Compare active attacks vs Passive attacks.

Active Attack Passive Attack

In an active attack, Modification in While in passive attack, Modification in the

information takes place. information does not take place.

Active Attack is a danger to Integrity as

Passive Attack is a danger to Confidentiality.
well as availability.

In an active attack, attention is on

While in passive attack attention is on detection.
prevention.

Due to active attacks, the execution While due to passive attack, there is no harm to
system is always damaged. the system.

In an active attack, Victim gets informed While in a passive attack, Victim does not get
about the attack. informed about the attack.

In an active attack, System resources While in passive attack, System resources are
can be changed. not changing.

While in passive attack, information and

Active attack influences the services of
messages in the system or network are
the system.
acquired.

In an active attack, information collected While passive attacks are performed by

through passive attacks are used during collecting information such as passwords, and
executing. messages by themselves.

Active attack is tough to restrict from Passive Attack is easy to prohibited in

entering systems or networks. comparison to active attack.

Can be easily detected Very difficult to detect.

Explain various types of key-loggers in brief.

Key loggers also known as keystroke loggers, may be defined as the recording
of the key pressed on a system and saved it to a file, and the that file is accessed
by the person using this malware. Key logger can be software or can be
hardware. Working: Mainly key-loggers are used to steal password or
confidential details such as bank information etc. First key-logger was invented in
1970’s and was a hardware key logger and first software key-logger was
developed in 1983.

1. Software key-loggers : Software key-loggers are the computer programs

which are developed to steal password from the victims computer. However key
loggers are used in IT organizations to troubleshoot technical problems with
computers and business networks. Also Microsoft windows 10 also has
key-logger installed in it.
1. JavaScript based key logger – It is a malicious script which is
installed into a web page, and listens for key to press such as
oneKeyUp(). These scripts can be sent by various methods, like sharing
through social media, sending as a mail file, or RAT file.
2. Form Based Key loggers – These are key-loggers which activates
when a person fills a form online and when click the button submit all
the data or the words written is sent via file on a computer. Some
key-loggers works as a API in running application it looks like a simple
application and whenever a key is pressed it records it.

2. Hardware Key-loggers : These are not dependent on any software as these

are hardware key-loggers. keyboard hardware is a circuit which is attached in a
keyboard itself that whenever the key of that keyboard pressed it gets recorded.
1. USB keylogger – There are USB connector key-loggers which has to
be connected to a computer and steals the data. Also some circuits are
built into a keyboard so no external wire i used or shows on the
keyboard.
 2. Smartphone sensors – Some cool android tricks are also used as key
loggers such as android accelerometer sensor which when placed near
to the keyboard can sense the vibrations and the graph then used to
convert it to sentences, this technique accuracy is about 80%. Now a
days crackers are using keystroke logging Trojan, it is a malware which
is sent to a victims computer to steal the data and login details.

So key-loggers are the software malware or a hardware which is used to steal ,

or snatch our login details, credentials , bank information and many more. Some
keylogger application used in 2020 are:
1. Kidlogger
2. Best Free Keylogger
3. Windows Keylogger
4. Refog Personal Monitor
5. All In One Keylogger
Prevention from key-loggers : These are following below-
1. Anti-Key-logger – As the name suggest these are the software which
are anti / against key loggers and main task is to detect key-logger from
a computer system.
2. Anti-Virus – Many anti-virus software also detect key loggers and
delete them from the computer system. These are software
anti-software so these can not get rid from the hardware key-loggers.
3. Automatic form filler – This technique can be used by the user to not
fill forms on regular bases instead use automatic form filler which will
give a shield against key-loggers as keys will not be pressed .
4. One-Time-Passwords – Using OTP’s as password may be safe as
every time we login we have to use a new password.
5. Patterns or mouse-recognition – On android devices used pattern as
a password of applications and on PC use mouse recognition, mouse
program uses mouse gestures instead of stylus.
6. Voice to Text Converter – This software helps to prevent Keylogging
which targets a specific part of our keyboard.
Classify the cybercrimes and explain any one briefly.

Cybercrime or a computer-oriented crime is a crime that includes a computer

and a network. The computer may have been used in the execution of a crime or
it may be the target. Cybercrime is the use of a computer as a weapon for
committing crimes such as committing fraud, identity theft, or breaching privacy.
Cybercrime, especially through the Internet, has grown in importance as the
computer has become central to every field like commerce, entertainment, and
government. Cybercrime may endanger a person or a nation’s security and
financial health. Cybercrime encloses a wide range of activities, but these can
generally be divided into two categories:
1. Crimes that aim at computer networks or devices. These types of
crimes involve different threats (like virus, bugs etc.) and
denial-of-service (DoS) attacks.
2. Crimes that use computer networks to commit other criminal activities.
These types of crimes include cyber stalking, financial fraud or identity
theft.

Classification of Cyber Crime:

1. Cyber Terrorism –
Cyber terrorism is the use of the computer and internet to perform
violent acts that result in loss of life. This may include different type of
activities either by software or hardware for threatening life of citizens.
In general, Cyber terrorism can be defined as an act of terrorism
committed through the use of cyberspace or computer resources.
2. Cyber Extortion –
Cyber extortion occurs when a website, e-mail server or computer
system is subjected to or threatened with repeated denial of service or
other attacks by malicious hackers. These hackers demand huge
money in return for assurance to stop the attacks and to offer
protection.
 3. Cyber Warfare –
Cyber warfare is the use or targeting in a battle space or warfare
context of computers, online control systems and networks. It involves
both offensive and defensive operations concerning to the threat of
cyber attacks, espionage and sabotage.
4. Internet Fraud –
Internet fraud is a type of fraud or deceit which makes use of the
Internet and could include hiding of information or providing incorrect
information for the purpose of deceiving victims for money or property.
Internet fraud is not considered a single, distinctive crime but covers a
range of illegal and illicit actions that are committed in cyberspace.
5. Cyber Stalking –
This is a kind of online harassment wherein the victim is subjected to a
barrage of online messages and emails. In this case, these stalkers
know their victims and instead of offline stalking, they use the Internet to
stalk. However, if they notice that cyber stalking is not having the
desired effect, they begin offline stalking along with cyber stalking to
make the victims’ lives more miserable.

Challenges of Cyber Crime:

1. People are unaware of their cyber rights-

The Cybercrime usually happen with illiterate people around the world
who are unaware about their cyber rights implemented by the
government of that particular country.
2. Anonymity-
Those who Commit cyber crime are anonymous for us so we cannot
 do anything to that person.

3. Less numbers of case registered-

Every country in the world faces the challenge of cyber crime and the
rate of cyber crime is increasing day by day because the people who
even don’t register a case of cyber crime and this is major challenge for
us as well as for authorities as well.
4. Mostly committed by well educated people-
Committing a cyber crime is not a cup of tea for every individual. The
person who commits cyber crime is a very technical person so he
knows how to commit the crime and not get caught by the authorities.
5. No harsh punishment-
In Cyber crime there is no harsh punishment in every cases. But there
is harsh punishment in some cases like when somebody commits cyber
terrorism in that case there is harsh punishment for that individual. But
in other cases there is no harsh punishment so this factor also gives
encouragement to that person who commits cyber crime.

Prevention of Cyber Crime:

Below are some points by means of which we can prevent cyber crime:
1. Use strong password –
Maintain different password and username combinations for each
account and resist the temptation to write them down. Weak passwords
can be easily cracked using certain attacking methods like Brute force
attack, Rainbow table attack etc, So make them complex. That means
combination of letters, numbers and special characters.
2. Use trusted antivirus in devices –
Always use trustworthy and highly advanced antivirus software in
mobile and personal computers. This leads to the prevention of different
virus attack on devices.

3. Keep social media private –

Always keep your social media accounts data privacy only to your
friends. Also make sure only to make friends who are known to you.

4. Keep your device software updated –

Whenever you get the updates of the system software update it at the
same time because sometimes the previous version can be easily
attacked.

5. Use secure network –

Public Wi-Fi are vulnerable. Avoid conducting financial or corporate
transactions on these networks.

6. Never open attachments in spam emails –

A computer get infected by malware attacks and other forms of
cybercrime is via email attachments in spam emails. Never open an
attachment from a sender you do not know.

7. Software should be updated – Operating system should be updated

regularly when it comes to internet security. This can become a
potential threat when cybercriminals exploit flaws in the system.
Explain the IT ACT 2000.

The Information Technology Act, 2000 also Known as an IT Act is an act

proposed by the Indian Parliament reported on 17th October 2000. This
Information Technology Act is based on the United Nations Model law on
Electronic Commerce 1996 (UNCITRAL Model) which was suggested by the
General Assembly of United Nations by a resolution dated on 30th January,
1997. It is the most important law in India dealing with Cybercrime and
E-Commerce.
The main objective of this act is to carry lawful and trustworthy electronic, digital
and online transactions and alleviate or reduce cybercrimes. The IT Act has 13
chapters and 90 sections. The last four sections that starts from ‘section 91 –
section 94’, deals with the revisions to the Indian Penal Code 1860.
The IT Act, 2000 has two schedules:
● First Schedule –
Deals with documents to which the Act shall not apply.
● Second Schedule –
Deals with electronic signature or electronic authentication method.

The offences and the punishments in IT Act 2000 :

The offences and the punishments that falls under the IT Act, 2000 are as follows
:-
1. Tampering with the computer source documents.
2. Directions of Controller to a subscriber to extend facilities to decrypt
information.
3. Publishing of information which is obscene in electronic form.
4. Penalty for breach of confidentiality and privacy.
5. Hacking for malicious purposes.
6. Penalty for publishing Digital Signature Certificate false in certain
particulars.
7. Penalty for misrepresentation.
 8. Confiscation.
9. Power to investigate offences.
10. Protected System.
11.Penalties for confiscation not to interfere with other punishments.
12. Act to apply for offence or contravention committed outside India.
13. Publication for fraud purposes.
14. Power of Controller to give directions.

Sections and Punishments under Information Technology Act, 2000 are as

follows :

SECTION PUNISHMENT

This section of IT Act, 2000 states that any act of destroying,

altering or stealing computer system/network or deleting data with
Section
malicious intentions without authorization from owner of the
43
computer is liable for the payment to be made to owner as
compensation for damages.

This section of IT Act, 2000 states that any corporate body dealing
Section with sensitive information that fails to implement reasonable
43A security practices causing loss of other person will also liable as
convict for compensation to the affected party.

Hacking of a Computer System with malicious intentions like fraud

Section
will be punished with 3 years imprisonment or the fine of
66
Rs.5,00,000 or both.
Section Fraud or dishonesty using or transmitting information or identity
66 B, C, theft is punishable with 3 years imprisonment or Rs. 1,00,000 fine
D or both.

This Section is for Violation of privacy by transmitting image or

Section
private area is punishable with 3 years imprisonment or 2,00,000
66 E
fine or both.

This Section is on Cyber Terrorism affecting unity, integrity, security,

Section
sovereignty of India through digital medium is liable for life
66 F
imprisonment.

This section states publishing obscene information or pornography

Section
or transmission of obscene content in public is liable for
67
imprisonment up to 5 years or fine of Rs. 10,00,000 or both.
Write brief note on: Cyber-terrorism.

● Cyber Terrorism basically involves damaging large-scale computer

networks to achieve a loss of data and even loss of life. Hackers make
use of computer viruses, spyware, malware, ransomware, phishing,
programming language scripts, and other malicious software to achieve
their purposes.
● Also, these types of cyber-attacks which often lead to criminal offenses
are referred to as Cyber Terrorism. These cyber-attacks create panic
and physical damage to a large number of people.
● Cyber Terrorism deals with creating damage to the people and their
data using computer networks intentionally in order to achieve their
meaningful purpose.
● Government Agencies like the FBI (Federal Bureau of Investigations)
and the CIA (Central Intelligence Agency) in the past have detected
multiple cyber attacks and cyber crimes through terrorist organizations.
● The main purpose behind carrying out Cyber terrorism is to carry out
some cyberattack that makes a threat.
● According to the FBI, a Cyber Terrorism attack is defined as a
cybercrime that may be used intentionally to cause harm to people on
large scale using computer programs and spyware.
● A cyber terrorism attack is much more harmful than a normal
cybercrime because to intentional harm to the victims and it may not
cause financial damage to cause fear in society.
● In most cases, the criminals target the banking industry, military power,
nuclear power plants, air traffic control, and water control sectors for
making a cyber terrorism attack for creating fear, critical infrastructure
failure, or for political advantage.
Working

The cyber terrorism attacks work in the following ways:

● They use computer viruses, worms, spyware, and trojans to target web
servers and IT service stations. They want to attack military utilities, air
force stations, power supply stations to disrupt all the services.
● They use a Denial of Service attack where the original verified user
cannot access the services for which he is authorized. This creates a
sense of fear among the people for important essential services like
medical emergencies.
● These attacks help cyber criminals to get unauthorized access to the
user’s computer using hacking and then stealing that information to
fulfill their wrong purposes.
● Ransomware helps them to hold data and information by asking for
some ransom money from the victim and they even leak the private
data of the users if they don’t get the desired amount.
● They mostly use phishing-based techniques to target users using
infected spam emails to steal the user’s information and reveal that
identity to everyone.
● The most popular attack used in cyber terrorism is the APT (Advanced
persistent threat). They use complex penetrating network models to
hack into large-scale computer networks like in an organization. They
make themselves undetected in that organization network and then they
continuously steal information related to military equipment, national
defense information, etc.
Attacks:

The cyber terrorism attacks are usually carried out as follows:

● Unauthorized access: Attackers aim to disrupt and damage all the
means of access to the service. Instead, the hacker gains unauthorized
access to the important resources.
● Disruption: These attacks focus on disrupting public websites and
critical infrastructure resources to create fear within the society of
massive fatalities and commotion.
● Cyberespionage: The government usually carry out some spyware
operations on other government of other country related to military
equipment to gain an advantage over rival nations in terms of military
intelligence.
● Economic failure: Cybercriminals want all the technical system failures
to cause a large-scale economic failure like crashing the electricity or
water systems for multiple days to create a panic of these services
within the society.

Prevention:

We can prevent situations like cyber terrorism in the following ways:

● Government must regulate all cybercriminal activities and make stricter
rules regarding its violation. They must dedicate more resources to deal
with cyber threats.
● There must be more public education about these activities to the
general audience. This will help to create even fewer vulnerabilities that
the criminals take advantage of targeting the user’s data. It empowers
 the citizens to protect themselves from such kinds of phishing and
spyware attacks.
● We must use VPNs that help us to use private and protected network
setup that is difficult to crack into by hackers.
● Use strong passwords with a strong combination of alphabets, strings,
and numbers in them. Features like two-factor authentication also play
an important role in this thing.
● Don’t open unknown links, URLs, websites, and spam emails that may
contain harmful infected files in it and it may harm the entire computer
system.

Explain Intellectual property aspect in cyber laws ? how its protects

the rights of the owner of intellectual Property.

Intellectual Property (IP) simply refers to the creation of the mind. It refers to
the possession of thought or design by the one who came up with it. It offers the
owner of any inventive design or any form of distinct work some exclusive rights,
that make it unlawful to copy or reuse that work without the owner’s permission. It
is a part of property law. People associated with literature, music, invention, etc.
can use it in business practices.
There are numerous types of tools of protection that come under the term
“intellectual property”. Notable among these are the following:
● Patent
● Trademark
● Geographical indications
● Layout Designs of Integrated Circuits
● Trade secrets
● Copyrights
 ● Industrial Designs

Cyberspace is the non-physical domain where numerous computers are

connected through computer networks to establish communication between
them. With the expansion of technology, cyberspace has come within reach of
every individual. This fact led to the emergence of cyberspace as a business
platform and hence increases pressure on Intellectual Property. Nowadays, cyber
crimes do not solely limit themselves to fraud, cyberbullying, identity thefts but
also an infringement of copyrights and trademarks of various businesses and
other organizations. Online content needs to be protected and hence Intellectual
Property Rights and Cyber laws cannot be separated.
In cyberspace, sometimes one person makes a profit by using another person’s
creation without the owner’s consent. This is a violation of privacy, and it is
protected by IPR. We have certain laws to avoid violation of Intellectual Property
Rights in cyberspace and when it is violated, then additionally we have several
remedies in law.
Copyright Infringement:
Copyright protection is given to the owner of any published artistic, literary, or
scientific work over his work to prohibit everyone else from exploiting that work in
his name and thereby gain profit from it.
When these proprietary creations are utilized by anyone without the permission
of the owner, it leads to copyright infringement. If copies of any software are
made and sold on the internet without the permission of the owner or even
copying the content from any online source, these all are examples of copyright
infringement.
Copyright Issues in Cyberspace :
1. Linking –
It permits a Website user to visit another location on the Internet. By simply
clicking on a word or image on one Web page, the user can view another Web
page elsewhere in the world, or simply elsewhere on the same server as the
original page.
Linking damages the rights or interests of the owner of the Linked webpage. It
may create the supposition that the two linked sites are the same and promote
the same idea. In this way, the linked sites can lose their income as it is often
equal to the number of persons who visit their page.
2. Software Piracy –
Software piracy refers to the act of stealing software that is lawfully shielded. This
stealing comprises various actions like copying, spreading, altering, or trading the
software. It also comes under the Indian copyright act.
An example of software piracy is downloading a replica of Microsoft Word from
any website other than Microsoft to avoid paying for it as it is a paid software.
Piracy can be of 3 types:
1. Soft lifting
2. Software Counterfeiting
3. Uploading-Downloading.

3. Cybersquatting –
Cybersquatting means unauthorized registration and use of Internet domain
names that are similar to any business’s trademarks, service marks, or company
names. For example, let us consider Xyz is a very famous company and the
company hadn’t created a website yet. A cybersquatter could buy xyz.com,
looking to sell the domain to the company Xyz at a later date for a profit. The
domain name of a famous company can even be used to attract traffic and this
traffic will help cybersquatters earn a lot of money through advertising.
When more than one individual believes that they have the right to register a
specific domain name, then this can lead to a Domain Name Dispute. It arises
when a registered trademark is registered by another individual or organization
who is not the owner of a trademark that is registered.
Trademark Issues in Cyberspace :
Trademark means a mark capable of being depicted diagrammatically and which
may distinguish the products or services of one person from those of others and
will embody the form of products, their packaging, and combination of colors. A
registered service mark represents a service. Trademark infringement refers to
the unlawful use of a trademark or service mark which can cause ambiguity,
fraud, or confusion about the actual company a product or service came from.
Trademark owners can take the help of the law if they believe their marks are
being infringed.
Conclusion :
With the growth of Cyberspace and technology advancements, copyright and
trademarks are not limited to the usual intellectual property alone but have
spread to intellectual property rights over the internet.
Cyberspace is becoming a hub for intellectual property rights infringement.
Several practices by the cyber site operators resulted in the violation of
intellectual property rights and various other rights of other website operators. It
has become crucial that people are aware of the illegal usage of their websites
and webpages.
International conventions and treaties have provided various laws to protect
infringement of IPRs online which are helping e-commerce and e-businesses to
grow. However, the Information technology Act does not provide any provisions
in respect of cybercrimes related to IPR, cyberstalking, cyber defamation, etc.
Also, the Indian Trademark Act, 1999 and Copyright Act, 1957 are silent on
issues on online Trademark and Copyright infringement. Though computer
programs are protected under the Copyright Act, 1957, it does not provide
remedies for cyberpiracy.

Compare Vishing, Phishing and Smishing in cyber security.

What is phishing?
This is arguably the most commonly used cyber-crime technique. Phishing
involves sending fraudulent emails that direct the recipient to a fake website
through a malicious link. Phishing is a well-planned cyber-crime technique. As in
situations like these, the website is meticulously designed to resemble the
original one.

Phishing criminals leverage fake campaigns to update user data, or ask them to
sign up for a particular offer, or respond to a requirement through a malicious link.
These websites ask for confidential information, including user ID, password,
date of birth, mobile phone numbers, security codes, etc., convincingly, perhaps
that the user might not realize.

As an employer, you must ensure your employees identify such attacks. And,
considering it is better to prevent an attack rather than cure it, employees must
first use common sense and refrain from providing confidential information.
Emails indicating you’ve won a prize or a high-level authority unusually asking for
sensitive information, etc., are a few instances of phishing. Additionally, secure
links start with HTTPS. If that’s not the case, employees should not open it.

Some common types of phishing attacks include spear phishing, CEO fraud,
session hijacking, malware, content injection, etc. So, it isn’t just a particular
credential that the attackers might get access to through phishing, but get entry
into a specific network through malicious software downloads or compel
(unknowingly) the concerned employee to process a money transfer through a
CEO fraud.

There’s so much more than cyber criminals can do through phishing. Creating a
comprehensive employee awareness program with the help of an expert
cybersecurity company can help you. Click on this link to know more about spear
phishing. (internal link to How are Businesses Targeted by Spear Phishing
Attacks Each Day?)

What is vishing?
Vishing stands for voice and phishing. It involves a fraudulent phone call using
information obtained earlier online. Usually, phishing is a two-step process. First,
in the case of banking, for instance, the bad actor steals sensitive information by
email or through a fake website. However, to execute the attack, he requires the
OTP or SMS password. Accordingly, the next step is to call the person and scare
him (without sounding deliberate!) to compel him to share the secret code to
execute the fraud.

One of the most significant steps to avoid vishing is to train your employees to
identify such attacks and refuse to divulge confidential information regarding
anything. Nevertheless, employee training isn’t a one-time task. It is a process
that demands regular and consistent efforts to conduct refreshing training
programs and provide employees updates from time to time to help them
enhance their competence concerning the prevention of cyber-attacks.
Partnering with an experienced cybersecurity company helps in this regard.

What is smishing?
Lastly, what is smishing? The evolution of smishing doesn’t come as a surprise,
especially amidst techniques such as phishing and vishing. Also, when attackers
can target emails and phone calls (voice), it is quite possible that they would use
SMSs, or chat messages to channel their attacks? Of course, they can, and they
already have. Smishing, alongside phishing and vishing, has evolved significantly
to become a popular cyber-crime technique.

These threats involve messaging an individual about a fraud (a fake one) that
happened with him, about which he is unaware, or informing him that his account
or his confidential information might be at risk, or perhaps, his account will freeze
if he doesn’t verify his details, etc. The sources of these messages appears
trustworthy, and the messages are very well-articulated to seem authentic. Often,
the target, out of fear, happens to follow the instructions, or calls back, or clicks
on malicious links to stay out of the fabricated risk; however, only to compel
himself into a real one!
Again, a simple technique to create awareness among employees is to help them
stay aware about the various ways smishing attacks can take place, train them to
be able to identify a smishing attack, the action to take after identifying a potential
smishing attempt, and of course, ask them never to respond to such messages.

What is E-commerce? Explain different types of e-commerce with

suitable examples.
E-commerce (electronic commerce) is the buying and selling of goods and
services, or the transmitting of funds or data, over an electronic network,
primarily the internet. These business transactions occur either as
business-to-business (B2B), business-to-consumer (B2C),
consumer-to-consumer or consumer-to-business.

The terms e-commerce and e-business are often used interchangeably. The term
e-tail is also sometimes used in reference to the transactional processes that
make up online retail shopping.

Types of E-Commerce Models

Electronic commerce can be classified into four main categories. The basis for
this simple classification is the parties that are involved in the transactions. So
the four basic electronic commerce models are as follows,

1. Business to Business

This is Business to Business transactions. Here the companies are doing

business with each other. The final consumer is not involved. So the online
transactions only involve the manufacturers, wholesalers, retailers etc.

2. Business to Consumer

Business to Consumer. Here the company will sell their goods and/or services
directly to the consumer. The consumer can browse their websites and look at
products, pictures, read reviews. Then they place their order and the company
ships the goods directly to them. Popular examples are Amazon, Flipkart, Jabong
etc.

3. Consumer to Consumer
Consumer to consumer, where the consumers are in direct contact with each
other. No company is involved. It helps people sell their personal goods and
assets directly to an interested party. Usually, goods traded are cars, bikes,
electronics etc. OLX, Quikr etc follow this model.

4. Consumer to Business

This is the reverse of B2C, it is a consumer to business. So the consumer

provides a good or some service to the company. Say for example an IT
freelancer who demos and sells his software to a company. This would be a C2B
transaction.

How criminals plan the attack? Discuss various steps involved.

What is Bluetooth hacking? Explain Bluetooth hacking tools in brief.

Discuss basic security precautions to be taken to safeguard Laptops

and wireless devices.

1.Use a password
Ensure that your Windows account is protected with a password. The laptop
should be configured so that the password has to be entered every time you turn
the machine on or when it comes out of hibernation, sleep or screensaver mode.
An account password is an effective first line of defence, but only if you avoid
choosing a commonly used - and therefore easily guessed - password. An
analysis of passwords stolen from websites during recent security incidents
reveals that the most common include "password", "123456", "abc123", "qwerty"
and, bizarrely, "monkey".

2.Disable booting from CD or USB

It's easy to change or remove an account password using a free resetting
program such as pogostick, or to guess a short one using a "bruteforce guessing"
program such as Ophcrack.
But running these involves booting the computer from a CD or USB stick, so you
can increase security by disabling the ability to boot from one of these devices.
This can be done by altering the settings in your laptop's basic input/output
system (BIOS) – the built-in software with generic code to control the machine –
which can usually be accessed by pressing F1, F4, F10 or Del just after you
switch it on.
To ensure that no-one can override these settings, password-protect the BIOS so
that no more changes can be made to it without entering the password. This can
also be configured in the BIOS settings.

3.Encrypt your hard drive

If your laptop is stolen from your car or hotel room there is usually nothing to stop
the thief from removing your hard drive and attaching it to another computer.
Doing this bypasses any account password protection and allows them to access
your data easily.
The best way to prevent this is to encrypt your laptop's hard drives. Encrypted
drives can only be accessed after the encryption key is supplied - usually in the
form of a PIN, a password or by inserting a USB stick containing the key.
You can encrypt an entire drive using BitLocker, an encryption utility included with
some versions of Windows Vista, Windows 7 and Windows 8. A free, open
source alternative is TrueCrypt, which also works with Windows XP, Linux and
OS X.

4.Use a virtual private network (VPN)

Publicly accessible networks, such as those offered in airports, conference
centres and hotel rooms, present a particular security risk to laptop users. This is
because hackers armed with free programs such as Cain and Abel, Wireshark or
Ettercap can connect to the same networks and eavesdrop on emails or copy
passwords as they pass over the network.
The best way to protect your data from interception by other network users is to
encrypt it while it is in transit between your computer and your office network,
using a company VPN.
If you don't have access to a company VPN, you can use one from service
provider such as StreamVia or StrongVPN(opens in new tab). This ensures your
data is encrypted and protected from other users of the public local network.

5.Use secure email

Sometimes it can prove difficult to get a VPN connection working, so it's prudent
to ensure that any email program, webmail system or cloud based email service
that you use is configured to use a secure sockets layer (SSL) or transport layer
security (TLS). This ensures that both your username and password, and the
contents of your emails, are encrypted as they travel across the internet.
Webmail services like Gmail and cloud based services like Microsoft's Office 365
are configured in this way by default, but email offered by many internet service
providers is not.

6.Protect yourself from other users

For additional protection against malicious users connected to the same
business centre or hotel network, connect your laptop though a travel router that
plugs in to an Ethernet jack
A travel router such as the TP-Link TL-WR702N(opens in new tab) acts as a
highly effective hardware firewall which helps keep your computer isolated from
other users on the network. (Most computers have a software firewall installed,
but these can be disabled by viruses and other malicious software.)

7.Check for known vulnerabilities

When you connect your laptop to the internet when travelling, you may not be
protected by any security systems your company uses to filter out malicious
emails or to keep you from malicious websites. That can result in hackers
exploiting vulnerabilities in the software on your computer to infect it with
malware.
To reduce the chances of this it is important to check that your computer's
operating system and other software has been updated with the latest security
patches.
Security company Qualys offers a free service called BrowserCheck that scans
your computer and provides links to updates for any software it finds with known
security vulnerabilities.

8.Don't lose it in the airport rush

Tens of thousands of laptops are lost in airports every week, and only about one
third are ever returned to their owners, according to research carried out by the
Ponemon Institute.
One way to avoid leaving your laptop behind when you go through security or get
called for your flight is to attach a proximity alarm such as a Kensington
Proximo(opens in new tab), a Proximity Tag(opens in new tab) or a Hippih hipKey
to your laptop bag.
These inexpensive devices send an alert to your smartphone if they detect that
they have moved more than a few metres away from you.

9.Keep your USB sticks secure

If you carry a USB memory stick to make backups of your work or store other
data, it's important to make sure that it is as secure as the data on your laptop.

You can do this the same way that you can encrypt a computer hard drive - using
TrueCrypt or a version of Microsoft's BitLocker called BitLocker To Go (which is
included in some versions of Windows 7 and Windows 8.) Once encrypted the
memory stick can only be accessed after supplying a password.

An alternative is to use a USB drive with encryption hardware and other security
features built in, available from companies like IronKey. Its secure USB drives
self-destruct if the wrong password is supplied 10 times in a row, making it all but
impossible for a thief to access the data it holds by repeatedly guessing the
password.

10. Lock it up
Perhaps the most obvious piece of advice, but one which is frequently ignored, is
to make it hard for an opportunistic thief to walk off with your laptop.
One way to do this is by using a Kensington lock(opens in new tab) - a metal
cable which you can loop around a suitable fixed object and which attaches to
any laptop equipped with a Kensington slot.
Kensington locks certainly don't provide total security, as the cables can be cut or
they can be ripped out of the laptop, but it is enough to make many thieves move
on to easier pickings.

Explain in detail the following terms.

SOX , HIPAA , GLBA , PCI.

What Does Sarbanes-Oxley Act (SOX) Mean?

The Sarbanes-Oxley Act (also abbreviated SOX), is a US Federal law enacted
on July 30, 2002 that set a broad range of new standards for public companies,
boards and accounting firms. It establishes a Public Company Accounting
Oversight Board (PCAOB) to oversee the auditors of public companies. The
Sarbanes-Oxley Act does not apply to privately held companies.

What Is Payment card industry PCI Compliance?

Payment card industry (PCI) compliance is mandated by credit card companies
to help ensure the security of credit card transactions in the payments industry.
Payment card industry compliance refers to the technical and operational
standards that businesses follow to secure and protect credit card data provided
by cardholders and transmitted through card processing transactions.

What Is the Gramm-Leach-Bliley Act of 1999 (GLBA)?

The Gramm-Leach-Bliley Act of 1999 (GLBA) was a bi-partisan regulation under
President Bill Clinton, passed by Congress on November 12, 1999. The GLBA
was an attempt to update and modernize the financial industry. The GLBA is
most well-known as the repeal of the Glass-Steagall Act of 1933, which stated
that commercial banks were not allowed to offer financial services—like
investments and insurance-related services—as part of normal operations.1
What Is the Health Insurance Portability and Accountability Act (HIPAA)?
The Health Insurance Portability and Accountability Act (HIPAA) is an act created
by the U.S. Congress in 1996 that amends both the Employee Retirement
Income Security Act (ERISA) and the Public Health Service Act (PHSA). HIPAA
was enacted in an effort to protect individuals covered by health insurance and to
set standards for the storage and privacy of personal medical data.1

What do you mean by cyber stalker? Discuss types of stalker and

their mitigation technique.

In Cyber Stalking, a cyber criminal uses the internet to consistently threaten

somebody. This crime is often perpetrated through email, social media, and the
other online medium. Cyber Stalking can even occur in conjunction with the
additional ancient type of stalking, wherever the bad person harasses the victim
offline.
There’s no unified legal approach to cyber Stalking, however, several
governments have moved toward creating these practices punishable by law.
Social media, blogs, image sharing sites and lots of different ordinarily used
online sharing activities offer cyber Stalkers with a wealth of data that helps them
arrange their harassment. It includes actions like false accusations, fraud,
information destruction, threats to life and manipulation through threats of
exposure. It has stalkers take the assistance of e-mails and other forms of
message applications, messages announce to an online website or a discussion
cluster, typically even the social media to send unwanted messages, and harass
a specific person with unwanted attention. Cyber Stalking is typically cited as
internet stalking, e-stalking or online stalking.
Types of Cyber Stalking:
● Webcam Hijacking:
Internet stalkers would attempt to trick you into downloading and putting
in a malware-infected file that may grant them access to your webcam.
the method is therefore sneaky that it’s probably you wouldn’t suspect
anything strange.
● Observing location check-ins on social media:
In case you’re adding location check-ins to your Facebook posts, you’re
 making it overly simple for an internet stalker to follow you by just
looking through your social media profiles.
● Catfishing:
Catfishing happens via social media sites, for example, Facebook,
when internet stalkers make counterfeit user-profiles and approach their
victims as a companion of a companion.

Protective Measures:
● Develop the habit of logging out of the PC when not in use.
● Remove any future events you’re close to attending from the social
networks if they’re recorded on online approaching events and
calendars.
● Set strong and distinctive passwords for your online accounts.
● Cyber Stalkers can exploit the low security of public Wi-Fi networks to
snoop on your online activity. Therefore, avoid sending personal emails
or sharing your sensitive info when connected to an unsecured public
Wi-Fi.
● Make use of the privacy settings provided by the social networking sites
and keep all info restricted to the nearest of friends.
● Do a daily search on the internet to search out what information is
accessible regarding you for the public to check.
What is "social Engineering"? What are the security threat that can
arise from social networking sites?

What is social engineering?

Social engineering is an attack vector that relies heavily on human interaction
and often involves manipulating people into breaking normal security procedures
and best practices to gain unauthorized access to systems, networks or physical
locations or for financial gain.

Threat actors use social engineering techniques to conceal their true identities
and motives, presenting themselves as trusted individuals or information
sources. The objective is to influence, manipulate or trick users into releasing
sensitive information or access within an organization. Many social engineering
exploits rely on people's willingness to be helpful or fear of punishment. For
example, the attacker might pretend to be a co-worker who has some kind of
urgent problem that requires access to additional network resources.

Social engineering is a popular tactic among attackers because it is often easier

to exploit people than it is to find a network or software vulnerability. Hackers will
often use social engineering tactics as a first step in a larger campaign to
infiltrate a system or network and steal sensitive data or disperse malware.

What do you understand by social engineering? Give its

classification.

Types of social engineering attacks

Popular types of social engineering attacks include the following techniques:

● Baiting. An attacker leaves a malware-infected physical device, such

as a Universal Serial Bus flash drive, in a place it is sure to be found.
The target then picks up the device and inserts it into their computer,
unintentionally installing the malware.
 ● Phishing. When a malicious party sends a fraudulent email disguised
as a legitimate email, often purporting to be from a trusted source. The
message is meant to trick the recipient into sharing financial or personal
information or clicking on a link that installs malware.
● Spear phishing. This is like phishing, but the attack is tailored for a
specific individual or organization.
● Vishing. Also known as voice phishing, vishing involves the use of
social engineering over the phone to gather financial or personal
information from the target.
● Whaling. A specific type of phishing attack, a whaling attack targets
high-profile employees, such as the chief financial officer or chief
executive officer, to trick the targeted employee into disclosing sensitive
information.
● Quid pro quo Attack

The term quid pro quo roughly means "a favor for a favor," which refers
to exchanging your information for some reward or other compensation in
exchange for phishing. Offer to participate in giveaways or research
studies may make you aware of this type of attack.

Exploitation comes from making you happy for something valuable that
comes with little investment on your end. However, the attacker does not
reward your data for you.

● DNS Spoofing and Cash Poisoning Attack

DNS spoofing manipulates your browser and web server to visit malicious
websites when you enter a valid URL. DNS cache poisoning
 attacksinfect our device with valid URLs or routing instructions for multiple
URLs to connect to fake websites.

● Scareware Attack

Scareware is a form of malware that is used to scare you into taking

action. The deceptive malware uses dangerous warnings that report fake
malware infections or claim that your accounts have been compromised.

● Water Hole Attack

Watering hole attacks infect popular web pages with malware to affect
multiple users at the same time. Carefully planning on the part of the
attacker is required to find vulnerabilities of the specific sites.

Website owners can choose to delay software updates to keep the

software that they know are stable. Hackers recently misuse this behavior
to target vulnerabilities.

Explain various types of phishing attacks and its counter measures.

Phishing attackers pretend to a trusted institution or person in an attempt to convince
you to uncover personal data and valuables.Attacks by using phishing are targeted in
two ways:

● Spam phishing is a widespread attack for some users. The attacks are
non-personal and try to capture any irresponsible person.

● Phishing and whaling use personal information to target particular users. The
whaling attacks are aimed at high-profile individuals such as celebrities, upper
 management and higher government officials.Whether it is direct communication
or by a fake website, anything you share goes directly into the seamster's
pocket.You can also be fooled into the next stage of the phishing attack malware
download. The methods used in phishing are unique methods of delivery.

● Voice phishing (Wishing) phone calls can be an automated messaging system

recording all your inputs. The person can speak with you to build trust.

● SMS phishing (SMS) texts or mobile app messages may indicate a web link or
follow-up via a web link or phone number. A web link, phone number, or malware
attachment may be used.

● Angler phishing takes place on social media, where the attacker mimics the
customer service team of a trusted company. They interrupt your communication
with a brand and turn the conversations into private messages, where they
escalate the attack.

● Search engine phishing attempts to place links to fake websites at the top of
any search results. The advertisements will be paid or use valid optimization
methods to manipulate search rankings.The links are given in email, text, social
media messages and online advertisements.

● In-session phishing appears as an interruption to the normal web

browsing.For example, you can see fake pop-ups on the webpages you are
currently viewing.

Explain cloud computing with cyber-attacks? Explain in detail.

What is cloud security?

Cloud security is the whole bundle of technology, protocols, and best practices
that protect cloud computing environments, applications running in the cloud, and
data held in the cloud. Securing cloud services begins with understanding what
exactly is being secured, as well as, the system aspects that must be managed.
As an overview, backend development against security vulnerabilities is largely
within the hands of cloud service providers. Aside from choosing a
security-conscious provider, clients must focus mostly on proper service
configuration and safe use habits. Additionally, clients should be sure that any
end-user hardware and networks are properly secured.

The full scope of cloud security is designed to protect the following, regardless of
your responsibilities:

● Physical networks — routers, electrical power, cabling, climate controls,

etc.
● Data storage — hard drives, etc.
● Data servers — core network computing hardware and software
● Computer virtualization frameworks — virtual machine software, host
machines, and guest machines
● Operating systems (OS) — software that houses
● Middleware — application programming interface (API) management,
● Runtime environments — execution and upkeep of a running program
● Data — all the information stored, modified, and accessed
● Applications — traditional software services (email, tax software,
productivity suites, etc.)
● End-user hardware — computers, mobile devices, Internet of Things (IoT)
devices, etc.

With cloud computing, ownership over these components can vary widely. This
can make the scope of client security responsibilities unclear. Since securing the
cloud can look different based on who has authority over each component, it’s
important to understand how these are commonly grouped.

How to Secure the Cloud

Fortunately, there is a lot that you can do to protect your own data in the cloud.
Let’s explore some of the popular methods.
Encryption is one of the best ways to secure your cloud computing systems.
There are several different ways of using encryption, and they may be offered by
a cloud provider or by a separate cloud security solutions provider:

● Communications encryption with the cloud in their entirety.

● Particularly sensitive data encryption, such as account credentials.
● End-to-end encryption of all data that is uploaded to the cloud.
● Use strong passwords. Including a mix of letters, numbers and special
characters will make your password more difficult to crack. Try to avoid
obvious choices, like replacing an S with a $ symbol. The more random
your strings are, the better.
● Use a password manager. You will be able to give each application,
database, and service you use separate passwords, without having to
remember them all. However, you must make sure you protect your
password manager with a strong primary password.
● Protect all the devices you use to access your cloud data, including
smartphones and tablets. If your data is synchronized across numerous
devices, any one of them could be a weak link putting your entire digital
footprint at risk.
● Back up your data regularly so that in the event of a cloud outage or data
loss at your cloud provider, you can restore your data fully. That backup
could be on your home PC, on an external hard drive, or even
cloud-to-cloud, as long as you are certain the two cloud providers don't
share infrastructure.
● Modify permissions to prevent any individual or device from having
access to all your data unless it is necessary. For instance, businesses will
do this through database permission settings. If you have a home network,
use guest networks for your children, for IoT devices, and for your TV.
Save your 'access all areas' pass for your own usage.
 ● Protect yourself with anti-virus and anti-malware software. Hackers
can access your account easily if malware makes its way into your system.
● Avoid accessing your data on public Wi-Fi, particularly if it doesn't use
strong authentication. However, use a virtual private network (VPN) to
protect your gateway to the cloud.

What is SQL injection attack? Are there any countermeasures that

can be used to prevent the attack?

SQL injection – meaning and definition

An SQL injection, sometimes abbreviated to SQLi, is a type of vulnerability in

which an attacker uses a piece of SQL (structured query language) code to
manipulate a database and gain access to potentially valuable information. It's
one of the most prevalent and threatening types of attack because it can
potentially be used against any web application or website that uses an
SQL-based database (which is most of them).

Impact of SQL injection attacks

A successful SQL injection attack can have serious consequences for a
business. This is because an SQL injection attack can:

● Expose sensitive data. Attackers can retrieve data, which risks exposing
sensitive data stored on the SQL server.
● Compromise data integrity. Attackers can alter or delete information from
your system.
● Compromise users’ privacy. Depending on the data stored on the SQL
server, an attack can expose sensitive user information, such as
addresses, telephone numbers, and credit card details.
 ● Give an attacker admin access to your system. If a database user has
administrative privileges, an attacker can gain access to the system using
malicious code.
● Give an attacker general access to your system. If you use weak SQL
commands to check usernames and passwords, an attacker could gain
access to your system without knowing a user’s credentials. From there,
an attacker can wreak havoc by accessing and manipulating sensitive
information.

How to prevent SQL injection attacks

For businesses concerned about SQL injection prevention, key principles to help
defend websites and web applications include:

Staff training:

Generate awareness about SQLi-based risks within the team responsible for
your web application and provide necessary role-based training to all users.

Keep user input in check:

Any user input used in an SQL query introduces risk. Address input from
authenticated and/or internal users in the same way as public input until it is
verified. Give accounts that connect to the SQL database only the minimum
privileges needed. Use whitelists as standard practice instead of blacklists to
verify and filter user input.

Use latest versions:

It’s important to use the latest version of the development environment to

maximize protection, since older versions may lack current safety features. Be
sure to install the latest software and security patches when available.

Continuously scan web applications:

Use comprehensive application performance management tools. Regularly

scanning web applications will identify and address potential vulnerabilities
before they allow serious damage.
Use a firewall:

A web application firewall (WAF) is often used to filter out SQLi, as well as other
online threats. A WAF relies on a large and frequently updated list of signatures
that allow it to filter out malicious SQL queries. Usually, the list holds signatures
to address specific attack vectors and is regularly patched in response to newly
discovered vulnerabilities.

Types of SQL injection attacks.

In-band SQLi

Also known as a classic SQLi, an in-band SQLi is when hackers use the same
channel (or band) to launch database errors and to collect the results from an
attack. An in-band SQLi is most commonly achieved through two methods:
error-based and Union-based attacks.

● Error-based injection techniques force the database to produce error

messages that reveal information about the structure of the database.
● Union-based attacks use prepared statements that exploit the SQL
Union function, which combines the results of multiple queries into one
result.

Inferential SQLi

Also known as a blind SQL injection, an inferential SQLi is when hackers send
data payloads to a database server to observe its response and behavior without
being able to see what is actually occurring within the database. The server's
response provides the attacker with clues that they can use to adjust their attack
strategy.
An inferential SQLi can be either Boolean or time-based. A Boolean SQLi uses
true or false statements to solicit a response, while a time-based SQLi sets a
designated response period.

Out-of-band SQLi

An out-of-band SQLi is when hackers take advantage of domain name system or

HTTP requests to retrieve data. An out-of-band SQLi is usually only performed
when a web server is too slow or when an in-band SQLi is not possible to
execute.

What is Electronic Governance. Explain the role of digital signature

in E-Governance.

Electronic Governance or E-Governance is the application of Information and

Communication Technology (ICT) for providing government services, interchange
of statics, communication proceedings, and integration of various independent
systems and services. Through the means of e-governance, government
services are made available to citizens in a suitable, systematic, and transparent
mode. The three main selected groups that can be discriminated against in
governance concepts are government, common people, and business groups.
E-governance is the best utilization of information and communication
technologies to mutate and upgrade the coherence, productivity, efficacy,
transparency, and liability of informational and transnational interchanges within
government, between government agencies at different levels, citizens &
businesses. It also gives authorization to citizens through access and use of
information. Generally, E-governance uses information and communication
technologies at various levels of the government and the public sector to
enhance governance.
Types of E-Governance:
E-governance is of 4 types:
1. Government-to-Citizen (G2C): The Government-to-citizen mentions
the government services that are acquired by the familiar people. Most
of the government services come under G2C. Similarly, the primary aim
of Government-to-citizen is to supply facilities to the citizens. It also
helps ordinary people to minimize the time and cost to carry out a
transaction. A citizen can retrieve the facilities anytime from anywhere.
Similarly, spending the administrative fee online is also possible due to
G2C. The facility of Government-to-Citizen allows the ordinary citizen to
outclass time limitations. It also focuses on geographic land barriers.
2. Government-to-business (G2B): Government-to-business is the
interchange of services between Government and Business firms. It is
productive for both government and business firms. G2B provides
access to pertinent forms needed to observe. It also contains many
services interchanged between business sectors and government.
Similarly, Government-to-business provides timely business
information. A business organization can have easy and easy online
access to government agencies. G2B plays an important role in
business development. It upgrades the efficiency and quality of
communication and transparency of government projects.
3. Government-to-Government (G2G): The Government-to-Government
mentions the interaction between different government departments,
firms, and agencies. This increases the efficiency of government
processes. In G2G, government agencies can share the same
database using online communication. The government departments
can work together. This service can increase international discretion
 and relations. G2G services can be at the local level or at the
international level. It can convey to both global government and local
government. It also provides a safe and secure inter-relationship
between domestic and foreign governments. G2G builds a universal
database for all members to upgrade service.
4. Government-to-Employee (G2E): The Government-to-Employee is
the internal part of G2G section. It aims to bring employees together
and improvise knowledge sharing. It provides online facilities to the
employees. Similarly, applying for leave, reviewing salary payment
record and checking the balance of holiday. The G2E sector yields
human resource training and development. So, G2E is also the
correlation between employees and government institutions.

Advantages of E-Governance:
The supreme goal of e-governance is to be able to provide an increased portfolio
of public services to citizens in a systematic and cost effective way. It allows for
government transparency because it allows the public to be informed about what
the government is working on as well as the policies they are trying to implement.
The main advantage while executing electronic government will be to enhance
the efficiency of the current system.
Another advantage is that it increases transparency in the administration,
reduces costs, increases revenue growth, and also improves relationships
between the public and the civic authorities.
Disadvantages of E-Governance:
The main disadvantage regarding e-governance is the absence of fairness in
public access to the internet, of trustworthy information on the web, and
disguised agendas of government groups that could have an impact and could
bias public opinions.

Digital signature in E-Governance.

Recent development in E-Governance would like to leverage digital signature

capabilities, which is usage of Information and Communication Technology by the
government to provide and facilitate government services, exchange of
information etc. Digital signature is a wellknown mechanism to carry out digital
authentication and verificationof electronic transactions in the online world. As it
comes with the word online, the biggest concern is the security issue. To provide
E-authentication to the user there are many cryptographic techniques available.
This paper discusses increasing the security, reliability, and nonrepudiation of the
user’s data or information using Digital signature. It is a highly secured and
well-known method to authenticate and verify an electronic transaction.

What are botnets?

A botnet is a collection of internet-connected devices, which may include
personal computers (PCs), servers, mobile devices and internet of things (IoT)
devices, that are infected and controlled by a common type of malware, often
unbeknownst to their owner.
Infected devices are controlled remotely by threat actors, often cybercriminals,
and are used for specific functions, yet the malicious operations stay hidden from
the user.
Botnets are commonly used to send spam emails, engage in click fraud
campaigns and generate malicious traffic for distributed denial-of-service (DDoS)
attacks.

How do botnets work?

The term botnet is derived from the words robot and network. A bot, in this case,
is a device infected by malicious code, which then becomes part of a network, or
net, of infected machines all controlled by a single attacker or attack group.
A bot is sometimes called a zombie, and a botnet is sometimes referred to as a
zombie army. Conversely, those controlling the botnet are sometimes referred to
as bot herders.
The botnet malware typically looks for devices with vulnerable endpoints across
the internet, rather than targeting specific individuals, companies or industries.
The objective for creating a botnet is to infect as many connected devices as
possible and to use the large-scale computing power and functionality of those
devices for automated tasks that generally remain hidden to the users of the
devices.
For example, an ad fraud botnet infects a user's PC with malicious software that
uses the system's web browsers to divert fraudulent traffic to certain online
advertisements. However, to stay concealed, the botnet won't take complete
control of the operating system (OS) or the web browser, which would alert the
user.
Instead, the botnet may use a small portion of the browser's processes, often
running in the background, to send a barely noticeable amount of traffic from the
infected device to the targeted ads.
On its own, that fraction of bandwidth taken from an individual device won't offer
much to the cybercriminals running the ad fraud campaign. However, a botnet
that combines millions of botnet devices will be able to generate a massive
amount of fake traffic for ad fraud.

Explain in detail the concepts of identity theft.

What Is Identity Theft?

Identity theft is the crime of obtaining the personal or financial information of
another person to use their identity to commit fraud, such as making
unauthorized transactions or purchases. Identity theft is committed in many
different ways and its victims are typically left with damage to their credit,
finances, and reputation.

● Identity theft occurs when someone steals your personal information and
credentials to commit fraud.
● There are various forms of identity theft, but the most common is financial.
● Identity theft protection is a growing industry that keeps track of people's
credit reports, financial activity, and Social Security Number use.

Understanding Identity Theft

Identity theft occurs when someone steals your personal information—such as
your Social Security Number, bank account number, and credit card information.
Identity theft can be committed in many different ways. Some identity thieves sift
through trash bins looking for bank account and credit card statements.

More high-tech methods involve accessing corporate databases to steal lists of

customer information. Once identity thieves have the information they are looking
for, they can ruin a person's credit rating and the standing of other personal
information.1

Identity thieves increasingly use computer technology to obtain other people's

personal information for identity fraud. To find such information, they may search
the hard drives of stolen or discarded computers; hack into computers or
computer networks; access computer-based public records; use
information-gathering malware to infect computers; browse social networking
sites; or use deceptive emails or text messages.1

Victims of identity theft often do not know their identity has been stolen until they
begin receiving calls from creditors or are turned down for a loan because of a
bad credit score.

Types of Identity Theft

There are several types of identity theft including:

Financial Identity Theft

In financial identity theft, someone uses another person's identity or information

to obtain credit, goods, services, or benefits. This is the most common form of
identity theft.2

Social Security Identity Theft

If identity thieves obtain your Social Security Number, they can use it to apply for
credit cards and loans and then not pay outstanding balances. Fraudsters can
also use your number to receive medical, disability, and other benefits.3

Medical Identity Theft

In medical identity theft, someone poses as another person to obtain free

medical care. 1

Synthetic Identity Theft

Synthetic identity theft is a type of fraud in which a criminal combines real

(usually stolen) and fake information to create a new identity, which is used to
open fraudulent accounts and make fraudulent purchases. Synthetic identity theft
allows the criminal to steal money from any credit card companies or lenders
who extend credit based on the fake identity.1

Child Identity Theft

In child identity theft, someone uses a child's identity for various forms of
personal gain. This is common, as children typically do not have information
associated with them that could pose obstacles for the perpetrator.
The fraudster may use the child's name and Social Security Number to obtain a
residence, find employment, obtain loans, or avoid arrest on outstanding
warrants. Often, the victim is a family member, the child of a friend, or someone
else close to the perpetrator. Some people even steal the personal information of
deceased loved ones.

Tax Identity Theft

Tax identity theft occurs when someone uses your personal information, including
your Social Security Number, to file a bogus state or federal tax return in your
name and collect a refund.

Criminal Identity Theft

In criminal identity theft, a criminal poses as another person during an arrest to

try to avoid a summons, prevent the discovery of a warrant issued in their real
name or avoid an arrest or conviction record.

What is E- contract? its types and legal prerequisites of an

e-contract?

Electronic Contract refers to a contract that takes place through e-commerce,

often without the parties meeting each other. It refers to commercial transactions
conducted and concluded electronically. A customer drawing money from an
ATM machine is an example of electronic contract. Another instance of e-contract
is when a person orders some product from an online shopping website.
Globalization and diffusion of technology has accelerated the presence of
e-commerce companies throughout the world. Online auctions are also gaining
popularity whereby buying and selling takes place through bidding using the
Internet.

In this post, we outline the various types of contracts and legal issues with
enforcement of such contracts.

Types of E-Contracts
Three common kinds of electronic contract are browse wrap, shrink wrap and
click wrap contracts.

● A browse wrap agreement is intended to be binding on the contracting

party by the use of the website. Such contracts are usually used by
websites wherein the continued use of a website by a user is deemed to
be acceptance of its revised terms of use and other policies.
● A shrink wrap contract is a license agreement where the terms and
conditions of the contract are enforced upon the consumer as soon as he
opens the package. Such contracts can be generally observed in the case
of buying of software products. The license agreement indemnifies the
user for any copyright or intellectual property rights violation of the
manufacturer as soon as the buyer opens the pack (containing the
software product).
● Click wrap or click through agreements require the user to manifest his
consent or assent to the terms and conditions governing the licensed
usage of the software by clicking "ok" or "I agree" button on the dialog box.
A user may choose to disagree or reject the terms by clicking cancel or
closing the window. Such a user will not be able to buy or use the service
upon rejection. One regularly comes across such a type of contract during
online transactions, while downloading software or creating an e-mail
account. Unlike the shrink wrap agreements where the terms of the
agreement are hidden inside the box, in case of click wrap agreements, all
the terms and conditions are accessible prior to acceptance, either in the
same window or through a hyperlink.