ABSTRACT: In the current era of online processing, maximum of the information
is online and proneto cyber threats. There are a huge number of cyber threats and their behavior is difficult to earlyunderstanding hence difficult to restrict in the early phases of the cyber-attacks. Cyber-attacksmay have some motivation behind it or may be processed unknowingly. The attacks thoseare processed knowingly can be considered as the cyber-crime and they have serious impactsover the society in the form of economical disrupt, psychological disorder, threat to Nationaldefense etc. Restriction of cyber-crimes is dependent on proper analysis of their behavior andunderstanding of their impacts over various levels of society. Therefore, the current manuscriptprovides the understanding of cyber-crimes and their impacts over society with the future trendsof cyber-crimes.Keywords: Cyber Attacks, Cyber Crimes, Potential Economic Impact, Consumer trust, NationalSecurity. 2. INTRODUCTION: The term cyber crime is a misnomer. This term has nowhere been defined in any statute/Act passed or enacted by the Indian Parliament. The concept of cyber crime is not radicallydifferent from the concept of conventional crime. Both include conduct whether act or omission,which cause breach of rules of law and counterbalanced by the sanction of the state. Before evaluating the concept of cyber crime it is obvious that the concept ofconventional crime be discussed and the points of similarity and deviance between both theseforms may be discussed. The commonly accepted definition of cyber security is the protection ofany computer system, software program, and data against unauthorized use, disclosure, transfer,modification, or destruction, whether accidental or intentional. Cyber- attacks can come frominternal networks, the Internet, or other private or public systems. Businesses cannot afford to bedismissive of this problem because those who dont respect address, and counter this threat willsurely become victims. 3. CYBER LAW OF INDIA: 1 2. In Simple way we can say that cyber-crime is unlawful acts wherein the computer iseither a tool or a target or both. Cyber-crimes can involve criminal activities that are traditionalin nature, such as theft, fraud, forgery, defamation and mischief, all of which are subject to theIndian Penal Code. The abuse of computers has also given birth to a gamut of new age crimesthat are addressed by the Information Technology Act, 2000.We can categorize Cyber-crimes in two ways:1. The Computer as a Target :-using a computer to attack other computers.E.g. Hacking, Virus/Worm attacks, DOS attack etc.2. The computer as a weapon :-using a computer to commit real world crimes.E.g. Cyber Terrorism, IPR violations, Credit card frauds, EFT frauds, Pornography etc.Cyber Crime regulated by Cyber Laws or Internet Laws. 4. TECHNICAL ASPECTS: Technological advancements have created new possibilities for criminal activity, in particular the criminal misuse of information technologies such as1. Unauthorized access & Hacking:- Access means gaining entry into, instructing or communicating with the logical,arithmetical, or memory function resources of a computer, computer system or computernetwork.Unauthorized access would therefore mean any kind of access without the permission of eitherthe rightful owner or the person in charge of a computer, computer system or computer network.Every act committed towards breaking into a computer and/or network is hacking. Hackers writeor use ready-made computer programs to attack the target computer. They possess the desire todestruct and they get the kick out of such destruction. Some hackers hack for personal monetarygains, such as to stealing the credit card information, transferring money from various bankaccounts to their own account followed by withdrawal of money.By hacking web server taking control on another persons website called as web hijacking2. Trojan Attack:- 2 3. The program that act like something useful but do the things that are quiet damping. Theprograms of this kind are called as Trojans. The name Trojan Horse is popular. Trojans come in two parts, a Client part and a Server part. When the victim(unknowingly) runs the server on its machine, the attacker will then use the Client to connect tothe Server and start using the Trojan. TCP/IP protocol is the usual protocol type used for communications, but some functionsof the Trojans use the UDP protocol as well.3. Virus and Worm attack:- A program that has capability to infect other programs and make copies of itself andspread into other programs is called virus.Programs that multiply like viruses but spread from computer to computer are called as worms.4. E-mail & IRC related crimes:-A. Email spoofing:Email spoofing refers to email that appears to have been originated from one source when it wasactually sent from another source. Please ReadB. Email Spamming:Email "spamming" refers to sending email to thousands and thousands of users - similar to achain letter.C. Sending malicious codes through email:E-mails are used to send viruses, Trojans etc through emails as an attachment or by sending alink of website which on visiting downloads malicious code.D. Email bombing:E-mail "bombing" is characterized by abusers repeatedly sending an identical email message to aparticular address.E. Sending threatening emailsF. Defamatory emailsG. Email fraudsH. IRC related 3 4. Three main ways to attack IRC are: "verbal?8218;?T#8220; attacks, clone attacks, and floodattacks.5. Denial of Service attacks:- Flooding a computer resource with more requests than it can handle. This causes theresource to crash thereby denying access of service to authorized users.Our support will keep you aware of types of Cyber-crimes while companies suchas www.Lifelock.com can give you the right protection against them.Examples includeAttempts to "flood" a network, thereby preventing legitimate network trafficAttempts to disrupt connections between two machines, thereby preventing access to a serviceAttempts to prevent a particular individual from accessing a serviceAttempts to disrupt service to a specific system or person. 5. CONVENTIONAL CRIME- Crime is a social and economic phenomenon and is as old as the human society. Crime isa legal concept and has the sanction of the law. Crime or an offence is a legal wrong that can befollowed by criminal proceedings which may result into punishment. The hallmark ofcriminality is that, it is breach of the criminal law. Per Lord Atkin the criminal quality of an actcannot be discovered by reference to any standard but one: is the act prohibited with penalconsequences. A crime may be said to be any conduct accompanied by act or omissionprohibited by law and consequential breach of which is visited by penal consequences. 6. CYBER CRIME: 4 5. Cyber-crime is the latest and perhaps the most complicated problem in the cyber world.Cyber crime may be said to be those species, of which, genus is the conventional crime, andwhere either the computer is an object or subject of the conduct constituting crime. Anycriminal activity that uses a computer either as an instrumentality, target or a means forperpetuating further crimes comes within the ambit of cyber crime A generalized definition of cyber crime may be unlawful acts wherein the computer iseither a tool or target or both The computer may be used as a tool in the following kinds ofactivity- financial crimes, sale of illegal articles, pornography, online gambling, intellectualproperty crime, e-mail spoofing, forgery, cyber defamation, cyber stalking. The computer mayhowever be target for unlawful acts in the following cases- unauthorized access to computer/computer system/ computer networks, theft of information contained in the electronic form, e-mail bombing, data didling, salami attacks, logic bombs, Trojan attacks, internet time thefts, webjacking, theft of computer system, physically damaging the computer system.DISTINCTION BETWEEN CONVENTIONAL AND CYBER CRIME- There is apparently no distinction between cyber and conventional crime. However on a deepintrospection we may say that there exists a fine line of demarcation between the conventionaland cyber crime, which is appreciable. The demarcation lies in the involvement of the medium incases of cyber crime. The sine qua non for cyber crime is that there should be an involvement, atany stage, of the virtual cyber medium. 7. DIFFERENT TYPES OF CYBERCRIMES: 5 6. Web Jacking8. HISTORY: 6 7. The first recorded cyber-crime took place in the year 1820! That is not surprisingconsidering the fact that the abacus, which is thought to be the earliest form of a computer, hasbeen around since 3500 B.C. In India, Japan and China. The era of modern computers, however, began with theanalytical engine of Charles Babbage. The first spam email took place in 1978 when it was sent out over the Arpanet (AdvancedResearch Projects Agency Network). The first virus was installed on an Apple computer in 1982when a high school student, Rich Skrenta, developed the Elk cloner. Cyber-crime began with disgruntled employees causing physical damage to thecomputers they worked with to get back at their superiors. As the ability to have personalcomputers at home became more accessible and popular, cyber criminals began to focus theirefforts on home users. The most common cyber crimes during this time were phishing scams,cyber stalking, computer viruses, and identity theft. As the years went on and more and more households bought home computers withInternet access, cyber crime became bigger and much harder to control. Cyber stalking andharassment also became far more popular. Middle school and high school kids began to takeadvantage of the Internet to taunt their classmates and adults would stalk and harass those theyalso stalked in real life via the internet. Police departments and federal law enforcement have created special divisionsspecifically to deal with cyber crime. However, by judging the history of cyber crime, it is clearthat it is not going to stop anytime soon and it seems like it will just continue to grow until newmethods of fighting it are introduced. 7 8. Frequency of incidents of Cyber-crimes in India: Denial of Service: Section 43 Virus: Section: 66, 43 Data Alteration: Sec. 66 U/A Access Section 43 Email Abuse Sec. 67, 500, Other Data Theft: Sec 66,Source: Survey conducted by ASCL 8 9. Frequency of reporting Cyber-crimes in India: During the year 2005, 179 cases were registered under IT Act as compared to 68 casesduring 2004 21.2% cases reported from Karnataka, followed by Maharashtra(26), TamilNadu(22) and Chhattisgarh and Rajasthan (18 each) out of 179 cases, 50% were related toSection 67 IT Act., 125 persons were arrested. 74 cases of hacking were reported wherein 41were arrested. 9. REASONS FOR CYBER CRIME: Hart in his work The Concept of Law has said human beings are vulnerable so rule oflaw is required to protect them. Applying this to the cyberspace we may say that computers arevulnerable so rule of law is required to protect and safeguard them against cyber crime. Thereasons for the vulnerability of computers may be said to be: 1. Capacity to store data in comparatively small space- The computer has unique characteristic of storing data in a very small space. This affords to remove or derive information either through physical or virtual medium makes it much easier. 2. Easy to access- The problem encountered in guarding a computer system from unauthorised access is that there is every possibility of breach not due to human error but due to the complex technology. By secretly implanted logic bomb, key loggers that can steal access codes, advanced voice recorders; retina imagers etc. that can fool biometric systems and bypass firewalls can be utilized to get past many a security system. 3. Complex- The computers work on operating systems and these operating systems in turn are composed of millions of codes. Human mind is fallible and it is not possible that there might not be a lapse at any stage. The cyber criminals take advantage of these lacunas and penetrate into the computer system. 4. Negligence- 9 10. Negligence is very closely connected with human conduct. It is therefore very probable that while protecting the computer system there might be any negligence, which in turn provides a cyber criminal to gain access and control over the computer system. 5. Loss of evidence- Loss of evidence is a very common & obvious problem as all the data are routinely destroyed. Further collection of data outside the territorial extent also paralyses this system of crime investigation. 10. CYBER CRIMINALS: The cyber criminals constitute of various groups/ category. This division may be justifiedon the basis of the object that they have in their mind. The following are the category of cybercriminals- 1. Children and adolescents between the age group of 6 18 years The simple reason for this type of delinquent behaviour pattern in children is seen mostlydue to the inquisitiveness to know and explore the things. Other cognate reason may be to provethemselves to be outstanding amongst other children in their group. Further the reasons may bepsychological even. E.g. the Bal Bharati (Delhi) case was the outcome of harassment of thedelinquent by his friends. 2. Organised hackers- These kinds of hackers are mostly organised together to fulfil certain objective. Thereason may be to fulfil their political bias, fundamentalism, etc. The Pakistanis are said to be oneof the best quality hackers in the world. They mainly target the Indian government sites with thepurpose to fulfil their political objectives. Further the NASA as well as the Microsoft sites isalways under attack by the hackers. 3. Professional hackers / crackers Their work is motivated by the colour of money. These kinds of hackers are mostlyemployed to hack the site of the rivals and get credible, reliable and valuable information.Further they are ven employed to crack the system of the employer basically as a measure tomake it safer by detecting the loopholes. 4. Discontented employees- 10 11. This group include those people who have been either sacked by their employer or aredissatisfied with their employer. To avenge they normally hack the system of their employee.How Cyber Criminals Works: Cyber-crime has become a profession and the demographic of your typical cyber-criminal is changing rapidly, from bedroom- bound geek to the type of organized gangster moretraditionally associated with drug-trafficking, extortion and money laundering. It has become possible for people with comparatively low technical skills to stealthousands of pounds a day without leaving their homes. In fact, to make more money than can bemade selling heroin (and with far less risk), the only time the criminal need leave his PC is tocollect his cash. Sometimes they dont even need to do that.In all industries, efficient business models depend upon horizontal separation of productionprocesses, professional services, sales channels etc. (each requiring specialized skills andresources), as well as a good deal of trade at prices set by the market forces of supply anddemand. Cyber crime is no different: it boasts a buoyant international market for skills, tools andfinished product. It even has its own currency. The rise of cyber crime is inextricably linked to the ubiquity of credit card transactionsand online bank accounts. Get hold of this financial data and not only can you steal silently, butalso through a process of virus-driven automation with ruthlessly efficient and hypotheticallyinfinite frequency. The question of how to obtain credit card/bank account data can be answered by aselection of methods each involving their own relative combinations of risk, expense and skill. The most straightforward is to buy the finished product. In this case well use theexample of an online bank account. The product takes the form of information necessary to gainauthorized control over a bank account with a six-figure balance. The cost to obtain thisinformation is $400 (cyber criminals always deal in dollars). It seems like a small figure, but forthe work involved and the risk incurred its very easy money for the criminal who can provide it.Also remember that this is an international trade; many cyber-criminals of this ilk are from poorcountries in Eastern Europe, South America or South-East Asia. The probable marketplace forthis transaction will be a hidden IRC (Internet Relay Chat) chatroom. The $400 fee will mostlikely be exchanged in some form of virtual currency such as e-gold. Not all cyber-criminals operate at the coalface, and certainly dont work exclusively ofone another; different protagonists in the crime community perform a range of important,specialized functions. These broadly encompass: Coders comparative veterans of the hackingcommunity. With a few years experience at the art and a list of established contacts, codersproduce ready-to-use tools (i.e. Trojans, mailers, custom bots) or services (such as making a 11