1.

Explain briefly Categorization of Cybercriminals

 Cybercrime (computer crime) is any illegal behavior, directed by means of electronic operations,
that target the security of computer systems and the data processed by them”.

 Hence cybercrime can sometimes be called as computer-related crime, computer crime, E-crime,
Internet crime, High-tech crime….

Who are Cybercriminals

 Are those who conduct acts such as:

 Child pornography

 Credit card fraud

 Cyber stalking

 Defaming others online

 Gaining unauthorized access to computer systems

 Ignoring copyrights

Categorization of Cybercriminals

 Type-1 Cybercriminals- hungry for recognition

 Type 2 Cybercriminals- not interested in recognition

 Type -3 Cybercriminals- the insiders

Type 1: Cybercriminals- hungry for recognition

 Hobby hackers

 A person who enjoys exploring the limits of what is possible, in a spirit of playful
cleverness. May modify hardware/ software

 IT professional(social engineering):

 Ethical hacker

 Politically motivated hackers :

 promotes the objectives of individuals, groups or nations supporting a variety of

causes such as : Anti globalization, transnational conflicts and protest

 Terrorist organizations

 Cyber terrorism

 Use the internet attacks in terrorist activity

 Large scale disruption of computer networks , personal computers attached to

internet via viruses
Type 2: Cybercriminals- not interested in recognition

 Psychological perverts

 Express abnormal behavior

 Financially motivated hackers

 Make money from cyber attacks

 Bots-for-hire : fraud through phishing, information theft, spam and extortion

 State-sponsored hacking

 Hacktivists

 Extremely professional groups working for governments

 Have ability to worm into the networks of the media, major corporations, defense
departments

Type 3: Cybercriminals- the insiders

 annoyed or former employees seeking revenge

 Competing companies using employees to gain economic advantage through damage or

theft.
 2. Explain briefly Cybercrime against an individual.

Cybercrime against individuals primarily involves activities that involve

the use of the internet and computers as a tool to extract private
information from an individual, either directly or indirectly, and disclose it
on online platforms without the person’s consent or illegally in order to
degrade the person’s reputation or cause mental or physical harm.

Types of Cybercrime against Individuals

Cybercrime may be broadly classified into three types:

1. Cybercrime against an individual is a type of cybercrime that occurs

in or through the use of the internet. Sexual, ethnic, religious, or other
forms of harassment exist.

2. Cybercrime against an individual’s property includes computer

wreckage, the destruction of other people’s property, the delivery of
destructive programs, trespassing, and unlawful possession of computer
information.

3. Cybercrime against the government, such as cyberterrorism or

plotting against the governmental activities

Examples :
Phishing and scam
Theft of identity
Ransomware infection
Malware attacks
Cyberstalking
Social media hacking
Web hacking
Steps to avoid Cybercrime against Individuals
Making use of an internet security package: This helps safeguard
your private and financial information while you use the internet by
offering real-time protection against known and unknown malware, such
as viruses and ransomware.

Use secure passwords: Avoid using the same password across many
websites, and change it frequently. Make them challenging. That entails
utilizing a minimum of 10 different letters, numbers, and symbols

Disclosing private information: Never communicate or divulge any

sensitive information, including your bank account number, ATM pin,
password, or email address, over an unencrypted connection

Not answering spam: Avoid visiting untrusted websites or clicking on

links sent to you by unknown or untrusted websites. Spams are the
most common form of cybercrime against the individual.
 3. Explain briefly Cybercrime against an Organization.

Cyber crime also affects organisations like banks, service sectors, government agencies, companies and other
association of persons. These involve Hacking, Denial of Service, Virus and Worms, E-mail bombing, Salami
Attack, Logic Bomb, Spywares etc.

Hacking

Hacking means unauthorised access to a computer system. It is the most common type of cyber crime committed
across the world. The commonly used definition of hacking is breaking into computer systems. Hacking as a
cyber crime is the most dangerous to the Internet because it has effect of eroding the credibility of the Internet.
Hacking creates a perception in the minds of citizens that the Internet is vulnerable and weak.

E-mail Bombing

An e-mail bomb is a form of net abuse consisting of sending huge volumes of e-mail to address in an attempt to
overflow the mailbox or overwhelm the server. There are two ways of e-mail bombing, mass mailing and list
linking. Mass mailing consists of sending numerous duplicate mails to the same e-mail ID list linking consisting
of signing a particular e-mail ID up to several subscription. This type of bombing is effective as the person has to
unsubscribe from all the services manually.

Salami Attacks

These attacks are used for committing financial crimes. For instance, a bank employee inserts a programme into
the bank's servers, which deducts a small amount of money (only a few pennies) from the account of every
customer. No account holder is likely to notice the individual effect of a small being stolen, whereas the total
effect can generate a large sum of money for the perpetrator.

Logic Bomb

A Logic Bomb is a rogramme, which lies dormant until a specific piece of software code is activated. Logic
Bomb is that code of a virus,which waits for some event to occur. When that particular time comes, it bursts and
cause considerable damage. It may erase the complete hard disk.’ In this way, a Logic Bomb is analogous to a
real-world land mine. The most common activator for a Logic Bomb is a date. The Logic Bomb checks the
system date and does nothing until a pre-programmed date and time is reached. At that point, the logic bomb
activates and executes its code.

Data Diddling

Data diddling involves changing data prior or during input into a computer. In other words, information is
changed from the way it should be entered by a person typing in the data, a virus that changes data, the
programmer of the database or application, or anyone else involved in the process of having information stored in
a computer file.
The culprit can be anyone involved in the process of creating, recording, encoding, examining, checking,
converting, or transmitting data. This is one of the simplest methods of committing a computer-related crime,
because it requires almost no computer skills whatsoever.

4. Describe Email Spoofing.

Email spoofing is a form of cyber attack in which a hacker sends an email that has been
manipulated to seem as if it originated from a trusted source. Email spoofing is a popular tactic
used in phishing and spam campaigns because people are more likely to open an email when they
think it has been sent by a known sender. The goal of email spoofing is to trick recipients into
opening or responding to the message

 To send spoofed e-mail, senders insert commands in headers that will alter message
information
 It is possible to send a message that appears to be from anyone, anywhere, saying whatever the
sender wants it to say.

 Thus, someone could send spoofed e-mail that appears to be from you with a message that you
didn't write.

 Classic examples of senders who might prefer to disguise the source of the e-mail include a sender
reporting mistreatment by a spouse to a welfare agency

 Although most spoofed e-mail falls into the "nuisance" category and requires little action other
than deletion, the more malicious varieties can cause serious problems and security risks.

 For example, spoofed e-mail may purport to be from someone in a position of authority, asking for
sensitive data, such as passwords, credit card numbers, or other personal information -- any of
which can be used for a variety of criminal purposes.

 The Bank of America, eBay, and Wells Fargo are among the companies recently spoofed in mass
spam mailings.

 One type of e-mail spoofing, self-sending spam, involves messages that appear to be both to and
from the recipient.

How to identify a spoofed email

 The displayed sender name does not match the email address
 The information in the email signature, such as the telephone number, doesn’t align with what is known about the sender (i.e., the
sender is located in California but the phone number in the sig file has a Massachusetts area code)
 Check the email header for the RECEIVED line. It should match the email address that is displayed in the email
 Check the email header for RECEIVED-SPF. It should say Pass. If it says Fail or Softfail, the email may have been spoofed
 If the organization is using DKIM and DMARC, the AUTHENTICATION-RESULTS will show whether the email passed the
requirements of those protocols.

How to protect yourself from email spoofing

Use email security protocols

Email security protocols use domain authentication to reduce threats and spam. The
email security protocols in use today are Sender Policy Framework (SPF),
DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication,
Reporting, and Conformance (DMARC).

SPF detects forged sender addresses during the delivery phase, but it can only detect
them in the envelope of the email, which is used when an email is bounced. However,
when used in conjunction with DMARC authentication, SPF can detect a forged
“visible sender,” which is a technique that is commonly used in phishing and spam.
Encrypt emails

DKIM uses public and private keys to prove that a sender is who they say they are.
Each message that goes out through SMTP needs a pair of keys that match a public
DNS record, which is verified by the receiving mail server.

Deploy an email security gateway

Email security gateways, or Secure Email Gateways, are a collection of technologies

that work on a network level to block emails that do not meet security policy
requirements. An email security gateway scans all incoming and outbound email and
may also include capabilities like malware blocking, spam filtering, content filtering,
and email archiving. Because these protective actions occur at the network level,
users are not impacted at all.

Use an antimalware solution

Antimalware may detect and block spoofed emails before they reach their targets’
inboxes. It’s important to keep antimalware software up to date because attackers are
alert to newly-identified vulnerabilities and act quickly to exploit them.

5. Discuss briefly about Spamming.

 People who create electronic spam : spammers

 Spam is abuse of electronic messaging systems to send uninvited bulk messages indiscriminately

 Spam is any kind of unwanted, unsolicited digital communication that gets sent out in bulk. Often
spam is sent via email, but it can also be distributed via text messages, phone calls, or social media.

 Spamming may be

 E-Mail Spam

 Web search engine spam

 Spam in blogs, wiki spam

 Online classified ads spam

 Social networking spam

 Spamming is difficult to control

 Advertisers have no operating costs beyond the management of their mailing lists

 It is difficult to hold senders accountable for their mass mailings

  Spammers are numerous

signs to determine whether you’re dealing with spam:

 Attachments: Treat any emails with attachments from unknown senders as

suspicious, especially if the body of the email contains little information.
 Links: suspicious links are often a telltale sign that an email or text message from
an unknown sender is spam.
 Unidentified sender: Spammers typically email you from their personal email
accounts, hardly from an official business email. If you don’t recognize the
sender, block them and delete the email.
 Poorly written text or email: Spammers almost always send poorly written texts
and emails. If you receive a text or email with grammatical errors, spelling errors,
and that is poorly punctuated, chances are it’s spam.
 Missing information.

How to prevent spam

o Block and report spam senders and callers.
o Avoid providing your contact details to organizations, in online forms, and at
events.
o Use strong passwords for all your online accounts
o Avoid using your main email address for online accounts

6. What are Salami Attack / Salami Technique?

A salami attack is a method of cybercrime that attackers or a hacker typically

used to commit financial crimes. Cybercriminals steal money or resources from
financial accounts on a system one at a time. Those who are found guilty of
such an attack face punishment under Section 66 of the IT Act.
Working of Salami attack:
During this kind of attack, an awfully insignificant change is introduced that goes
completely unnoticed. as an example, a bank accountant inserts a program, into the
bank’s servers, that deducts a satiny low amount of cash from the account of each
customer. No account holder will probably notice this Unauthorized debit, but the bank
accountant will make an outsized amount of cash each month. as an example, an
employee of a bank in the USA was terminated from his job. Disgruntled at having
been supposedly mistreated by his employers the person first introduced a logic bomb
into the bank’s systems.

Types of Salami attacks:

 Salami Slicing: Salami Slicing occurs when the attackers/hacker get
customer information, like Bank/credit card details and other similar sort of
detail by using an online database the attacker/hacker deduct an awfully
touch of cash from each account as an example, suppose an attacker/hacker
withdraws ₹0.0001 from each checking account. Nobody will notice so, an
oversized sum is produced when one dollar is deducted from each account
holder at that bank and the attacker got a stack of cash.
 Penny Shaving: when the attackers/hacker steal money in small amounts.
By using rounding to the closest within the transactions. so, change is so
small so, nobody can detect such dough in a single transaction
Prevention From Salami attack:
Users are encouraged to oversee their weekly transactions and month-to-month bank
statements to shield their bank accounts from being hindered by a salami attack.
If you have got any issues with any strange charges on your account, contact your
bank.
Financial institutions, like banks, should also update their security so that the attacker
doesn’t become conversant in how the framework is meant. Banks should advise
customers on the due to report any money deduction that they weren’t tuned in to.

7. Discuss about Usenet Groups.

Usenet is the contraction of the User Network. It resembles just a Bulletin Board System
where users can post articles or posts on various topics.
A usenet is a collection of user-submitted articles or posts on various topics/subjects that
are posted to servers on world wide network.
Working of Usenet
The Usenet is built on the Network News Transfer Protocol (NNTP), a standard Internet
protocol in Request for Comments (RFC) 977 and has two components:
 A client/server portion that allows users running client software such as
Google Chrome to interact with the news servers by downloading a list of
available. Usenet newsgroups on the server, read existing messages in the
newsgroups, reply to existing messages, or post new messages.
 A server/server portion that allows news servers to establish communication
with each other, for the purpose of replicating messages from newsgroups. For
example, Microsoft Exchange Server fully supports NNTP.
Newsgroup
Each topic collection of posted notes is known as a Newsgroup. There are thousands of
newsgroups and it is also possible to form a new one. Many newsgroups are hosted on
Internet-connected servers but they can also be hosted from servers without the Internet.
Advantages of Newsgroups
 Newsgroups are similar in some ways to mailing lists, but they tend to have a
structure better than mailing lists, which makes it more likely that they will be
around for much longer than a mailing list.
 It is easy to find a newsgroup, and they sometimes have a moderator. A
moderator is one who makes sure that things stay on track and do not
disintegrate into something that is unpleasant socially.
 Most often than not, you will be able to find the FAQs (Frequently Asked
Questions) section on a newsgroup, which is always helpful for those who are
not sure about anything. These questions tend to be the ones that are asked
repeatedly and so negate the need for constantly answering the same questions.
Disadvantages of Newsgroups
 A newsgroup is not as fast as an email or even a mailing list. Often there might
be a latency of at least a day, often longer, before a response is given.
 The information on the newsgroup is submitted by users who lack actual
knowledge about the domain on which they are posting the article, so you need
to be aware of this flaw, keep some alternatives ready for this and do a bit of
research first then only rely on it.
 A serious disadvantage to a newsgroup is that they can sometimes attract people
who you would not give the time of day to if you were to meet them in person.
This is especially worrying if children have access to newsgroups.

8. Explain briefly ITA 2000.

The Information Technology Act, 2000 also Known as an IT Act is an act proposed by
the Indian Parliament reported on 17th October 2000. This Information Technology
Act is based on the United Nations Model law
 CYBERCRIMES are punishable under two categories: the ITA 2000 and the IPC
 207 cases under ITA 2000 in 2007
  339 cases recorded under IPC

The main objective of this act is to carry lawful and trustworthy electronic, digital and
online transactions and reduce cybercrimes. The IT Act has 13 chapters and 94
sections.
The IT Act, 2000 has two schedules:
 First Schedule –
Deals with documents to which the Act shall not apply.
 Second Schedule –
Deals with electronic signature or electronic authentication method.
The offences and the punishments in IT Act 2000 :
The offences and the punishments that falls under the IT Act, 2000 are as follows :-
1. Tampering with the computer source documents.
2. Directions of Controller to a subscriber to extend facilities to decrypt
information.
3. Publishing of information which is obscene in electronic form.
4. Penalty for breach of confidentiality and privacy.
5. Hacking for malicious purposes.
6. Penalty for publishing Digital Signature Certificate false in certain
particulars.
7. Penalty for misrepresentation.
8. Confiscation.
9. Power to investigate offences.
10.Protected System.
11. Penalties for confiscation not to interfere with other punishments.
12.Act to apply for offence or contravention committed outside India.
13.Publication for fraud purposes.
14.Power of Controller to give directions.
 This section of IT Act, 2000 states
that any act of destroying, altering or
stealing computer system/network or
deleting data with malicious
intentions without authorization
from owner of the computer is liable
for the payment to be made to owner
Section 43 as compensation for damages.

Hacking of a Computer System with

malicious intentions like fraud will be
punished with 3 years imprisonment
Section 66 or the fine of Rs.5,00,000 or both.

This section states publishing obscene

information or pornography or
transmission of obscene content in
public is liable for imprisonment up
to 5 years or fine of Rs. 10,00,000 or
Section 67 both.

9. Discuss Types of Cyber Attacks.

A cyber attack is an attempt by cybercriminals, hackers or other digital adversaries to

access a computer network or system, usually for the purpose of altering, stealing,
destroying or exposing information.

Cyberattacks can target a wide range of victims from individual users to enterprises or
even governments. When targeting businesses or other organizations, the hacker’s
goal is usually to access sensitive and valuable company resources, such as
intellectual property (IP), customer data or payment details.

Types of attacks:

 Active attack
 Used to alter system
 Affects the availability, integrity and authenticity of data
 Passive attack
 Attempts to gain information about the target
 Leads to breaches of confidentiality
  Inside attack
 Attack originating and/or attempted within the security perimeter of an
organization
 Gains access to more resources than expected.
 Outside attack
 Is attempted by a source outside the security perimeter,
 May be an insider or an outsider , who is indirectly associated with the
organization
 Attempted through internet or remote access connection

10. Explain briefly about Port Scanning.

Cyber-Attackers use various different methods to carry out the execution of Cyber-
Attacks on the computer network, depending on the ease through which the computer
network can be attacked on its vulnerability. Each type of Cyber-Attack is risky and
harmful in nature. Awareness about cyber crimes is very important for today’s young
generation to prevent cyber crimes from taking place and feel safe while using the internet
/ cyber technology.
Here, we will discuss one such very harmful Cyber-Attack Port Scanning Attack.

Port Scan attack:

 A Port Scan attack is a dangerous type of Cyber-Attack revolving around
targeting open ports that are vulnerable to attack.
 A Port scan attack helps attackers to identify open points to enter into a cyber
network and attack the user.
  In this attack, Cyber-Attackers look for open ports in the network, which they
then aim to capture to send and receive information.
 Nmap, Netcat, and IP Scanning tools are used to scan ports for vulnerability
checks.
 The act of systematically scanning a computer's ports.
 Since a port is a place where information goes into and out of a computer, port
scanning identifies open doors to a computer.
 It is similar to a thief going through your neighborhood and checking every door
and window on each house to see which ones are open and which ones are locked.
 There is no way to stop someone from port scanning your computer while you are
on the Internet because accessing an Internet server opens a port, which opens a
door to your computer.

 a port scan consists of sending a message to each port, one at a time. The kind of
response received indicates whether the port is used and can therefore be probed
for weakness.
 The result of a scan on a port is usually generalised into one of the following
categories:

1. Open or accepted
2. Closed or not listening
3. Filtered or blocked.

TYPES OF PORT SCANS :

 vanilla: the scanner attempts to connect to all 65,535 ports
 strobe: a more focused scan looking only for known services to exploit
 fragmented packets: the scanner sends packet fragments that get through simple
packet filters in a firewall
 UDP: the scanner looks for open UDP ports
 sweep: the scanner connects to the same port on more than one machine
 FTP bounce: the scanner goes through an FTP server in order to disguise the
source of the scan
 stealth scan: the scanner blocks the scanned computer from recording the port
scan activities.
Prevention:

The preventive ways for Port Scan attack are listed as follows :
 Secured Firewalls
 Strong Security Mechanisms

11. Discuss Classification of Social Engineering ?

Social engineering is a manipulation technique that exploits human error to obtain private

information or valuable data. In cybercrime, the human hacking scams entice unsuspecting

users to disclose data, spread malware infections, or give them access to restricted systems.

Attacks can occur online, in-person, and by other interactions. Social engineering scams are

based on how people think and act.

Social engineering attackers have two goals:

1. Subversion: Interrupting or corrupting data due to loss or inconvenience.

2. Theft: Obtaining valuable items such as information, access

Classification of Social Engineering

1. Human-Based Social Engineering

needs interaction with humans; it means person-to-person contact and then
retrieving the desired information. People use human based social engineering
techniques in different ways;
the top popular methods are:
 Impersonating an employee or valid user
 Posing as an important user
 Using a third person
  Calling technical support
 Shoulder surfing
 Dumpster diving

Impersonation
 In this type of social-engineering attack, the hacker pretends to be an employee or
valid user on the system. A hacker can gain physical access by pretending to be a
janitor, employee, or contractor.

Posing as an important user

 In this type of attack, the hacker pretends to be a VIP or high-level manager who
has the authority to use computer systems or files.

Being a third party

 In this attack, the hacker pretends to have permission from an authorized person
to use the computer system. It works when the authorized person is unavailable
for some time.

Desktop support
 Calling tech support for assistance is a classic social-engineering technique.
 Help desk and technical support personnel are trained to help users, which makes
them good prey for social engineering attacks.

Shoulder surfing—
o Shoulder surfing is the technique of gathering passwords by watching over a
person’s shoulder while they log in to the system.

Dumpster diving
 Dumpster diving involves looking in the trash for information written on pieces of
paper or computer printouts.
 The hacker can often find passwords, filenames, or other pieces of confidential
information like SSN, PAN, Credit card ID numbers etc
2. Computer –Based Social Engineering
Computer-based social engineering uses computer software that attempts to retrieve
the desired information.
 Fake E-mails
 E-mail attachments
 Pop-up windows

Fake E-mails

 Phishing involves false emails, chats, or websites designed to impersonate real

systems with the goal of capturing sensitive data.

 A message might come from a bank or other well-known institution with the need
to “verify” your login information.

E-Mail attachments

Emails sent by scammers may have attachments that include malicious code inside the
attachment. Those attachments can include keyloggers to capture users’ passwords,
viruses, Trojans, or worms.

Pop-up windows

 Sometimes pop-up windows can also be used in social engineering attacks.

 Pop-up windows that advertise special offers may tempt users to unintentionally
install malicious software.
12. Explain briefly about Cloud Computing and its various types
of Services.

Cloud Computing can be defined as the practice of using a network of remote servers
hosted on the Internet to store, manage, and process data, rather than a local server or a
personal computer. Companies offering such kinds of cloud computing services are
called cloud providers
Software as a Service(SaaS)

Software-as-a-Service (SaaS) is a way of delivering services and applications over the

Internet. Instead of installing and maintaining software, we simply access it via the
Internet, freeing ourselves from the complex software and hardware management. It
removes the need to install and run applications on our own computers or in the data
centers eliminating the expenses of hardware as well as software maintenance.
SaaS provides a complete software solution that you purchase on a pay-as-you-
go basis from a cloud service provider.
Examples : Dropbox, Cisco Webex, PayPal

Advantages of SaaS
1. Cost-Effective: Pay only for what you use.
2. Reduced time: Users can run most SaaS apps directly from their web
browser without needing to download and install any software. This reduces
the time spent in installation and configuration and can reduce the issues that
can get in the way of the software deployment.
3. Accessibility: We can Access app data from anywhere.
4. Automatic updates: Rather than purchasing new software, customers rely
on a
5. Scalability: It allows the users to access the services and features on-demand.

Platform as a Service

PaaS is a category of cloud computing that provides a platform and environment to

allow developers to build applications and services over the internet. PaaS services are
hosted in the cloud and accessed by users simply via their web browser.
Examples : word press , Google App Engine

Advantages of PaaS:
1. Simple and convenient for users: It provides much of the infrastructure and
other IT services, which users can access anywhere via a web browser.
2. Cost-Effective: It charges for the services provided on a per-use basis thus
eliminating the expenses one may have for on-premises hardware and
software.
3. Efficiency: It allows for higher-level programming with reduced complexity
thus, the overall development of the application can be more effective.
Infrastructure –as –a-service(IaaS):

the delivery of services like servers, storage, networks, operating systems on

request basis.
It totally depends upon the customer to choose its resources wisely and as per need.
Also, it provides billing management too.
 It is like Amazon Web Services that provide virtual servers with unique IP addresses and blocks of
storage on demand.

Examples :
AWS
Microsoft Azure
Advantages of IaaS:
1. Cost-Effective: Eliminates capital expense and reduces ongoing cost and
IaaS customers pay on a per-user basis, typically by the hour, week, or
month.
2. Website hosting: Running websites using IaaS can be less expensive than
traditional web hosting.
3. Security: The IaaS Cloud Provider may provide better security than your
existing software.
4. Maintenance: There is no need to manage the underlying data center or the
introduction of new releases of the development or underlying software. This
is all handled by the IaaS Cloud Provider.