Professional Documents
Culture Documents
Manipal University Jaipur: Branch: Bba
Manipal University Jaipur: Branch: Bba
PROJECT REPORT
ON
BRANCH: BBA
SECTION: C
Submitted by:
Rohit Soni
Registration No. 170901125
SUBMITTED TO:
Dr. PRIYANKA CHOUDHARY
ACKNOWLEDGEMENT
I am very thankful to everyone who all supported me for I have completed my
project effectively and moreover on time.
Thanking you
Rohit Soni
BBA 2nd year - C
CONTENTS
TOPIC PAGE No.
Abstract……………………………………………………………………………………….3
Introduction…………………………………………………………………………………..3
Classification…………………………………………………………………………………9
Conclusion…………………………………………………………………………………...19
Recommendation………………………………………………………………………….....19
References…………………………………………………………………………………20
INTRODUCTION
The internet in world is growing rapidly. It has given rise to new opportunities in every field
we can think of – be it entertainment, business, sports or education. There are two sides to a
coin. Internet also has its own disadvantages. One of the major disadvantages is Cyber-crime
– illegal activity committed on the internet.
The term ‘cyber-crime’ is a misnomer. This term has nowhere been defined in any statute/Act
passed or enacted by the Indian Parliament. The concept of cyber-crime is not radically
different from the concept of conventional crime. Both include conduct whether act or
omission, which cause breach of rules of law and counterbalanced by the sanction of the state.
Before evaluating the concept of cyber-crime it is obvious that the concept of conventional
crime be discussed and the points of similarity and deviance between both these forms may be
discussed. The commonly accepted definition of cyber security is the protection of any
computer system, software program, and data against unauthorized use, disclosure, transfer,
modification, or destruction, whether accidental or intentional. Cyberattacks can come from
internal networks, the Internet, or other private or public systems.
Businesses cannot afford to be dismissive of this problem because those who don’t respect
address, and counter this threat will surely become victims.
These are the Cyber Criminals, the ill-motivated hackers, crackers and spammers. In this
report, an attempt has been made to see Cyber Crime in a broad Spectrum, starting from
scratch. Reports & Investigations from World’s top Cyber Security firms has been
incorporated. Without delving too much into the actual means of exploitation, an attempt to
visualise the entire process as whole, has been made.
The use of technology has become an integral part of our lives. Our increasing dependence on
technology consolidates itself as a powerful platform that has revolutionised the way we do
business and communicate with people, leaving us in the open to threats of cybercrime. We
have become complacent to the existence of cybercrime, perhaps putting too much faith in
technology. Organisations must recognise this environment and must identify methods to
address these risks proactively.
As businesses and individuals increase their reliance on technology, they tend to become
exposed to the growing cybercrime threats and the fact remains that we cannot ignore
technology. Many businesses may not have taken time to consider whether they have sound
cyber-security mechanisms in place, but ignoring this risk could endanger their operations.
Through this survey we have analysed the preparedness of an individual or organisation from
potential cybercrimes threats, other than highlighting preventive mechanisms to deal with this
rapidly growing issue. While large organisations are beginning to take preventive measures to
protect themselves, small organisations normally pay insignificant attention to risk assessment
or have no funding to put the risk in place.
CYBERCRIME: WHAT DOES IT MEAN?
Cyber Crime:
Computer crime, or cybercrime, is crime that involves a computer and a network. “Any
criminal activity that uses a computer either as an instrumentality, target or a means for
perpetuating further crimes comes within the ambit of cyber-crime” A generalized definition
of cyber-crime may be “ unlawful acts wherein the computer is either a tool or target or both”
The computer may be used as a tool in the following kinds of activity- financial crimes, sale
of illegal articles, pornography, online gambling, intellectual property crime, e-mail spoofing,
forgery, cyber defamation, cyber stalking. The computer may however be target for unlawful
acts in the following cases- unauthorized access to computer/ computer system/ computer
networks, theft of information contained in the electronic form, e-mail bombing, data diddling,
salami attacks, logic bombs, Trojan attacks, internet time thefts, web jacking, theft of computer
system, physically damaging the computer system.
The first spam email took place in 1978 when it was sent out over the Arpanet (Advanced
Research Projects Agency Network). The first virus was installed on an Apple computer in
1982 when a high school student, Rich Skrenta, developed the Elk cloner.
Are you facing cyber threat and not even realising it?
The information security landscape is constantly evolving. Private and public sector
organisations find it difficult to believe they could be a target for cyber-attacks. As adversary
sophistication increases, many organisations react only after the event or the attack is
underway.
Consequently, this leads to the second difference between traditional and cybercrimes,
length of investigations. Since cybercrime involves perpetrators using falsified names
and working from remote locations, it usually takes longer to identify the real
cybercriminals and apprehend them. In most cases, cybercriminals (such as hackers)
escape from arrest because the investigators cannot locate them. Traditional crimes
take shorter time period to investigate because the criminals usually leave evidence
that can be used to spot them. For instance, traditional criminals can leave evidence
such as DNA, fingerprints, photographs and videos captured on surveillance cameras,
or personal belongings such as identity cards, and this makes it easy for investigators
to identify and capture the culprits. In addition, such evidence makes it easy for the
judiciary to convict the offenders.
Lastly, the difference between traditional crimes and cybercrimes is the force involved.
Most of the traditional crimes (such as rape, murder, arson, and burglary among others)
involve the use of excessive force that results in physical injury and trauma on the
victims. On the other hand, cybercrimes do not require the use of any force since the
criminals merely use the identities of their victims to steal from them. For example,
cybercriminals use spoofing and phishing to obtain personal information such as credit
card numbers from their victims, or use encrypted emails to coordinate violence
remotely.
This kind of offence is normally referred as hacking in the generic sense. However the
framers of the information technology act 2000 have nowhere used this term so to
avoid any confusion we would not interchangeably use the word hacking for
‘unauthorized access’ as the latter has wide connotation.
3. Email bombing-
This kind of activity refers to sending large numbers of mail to the victim, which may
be an individual or a company or even mail servers there by ultimately resulting into
crashing.
4. Data diddling-
This kind of an attack involves altering raw data just before a computer processes it
and then changing it back after the processing is completed. The electricity board
faced similar problem of data diddling while the department was being computerised.
5. Salami attacks-
This kind of crime is normally prevalent in the financial institutions or for the purpose
of committing financial crimes. An important feature of this type of offence is that the
alteration is so small that it would normally go unnoticed.
E.g. the Ziegler case wherein a logic bomb was introduced in the bank’s system, which
deducted 10 cents from every account and deposited it in a particular account.
6. Denial of Service attack-
The computer of the victim is flooded with more requests than it can handle which
cause it to crash. Distributed Denial of Service (DDoS) attack is also a type of denial
of service attack, in which the offenders are wide in number and widespread. E.g.
Amazon, Yahoo.
8. Logic bombs-
These are event dependent programs. This implies that these programs are created to
do something only when a certain event (known as a trigger event) occurs.
E.g. even some viruses may be termed logic bombs because they lie dormant all
through the year and become active only on a particular date (like the Chernobyl
virus).
9. Trojan attacks-
This term has its origin in the word ‘Trojan horse’. In software field this means an
unauthorized programme, which passively gains control over another’s system by
representing itself as an authorised programme. The most common form of installing
a Trojan is through e-mail.
E.g. a Trojan was installed in the computer of a lady film director in the U.S. while
chatting. The cyber criminal through the web cam installed in the computer obtained
her nude photographs. He further harassed this lady.
1. Against Individuals
(a). Their person &
2. Against Organization
(a). Government
(c). Firm, Company, Group of Individuals.
The following are the crimes, which can be committed against the followings
group
1. Against Individuals: –
i. Harassment via e-mails.
ii. Cyber-stalking.
iii. Dissemination of obscene material. iv. Defamation.
v. Unauthorized control/access over computer system.
vi. Indecent exposure vii. Email spoofing
viii. Cheating & Fraud
3. Against Organization:
2. Cyber-stalking-
The Oxford dictionary defines stalking as "pursuing stealthily". Cyber stalking
involves following a person's movements across the Internet by posting messages
(sometimes threatening) on the bulletin boards frequented by the victim, entering the
chat-rooms frequented by the victim, constantly bombarding the victim with emails
etc.
4. Defamation-
It is an act of imputing any person with intent to lower the person in the estimation of
the right-thinking members of society generally or to cause him to be shunned or
avoided or to expose him to hatred, contempt or ridicule. Cyber defamation is not
different from conventional defamation except the involvement of a virtual medium.
11
5. Unauthorized control/access over computer system-
This activity is commonly referred to as hacking. The Indian law has however given a
different connotation to the term hacking, so we will not use the term "unauthorized
access" interchangeably with the term "hacking" to prevent confusion as the term used
in the Act of 2000 is much wider than hacking.
6. E mail spoofing-
A spoofed e-mail may be said to be one, which misrepresents its origin. It shows it's
origin to be different from which actually it originates.
Eg. Rajesh Manyar, a graduate student at Purdue University in Indiana, was arrested
for threatening to detonate a nuclear device in the college campus. The alleged e- mail
was sent from the account of another student to the vice president for student services.
However the mail was traced to be sent from the account of Rajesh Manyar.
7. Computer vandalism-
8. Transmitting virus/worms-
Intellectual property consists of a bundle of rights. Any unlawful act by which the
owner is deprived completely or partially of his rights is an offence. The common
form of IPR violation may be said to be software piracy, copyright infringement,
trademark and service mark violation, theft of computer source code, etc.
The Hyderabad Court has in a land mark judgement has convicted three people and
sentenced them to six months imprisonment and fine of 50,000 each for unauthorized
copying and sell of pirated software.
12
10. Cyber terrorism against the government organization-
At this juncture a necessity may be felt that what is the need to distinguish between
cyber terrorism and cyber-crime. Both are criminal acts. However there is a compelling
need to distinguish between both these crimes. A cyber-crime is generally a domestic
issue, which may have international consequences; however cyber terrorism is a global
concern, which has domestic as well as international consequences. The common form
of these terrorist attacks on the Internet is by distributed denial of service attacks, hate
websites and hate emails, attacks on sensitive computer networks, etc. Technology
savvy terrorists are using 512-bit encryption, which is next to impossible to decrypt.
The recent example may be cited of – Osama Bin Laden, the LTTE, and attack on
America’s army deployment system during Iraq war.
Another definition may be attempted to cover within its ambit every act of cyber
terrorism.
(2) Affecting adversely the harmony between different religious, racial, language or
regional groups or castes or communities; or
and a cyber-terrorist is the person who uses the computer system as a means or ends
to achieve the above objectives. Every act done in pursuance thereof is an act of cyber
terrorism.
13
11. Trafficking-
Online fraud and cheating is one of the most lucrative businesses that are growing
today in the cyber space. It may assume different forms. Some of the cases of online
fraud and cheating that have come to light are those pertaining to credit card crimes,
contractual crimes, offering jobs, etc.
Cybercrime can affect any organisation, large or small. Many of the incidents are
not publicly known and have not been reported by the media. However, companies
in U.S., are legally granted the responsibility to report incidents to the authorities.
Distinctly, about 51 per cent perceive themselves to be an easy target for cyber attacks
due to the nature of their business. Out of these 51%, about 68% respondents claim that
they monitor their cybercrime threats on a daily basis. Inadequate detection processes
may conceal the real number of cybercrime attacks. Although many organisations today
are equipped with state of the art security systems, they may still be unable to manage
or handle cybercrime incidents.
14
TRENDS OF CYBERCRIME IN INDIA
In the past, India used to be a target of cyber-attacks for political motivation only. Over
the past few years, the global cybercrime landscape has changed dramatically, with
criminals employing more sophisticated technology and greater knowledge of cyber
security. Until recently, malware, spam emails, hacking into corporate sites and other
attacks of this nature were mostly the work of computer ‘geniuses’ showcasing their
talent. These attacks, which were rarely malicious, have gradually evolved into
cybercrime syndicates siphoning off money through illegal cyber channels.
15
Survey result analysis done by KPMG in India:
The overall monetary impact of cyber-crime on society and government are unknown.
Some estimates are that viruses and worms cause damages into the billions of dollars
a year. It is estimated that only 5 - 10% of cyber-crime is reported to law enforcement
authorities. Reasons why cyber-crime is not reported varies from not knowing that a
cyber incident has occurred to not wanting the public to know that a company’s
security data may have been exposed.
16
Survey result analysis done by KPMG in India:
Keep your computer current with the latest patches and updates:
One of the best ways to keep attackers away from your computer is to apply patches and
other software fixes when they become available. By regularly updating your computer,
you block attackers from being able to take advantage of software flaws (vulnerabilities)
that they could otherwise use to break into your system.
17
17
Choose strong passwords and keep them safe:
Selecting a password that cannot be easily guessed is the first step toward keeping
passwords secure and away from the wrong hands. Strong passwords have eight characters
or more and use a combination of letters, numbers and symbols (e.g., # $ %
! ?).
Avoid using any of the following as your password: your login name, anything based on
your personal information such as your last name, and words that can be found in the
dictionary. Try to select especially strong, unique passwords for protecting activities like
online banking.
18
CONCLUSION
Capacity of human mind is unfathomable. It is not possible to eliminate cyber-crime from
the cyber space. It is quite possible to check them. History is the witness that no legislation
has succeeded in totally eliminating crime from the globe. The only possible step is to
make people aware of their rights and duties (to report crime as a collective duty towards
the society) and further making the application of the laws more stringent to check crime.
Undoubtedly the Act is a historical step in the cyber world. Further I all together do not
deny that there is a need to bring changes in the Information Technology Act to make it
more effective to combat cyber-crime. I would conclude with a word of caution for the
pro-legislation school that it should be kept in mind that the provisions of the cyber law
are not made so stringent that it may retard the growth of the industry and prove to be
counter-productive.
RECOMMENDATION
Cybercrime is broadly defined by tech company, Symantec, as any offence that is
committed using a computer, network or hardware device. It is not a new occurrence, but
its scope is constantly evolving. Once cyber criminals have your personal details, they
gain access to an abundance of information that will allow them to clone just about any
account that is tied to you. This includes: credit cards, investment bonds, personal savings
accounts, as well as cheque accounts. The list does not stop there as your entire identity
can be stolen within seconds.
REFERENCES
20