Module 1: Introduction to

Cyber Security
By
Dr. Shashikala
Professor and Head

Dayananda Sagar Academy of Technology & Management

Course Content

History
Definition
Classification
Indian Perspective
Indian Law
Global Perspective

Dayananda Sagar Academy of Technology & Management

History

The The The The

1940s: 1950s: 1960s: A 1970s: 1980s: T 1990s:
Beginning The he Birth
The ll Quiet ARPANE The
of Cyber Time of
Phone On the T and World
Security Before Commercia
Cybercrime
Phreaks Western the l
Goes
Front Creeper Antivirus Online

Dayananda Sagar Academy of Technology & Management

Course Content

History
Definition
Classification
Indian Perspective
Indian Law
Global Perspective

Dayananda Sagar Academy of Technology & Management

Definition
• There are many definitions for cybercrime.
• “a crime conducted in which a computer was directly and significantly
instrumental.”
• Other alternative definitions for cybercrime are as follows:
• Any illegal act where a special knowledge of computer technology is essential for
its perpet-ration, investigation or prosecution.
• Any traditional crime that has acquired a new dimension or order of magnitude
through the aid of a computer.
• Any financial dishonesty that takes place in a computer environment.
• Any threats to the computer itself, such as theft of hardware or software,
sabotage and demands for ransom.

Dayananda Sagar Academy of Technology & Management

Attacks
In general, cybercrimes are of two types. They are:

Techno-crime:
• A premediate act against a system or systems, with the intent to copy, steal, prevent access, corrupt or
otherwise deface or damage parts of or the complete computer system.
• The 24x7 connection to the Internet makes this type of cybercrime a real possibility to engineer from
anywhere in the world, leaving few, if any, “Finger Print”
• Techno-Vandalism:
• These acts of “brainless” damage of websites and/or other activities, such as copying files and publicizing
their contents publicly, are usually opportunistic in nature.
• Tight internal security, allied to strong technical safeguards, should prevent the vast majority of such incident.

Dayananda Sagar Academy of Technology & Management

Real-world Crimes vs. Cyber Crimes

Dayananda Sagar Academy of Technology & Management

Difference between Computer Crime and fraud
Computer Crime pertains to criminal acts that are
committed using a computer.
Computer fraud, closely linked to internet fraud, is
defined as
1) the use of a computer or computer system to help execute a
scheme or illegal activity and
2) the targeting of a computer with the intent to alter, damage,
or disable it.

Dayananda Sagar Academy of Technology & Management

Cyber Terrorism
Cyber Terrorism

• Simply, the use of computers to launch a terrorist attack.

• Like other forms of terrorism, only the environment of the attack has changed.
Cyber Terrorism drawbacks

• Significant economic damage

• Disruptions to communications

• Disruptions in supply lines

• General degradation of the national infrastructure

• All possible via the Internet

Dayananda Sagar Academy of Technology & Management
Types of Cyber Terrorism
1. Cyber Space
2. Cyber Squatting
3. Cyber Punk
4. Cyber warfare
5. Cyber Terrorism

Dayananda Sagar Academy of Technology & Management

Cyber Space
Cyberspace mainly refers to the computer which is a virtual
network and is a medium electronically designed to help
online communications to occur.
This facilitates easy and accessible communications to
occur across the world.
The whole Cyberspace is composed of large computer
networks which have many sub-networks. These follow the
TCP or IP protocol.

Dayananda Sagar Academy of Technology & Management

 Cyberspace History
• The word Cyberspace first made its appearance in Wiliam Gibson’s Science fiction book
Necromancer. The book described an online world filled with computers and associated societal
elements. In that book, the author described Cyberspace as a 3D virtual landscape created by a
network of computers. Although it looks like a physical space, it is generated by a computer,
representing abstract data.
• After the publication of the book, the word Cyberspace became a mainstay in many English
dictionaries. The New Oxford Dictionary of English provides Cyberspace definition as the notional
environment used by the people to communicate over networks of the computer.
• As per the Cyberspace meaning, Cyberspace is a virtual space with no mass, gravity or boundaries.
It is the interconnected space between networks of computer systems.
• Bits and Bytes- Zeroes and ones are used to define Cyberspace. It is a dynamic environment
where these values change continuously. It can also be defined as the imaginary location where
two parties can converse.

Dayananda Sagar Academy of Technology & Management

Cybersquatting
Cybersquatting, also known as domain squatting, is the practice of
registering a domain name that resembles a well-known organization or
person without their authorization.
Domain registrant buys the domain in bad faith, typically with the goal of
making a profit from the person or organization’s goodwill or causing
reputational harm to them.
There are three main components of cybersquatting definition.
 The Domain Name Is Identical or Confusingly Similar to A Registered
Trademark
 The Domain Is Obtained in Bad Faith
 The Registrant Has No Apparent or Legitimate Interest in the Domain Name

Dayananda Sagar Academy of Technology & Management

Cybersquatting-example
• 1. The first case in India about cybersquatting was Yahoo Inc. V. Aakash Arora & Anr., where the defendant launched a
website nearly identical to the plaintiff’s renowned website and provided similar services. Here the court ruled in favor of
trademark rights of U.S. based Yahoo. Inc (the Plaintiff) and against the defendant, that had registered itself as
YahooIndia.com.
• 2. In Satyam Infoway Ltd. v Sifynet Solutions 2004 (6) SCC 145, the Respondent had registered domain names
www.siffynet.com and www.siffynet.net which were like the Plaintiff’s domain name www.sifynet.com. Satyam (Plaintiff)
had an image in the market and had registered the name Sifynet and various other names with ICANN and WIPO. The
word Sify was first coined by the plaintiff using elements from its corporate name Satyam Infoway and had a very wide
reputation and goodwill in the market. The Supreme Court held that “domain names are business identifiers, serving to
identify and distinguish the business itself or its goods and services and to specify its corresponding online location.” The
court also observed that domain name has all the characteristics of a trademark and an action of Passing off can be found
where domain names are involved. The decision was in favors of the plaintiff.

Dayananda Sagar Academy of Technology & Management

Cyberpunk and cyberwarfare
In science fiction circles, "cyberpunk" is a genre that often
features countercultural villains trapped in a dehumanizing
high-tech future. Its roots extend back to the technical fiction
of the 1940s and '50s, but it was years before it matured.
The word cyberpunk was coined by writer Bruce Bethke,
who wrote a story with that title in 1980. He created the term
by combining "cybernetics," the science of replacing human
functions with computerized ones, and "punk," the
harsh music and lawless that became a youth culture in
the 1970s and '80s. Not until the 1984 publication of William
Gibson's novel, Neuromancer, however, did "cyberpunk"
really take off as a term or a genre.
Dayananda Sagar Academy of Technology & Management
What is cyberwarfare?
Cyber warfare means “information warriors unleashing
vicious attacks against opponent’s computer networks,
wreaking havoc and paralyzing nations.”

Dayananda Sagar Academy of Technology & Management

Cyberwarfare-Example
• Ukraine and Russia -- 2022
• Ukraine saw a large increase in cyber attacks during Russia's invasion of
Ukraine. Well-known groups, such as APT29 and APT28, for example, have
been among the nation-state groups performing cyberwarfare attacks. These
attacks include malware, data wipers, DDoS attacks and other attacks meant to
target critical industrial infrastructure, data networks, and public and private
sector organizations, as well as banks. The aim of the attacks has also changed
over the course of the war, from disruption and destruction of critical
infrastructure to information and intelligence gathering.

Dayananda Sagar Academy of Technology & Management

Cyberterrorism
• Cyber terrorism (also known as digital terrorism) is defined as disruptive
attacks by recognized terrorist organizations against computer systems with
the intent of generating alarm, panic, or the physical disruption of the
information system.
• While we’ve become used to hearing about cyber attacks, cyber
terrorism instils a different type of worry. Computer hackers have long worked
to gain access to classified information for financial gain, meaning terrorists
could do the same
• The internet can be used by terrorists to finance their operations, train other
terrorists, and plan terror attacks. The more mainstream idea of cyber
terrorism is the hacking of government or private servers to access sensitive
information or even siphon funds for use in terror activities. However, there is
currently no universally accepted definition of cyber terrorism.

Dayananda Sagar Academy of Technology & Management

Cyberterrorism-Example
• Introducing viruses to vulnerable data networks.
• Hacking of servers to disrupt communication and steal
sensitive information.
• Defacing websites and making them inaccessible to the public
thereby causing inconvenience and financial losses.
• Hacking communication platforms to intercept or stop
communications and make terror threats using the internet.
• Attacks on financial institutions to transfer money and cause
terror.

Dayananda Sagar Academy of Technology & Management

Cybercrime and information security
• Cybercrime is criminal activity that either targets or uses a computer, a
computer network or a networked device. Most cybercrime is committed by
cybercriminals or hackers who want to make money. However, occasionally
cybercrime aims to damage computers or networks for reasons other than profit.
These could be political or personal.
• Information security (commonly known as InfoSec) refers to the procedures and
practices that corporations use to protect their data. This contains policy settings
that prevent unauthorized people from accessing company or personal data.
Information security is a fast-evolving and dynamic discipline that includes
everything, from network and security design to testing and auditing.
• Information security protects sensitive data from unauthorized acts such as
scrutiny, modification, recording, disruption, or destruction. The goal is to secure
and preserve the privacy of important data like client account information,
financial information, or intellectual property.
Dayananda Sagar Academy of Technology & Management
The Botnet Menace
• Botnets are networks of hijacked computer devices used to carry out various scams and
cyberattacks.
• The term “botnet” is formed from the word’s “robot” and “network.” Assembly of a botnet
is usually the infiltration stage of a multi-layer scheme. The bots serve as a tool to automate
mass attacks, such as data theft, server crashing, and malware distribution.
• Botnets use your devices to scam other people or cause disruptions — all without your
consent. You might ask, “what is a botnet attack and how does it work?”

Dayananda Sagar Academy of Technology & Management

How Botnet works

Dayananda Sagar Academy of Technology & Management

Who are cybercriminals?
Cybercriminals are individuals or teams of people who use
technology to commit malicious activities on digital systems
or networks with the intention of stealing sensitive company
information or personal data, and generating profit.
Cybercriminals are known to access the cybercriminal
underground markets found in the deep web to trade
malicious goods and services, such as hacking tools and
stolen data. Cybercriminal underground markets are known
to specialize in certain products or services.

Dayananda Sagar Academy of Technology & Management

Categories of cyber criminals
Type -1: Cyber criminals – hungry for recognition
Hobby hackers.
IT professionals.
Politically motivated hackers.
Terrorist organizations.
Type-II: Cybercriminals-not interested in recognition
Psychology perverts
Financially motivated hackers
State-sponsored hacking
Organized criminals
Type- III: Cybercriminals – in insider
Disgruntled or former employees seeking revenge
Competing companies using employees to gain economic advantage through damage and/or theft

Dayananda Sagar Academy of Technology & Management

Course Content

History
Definition
Classification
Indian Perspective
Indian Law
Global Perspective

Dayananda Sagar Academy of Technology & Management

Classifications of Cybercrime
Crime is defined as “an act or the commission of an act that is forbidden, or the
omission of a duty that is commanded by a public law and that makes the
offender liable to punishment by that law”.
The cyber crime is classified as follows
 Cyber crime against individual
 Cybercrime against property
 Cybercrime against organization
 Cyber crime against Society
 Crimes emanating from Usenet newsgroup

Dayananda Sagar Academy of Technology & Management

Cybercrime against individual
• Any Cybercrime which affects the individual. The different types
of cybercrime is as follows
1. Email spoofing
2. Phishing
3. Spamming
4. Cyberdefamation
5. Cyberstalking and harassment
6. Computer sabotage
7. Pornographic offense
8. Password sniffing

Dayananda Sagar Academy of Technology & Management

Email spoofing
Email spoofing is a technique used in spam and phishing attacks to trick users into
thinking a message came from a person or entity they either know or can trust.
In spoofing attacks, the sender forges email headers so that client software displays the
fraudulent sender address, which most users take at face value.
Unless they inspect the header more closely, users see the forged sender in a message.
If it’s a name they recognize, they’re more likely to trust it. So they’ll click malicious
links, open malware attachments, send sensitive data and even wire corporate funds.
Email spoofing is possible due to the way email systems are designed. Outgoing
messages are assigned a sender address by the client application; outgoing email
servers have no way to tell whether the sender address is legitimate or spoofed.
Recipient servers and antimalware software can help detect and filter spoofed
messages. Unfortunately, not every email service has security protocols in place. Still,
users can review email headers packaged with every message to determine whether the
sender address is forged.
Dayananda Sagar Academy of Technology & Management
2. Phishing
Phishing refers to a method cyber criminals use to
obtain personal information like login credentials or
credit card information by sending an email that looks
like it is from someone with the authority to ask for that
information.
The attack is meant to fool the recipient into clicking on
a link or downloading an attachment that
introduces malware into their system. Phishing is
different from spoofing, however.

Dayananda Sagar Academy of Technology & Management

3. Spamming
Spam is any unsolicited communication sent in bulk. Usually sent
via email, spam is also distributed through text messages (SMS),
social media, or phone calls. Spam messages often come in the
form of harmless (though annoying) promotional emails. But
sometimes spam is a fraudulent or malicious scam.
While the definition of spam is any unsolicited message sent in
bulk, spamming is the act of sending these messages.
And the person who sends the messages is a spammer.

Dayananda Sagar Academy of Technology & Management

Cyber defamation
The risk of "Cyber Defamation" has increased as a result of
sharing, posting, and commenting on content on several social
networking sites and it not only affects the reputation of an
individual, but sometimes the whole community.
As per black's law dictionary, defamation means, "the offense
of injuring a person's character, fame, or reputation by false
and malicious statements". The wrongdoer intends to damage
the reputation of another person by making a defamatory
statement. While in the case of cyber defamation not only
includes verbal or written communications but also includes
statements made in cyberspace through the internet.
In short, defaming a person through a virtual medium is known
as "Cyber Defamation".
Dayananda Sagar Academy of Technology & Management
Cyberstalking and harassment
Cyberstalking refers to the use of the internet and other
technologies to harass or stalk another person online, and is
potentially a crime in the United States.
This online harassment, which is an extension
of cyberbullying and in-person stalking, can take the form of e-
mails, text messages, social media posts, and more and is often
methodical, deliberate, and persistent.
Most of the time, the interactions do not end even if the recipient
expresses their displeasure or asks the person to stop.
The content directed at the target is often inappropriate and
sometimes even disturbing, which can leave the person feeling
fearful, distressed, anxious, and worried.
Dayananda Sagar Academy of Technology & Management
Difference between defamation and stalker
stalking goes that extra step in following the person in the real
world. Some stalkers will seek out the individual in his or her
private life, take items belonging to him or her or even physically
interact with the target.
Online defamation generally ends online and does not cross into
the real world at any point. The perpetrator of the false information
may not ever see the person or interact with him or her physically.
However, defamation is a civil matter while stalking is generally a
criminal issue.

Dayananda Sagar Academy of Technology & Management

Pornographic offense
• Pornographic offenses, which can encompass a range of legal issues related to the
production, distribution, or possession of pornographic material. Laws vary widely
depending on the country or region, but common offenses might include:

1. Possession of Child Pornography: Strictly illegal in most jurisdictions, involving

severe penalties.
2. Distribution of Obscene Material: Selling or distributing material deemed obscene
can lead to criminal charges.
3. Prostitution-Related Offenses: Engaging in or promoting prostitution may fall
under pornographic offenses in some areas.
4. Public Indecency: Displaying pornographic material in public settings can result in
legal consequences.

Dayananda Sagar Academy of Technology & Management

Password sniffing
Password sniffing is an attack on the Internet that is used to steal user
names and passwords from the network.
Today, it is mostly of historical interest, as most protocols nowadays use
strong encryption for passwords.
However, it used to be the worst security problem on the Internet in the
1990s, when news of major password sniffing attacks were almost
weekly.
The password sniffing problem was largely solved by SSH, which replaced
several prior insecure protocols.
Many other protocols have also introduced encryption or at least hashing
of passwords, which makes this attack less practical.
However, various other credentials stealing and replay attacks are still
widely used. Man-in-the-middle attacks are commonly used for stealing
passwords and credentials today.
Dayananda Sagar Academy of Technology & Management
Computer sabotage
 Computer sabotage involves deliberate attacks intended to disable computers or networks for
the purpose of disrupting commerce, education and recreation for personal gain, committing
espionage, or facilitating criminal conspiracies, such as drug and human trafficking.
 According to the Federal Bureau of Investigation, computer sabotage costs billions of dollars
in legal fees to recover damages such as identity theft and to repair vital infrastructure that
serves hospitals, banks and 911 services.
 Obviously, these acts of violence do not require any special expertise on the part of the
criminal. Sabotage may, however, be conducted by dissatisfied former employees who put to
use some of their knowledge of company operations to gain access to and destroy hardware
and software.
 Example- One of the most publicized acts of computer sabotage occurred on November 2,
1988, when a virus traveled through Internet, an unclassified network used by government,
business, and university researchers to exchange data and findings. Within hours, this
particular virus (actually a self-contained program called a worm) had infected approximately
6,000 military, corporate, and university computers. In January of 1990, Robert Tappan Morris,
Jr., a Cornell University graduate student, was convicted of unleashing the worm.
Dayananda Sagar Academy of Technology & Management
Cybercrime against property
• This a cybercrime against any individual
belongings. The various types of attacks are
1. Credit card frauds
2. Intellectual property
3. Internet time theft

Dayananda Sagar Academy of Technology & Management

 Credit card frauds
Credit card fraud can happen if someone physically steals your card or
virtually hacks your account, and it can be a serious headache to resolve.
Credit card fraud occurs when an unauthorized person gains access to
your information and uses it to make purchases. Here are some ways
fraudsters get your information:
Lost or stolen credit cards
Skimming your credit card, such as at a gas station pump
Hacking your computer
Calling about fake prizes or wire transfers
Phishing attempts, such as fake emails
Looking over your shoulder at checkout
Stealing your mail

Dayananda Sagar Academy of Technology & Management

Intellectual property theft
Intellectual property (IP) theft is the unauthorized use, exploitation, or
outright theft of creative works, ideas, trade secrets, and proprietary
information otherwise protected under intellectual property laws.
IP theft covers a wide range of cases, including trademark violations,
copyright infringement, and patent infringement.
IP theft can damage individuals, businesses, and governmental
entities that have invested substantial time and resources to develop
their intellectual property.
At scale, IP theft undermines innovation and economic growth.
Unfortunately, ever-increasing digital technologies and assets have
made it significantly easier for hackers and thieves to reproduce and
distribute digital IPs.
This amplifies the risks and reinforces a growing need for effective IP
protection and enforcement.
Dayananda Sagar Academy of Technology & Management
Intellectual property theft-Example
• The Wright Brothers and the Airplane – The path to success for the
Wright Brothers was not smooth flying, as several competing
airplane inventors, like Samuel Pierpont Langley and Glenn Curtiss,
aimed to roll out similar airplanes. Patents issued on behalf of the
Wright Brothers enabled them to prevent others from building
similar planes, giving the brothers a monopoly on airplane
production for several years.

Dayananda Sagar Academy of Technology & Management

Internet time theft
• Hacking the username and password of ISP of an individual and surfing the internet at
his cost is Internet Time Theft.
• Example-This connotes the usage by an unauthorized person of the Internet hours paid
for by another person. In May 2000, the economic offences wing, IPR section crime
branch of Delhi police registered its first case involving theft of Internet hours. In this
case, the accused, Mukesh Guptaan engineer with Nicom System (p) Ltd. was sent to the
residence of the complainant to activate his Internet connection. However, the accused
used Col. Bajwa’s login name and password from various places causing wrongful loss
of 100 hours to Col. Bajwa. Delhi police arrested the accused for theft of Internet time

Dayananda Sagar Academy of Technology & Management

 Cybercrime against organization
The attack is for organization. The various attacks are as follows:
1. Unauthorized access of computers
2. Password sniffing
3. Denial of service
4. Virus attack / dissemination of viruses
5. Email bombing/mail bomb
6. Salami attack/salami technique
7. Logic bomb
8. Trojan horse
6. Data diddling
7. Industrial spaying/industrial espionage
8. Computer network intrusion
9. Software privacy
Dayananda Sagar Academy of Technology & Management
1. Unauthorized access of computers
Over the past few decades, the internet has become an essential
component of life for most individuals and organizations.
People use the internet for social media, e-commerce, and as a
platform to store personal identifying information. Criminal activity
aimed at accessing this type of data has also increased in the past few
decades.
Unauthorized computer access, popularly referred to as hacking,
describes a criminal action whereby someone uses a computer to
knowingly gain access to data in a system without permission to
access that data.
Section 66 and 67 is now expanded to include all cyber offence
https://www.indiacode.nic.in/show-data?actid=AC_CEN_45_76_00001_200
021_1517807324077&orderno=84
Dayananda Sagar Academy of Technology & Management
2. Password sniffing

Dayananda Sagar Academy of Technology & Management

 3. Denial of service
A Denial-of-Service (DoS)
attack is an attack meant to
shut down a machine or
network, making it inaccessible
to its intended users.
DoS attacks accomplish this by
flooding the target with traffic,
or sending it information that
triggers a crash. In both
instances, the DoS attack
deprives legitimate users (i.e.
employees, members, or
account holders) of the service
or resource they expected.
Dayananda Sagar Academy of Technology & Management
4. Virus attack / dissemination of viruses
• Virus dissemination is a process in which malicious software
attaches itself to other software (which can be a trojan horse,
time bomb, virus, worm etc) which can destroy the victim
computer/system.

Dayananda Sagar Academy of Technology & Management

5. Email bombing/mail bomb
• An e-mail bomb is the sending of a huge number of e-mails to one
system or person. We also call it a ‘mail bomb.’ It is a kind of
technological attack or cyber attack. The e-mail bomber aims to
overwhelm a mailbox so that it shuts down. Sometimes, the whole e-
mail server shuts down too. An e-mail bomb is a form of Internet abuse
in which the attacker tries to trigger a denial-of-service situation.
• A denial-of-service or DNS occurs when a machine or network
becomes unavailable because something has disrupted the service.
• An e-mail bomb is a type of denial-of-service attack. People who send
e-mail bombs have malicious intent, i.e., they intend to do harm. Along
with hackers, e-mail bombers are a danger and nuisance for online
people, businesses, and other entities
Dayananda Sagar Academy of Technology & Management
6. Salami attack/salami technique
• A “salami slicing attack” or “salami fraud” occurs when an
attacker uses an online database to obtain customer
information, such as bank/credit card details. Over time,
the attacker deducts insignificant amounts from each
account. These sums naturally add up to large sums of
money invisibly taken from the joint accounts. Most people
do not report the deduction, often due to the small amount
involved.
• For example, suppose an attacker withdraws ₹0.01 (1
paise) from each bank account. Nobody will notice such a
minor discrepancy. However, a large sum is produced when
one paise is deducted from each account holder at that
bank.
Dayananda Sagar Academy of Technology & Management
7. Gateway
Salami attack - Example
• Michael Largent, a 21-year-old from California, wrote a
program allowing him to take advantage of challenge
deposits, which companies like Google and others use
to validate a client’s bank account.
• The program created over 58,000 user accounts,
resulting in challenge transactions ranging from $0.01
to $2.00 sent to Largent’s accounts. The funds,
amounting to somewhere between $40,000 and 50,000,
were transferred into other Largent accounts.

Dayananda Sagar Academy of Technology & Management

Salami attack-prevent
Monitor your bank statements regularly
Look for small deductions
Check your credit report
Be wary of unsolicited emails
Set up alerts
Keep your passwords secure

Dayananda Sagar Academy of Technology & Management

7. Logic bomb

A logic bomb is a sort of malware that infiltrates

software, a computer network, or an operating system
with malicious code with the objective of inflicting harm
to a network when particular circumstances are fulfilled.
It is used to decimate a system by emptying hard
drives, erasing files, or distorting data when triggered
by a specified event.
A date or time leading up to the activation of an
infected software program or the deletion of certain
data from a system might be considered an event.

Dayananda Sagar Academy of Technology & Management

Logic bomb -Example
• In 2003, a sysadmin, fearful that his employer Medco Health
Solutions was planning to fire him,
planted a logic bomb on their servers that would've deleted hu
ge swaths of data
. He set it to go off on his birthday in 2004, but it failed due to
a programming error, so he changed the trigger date the
following year; it was discovered and disabled a few months in
advance, and he was sentenced to 30 months in jail.

Dayananda Sagar Academy of Technology & Management

Logic bomb -Prevention
Use trusted antivirus software
Don’t download anything you don’t know or trust
Perform regular OS updates

Dayananda Sagar Academy of Technology & Management

8. Trojan horse
• A Trojan Horse Virus is a type of malware that downloads onto a
computer disguised as a legitimate program. The delivery method
typically sees an attacker use social engineering to hide malicious
code within legitimate software to try and gain users' system
access with their software.
• A simple way to answer the question "what is Trojan" is it is a type
of malware that typically gets hidden as an attachment in an email
or a free-to-download file, then transfers onto the user’s device.
Once downloaded, the malicious code will execute the task the
attacker designed it for, such as gain backdoor access to corporate
systems, spy on users’ online activity, or steal sensitive data.
• Indications of a Trojan being active on a device include unusual
activity such as computer settings being changed unexpectedly.
Dayananda Sagar Academy of Technology & Management
Trojan horse - protect
• A Trojan horse virus can often remain on a device for months without
the user knowing their computer has been infected.
• However, telltale signs of the presence of a Trojan include computer
settings suddenly changing, a loss in computer performance, or
unusual activity taking place.
• The best way to recognize a Trojan is to search a device using a
Trojan scanner or malware-removal software.

Dayananda Sagar Academy of Technology & Management

9. Data diddling
 Data diddling is a form of computer fraud involving the intentional falsification of
numbers in data entry.
 It often involves the inflation or understatement of income or expenses to benefit a
company or individual when completing tax or other financial documents.
 This act is performed manually by someone in a data entry position, or remotely
by hacking or using malware.
 Data diddling is a form of cyber crime, and is punishable by large fines or
imprisonment.

Dayananda Sagar Academy of Technology & Management

10. Industrial spaying/industrial espionage
The industrial espionage, acquisition of trade secrets from
business competitors.
A by-product of the technological revolution, industrial espionage is
a reaction to the efforts of many businessmen to keep secret their
designs, formulas, manufacturing processes, research, and future
plans in order to protect or expand their shares of the market

Dayananda Sagar Academy of Technology & Management

11. Computer network intrusion
A network intrusion is an unauthorized penetration of a computer in
your enterprise or an address in your assigned domain.
An intrusion can be passive (in which penetration is gained stealthily
and without detection) or active (in which changes to network
resources are effected).
Intrusions can come from outside your network structure or inside
(an employee, customer, or business partner).
Some intrusions are simply meant to let you know the intruder was
there, defacing your Web site with various kinds of messages or
crude images

Dayananda Sagar Academy of Technology & Management

12. Software privacy
Software piracy is the act of stealing software that is legally protected.
This stealing includes copying, distributing, modifying or selling the
software.
Copyright laws were originally put into place so that the people who
develop software (programmers, writers, graphic artists, etc.) would
get the proper credit and compensation for their work. When software
piracy occurs, compensation is stolen from these copyright holders.
Software piracy has become a worldwide issue with China, the United
States, and India being the top three offenders. The commercial value
of pirated software is $19 billion in North America and Western Europe
and has reached $27.3 billion in the rest of the world. According to the
2018 Global Software Survey, 37% of software installed on personal
computers is unlicensed software.

Dayananda Sagar Academy of Technology & Management

Cybercrime against Society
• The following are the cyber crime attacks towards society
1. Forgery
2. Cyber terrorism
3. Web jacking

Dayananda Sagar Academy of Technology & Management

1. Forgery
• The term forgery usually describes a message related attack
against a cryptographic digital signature scheme. That is an
attack trying to fabricate a digital signature for a message
without having access to the respective signer's private
signing key.

Dayananda Sagar Academy of Technology & Management

3. Web jacking
Illegally seeking control of a website by taking over a domain is known
as Web Jacking.
 In web jacking attack method hackers compromises with the
domain name system (DNS) that resolves website URL to IP address but the
actual website is never touched.
Web jacking attack method is another type of social engineering phishing
attack where an attacker create a fake web page of victim website and send it
to the victim and when a victim click on that link, a message display on the
browser “the site abc.com has move on another address, click here to go to
the new location” and if a victim does click on the link, he/she will redirect on
the fake website page where an attacker can ask for any sensitive data such
as credit card number, username, password etc.
 Web jacking attack method is one kind of trap which is spread by the attacker
to steal the sensitive data of any people, and those people got trapped who
are not aware about cyber security.
Dayananda Sagar Academy of Technology & Management
Crimes emanating from Usenet newsgroup
Usenet is a kind of discussion group where people can share
views on topic of their interest. The article posted to a
newsgroup becomes available to all readers of the
newsgroup.
By its very nature, Usenet groups may carry very offensive,
harmful, inaccurate or otherwise inappropriate material, or in
some cases, postings that have been mislabeled or are
deceptive in another way.
Therefore, it is expected that you will use caution and
common sense and exercise proper judgment when using
Usenet, as well as use the service at your own risk.

Dayananda Sagar Academy of Technology & Management

Course Content

History
Definition
Classification
Indian Perspective
Indian Law
Global Perspective

Dayananda Sagar Academy of Technology & Management

Indian Perspective
• From an Indian perspective, cybercrime is a rapidly growing concern, driven by the
country’s expanding digital landscape, increased internet penetration, and the
widespread use of smartphones and online services.
• As more individuals, businesses, and government agencies engage in online activities,
cybercriminals have found new opportunities for exploitation. Below is a summary of
key perspectives on cybercrime in India:

1. Rising Incidence of Cybercrime

• India has witnessed a sharp rise in cybercrime, with incidents increasing year on year.
• According to the National Crime Records Bureau (NCRB), cybercrime cases surged by
over 5% in 2021, reaching more than 50,000 cases.
• The most common cybercrimes include financial fraud, hacking, identity theft,
cyberbullying, and online harassment.

Dayananda Sagar Academy of Technology & Management

2. Types of Cybercrime
•Financial Fraud: The most prevalent form, including phishing, online
banking fraud, and e-commerce scams. Financial crimes account for
nearly half of all cybercrime cases in India.
•Hacking and Data Breaches: Increasing incidents of unauthorized data
breaches and hacking attacks on government, financial, and private
organizations.
•Online Harassment and Cyberbullying: Particularly harmful for women
and children, with rising cases of cyberstalking and revenge porn.
•Cyber Terrorism and Espionage: Although less common, politically
motivated cyber attacks targeting government infrastructure have
occurred.
Dayananda Sagar Academy of Technology & Management
3. Financial and Social Impact
• Cybercrimes have caused significant financial losses. In 2020 alone, it was estimated that
cybercrime caused losses of around ₹1.25 lakh crore ($15 billion).
• Socially, cybercrime also impacts public trust in online platforms, digital transactions, and
personal security.
4. Legal and Institutional Response
• India has implemented a legal framework to address cybercrime, primarily through the
Information Technology Act (2000), which criminalizes offenses like hacking and identity
theft.
• Several initiatives have been launched by the government to combat cybercrime, such as
the National Cyber Crime Reporting Portal and the Cyber Crime Investigation Cell.
• Despite these efforts, the conviction rate for cybercrimes remains low, and law
enforcement often lacks the resources or technical expertise to tackle sophisticated
crimes.
• There is a growing need for specialized cybersecurity infrastructure and police training
to better handle the evolving nature of cyber threats.
Dayananda Sagar Academy of Technology & Management
5. Challenges
•Digital Literacy Gap: A significant portion of India’s population, particularly in rural areas,
lacks awareness about online safety, making them easy targets for fraud and scams.
•Data Privacy Concerns: Weak data protection laws and frequent data breaches have raised
concerns about user privacy, highlighting the need for stronger privacy protections.
•Cross-Border Nature of Cybercrime: The international nature of cybercrime makes it
challenging for India to resolve cases, often requiring global cooperation for investigations
and prosecutions.
6. Government Initiatives
• To address the growing cybercrime threat, the Indian government has launched initiatives
like the Cyber Swachhta Kendra (to remove malware) and is working toward a Data
Protection Bill to ensure better privacy and data security for citizens.
• Additionally, cybersecurity education and awareness programs are being promoted at
various levels, from schools to professional training.
Dayananda Sagar Academy of Technology & Management
• As India continues its journey of digital transformation, the fight
against cybercrime will need to intensify. This includes strengthening
legal frameworks, investing in cybersecurity infrastructure,
improving digital literacy, and fostering public-private partnerships.
• The National Cyber Security Policy and greater focus on data privacy
will likely shape the future of India's cybercrime response.

Dayananda Sagar Academy of Technology & Management

Course Content

History
Definition
Classification
Indian Perspective
Indian Law
Global Perspective

Dayananda Sagar Academy of Technology & Management

The Information Technology Act,
2000 (IT Act, 2000)
• The Information Technology Act, 2000 (IT Act, 2000) is a landmark
piece of legislation passed by the Government of India to provide a
legal framework for electronic governance, digital commerce, and
cybercrimes.
• It was the first law in India that specifically addressed issues related
to the internet, electronic records, and cybercrime.
• The IT Act, 2000 provides the legal infrastructure for the use of
electronic commerce and digital transactions while also dealing with
offenses and contraventions in the digital space.
Key Objectives of the IT Act,
2000:
1.To provide legal recognition to electronic records, digital signatures,
and electronic contracts: This was intended to facilitate e-commerce
and digital transactions.
2.To establish a legal framework for the prevention of cybercrimes: The
Act aims to define and penalize various cyber offenses such as
hacking, identity theft, and cyberstalking.
3.To promote the use of secure digital signatures and certificates: This
was done to establish trust in digital communications and online
transactions.
4.To give powers to government authorities for monitoring and
investigating cybercrime and offenses.
 Amendments to the IT Act, 2000
• 1. The Information Technology (Amendment) Act, 2008
• The 2008 amendment made significant changes to the original Act,
including:
• Section 66A: Defined the offense of sending offensive or menacing messages
through a computer or communication device (though this section was struck
down by the Supreme Court in 2015 as unconstitutional).
• Section 66E: Criminalized the violation of privacy, including the capturing,
publishing, or transmitting private images without consent.
• Section 72A: Dealt with the punishment for disclosure of information in breach
of a lawful contract.
• Introduced provisions on cyberbullying and cyberstalking, and strengthened
penalties for cybercrimes.
• Enhanced provisions for identity theft and cyber terrorism.
• 2. The Information Technology (Amendment) Act, 2011
• The amendments clarified issues related to data protection and introduced
new provisions for cyber security.
• 3. The Personal Data Protection Bill (PDPB), 2019 (Proposed)
• While not yet passed into law, this bill has been proposed as an important
development in Indian data protection law. It seeks to introduce a more
comprehensive framework for data privacy and data protection that goes
beyond the IT Act, 2000.
India has a robust set of institutions working to combat cybercrime and
enhance cybersecurity. Key institutions involved:
• 1. Cyber Crime Cells (State Police)
• Specialized units in state police departments that investigate and handle local
cybercrime cases, including hacking, online fraud, and cyberbullying.
• 2. Central Bureau of Investigation (CBI)
• Handles complex cybercrime cases, especially those with national or inter-state
implications, including cyber terrorism and large-scale fraud.
• 3. National Investigation Agency (NIA)
• Focuses on cyber terrorism and cybercrimes threatening national security, including
attacks on critical infrastructure.
• 4. Computer Emergency Response Team (CERT-In)
• The national body under the Ministry of Electronics and IT responsible for responding
to cybersecurity incidents, issuing alerts, and improving India’s cybersecurity posture.
• 5. National Cyber Security Coordinator (NCSC)
• Coordinates national cybersecurity efforts, ensures the implementation of
cybersecurity frameworks, and addresses large-scale cyber threats.
• 6. Data Security Council of India (DSCI)
• A non-profit body promoting cybersecurity and data protection in India, organizing awareness
campaigns, and collaborating with government and private sectors.
• 7. Reserve Bank of India (RBI)
• Regulates cybersecurity in the financial sector, ensuring secure online banking and protecting
against financial fraud and cybercrimes.
• 8. National Crime Records Bureau (NCRB)
• Collects and analyzes data on cybercrimes to assist law enforcement in understanding trends
and implementing strategies to combat cybercrime.
• 9. Indian Cyber Crime Coordination Centre (I4C)
• A central hub for coordinating cybercrime prevention efforts and improving law enforcement’s
response to cybercrimes, including those involving women and children.
• 10. National Technology Research Organisation (NTRO)
• Focuses on protecting national security by securing India’s digital infrastructure and conducting
research on cybersecurity technologies.
• 11. Cyber Crime and Fraud Monitoring Cell (CCFMC)
• Monitors and prevents cyber fraud, particularly in the financial sector, by tracking fraudulent
activities and working with banks to protect digital transactions.
Cyber crimes punishable under various Indian laws
Sending pornographic or obscene emails are punishable under Section 67 of the IT Act.
An offence under this section is punishable on first conviction with imprisonment for a
term, which may extend to five years and with fine, which may extend to One lakh
rupees.
 In the event of a second or subsequent conviction the recommended punishment is
imprisonment for a term, which may extend to ten years and also with fine which may
extend to Two lakh rupees.
Emails that are defamatory in nature are punishable under Section 500 of the Indian
Penal Code (IPC), which recommends an imprisonment of upto two years or a fine or
both.
Threatening emails are punishable under the provisions of the IPC pertaining to
criminal intimidation, insult and annoyance (Chapter XXII), extortion (Chapter XVII)
Email spoofing
 Email spoofing is covered under provisions of the IPC relating to
 fraud, cheating by personation (Chapter XVII), forgery (Chapter XVIII)

Dayananda Sagar Academy of Technology & Management

Global Perspective
• Cybercrime is a rapidly growing global issue that transcends national
borders, affecting individuals, businesses, governments, and
economies worldwide.
• It includes a wide range of criminal activities, from hacking and
identity theft to more sophisticated schemes such as cyber espionage,
ransomware attacks, and online fraud.
• Understanding cybercrime from a global perspective requires
considering multiple aspects, including the scale of the problem, the
challenges of enforcement, and the strategies used to combat it.

Dayananda Sagar Academy of Technology & Management

• Types of cyber crime
• Consequences-Economic Cost, National Security, Human Cost
• Challenges in Combatting Cybercrime: Jurisdictional Issues,
Anonymity of Cybercriminals, Evolving Technology and Tactics, Lack of
Cybersecurity Skills, Lack of International Standards
• Future of cyber crime: AI and automation, cloud security
Countries worldwide have signed various international conventions and treaties to combat

cybercrime and enhance cybersecurity. Some of the most significant agreements include:

1. Budapest Convention on Cybercrime (2001): The first international treaty focused on addressing

internet and computer-related crimes. It aims to harmonize cybercrime laws and enhance cooperation

between countries for investigating and prosecuting cybercrimes. Over 60 countries have signed it.

2. UN Convention Against Transnational Organized Crime (2000): While not specific to cybercrime, it

addresses the use of the internet for organized crimes like trafficking, fraud, and money laundering.

3. Malabo Convention (2014): Adopted by the African Union, it focuses on cybercrime, cybersecurity,

and data protection, aiming to create a legal framework for African countries to address cyber threats.
4. APEC Cybersecurity Strategy (2004): A regional agreement that promotes cybersecurity and

international cooperation among Asia-Pacific countries to combat cybercrime and protect critical

infrastructure.

5. GDPR (2018): A European Union regulation focusing on data protection and privacy,

significantly reducing cybercrime related to data breaches, identity theft, and online fraud.

6. ASEAN Cybersecurity Cooperation Strategy (2017): Focuses on strengthening cybersecurity in

Southeast Asia and promotes regional cooperation on combating cybercrime.

These conventions and agreements facilitate international cooperation, shared best practices, and

legal frameworks to tackle the growing threat of cybercrime, ensuring a safer global digital

environment.