UNIT-1

1.1 INTRODUCTION TO CYBER SECURITY

With the constant rise in cyber threats and attacks, keeping our computer systems safe has become a top priority. Perpetrators
are always getting better at their tricks, targeting everyone from regular people and small businesses to big organizations.
So, both tech and non-tech companies now agree that cybersecurity is super important. They are working hard to put strong
measures in place to fight against and reduce the ever-changing world of cyber threats.
1.1.1 What is Cyber Security?
 Cyber security, refers to the practice of protecting digital information, computer systems, networks and electronic
devices from unauthorized access, data breaches, theft, damage or disruption.
 It includes using different plans, technologies, and good practices to protect important information, make sure
systems work properly, and defend against various online threats.
 Cybersecurity is like a shield for the internet-connected world, safeguarding systems, software, and data from bad
things happening.
 It is the protection of Internet-connected systems, including hardware, software and data from cyber attacks.
 It is made up of two words one is cyber and other is security. Cyber is related to the technology which contains
systems, network and programs or data whereas security is related to the protection which includes systems security,
network security and application & information security.
1.1.2 The Objectives of Cyber Security
The primary aim of cyber security is to safeguard information against theft, compromise or malicious attacks. Cyber security
effectiveness is often evaluated based on achieving at least one of three essential goals:
1. Preserving Data Confidentiality: Ensuring that sensitive information remains confidential and is only
accessible to authorized individuals or systems, preventing unauthorized disclosure.
2. Maintaining Data Integrity: Ensuring that data remains accurate and trustworthy by preventing unauthorized
alterations, tampering, or corruption.
3. Facilitating Data Availability: Ensuring prompt and reliable access to data for authorized users, while
minimizing downtime and disruptions.

These objectives constitute the foundation of security programs and are collectively known as the CIA (Confidentiality,
Integrity, Availability) triad. The CIA triad serves as a security framework specifically crafted to provide guidance for
information security policies within an organization or company. To prevent any confusion with the Central Intelligence
Agency (CIA), this model is sometimes referred to as the AIC (Availability, Integrity and Confidentiality) triad. These three
elements in the security triad are widely recognized as the most pivotal components of security.
Many organizations and companies routinely employ the CIA criteria when implementing new applications, establishing
databases or ensuring access to data. To achieve complete data security, all of these security objectives must be effectively
implemented. These security policies are interdependent and must not be overlooked.

I. Confidentiality
Confidentiality can be likened to the concept of privacy and revolves around preventing unauthorized access to
information. Its primary goal is to safeguard data by granting access exclusively to authorized individuals or entities while
preventing unauthorized parties from gaining any knowledge about its contents. Confidentiality aims to block critical
information from falling into the wrong hands while ensuring that authorized individuals can access it.
Tools for Confidentiality: The tools for confidentiality refer to the various technologies, practices and methods
employed to ensure that sensitive or confidential information remains private and is only accessible to authorized
individuals or systems. The primary goal of confidentiality tools is to prevent unauthorized access, disclosure or exposure
of sensitive data.
Table 1.1 Tools for Confidentiality
Encryption
Access Control
Tools for Confidentiality Authentication
Authorization
Physical Security

1. Encryption: Encryption is a security technique used to protect sensitive information by transforming it into an
unreadable format, which can only be deciphered by individuals or systems with the proper decryption key or
algorithm. In essence, it's like putting a message into a locked box and only someone with the right key can open
the box and read the message.
Encryption is a technique that involves converting information into an unreadable format for individuals
who lack authorization, accomplished through the use of an algorithm. This data transformation employs a
confidential key known as an encryption key, ensuring that the altered data can only be comprehended with another
confidential key called the decryption key. Its purpose is to safeguard sensitive data, like credit card numbers, by
encoding and altering the data into an unintelligible form known as ciphertext. To regain the original information,
this encrypted data must undergo decryption. The two main categories of encryption are asymmetric-key and
symmetric-key encryption.
2. Access Control: Implementing access controls to restrict who can view or manipulate sensitive data. This may
include user authentication, role-based access control and permission settings. It is a security measure used to
regulate and manage who can access certain resources, systems or areas within an organization or a computer
system. Its primary purpose is to protect sensitive information, ensure the integrity of systems and maintain security.
Access control establishes regulations and guidelines to restrict entry to a system or to both physical and
virtual resources. It's a method through which users gain entry and specific privileges to interact with systems,
resources or information. In access control systems, users are required to furnish credentials, like a person's name
 or a computer's serial number, as a prerequisite for gaining access. In the context of physical systems, these
credentials can take various forms, but those that are non-transferable offer the highest level of security.
3. Authentication: Authentication is the process of verifying the identity of an individual or system attempting to
access a computer system, network, application or resource. It is a fundamental security measure designed to ensure
that only authorized and legitimate users or entities can gain access to sensitive information and systems.
It is a process that ensures and confirms a user's identity or role that someone has and validates the identity
of a registered user or process before enabling access to protected networks and systems.
4. Authorisation: Authorization in cybersecurity is like giving or denying permission to access specific things, such
as information or systems, after confirming someone's identity (authentication). It decides what actions a person or
system can take and what resources they can use. Think of it as the security process that determines who gets to do
what based on predefined rules, especially after confirming who they are.
5. Physical security: Physical security encompasses a set of measures and strategies carefully crafted to thwart
unauthorized access to IT assets, such as facilities, equipment, personnel resources and other properties, with the
aim of safeguarding them against potential harm. These protective measures serve as a bulwark against physical
threats that may include theft, vandalism, fire and natural disasters, all geared towards preserving the integrity and
safety of these valuable assets.

II. Integrity
Integrity in the context of cyber security refers to the assurance that data and systems have not been tampered with
or altered in an unauthorized or unintended manner. It is one of the key principles of information security and involves
maintaining the accuracy and reliability of data and the systems that process or store that data. Ensuring data integrity is
crucial in protecting against various cyber threats, such as unauthorized access, data manipulation, and malware attacks. It
protects data and systems from unauthorized changes, ensuring the accuracy and reliability of information and maintaining
the trustworthiness of digital assets.
Integrity refers to the accuracy and reliability of data. It ensures that data remains unchanged and unaltered during
storage, transmission, or processing. Techniques like checksums, hashing, and digital signatures are used to detect and
prevent unauthorized modifications to data.
Tools for Integrity: Ensuring integrity in cyber security requires the use of various tools and technologies. Some
common tools and techniques used to maintain data and system integrity are:
Table 1.2 Tools for Integrity

Checksums
Tools for Integrity Hash Function
Digital Signatures

1. Checksum: A checksum is a value or code generated from a file or message and that is used to verify the data's
integrity. The primary purpose of a checksum is to detect errors or tampering that may have occurred during data
transmission or storage. If the checksum generated from the received data matches the checksum originally sent
or stored, it suggests that the data has not been altered. If the checksums do not match, it indicates potential data
corruption or tampering.
 A checksum is a numeric value employed for the purpose of confirming the integrity of either a file or data
transfer. Essentially, it involves calculating a function that translates the content of a file into a numerical
representation. Its primary application lies in the verification of data equivalence between two sets. A checksum
function is contingent on the complete content of a file.
2. Hash Function: A hash function is a mathematical function that takes an input (or 'message') and returns a fixed-
size string of characters, which is typically a hexadecimal number. The output, often called the hash value or hash
code, is unique to the input data. Hash functions are widely used in computer science and cryptography for various
purposes, primarily to ensure data integrity, security, and efficient data retrieval.
Hash functions like MD5, SHA-256, and SHA-3 are used to generate fixed-size hash values or checksums
for files and data. These checksums can be used to verify the integrity of files by comparing them before and after
transmission or storage.
3. Digital Signatures: Digital signatures play a crucial role in ensuring the authenticity, integrity and non-repudiation
of digital documents and messages, making them a fundamental tool in the realm of cyber security and secure
digital communication.
A digital signature is a cryptographic technique used to verify the authenticity and integrity of a digital
message, document or transaction. It provides a way for the sender of the message or document to prove their
identity and ensure that the content has not been tampered with during transmission. Tools like Gnu PG (GPG)
and Open SSL can be used to create and verify digital signatures.

III. Availability:
Availability in the context of cyber security, refers to the state in which a computer system, network, or service is
operational, accessible, and functioning as intended, without interruption or disruption, when it is needed. It is one of the
three fundamental pillars of information security, along with confidentiality and integrity.
Availability ensures that systems, networks and services are consistently accessible and operational, even in
challenging situations. It is a vital aspect of information security, as interruptions or outages can have severe consequences,
including financial losses, loss of productivity and damage to an organization’s reputation.
Availability specifically focuses on the idea that information and resources should be reliably available for
authorized users and systems to access and use. This means protecting against threats and events that could disrupt or deny
access to these resources, such as
1. Distributed Denial of Service (DDoS) Attacks: Attackers overwhelm a system, network or website with a flood
of traffic, making it unavailable to legitimate users.
2. Hardware or Software Failures: Ensuring that systems have redundancy and fault tolerance mechanisms to
minimize downtime in case of hardware or software failures.
3. Natural Disasters: Preparing for disasters like floods, fires or earthquakes that could physically damage
infrastructure and impact availability.
4. Human Error: Implementing access controls and user training to prevent accidental data loss or system
downtime.
5. Malware and Cyber-attacks: Protecting systems and networks from various cyber threats, including viruses,
ransomware, and other attacks that can disrupt services.
 Availability is critical because in many cases, the unavailability of information or systems can be just as damaging
as a breach of confidentiality or integrity. For example, in sectors like healthcare or finance, the inability to access patient
records or conduct financial transactions due to a system outage can have serious consequences.

1.1.3 Types of Cyber Security Threats

A threat in cyber security is a malicious activity by an individual or organization to corrupt or steal data, gain access
to a network, or disrupt digital life in general. Cybersecurity threats come in various forms and can target different aspects
of an organization's IT infrastructure, data, or individuals.
Here are some common types of cyber security threats:
1. Malware: Malware, short for malicious software, includes various types of harmful software designed to infect and
compromise systems. Common forms of malware include viruses, worms, Trojans, spyware, adware, and ransomware as
discussed below:
 Virus: A virus is a malicious piece of code that has the ability to spread from one device to another. It can
corrupt files and propagate through a computer system, infecting files, stealing information, or causing damage
to the device.
 Spyware: Spyware is a type of software designed to secretly record information about user activities on their
system. For instance, it might capture sensitive data like credit card details, which cybercriminals can later
exploit for unauthorized transactions or withdrawals.
 Trojans: Trojans are a form of malware or code that masquerades as legitimate software or files, deceiving
users into downloading and running them. Their primary purpose is to compromise or steal data from the
affected device or carry out other harmful activities on the network.
 Ransomware: Ransomware is software that encrypts a user's files and data on their device, rendering them
inaccessible or even erasing them. Subsequently, malicious actors demand a monetary ransom in exchange for
decrypting the files.
 Worms: Worms are a type of software that autonomously spreads from one device to another without requiring
human interaction. They don't need to attach themselves to other programs to steal or damage data.
 Adware: Adware is advertising software used to distribute malware and display advertisements on a user's
device. It's an undesirable program that installs itself without the user's consent. Its primary goal is to generate
revenue for its developer by showcasing ads within the user's browser.
 Botnets: Botnets are networks of internet-connected devices infected with malware, allowing cybercriminals
to control them. They enable unauthorized access, data theft, and credential leaks without the user's knowledge
or consent.

2. Phishing: Phishing attacks involve tricking individuals into revealing sensitive information such as login credentials,
credit card numbers or personal information. Phishing can be carried out through emails, fake websites or other
communication channels.
3. Ransomware: Ransomware is a type of malware that encrypts a victim's data and demands a ransom in exchange for the
decryption key. Paying the ransom is discouraged, as it doesn't guarantee data recovery and supports cybercriminals.
4. Distributed Denial of Service (DDoS) Attacks: DDoS attacks flood a target system or network with an overwhelming
volume of traffic, causing it to become unavailable to legitimate users. These attacks can disrupt online services and
websites.
5. Man-in-the-Middle (MitM) Attacks: In MitM attacks, an attacker intercepts and potentially alters communications
between two parties without their knowledge. This can lead to data theft, eavesdropping, or message manipulation.
6. SQL Injection: SQL injection attacks occur when an attacker injects malicious SQL code into input fields or web forms,
exploiting vulnerabilities in a web application's database. This can lead to unauthorized access, data leakage, or data
manipulation.
7. Zero-Day Exploits: Zero-day vulnerabilities are software vulnerabilities that are unknown to the vendor and have not
yet been patched. Cybercriminals can exploit these vulnerabilities before a fix is available.
8. Insider Threats: Insider threats involve individuals within an organization who misuse their access or privileges to steal
data, damage systems or engage in malicious activities.
9. Password Attacks: Password-related attacks include brute force attacks, dictionary attacks, and credential stuffing,
where attackers attempt to guess or steal passwords to gain unauthorized access to accounts or systems.
10. IoT (Internet of Things) Vulnerabilities: As more devices become connected to the Internet, IoT devices can be
exploited if not properly secured. This can include everything from smart home devices to industrial control systems.
11. Social Engineering: Social engineering attacks manipulate human psychology to trick individuals into divulging
sensitive information or performing actions that compromise security. Examples include pretexting, baiting, and tailgating.
12. Advanced Persistent Threats (APTs): APTs are targeted; long-term cyberattacks usually conducted by nation-state
actors or organised cybercriminal groups. They involve a series of sophisticated and persistent tactics to gain access to
sensitive information.
13. Fileless Malware: Fileless malware operates in memory and doesn't leave a footprint on a victim's disk, making it
harder to detect. It often exploits legitimate tools and processes to carry out attacks.
14. Crypto-jacking: Crypto-jacking involves using a victim's computer or device to mine cryptocurrency without their
consent, causing system slowdowns and increased energy consumption.
15. Supply Chain Attacks: These attacks target vulnerabilities in the supply chain, where attackers compromise software
or hardware before it reaches the end user. This can lead to widespread compromises.
To protect against these and other cyber security threats, organizations need to implement a multi-layered security
strategy that includes firewalls, antivirus software, intrusion detection systems, regular software updates, employee training
and incident response plans. Additionally, staying informed about emerging threats and vulnerabilities is crucial for
maintaining strong cyber security defenses.

1.1.4 Need of Cyber Security

Cyber security is essential for various reasons in today's digital age. Some key needs and reasons why cyber security is
crucial are:
1. Protection of Sensitive Data: Cybersecurity safeguards personal, financial, and business data from theft or
unauthorized access.
2. Privacy Preservation: Robust cybersecurity measures protect individuals' right to privacy by preventing
unauthorized access to personal information and online activities.
3. Prevention of Data Breaches: Cybersecurity prevents and mitigates the impact of data breaches, avoiding financial
losses and reputational damage.
4. Financial Security: Secures financial transactions and online banking, protecting against fraud and theft.
5. Protection of Intellectual Property: Cybersecurity safeguards valuable intellectual property, including patents,
trade secrets, and copyrights.
 6. Critical Infrastructure Protection: Vital for safeguarding digital-dependent critical infrastructure, such as power
grids and transportation networks.
7. National Security: Governments rely on cybersecurity to protect military systems, intelligence, and government
operations.
8. Prevention of Cybercrime: Cybersecurity helps prevent cybercrimes like identity theft, online fraud, and
cyberbullying.
9. Business Continuity: Ensures business operations remain uninterrupted, even in the face of cyber-attacks.
10. Compliance and Regulations: Adherence to cybersecurity standards avoids legal penalties and reputational
damage.
11. Global Interconnectedness: Necessary to protect against cyber threats that transcend national borders.
12. Emerging Technologies: Essential for addressing evolving risks associated with technologies like IoT, AI, and
cloud computing.
13. Individual Safety: Cybersecurity contributes to the safety of individuals by protecting personal devices and
information from cyber attacks.
The need for cyber security arises from the growing reliance on digital technology in all aspects of life, from personal
communication to critical infrastructure. Protecting data, privacy and systems from cyber threats is crucial to maintaining
trust, stability and security in the digital world.

1.2 CYBERCRIME
Cybercrime is one of the largest and globally most active forms of crime. After all, the internet is available and visible to
everyone and that of course involves risks. Committing a crime via a computer or other device that is connected to the
Internet is dangerous because the identity of the perpetrator is difficult to find out.
1.2.1 Cybercrime Definition
 According to Wikipedia, Cybercrime is a type of crime involving a computer or a computer network. The computer
may have been used in committing the crime or it may be the target. Cybercrime may harm someone's security or
finances.
 Cybercrime covers a broad range of illicit activities in the digital realm, using computers and the internet.
 It involves using technology for illegal actions, targeting computer systems, networks, and electronic devices.
 Also known as computer-based crime, it includes using computers as tools for various unlawful activities such as
fraud, identity theft, and unauthorized access.
 With the widespread use of the Internet, cybercrime has become more significant, impacting areas like commerce,
entertainment, and government operations.
 Cybercrime goes beyond individual consequences, potentially compromising personal and national security, as well
as financial well-being.
1.2.2 Origins of the Word Cybercrime
The term “cybercrime” is a blend of the words ‘cyber’ and ‘crime’, combining concepts related to technology
and illicit activities. Here's a breakdown of the origins of the term:
1. Cyber: The word “cyber” is derived from the term “cybernetics,” which was introduced by mathematician Norbert
Wiener in his book “Cybernetics: Or Control and Communication in the Animal and the Machine,” published in
1948. Cybernetics deals with the study of systems, control and communication in complex entities, such as
 machines and organisms. Over time, “cyber” became associated with computers and electronic systems, especially
with the rise of digital technology and the development of the internet.
2. Crime: “Crime” refers to any action that violates laws or regulations established by a society or governing body,
It encompasses a wide range of unlawful activities, both traditional and modern. “Crime” is a well-established term
that refers to any action or behaviour that violates legal or societal norms, leading to legal consequences. Crimes
encompass a wide range of offenses, from theft and fraud to violence and vandalism.
3. Combination: The term “cybercrime” emerged as technology evolved and criminal activities started to involve
digital platforms, computers and networks. As criminal activities began to exploit the digital landscape, the term
“cybercrime” was coined to describe these new types of illegal actions.
The concept of cybercrime has evolved as technology advances and criminals found new ways to exploit digital
environments. As a result, the term “cybercrime” has become widely used to describe criminal activities that take place in
the digital realm, encompassing a variety of illicit actions carried out using computers, networks and the internet.

1.2.3 Origins of the Word Information Security

Information: Information is data that has been processed, organized or structured in a meaningful way to convey
knowledge or meaning. It is the result of data undergoing various transformations to become useful and understandable to
humans or computer systems. Information provides context, insights and answers to questions, making it valuable for
decision-making, communication and problem-solving.
Key characteristics of information include:
 Meaningful: Information carries meaning or significance. It is not raw or unprocessed data but rather data that has
been interpreted or processed to convey a message or insight.
 Useful: Information is valuable and serves a purpose. It can help people to make informed decisions, answer
questions or solve problems.
 Structured: Information often follows a specific structure or format that makes it easier to understand and use.
This structure can include text, numbers, images or other media.
 Contextual: Information is typically presented within a context that provides additional details or relevance.
Context helps users to understand the significance and implications of the information.
 Timely: Information is most valuable when it is current and up-to-date. Timeliness is crucial for decision-making
and staying informed.
 Accessible: Information should be easily accessible to those who need whether through written documents, digital
files, databases or other means.
 Reliable: Reliable information is accurate and trustworthy. It is free from errors, biases or distortions that could
mislead or misinform.
 Actionable: Information often leads to action or decisions. When people or organizations receive information, they
may use it to take specific steps or make choices.
Information can take many forms, including text, numbers, images, audio, video, and more. It is a fundamental concept
in various fields, such as science, business, technology, education, and communication. The effective management, analysis,
and utilisation of information are essential for the functioning of modern society and organizations.
1.2.4 Information Security
 Why it Matters: In today's digital world, we use technology a lot to store, process, and share important information. If
this information is not protected, it can lead to financial losses, damage reputations, legal trouble, and invade privacy.
 What Information Security Does: Information security is like a set of rules to keep private data safe when it's stored
or sent from one place to another. It's about protecting information systems and the data they handle from unauthorized
access, use, disclosure, interruption, alteration, or deletion.
 What It Includes: Information security covers personal, financial, and confidential information, whether it's in digital
or physical forms. It involves using a mix of people, processes, and technology to keep everything secure.

Need for Information Security:

1. Protecting Valuable Assets: It safeguards important things like personal data, financial records, trade secrets, and
confidential government or military information from theft, spying, and cybercrime.
2. Confidentiality, Integrity, and Availability: It ensures that information is kept confidential (not accessed by
unauthorized people), maintains its integrity (keeping data accurate and trustworthy), and ensures it's available when
needed, whether in digital or physical form.
3. Protection of Sensitive Information: Information security keeps sensitive data safe from unauthorized access,
disclosure, or tampering. This includes personal, financial, and confidential information.
4. Risk Reduction: By using information security measures, organizations can lower the risks of cyberattacks and
security incidents. This helps avoid data breaches, denial-of-service attacks, and other harmful activities.
5. Regulatory Compliance: Many industries and places have specific rules about protecting sensitive information.
Information security practices help organizations follow these rules, reducing the risk of legal consequences and fines.
6. Reputation Protection: Security breaches can harm an organization's reputation and lead to lost business. Good
information security practices help prevent incidents and keep an organization's reputation intact.
7. Business Continuity: Information security is crucial for keeping important business operations going, even if there's
a security incident. This means ensuring access to essential systems and data, and minimizing disruptions.
Information security is essential because it safeguards valuable information assets, mitigates risks, ensures compliance with
regulations, protects an organization's reputation, and enables business continuity. It is a proactive and necessary practice
in today’s digital age, where the integrity and security of information are paramount for individuals and
organizations alike.

Advantages of Implanting Information Security: Implementing information security provides numerous advantages for
organizations. Here are some of the key benefits:
1. Safeguarding Confidentiality: Information security measures shield sensitive data from unauthorized access,
guaranteeing that only authorized individuals can access or modify it.
2. Preservation of Integrity: Information security helps maintain the accuracy and reliability of data. It prevents
unauthorized alterations, tampering, or corruption of information, thereby ensuring the integrity and trustworthiness
of the data.
3. Ensuring Availability: Information security measures ensure that data and critical systems are available when
needed. This is essential for business continuity and preventing downtime due to cyber attacks or technical failures.
 4. Compliance with Regulations: Many industries and jurisdictions have specific regulations and compliance
requirements related to data security. Implementing information security measures helps organizations adhere to
these regulations, avoiding legal consequences and fines.
5. Protection against Cyber Threats: Information security safeguards organizations against a wide range of cyber
threats, including malware, phishing, ransomware and denial-of-service attacks. It reduces the risk of data breaches
and financial losses.
6. Risk Management: Information security practices help organizations identify, assess and mitigate risks related to
data and technology. This proactive approach minimises the impact of security incidents and helps organizations
recover more swiftly.
7. Enhanced Trust and Reputation: Strong information security practices build trust with customers, partners and
stakeholders. Protecting sensitive data and demonstrating a commitment to security can enhance an organisation's
reputation.
8. Cost Savings: While implementing security measures requires an initial investment, it can lead to cost savings in
the long run. Preventing security incidents, data breaches and downtime can save organizations significant financial
resources.
9. Competitive Advantage: Organizations with robust information security practices may have a competitive
advantage. Customers and partners often prefer to work with entities that prioritise data protection and security.
10. Improved Incident Response: Information security programs include incident response plans that help
organizations respond effectively to security breaches or incidents. This ensures that incidents are addressed
promptly, minimising their impact.
11. Protection of Intellectual Property: For businesses, protecting intellectual property (IP) is critical. Information
security measures safeguard patents, trade secrets, copyrights and other forms of IP from theft or unauthorised
access.
Implementing information security is essential for protecting data, complying with regulations, reducing risks and
maintaining trust with stakeholders. It also contributes to cost savings, competitive advantage and efficient incident
response, making it a crucial component of modern organizations.

1.3 WHO ARE CYBERCRIMINALS?

 Cybercriminals are individuals or groups, who engage in illegal activities in the digital realm with the intent to gain
financial benefits, steal sensitive information, disrupt computer systems or networks or commit other malicious
actions.
 They exploit vulnerabilities in computer systems, networks, and online services to carry out their activities.
 They utilize technology to engage in nefarious activities within digital systems or networks, typically, aiming to
pilfer sensitive corporate information or personal data for financial gain.
 These cybercriminals often use secret online markets, hidden in the deep web, to trade illegal stuff and services.
 A cybercriminal is an individual who engages in cybercrimes, utilizing a computer as either a tool or a target or
sometimes in both capacities.
Cybercriminals employ computers in three primary ways:
 Selecting the Computer as Their Target: Sometimes, cybercriminals focus on attacking other people's computers.
It's like they want to cause problems for others. They might spread viruses (digital infections), steal information, or
even pretend to be someone else to steal their identity. It's all about doing bad things to someone else's computer.
  Using the Computer as Their Weapon: Cybercriminals also use computers to do what we call "regular crimes"
but in the digital world. This includes things like sending lots of unwanted emails (spamming), cheating people
online (fraud), and even doing illegal gambling using computers. So, the computer becomes their tool for
committing these digital crimes.
 Using the Computer as Their Accessory: In another role, cybercriminals use computers to keep or manage things
they've stolen. It could be illegal data or dishonest gains from their cybercrimes. These computers become like
secret places where they store the things they've taken through their digital mischief.
Some common activities performed by Cybercriminals are:
1. Credit Card Fraud: Cybercriminals steal credit card information or use stolen card details to make unauthorised
purchases, leading to financial losses for victims.
2. Cyber Stalking: Cyberstalkers harass, threaten or intimidate individuals online, causing emotional distress and
fear.
3. Defaming Another Online: Defaming involves making false statements or spreading damaging information about
someone online, harming their reputation.
4. Gaining Unauthorised Access to Computer Systems: Cybercriminals breach computer systems or networks
without permission to steal data, disrupt operations or compromise security.
5. Ignoring Copyright, Software Licensing and Trademark Protection: Violating intellectual property rights by
using copyrighted material, software or trademarks without authorisation or proper licensing.
6. Overriding Encryption to Make Illegal Copies: Decrypting protected content or software to create unauthorised
copies for distribution or personal use.
7. Software Piracy: Illegally distributing, copying or using software without the appropriate licenses or permissions
from the software owner.
8. Identity Theft: Stealing another person's personal information, such as Social Security numbers or financial data,
to impersonate them and engage in criminal activities or fraud.
These activities are not only illegal but can also have severe consequences for victims and can lead to legal actions against
cyber criminals when they are identified and apprehended. Law enforcement agencies and cyber security professionals
work to prevent and investigate such activities to protect individuals and organizations from cybercrimes.

1.3.1 Types of Cybercriminals

Generally, Cybercriminals can be categorized into three types based on their motivations and characteristics as:
Type I: Cybercriminals - Hungry for Recognition:
a) Hobby Hackers: Individuals who engage in hacking as a hobby or for the thrill of exploration.
b) IT Professionals: Skilled individuals within the field of information technology who may employ social
engineering tactics to commit cybercrimes.
c) Politically Motivated Hackers: Individuals or groups with political agendas who use hacking as a means to
promote their cause or disrupt opposing interests.
d) Terrorist Organizations: Extremist groups that use cyberattacks as part of their tactics to achieve their goals or
create fear.
Type II: Cybercriminals - Not Interested in Recognition:
a) Psychological Perverts: Individuals who engage in cybercrimes for personal gratification, often involving
harassment or illicit activities.
 b) Financially Motivated Hackers: Cybercriminals who commit crimes, such as corporate espionage, for financial
gain or to steal valuable information.
c) State-Sponsored Hacking: Nation-states or government entities that conduct cyber espionage or sabotage for
political or national security purposes.
d) Organized Criminals: Criminal organizations that employ cybercrime as part of their criminal activities, such as
data theft, fraud or ransomware attacks.
Type III: Cybercriminals - The Insiders:
a) Disgruntled or Former Employees: Individuals who have a connection to an organisation, either as current or
former employees and seek revenge or engage in malicious activities.
b) Competing Companies: Rival businesses that use their own employees to gain a competitive advantage by causing
harm or stealing valuable information from competitors.
These categorizations help illustrate the diverse motivations and backgrounds of cybercriminals, highlighting the need for
a multifaceted approach to cyber security that addresses different types of threats and their specific motivations.

1.4 CLASSIFICATION OF CYBER CRIMES

Cybercrimes can be classified into various categories based on the nature of the criminal activity and the objectives of the
cybercriminals. Generally, there are two approaches to classify the cyber crime as:
1. Based on the computer’s involvement in the criminal activity
2. Based on the various activities and behaviours

1. Based on computer’s involvement in the criminal activity

Cybercrime is commonly classified into four broad types based on the computer’s involvement in the criminal activity:
(i) Computer as the Target:
• Theft of Intellectual Property: Illegally copying or stealing intellectual property, such as copyrighted works,
trade secrets or proprietary software.
• Theft of Marketing Information: Stealing marketing-related data, including customer lists, pricing information,
marketing plans or competitive strategies.
• Blackmail Based on Information from Computerised Files: Extortion or blackmail using sensitive or private
information obtained from computer files, such as medical records, personal histories or confidential or private
data.
(ii) Computer as the Instrumentality of the Crime:
 Fraudulent Use of ATM Cards and Accounts: Unauthorised use of automated teller machine (ATM) cards or
bank accounts for financial gain.
  Theft of Money from Accrual, Conversion or Transfer Accounts: Illegally taking or diverting funds from these
financial accounts. Unauthorized entry into the financial accounts. Draining or diverting funds from these accounts
for personal gain.
 Credit Card Fraud: Unauthorised use of credit card information to make fraudulent purchases.
 Fraud from Computer Transactions: Engaging in fraudulent activities involving computerised transactions, such
as manipulating stock transfers, sales or billing.
 Telecommunications Fraud: Committing fraud through telecommunications networks, often related to phone
services or digital communications.
(iii) Computer Is Incidental to Other Crimes:
 Money Laundering and Unlawful Banking Transactions: Using computers to facilitate money laundering or
engage in unlawful banking activities.
 Organized Crime Records or Books: Keeping digital records or using computers in the administration of
organised criminal activities.
 Bookmaking: Using computers in illegal sports betting or gambling operations.
(iv) Crime Associated with the Prevalence of Computers:
 Software Piracy/Counterfeiting: Illegally copying or distributing software without proper licensing or
authorization.
 Copyright Violation of Computer Programs: Infringing on the copyrights of computer programs or software.
 Counterfeit Equipment: Producing or selling counterfeit (fake) computer hardware or equipment.
 Black Market Computer Equipment and Programs: Engaging in the illicit trade of computer equipment and
software.
 Theft of Technological Equipment: Stealing technological equipment, such as computers, servers, or networking
devices.
These classifications provide a structured framework for understanding the various ways in which computers are involved
in criminal activities. Cybercrime encompasses a wide range of offenses and this framework helps categorize them based
on their nature and the role of technology in their commission.

2. Based on various activities and behaviors

Yar (2006) has grouped cybercrime into four big categories. Instead of focusing on specific crimes, these categories
cover a wide range of activities and behaviors related to cybercrime. These groups not only match different laws but also
represent topics that people often discuss in public. So, it's like putting cybercrimes into general groups to understand and
talk about them more broadly.
The four categories are as follows:
1. Cyber-Trespass: This is like breaking into someone else's digital space, like sneaking into their computer without
permission. Examples include hacking or spreading harmful viruses.
2. Cyber-Deceptions and Thefts: This involves online tricks and stealing. It includes things like using someone else's
credit card without permission or stealing money online, especially as more people use electronic banking.
3. Cyber-Pornography: This relates to breaking laws about inappropriate or indecent content online. It's about things
that are not allowed because they are too explicit or offensive.
 4. Cyber-Violence: This category is about the harmful impact of online actions on people or groups. Even though it
doesn't physically hurt someone, it can still be violent. Examples include cyber-stalking (harassing someone online),
hate-speech (hurtful language), and other forms of online violence that can cause long-lasting emotional pain.

1.4.1 Cyber Crime Categories

Cybercrime categories refer to various classifications or groupings of criminal activities that occur in the digital realm,
typically involving computers, networks, and the internet. These categories are used to categorize and understand different
types of cybercrimes, making it easier to discuss, analyze and combat these illegal activities effectively.
Some Common cybercrime categories are mentioned below as:
1. Data Related Crimes: These involve unauthorized access, theft, modification or destruction of data, including sensitive
personal information, trade secrets or financial data. Data Interception, Data Modification and Data Theft are called Data
Crime.
An attacker watch information going between places to gather secrets. They might do this to plan another attack or
just to steal valuable information.
Sometimes, criminals try to change the information being sent or received. This can mess up systems or even make
them vulnerable to more attacks.
This is like stealing information from a business or a person. It often involves taking sensitive data such as
passwords, social security numbers, credit card details, or other private business information. When caught, these thieves
can face serious legal consequences.
2. Network Related Crime: Network-related offenses include unauthorized access to computer networks, distribution of
malware, and other activities that disrupt or compromise network integrity. It encompasses unauthorized access and virus
dissemination. Network Crime also involves malicious software that attaches itself to other software, including viruses,
worms, Trojan Horses, Time bombs, Logic Bombs, Rabbits, and Bacteria, all of which serve as examples of harmful
software capable of damaging a victim's system.
3. Financial Related Crimes: These encompass online fraud, identity theft, credit card fraud, and cryptocurrency related
crimes aimed at financial gain.
4. Content Related Crimes: Content-based cybercrimes involve activities such as cyberbullying, cyber defamation,
distribution of illegal content, and online harassment.
5. Malware and Virus Crimes: This category includes the creation, distribution, and deployment of malicious software
like viruses, worms, Trojans, and ransomware.
6. Phishing and Social Engineering: Cybercriminals use deceptive tactics to trick individuals into revealing sensitive
information or performing harmful actions, often through phishing emails or social engineering techniques.
7. Online Scams: Scams on the internet range from lottery scams to fake online marketplaces and advance-fee fraud
schemes.
8. Hacking and Unauthorised Access: These crimes involve unauthorized intrusion into computer systems, often with the
intent to steal data, disrupt operations, or gain control over the system.
9. Cyber Espionage: State-sponsored or corporate-sponsored espionage activities, that involve stealing sensitive
information, trade secrets, or intellectual property from other entities.
10. Cyberterrorism: Acts of cyberterrorism aim to disrupt critical infrastructure, cause fear, or promote a political agenda,
often carried out by organized groups or individuals.
11. Online Child Exploitation: This category includes activities related to child pornography, grooming, and online child
abuse.
12. Related Crimes: Related crimes in the realm of cybersecurity involve aiding and abetting cyber crimes, computer-
related forgery and fraud, and content-related offenses. Here's a breakdown:
a. Aiding and Abetting Cyber Crimes: Helping someone else commit a cyber crime. Knowing about the crime,
intending to assist, and providing some form of help. Example: Assisting a hacker in gaining unauthorized access
to a computer system.
b. Computer-Related Forgery and Fraud: Deceptive activities using computers, like forging documents or
committing fraud. Example: Falsifying digital documents or engaging in online scams to trick people.
c. Content-Related Crimes: Cybersex, unsolicited commercial communications, cyber defamation, and cyber
threats. Example: Online activities involving explicit content, unwanted ads, false statements harming someone's
reputation, or threatening behavior.
Impact: Victims of these cybercrimes face significant financial losses, totaling millions of dollars annually. This financial
burden can hinder the development of nations. Understanding these categories helps law enforcement, cybersecurity
professionals, and policymakers analyze and respond to cybercrimes more effectively. It provides a structured framework
for addressing and combating these digital offenses.

1.4.2 Types of Cyber Crimes

Cybercrime can be classified into various categories based on the nature of the criminal activity and the objectives of the
cyber criminals. Some common types of cybercrime are:
1. Phishing:
 Phishing is a prevalent and malicious form of cybercrime that involves tricking individuals or organizations into
divulging sensitive information, such as usernames, passwords, credit card numbers or personal identification
information (PII).
 Phishing attacks typically occur through electronic communication channels, such as emails, instant messages or
text messages. The attackers disguise themselves as trustworthy entities, like banks, social media platforms or
reputable companies to gain the victim's trust and manipulate them into taking certain actions.
 Phishing is a two-time scam, that first steals a company's identity and then use it to victimise consumers by stealing
their credit identities.
 The term Phishing (also called spoofing) comes from the fact that Internet scammers are using increasingly
sophisticated lures as they "fish" for user's financial information and password data.
There are usually three separate steps in order for such attacks to work, these are:
1. Setting up a mimic website.
2. Sending out a convincingly fake e-mail, luring the users to that mimic site.
3. Getting information and then redirecting users to the real site.
How Phishing Cybercrime works:
 Bait: Phishing attacks start with the creation of a deceptive message; often an email that looks like it comes from
a legitimate source. This message is the bait(trap). It may include logos, branding and language that make it appear
genuine.
 Hook: Within the deceptive message, there's something that tempts you to do something quickly. This action could
involve clicking on a link, downloading an attachment, or providing sensitive information.
 Deception: Phishing messages are crafted to create a sense of urgency, fear or curiosity. Common tactics include
claiming that the recipient's account is compromised, that a critical security update is required or that there's a
problem with a recent transaction.
 Payload: If the victim falls for the deception and takes the desired action, they are often directed to a fake website
or prompted to download a malicious file. On these fraudulent pages, they may be asked to enter sensitive
information such as login credentials, credit card details, or social security numbers.
 Capture: The attackers capture the information provided by the victim. This stolen data can be used for various
illicit purposes, including identity theft, financial fraud, unauthorized access to accounts or even selling the
information on the dark web.
Example of Phishing Cybercrime:
2. Hacking:
 Hacking is a form of cybercrime involving unauthorized access, manipulation, or compromise of computer systems,
networks, or devices.
 Hackers are individuals or groups who use their technical skills to exploit vulnerabilities in computer systems or
networks for various purposes, which can range from benign (not harmful) exploration and testing to malicious
activities, such as data theft, disruption of services, or cyberattacks.
 Hacking is an act committed by an intruder by accessing your computer system without your permission.
 Hackers (the people doing the 'hacking') are basically computer programmers, who have an advanced understanding
of computers and commonly misuse this knowledge for devious reasons.
 Hacking is the technique of finding the weak links or loopholes in the computer systems or the networks and
exploiting it to gain unauthorized access to data or to change the features of the target computer systems or the
networks.
 It is also called breaking into someone's security and stealing their personal or secret data such as phone numbers,
credit card details, addresses, online banking passwords etc.
Methodology followed by the Hackers: Methodology or the path followed by the Hackers is as follows:

1. Reconnaissance: Reconnaissance involves the process of gathering information about the target system. This
includes identifying vulnerabilities within the computer system or potential weaknesses. If the hacker successfully
gains access to the system during this phase, they proceed with the hacking process. At the end of the reconnaissance
phase, the hacker has a lot of knowledge to plan a more precise attack on the target system.
2. Scanning: Prior to launching an attack, the hacker aims to determine the system's status, including whether it is
operational, which applications are in use and the versions of those programs. In scanning, they identify both open
and closed doors (ports) to find potential ways to get in. They also collect info like the target's IP address and user
accounts. Tools like N-map help in this phase; it's like a detective tool that hackers use to inspect the network and
find weak points. N-map is famous for being effective and easy to use.
3. Gaining Control: After collecting information, the hacker uses it to get into and control the target system. This can
happen through the network (online) or sometimes physically. We call this phase "Owning the System" because the
hacker essentially takes control, like owning a computer or device.
 4. Maintaining Access: Once the hacker gets into the system, they want to stay there for future attacks. They may
make changes to the system to stop others, like security people or other hackers, from getting in without permission.
We call the system they've taken over a "Zombie System" in this situation.
5. Log Clearing: In this phase, the hacker deletes any files or evidence left on the system that could help identify and
catch them. Ethical hacking, which is done for good reasons like improving security, might use a tool called
penetration testing to find and catch hackers.

3. Spam:
 Spam in cybercrime means sending a lot of unwanted and often harmful messages through electronic
communication, mostly emails.
 These messages are sent without permission and can promote products, spread malware, or involve fraudulent
activities.
 It often looks like emails advertising products, but sometimes it carries harmful software that can damage your
data.
 Spam is also known as "sales promotional advertising mail" or "simultaneously posted advertising message."
 Spam cybercrime can lead to spreading malware, attempting phishing, and engaging in financial fraud.
 Example: Imagine receiving an email in your inbox that claims you've won a lottery you never entered. The email
insists you provide personal information or pay a small fee to claim your prize. This is a classic example of spam
in the context of cybercrime. It's unsolicited, potentially harmful, and aims to trick you into revealing sensitive
information or parting with your money.

Key characteristics and aspects of spam cybercrime:

1. Unsolicited Messages: Spam messages are sent to recipients who have not requested or opted in to receive them.
They are often sent in large volumes to a wide range of email addresses.
2. Email Spam: Email is the most common medium for spamming. Spammers use automated tools to send out
massive quantities of spam emails. These messages can range from advertisements for products or services to
phishing attempts, where the goal is to trick recipients into revealing sensitive information.
3. Malware Distribution: Some spam emails carry malware as attachments or provide links to malicious websites.
When recipients open these attachments or click on these links, their devices can become infected with viruses,
ransomware or other malicious software.
4. Phishing: Spam emails are frequently used for phishing attacks, where the sender pretends to be a trusted entity,
such as a bank or a popular online service, in an attempt to trick recipients into revealing personal or financial
information.
5. Illegal Activities: Some spam messages promote illegal activities, such as the sale of counterfeit goods, prescription
drugs without a prescription or illegal gambling services.
6. Overwhelming Inboxes: Spamming can flood email inboxes, making it challenging for individuals and
organizations to manage their communications effectively. This can result in wasted time and resources.

Techniques Used by Spammers: Various methods employed by spammers include:

 Domain Spoofing: Spammers send emails on behalf of recognized domains to deceive recipients into thinking they
know the sender and opening the email.
  Filter Manipulation: Filters can be manipulated by adding text with the same color as the background, reducing
their effectiveness in scoring and identifying spam.
 Directory Harvesting: Spammers create email addresses by utilising known email addresses from corporate or
Internet Service Provider (ISP) sources.
 Social Engineering: Spammers send promotional emails, often offering substantial discounts with the intention of
deceiving users into providing personal information.
 Junk Tags: To obscure spam words, invalid HTML tags are incorporated into the text.
 Character Substitution: Special characters are inserted into spam words, for example, V! AGRA, to evade
detection.

Anti-Spam Techniques: Anti-spam techniques are used by email service providers organizations and individuals to reduce
the impact of spam emails and maintain the integrity of email communication.
Some anti-spam techniques used to combat spam are:
 Content Filtering: Content filtering involves analyzing the content of emails to identify and block messages that
exhibit spam-like characteristics. This can include looking for specific keywords, patterns, or known spam
signatures.
 Bayesian Filtering: Bayesian filters use statistical methods to determine the probability that an email is spam based
on the words and phrases it contains. These filters learn from past spam and non-spam emails to improve accuracy.
 Blacklists: Blacklists contain known spam sources, such as IP addresses or domains associated with spammers.
Emails originating from these sources are blocked or flagged as potential spam.
 Whitelists: White lists contain trusted email addresses or domains. Emails from these sources are allowed through
while others may be filtered or marked as spam.
 Heuristic Analysis: Heuristic analysis involves examining the behaviour and characteristics of emails to identify
potential spam. This method is more dynamic and adaptable to evolving spam techniques.
 Sender Policy Framework (SPF): SPF is an email authentication method that verifies the sender's domain. It helps
prevent email spoofing by ensuring that emails are sent from legitimate sources.
 Domain Keys Identified Mail (DKIM): DKIM is another email authentication technique that uses digital
signatures to verify the authenticity of an email's sender.
 Machine Learning: Machine learning algorithms can be trained to recognize spam based on patterns, content, and
user behaviour. These systems improve over time as they encounter more data.
 Captcha's: CAPTCHAs are puzzles or challenges that users must complete to prove they are human. They help
prevent automated bots from filling out forms or sending spam.
 Email Reputation Services: These services assess the reputation of email senders and assign a reputation score.
Emails from senders with poor scores may be treated as potential spam.
 Email Authentication: Implementing email authentication protocols like DMARC (Domain-based Message
Authentication, Reporting and Conformance) helps verify the authenticity of email messages.

4. Virus Spreading:
 Computer viruses are software programs that attach themselves to a system or files and tend to spread to other
computers connected to a network.
  They disrupt the normal operation of the computer and can impact stored data by either modifying it or deleting it
entirely.
 Unlike viruses, "worms" do not require a host to attach to; they simply replicate until they consume all available
system memory.
 The term "worm" is sometimes used to refer to self-replicating "malware" (malicious software) and these terms are
frequently used interchangeably, particularly when discussing the current prevalence of hybrid viruses and worms.
"Trojan horses," however, differ from viruses in how they propagate.

5. Cyber Stalking:
Cyber stalking is a type of cyber crime that uses the internet and technology to harass or stalk a person. It is a form of online
harassment and stalking in which an individual uses the internet, social media, email or other digital communication tools
to repeatedly harass, threaten or intimidate someone. It involves unwanted and often obsessive attention directed towards a
person, causing fear, discomfort or emotional distress.
Cyberstalkers may engage in various activities, including:
 Sending Threatening Messages: This can include threatening emails, messages or comments on social media
platforms.
 Tracking Online Activity: Cyberstalks may monitor their victim's online presence, tracking their activities,
locations and interactions.
 Creating Fake Profiles: Some cyberstalkers create fake profiles or impersonate their victims online to gather
personal information or spread false and damaging information.
 Harassment: Continual harassment through various online channels, such as phone calls, emails or messages.
 Doxxing: Revealing and sharing a victim's private or personal information, like home address, phone number or
workplace, with malicious intent.
 Posting Defamatory Content: Spreading false, damaging or defamatory information about the victim online.
 Online Invasion of Privacy: Invading a person's privacy by hacking into their accounts, taking control of their
devices or illegally accessing their personal information.
 Spreading Rumors: Spreading false rumors, gossip or lie about the victim to tarnish their reputation.
 Cyberstalking is a serious crime in many jurisdictions and laws have been enacted to address it. Victims of cyberstalking
should report the behavior to law enforcement authorities, collect evidence and take steps to protect their online privacy
and security.

6. Forgery and counterfeiting:

 Forgery in the context of cyber security refers to the illicit use of digital technology to create counterfeit or
fraudulent documents.
 Digital tools like printers, scanners, and copiers enable individuals to produce replicas of various documents, such
as checks, currency, passports, and more.
 Forgery and counterfeiting, now in the digital realm, have become illegal activities related to cybercrime.
 Governed by Indian law and laws in other jurisdictions, this cybercrime involves creating and distributing falsified
or deceptive digital documents.
 Example: A cybercriminal uses advanced software and printers to create counterfeit passports, which are then sold
on the dark web for illegal activities like identity theft and human trafficking.

Overview of forgery and counterfeiting in the context of cybercrime:

1. Forgery in Cybercrime:
 Digital Signatures: Cybercriminals may forge digital signatures on electronic documents to impersonate
individuals or organizations, leading to fraudulent transactions or agreements.
 Fake Documentation: Forged digital documents, such as IDs, passports or certificates, can be created and used
for identity theft or fraud.
2. Counterfeiting in Cybercrime:
 Counterfeit Currency: Criminals may use digital tools to create counterfeit money or digital currencies,
attempting to pass them off as legitimate.
 Counterfeit Products: Online marketplaces can be flooded with counterfeit goods, including electronics,
fashion items, pharmaceuticals and more, which can deceive consumers and harm legitimate businesses.
3. Counterfeit Software and Licenses: Cybercriminals may distribute counterfeit or pirated software, which can be
laced with malware or used to exploit vulnerabilities in users' systems. Fake software licenses may also be sold
online, deceiving customers into purchasing non-genuine products.
4. Counterfeit Websites: Criminals may create fake websites that mimic legitimate ones, aiming to defraud users by
collecting personal or financial information.
5. Document Forgery and Identity Theft: Cybercriminals may forge documents like passports, driver's licenses or
birth certificates for identity theft purposes, enabling them to commit various crimes under false identities.
It's crucial to recognise the risks associated with forgery and counterfeiting in the digital age. To protect themselves from
these cybercrimes, individuals and organizations should exercise caution when sharing personal information online, verify
the authenticity of websites and documents and use secure, up-to-date software.

7. Cyber Defamation:
 Cyber defamation is spreading false and harmful statements about someone or something on the internet. This
includes untrue information on social media, forums, blogs, or other online platforms. It's like saying things online
that can damage a person's reputation.
  Example: Imagine someone spreading false rumors about a person being involved in illegal activities on a social
media platform. This false information can harm that person's reputation and is a form of cyber defamation.

In the context of cyber defamation:

 False Statements: It involves the publication of false and damaging statements about an individual, business or
organization through digital means. These statements can take the form of text, images, videos or any other online
content.
 Online Platforms: Cyber defamation can occur on various online platforms, including social media, websites,
forums, blogs and review sites. False and harmful information can spread quickly and reach a wide audience
through these platforms.
 Harm to Reputation: The false statements must have caused harm to the reputation of the person or entity targeted.
This harm can be in the form of damage to one's personal or professional reputation.
 Legal Consequences: Cyber defamation is often considered a civil offense and individuals or organizations harmed
by false online statements may pursue legal action against the person responsible for making those statements.
 Defamation Laws: Defamation laws vary from country to country and they may also have different standards for
public figures compared to private individuals. Some jurisdictions have specific laws that address online
defamation.

8. Logic Bombs:

 A logic bomb is a specific set of instructions embedded

within a program that contains a malicious payload.
 This payload is designed to carry out an attack on an
operating system, software application or network, but it
remains dormant until specific predetermined conditions or
triggers are met.
 Once these conditions are satisfied, the logic bomb activates
and executes its malicious code, potentially causing harm or
disruption to the targeted system or network.
 A logic bomb cybercrime involves the creation and
deployment of a malicious program or piece of code, known
as a logic bomb, with the intent to harm computer systems,
networks or data once specific conditions or triggers are met.

Characteristics and aspects of a logic bomb cybercrime:

 Concealed Malicious Code: A logic bomb typically consists of hidden, malicious code that is embedded within
legitimate software or a system. This code is designed to remain dormant until specific conditions are met.
  Activation Conditions: The logic bomb is programmed to activate or "explode" when certain predefined
conditions occur. These conditions can include a specific date and time, the occurrence of a particular event, the
introduction of specific data or any other triggering event set by the attacker.
 Destructive Intent: Once triggered, the logic bomb carries out its malicious actions, which can include data
deletion, system disruption, unauthorised access or other harmful activities that can result in significant damage to
the targeted computer systems or networks.
 Detection Challenges: Detecting logic bombs can be challenging because they often remain dormant and do not
exhibit suspicious behaviour until they are triggered. Advanced cyber security measures and vigilant monitoring
are necessary to identify and mitigate such threats.
 Illegality: Logic bomb cybercrimes are illegal and subject to criminal prosecution. Perpetrators can face charges
related to unauthorised access, data destruction and other cybercrimes.
 Prevention and Mitigation: Preventing logic bomb attacks involves robust cyber security practices, such as
regularly updating software, monitoring for unusual activity and employing intrusion detection systems. In the
event of an attack, prompt detection and response are crucial to minimise damage.
It's important to note that logic bomb cybercrimes are a serious threat to computer systems and networks, as they can lead
to significant financial losses, data breaches and operational disruptions. Organizations and individuals should prioritise
cyber security measures to defend against such threats and regularly update their security protocols to stay ahead of evolving
cyber threats.

9. Denial of Service:
A Denial-of-Service (DoS) cybercrime is an attack aimed at making a computer system, network or online service
unavailable to its intended users by overwhelming it with a flood of traffic or requests. The primary objective of a DoS
attack is to disrupt the normal functioning of the targeted system or service, rendering it inaccessible to legitimate users.
Key aspects of DoS cybercrimes:
1. Overwhelming Traffic: In a DoS attack, the attacker floods the targeted system with a massive volume of traffic,
data or requests. This surge in activity consumes the system's resources, such as bandwidth, processing power or
memory, making it difficult or impossible for legitimate users to access the service.
2. Types of DoS Attacks: There are various types of DoS attacks, including:
 Flooding Attacks: These involve sending an excessive amount of traffic to overwhelm the target. Examples
include ICMP flood (Ping flood) and SYN flood attacks.
 Application-Layer Attacks: Attackers target specific application vulnerabilities or resources, such as HTTP
GET/POST requests, to exhaust system resources.
 Amplification Attacks: These attacks use misconfigured servers or services to amplify traffic, making the
attack more potent. Examples include DNS amplification attacks.
3. Distributed Denial-of-Service (DDoS): In DDoS attacks, it's not just one person causing the traffic jam. It's like
many people from different places (botnets) working together to create a massive jam.

10. Web jacking:

 The term "Web jacking" is derived from “hijacking." In this cybercrime, a hacker fraudulently seizes control of a
website. They might alter the original site's content or redirect users to another deceptive page that they control,
 which appears similar to the legitimate site. The website's owner loses control and the attacker can exploit it for
their personal gain or interests.
 "Web Jacking" is the term used to describe the unlawful attempt to gain control of a website by seizing its domain.
In a web jacking attack, hackers manipulate the Domain Name System (DNS), which translates website URLs into
IP addresses, without directly affecting the actual website itself.

Common activities that might be referred as web jacking:

 Website Defacement: Unauthorised individuals may gain access to a website and modify its content, replacing it
with their own messages, images or propaganda. This is often done to disrupt the website's normal operation or to
convey a message.
 Website Hacking: Hackers might exploit vulnerabilities in a website's security to gain unauthorised access, steal
data or manipulate its functionality for malicious purposes.
 Domain Hijacking: In some cases, attackers may gain control over a website's domain name or DNS settings,
redirecting traffic to a different, potentially malicious site.
 Phishing Attacks: Cybercriminals may set up fraudulent websites that mimic legitimate ones to trick users into
entering sensitive information, such as login credentials or credit card details.
 Web Application Vulnerabilities: Attacks targeting vulnerabilities in web applications, such as SQL injection or
cross-site scripting (XSS), can compromise the security of a website.

11. Cyber Terrorism:

Cyber terrorism refers to the use of computers and networks to issue threats and exert pressure on individuals organizations
or even governments for the sake of personal, political or social advantage. It is a form of cybercrime that involves the use
of digital technologies, such as computers, the internet and various software tools, to carry out acts of terrorism or to
promote, facilitate or support terrorist activities.
1.4.3 A Global Perspective on Cybercrimes
Cybercrime Era: Survival Mantra for the Netizens.
The term "Netizen" was introduced by Michael Hauben. A "Netizen" is an individual who devotes a substantial amount of
time to online activities and maintains a noteworthy online presence. This presence is often manifested through personal
websites, active blogging, contributions to online discussions and participation in various online chatrooms. In essence, a
Netizen is someone deeply engaged in the digital realm and actively contributes to the online community.
The 5P Netizen mantra for online security: The online security mantra for netizens, often referred to as the "5P Netizen
mantra," includes the following principles:
1. Precaution.
2. Prevention.
3. Protection.
4. Preservation.
5. Perseverance.

The "5P Netizen mantra" is a set of guiding principles for online security, aimed at helping individuals protect
themselves and their digital information while navigating the internet.
Each "P" in this mantra represents a key aspect of online security:
1. Precaution: This emphasises the importance of being cautious and vigilant while navigating the internet. It involves
being mindful of the websites you visit, the information you share and the potential risks associated with online
activities.
2. Prevention: Prevention involves taking proactive measures to reduce the likelihood of encountering online threats.
This can include using strong, unique passwords, keeping software and antivirus programs up to date and staying
informed about common online scams and risks.
3. Protection: Protection refers to safeguarding your digital assets and personal information. This may involve using
encryption, secure connections (HTTPS) and implementing strong privacy settings on social media and other online
platforms.
4. Preservation: Preservation encourages responsible and sustainable online behaviour. It involves respecting the
privacy and security of others, being mindful of your digital footprint and practicing good digital citizenship.
5. Perseverance: Perseverance underscores the need for consistency and resilience in maintaining online security. It's
about continually practicing the previous four principles and adapting to evolving online threats and technologies.
By adhering to the 5P Netizen mantra, individuals can enhance their online security and protect themselves from various
cyber threats and risks.

1.5 CYBER OFFENSES: HOW CRIMINALS PLAN THE ATTACKS

Cyber offenses, also known as cybercrimes or cyberattacks, refer to illegal activities or malicious actions carried
out in the digital realm using computers, networks or the internet. These offenses encompass a wide range of activities that
can cause harm to individuals, organizations or society as a whole.
Cybercriminals commit cybercrimes using different tools and techniques. But, the basic process of performing the
attacks is same in general.
The process or steps involved in committing the cybercrime can be specified in 5 steps namely:
1. Reconnaissance
2. Scanning and Scrutinising
3. Gaining Access
4. Maintaining Access and
5. Covering the tracks
The more straightforward or compacted process comprises three specific steps, which are:
I. Reconnaissance
II. Scanning and Scrutinising
III. Launching an Attack
The 3-step process of how cybercriminals plan attacks is illustrated in the below image.

I. Reconnaissance
 In the context of cybercrime, "Reconnaissance" refers to the initial phase of a cyberattack where cybercriminals
gather information about their target, which can be an individual, organisation or system.
 This phase is also known as "cyber reconnaissance" or "cyber intelligence gathering." The primary purpose of
reconnaissance is to collect data that will help cybercriminals to plan and execute their attacks effectively. It is the
process of conducting exploration to locate a person or something of interest.
 The reconnaissance phase starts with a technique called Foot printing, which entails the collection of information
about the target's surroundings in order to gain access. Foot printing offers an insight into the vulnerabilities of the
system. The primary goal of the reconnaissance phase is to gain an understanding of the target system, its network
ports and services and any associated data.
An attacker seeks to gather information through two phases:
(i) Passive reconnaissance attack: Passive attacks, as described, are typically carried out by cyber threat actors with the
intent of collecting information or intelligence about a target without directly engaging with the target or causing any
noticeable disruption.
This attack includes:
 Google or Yahoo search: Cybercriminals and threat actors can use search engines like Google or Yahoo to find
publicly available information about individuals’ organizations or topics of interest. This information can include
website links, news articles, public profiles and more.
 Facebook, LinkedIn, other social sites: Social media platforms like Facebook and LinkedIn often contain a wealth
of personal and professional information about individuals. Cyber attackers may browse these platforms to gather
information for various purposes, including reconnaissance for future attacks or social engineering attempts.
  Organisation's website (target): Reviewing an organisation's own website can provide valuable insights into its
structure, employees, products or services and recent developments. This information can help attackers plan
targeted attacks or phishing campaigns.
 Blogs, newsgroups, press releases, etc: Online forums, blogs, news groups and press releases can contain
discussions, opinions and announcements related to a wide range of topics. Cyber threat actors may monitor these
sources to stay informed about current events or industry trends.
 Job postings on naukri.com, monster.com etc: Job postings often provide details about an organisation's job
vacancies, its hiring requirements and sometimes contact information for HR personnel. Attackers may use this
information for phishing attempts or social engineering.
 Network sniffing: Network sniffing involves monitoring network traffic to capture data being transmitted over a
network. While network sniffing is a more active technique than the others listed, it can still be considered passive
in the sense that it doesn't directly engage with the target. Cybercriminals can use network sniffing to intercept
sensitive information, such as login credentials or financial data.
It's important to note that while these activities may seem passive, they can potentially be part of a larger reconnaissance
strategy aimed at gathering information that could be used in future, more active cyberattacks.
(ii) Active reconnaissance attack: Active Reconnaissance in the context of cybercrime or cyber security refers to the phase
of an attack where cybercriminals or hackers actively interact with a target's network or systems to gather additional
information. It's a probing and scanning process that goes beyond passive reconnaissance, where information is gathered
without direct engagement with the target. Active Reconnaissance aims to validate existing information, discover new
details and assess vulnerabilities.

II. Scanning and Scrutinizing

After collecting initial data during reconnaissance, cybercriminals move on to scanning and scrutinising the target's systems
and networks to identify weaknesses or entry points. Scanning entails the intelligent analysis of collected data about the
target.
The process of Scanning has the following objectives:
1. Port scanning: To identify any closed or open ports and services.
2. Network scanning: To understand better the IP address and other related information about the computer network
system.
3. Vulnerability scanning: To identify existing weak links within the system.
Scrutinising is also referred to as enumeration. In hacking, approximately 90% of the time is dedicated to reconnaissance,
scanning and enumeration of information.
The aims include:
 Identifying valid user accounts or groups.
 Discovering network resources or shared resources.
 Determining the operating system and various applications running on the target system.

III. Launch an Attack

A cyberattack typically proceeds through the following stages:
 Gain unauthorised access by deciphering passwords.
 Take advantage of acquired privileges.
  Execute harmful software.
 Conceal or potentially erase files to cover up any traces of the attack. This is used to avoid detection and maintain
anonymity; cybercriminals erase or manipulate logs and other evidence of their activities within the compromised
system.

1.6 SOCIAL ENGINEERING

 Social engineering is a trick used by cybercriminals to manipulate people into giving away private information or
access to secure systems.
 These tricks can happen online, in person, or through various interactions. Cybercriminals use tactics like sending
deceptive emails or making calls to trick individuals into revealing passwords or personal details.
 Social engineering relies on psychological manipulation to make people make security mistakes or disclose
sensitive information.
 Scammers create these tricks by understanding how people think and behave, making them effective at influencing
and manipulating user behavior. The goal is to exploit users' lack of knowledge in order to carry out malicious
activities.
 Example: Imagine receiving an email that appears to be from your bank, informing you that there's a security issue
with your account. The email urgently asks you to click on a link to verify your information. The link, however,
takes you to a fake website that looks identical to your bank's site. If you enter your login credentials on this fake
site, the attackers capture your username and password, gaining unauthorized access to your bank account. In this
scenario, the attackers have used social engineering by exploiting trust and urgency to trick you into revealing
sensitive information.

1.6.1 Social Engineering Attack Lifecycle

Social engineering attack lifecycle generally consists following four phases:
(i) Preparing the ground for the attack.
(ii) Deceiving the victim.
(iii) Obtaining the information.
(iv) Closing the interaction.
1.6.2 Social Engineering Attack Methods
Social engineering attacks manifest in various forms and can occur wherever human interactions are present. Below are the
five most prevalent types of digital social engineering schemes.
1. Baiting: Tricking people with a fake promise to arouse their curiosity or greed.
Example: Leaving infected USB drives labelled as "company payroll" in places where people might find them.
When picked up and plugged into computers, malware is installed.
2. Scareware: Bombarding victims with fake alerts and threats to make them believe their systems are infected.
Example: Showing a popup banner in a web browser that falsely warns of spyware, convincing users to install
useless or harmful software.
3. Pretexting: Gathering information through a series of well-crafted lies, often pretending to be someone trustworthy.
Example: Pretending to be a coworker, police officer, or bank official to extract sensitive personal data.
4. Phishing: Using emails or text messages to create urgency, curiosity, or fear, leading victims to reveal sensitive
information.
Example: Sending an email claiming a policy violation and urging users to change their passwords on a fake
website, capturing their login details.
5. Spear Phishing: Targeted phishing, tailoring messages to specific individuals or organizations to make the attack
less noticeable.
Example: Impersonating an IT consultant in emails to employees, prompting them to change passwords and
directing them to a fake page to capture their credentials.

1.6.3 Social Engineering Attack Prevention

Social engineers manipulate human feelings, such as curiosity or fear, to carry out schemes and draw victims into
their traps. Therefore, be wary whenever you feel alarmed by an email, attracted to an offer displayed on a website or when
you come across stray digital media lying about. Being alert can help you protect yourself against most social engineering
attacks taking place in the digital realm.
Moreover, the following tips can help improve your vigilance in relation to social engineering hacks.
 Don't open emails and attachments from suspicious sources: Don't open emails or attachments from unknown
or suspicious sources. If the email seems fishy, verify the information through other means, like a phone call or the
official service provider's website.
 Use multifactor authentication: Add an extra layer of protection to your accounts by using multifactor
authentication. It helps safeguard your account, especially if an attacker gets hold of your credentials.
 Be wary of tempting offers: If an offer seems too good to be true, take a moment to question its legitimacy before
believing it.
 Keep your antivirus/antimalware software updated: Regularly update your antivirus/antimalware software.
Ensure automatic updates are on or manually download the latest updates to protect against potential infections.

1.6.4 Social Engineering Defenses

Social engineering attacks are notoriously difficult to prevent because they rely on human psychology rather than
technological pathways. In a larger organisation, it takes just one employee's mistake to compromise the integrity of the
entire enterprise network.
Some of the steps experts recommend to mitigate the risk and success of social engineering scams include:
 Security awareness training: Many users don't know how to identify social engineering attacks. Teach people to
recognize and respond to social engineering. Many people unknowingly share sensitive information, which hackers
can use. Training helps employees protect their data and identify ongoing social engineering attacks.
 Access control policies: Use access control policies, like multi-factor authentication and zero trust security, to limit
unauthorized access. Even if hackers get login details, these policies restrict their access to sensitive data and assets
on the network.
 Cyber security technologies: Employ spam filters, secure email gateways, firewalls, and antivirus software. These
tools help prevent phishing attacks, limit damage from network access, and close vulnerabilities. Keeping systems
updated and using advanced detection and response solutions aids in swiftly neutralizing security threats.

1.7 CYBER STALKING

1.7.1 What is Cyber Stalking?
Cyber stalking is a type of a crime. In the cyber stalking there is a involvement of two persons- Firstly, the stalker
is also known as attacker who do the crime & Secondly, the Victim who is harassed by that stalker. Cyber stalking is also
known as cybercrime. Cyber which is related to the internet and the stalking means to browsing anyone's online history
with the help of any social media or in other websites to know about that person is term as stalking.
1.7.2 Stalking
The only term stalking means to consistently following any particular person over a long period of time. This
activity also involves the harassment or threatening behaviour. The stalker consistently following a person everywhere at
home, market etc. and the stalker also threaten that person by repeatedly sending the messages, doing blank phone calls.
But, in the cyber stalking there is a use of the internet or any other electronic media by which the communication can be
done through the E-mails or SMS to stalk that person.
A cyber stalker's totally relies upon the inconspicuousness given by the internet, which allows them to stalk their
victim without being detected. The cyber stalking is totally different from the spamming of the messages by the spammer.
Cyber stalking is a serious crime and there are many cases against it in India.
1.7.3 How the Case of Cyber Stalking are Dealt within the Indian Laws?
Cyber stalking is a serious crime, a type of offence committed by the person's known as the stalkers. There are
many cases filed against those persons by the victim every year in India.
In India the cases which are filed against those stalkers are majorly reported by the females, nearly about 60%
females get victimised. The stalking is majorly spotted in the two states of India; firstly, Maharashtra with 1,399 cases
which had a higher number of stalking. Secondly, Delhi with around 1130 cases is filed against the stalking.

The cyber stalking cases are dealt in India by the:

1. Information technology act 2000.
2. The criminal law (Amendment) act 2013.

1. Information Technology Act 2000:

 Section 67 of IT Act: If any person is publishing or sending any salacious material in the form of electronic media
is to be charged under section 67 of the Act. While the act addresses charges for individuals sharing explicit content,
it does not explicitly outline the responsibility or accountability of ISPs and their directors in such cases.
  Preclusion of Cyber Stalking (Section 43 A - Amended IT Act): To prevent cyberstalking, safeguarding data is
crucial because hackers can easily leak it. The amended IT Act includes Section 43A, which involves "Body
corporate." If a firm or company, through the transmission of sensitive information, causes wrongful losses or gains
to any person and fails to maintain adequate security, they can be held liable. In such cases, the body corporate may
be required to pay damages as compensation.
 IT Act, 2000 - Obscene Content (Section 67): The Information Technology Act, 2000 also comes into picture
when the cyberstalker posts or sends any obscene content to the victim. Section 67 of the Information Technology
Act states that when any obscene material is published, transmitted or caused to be published in any electronic
form, then it is a crime of obscenity, punishable with imprisonment for up to 5 years with fine of up to Rs. 1 lakh.
A second or subsequent conviction is punishable by imprisonment for up to 10 years with a fine of up to Rs. 2
lakhs.
 Indian Penal Code - Defamation (Section 500): Section 500 of the Indian Penal Code that deals with defamation,
can be applied in case of cyber stalking in India if the stalker forges the victim's personal information to post an
obscene message or comment on any electronic media. This section addresses defamation and makes it a crime to
publish untrue statements that harm a person's reputation. The punishment for such an act can include imprisonment
for up to 2 years, a fine, or both.
 The first ever complaint against cyber stalking in India was filed by Ritu Kohli in 2003, whose name and contact
information was posted by her husband's friend on a chatting site, without her permission. She filed a complaint
with the cyber cell in India under Section 509 of the Indian Penal Code for outraging her modesty.
 The crime of cyber stalking in India is prominently increasing with new cases of internet stalking every day. With
ease in accessing personal information of a person online, cybercriminals are easily able to stalk and harass a person.

2. The criminal law (Amendment) Act, 2013:

The act includes Stalking as an offence under Section 35D of the IPC (Indian penal code).
This act states that, Any man who:
I. Contacts or follows a woman repeatedly, even when she has clearly shown disinterest, in an attempt to engage in
personal communication.
II. Observe the use of a woman over the internet, instant messages, e-mail or any other form of electronic
communication is the offence of stalking.

1.7.4 The Virtual Reality of Cyber Stalking in India

 The internet has created a channel that has made communication and sharing of data easier. Social media platforms
allow people to connect with each other and access each other's information with a single click. However, on the
flip side, technology has certain loopholes which allow criminals to misuse this liberty of access, leading to a rise
in cybercrimes.
 Cyber stalking is a type of online crime where someone uses technology, especially the internet, to stalk another
person. This could mean watching everything the person does online, making threats, stealing their identity or
information, and more. It's like an obsessive and illegal behavior where someone keeps a close eye on everything
the other person does on the internet. So, it's basically using the online world to harass and stalk someone.
 Cyberstalkers use multiple methods to stalk a person over the internet like SMS, phone calls, emails, etc., the most
common being social media platforms. Social media websites and mobile apps have access to a user's personal
 information like pictures, address, contacts and whereabouts. Stalkers can misuse this information to threaten,
blackmail or physically contact the victim.
 Cyberstalkers also use emails as an instrument to stalk a person. A stalker may gain access to a person's email
account through hacking and use it to send threatening or obscene messages. Some emails have computer malware
or viruses attached to them in order to render the email useless to the owner.
 Laws are updated to match new ways of committing crimes. For example, after the Delhi Gang Rape case in 2012,
where a crime occurred, the Indian Penal Code was changed in 2013 to add Section 354D. This section talks about
stalking laws and the punishments for stalking (following someone against their will).
But here's the catch: While there are laws against regular stalking, there aren't specific laws against cyber stalking
in India. However, Section 66A of the Information Technology Act, 2000 does say that if someone uses a computer
or a device to send really offensive or threatening information, they can be punished with up to 3 years in prison
and a fine. So, there are consequences for using technology to be mean or threatening online.

1.7.5 Types of Cyber Stalking

 Webcam Hijacking: Internet stalkers would attempt to trick you into downloading and putting in a malware-
infected file that may grant them access to your webcam. the method is therefore sneaky that it is probably you
would not suspect anything strange.
 Observing location check-ins on social media: In case you are adding location check-ins to your Facebook posts,
you are making it overly simple for an internet stalker to follow you by just looking through your social media
profiles.
 Catfishing: Catfishing happens via social media sites, for example, Facebook, when internet stalkers make
counterfeit user-profiles and approach their victims as a companion of a companion.
 Visiting virtually via Google Maps Street View: If a stalker discovers the victim's address, then it is not hard to
find the area, neighborhood and surroundings by using Street View. Tech-savvy stalkers do not need that too.
 Installing Stalker ware: One more method which is increasing its popularity is the use of Stalker ware. It is a kind
of software or spyware which keeps track of the location, enable access to text and browsing history, make an audio
recording, etc. And an important thing is that it runs in the background without any knowledge to the victim.
 Looking at geotags to track location: Mostly digital pictures contain geotags which is having information like
the time and location of the picture when shot in the form of metadata. Geotags comes in the EXIF format embedded
into an image and is readable with the help of special apps. In this way, the stalker keeps an eye on the victim and
gets the information about their whereabouts.
Protective Measures:
 Develop the habit of logging out of the PC when not in use.
 Remove any future events you are close to attending from the social networks if they are recorded on online
approaching events and calendars.
 Set strong and distinctive passwords for your online accounts.
 Cyber Stalkers can exploit the low security of public Wi-Fi networks to snoop on your online activity. Therefore,
avoid sending personal emails or sharing your sensitive info when connected to an unsecured public Wi-Fi.
 Make use of the privacy settings provided by the social networking sites and keep all info restricted to the nearest
of friends.
 Do a daily search on the internet to search out what information is accessible regarding you for the public to check.
1.8 CYBER CAFE AND CYBERCRIMES
 A cybercafe, also known as an internet cafe or a computer cafe, is a place where customers can pay to use computers
with internet access. These establishments are typically set up with multiple computers connected to the internet
and often offer various services such as printing, scanning and sometimes even snacks or beverages. Cybercafes
were more popular in the early days of the Internet when not everyone had easy access to the web at home.
 In February 2009, a Nielsen survey conducted on cybercafe users in India revealed significant demographic
patterns. The study encompassed eight cities and 3,500 cafes and showed that 90% of the users were male and fell
within the age range of 15 to 35 years. Among these users, 52% were graduates or postgraduates, with slightly more
than 50% being students. This underscores the importance of understanding the cyber security and governance
practices employed in cybercafes.
 Over recent years, there have been many cases where cybercafes were involved in helping terrorists communicate,
sometimes for real plans and sometimes by tricking people. Also, cybercrimes, like stealing bank passwords to take
money unlawfully, have been connected to things happening in cybercafes. Cybercafes are also often used to send
mean and upsetting emails to people.
 When you use computers in places like cyber cafes, there are two big problems. First, we don't always know what
sneaky programs like keyloggers or spyware running in the background on these computers. They could be secretly
recording what you type, like your passwords. Second, there's a risk of someone looking over your shoulder and
seeing what you're doing, which can expose your passwords (shoulder surfing). So, when using these computers,
be super careful to protect your privacy because you can't predict who will use the computer after you.
 Under the Indian Information Technology Act (ITA) of 2000, cybercafes aren't clearly defined. Instead, they are
considered like companies that provide internet services, following Section 79 of the Act. This means cybercafes
have a responsibility called "due diligence." If they don't do what they should to keep things safe online, they could
be in trouble for any illegal activities that happen on their network. Due diligence means they need to do their
regular duties to make sure the online environment is secure and follows the law.
 Cybercriminals often choose cybercafes as their preferred locations for conducting illicit activities. They typically
single out a specific personal computer (PC) for their operations. These criminals tend to visit these cafes at specific
times and on a regular schedule, such as every alternate day or twice a week.

A recent survey conducted in a metropolitan city in India uncovered the following key findings:
1) Pirated Software: All the computers in these cybercafes have pirated software, including operating systems,
browsers and office software like Microsoft Office.
2) Outdated Antivirus Software: The antivirus software on these computers is not updated with the latest patches
and antivirus signatures.
3) Use of "Deep Freeze": Some cybercafes employ software known as "Deep Freeze" to protect their computers from
potential malware attacks.
4) Lack of Annual Maintenance Contracts (AMC): Many cybercafes do not have AMC in place for computer
servicing. This absence of AMC poses a risk as cybercriminals can install malicious code on a computer and engage
in criminal activities without interruption.
5) Unblocked Adult Content: Pornographic and other indecent websites are not blocked on these computers.
6) Low IT Security Awareness: Cybercafe owners have limited awareness of IT security and IT governance.
 7) Lack of Government and Law Enforcement Guidance: Government agencies, Internet Service Providers (ISPs)
and state police cyber cell units do not appear to provide IT governance guidelines to cybercafe owners.
8) Infrequent Law Enforcement Visits: Cybercafe associations or state police cyber cell units do not conduct regular
visits to cybercafes unless a criminal activity has been reported through a First Information Report (FIR). Cybercafe
owners believe that the police have limited knowledge of technical aspects related to cybercrimes and lack a
conceptual understanding of IT security.

Tips for safety and security while using the computer in a cybercafe:
1) Always Logout: When using services that require a username and password (e.g., email, instant messaging), be
sure to click "logout" or "sign out" before leaving the computer. Closing the browser window may not be sufficient
to protect your account. Disable automatic login options.
2) Stay with the Computer: Do not leave the computer unattended while browsing. If you need to step away, log out
and close all browser windows to prevent unauthorised access.
3) Clear History and Temporary Files: Before browsing, disable the option to save passwords in your browser's
settings. After your session, clear the browsing history and temporary Internet files, including cookies. This can
help protect your privacy.
4) Be Alert: Stay aware of your surroundings while using a public computer. Be cautious of anyone trying to observe
your username and password from a nearby location.
5) Avoid Financial Transactions: Whenever possible, avoid conducting online banking, shopping or other
transactions that require sensitive information on public computers. If you must do so, change your passwords as
soon as possible using a trusted computer (e.g., at home or in the office).
6) Change Passwords: Periodically change your passwords for online services, especially after using public
computers. Use strong, unique passwords for each account.
7) Use a Virtual Keyboard: Some banks offer a virtual keyboard on their websites for entering passwords and
sensitive information. This can help protect against keyloggers.
8) Use Your Own Device: Whenever possible, use your personal device to access the internet rather than a public
computer.
9) Avoid Sensitive Transactions: Refrain from conducting sensitive transactions, such as online banking or entering
personal passwords, when using public computers.
10) Update Your Antivirus: Ensure that your own antivirus software is up-to-date if you need to use a public computer.
11) Use a VPN: Consider using a Virtual Private Network (VPN) to enhance your online privacy and security.
12) Use HTTPS: When browsing websites, ensure that they use HTTPS to encrypt your data.
13) Educate Yourself: Stay informed about IT security best practices to protect yourself when using public computers.
By following these precautions, individuals can enhance their security and privacy while using public computers and reduce
the risk of unauthorised access to their accounts and personal information.

1.9 BOTNETS: THE FUEL FOR CYBER CRIME

 The combination of the terms "robot" and "network" leads to the creation of the concept known as a Botnet.
 A botnet is a collection of independent computers that have each been hacked by a cyber criminal who uses them
as a group to carry out many malicious attacks over the Internet.
 In a botnet, each computer is remotely controlled by a hacker.
  A Botnet denotes a network of compromised internet-connected devices that have been implanted with harmful
software referred to as malware.
 Each of these infected devices is called a "Bot" and they are under the remote control of a hacker or cybercriminal
commonly referred to as the "Bot herder".
 A Botnet refers to a network of compromised computers, often referred to as Zombies or Bots.
 The software used to control these compromised computers is typically written in programming languages like C++
and C.
 The primary objective of a botnet is to initiate activities on the dark side of the internet, giving rise to a new category
of crime known as Cybercrime.
 Among various types of malicious software (malware), botnets stand out as one of the most prevalent and severe
threats.
 These malicious networks have targeted numerous prominent entities, including large institutions, government
organizations and virtually every major social networking platform like Facebook, Twitter, Instagram, as well as e-
commerce giants such as Amazon and Flipkart.
 In essence, nearly every internet- related business has fallen victim to this form of malware. What makes this
malicious software particularly concerning is that it is readily available for lease in the market. It can be harassed
for a wide range of malicious activities, including Distributed Deniel of Services(DDoS) attacks, Phishing schemes,
Extortion and more.

Botnet Communication: Botnet Communication typically follows a sequence of steps:

1) Target Identification: Initially, those aspiring to be botmasters identify target systems or computers that are easy
to break into.
2) Infection via Social Engineering: To infiltrate the target system, common social engineering techniques such as
phishing or click fraud are often employed. A small executable file, usually of a few kilobytes in size, is installed
on the compromised system. This code is designed to be discreet, often running quietly in the background without
the user's awareness.
3) Stealthy Operation: The code includes a small patch that ensures it remains hidden, making it difficult for a casual
user to detect that their system has become part of a botnet.
 4) Communication Establishment: After infection, the bot seeks a channel through which it can communicate with
its master, the botmaster. This channel is commonly referred to as the "command and control channel."
5) Command and Control Protocol: Typically, the command and control channel makes use of existing protocols
to facilitate communication between the compromised bot and its master. This allows the botmaster to send
commands to the bots and receive updates from them. This use of established protocols makes it challenging for
anyone monitoring network traffic to discern the malicious activity.
6) Scripted Execution: Botmasters often create scripts to execute specific tasks on compromised systems running
various operating systems. These scripts are used to control the behaviour of the bot army.
The process of botnet communication involves the identification of vulnerable systems, the use of social engineering
techniques for infection, discreet operation on compromised systems, the establishment of a communication channel with
the botmaster and the execution of commands using scripts. This process is designed to be surreptitious and challenging to
detect by monitoring network traffic behaviour.
Action Performed on Bots: The following are the major things that can be performed on bots:
 Web-Injection: Botmaster can inject snippets of code to any secured website that which bot used to visit.
 Web filters: Here on use a special symbol like:"!" for bypassing a specific domain and "@" for the screenshot used.
 Web-fakes: Redirection of the webpage can be done here.
 DnsMAP: Assign any IP to any domain which the master wants to route to the bot family.

1.9.1 Types of Botnet

Common types of Botnet are mentioned as:
1. Internet Relay Chat (IRC) Botnet: Internet Relay Chat (IRC) acts as the C&C Channel. Bots receive commands
from a centralized IRC server. A command is in the form of a normal chat message. The limitation of the Internet
Relay Chat (IRC) Botnet is that the Entire botnet can be collapsed by simply shutting down the IRC Server.
2. Peer-to-Peer (P2P) Botnet: It is formed using the P2P protocols and a decentralised network of nodes. Very
difficult to shut down due to its decentralised structure. Each P2P bot can act both as the client and the server. The
bots frequently communicate with each other and send "keep alive" messages. The limitation of Peer-to-Peer
Botnets is that it has a higher latency for data transmission.
3. Hyper Text Transfer Protocol (HTTP) Botnet: Centralised structure, using HTTP protocol to hide their activities.
Bots use specific URLs or IP addresses to connect to the C&C Server, at regular intervals. Unlike IRC bots, HTTP
bots periodically visit the C&C server to get updates or new commands.

How Does it Work?

The working of the Botnet can be defined as either you writing code to build software or using it from the available (Leaked)
botnet like ZEUS Botnet (king of all botnet), Mirai botnet, BASHLITE, etc. then finding the vulnerable system where you
can install this software through some means like social engineering (e.g Phishing) soon that system becomes a part of a
bot army. Those who control it are called the botmaster which communicates its bot army using a command and control
channel.
1.9.2 Types of Botnet Attacks
Some general attacks performed by the Botnets are.
1) Phishing: Botnets are utilised to disseminate malware and carry out suspicious activities through phishing emails.
This involves the use of multiple bots and the entire process is automated, making it challenging to disrupt.
2) Distributed Denial-of-Service (DDoS) Attack: Botnets execute DDoS attacks, wherein numerous requests are
sent to overwhelm a specific application or server, causing it to crash. Network Layer DDoS Attacks employ
techniques like SYN Floods and UDP Floods to saturate the target's bandwidth, making it difficult for them to
defend against the attack.
3) Spambots: Spambots represent a form of Botnet attack where they collect email addresses from websites, guest
books or any platform requiring an email ID for registration. This category is responsible for more than 80 percent
of spam emails.
4) Targeted Intrusion: Among the most perilous attacks, targeted intrusions focus on the most valuable assets, data
or properties. These attacks aim for high-value targets, posing a significant threat.

1.10 ATTACK VECTOR

 An attack vector refers to a pathway or technique employed by hackers to illicitly access a computer or network,
with the aim of exploiting vulnerabilities within the system.
 Hackers utilise various attack vectors to initiate attacks that capitalise on system weaknesses, potentially leading to
data breaches or the theft of login credentials.
 These methods encompass the distribution of malware and viruses, the use of malicious email attachments and web
links, the use of pop-up windows and instant messages designed to deceive employees or individual users.
 Many of these attacks are financially driven, with attackers seeking to steal money from individuals or organizations
or to obtain valuable data and personally identifiable information (PII) that can be used for ransom purposes.
 The individuals or groups carrying out network infiltrations can come from diverse backgrounds, including
disgruntled former employees, politically motivated organised collectives, hacktivists, professional hacking groups
or even state-sponsored entities.
How Do Cybercriminals Use Attack Vectors?
Hackers use multiple threat vectors to exploit vulnerable systems, attack devices and networks and steal data from
individuals.
There are two main types of hacker vector attacks: passive attacks and active attacks.
 Passive Attack: A passive attack involves an attacker monitoring a system to gather information about
vulnerabilities without causing direct damage. It doesn't alter data but poses a threat to data confidentiality.
Example: Passive reconnaissance (observing for vulnerabilities), session capture, and active reconnaissance
(engaging with target systems using tools like port scans).
 Active Attack: An active attack aims to disrupt or damage an organization's system resources or regular operations.
It involves launching attacks against vulnerabilities, such as denial-of-service attacks, exploiting weak passwords,
or using malware and phishing.
Example: Masquerade attack, in which an intruder pretends to be a trusted user and steals login credentials to gain
access privileges to system resources. Active attack methods are often used by cyber criminals to gain the
information they need to launch a wider cyberattack against an organisation.

1.10.1 Types of Attack Vectors

Examples of various attack vectors are:
 Phishing: Phishing aims to deceive the target into divulging sensitive information, credentials or personal
identifying data. It typically involves contacting the victim via email, phone or instant messaging while pretending
to be a trusted entity (PII). Educating your team on cyber security's importance and implementing measures like
email spoofing prevention and typo squatting can reduce phishing risks.
 Insider Threats: Employee dissatisfaction can lead to the exposure of confidential information or the revelation
of peculiar weaknesses within an organisation.
 Malware: Malware encompasses ransomware, spyware, Trojans and viruses, among other forms of malicious
software. Cybercriminals use malware as an attack vector to infiltrate corporate networks and devices, steal data
and compromise systems.
 Compromised Credentials: A single data breach can cascade into more breaches due to weak passwords and
password reuse. Investing in password managers or single sign-on applications, training employees on security best
practices and promoting secure password creation can help mitigate this risk.
 DDoS Attacks: Distributed Denial-of-Service (DDoS) attacks target networked resources such as servers, data
centers or websites, causing a decrease in their availability. Attackers overload the target resource with traffic,
slowing it down or causing it to crash. Content Delivery Networks (CDNs) and proxies are potential
countermeasures.
 Incorrectly Configured Devices: Misconfigurations of cloud services like Google Cloud Platform, Microsoft
Azure or AWS or the use of default credentials, can lead to data breaches and leaks. To prevent configuration drift,
consider automating configuration management.
 Trust Relationships: Organizations often entrust external infrastructure and network providers, cloud services and
partners with their security. When these third-party systems are compromised, the stolen data may include sensitive
information from the organizations they serve. Examples include the breach of a major credit card company's
network or the theft of patient data from a hospital facility.
 Bad or Missing Encryption: Employing common encryption methods like SSL certificates and DNSSEC can help
prevent man-in-the-middle attacks and protect data confidentiality. Inadequate or absent encryption can expose
sensitive information or login credentials in the event of a data breach or leak.
 Weak Passwords and Credentials: Weak passwords and password reuse can lead to multiple data breaches.
Investing in password management solutions, educating employees about their responsibilities and promoting
secure password practices can enhance security.
 Man-in-the-Middle Attacks: Man-in-the-middle attacks involve intercepting and capturing traffic intended for
elsewhere, often on public Wi-Fi networks.
 SQL Injections: SQL injections use malicious SQL to force a server to disclose information it would not normally
reveal, potentially exposing user credentials, personal data, credit card numbers or other personally identifiable
information (PII).
 Cross-Site Scripting (XSS): XSS attacks inject malicious code into a website, targeting users rather than the site
itself. Attackers often use comments as a vehicle for cross-site scripting attacks, embedding links to malicious
JavaScript in blog post comment sections.
 Brute Force Attacks: Brute force attacks rely on trial and error, with attackers repeatedly attempting to breach an
organisation until they succeed. This may involve exploiting weak encryption, using phishing emails or sending
malware- infected email attachments. Caution is essential when dealing with brute force attacks.
 Session Hijacking: Many services grant your computer a session key or cookie upon login to avoid frequent logins.
Attackers can hijack this cookie to gain unauthorised access to sensitive data. Vigilance is required to prevent
session hijacking.