Introduction to Cybersecurity

BETCK105E
Textbook
• Sunit Belapure and Nina Godbole, "Cyber Security: Understanding
Cyber Crimes, Computer Forensics And Legal Perspectives", Wiley
India Pvt Ltd, ISBN: 978-81-265-21791, 2011, First Edition (Reprinted
2018)
Syllabus
• Module 1: Introduction to Cybercrime: Introduction to cybercrime,
Cybercrime and information security, who are Cybercriminals,
Classification of Cybercrimes (E-mail Spoofing, Spamming, Internet
Time Theft, Salami Attack, Web Jacking, Data diddling, E-mail
Bombing, Password Sniffing, Online Fraud, Forgery, Credit Card
Frauds, Identity Theft).
SLT: Cybercrimes: An Indian Perspective.
 Module 1:

Introduction to Cybercrime
Introduction:
• Growth of Internet- Free websites/ unrestricted websites.
• Internet is open for a new way of exploitation called cybercrime.
• Cybercrime activities involves use of computers, the internet, cyberspace
and WWW.
• The first cybercrime was took place in the year 1820.
• According to the survey in 2008(INDIA), Personal grievance details was
most theft and about financial gain.
• During Feb 2000 to Dec 2003, Indian cooperate and Government sites
have been attacked or defaced more than 780 times.
• According to 3rd December 2009 post, 3286 Indian websites were hacked
in 5 months between January to June 2009.
Cybercrime: Definition and Origins of the word
• A crime conducted in which a computer was directly and significantly
instrumental.
(OR)
• A cybercrime is any illegal behavior, directed by means of electronic
operations, that targets the security of the computer systems, and the
data processed by them.
(OR)
• Any financial dishonesty that takes place in a computer environment.
(OR)
• Any threats to the computer itself, such as theft of hardware or
software, sabotage and demands for ransom.
 •Other alternative definitions:
1. A crime committed using a computer and the Internet to steal a person
identity or sell contraband or stalk victims or disrupt operations with
malevolent programs.
2. Crimes completed either on or with a computer.
3. Any illegal activity done through the Internet or on the computer.
4. All criminal activities done using the medium of computers, the
Internet, cyberspace and the WWW.
 • Other terms used sometimes to describe crimes committed using
computers:
1. Computer related crime
2. Computer crime
3. E-crime
4. High-tech crime etc.
Cybercrime and Information Security:
• Lack of information security gives rise to cybercrime.
• Indian Information Technology Act (ITA) 2000, as been formed to avoid
cybercrime.
• From an Indian perspective, the new version of the Act (ITA 2008)
provides a new focus on “Information Security in India”.
• ‘Cybersecurity’ means protecting information, equipment, devices,
computer, computer-resources, communication device, and
information store therein from unauthorised access, use, disclosure,
disruption, modification or destruction.
Who are Cybercriminals?
• Cybercrime involves activities as credit card fraud; cyber stalking;
defaming another online; gaining unauthorised access to computer
system; ignoring copyrights; software licensing; overriding encryption
to make illegal copies; software piracy and stealing another’s identity
to perform criminal acts.
• Cybercriminals are those who performs these acts.
 • Cybercriminals can be categorized into 3 groups:
1. Type I: Cybercriminals- hungry for recognition
Hobby Hackers
IT Professionals
Politically motivated hackers
Terrorist organization.
2. Type II: Cybercriminals- not interested in recognition
Psychological perverts
Financially motivated hackers
State-sponsored hacking
Organized criminals.
3. Type III: Cybercriminals- the insiders
Disgruntled or former employees seeking revenge.
Competing companies using employees to gain economic advantage through
damage/ or theft.
• Organized criminals:
https://study.com/learn/lesson
/organized-crime-groups-histor
y-examples-what-is-organized-
crime.html
Classification of Cybercrimes:
• Cybercrimes are classified as follows:
1. Cybercrime against individual.
Email Spoofing, Spamming, Cyber Stalking, Password Sniffing, Phishing.
2. Cybercrime against property.
Credit card fraud, Internet time theft, Identity theft.
3. Cybercrime against organization.
Email Bombing, Virus attack, Data diddling, unauthorized accessing of computer.
4. Cybercrime against society.
Forgery, Web Jacking.
5. Crimes emanating from Usenet newsgroup.
1. Email Spoofing:
A spoofed E-mail is one that appears to originate from one source but, actually has
been sent from another source.
2. Spamming:
People who create electronic spam are called spammers.
Spam is the abuse of electronic messaging systems to send unsolicited bulk
messages indiscriminately.
The most widely recognized form of Spam is E-mail Spam.
Example: Web search engine spam, File sharing network spam, Ads Spam etc.
To avoid Spam, the following web publishing techniques should be avoided:
a. Use of keywords that do not relate to the content on the site;
b. Duplication of pages with different URLs;
c. Repeating keywords;
d. Redirection;
e. Tiny text usage;
f. Hidden links.
3. Password Sniffing:
Password Sniffers are programs that monitor and record the name and password of
network users as they login.
Whoever installs the Sniffer can then impersonate an authorized user and login to
access restricted document.
4. Internet Time Theft:
Such theft occurs when an authorized person uses the Internet hours paid by another
person.
Basically, Internet time theft comes under hacking because the person who gets access to
someone else’s ISP user ID and password, either by hacking or by gaining access to it by
illegal means, uses it to access the Internet without the other person’s knowledge.
6. Credit Card Fraud:
Information security requirements for anyone handling credit cards have been increased
dramatically recently.
Millions of dollars may be lost annually by consumers who have credit card number
stolen from online databases.
Security measures are improving, and traditional methods of law enforcement seems to
be sufficient prosecuting the thieves of such information.
Bulletin boards and other online services are frequent targets for hackers who want to
access large database of credit card information.
Payment Card industry Data Security Standard (PCI-DSS) is set of regulations developed
jointly by the leading card schemes to prevent cardholder data theft and to help combat
credit card fraud.
6. Identity Theft:
Identity theft is a fraud involving
another person's identity for an illicit
purpose.
This occurs when a criminal uses
someone else’s identity for his/her own
illegal purposes.
Phishing and Identity theft are related
offences.
Example: Fraudulently obtaining credit
card, stealing money from victim’s bank
account, using victim’s credit card,
establishing accounts with utility
companies, renting an apartment etc.
The cyber-impersonator can steal
unlimited funds in the victim’s name
without the victim’s knowledge.
7. E-Mail Bombing:
E-Mail bombing refers to sending a large number of E-Mails to the victim to
crash victim’s E-Mail account or to make victim’s mail server down/crash.
Computer programs can be written to instruct a computer to do such tasks on a
repeated basis.
8. Data Diddling:
A data diddling attack involves altering
raw data just before it is processed by a
computer and then changing it back after
the processing is completed.
Electricity Boards in India have been
victims to data diddling programs
inserted when private parties
computerize their systems.
9. Forgery:
Counterfeit currency notes, postage and
revenue stamps, etc. can be forged using
sophisticated computers, printers and
scanners.
Example: Fake degree certificates
(Prevention: Use of Holograms).
10. Web Jacking:
Web Jacking occurs when someone forcefully takes control of a website (by
cracking the password and later changing it).
Thus, the first stage of this crime involves “password sniffing”.
The actual owner of the website does not have any more control over what
appears on that websites.
11. Salami Attack/ Salami Technique:
• These attacks are used for committing financial crimes.
• The idea here is to make the alteration so insignificant that in a single case
it would go completely unnoticed;
• Example: A bank employee inserts a program, into the bank’s servers, that
deducts a small amount of money(say ₹2 in a month) from the account of
every customer.
• No account holder will probably notice this unauthorized debit, but the
bank employee will make a sizable amount every month.
12. Online Frauds:
• There are a few major types of crimes under the category of hacking:
Spoofing website and E-mail security alerts, hoax mails about virus
threats, lottery frauds and spoofing.
• In Spoofing websites and E-mail security threats, fraudsters create
authentic looking websites that are actually nothing but a spoof.
• The purpose of these websites is to make the user enter personal
information which is then used to access business and bank accounts.
• Fraudsters are increasingly turning to Email to generate traffic to these
websites. This kind of online fraud is common in banking and financial
sector.
• In virus hoax Emails, the warnings may be genuine, so there is always a
dilemma whether to take them lightly or seriously.
• Lottery frauds are typically letters or Emails that inform the recipient
that he/she has won a prize in a lottery.
• To get the money, the recipient has to reply, after which another mail
is received asking for the bank details, so that the money can be
directly transferred. The Email also asks for the processing fee/handling
fee.
• “Spoofing” means illegal intrusion, posing as a genuine user.
• A hacker logs-in to a computer illegally, using a different identity than
his own. He is able to do this by having previously obtained the actual
password.
• He creates a new identity by fooling the computer into thinking that
the hacker is genuine system operator and then hacker takes control of
the system. He commits innumerable number of frauds using the false
identity.
13. Usenet Newsgroup as the Source of Cybercrimes:
Usenet is a popular means of sharing and distributing information on the
Web with respect to specific topic or subjects.
Usenet is a mechanism that allows sharing information in a many-to-many
manner.
The newsgroups are spread across 30,000 different topics. In principle, it is
possible to prevent the distribution of specific newsgroup.
In reality, there is no technical method available for controlling the contents
of any newsgroup.
It is possible to put Usenet to following criminal use:
a. Distribution/ sale of pirated software packages;
b. Distribution of hacking software;
c. Sale of stolen credit card numbers;
d. Sale of stolen data/ stolen property.
Cybercrimes: An Indian Perspective:
• India has 4th highest number of Internet users in the world.
• According to the statistics, there are 45 million Internet users in India,
37% of all Internet accesses happen from cybercafes and 57% of Indian
Internet users are between 18 and 35 years.
• It is reported that, compared to the year 2006, cybercrime under the
Information Technology(IT) Act recorded a whopping 50% increase in the
year 2007.
• Majority of the offenders were under 30 years.
• The maximum cybercrime cases, about 46%, were related to incidents of
cyberpornography, followed by hacking.
• Over 60% of these cases, offenders were between 18 to 30 years,
according to the ‘Crime in 2007’ report of National Crime Record
Bureau(NCRB).