Cyber crime

unit-1

Introduction
Cybercrime is the use of computers or the internet to commit
illegal acts. It can be used to commit a variety of crimes,
including:
•Fraud: This can include identity theft, email fraud, and internet
fraud.
•Stealing data: This can include stealing corporate data or
financial account information.
•Spreading malware: This can include infecting computers with
viruses that can then spread to other devices and networks.
•Harassment and threats: This can include the propagation of
illegal, obscene, or offensive content.
Classification of cybercrime
e-mail spoofing
• Email spoofing is a cyber security threat that involves sending emails with a fake sender address:
• How it works
• Email protocols don't authenticate the source of an email, so malicious actors can change the email's
metadata to make it appear to come from a real sender.
• Purpose
• Attackers use email spoofing to trick users into thinking a message is from a trusted source. They may
then use the email to trick users into visiting a website, downloading malware, or sharing sensitive
information.
• Types
• There are three types of email spoofing:
• Display name spoofing: The sender's display name is falsified.
• Legitimate domain spoofing: Both the sender's display name and address are fake.
• Look-alike domain spoofing: The attacker creates a domain that looks similar to someone or something
else.
Spamming

• In cybersecurity, spamming is the act of sending unwanted messages to a large number of people,
usually for commercial or malicious purposes. Spam can be sent via email, instant messaging,
social media, or mobile apps.
• Spam can be dangerous because it can:
• Contain malicious links that can infect your computer with malware
• Be used to trick people into sharing personal information
• Slow down or break networks and servers
• Some common types of spam include: Commercial advertisements, Antivirus warnings,
Sweepstakes winners, and Money scams.
• To reduce spam, you can:
• Be careful when you get emails or messages from people you don't know
• Don't click on unknown links or share personal info
Cyber defamation
• Cyber defamation, also known as online defamation, is the act of using
the internet to publish false or defamatory statements about someone
to harm their reputation.
• This can include:
• Posting derogatory content on social media, blogs, forums, or other
online platforms
• Spreading rumors
• Making false accusations
• Posting negative reviews
• Sending defamatory emails
Internet time theft
• Internet time theft is a type of cyber crime that occurs when an
unauthorized person uses internet hours paid for/by another person. This
can happen when an unauthorized person gains access to another
person's ISP user ID and password through hacking or other illegal means.
• Internet time theft can also refer to when employees use the internet for
personal tasks during paid work hours, such as: Shopping online, Reading
the news, Playing games, and Spending time on social media.
• This type of time theft can make it appear as if an employee is busy and
can trick employee monitoring software. To prevent internet time theft,
employees can avoid using the internet for non-work-related activities
and explain why they are taking extra time at lunch.
News group spam/ crime from
usenet newsgroup
• Newsgroup spam is a type of cyber security threat that involves the
repeated posting of messages to Usenet newsgroups to disrupt them:
• Definition
• Newsgroup spam is the excessive posting of messages to Usenet
newsgroups. This can include commercial advertisements,
opinionated messages, malicious files, or nonsensical posts.
Industrial spying/ industrial
espionage
• Industrial espionage is a criminal practice that involves stealing confidential data from a company or
organization for economic or commercial gain. It can also be called corporate espionage or business
espionage.
• Industrial espionage can involve:
• Cyber espionage: Using cyber methods like phishing or social engineering to gain access to a
company's systems
• Theft of trade secrets: Stealing information about a company's products, services, or business plans
• Bribery and blackmail: Using bribery or blackmail to gain access to information
• Technological surveillance: Using technology to spy on a company
• Industrial espionage can be difficult to detect and prove, and can have significant financial
consequences for companies. It can also disrupt a nation's economic stability.
• To prevent industrial espionage, companies can use offensive cyber intelligence and cybersecurity
services.
hacking
• An effort to attack a computer system or a private network inside a computer is
known as hacking. Simply, it is unauthorized access to/or control of computer
network security systems with the intention of committing a crime. Hacking is the
process of finding some security holes in a computer system or network in order
to gain access to personal or corporate information. One example of computer
hacking is the use of a password cracking technique to gain access to a computer
system. The process of gaining illegal access to a computer system, or a group of
computer systems, is known as hacking.
• Types:
• Black hat hackers
• White hat hackers
• Grey hat hackers
Online fraud
• Online fraud is a type of cyber crime that involves deception or misrepresentation to trick
people into giving up money, information, or legal rights. It can take many forms, including:
• Phishing: Using email or messaging services to trick people into sharing personal information,
login credentials, or financial details
• Malware: Software that can damage or disable devices, steal personal information, or create
backdoors for cyber criminals
• Ransomware: A type of malware that encrypts a victim's files and demands payment to decrypt
them
• Denial of service (DoS): Disrupting access to a network, system, or online service
• Business email compromise (BEC): A sophisticated attack that targets businesses that make
frequent wire payments
• Identity theft: Stealing someone's identity
• Fraudulent purchases: Buying products online without the account holder's knowledge
Pronographic offenses
• Cyber pornography is a cyber crime that involves the use of a
computer to produce, distribute, or download pornographic content.
In India, the Information Technology (IT) Act, 2000 and the Indian
Penal Code (IPC) provide punishment for cyber pornography and
related offenses:
• The government has also taken steps to protect children from online
sexual abuse, including blocking websites that contain extreme child
sexual abuse material (CSAM).
Software piracy
• Software Piracy is the illegal approach of copying, distributing,
modifying, selling, or using software that is legally protected.
• So in a simple term, we can say Software piracy is the act of stealing
legal software.
• This software piracy refers to the unauthorized copy and use of legal
software and now this critical problem has turned into a global issue.
• Types of Software Piracy
• Softlifting- Softlifting is the most common type of software piracy. In this piracy, the legal owner
of the software is one, but the users are multiple. For instance, someone purchases genuine
software, and others will illegally use that software by downloading the software to their
computer. For example, many times we borrow software from our colleagues and install a copy of
that on our computers just to save money which rises to softlifting one type of software piracy.
• Hard-disk Loading- It is the most common type of software piracy which mainly happens in PC
resell shops. The shop owner buys a legal copy of the software and reproduces its copies on
multiple computers by installing it. Most of the time customers/PC users are not aware of these
things and get the pirated version of the software in the original S/W price or less than the
original price. It is one type of Commercial software piracy.
• Counterfeiting- In counterfeiting the duplicates are created of genuine/legal software programs
with the appearance of authenticity. Then these duplicate software are sold out at a lower price.
• Client-Server overuse – In client-server overuse, more copies of the software are installed than it
has licensed for. Mainly it is seen in local business sectors when they work under a local area n/w
and install the software in all the computers for use by many employees which is an unauthorized
practice.
• Online Piracy- In online piracy, the illegal software is acquired from online auction sites and blogs
which is mainly achieved through the P2P(Peer to Peer) file-sharing system. As it is acquired using
the Internet, often it is called Internet Piracy.
Password sniffging
• A password sniffer is a software application that scans and records
passwords that are used or broadcasted on a computer or network
interface. It listens to all incoming and outgoing network traffic and
records any instance of a data packet that contains a password.
Creidt card fraud and identify
theft
• Credit card fraud and identity theft are both cybercrimes that involve the
theft of sensitive information to make unauthorized purchases or access
accounts:
• Credit card fraud
• A cybercriminal gains access to a victim's credit card information to make
purchases, open new accounts, or transfer funds. This can happen through
phishing, skimming, or if a user shares their information unknowingly.
• Identity theft
• A cybercriminal steals personal information to misuse it, such as for credit
card fraud.
Categories of cybercrime
Active attack
• Active attacks are a type of cybersecurity attack in which an attacker
attempts to alter, destroy, or disrupt the normal operation of a system or
network. Active attacks involve the attacker taking direct action against the
target system or network, and can be more dangerous than passive attacks,
which involve simply monitoring or eavesdropping on a system or network.
• Types of active attacks are as follows:
• Masquerade
• Modification of messages
• Repudiation
• Replay
• Denial of Service
Passive attack
• Passive attacks: A Passive attack attempts to learn or make use of information
from the system but does not affect system resources. Passive Attacks are in the
nature of eavesdropping on or monitoring transmission. The goal of the
opponent is to obtain information that is being transmitted. Passive attacks
involve an attacker passively monitoring or collecting data without altering or
destroying it. Examples of passive attacks include eavesdropping, where an
attacker listens in on network traffic to collect sensitive information, and
sniffing, where an attacker captures and analyzes data packets to steal sensitive
information.
• Types of Passive attacks are as follows:
• The release of message content
• Traffic analysis
Scanning / scrutinizing gathered
information
• Scanning in ethical hacking is a network exploration technique used to
identify the systems connected to an organization’s network. It
provides information about the accessible systems, services, and
resources on a target system.
• There are two ways of scanning:
• Active Scanning
• Passive Scanning
Types of Scanning Techniques:
• TCP connect scan: This is a scan that sends TCP SYN packets to each port on the target system,
waiting for an RST/ACK. This is a steal their type of scan because it does not show the open ports
on the target system. The last port that responds is its open port, and you can use this to your
advantage to determine which ports are open.
• TCP syn port scan: This is a similar type of scan, but the packets are TCP SYN packets and not TCP
ACK. This type of scan sends packets to ports that are open and waiting for a reply.
• Network Scanning: Network scanning is used to identify the devices and services that are running
on a target network, determine their operating systems and software versions, and identify any
potential security risks or vulnerabilities. Network scanning can be performed manually or
automated using software tools, and can target specific systems or an entire network.
• Vulnerability Scanning: Vulnerability scanning is a process of identifying, locating, and assessing
the security vulnerabilities of a computer system, network, or application. This process is
performed using automated software tools that scan for known vulnerabilities, as well as
weaknesses in the configuration or implementation of the system being tested.
Attack
• A cyber attack is a set of actions performed by threat actors, who try to gain
unauthorized access, steal data or cause damage to computers, computer
networks, or other computing systems.
• Types of attack
• Malware Insider Threats

• Denial-of-Service (DoS) Attacks. DNS Tunneling

• Phishing. IoT-Based Attacks
• Spoofing. AI-Powered Attacks
• Identity-Based Attacks.
• Code Injection Attacks.
• Supply Chain Attacks.
• Social Engineering Attacks.
Social engineering
• Social engineering is a cybersecurity tactic that involves manipulating
people into sharing sensitive information or taking actions that
compromise their security. It's a broad term that describes a range of
malicious activities that exploit human error and weaknesses.
• Social engineering attacks can be initiated through a variety of channels,
including:
• Email
• Phone calls
• Text messages
• Malicious websites
• Peer-to-peer sites
•
Cyberstalking
• Cyberstalking is a criminal offense that involves the use of the internet or other electronic
means to harass, intimidate, or threaten an individual, group, or organization. It can include:
• Monitoring: Tracking a victim's online activity or physical location
• Identity theft: Stealing someone's identity for financial gain
• Threats: Making death threats or other overt threats of violence
• Blackmail: Blackmailing a victim using personal information or photos
• Doxxing: Publishing a victim's private information online
• Impersonation: Posing as a victim online to cause harm to their life or career
• Hate speech: Using language that denigrates, insults, threatens, or targets an individual
based on their identity
• Ordering goods or services: Ordering items or subscribing to magazines in the victim's name
Cyber cafe and cyber crimes
• A cybercafe is a type of business where computers are
provided for accessing the internet, playing games,
chatting with friends or doing other computer-related
tasks.
• In most cases, access to the computer and internet is
charged based on time.
• There are many internet cafes located worldwide, and in
some countries they are considered the primary form of
internet access for people.
UNITE - 2
 Cyber crime using mobile and
wireless device
• Mobile
• Mobile is the ability to be on the move. A mobile device is anything that
can be used on the move, ranging from laptops to mobile phones. As
long as location is not fixed, it is considered mobile.
• Wirleless
• Wireless refers to the transmission of voice and data over radio waves. It
allows workers to communicate with enterprise data without requiring a
physical connection to the network. Wireless devices include anything
that uses a wireless network to either send or receive data. The wireless
network itself can be accessed from mobile workers, as well as in fixed
locations.
Prolifreation of mobile and
wireless device
• Mobile technology
• Mobile technology is a type of technology in which a user utilizes a mobile
phone to perform communications-related tasks, such as communicating
with friends, relatives, and others. It is used to send data from one system to
another. Portable two-way communications systems, computing devices,
and accompanying networking equipment make up mobile technology.
Mobile technology is largely employed in cellular communication systems
and other related areas. It employs a network architecture that allows
multiple transmitters to deliver data on a single channel at the same time.
Because it reduces the potential of frequency interference from two or more
sources, this platform allows multiple users to use single frequencies. The
channel has evolved over time.
• Types of Mobile Technologies
• Followings are the few famous mobile technologies:
• SMS
• MMS
• 4G
• 3G
• GSM (Global System for Mobile technology)
• CDMA (Code Division Multiple Access)
• Wi-Fi
Trends in Mobility
• Mobile device and connection trends: By 2023, there will be 13.1 billion global
mobile devices and connections (up from 8.8 billion in 2018). Mobile devices are
evolving from lower generation network connectivity (2G) to higher-generation
network connectivity (3G, 3.5G, 4G or LTE, and now 5G).
• Mobile computing is moving into a new era, third generation (3G), which promises
greater variety in applications and have highly improved usability as well as
speedier networking.
• .iPhone. from Apple and Google-led.Android. phones are the best examples of this
trend and there are plenty of other developments that point in this direction. This
smart mobile technology is rapidly gaining popularity and the attackers (hackers
and crackers) are among its biggest fans. It is worth noting the trends in mobile
computing; this will help readers to realize the seriousness of cybersecurity issues
in the mobile computing domain.
Credit card fraud in mobile and
wireless computering era
• This era belongs to technology where technology becomes a basic part of our
lives whether in business or home which requires connectivity with the internet
and it is a big challenge to secure these units from being a sufferer of cyber-
crime. Wireless credit card processing is a tremendously new service that will
enable an individual to process credit cards electronically, virtually anywhere. It
permits corporations to process transactions from mobile locations quickly,
efficiently, and professionally and it is most regularly used via organizations that
function in general in a cellular environment.
• Nowadays there are some restaurants that are using wifi processing tools for the
safety of their credit card paying customers. Credit card fraud can take place
when cards are misplaced or stolen, mails are diverted by means of criminals,
employees of a commercial enterprise steal some consumer information.
• Techniques of Credit Card Frauds :
• 1. Traditional Techniques :
• Paper-based Fraud – Paper-based fraud is whereby a criminal makes use of stolen or
faux files such as utility payments and financial institution statements that can construct
up beneficial Personally Identifiable Information (PII) to open an account in anybody
else’s name.
• Application Fraud –
• (A). ID Theft : Where a person pretends to be anybody else.
• (B). Financial Fraud : Where a person offers false data about his or her monetary
reputation to gather credit.
• 2. Modern Techniques :
• Skimming to Commit Fraud is a kind of crime in which dishonest employees make
unlawful copies of credit or debit cards with the help of a ‘skimmer’. A skimmer is a
gadget that captures credit card numbers and other account information which should be
personal. The data and records held on either the magnetic stripe on the lower back of
the deposit card or the records saved on the smart chip are copied from one card to
another.
Types of credit card fraud
•  The first category, lost or stolen cards, is a relatively common one, and should be reported immediately
to minimize any damages.
•  The second is called “account takeover” — when a cardholder unwittingly gives personal information
(such as home address, mother’s maiden name, etc.) to a fraudster, who then contacts the cardholder’s
bank, reports a lost card and change of address, and obtains a new card in the soon-to-be victim’s name.
•  The third is counterfeit cards — when a card is “cloned” from another and then used to make
purchases. In Asia Pacific, 10% to 15% of fraud results from malpractices such as card skimming but this
number has significantly dropped from what it was a couple of years prior, largely due to the many safety
features put in place for payment cards, such as EMV chip.
•  The fourth is called “never received” — when a new or replacement card is stolen from the mail, never
reaching its rightful owner.
•  The fifth is fraudulent application— when a fraudster uses another person’s name and information to
apply for and obtain a credit card.
•  The sixth is called “multiple imprint”— when a single transaction is recorded multiple times on old-
fashioned credit card imprint machines known as “knuckle busters”.
•  The seventh is collusive merchants — when merchant employees work with fraudsters to defraud
banks.
•  The eighth is mail order/telephone order (MO/TO) fraud, which now includes ecommerce, and is the
largest category of total payment card fraud in Asia-Pacific, amounting to nearly three-quarters of all
fraud cases. The payments industry is working tirelessly to improve card verification and security
Security challenge posed by
mobile device
1. Application based threat:
The most of application are downloadable and purposed the most common risk for
mobile users; most devices don’t do much on their own, and it is the applications that
make them so awesome and we all download apps.
If it comes to apps the risks run from bugs and basic security risks on the low end of the
scale all the way through malicious apps with no other purpose to commit cyber crime.
 Malware
 Spyware
 Privacy
 Zero Day Vulnerabilities
2. Web based threat:
According to the nature of mobile use ,the fact that we have our device with us
everywhere
 we go and are connecting to the Internet while doing so, they face the number
of unique web-based threats as well as the run-of-the-mill threats of general
Internet use.
•  Phishing Scams
•  Social Engineering
•  Drive By Downloads
•  Operating System Flaws
• 3. Network-based threat:
Any mobile devices which typically support a minimum of three network
capabilities making them three-times vulnerable to network-based attack. And a
network often found on a mobile include cellular, WiFi and Bluetooth.
•  Network exploits
•  WiFi sniffing
•  Cross-Platform Attacks
•  BOYD
4. Physical Threats:
It is happened any time, unlikely a desktop sitting at your workstation, or even a
laptop in your bag, a mobile device is subject to a number of everyday physical
threats.
 Loss/Theft:
Loss or theft is the most unwanted physical threat to the security of your mobile
device.
Any devices itself has value and can be sold on the secondary market after all your
information is stolen and sold.
Top Mobile Security Threats:
Mobile devices can be attacked at different levels. This includes the potential for
malicious apps, network-level attacks, and exploitation of vulnerabilities within
the devices and the mobile OS.
1. Malicious Apps and Websites
Like desktop computers, mobile devices have software and Internet access.
Mobile malware (i.e.malicious applications) and malicious websites can
accomplish the same objectives (stealing data, encrypting data, etc.) on
mobile phones as on traditional computers.
Malicious apps come in a variety of different forms. The most common
types of malicious mobile apps are trojans that also perform ad and click
scams.
2. Mobile Ransomware
Mobile ransomware is a particular type of mobile malware, but the
increased usage of mobile devices for business has made it a more
common and damaging malware variant.
Mobile ransomware encrypts files on a mobile device and then requires a
ransom payment for the decryption key to restore access to the encrypted
data.
3. Phishing
Phishing is one of the most common attack vectors in existence. Most
cyberattacks begin with a phishing email that carries a malicious link or an
attachment containing malware. On mobile devices, phishing attacks have
a variety of media for delivering their links and malware, including email,
SMS messaging, social media platforms, and other applications.
4. Man-in-the-Middle (MitM) Attacks
Man-in-the-Middle (MitM) attacks involve an attacker intercepting
network communications to either eavesdrop on or modify the data
being transmitted. While this type of attack may be possible on different
systems, mobile devices are especially susceptible to MitM attacks. Unlike
web traffic, which commonly uses encrypted HTTPS for communication,
SMS messages can be easily intercepted, and mobile applications may use
unencrypted HTTP for transfer of potentially sensitive information.
5. Advanced Jailbreaking and Rooting Techniques
Jailbreaking and rooting are terms for gaining administrator access to iOS and
Android mobile devices. These types of attacks take advantage of vulnerabilities in
the mobile OSs to achieve root access on these devices.
These increased permissions enable an attacker to gain access to more data and
cause more damage than with the limited permissions available by default.
Manymobile users will jailbreak/root their own devices to enable them to delete
unwanted default appsnor install apps from untrusted app stores, making this
attack even easier to perform.
6. Device and OS exploits
Often, the focus of cybersecurity is on top-layer software, but lower levels of the
software stack can contain vulnerabilities and be attacked as well. With mobile
devices – like computers vulnerabilities in the mobile OS or the device itself can be
exploited by an attacker.
Often, these exploits are more damaging than higher-level ones because they exist
below and outside the visibility of the device’s security solutions.
Registry setting for mobile
device
Let us understand the issue of registry settings on mobile devices through an
example:
Microsoft Activesync is meant for synchronization with Windows-powered personal
computers (PCs) and Microsoft Outlook.
ActiveSync acts as the "gateway between Windows- powered PC and Windows
mobile-powered device, enabling the transfer of applications such as Outlook
information, Microsoft Office documents, pictures, music, videos and applications
from a user’s desktop to his/her device.
In addition to synchronizing with a PC, ActiveSync can synchronize directly with the
Microsoft exchange server so that the users can keep their E-Mails, calendar, notes
and contacts updated wirelessly when they are away from their PCs.
In this context, registry setting becomes an important issue given the ease with
which various applications allow a free flow of information.
 Authentication service security
There are two components of security in mobile computing: security of devices and security in networks.

A secure network access involves authentication between the device and the base stations or Web servers.

This is to ensure that only authenticated devices can be connected to the network for obtaining the requested
services. No Malicious Code can impersonate the service provider to trick the device into doing something it does
not mean to.

Thus, the networks also play a crucial role in security of mobile devices. Some eminent kinds of attacks to which
mobile devices are subjected to are: push attacks, pull attacks and crash attacks.

Authentication services security is important given the typical attacks on mobile devices through wireless
networks: Dos attacks, traffic analysis, eavesdropping, man-in-the-middle attacks and session hijacking.
Security measures in this scenario come from Wireless Application Protocols (WAPs), use of VPNs, media
access control (MAC) address filtering and development in 802.xx standards.
There are 2 components of security in mobile computing:
1. Security of Devices : – A secure network access involves mutual
authentication between the device and the base station or web servers. So
that authenticated devices can be connected to the network to get
requested services. In this regard Authentication Service Security is
important due to typical attacks on mobile devices through WAN:
a. DoS attacks: –
b. Traffic analysis:-
c. Eavesdropping:-
d. Man-in-the-middle attacks: –
2. Security in network: – Security measures in this regard come from
a. Wireless Application Protocol (WAP)
b. use of Virtual Private Networks (VPN)
c. MAC address filtering
Attacks on Mobile/Cell Phones
Cybercrime or Cyber-attack is a much-talked topic recently, and
cybercriminals use different techniques to disable one or multiple
computers & networks. Cyberattacks can disable computers and steal
data. Cybercriminals use varied technologies to steal data from
computers. Cyber-attacks include Phishing, malware, etc.
Types of cyber Attacks
Undoubtedly, cyber-attacks have substantial negative impacts. A cyber-
attack can cause data breaches or data manipulation. Once an
organization faces a cyber-attack, it can suffer huge losses. Today, all
need to have a bit of knowledge of different types of cyber-attacks.
 Malware − Malware is a malicious virus, including spyware, Trojans,
adware, etc.
Trojan viruses conceal its feature as legitimate software, whereas
Ransomware does not allow a computer to access prime components
of the network.
 Phishing − Among the most common cyberattacks, Phishing creates a
significant impact on computers and networks. You can get affected via
Phishing if you open an unknown mail or click on the links of the mail.
 Attack through password − This is a typical attack where hackers
identify and hack your password.
Mobile device
• Security implications for organization
• mobile security threats pose a risk to your organisation
• Application Security Threats. ...
• Web-Based Security Threats: ...
• Network-Based Security Threats. ...
• Hardware-Based Security Threats. ...
• Social Engineering/Phishing. ...
• Mobile Ransomware. ...
• Data Leakage via Malicious Apps. ...
• Unsecured Public Wi-Fi.
Orginizational measures for
handling mobiles
• mobile device security best practices for businesses
• Manage mobile devices with an MDM. ...
• Manage authentication and access. ...
• Enable data loss prevention policies. ...
• Set corporate and BYOD remote lock, device wipe policies. ...
• Keep BYOD and corporate devices updated. ...
• Monitor device compliance and automate with mobile threat defense
Organizational security policies
• A Mobile Device Security Policy is essentially a set of guidelines &
rules that dictate how mobile devices are used & secured within an
organization. It's a comprehensive document that covers everything
from user access controls to data encryption & incident response
procedures.
UNITE - 3
Techniques used in cybercrime
Proxy server
A proxy server refers to a server that acts as an intermediary between the request
made by clients, and a particular server for some services or requests for some
resources. There are different types of proxy servers available that are put into use
according to the purpose of a request made by the clients to the servers. The basic
purpose of Proxy servers is to protect the direct connection of Internet clients and
Internet resources. There are many Proxy providers in the market that provide services
to both individuals and businesses.
Anonymizers
Anonymizer is a name given to a proxy server that limits the amount of data its user
reveals while browsing the internet. Despite its name, it does not make the user
anonymous online. It will simply hide the device's IP address from the website they're
connecting to and replace it with a different one.
Phishing
• Phishing is a type of cyberattack that uses fraudulent emails, text messages, phone calls or
websites to trick people into sharing sensitive data, downloading malware or otherwise
exposing themselves to cybercrime. Phishing attacks are a form of social engineering.
• Types of phishing attacks
• Email phishing: the general term given to any malicious email message meant to trick users
into divulging private information. Attackers generally aim to steal account credentials,
personally identifiable information (PII) and corporate trade secrets. However, attackers
targeting a specific business might have other motives.
• Spear phishing: these email messages are sent to specific people within an organization,
usually high-privilege account holders, to trick them into divulging sensitive data, sending the
attacker money or downloading malware.
• Link manipulation: messages contain a link to a malicious site that looks like the official
business but takes recipients to an attacker-controlled server where they are persuaded to
authenticate into a spoofed login page that sends credentials to an attacker.
• Whaling (CEO fraud): these messages are typically sent to high-profile employees of a company to trick them into
believing the CEO or other executive has requested to transfer money. CEO fraud falls under the umbrella of
phishing, but instead of an attacker spoofing a popular website, they spoof the CEO of the targeted corporation.
• Content injection: an attacker who can inject malicious content into an official site will trick users into accessing the
site to show them a malicious popup or redirect them to a phishing website.
• Malware: users tricked into clicking a link or opening an attachment might download malware onto their devices.
Ransomware, rootkits or keyloggers are common malware attachments that steal data and extort payments from
targeted victims.
• Smishing: using SMS messages, attackers trick users into accessing malicious sites from their smartphones.
Attackers send a text message to a targeted victim with a malicious link that promises discounts, rewards or free
prizes.
• Vishing: attackers use voice-changing software to leave a message telling targeted victims that they must call a
number where they can be scammed. Voice changers are also used when speaking with targeted victims to disguise
an attacker’s accent or gender so that they can pretend to be a fraudulent person.
• “Evil Twin” Wi-Fi: spoofing free Wi-Fi, attackers trick users into connecting to a malicious hotspot to perform man-
in-the-middle exploits.
• Pharming: pharming is a two-phase attack used to steal account credentials. The first phase installs malware on a
targeted victim and redirects them to a browser and a spoofed website where they are tricked into divulging
credentials. DNS poisoning is also used to redirect users to spoofed domains.
• Angler phishing: using social media, attackers reply to posts pretending to be an official organization and trick users
into divulging account credentials and personal information.
• Watering hole: a compromised site provides endless opportunities, so an attacker identifies a site used by
numerous targeted users, exploits a vulnerability on the site, and uses it to trick users into downloading malware.
With malware installed on targeted user machines, an attacker can redirect users to spoofed websites or deliver a
Password cracking
• Password cracking (also called password hacking) is an attack vector that involves hackers
attempting to crack or determine a password for unauthorized authentication. Password hacking
uses a variety of programmatic techniques, manual steps, and automation using specialized
tools to compromise a password. These password cracking tools are referred to as ‘password
crackers’. Increasingly, these tools are leveraging AI to improve password cracking speed and
efficiency. Passwords can also be stolen via other tactics, such as by memory-scraping malware,
shoulder surfing, third party breaches, and tools like Redline password stealer.
• Types
• 1. Brute-force attack
• 2. Dictionary attack
• 3. Credential stuffing attack
• 4. Hybrid attack
• 5. Rainbow table attack
Keyloggers and spyware
Spyware
 Types of Wireless Network
Attacks
• Wireless networks have undoubtedly revolutionized the way we communicate and conduct business, offering
unparalleled convenience and mobility. However, with this freedom comes the lurking threat of malicious
attackers seeking to exploit the vulnerabilities inherent in wireless technology. Here are some of the common
types of wireless network attacks:
• 1. Wireless Eavesdropping (Passive Attacks)
• Attackers use tools like packet sniffers to intercept and monitor wireless communications between devices. By
capturing data packets transmitted over the air, they can potentially obtain sensitive information, such as login
credentials, financial data, or personal information.
• 2. Wireless Spoofing (Man-in-the-Middle Attacks)
• In these attacks, the attacker positions themselves between the wireless client and the legitimate access point,
intercepting and manipulating data transmissions. The attacker may then relay the information back and forth,
making it appear as if they are the legitimate access point. This enables them to snoop on data or perform other
malicious actions unnoticed.
• 3. Wireless Jamming (Denial-of-Service Attacks)
• Attackers flood the wireless frequency spectrum with interference signals, disrupting legitimate communications
between devices and access points. By creating excessive noise, they can render the wireless network unusable for
legitimate users.
• 4. Rogue Access Points
• Attackers set up unauthorized access points, mimicking legitimate ones, to deceive users into connecting to them.
Once connected, the attacker can eavesdrop, capture data, or launch further attacks on the unsuspecting users.
• 5. Brute-Force Attacks
• Attackers try various combinations of passwords or encryption keys in rapid succession until they find
the correct one to gain unauthorized access to the wireless network.
• 6. WEP/WPA Cracking
• Attackers exploit vulnerabilities in older wireless security protocols like Wired Equivalent Privacy
(WEP) and Wi-Fi Protected Access (WPA) to gain unauthorized access to encrypted wireless networks.
• 7. Evil Twin Attacks
• Attackers create fake access points with names similar to legitimate ones, tricking users into
connecting to the malicious network. Once connected, the attacker can intercept sensitive data or
execute further attacks.
• 8. Deauthentication/Disassociation Attacks
• Attackers send forged deauthentication or disassociation frames to wireless devices, forcing them to
disconnect from the network, leading to service disruptions or potential vulnerabilities when devices
automatically reconnect.
Unit - 4
Need for cyber laws
• In today's techno-savvy environment, the world is becoming more
and more digitally sophisticated and so are the crimes.
• Internet was initially developed as a research and information sharing
tool and was in an unregulated manner.
• As the time passed by it became more transactional with e-business,
e-commerce, e-governance and e-procurement etc.
• All legal issues related to internet crime are dealt with through cyber
laws. As the number of internet users is on the rise, the need for
cyber laws and their application has also gathered great momentum.
The Indian context (need)
• none of the existing laws gave any legal validity or sanction to the activities in Cyberspace.
• For example, the Net is used by a large majority of users for email. Yet till today, email is not
"legal" in our country. There is no law in the country, which gives legal validity, and sanction to
email.
• Courts and judiciary in our country have been reluctant to grant judicial recognition to the legality
of email in the absence of any specific law having been enacted by the Parliament.
• As such the need has arisen for Cyber law.
• Internet requires an enabling and supportive legal infrastructure in tune with the times.
• This legal infrastructure can only be given by the enactment of the relevant Cyber laws as the
traditional laws have failed to grant the same.
• E-commerce, the biggest future of Internet, can only be possible if necessary legal infrastructure
compliments the same to enable its vibrant growth.
The Indian IT Act
• The Information Technology Act, 2000 provides legal recognition for
transactions carried out by means of electronic data interchange and
other means of electronic communication.
• The Information Technology Act, 2000 extend to the whole of India
and it applies also to any offence or contravention there under
committed outside India by any person.
Challenges to Indian laws
• Outdated ledislation:-One of the most significant challenges to Indian law in addressing
cybercrime is the outdated nature of existing legislation. The primary law governing cybercrime
in India is the Information Technology Act, 2000 (IT Act), which was last amended in 2008. While
the IT Act was a pioneering piece of legislation at its inception, it has not kept pace with the
rapid advancements in technology and the evolving nature of cyber threats.
• Inadequate provisins for emerging threats:-The IT Act, even with its amendments, lacks specific
provisions to address many emerging cyber threats. Issues such as ransomware attacks,
cyberstalking and sophisticated financial fraud are not comprehensively covered. The absence of
specific provisions makes it difficult for law enforcement agencies to prosecute these crimes
effectively.
• Jurisdictional Challenges:-Cybercrime often transcends national borders, creating significant
jurisdictional challenges. A cybercriminal operating from another country can easily target
victims in India, making it difficult for Indian law enforcement agencies to investigate and
prosecute such crimes. International cooperation and treaties are essential, but these are often
slow and cumbersome.
• Lack of Awareness and Training:-Another challenge is the lack of
awareness and training among law enforcement personnel. Cybercrime
investigations require specialised skills and knowledge, which are often
lacking in traditional police training. This gap in expertise hampers
effective investigation and prosecution of cybercrimes.
• Privacy and Data Protection Issues:-With the increasing focus on data
protection and privacy, there is a need to balance these concerns with the
requirements of effective law enforcement. The introduction of the
Personal Data Protection Bill, 2019, is a step in the right direction, but its
implementation and harmonisation with existing laws remain challenging.
Current cyber crime senior in
India
1. Rising Incidents of Cybercrime: India has witnessed a significant increase in cybercrime incidents over the past few
years. The surge in internet penetration and digital transactions has provided cybercriminals with more
opportunities to exploit vulnerabilities. Common types of cybercrime in India include hacking, phishing, financial
fraud and identity theft.
2. Cyber Terrorism: The threat of cyber terrorism is a growing concern for India. Terrorist organisations are
increasingly using the internet and social media platforms for recruitment, propaganda and planning attacks. The
2008 Mumbai attacks highlighted the role of technology in facilitating terrorism, prompting amendments to the IT
Act to include provisions for cyber terrorism.
3. Financial Frauds and Scams: Financial frauds and scams are among the most prevalent forms of cybercrime in
India. Cybercriminals use various techniques such as phishing, vishing (voice phishing) and smishing (SMS
phishing) to deceive individuals and steal their financial information. The rise of digital payment platforms has also
led to an increase in cyber fraud targeting these services.
4. Corporate Espionage and Data Breaches: Corporate espionage and data breaches are significant concerns for
Indian businesses. Cybercriminals target sensitive corporate information, intellectual property and customer data,
causing substantial financial losses and reputational damage. The lack of stringent data protection laws
exacerbates this issue.
5. Challenges in Law Enforcement: Law enforcement agencies in India face several challenges in tackling cybercrime.
The lack of specialised training, inadequate infrastructure and jurisdictional issues hinder effective investigation
and prosecution. Additionally, the slow pace of legal proceedings often results in delays in delivering justice.
Amendments to the Indian IT
Act
• The Information Technology Act, 2000 has brought amendment in four statutes vide section
91-94. These changes have been provided in schedule 1-4.
• The first schedule contains the amendments in the Penal Code. It has widened the scope of
the term “document” to bring within its ambit electronic documents.
• The second schedule deals with amendments to the India Evidence Act. It pertains to the
inclusion of electronic document in the definition of evidence.
• The third schedule amends the Banker’s Books Evidence Act. This amendment brings about
change in the definition of “Banker’s-book”. It includes printouts of data stored in a floppy,
disc, tape or any other form of electromagnetic data storage device. Similar change has been
brought about in the expression “Certified-copy” to include such printouts within its purview
• The fourth schedule amends the Reserve Bank of India Act. It pertains to the regulation of
fund transfer through electronic means between the banks or between the banks and other
financial institution.
Cybercrime punishment
• Under the Information Technology Act
• Section 43 (a-h): It covers 8 instances (a-h) where “If any person without the permission of the owner or any
other person who is in charge of a computer, computer system or computer network,”
• Section 65: ‘Tampering with computer source documents’ is an offence that is punishable under Section 65 of
the Information Technology Act. It states that “Whoever knowingly or intentionally conceals, destroys or alters
or intentionally or knowingly causes another to conceal, destroy, or alter any computer source code used for a
computer, computer programme, computer system, or computer network when the computer source code is
required to be kept or maintained by law for the time being in force, shall be punishable with imprisonment up
to three years, or with fine which may extend up to two lakh rupees, or with both”.
• Section 66 (A-F): This Section deals with punishments for computer-related offences such as sending offensive
messages, receiving stolen computer resources, identity theft, cheating by impersonation, violation of privacy,
and cyber-terrorism, punishments may extend to three years imprisonment or a fine of up to 5 lakhs, or both.
• Section 67 (A-B): This Section of the Information Technology Act deals with the punishments related to the
publishing or transmitting of obscene material containing sexually explicit act, etc., in an electronic format. The
punishment on the first conviction is imprisonment which may extend to three years and with a fine extending
to 5 lakh rupees. The punishment on the second conviction is imprisonment which may extend to five years and
with a fine extending to 10 lakh rupees.
Cyberlaws
• Section 65 – Tampering with computer Source Documents
• Section 66 - Using password of another person
• Section 66D - Cheating Using computer resource
• Section 66E - Publishing private Images of Others
• Section 66F - Acts of cyber Terrorism
• Section 67 - Publishing Child Porn or predating children online
• Section 69 - Govt.'s Power to block websites
• Section 43A - Data protection at Corporate level