Chapter 1

Introduction to
Cybercrime
 A6562 - Cyber Security
Course Description
Course Overview
This Course provides a comprehensive overview of how to
integrate cloud and mobile technology. It is an emerging field
and this course explores how distributed resources can be
shared by mobile users in different ways and issues arising
there from. This course also provides understanding of
Architecture, Applications of Mobile Cloud Computing along
with Offloading concept and Resource allocation techniques.
This also introduces concept called Green Mobile Computing
and also discusses about the security issues in Mobile Cloud
Computing. This course enables the student to choose as
research area of interest.
Course Pre/co-requisites
A6510 - Computer Networks
A6552 - Network Security and Cryptography
Course Outcomes (COs)
After the completion of the course, the student will be able to:
A6562.1 Identify the cybercrimes and offences in the network
accesses.
A6562.2 Interpret the criminal plans before going to attack.
A6562.3 Choose various security measures on mobile devices
for a given scenario and make an effective report.
A6562.4 Identify the various methods and tools in Cyber
Crime.
A6562.5 Examine how to protect our organization from
intruders, attackers and cyber criminals.
Course Syllabus
Introduction to Cybercrime: Introduction, Cybercrime, and
Information Security, who are Cybercriminals, Classifications of
Cybercrimes. Cybercrime: The legal Perspectives and Indian
Perspective, Cybercrime and the Indian ITA 2000, A Global
Perspective on Cybercrimes.
Cyber Offenses: How Criminals Plan Them: Introduction, How
Criminals plan the Attacks, Social Engineering, Cyber stalking,
Cyber cafe and Cybercrimes. Botnets: The Fuel for Cybercrime,
Attack Vector, and Cloud Computing.
Cybercrime -Mobile and Wireless Devices: Introduction,
Proliferation of Mobile and Wireless Devices, Trends in Mobility,
Credit card Frauds in Mobile and Wireless Computing Era,
Security Challenges Posed by Mobile Devices, Registry Settings
for Mobile Devices, Authentication service Security, Attacks on
Mobile/Cell Phones, Mobile Devices: Security Implications for
Organizations, Organizational Measures for Handling Mobile,
Organizational Security Policies an Measures in Mobile
Computing Era, Laptops.
Tools andMethods Used in Cybercrime: Introduction, Proxy
Servers and Anonymizers, Phishing, Password Cracking,
Keyloggers and Spywares, Virus and Worms, Trojan Horse and
Backdoors, Steganography, DoS and DDoS attacks, SQL
Injection, Buffer Overflow.
Cyber Security: Organizational Implications Introduction,
Cost of Cybercrimes and IPR issues, Web threats for
Organizations, Security and Privacy Implications. Social media
marketing: Security Risks and Perils for Organizations, Social
Computing and the associated challenges for Organizations.
Books and Materials
Text Books:
1. Nina Godbole and Sunil Belapure., Cyber Security: Understanding
Cyber Crimes, Computer Forensics and Legal Prespectives, 1st
Edition, Wiley INDIA, 2011.
Reference Books:
1. James Graham, Richard Howard and Ryan Otson., Cyber Security
Essentials, 1st Edition,CRC Press, 2011.
2. Chwan-Hwa(John), Wu,J.David Irwin., Introduction to Cyber
Security, 1st Edition, CRC Press T&F Group, 2013.
3. Richard A. Clarke, Robert Knake., Cyberwar: The Next Threat to
Introduction
Internet has undeniably opened a new way of exploitation known as
cybercrime involving the use of computers, the Internet, cyberspace and the
worldwide web (WWW).

Figure 1, based on a 2008 survey in Australia, shows the cybercrime trend.

While the worldwide scenario on cybercrime looks bleak, the situation in India
is not any better.

Indian corporate and government sites have been attacked or

defaced(Spoiled) more than 780 times between February 2000 and
December 2002.

A total of 3,286 Indian websites were hacked in 5 months – between January

and June 2009.
Cyberspace
Cyberspace is where users mentally travel through matrices of data. Conceptually,
cyberspace is the nebulous place where humans interact over computer networks.
The term cyberspace is now used to describe the internet and other computer
networks. In terms of computer science, cyberspace is a worldwide network of
computer networks that uses the TCP/IP for communication to facilitate transmission
and exchange of data.
Cybersquatting
Cybersquatting is derived from “squatting” which is the act of occupying an
abandoned/unoccupied space/ building that the squatter does not own, rent or
otherwise have permission to use.
Domain names that are being squatted are being paid for by the cybersquatters
through the registration process. Cybersquatters usually ask for prices far greater than
those at which they purchased it. Some cybersquatters put up derogatory of
defamatory remarks about the person or company the domain is meant to represent
in an effort to encourage the subject to buy the domain from them. Cybersquatting is
the act of registering a popular internet address, company name, with intent of selling
it to its rightful owner. From an individual point of view, cybersquatting means
registering , selling or using a domain name with the intent of profittingfrom goodwill
of someone else’s trademark
Cyberpunk and cyberwarfare
“cyber” and “punk” emphasize the two basic aspects of cyberpunk
”technology” and “individualism”. Mean something like “anarchy(inserting)
via machines” or “machine/computer rebel movement”. Idea behind calling
it “cyberpunk” was a invent a new term that will express the
juxtaposition(together) of punk attitudes and high technology. For the
terms “hackers”,”crackers” and others.
Cyberwarfare , means information warriors unleashing(strong force) vicious
(violent) attacks against an unsuspecting opponents computer networks,
wreking havoc(making strong damage), paralyzing nations.
Cyberterrorism
Cyberterrorism is defined as “any person, group or organization who, with
terrorist intent, utilizes accesses or aids in accessing a computer or
computer network or electronic system or electronic device by any available
means, and thereby knowingly engages in or attempts to engage in a
terrorist act commits the offence of cyberterrorism.”
Cybercrime: Definition and Origins of the Word
The definitions of computer crime:
1. Any illegal act where a special knowledge of computer technology is
essential for its perpetration(doing something wrong), investigation or
prosecution.
2. Any traditional crime that has acquired a new dimension or order of
magnitude through the aid of a computer, and abuses that have come into
being because of computers.
3. Any financial dishonesty that takes place in a computer environment.
4. Any threats to the computer itself, such as theft of hardware or software,
sabotage(damage) and demands for ransom(demanding sum of money).

The term “cybercrime” relates to a number of other terms such as:

• Computer-related crime
• Computer crime
• Internet crime
• E-crime
• High-tech crime
Two types of attack are prevalent in cybercrimes:
1. Techno-crime: A premeditated(plan) act against a system or systems, with
the intent to copy, steal, prevent access, corrupt or otherwise deface or
damage parts of or the complete computer system.
2. Techno-vandalism: These acts of “brainless” defacement of websites and/or
other activities, such as copying files and publicizing their contents publicly, are
usually opportunistic in nature.

Cybercrimes differ from most terrestrial(existing) crimes in four ways:

(a) how to commit them is easier to learn
(b) they require few resources relative to the potential damage caused
(c) they can be committed in a jurisdiction without being physically present in it
(d) they are often not clearly illegal.

Cyberterrorism is defined as “any person, group or organization who, with

terrorist intent, utilizes accesses or aids in accessing a computer or computer
network or electronic system or electronic device by any available means, and
thereby knowingly engages in or attempts to engage in a terrorist act commits
the offence of cyberterrorism.”
How cybercrimes are planned and how they actually take place
• Cyberterrorists usually use computer as a tool, target or both for their
unlawful act to gain information.
• Internet is one of the means by which the offenders(criminals) can gain
priced sensitive information of companies, firms, individuals, banks and can
lead to intellectual property (IP), selling illegal articles, pornography/child
pornography, etc. This is done using:
 Phishing, Spoofing, Pharming, Internet Phishing, wire transfer, etc.
 Cybercrime and Information Security

Indian Information Technology Act (ITA 2008) provides a new focus on

“Information Security in India.”
 “Cybersecurity” means protecting information, equipment, devices,
computer, computer resource, communication device and information
stored therein from unauthorized access, use , disclosure, disruption,
destruction or modification.
 Where financial losses to the organization due to insider crimes are
concerned, difficulty is faced in estimating the losses because the
financial impacts may not be detected by the victimized organization and
no direct costs may be associated with the data theft.
.
 For anyone trying to compile data on business impact of cybercrime, there
are number of challenges.
o Organizations do not explicitly incorporate the cost of the vast
majority of computer security incidents into their accounting.
o There is always a difficulty in attaching a quantifiable monetary value
to the corporate data and yet corporate data get stolen/lost.
o Most organizations abstain(except) from revealing facts and figures
about “security incidents” including cybercrime.
o Organizations perception about “insider attacks” seems to be different
than that made out by security solution vendor.
o Awareness about “data privacy” too tends to be low in most
organizations
The Botnet Menace

-Refers to group of compromised computers(zombie computers i.e., personal

computers secretly under the control of hackers) running malwares under a
common command and control infrastructure
-Botnet maker can control the group remotely for illegal purposes. Most
common being denial-of-service attack(DoS attack). Adware, Spyware,E-mail
Spam, Click Fraud, theft of application serial numbers, login IDs and financial
information such as credit card numbers etc
Figure 3 shows several categories of incidences – viruses, insider abuse,
laptop theft and unauthorized access to systems.

Typical network misuses are for:

 Internet radio
 streaming audio
 streaming video
 file sharing
 instant messaging
 Online gaming
 Online gambling
 Who are Cybercriminals?
Cybercriminals are those who conduct activities such as child pornography;
credit card fraud; cyber stalking(harass); defaming another online; gaining
unauthorized access to computer systems; ignoring copyright, software
licensing and trademark protection; overriding encryption to make illegal
copies; software piracy and stealing another’s identity to perform criminal acts.
1. Type I: Cybercriminals – hungry for recognition
-Hobby hackers,
-IT professionals(social engineering is one of the biggest threat),
-Political motivated hackers, terrorist organizations
2. Type II: Cybercriminals – not interested in recognition
-Psychological perverts(distort),
-financially motivated hackers(corporate espionage(using spies),
-state-sponsored hacking(national espionage, sabotage(damage)),
-organized criminals.
3. Type III: Cybercriminals – the insiders
-disgruntled or former employees seeking revenge
-competing companies using employees to gain economic advantage through
damage and/or theft
Classifications of Cybercrimes
Crime is defined as “an act or the commission of an act that is forbidden or the
omission of a duty that is commanded by a public law and that makes the offender
liable to punishment by that law”
 Cybercrimes are classified as follows:
1. Cybercrime against individual
2. Cybercrime against property
3. Cybercrime against organization
4. Cybercrime against Society
5. Crimes emanating from Usenet newsgroup:
1. Cybercrime against individual
-e-mail spoofing and other frauds
-phishing
-Spamming
-Cyberdefamation
-Cyberstalking and harassment
-computer sabotage
-pornographic offences
-Password sniffing: this belongs to category of cybercrime against
organization because the use of password could be by an individual for
his/her personal work or the work he/she is doing using a computer that
belongs to an organization
2. Cybercrime against property
-credit card frauds
-Intellectual Property(IP) crimes: IP crimes include software piracy, copyright
infringement, trademark violations, theft of computer source code etc
-internet time theft

3. Cybercrime against organization

-Unauthorized access of computers: Hacking is one method of doing this and
hacking is a punishable offence
-Password sniffing
-Denial-of-service attack
-Virus attack/disseminations of viruses
-E-mail bombing/mail bombs
-Salami attack / salami technique
-Logic Bomb
-Trojan Horse
-Data diddling(cheating)
4. Cybercrime against Society
-Forgery
-Cyberterrorism
-Web Jacking

5.Crimes emanating(originate) from usenet newsgroup

Usernet groups may carry very offensive, harmful, inaccurate or otherwise
inappropriate material,or in some cases, posting that have been mislabeled
or are deceptive in another way
E-Mail Spoofing
• A spoofed E-Mail is one that appears to originate from one source but
actually has been sent from another source.

Spamming
• People who create electronic Spam are called spammers.
• Spam is the abuse of electronic messaging systems to send unsolicited bulk
messages indiscriminately.
• Spamming is widely detested, and has been the subject of legislation in
many jurisdictions – for example, the CAN-SPAM Act of 2003.
Search engine spamming
 Spamming is alteration or creation of a document with the intent to
deceive(to believe something that is not true) an electronic catalog or filing
system.
 Some web authors use “subversive techniques” to ensure that their site
appears more frequently or higher number in returned search results.
Cyberdefamation
• “Cyberdefamation” occurs when defamation(action of damaging the good
reputation) takes place with the help of computers and/or the According to
the IPC Section 499:
1. It may amount to defamation to impute(represent as being done) anything
to a deceased person, if the imputation would harm the reputation of that
person if living, and is intended to be hurtful to the feelings of his family or
other near relatives.
2. It may amount to defamation to make an imputation concerning a company,
association, or a collection of persons.
3. An imputation in the form of an alternative or expressed
ironically(sarcastically), may amount to defamation.
4. No imputation is said to harm a person’s reputation unless that imputation
directly or indirectly, in the estimation of others, lowers the moral or
intellectual character of that person, or lowers the character of that person in
respect of his caste or his calling, or lowers the credit of that person.
4. No imputation is said to harm a person’s reputation unless that imputation
directly or indirectly, in the estimation of others, lowers the moral or
intellectual character of that person, or lowers the character of that person in
respect of his caste or of his calling, or lowers the credit of that person, or
causes it to be believed that the body of that person is in a
loathsome(dislikable) state or in a state generally considered as disgraceful.
• The law on defamation attempts to create a workable balance between two
equally important human rights
1. The right to an unimpaired(un shrink) reputation
2. The right to freedom of expression
Internet Time Theft
 Internet time theft occurs when an unauthorized person uses the
Internet hours paid for by another person.
 It comes under hacking because the person gets access to someone
else’s ISP user ID and password, either by hacking or by gaining
access to it by illegal means

Salami Attack/Salami Technique

 These attacks are used for committing financial crimes.
 No account holder will probably notice this unauthorized debit, but
the bank employee will make a sizable amount every month.

Data Diddling
 A data diddling attack involves altering raw data just before it is
processed by a computer and then changing it back after the
processing is completed.
 Electricity Boards in India have been victims to data diddling
programs inserted when private parties computerize their systems.
Forgery
• Forging counterfeit currency notes, postage and revenue stamps, marksheets, etc.
using sophisticated computers, printers and scanners.
Web Jacking
• Web jacking occurs when someone forcefully takes control of a website (by cracking
the password and later changing it).
Newsgroup Spam/Crimes Emanating from Usenet Newsgroup
• This is one form of spamming. The word “spam” was usually taken to mean
excessive multiple posting(EMP)
• The advent of Google Groups, and its large Usenet archive, has made Usenet more
attractive to spammers than ever.
• Spamming of Usenet newsgroups actually predates E-Mail Spam.
Industrial Spying/Industrial Espionage
• “Spies” can get information about product finances, research and development and
marketing strategies, an activity known as “industrial spying.”
• “Targeted Attacks” - applies very well to organizations that are victim of focused
attacks aiming at stealing corporate data, Intellectual Property or whatever else that
may yield a competitive advantage for a rival company.
• There are two distinct business models for cybercrime applied to industrial spying
 Selling Trojan-ware
 Selling Stolen Intellectual Property.
Hacking
Hackers, crackers and phrackers are some of the oft-heard terms. The original
meaning of the word “hack” meaning an elegant, witty or inspired way of doing
almost anything originated at MIT.

 Hackers write or use ready-made computer programs to attack the target

computer.
 They possess the desire to destruct and they get enjoyment out of such
destruction.
 Some hackers hack for personal monetary gains, such as stealing credit card
information, transferring money from various bank accounts to their own account
followed by withdrawal of money.

Online Frauds
Types of crimes under the category of hacking
 Spoofing(imitate) website and E-Mail security alerts
 Hoax(a plan to deceive a large group of people) emails about virus threats
 lottery frauds
 Spoofing.
Spoofing websites and E-Mail security threats
o Fraudsters create authentic looking websites that are actually nothing but a spoof.
o The purpose of these websites is to make the user enter personal information
which is then used to access business and bank accounts
o This kind of online fraud is common in banking and financial sector.
o It is strongly recommended not to input any sensitive information that might help
criminals to gain access to sensitive information, such as bank account details,
even if the page appears legitimate.
Virus hoax E-Mails
o The warnings may be genuine, so there is always a dilemma whether to take them
lightly or seriously.
o A wise action is to first confirm by visiting an antivirus site such as McAfee, Sophos
or Symantec before taking any action, such as forwarding them to friends and
colleagues.
Lottery frauds
o Typically letters or E-Mails that inform the recipient that he/she has won a prize in
a lottery.
o To get the money, the recipient has to reply, after which another mail is received
asking for bank details so that the money can be directly transferred.
 Spoofing
o A hacker logs-in to a computer illegally, using a different identity than his own.
o He creates a new identity by fooling the computer into thinking that the hacker
is the genuine system operator and then hacker then takes control of the
system.

Pornographic Offenses
“Child pornography” includes:
1. Any photograph that can be considered obscene and/or unsuitable for the age
of child viewer;
2. film, video, picture;
3. computer-generated image or picture of sexually explicit conduct where the
production of such visual depiction involves the use of a minor engaging in
sexually explicit conduct.

 As the broad-band connections get into the reach of more and more homes,
larger child population will be using the Internet and therefore greater would
be the chances of falling victim to the aggression of pedophiles.
Software Piracy
 Theft of software through the illegal copying of genuine programs or the
counterfeiting and distribution of products intended to pass for the original.
Those who buy pirated software have a
lot to lose:
(a) getting untested software that may
have been copied thousands of times
over
(b) the software, if pirated, may
potentially contain hard-drive-
infecting viruses
(c) there is no technical support in the
case of software failure, that is, lack
of technical product support
available to properly licensed users
(d) there is no warranty protection,
(e) there is no legal right to use the
product, etc.
Economic impact of software piracy is
grave (see Fig. 4).
Computer Sabotage
It is the use of the Internet to hinder the normal functioning of a computer system
through the introduction of worms, viruses or logic bombs. It can be used to gain
economic advantage over a competitor, to promote the illegal activities of terrorists
or to steal data or programs for extortion purposes. Logic bombs are event-
dependent programs created to do something only when a certain event (known as a
trigger event) occurs. Some viruses may be termed as logic bombs.

E-Mail Bombing/Mail Bombs

 It refers to sending a large number of E-Mails to the victim to crash victim’s E-Mail
account or to make victim’s mail servers crash (in the case of a company or an E-
Mail service provider).
 Computer program can be written to instruct a computer to do such tasks on a
repeated basis.

Usenet Newsgroup as the Source of Cybercrimes

Usenet is a popular means of sharing and distributing information on the Web with
respect to specific topic or subjects. It is a mechanism that allows sharing
information in a many-to-many manner. The newsgroups are spread across 30,000
different topics.
Computer Network Intrusions
 Computer Networks pose a problem by way of security threat because people can
get into them from anywhere.
 The cracker can bypass existing password protection by creating a program to
capture logon IDs and passwords.
 The practice of “strong password” is therefore important.
Password Sniffing
 Password Sniffers are programs that monitor and record the name and password of
network users as they login, jeopardizing(putting something into loss or harm, or
failure) security at a site.
 Whoever installs the Sniffer can then impersonate an authorized user and login to
access restricted documents.
Credit Card Frauds
 Millions of dollars may be lost annually by consumers who have credit card and
calling card numbers stolen from online databases.
 Bulletin boards and other online services are frequent targets for hackers who want
to access large databases of credit card information.
Identity Theft
 Identity theft is a fraud involving another person’s identity for an illicit purpose.
 This occurs when a criminal uses someone else’s identity for his/her own illegal purposes.
 The cyberimpersonator can steal unlimited funds in the victim’s name without the victim
even knowing about it for months, sometimes even for years!
Cybercrime: The Legal Perspectives

Computer Crime: Criminal Justice Resource Manual (1979)

 The first comprehensive presentation of computer crime
 computer-related crime was defined in the broader meaning as: any illegal
act for which knowledge of computer technology is essential for a successful
prosecution.
Cybercrime:
 outcome of “globalization.”
 Globalized information systems accommodate an increasing number of
transnational offenses.
This problem can be resolved in two ways:
1. Divide information systems into segments bordered by state boundaries
2. Incorporate the legal system into an integrated entity obliterating(destroy
utterly or wipe out) these state boundaries
Cybercrimes: An Indian Perspective
India has the fourth highest number of Internet users in the world.
 there are 45 million Internet users in India
 37% - from cybercafes
 57% of users are between 18 and 35 years.
 A point to note is that the majority of off enders (who commit an illegal act)
were under 30 years.
 About 46% cybercrime cases were related to incidents of
cyberpornography
 In over 60% of these cases, off enders were between 18 and 30 years.
Cybercrime and the Indian ITA 2000
 The first step toward the Law relating to E-Commerce at international
level to regulate an alternative form of commerce and to give legal status
in the area of E-Commerce.
 ITA 2000 was enacted after the United Nation General Assembly
Resolution A/RES/51/162 in January 30, 1997 by adopting the model law
on electronic Commerce adopted by United Nations Commission on
International Trade Law
Hacking and the Indian Law(s)
 Cybercrimes are punishable under two categories: the ITA 2000 and the
IPC.
 A total of 207 cases of cybercrime were registered under the IT Act in 2007
compared to 142 cases registered in 2006.
 Under the IPC too, 339 cases were recorded in 2007 compared to 311
cases in 2006.
 Some noteworthy provisions under the ITA2000 , which is said to be
undergoing key changes very soon.
A Global Perspective on Cybercrimes
 In Australia, cybercrime has a narrow(more than one) statutory meaning as
used in the Cyber Crime Act 2001, which details offenses against computer
data and systems.
 However, broad meaning is given to cybercrime at an international level
 In the Council of Europe’s (CoE’s) Cyber Crime Treaty(agreement),
cybercrime is used as an umbrella term to refer to an array of criminal
activity including offenses against computer data and systems, computer-
related offenses, content offenses and copyright offenses.
 Recently, there have been a number of significant developments such as
1. August 4, 2006 Announcement: The US Senate ratifies CoE Convention
on Cyber Crime. The convention targets hackers, those who are spreading
destructive computer viruses, those using the Internet for the sexual
exploitation of children or the destruction of racist(discrimination against
person or people based on ethnic etc.) material, and terrorists attempting
to attack infrastructure facilities or financial institutions.
2. In August 18, 2006, there was a news article published “ISPs Wary About
‘Drastic Obligations’(more responsible) on Web Site Blocking.” European
Union(EU) officials debar suspicious websites as part of a 6-point plat to
boost joint antiterrorism activities.
3. CoE Cyber Crime Convention (1997–2001) was the first international
treaty seeking to address Internet crimes by harmonizing national laws,
improving investigative techniques and increasing cooperation among
nations. More than 40 countries have ratified(giving formal consent) the
convention.
Cybercrime and the Extended Enterprise
 It is the responsibility of each user to become aware of the threats as well as
the opportunities that “connectivity” and “mobility” presents them with.
 Extended enterprise - represents the concept that a company is made up
not just of its employees, its board members and executives, but also its
business partners, its suppliers and even its customers (Fig. 5).
 An extended enterprise is a “loosely coupled, self organizing network” of
firms that combine their economic output to provide “ products and
services” offering to the market.
 Firms in the extended enterprise may operate independently, for example
through market mechanisms or cooperatively through agreements and
contracts
 Given the promises and challenges in the extended enterprise scenario,
organizations in the international community have a special role ij sharing
information on good practices , and creating open and accessible enterprise
information flow channels for exchanging of ideas in a collaborative manner.
 International cooperation at the levels of government, industry, consumer,
business and technical groups to allow a global and coordinated approach to
achieving global cybersecurity is the key
Cybercrime Era: Survival Mantra for the Netizens
Netizen
 Netizen is someone who spends considerable time online and also has a
considerable presence online (through websites about the person, through
his/her active blog contribution and/or also his/her participation in the
online chat rooms).
 The 5P Netizen mantra for online security is: (a) Precaution, (b) prevention,
(c) Protection, (d) Preservation and (e) Perseverance.
 For ensuring cybersafety, the motto for the “Netizen” should be “Stranger is
Danger!”
If you protect your customers data, your employees privacy and your
own company, then you are doing your job in the grander scheme of
things to regulate and enforce rules on the Net trough our
community.