Introduction of Cybercrime

Definition and Origins of the Word

• Cyber security is the protection of internet-connected
systems, including hardware, software and data, from
cyber attacks.
• A crime conducted in which a computer was directly and
significantly instrumental is called as a Cybercrime
• Cybercrime is not a new phenomena, the first recorded
cybercrime took place in the year 1820.
• Indian corporate and government sites have been
attacked more than 780 times between February 2000
and December 2002.
• A total of 3,286 Indian websites were hacked in 5 months
– between January and June 2009.
Alternative definitions of Cybercrime are as follows:
1. Any illegal act where a special knowledge of computer
technology is essential for its perpetration , investigation or
prosecution.
2. Any traditional crime that has acquired a new dimension or
order of magnitude through the aid of a computer, and
abuses that have come into being because of computers.
3. Any financial dishonesty that takes place in a computer
environment.
4. Any threats to the computer itself, such as theft of
hardware or software, damage and demands for money.
5. “Cybercrime is any illegal behavior, directed by means of
electronic operations, that targets the security of computer
systems and the data processed by them.”
Synonyms of cybercrime are:
• Computer-related crime
• Computer crime
• Internet crime
• E-crime
• High-tech crime
• Cybercrime specifically can be defined in a
number of ways; a few definitions are:
1. A crime committed using a computer and the
Internet to steal a person’s identity (identity theft)
or sell contraband or stalk victims or disrupt
operations with malevolent programs.
2. Crimes completed either on or with a computer.
3. Any illegal activity done through the Internet or
on the computer.
4. All criminal activities done using the medium of
computers, the Internet, cyberspace and the
WWW
The legal systems around the world scramble to
introduce laws to combat cyber criminals, 2 types
of attacks are prevalent:
1. Techno-crime: A premeditated act against a system
or systems, with the intent to copy, steal, prevent
access, corrupt or otherwise deface or damage
parts of or the complete computer system.
2. Techno-vandalism: These acts of “brainless”
defacement of websites and/or other activities,
such as copying files and publicizing their contents
publicly, are usually opportunistic in nature
Important Definitions related to Cyber Security:

Cyberterrorism:
• This term was coined in 1997 by Barry Collin.
• The use of information technology and means by
terrorist groups & agents is called as Cyberterrorism.
• Cyberterrorism is defined as “any person, group or
organization who, with terrorist intent, utilizes accesses
or aids in accessing a computer or computer network or
electronic system or electronic device by any available
means, and thereby knowingly engages in or attempts to
engage in a terrorist act commits the offence of
cyberterrorism.”
Cybernetics:
• Cybernetics deals with information and its
use.
• Cybernetics is the science that overlaps the
fields of neurophysiology, information theory,
computing machinery and automation.
Worldwide, including India, cyberterrorists
usually use computer as a tool, target for their
unlawful act to gain information.
Phishing:
• Phishing is a cyber attack that uses disguised email
as a weapon.
• The goal is to trick the email recipient into believing
that the message is something they want or need a
request from their bank, for instance, or a note from
someone in their company and to click a link or
download an attachment.
(OR)
• Phishing is a form of online identity theft that aims
to steal sensitive information such as online banking
passwords, credit card information from users etc
Cyberspace:
• This is a term coined by William Gibson, a
science fiction writer in 1984.
• Cyberspace is where users mentally travel
through matrices of data. Conceptually,
cyberspace is the nebulous place where
humans interact over computer networks.
• The term “cyberspace” is now used to describe
the Internet and other computer networks.
• Cyberspace is most definitely a place where
you chat, explore, research and play.
Cybersquatting
• The term is derived from “squatting” which is the act of
occupying an abandoned/unoccupied space/ building that
the user does not own, rent or otherwise have permission
to use. Cybersquatting, however, is a bit different in that the
domain names that are being squatted are (sometimes but
not always) being paid for by the cybersquatters through
the registration process.
• Cybersquatting means registering, selling or using a domain
name with the intent of profiting from the goodwill of
someone else’s trademark. In this nature, it can be
considered to be a type of cybercrime. Cybersquatting is the
practice of buying “domain names” that have existing
businesses names.
Cyberpunk:
• This is a term coined by Bruce Bethke,
published in science fiction stories magazine in
November 1983.
• According to science fiction literature, the
words “cyber” and “punk” emphasize the two
basic aspects of cyberpunk: “technology” and
“individualism.”
• The term “cyberpunk” could mean something
like “anarchy via machines” or
“machine/computer rebel movement.”
Cyberwarfare:
• Cyberwarfare means information attacks
against an unsuspecting opponent’s computer
networks, destroying and paralyzing nations.
 WHO ARE CYBERCRIMINALS?
Cybercriminals are people, who do cyber crimes or who
use internet to commit illegal activities
Cybercrime involves such activities
• credit card fraud;
• cyber stalking;
• defaming another online;
• gaining unauthorized access to computer systems;
• ignoring copyright, software licensing and trademark
protection;
• overriding encryption to make illegal copies;
• software piracy and stealing another’s identity (known as
identity theft) to perform criminal acts
 Types of Cybercriminals
Type I: Cybercriminals – hungry for recognition
– Hobby hackers;
– IT professionals (social engineering is one of the
biggest threat);
– Politically motivated hackers;
– Terrorist organizations.
Type II: Cybercriminals – not interested in recognition
– Psychological perverts;
– financially motivated hackers (corporate espionage);
– state-sponsored hacking (national espionage,
sabotage)
– organized criminals
Type III: Cybercriminals – the insiders
– Disgruntled or former employees seeking revenge;
– Competing companies using employees to gain
economic advantage through damage and/or theft.
CLASSIFICATIONS OF CYBERCRIMES
Cyber crimes are classified as follows:
– Cybercrime against individual
– Cybercrime against property
– Cybercrime against organization
– Cybercrime against society
Cybercrime against individual
– E-Mail Spoofing
– Phishing
– Spamming
– Pornographic Offenses
– Computer Sabotage
– Cyberstalking
– Online Frauds
– Password sniffing
Cybercrime against property
– Internet Time Theft
– credit card frauds
– Intellectual property (IP) crime
Cybercrime against Organization
– Unauthorized access of computer
– Password sniffing
– Dos attack
– Virus attack
– Trojan Horse
– Salami Attack/Salami Technique
– Data Diddling
– Newgroup Spam
– Industrial Espionage
– Software Piracy
– Mail bombing
– Computer network intrusion
Cybercrime against Society
– Forgery
– Web Jacking
– Cyberterrorism
E-Mail Spoofing:
A spoofed E-Mail is one that appears to originate from
one source but actually has been sent from another
source.
For example, let us say, Roopa has an E-Mail address
[email protected]. One of her enemy, spoofs her
E-Mail and sends vulgar messages to all her
acquaintances. Since the E-Mails appear to have
originated from Roopa, her friends could take offense
and relationships could be spoiled for life
Online Frauds:
• The most common types of online fraud are called phishing
and spoofing.
• Phishing is the process of collecting your personal
information through e-mails or websites claiming to be
legitimate.
• This information can include usernames, passwords, credit
card numbers, social security numbers, etc.
• Often times the e-mails directs you to a website where you
can update your personal information.
• Because these sites often look “official,” they hope you’ll be
tricked into disclosing valuable information that you
normally would not reveal.
• This often times, results in identity theft and financial loss.
Phishing, Spear Phishing and its various other forms such as
Vishing and Smishing
•Phishing is the process of collecting your personal
information through e-mails or websites claiming to be
legitimate.
•Spear Phishing is a method of sending a Phishing message
to a particular organization to gain organizational
information for more targeted social engineering.
•Vishing (voice phishing) is a type of phishing attack that is
conducted by phone and often targets users of Voice over
IP (VoIP) services like Skype.
•Smishing (SMS phishing) is a type of phishing attack
conducted using SMS (Short Message Services) on cell
phones.
Cyberstalking and harassment:
• The dictionary meaning of “stalking” is an “act or process
of following prey stealthily – trying to approach somebody
or something.”
• Cyberstalking has been defined as the use of information
and communications technology, particularly the Internet,
by an individual or group of individuals to harass another
individual, group of individuals, or organization.
• They are 2 types of stalkers:
– Online Stalkers: aim to start the interaction with the victim
directly with the help of the internet.
– Offline Stalkers: the stalker may begin the attack using traditional
methods such as following the victim, watching the daily routine
of the victim.
Computer Sabotage:
• The use of the Internet to stop the normal
functioning of a computer system through the
introduction of worms, viruses or logic bombs,
is referred to as computer sabotage.
• It can be used to gain economic advantage over
a competitor.
• Logic bombs are event-dependent programs
created to do something only when a certain
event occurs.
• Some viruses may be termed as logic bombs.
Password Sniffing:
• Is a hacking technique that uses a special
software application that allows a hacker to
steal usernames and passwords simply by
observing and passively recording network
traffic.
• This often happens on public WiFi networks
where it is relatively easy to spy on weak or
unencrypted traffic
Spamming:
• People who create electronic Spam are called
spammers.
• Spam is the abuse of electronic messaging systems to
send unrequested bulk messages indiscriminately.
• Although the most widely recognized form of Spam is
E-Mail Spam, the term is applied to similar abuses in
other media: instant messaging Spam, Usenet
newsgroup Spam, web search engine Spam, Spam in
blogs, wiki Spam, online classified ads Spam, mobile
phone messaging Spam, Internet forum Spam, junk fax
transmissions, social networking Spam, file sharing
network Spam.
Pornographic Offenses:
• Child pornography means any visual depiction,
including but not limited to the following:
– Any photograph that can be considered obscene
and/or unsuitable for the age of child viewer;
– film, video, picture;
– computer-generated image or picture of sexually
explicit conduct where the production of such
visual depiction involves the use of a minor
engaging in sexually explicit conduct.
• Child Pornography is considered an offense.
• The internet is being highly used by its abusers to
reach and abuse children sexually, worldwide.
• The Internet has become a household commodity in
the urban areas of the nation.
• Its explosion has made the children a viable victim
to the cybercrime.
• Pedophiles are the people who physically or
psychologically coerce minors to engage in sexual
activities, which the minors would not consciously
consent too.
Here is how pedophiles operate:
– Step 1: Pedophiles use a false identity to trap the children/teenagers.
– Step 2: They seek children/teens in the kids’ areas on the services,
such as the Games BB or chat areas where the children gather.
– Step 3: They befriend children/teens.
– Step 4: They extract personal information from the child/teen by
winning his/her confidence.
– Step 5: Pedophiles get E-Mail address of the child/teen and start
making contacts on the victim’s E-Mail address as well. Sometimes,
these E-Mails contain sexually explicit language.
– Step 6: They start sending pornographic images/text to the victim
including child pornographic images in order to help child/teen shed
his/her inhibitions so that a feeling is created in the mind of the
victim that what is being fed to him is normal and that everybody
does it.
– Step 7: At the end of it, the pedophiles set up a meeting with the
child/teen out of the house and then drag him/her into the net to
further sexually assault him/her or to use him/her as a sex object.
 Cybercrime against property
Credit Card Frauds:
• Credit card fraud is an inclusive term for fraud
committed using a payment card, such as a credit card or
debit card.
• The purpose may be to obtain goods or services, or to
make payment to another account which is controlled by
a criminal.
• The Payment Card Industry Data Security Standard (PCI
DSS) is the data security standard created to help
businesses process card payments securely and reduce
card fraud.
• Credit card fraud can be authorized, where the
genuine customer themselves processes a
payment to another account which is
controlled by a criminal.
• Unauthorized, where the account holder does
not provide authorization for the payment to
proceed and the transaction is carried out by a
third party.
Intellectual Property (IP) Crimes:
• With the growth in the use of internet these days the
cyber crimes are also growing.
• Cyber theft of Intellectual Property (IP) is one of
them.
• Cyber theft of IP means stealing of copyrights,
software piracy, trade secrets, patents etc., using
internet and computers.
• Copyrights and trade secrets are the two forms of IP
that is frequently stolen.
• For example, stealing of software, business strategies
etc.
• Generally, the stolen material is sold to the rivals or others
for further sale of the product.
• This may result in the huge loss to the company who
originally created it.
• Another major cyber theft of IP faced by India is piracy.
• These days one can get pirated version of movies, software
etc.
• The piracy results in a huge loss of revenue to the copyright
holder.
• It is difficult to find the cyber thieves and punish them
because everything they do is over internet, so they erase
the data immediately and disappear within fraction of a
second
Internet time theft:
• Theft occurs when an unauthorized person uses the
Internet hours paid for by another person.
• Basically, Internet time theft comes under hacking
because the person who gets access to someone else’s
ISP user ID and password, either by hacking or by
gaining access to it by illegal means, uses it to access
the Internet without the other person’s knowledge.
• However, one can identify time theft if the Internet
time has to be recharged often, even when one’s own
use of the Internet is not frequent.
• The issue of Internet time theft is related to the crimes
conducted through identity theft.
 Cybercrime against Organization
Unauthorized accessing of Computer:
• Hacking is one method of doing this and
hacking is punishable offense.
• Unauthorized computer access, popularly
referred to as hacking, describes a criminal
action whereby someone uses a computer to
knowingly gain access to data in a system
without permission to access that data.
Denial-of-service Attacks (DoS Attacks):
• It is an attempt to make a computer resource
unavailable to its intended users.
• In this type of criminal act, the attacker floods
the bandwidth of the victim’s network or fills his
E-Mail box with spam mail depriving him of the
services he is entitled to access or provide.
• The goal of DoS is not to gain unauthorized
access to systems or data, but to prevent
intended users (i.e., legitimate users) of a service
from using it
Virus attacks/dissemination of Viruses:
• Computer virus is a program that can “infect”
legitimate (valid) programs by modifying them to
include a possibly “evolved” copy of itself.
• Viruses spread themselves, without the knowledge
or permission of the users, to potentially large
numbers of programs on many machines.
• A computer virus passes from computer to
computer in a similar manner as a biological virus
passes from person to person.
• Viruses may also contain malicious instructions that
may cause damage or annoyance
Viruses can take some typical actions:
– Display a message to prompt an action which may
set of the virus
– Delete files inside the system into which viruses
enter
– Scramble data on a hard disk
– Cause erratic screen behavior
– Halt the system (PC)
– Just replicate themselves to propagate further
harm
E-Mail bombing/Mail bombs:
• E-Mail bombing refers to sending a large number of E-Mails
to the victim to crash victim’s E-Mail account (in the case of
an individual) or to make victim’s mail servers crash (in the
case of a company or an E-Mail service provider).
• Computer program can be written to instruct a computer to
do such tasks on a repeated basis.
• In recent times, terrorism has hit the Internet in the form of
mail bombings.
• By instructing a computer to repeatedly send E-Mail to a
specified person’s E-Mail address, the cybercriminal can
overwhelm the recipient’s personal account and potentially
shut down entire systems.
• This may or may not be illegal, but it is certainly disruptive
Salami Attack/Salami technique:
• These attacks are used for committing financial crimes.
• The idea here is to make the alteration so insignificant
that in a single case it would go completely unnoticed;
• For example a bank employee inserts a program, into
the bank’s servers, that deducts a small amount of
money (say Rs. 2/- or a few cents in a month) from the
account of every customer.
• No account holder will probably notice this
unauthorized debit, but the bank employee will make
a sizable amount every month.
Logic Bomb:
• A Logic Bomb is a piece of often-malicious
code that is intentionally inserted into
software.
• It is activated upon the host network only
when certain conditions are met.
• Some viruses may be termed as logic bombs
because they lie dormant all through the year
and become active only on a particular date
Trojan Horse:
• A Trojan Horse, Trojan for short, is a term used
to describe malware that appears, to the user,
to perform a desirable function but, in fact,
facilitates unauthorized access to the user’s
computer system
Data Diddling:
• A data diddling (data cheating) attack involves
altering raw data just before it is processed by
a computer and then changing it back after
the processing is completed.
• Electricity Boards in India have been victims to
data diddling programs inserted when private
parties computerize their systems
Industrial spying/Industrial espionage:
• Spying is not limited to governments.
• Corporations, like governments, often spy on the
enemy.
• The Internet and privately networked systems
provide new and better opportunities for
espionage.
• “Spies” can get information about product
finances, research and development and
marketing strategies, an activity known as
“industrial spying.
Computer network intrusions:
• “Crackers” who are often misnamed “Hackers can break
into computer systems from anywhere in the world and
steal data, plant viruses, create backdoors, insert Trojan
Horses or change user names and passwords.
• Network intrusions are illegal, but detection and
enforcement are difficult.
• Current laws are limited and many intrusions go
undetected.
• The cracker can bypass existing password protection by
creating a program to capture logon IDs and passwords.
• The practice of “strong password” is therefore
important.
Password Sniffing
• Password Sniffers are programs that monitor and
record the name and password of network users as
they login, jeopardizing security at a site.
• Whoever installs the Sniffer can then impersonate an
authorized user and login to access restricted
documents.
• Laws are not yet set up to adequately prosecute a
person for impersonating another person online.
• Laws designed to prevent unauthorized access to
information may be effective in apprehending crackers
using Sniffer programs.
Software piracy:
• This is a big challenge area indeed.
• Cybercrime investigation cell of India defines “software
piracy” as theft of software through the illegal copying of
genuine programs or the counterfeiting and distribution of
products intended to pass for the original.
• There are many examples of software piracy:
1. end-user copying: friends loaning disks to each other, or
organizations under-reporting the number of software
installations they have made, or organizations not tracking their
software licenses;
2. hard disk loading with illicit means: hard disk vendors load
pirated software;
3. counterfeiting: large-scale duplication and distribution of illegally
copied software;
4. Illegal downloads from the Internet: by intrusion,
by cracking serial numbers, etc.
Beware that those who buy pirated software have a
lot to lose:
• getting untested software that may have been copied
thousands of times over,
• the software, if pirated, may potentially contain hard-
drive-infecting viruses,
• there is no technical support in the case of software
failure, that is, lack of technical product support
available to properly licensed users,
• there is no warranty protection,
• there is no legal right to use the product, etc.
Newsgroup Spam/Crimes emanating from
Usenet newsgroup:
• This is one form of spamming.
• The word “Spam” was usually taken to mean
Excessive Multiple Posting (EMP).
• The advent of Google Groups, and its large
Usenet archive, has made Usenet more
attractive to spammers than ever.
• Spamming of Usenet newsgroups actually
predates E-Mail Spam.
Cybercrime against Society
Forgery:
• Counterfeit currency notes, postage and revenue
stamps, mark sheets, etc. can be forged using
sophisticated computers, printers and scanners.
• Outside many colleges there are miscreants soliciting
the sale of fake mark-sheets or even degree certificates.
• These are made using computers and high quality
scanners and printers.
• In fact, this is becoming a booming business involving
large monetary amount given to student gangs in
exchange for these bogus but authentic looking
certificates.
Cyberterrorism:
• Cyberterrorism is a controversial term.
• Cyberterrorism is the use of the Internet to conduct violent
acts that result in, or threaten, loss of life or significant
bodily harm, in order to achieve political or ideological
gains through threat or intimidation.
• It is also sometimes considered an act of Internet terrorism
where terrorist activities, including acts of deliberate, large-
scale disruption of computer networks, especially of
personal computers attached to the Internet by means of
tools such as computer viruses, computer worms, phishing,
and other malicious software and hardware methods and
programming scripts.
Web Jacking:
• Web jacking occurs when someone forcefully
takes control of a website (by cracking the
password and later changing it).
• Thus, the first stage of this crime involves
“password sniffing”.
• The actual owner of the website does not
have any more control over what appears on
that website.
 CYBERCRIME AND INFORMATION SECURITY
• Lack of information security gives rise to cybercrimes.
• Let us refer to the amended Indian Information Technology
Act (ITA) 2000 in the context of cybercrime.
• From an Indian perspective, the new version of the Act
(referred to as ITA 2008) provides a new focus on
“Information Security in India"
• “Cybersecurity” means protecting information, equipment,
devices, computer, computer resource, communication device
and information stored therein from unauthorized access,
use, disclosure, disruption, modification or destruction.
• The term incorporates both the physical security of devices as
well as the information stored therein.
• It covers protection from unauthorized access, use, disclosure,
disruption, modification and destruction.
• Where financial losses to the organization due
to insider crimes are concerned, often some
difficulty is faced in estimating the losses
because the financial impacts may not be
detected by the victimized organization and
no direct costs may be associated with the
data theft.
The Botnet Menace
• A group of computers that are controlled by
software containing harmful programs,
without their users' knowledge is called as
Botnet.
• The term “Botnet” is used to refer to a group
of compromised computers (zombie
computers, i.e., personal computers secretly
under the control of hackers) running
malwares under a common command and
control infrastructure.
• A Botnet maker can control the group remotely for illegal
purposes, the most common being
– denial-of-service attack (DoS attack),
– Adware,
– Spyware,
– E-Mail Spam,
– Click Fraud
– theft of application serial numbers,
– login IDs
– financial information such as credit card numbers, etc.
• An attacker usually gains control by infecting the computers
with a virus or other Malicious Code.
• The computer may continue to operate normally without the
owner’s knowledge that his computer has been compromised.
• The problem of Botnet is global in nature and India is also
facing the same.
• India has an average of 374 new Bot attacks per day and had
more than 38,000 distinct Bot-infected computers in the first half
of the year 2009.
• Small and medium businesses in the country are at greater risk,
as they are highly vulnerable to Bots, Phishing, Spam and
Malicious Code attacks.
• Mumbai with 33% incidences tops the Bot-infected city list,
followed by New Delhi at 25%, Chennai at 17% and Bangalore at
13%.
• Tier-II locations are now also a target of Bot-networks with
Bhopal at 4% and Hyderabad, Surat, Pune and Noida at 1% each.
• The Internet is a network of interconnected computers. If the
computers, computer systems, computer resources, etc. are
unsecured and vulnerable to security threats, it can be
detrimental to the critical infrastructure of the country.