers collect email addresses from chatrooms,websites, viruses which harvest users address
books, customer lists ,newsgroups and are sold to other spammers
Purpose of spamming

• Advertisements
• Giveaways
• Political email
• Stock market advice
Types
1. Email Spam

• Email spam is often disguised in an attempt to fool any anti-spam software you may have installed.
• Spammers try to find ways to modify or conceal their messages to achieve this, such as putting
spaces between letters or replacing key letters with numbers or characters so that spam filters will
not be triggered.
• While your anti-spam software may not always be able to catch this, you should be able to identify
it fairly easily.
2. Instant Messaging (IM) or text message spam

• Instant Messaging spam (IM spam) is similar to email spam.

• The main difference is that rather than focusing their efforts on bombarding your email inbox,
spammers attempt to fool you on an instant messaging service such as Facebook Messenger,
Apple’s iMessage, or as SMS text messages.
• While not as common as email spam, IM/SMS spam is more difficult to block out because no
particular software exists specifically for spam received while using these services.
• A good way to avoid most of it is to create a closed list of friends from whom instant messages are
accepted or to block numbers you do not recognize.
• Even then, it is always possible that a computer belonging to someone within your “safe” list could
become infected, so any strange link you receive via IM/SMS should be verified before you click
on it. If you click on the link, sometimes it will lead you to a webpage that has been made to look
like the company it is claiming to be, but with slight differences, such as logos that are not
hyperlinked back to main pages or slightly different fonts.
3.Comments

• Spam is also often found in the comments sections of online articles, as well as on social media
platforms. These comments may simply be ads but can also include links leading to malicious or
inappropriate websites.
• Most social networks, such as Instagram, warn that “scammers use these fake or compromised
accounts to trick you into giving them money or personal information.”If you see a comment that
you think is spam, report it to the platform.
4.Smart phone spam

• It is possible to receive spam messages through email, text messages or even phone calls on your
mobile phone.
• On top of the usual issues with spam, you may be charged for these unsolicited text messages or
pay valuable minutes for the intrusive phone calls.
• It is important that you do not call back the number that has called you asking for information,
even if it is from a source you recognize, as it could be a spammer or hacker pretending to be an
institution.
Detection

• An email server detects spam by using spam filter software which evaluates incoming emails
on a number of criteria.
• When Spam protection is on, Messages uses machine learning models that operate on your
device to detect known spam patterns in your messages. The app analyzes these patterns to
catch more spam and warn you sooner.
• Be aware.
How spam filter works
Prevention
Salami Attack
• A salami attack is a type of cybercrime that attackers typically use to commit financial crimes.
• This attack occurs when several minor attacks combine to form a powerful attack.
• It also known as salami slicing.
• The attacker uses an online database to seize the information of customers that is bank/credit card
details deducting very little amounts from every account over a period of time. The customers
remain unaware of the slicing and hence no complaint is launched thus keeping the hacker away
from detection.
• Because of this type of cybercrime, these attacks frequently go undetected. Anyone found guilty of
such an attack faces punishment under Section 66 of the IT Act.
• E.g. a bank employee inserts a program, into the bank servers, that deducts a small amount of
money (say Rs. 2 a month)from the account of every customer. No account holder will probably
notice this unauthorized debit, but the bank employee will make a sizable amount of money every
month.Salami Attack consists of merging bits of seemingly inconsequential data to produce huge
results.
• A simple example is when an attacker/forger removes Rs. 0.01 (1 paise) from each account of SBI.
No one will notice such a tiny mismatch. But when one praise is deducted from all account holders
of India’s largest bank.
Incidents

• In January 1993, four executives of a rental-car franchise in Florida were charged with defrauding
at least 47,000 customers using a salami technique.
• In Los Angeles, in October 1998, district attorneys charged four men with fraud for allegedly
installing computer chips in gasoline pumps that cheated consumers by overstating the amounts
pumped.
• Amit Kumar Bhowmik, a senior High Court lawyer in Pune, lost Rs 180 after receiving three calls
from an unknown number in August 2013. He had received three blank calls from an unknown
number on his cell phone. When he checked his Airtel billing account online, he discovered he
was being charged Rs 60 for each call.
• Bhowmik, fed up with the harassment, filed a complaint with the Pune police crime branch’s
Cyber Crime Cell. The Cyber Crime Cell has yet to trace the location or identify the phone’s user
because mobile companies’ privacy policies have posed a barrier in locating the offenders.
How to identify salami attack
• The only way to detect salami attack according to me is to perform rigorous white box testing by
checking each and every line of code which is exhaustive but that’s the only way.
• The corporate has to update the security of the system as high as possible so that if the attacker is
taking advantage of any loophole than that bug is patched and attack is avoided.
• Also those banks should advise customers on reporting any kind of money deduction that they
aren’t aware that they were a part of. Whether a small or big amount, banks should encourage
customers to come forward and openly tell them that this could mean that an act of fraud could
very well be the scenario.
• Most Important according to me is that Customers should ideally not store information online
when it comes to bank details, but of course they can’t help the fact that banks rely on a network
that has all customers hooked onto a common platform of transactions that require a database. The
safe thing to do is to make sure the bank/website is highly trusted and hasn’t been a part of a
slanderous past that involved fraud in any way.
• This attack is not only on the banks but also on any entity where slicing can be performed and
people are made unaware of the crime.