CYBER SECURITY

INTRODUCTION TO CYBER CRIME

 Rapid Growth Of Internet.

 Crime Increased.
 Email.
 Inject Virus Into System.
 Mobile, Laptops.
 Cloud.
INTRODUCTION….

 Key Logger Software.

 ATM Scam.
 Amazon offers duplicate websites.
 Fraud websites for applying govt jobs.
 Bahubali cinema booking.
 IF NO INTERNET NO CYBER CRIME
Cyber Security

Cyber
 Computer System(hardware)
 Programs or data
 Network(wireless or wired)

Security
 System security
 Security for Programs or data
 Network security
Cybersecurity
Cybersecurity is the practice of protecting systems,
networks, and programs from digital attacks. These
cyberattacks are usually aimed at accessing, changing, or
destroying sensitive information; extorting money from
users through ransomware; or interrupting normal business
processes.
Cyber Security

Cyber Security is a process to protect the network and

devices from damages and unauthorized attacks
Why Cyber security ?
 Confidentiality
 Integrity
 Availability
Confidentiality
The purpose of ‘Confidentiality’ is to ensure the protection
of data by preventing the unauthorized disclosure of
information

A B
C
Integrity
Integrity refers to the accuracy and completeness of data.
Security controls focused on integrity are designed to
prevent data from being modified or misused by an
unauthorized party.
SYSTEM A------------HELLO---------------SYSTEM B

Unauthorized user HE123LLO23

Availability

Availability refers to information being accessible to

authorized personnel as and when it is needed.
 1.1 INRODUCTION
The internet in India is growing rapidly. It has given rise to
new opportunities in every field we can think of be it
entertainment, business, sports or education.

There’re two sides to a coin. Internet also has it’s own

disadvantages is Cyber crime- illegal activity committed on
the internet.
1.2 DEFINING CYBER CRIME

 Crime committed using a computer and

the internet to steal data or information.
 Illegal imports.
 Malicious programs.
Cybercrim
e The first recorded cybercrime took place in the year 1820.
 Cybercrime is not a new phenomena

 In 1820, Joseph Marie Jacquard, a textile manufacturer in

France, produced the loom. This device allowed the
repetition of a series of steps in the weaving of special
fabrics. This resulted in a fear amongst Jacquard's
employees that their traditional employment and livelihood
were being threatened. They committed acts of sabotage to
discourage Jacquard from further use of the new technology.
This is the first recorded cyber crime!
Alternative definitions for
cybercrime
 Any illegal act where a special knowledge of computer
technology is essential for its perpetration, investigation or
prosecution
 Any traditional crime that has acquired a new dimension
or order of magnitude through the aid of a computer, and
abuses that have come into being because of computers
 Any financial dishonesty that takes place in a computer
environment.
 Any threats to the computer itself, such as theft of
hardware or software, sabotage and demands for ransom
Origin of Cyber Crime
1820 first cyber crime

780 cyber crimes in India during Feb 2000 to Dec 2002

3286 cyber crimes in 2009 (in 3Months)

 Alternative definitions
• Any illegal act where a special knowledge of computer
technology is essential for its perpetration, investigation or
prosecution.
• Any traditional crime that has acquired a new dimension or
order of magnitude through the aid of a computer, and
abuses that have come into being because of computers.
• Any financial dishonesty that takes place in a computer
environment.
• Any threats to the computer itself, such as theft of hardware
Another definition
 “Cybercrime (computer crime) is any illegal behavior,
directed by means of electronic operations, that target
the security of computer systems and the data
processed by them”.
 Hence cybercrime can sometimes be called
computer-related crime, computer as E-
Internet crime, High- crime, crim e,
techcrime….
Cybercrime specifically can be
defined in number of ways…

 A crime committed using a computer and the internet

to steal a person’s identity(identity theft) or sell
contraband or stalk victims or disrupt operations
with malevolentprograms.
 Crimes completed either on or with a computer
 Any illegal activity through the Internet or on the
computer.
 All criminal activities done using the medium of
computers, the Internet, cyberspace and the WWW.
 Further
 Cybercrime refers to the act of performing a criminal act using cyberspace
as communication vehicle.
 Two types of attacks are common

 1. TECHNO-CRIME

 2. TECHNO-VANDALISM
Techno- crime: Active attack.

It is a premeditated(planned) act against a system,

with the intent to copy, steal, prevent access, corrupt
or otherwise deface(spoil) or damage parts of
computer system.
active attack

An active attack is a cyber attack where an

unauthorized entity directly interacts with a
system or data to alter it. The goal of an active
attack is to disrupt the system's operations and
gain access to sensitive information
active attack
Examples of active attacks
Man-in-the-middle (MitM)
An attacker intercepts and alters messages between two partie
without their knowledge.
Denial of service (DoS)
An attacker sends a large number of illegitimate requests to a
system, network, or service, making it inaccessible.
.
active attack
Malware infection
An attacker uses malicious software, such as a virus, worm,
or Trojan, to gain control of a system.
Password attacks
An attacker attempts to guess or crack passwords to gain
access to a system or account.
Spoofing attacks
An attacker impersonates a trusted entity, such as a website,
email, or IP address, to trick users into revealing sensitive
data
active attack
Protecting against active attacks
Use one-time passwords (OTPs) to authenticate
transactions
Generate random session keys to prevent attackers from
retransmitting information
Use a combination of technical procedures and
techniques to protect against active threats
passive attacks
Examples of passive attacks Eavesdropping on unencrypted
communications, Exploiting weak passwords, Analyzing
network traffic for sensitive information, Installing a
keylogger to record user credentials, and Using a packet
analyzer program to record network data.

Why it's dangerous

Passive attacks are difficult to detect because the attacker
doesn't leave evidence of their activity
The attacker can carry out passive attacks over a long
period of time without being detected
CYBER CRIME RATES
Techno – vandalism: Passive attack

These are brainless defacement of websites

and other activities, such as copying files and
publicizing their contents publicity.
Tight internet security, strong technical
safeguards, should prevent these incidents
passive attack
A passive attack is a cyber attack that involves monitoring
data transmissions without changing the data. The goal of a
passive attack is to gain access to sensitive information
without being detected.
How it works
The attacker monitors data traveling between systems or
networks
The attacker looks for vulnerabilities in the system or
network
The attacker intercepts sensitive information, such as user
accounts or passwords
The attacker analyzes the data to gain intelligence about the
system or network
1.3 Cybercrime and information
security
 Lack of information securitygive rise to cybercrime
 Cybersecurity: means protecting information,
equipment, devices, computer, computer resource,
communication device and information stored therein
from unauthorized access, use, disclosure,
disruption, modification ordestruction.
Challenges for securing data in
business perspective
 Cybercrime occupy an important space in information
security due to their impact.
 Most organizations do not incorporate the cost of the
vast majority of computer security incidents into their
accounting
 The difficulty in attaching a quantifiable monetary
value to the corporate data and yet corporate data get
stolen/lost
 Financial loses may not be detected by the victimized
organization in case of Insider attacks : such as
leaking customerdata
Cybercrime trends over years
Definitions
1. CYBER SPACE
• Cyber space is a nebulous(confused) place where
humans interact over computer network.
• Cyber space is a world wide network of computer
networks that uses Transmission Control
Protocol/Internet Protocol(TCP/IP) for communication
to facilitate transmission and exchange of data.
• It is a place where you can chat,explore,research and
play.
2. Cyber squatting
Squatting is the act of occupying an un occupied space
that the squatter does not own, rent or have permission to
use.
Domain names are being paid for by the cyber squatters
through registration process.
It is an act of registering a popular internet address,
usually a company name
EX: amazon.nice.com
3.Cyberpunk and Cyberwarfare
Cyberpunk is anarchy (disorder) via machines or
machine/computer rebel movement.
Cyber warfare means information warriors unleashing
vicious(cruel) attacks against an unsuspecting opponents,
computer networks, wreaking havoc(creating great
damage) and paralyzing nations.
4. Cyberterrorism
The premeditated use of disruptive activities, or threat
thereof, against computers and/or networks, with the
intention to cause harm or further social, ideological,
religious, political, or similar objectives to intimate any
person in furtherance of such objectives.
Cyberterrorism
Cyberterrorism is defined as “any person, group or
organization who, with terrorist intent, utilizes accesses or
aids in accessing a computer or computer network or
electronic system or electronic device by any available
means, and thereby knowingly engages in or attempts to
engage in a terrorist act commits the offence of
cyberterrorism.”
 1.4 Who are Cybercriminals?
 Are those who conduct acts such as:
 Child pornography
 Credit card fraud
 Cyberstalking
 Defaming another online
 Gaining unauthorized access to computer systems
 Ignoring copyrights
 Software licensing and trademark protection
 Overriding encryption to make illegal copies
 Software piracy
 Stealing another’s identity to perform criminal acts
Categorization of Cybercriminals
 Type 1: Cybercriminals- hungry for recognition
 Hobby hackers
 A person who enjoys exploring the limits of what is
possible, in a spirit of playful cleverness. May modify
hardware/ software
 IT professional(social engineering):
 Ethical hacker

 Politically motivated hackers :

 promotes the objectives of individuals, groups or nations supporting a
variety of causes such as : Anti globalization, transnational conflicts
and protest
 Terrorist organizations
 Cyberterrorism
 Use the internetattacks in terroristactivity
 Large scale disruption of computer networks , personal
computers attached to internetvia viruses
Type 2: Cybercriminals- not
interested in recognition
 Psychological perverts
 Financially motivated hackers
 Make money from cyber attacks
 Bots-for-hire : fraud through phishing, information theft, spam
and extortion
 State-sponsored hacking
 Hacktivists
 Extremely professional groups working for governments
 Have ability to worm into the networks of the media,
major corporations, defense departments
Type 3: Cybercriminals- the
insiders
 Disgruntled or former employees seeking
revenge
 Competing companies using employees to gain
economic advantage through damage and/ or
theft.
Motives behind cybercrime
 Greed
 Desire to gain power
 Publicity
 Desire for revenge
 A sense of adventure
 Looking for thrill to access forbidden
information
 Destructive mindset
 Desire to sell network security services
Cyber CRIME

A crime committed using a computer and the Internet to

steal a person's identity (identity theft) or sell contraband or
stalk victims or disrupt operations with malevolent
programs.
1.5 Classification of cybercrimes
1. Cybercrime against an individual
2. Cybercrime against property
3. Cybercrime against organization
4. Cybercrime against Society
5. Crimes emanating from Usenet
newsgroup
1. Cybercrime against an individual
 Electronic mail spoofing and other online
frauds
 Phishing, spear phishing
 spamming
 Cyberdefamation
 Cyberstalking and harassment
 Computer sabotage
 Passwordsniffing
2.Cybercrime against property
 Creditcard frauds
 Intellectual property( IP) crimes: software piracy,
copy right infringement.
 Internet time theft: Unauthorized person using
internet
3.Cybercrime against organization
 Unauthorized accessing of computer
 Password sniffing
 Denial-of-service attacks
 Virus attack/dissemination of viruses
 E-Mail bombing/mail bombs
 Salami attack/ Salami technique
 Logic bomb
 Trojan Horse
 Data diddling
 Industrial spying/ industrial espionage
 Computer network intrusions
 Software piracy
4.Cybercrime against Society
Forgery
Cyberterrorism
Web jacking
5. Usenet groups
 In 1979 it was developed by two graduate students
from Duke University in North Carolina (UNC) as
a network that allowed users to exchange
quantities of information too large for mailboxes
 Usenet was designed to facilitate textual exchanges
between scholars.
 Slowly, the network structure adapted to allow the
exchange of larger files such as videos or images.
Cont…

 A News group is an online discussion forum, can

also be used to post and read data.
 Examples:
 Alt. politics
 Talk. religion
 Sci. physics
 Comp. software. testing
 Alt. multimedia. comedy
Cont….
Crimes emanating from Usenet
news group
 Usenet groups may carry very offensive,
harmful, inaccurate material
 Postings that have been mislabeled or are
deceptive in another way
 Hence service at your own risk
1.5.1 E-Mail Spoofing
 E-mail spoofing is the forgery of an e-mail header so
that the message appears to have originated from
someone or somewhere other than the actual source.
 To send spoofed e-mail, senders insert commands in
headers that will alter message information.
 It is possible to send a message that appears to be
from anyone, anywhere, saying whatever the sender
wants it to say.
 Thus, someone could send spoofed e-mail that appears
to be fromyou with a message that you didn't write.
E-Mail Spoofing
 Although most spoofed e-mail falls into the "nuisance"
category and requires little action other than deletion, the
more malicious varieties can cause serious problems and
security risks.
 For example, spoofed e-mail may purport to be from
someone in a position of authority, asking for sensitive
data, such as passwords, credit card numbers, or other
personal information -- any of which can be used for a
variety of criminal purposes.
 The Bank of America, eBay, and Wells Fargo are among the
companies recently spoofed in mass spam mailings.
 One type of e-mail spoofing, self-sending spam, involves
messages that appear to be both to and from the
recipient.
1.5.2 Spamming
 People who create electronic spam : spammers
 Spam is abuse of electronic messaging systems to
send
unsolicited bulk messages indiscriminately
 Spamming may be
 E-Mail Spam
 Instant messaging spam
 Usenet group spam
 Web search engine spam
 Spam in blogs, wiki spam
 Online classified ads spam
 Mobile phone messaging spam
 Internet forum spam
 Junk fax spam
 Social networking spam
……..
Spamming
 Spamming is difficult to control
 Advertisers have no operating costs beyond
the managementof their mailing lists
 It is difficult to hold senders accountable for their
mass mailings
 Spammers are numerous
Search engine spamming
 Some web authors use “subversive techniques”
(actions or strategies that challenge or
undermine established norms, )to ensure
that their site appears more frequentlyor higher
number in returned search results.
 Remedy: permanently exclude from the search
index
Avoid the following web publishing
techniques:
 Repeating keywords
 Use of keywords that do not relate to the content on
the site
 Use of fast meta refresh
 change to the new page in few seconds.
 Redirection
 IP cloaking:
 Including related links, information, and terms.
 Use of colored text on the same color background
 Tiny text usage
 Duplication of pages with different URLs
 Hidden links
Cyber defamation
 The tort( a wrongful act ) of cyber defamation is

considered to be the act of defaming, insulting,

offending or otherwise causing harm through false
statements pertaining to an individual in cyberspace.
Example: someone publishes
defamatory matter about
someone on a website
or sends an E-mail containing
defamatory information
to all friends of that person.
It may amount to defamation
when-
 Imputation to a deceased person would harm the
reputation of that person, and is intended to be hurtful
to the feelings of his family or other near relatives
 An imputation is made concerning a company or
an association or collection of people as such.
 An imputation in the form of an alternative or
expressed ironically
 An imputation that directly or indirectly, in the
estimation of others, lowers the moral or intellectual
character of that person, or lowers the character of that
person in respect of his caste or of his calling, or lowers
the credit of that person.
Types of defamation
 Libel : written defamation
 Slander: oral defamation
 The plaintiff must have to show that the
defamatory statements were unlawful and would
indeed injure the person’s or organization’s
reputation.
 When failed to prove, the person who made
the allegations may still be held responsible
for defamation.
Cyber defamation cases
 In first case of cyber defamation in India (14 dec 2009),
 The employee of a corporate defamed its reputation was sending
derogatory and defamatory emails against the company and its managing
director
 In this case the Court(delhi court) had restrained the defendant
from sending derogatory, defamatory, obscene, vulgar, humiliating and
abusive emails.
 The courtpassed as important ex-parte injunction.
 In another case, accused posted obscene, defamatory and annoying message
about a divorcee woman and also sent emails to the victim.
 The offender was traced and was held guilty of offences under section 469, 509
IPC and 67 of IT Act, 2000.
 Other defamation cases:
 A malicious customer review by a competitor could destroy a small business.
 A false accusation of adultery on a social networking site could destroy a
marriage.
 An allegation that someone is a “crook” could be read by a potential employer or
business partner
1.5.4 Internet Time Theft
 Occurs when an unauthorized person uses
the Internet hours paid for by another person
 Comes under hacking
 The person get access to someone else’s ISP user ID and
password, either by hacking or by gaining access to it
by illegal means
 And uses the internet without the other person’s
knowledge
 This theft can be identified when Internet time is
recharged often, despite infrequent usage.
 This comes under “identity theft”
1.5.5 Salami attack/ salami technique
 Are used for committing financial crimes.
 A salami attack is a type of fraud that
involves stealing money in small amounts
over time to accumulate a larger sum.
 The alterations made are so insignificant that in
a single case it would go completely unnoticed.
 Example: a bank employee inserts a program, into
the bank’s serve, that deduces a small amount from
the account of every customer every month,
 The unauthorized debit goes unnoticed by
the customers, but the employee will make a
1.5.5 Salami attack:
 Small “shavings” for Big gains!
 The petrol pump fraud
 A salami attack is a financial crime
where small amounts of money are
stolen from multiple accounts over time.
1.5.6 Data diddling
 Data diddling involves changing data input in a computer.
 In other words, information is changed from the way it
should be entered by a person typing in the data.
 Usually, a virus that changes data or a programmer of
the database or application has pre-programmed it to be
changed.
 For example, a person entering accounting may change
data to show their account, or that or a friend or family
member, is paid in full. By changing or failing to enter the
information, they are able to steal from the company.
 To deal with this type of crime, a company must
implement policies and internal controls.
 This may include performing regular audits,
using software with built-in features to combat
such problems, and supervising employees.
Real life example: Doodle me
Diddle
 Electricity board in India have been victims to
data diddling programs inserted when private
parties computerized their systems.
1.5.7 Forgery
 The act of forging something, especially the
unlawful act of counterfeiting a document or object
for the purposes of fraud or deception.
 Something that has been forged, especially a
document that has been copied or remade to look
like the original.
 Counterfeit currency notes, postage, revenue stamps,
marksheets, etc., can be forged using sophisticated
computers, printers and scanners.
Real life case:
 Abdul Karim Telgi, the mastermind of the multi-crore
counterfeiting, printed fake stamp papers worth
thousands of crores of rupees using printing machines
purchased illegally with the help of some conniving
officials of the
Central Govt.’s Security Printing Press (India Security
Press) located in Nasik.
These fake stamp papers penetrated in more than 12
states through a widespread network of vendors who
sold the counterfeits without any fear and earned hefty
commissions.
1.5.8 Web jacking
 This term is derived from the term hi jacking.
 In these kinds of offences the hacker gains access
and control over the web site of another.
 He may even change the information on the site.
 The first stage of this crime involves “password
sniffing”.
 The actual owner of the website does not have any more
control over what appears on that website
 This may be done for fulfilling political objectives or
for money
Real life examples
 Recently the site of MIT (Ministry of Information
Technology) was hacked by the Pakistani hackers and
some obscene matter was placed therein.
 Further the site of Bombay crime branch was also
web jacked.
 Another case of web jacking is that of the ‘gold fish’
case. In this case the site was hacked and the
information pertaining to gold fish was changed.
1.5.10 Industrial spying/ Industrial Espionag

 Industrial espionage is the covert and sometimes

illegal practice of investigating competitors to
gain a business advantage.
 The target of investigation might be a trade secret
such as a proprietary product specification or
formula, or information about business plans.
 In many cases, industrial spies are simply seeking
any data that their organizationcan exploit to its
advantage.
Spies can get information about product finances,
research and development and marketing strategies, an
activity known as industrial spying.
Real life case
 An Israeli Trojan horse story:

 A software engineer in London created a Trojan

Horse program specifically designed to extract
critical data gathered from machines infected by his
program.
 Made a business in Israel which would use for
spying the industries by planning it into competitors
networks.
1.5.11 Hacking
Every act committed toward breaking into a
computer and/ or network is hacking.
Purpose
 Greed
 Power
 Publicity
 Revenge
 Adventure
 Desire to access forbidden information
 Destructive mindset
Cont,….

 Hackers write or use ready made computer program to

attack the target computer.
 Desire to destruct and get enjoyment out of such
destruction
 Some hackers hack for stealing credit card information,
transferring money to their desrired accounts.
 Dec 2009 NASA site was hacked via SQL injection
HACKERS, CRACKERS &PHRACKERS
 HACK: An elegant, with or inspired way of doing almost
anything originated at MIT.
 while hacking truly applies only to activities
having good intentions.
CRACKERS: Breaking into or harming into any kind of
computer or tele communication system.
PHRACKERS: Those targeting phones
1.5.12 Online frauds
 Fraud that is committed using the internet is “online fraud.” Online
fraud can involve financial fraud and identity theft.
 Online fraud comes in many forms.
 viruses that attack computers with the goal of personal
retrieving
information, to email schemes that lure victims into wiring money to
fraudulent sources,
 “phishing” emails that purport to be from official entities (such as
banks or the Internal Revenue Service) that solicit personal information
from victims to be used to commitidentity theft,
 To fraud on online auction sites (such as Ebay) where perpetrators sell
fictionalgoods.
 E-Mail spoofing to make the user to enter the personal information :
financial fraud
 Illegal intrusion: log-in to a computer illegally by having previously
obtained actual password. Creates a new identity fooling the computer
that the hacker is the genuine operator. Hacker commits innumerable
number of frauds.
Nadya Suleman’s Website
Hacked, feb 2009
The story..
 LOS ANGELES, CA – Octuplet mom Nadya Suleman
launched a website to solicit donations for her family, but
it was immediately hacked by a group of vigilante
mothers!
 The website originally featured photos of all eight
octuplets, a thank you note from Suleman, images of
children’s toys and a large donation button for viewers to
send money through. Suleman also provided an address
where people can send items such as diapers and
formula.
 Suleman was perhaps not prepared for the backlash she
was to receive, as the site was hacked and brought
down within hours. The original homepage was left
up but defaced, as seen in the screenshot.
1.5.13 Pornographic offenses:
Child pornography
 Means any visual depiction, including but not
limited to the following:
1. Any photograph that ca be considered obscene
and/ or unsuitable for the age of child viewer.
2. Film ,video, picture;
3. Obscene Computergenerated image or picture
How do they Operate
1. Pedophiles use false identity to trap the children/teenagers
2. Pedophiles contact children/teens in various chat rooms which are
used by children/teen to interact with other children/teen.
3. Befriend the child/teen.
4. Extract personal information from the child/teen by winning
his confidence.
5. Gets the e-mail address of the child/teen and starts making
contacts on the victims e-mail address as well.
6. Starts sending pornographic images/text to the victim including
child pornographic images in order to help child/teen shed his
inhibitions so that a feeling is created in the mind of the victim
that what is being fed to him is normal and that everybody does
it.
7. Extract personal information from child/teen
8. At the end of it, the pedophile set up a meeting with the
child/teen out of the house and then drag him into the net to
1.5.14 Software piracy
 Theft of software through the illegal copying of
genuine program s or the counterfeiting and
distribution of products intended to pass for
original. the
 End-user copying: Friends loaning disks to each other,
organizations under-reporting number of software
installations not tracking software licenses.
 Hard disk loading with illicit means: hard disk vendors load
pirated software.
 Counterfeiting: Large scale duplication and distribution of
illegally copied software
 Illegal downloads from internet: by intrusion, by cracking
Buying Pirated software have a lot
to lose:
 Getting untested software that may have been
copied thousands of times.
 Potentiallycontain hard-wareinfecting viruses
 No technical support in case of software failure
 No warranty protection
 No legal right to use the product
1.5.15 Computer sabotage
 The use of internet to hinder the normal functioning of a
computer system through worms, viruses, or logical bombs. Is
referred to as computer sabotage.
 Logic bombs are event dependent programs to do something
only when a certain event (trigger) occurs.
 Chernobyl virus
 The Chernobyl virus is a computer virus with a potentially
devastating payload that destroys all computer data when an
infected file is executed.,
 Y2K virus
Y2K bug, also called Year 2000 bug or Millennium Bug, a problem
in the coding of computerized systems that was projected to
create havoc in computersand computer networks around the
world at the beginning of the year 2000
 1.5.16 E-mail bombing/mail bombs
 In Internet usage, an email bomb is a form of net
abuse consisting of sending huge volumes of email to
an address in an attempt to overflow the mailbox or
overwhelm the server where the email address is
hosted in a denial-of-service attack.
 Construct a computer to repeatedly send E-mail to a
specified person’s E-mail address.
 Can overwhelm the recipient’s personal account and
potentiallyshut down the entiresystem.
1.5.17 Computer network intrusions
 An intrusion to computer network from any where
in the world and steal data, plant viruses, create
backdoors, insert trojan horse or change passwords
and user names.
 An intrusion detection system (IDS) inspects all
inbound and outbound network activity and
identifies suspicious patterns that may indicate a
network or system attack from someone attempting
to break into or compromise a system.
 The practice of strong password
1.5.18 Password sniffing
 Password sniffers are programs that monitor and
record the name and password of network users
as they login, jeopardizing security at a site.
 Through sniffers installed, anyone can
impersonatean authorized user and login to access
restricted documents.
1.5.18 Credit card frauds
 Credit card fraud is a wide-ranging term for theft
and fraud committed using or involving a payment
card, such as a credit card or debit card, as a
fraudulent source of funds in a transaction.
 The purpose may be to obtain goods without
paying, or to obtain unauthorized funds from an
account.
 Creditcard fraud is also an adjunct to identity
theft.
 Bulletin boards and other online services are
frequent targets for hackers who want to access
1.5. 19 Identity theft
 Identity theft is a fraud involving another person’s identity
for an illicit purpose.
 The criminal uses someone else’s identity for his/ her own
illegal purposes.
 Phishing and identity theft are related offenses
 Examples:
 Fraudulently obtaining credit
 Stealing money from victim’s bank account
 Using victim’s credit card number
 Establishing accounts with utility companies
 Renting an apartment
 Filing bankruptcy using the victim’s name
Real life cases
 Dr. Gerald Barnes
Gerald Barnbaum lost his pharmacist license after committing
Medicaid fraud. He stole the identity of Dr. Gerald Barnes and
practiced medicine under his name. A type 1 diabetic died
under his care. “Dr. Barnes” even worked as a staff physician
for a center that gave exams to FBI agents. He’s currently
serving hard time.
 Andrea Harris-Frazier
Margot Somerville lost her walleton a trolley. Two years later
she was arrested. Andrea Harris-Frazier had defrauded
several banks—using Somerville’s identity—out of tens of
thousands of dollars. The real crook was caught.
 Abraham Abdallah
A busboy named Abraham Abdallah got into the bank
accounts of Steven Spielberg and other famous people after
tricking his victims via computer, getting sufficient data to
fake being their financial advisors—then calling their
1.6 Cybercrime:
the legal perspective
 Cybercrime possess a mammoth challenge
 Computercrime: Criminal Justice Resource
Manual(1979)
 Any illegal
act for which knowledge of computer
technology is essential for a successful
prosecution.
 International legal aspects of computercrimes
were studied in 1983
 Encompasses any illegal act for which the knowledge of
computer technology is essential for its prepetration
Cybercrime:
the legal perspective
 The network context of cyber crime make it one of
the most globalized offenses of the present and
most modernized threatsof the future.
 Solution:
 Divide information system into segments bordered
by state boundaries.
 Or incorporate the legal system into an integrated
entity obliterating these state boundaries.
1.7 Cybercrimes: An Indian Perspective
 India has the fourth highest number of internet
users in the world.
 45 million internet users in India
 37% - in cybercafes
 57% are between 18 and 35 years
 The Information Technology (IT) Act, 2000,
specifies the acts which are punishable. Since the
primary objective of this Act is to create an
enabling environment for commercial use of I.T.
Cybercrimes: An Indian Perspective
 Cases of various categories under ITA 2000
 217 cases were registered under IT Act during the
year 2007 as compared to 142 cases during the
previous year (2006)
 Thereby reporting an increase of 52.8% in 2007
over 2006.
 22.3% cases (49out of 217 cases) were reported
from Maharashtra followed by Karnataka (40),
Kerala (38) and Andhra Pradesh and Rajasthan (16
each).
Cont…..
 India is a youth country according to population age
distribution. This is great advantage to develop
professional skills.
 Crime head-wise and age-group-wise profile of the
offenders arrested under ITA 2000 revealed that 55.8%
(86 out of 154) of the offenders were arrested under
“Obscene publication/transmission in electronic form”
of which 70.9% (61 out of 86) were in the age
group 18–30 years
 50% (24 out of 48) of the total persons arrested for
“Hacking with Computer Systems” were in the age
group of 18–30 years
Incidence of Cyber Crimes in Cities

 17 out of 35 mega cities did not report any case of Cyber

Crime i.e, neither under the IT Act nor under IPC Sections)
during the year 2007.
 17 mega cities have reported 118 cases under IT Act and 7
megacities reported 180 cases undervarious section of IPC.
 There was an increase of 32.6% (from 89 cases in 2006 to 118
cases in 2007) in cases under IT Act as compared to previous
year (2006),
 and an increase of 26.8% (from 142 cases in 2006 to 180 cases
in 2007) of cases registered under various section of IPC
 Bengaluru (40), Pune (14) and Delhi (10) cities have reported
high incidence of cases (64 out of 118 cases) registered under
IT
Act, accounting for more than half of the cases (54.2%)
reported
under the Act.
Cybercrimes: An Indian Perspective
1.8 Cyber Crime and India ITA 2000
In India, ITA 2000 was put into practice after the united
Nation General Assembly Resolution A/RES/51/162 in
January 30,1997 by adopting Model Law on Electronic
Commerce adopted by United Nations Commission on
International Trade Law.
>This was the first step towards law related to Ecommerce
1.8.1 Hacking and the Indian Law

Cybercrimes are punishable under two categories:

 ITA 2000 and IPC
 Total 207 cases were registered under IT Act in 2007
and 142 registered in 2006
 Under IPC 399 cases were recorded in 2007 and 311 in
2006.
1.8.1 Cont ….
Hacking and the ITA 2008
 The number of Offenses to be monitored has increased. According to
cyberlaw experts, “Any criminal activity that uses a computer either as an
instrumentality, target or a means for perpetuating further crimes comes
within the ambit of cybercrime.”
 Cases of Spam, hacking, cyberstalking and E-Mail fraud are rampant and,
although cybercrimes cells have been set up in major cities, the problem is
that most cases remain unreported due to a lack of awareness.
 In the original ITA 2000, the following is stated under CHAPTER XI
(Offences):

1. Whoever with the intent to cause or knowing that he is likely to cause

wrongful loss or damage to the public or any person destroys or deletes or
alters any information residing in a computer resource or diminishes its
value or utility or affects it injuriously by any means, commits hack.
2. Whoever commits hacking shall be punished with imprisonment up to 3
years, or with fi ne which may extend up to ` 2 lakhs (` 200,000), or with
both.
 Existing Sections 66 and 67 (in the original ITA 2000) on
hacking and obscene material have been updated by dividing
them into more crime-specific subsections, thereby making
cybercrimes punishable.
 In Section 66, hacking as a term has been removed.
 This section has now been expanded to include Sections
 66A (offensive messages),
 66B(Receiving a Stolen Computer)
 66C (identity theft)
 6666D (impersonation)
 66F (cyberterrorism).
1.9 A Global Perspective on Cybercrimes
 In Australia, cybercrime has a narrow statutory meaning as used in the Cyber
Crime Act 2001, which details offenses against computer data and systems.
 In the Council of Europe’s (CoE’s) Cyber Crime Treaty, cybercrime is used as an
umbrella term to refer to an array of criminal activity including
 offenses against computer data and systems,
 computer-related offenses,
 content offenses and copyright offenses
Cont…
 The growing phenomenon is the use of Spam to support fraudulent and
criminal activities – including attempts to capture financial information
(e.g., account numbers and passwords) by masquerading messages as
originating from trusted companies (“brand-spoofing” or “Phishing”) –
and as a vehicle to spread viruses and worms.
 On mobile networks, a peculiar problem is that of sending of bulk
unsolicited text messages aimed at generating traffic to premium-rate
numbers. As there are no national “boundaries” to such crimes under
cybercrime realm, it requires international cooperation between those who
seek to enforce anti-Spam laws.
 Thus, one can see that there is a lot to do toward building confidence and
security in the use of ICTs and moving toward international cooperation
agenda.
Cont…
 The linkage of cybersecurity and critical infrastructure protection has
become a big issue as a number of countries have began assessment of
threats, vulnerabilities and started exploring mechanisms to redress them.
Recently, there have been a number of significant developments such as
 August 4, 2006 Announcement: The US Senate ratifies CoE Convention on Cyber
Crime. The convention targets hackers, those spreading destructive computer viruses
those using the Internet for the distribution of racist material, and terrorists
attempting to attack infrastructure facilities or financial institutions.

 In August 18, 2006, there was a news article published “ISPs Wary About ‘Drastic
Obligations’ on Web Site Blocking.” European Union (EU) officials want to debar
suspicious websites as part of a 6-point plan to boost joint antiterrorism activities.
They want to block websites that incite terrorist action. Once again it is underlined
Cont…
 In August 18, 2006, there was a news article published “ISPs Wary About ‘Drastic
Obligations’ on Web Site Blocking.” European Union (EU) officials want to debar
suspicious websites as part of a 6-point plan to boost joint antiterrorism activities.
They want to block websites that incite terrorist action.

 CoE Cyber Crime Convention (1997–2001) was the first international treaty
seeking to address Internet crimes by harmonizing national laws, improving
investigative techniques and increasing cooperation among nations.[19] More than
40 countries have ratified the Convention to date.
1.9.1 Cybercrime and the Extended Enterprise

 An average user is not adequately educated to

understand the threats and how to protect oneself.
 Actually, it is the responsibility of each user to become
aware of the threats as well as the opportunities that
“connectivity” and “mobility” presents them with.
 In this context, it is important to understand the
concept of “extended enterprise.”
Cont…