Professional Documents
Culture Documents
MID-1NEW
MID-1NEW
Cybercrime (computer crime) is any illegal behavior, directed by means of electronic operations,
that target the security of computer systems and the data processed by them”.
Hence cybercrime can sometimes be called as computer-related crime, computer crime, E-crime,
Internet crime, High-tech crime….
Child pornography
Cyber stalking
Ignoring copyrights
Categorization of Cybercriminals
Hobby hackers
A person who enjoys exploring the limits of what is possible, in a spirit of playful
cleverness. May modify hardware/ software
IT professional(social engineering):
Ethical hacker
Terrorist organizations
Cyber terrorism
Psychological perverts
State-sponsored hacking
Hacktivists
Have ability to worm into the networks of the media, major corporations, defense
departments
Examples :
Phishing and scam
Theft of identity
Ransomware infection
Malware attacks
Cyberstalking
Social media hacking
Web hacking
Steps to avoid Cybercrime against Individuals
Making use of an internet security package: This helps safeguard
your private and financial information while you use the internet by
offering real-time protection against known and unknown malware, such
as viruses and ransomware.
Use secure passwords: Avoid using the same password across many
websites, and change it frequently. Make them challenging. That entails
utilizing a minimum of 10 different letters, numbers, and symbols
Cyber crime also affects organisations like banks, service sectors, government agencies, companies and other
association of persons. These involve Hacking, Denial of Service, Virus and Worms, E-mail bombing, Salami
Attack, Logic Bomb, Spywares etc.
Hacking
Hacking means unauthorised access to a computer system. It is the most common type of cyber crime committed
across the world. The commonly used definition of hacking is breaking into computer systems. Hacking as a
cyber crime is the most dangerous to the Internet because it has effect of eroding the credibility of the Internet.
Hacking creates a perception in the minds of citizens that the Internet is vulnerable and weak.
E-mail Bombing
An e-mail bomb is a form of net abuse consisting of sending huge volumes of e-mail to address in an attempt to
overflow the mailbox or overwhelm the server. There are two ways of e-mail bombing, mass mailing and list
linking. Mass mailing consists of sending numerous duplicate mails to the same e-mail ID list linking consisting
of signing a particular e-mail ID up to several subscription. This type of bombing is effective as the person has to
unsubscribe from all the services manually.
Salami Attacks
These attacks are used for committing financial crimes. For instance, a bank employee inserts a programme into
the bank's servers, which deducts a small amount of money (only a few pennies) from the account of every
customer. No account holder is likely to notice the individual effect of a small being stolen, whereas the total
effect can generate a large sum of money for the perpetrator.
Logic Bomb
A Logic Bomb is a rogramme, which lies dormant until a specific piece of software code is activated. Logic
Bomb is that code of a virus,which waits for some event to occur. When that particular time comes, it bursts and
cause considerable damage. It may erase the complete hard disk.’ In this way, a Logic Bomb is analogous to a
real-world land mine. The most common activator for a Logic Bomb is a date. The Logic Bomb checks the
system date and does nothing until a pre-programmed date and time is reached. At that point, the logic bomb
activates and executes its code.
Data Diddling
Data diddling involves changing data prior or during input into a computer. In other words, information is
changed from the way it should be entered by a person typing in the data, a virus that changes data, the
programmer of the database or application, or anyone else involved in the process of having information stored in
a computer file.
The culprit can be anyone involved in the process of creating, recording, encoding, examining, checking,
converting, or transmitting data. This is one of the simplest methods of committing a computer-related crime,
because it requires almost no computer skills whatsoever.
To send spoofed e-mail, senders insert commands in headers that will alter message
information
It is possible to send a message that appears to be from anyone, anywhere, saying whatever the
sender wants it to say.
Thus, someone could send spoofed e-mail that appears to be from you with a message that you
didn't write.
Classic examples of senders who might prefer to disguise the source of the e-mail include a sender
reporting mistreatment by a spouse to a welfare agency
Although most spoofed e-mail falls into the "nuisance" category and requires little action other
than deletion, the more malicious varieties can cause serious problems and security risks.
For example, spoofed e-mail may purport to be from someone in a position of authority, asking for
sensitive data, such as passwords, credit card numbers, or other personal information -- any of
which can be used for a variety of criminal purposes.
The Bank of America, eBay, and Wells Fargo are among the companies recently spoofed in mass
spam mailings.
One type of e-mail spoofing, self-sending spam, involves messages that appear to be both to and
from the recipient.
Email security protocols use domain authentication to reduce threats and spam. The
email security protocols in use today are Sender Policy Framework (SPF),
DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication,
Reporting, and Conformance (DMARC).
SPF detects forged sender addresses during the delivery phase, but it can only detect
them in the envelope of the email, which is used when an email is bounced. However,
when used in conjunction with DMARC authentication, SPF can detect a forged
“visible sender,” which is a technique that is commonly used in phishing and spam.
Encrypt emails
DKIM uses public and private keys to prove that a sender is who they say they are.
Each message that goes out through SMTP needs a pair of keys that match a public
DNS record, which is verified by the receiving mail server.
Antimalware may detect and block spoofed emails before they reach their targets’
inboxes. It’s important to keep antimalware software up to date because attackers are
alert to newly-identified vulnerabilities and act quickly to exploit them.
Spam is abuse of electronic messaging systems to send uninvited bulk messages indiscriminately
Spam is any kind of unwanted, unsolicited digital communication that gets sent out in bulk. Often
spam is sent via email, but it can also be distributed via text messages, phone calls, or social media.
Spamming may be
E-Mail Spam
Advertisers have no operating costs beyond the management of their mailing lists
Usenet is the contraction of the User Network. It resembles just a Bulletin Board System
where users can post articles or posts on various topics.
A usenet is a collection of user-submitted articles or posts on various topics/subjects that
are posted to servers on world wide network.
Working of Usenet
The Usenet is built on the Network News Transfer Protocol (NNTP), a standard Internet
protocol in Request for Comments (RFC) 977 and has two components:
A client/server portion that allows users running client software such as
Google Chrome to interact with the news servers by downloading a list of
available. Usenet newsgroups on the server, read existing messages in the
newsgroups, reply to existing messages, or post new messages.
A server/server portion that allows news servers to establish communication
with each other, for the purpose of replicating messages from newsgroups. For
example, Microsoft Exchange Server fully supports NNTP.
Newsgroup
Each topic collection of posted notes is known as a Newsgroup. There are thousands of
newsgroups and it is also possible to form a new one. Many newsgroups are hosted on
Internet-connected servers but they can also be hosted from servers without the Internet.
Advantages of Newsgroups
Newsgroups are similar in some ways to mailing lists, but they tend to have a
structure better than mailing lists, which makes it more likely that they will be
around for much longer than a mailing list.
It is easy to find a newsgroup, and they sometimes have a moderator. A
moderator is one who makes sure that things stay on track and do not
disintegrate into something that is unpleasant socially.
Most often than not, you will be able to find the FAQs (Frequently Asked
Questions) section on a newsgroup, which is always helpful for those who are
not sure about anything. These questions tend to be the ones that are asked
repeatedly and so negate the need for constantly answering the same questions.
Disadvantages of Newsgroups
A newsgroup is not as fast as an email or even a mailing list. Often there might
be a latency of at least a day, often longer, before a response is given.
The information on the newsgroup is submitted by users who lack actual
knowledge about the domain on which they are posting the article, so you need
to be aware of this flaw, keep some alternatives ready for this and do a bit of
research first then only rely on it.
A serious disadvantage to a newsgroup is that they can sometimes attract people
who you would not give the time of day to if you were to meet them in person.
This is especially worrying if children have access to newsgroups.
The Information Technology Act, 2000 also Known as an IT Act is an act proposed by
the Indian Parliament reported on 17th October 2000. This Information Technology
Act is based on the United Nations Model law
CYBERCRIMES are punishable under two categories: the ITA 2000 and the IPC
207 cases under ITA 2000 in 2007
339 cases recorded under IPC
The main objective of this act is to carry lawful and trustworthy electronic, digital and
online transactions and reduce cybercrimes. The IT Act has 13 chapters and 94
sections.
The IT Act, 2000 has two schedules:
First Schedule –
Deals with documents to which the Act shall not apply.
Second Schedule –
Deals with electronic signature or electronic authentication method.
The offences and the punishments in IT Act 2000 :
The offences and the punishments that falls under the IT Act, 2000 are as follows :-
1. Tampering with the computer source documents.
2. Directions of Controller to a subscriber to extend facilities to decrypt
information.
3. Publishing of information which is obscene in electronic form.
4. Penalty for breach of confidentiality and privacy.
5. Hacking for malicious purposes.
6. Penalty for publishing Digital Signature Certificate false in certain
particulars.
7. Penalty for misrepresentation.
8. Confiscation.
9. Power to investigate offences.
10.Protected System.
11. Penalties for confiscation not to interfere with other punishments.
12.Act to apply for offence or contravention committed outside India.
13.Publication for fraud purposes.
14.Power of Controller to give directions.
This section of IT Act, 2000 states
that any act of destroying, altering or
stealing computer system/network or
deleting data with malicious
intentions without authorization
from owner of the computer is liable
for the payment to be made to owner
Section 43 as compensation for damages.
Cyberattacks can target a wide range of victims from individual users to enterprises or
even governments. When targeting businesses or other organizations, the hacker’s
goal is usually to access sensitive and valuable company resources, such as
intellectual property (IP), customer data or payment details.
Types of attacks:
Active attack
Used to alter system
Affects the availability, integrity and authenticity of data
Passive attack
Attempts to gain information about the target
Leads to breaches of confidentiality
Inside attack
Attack originating and/or attempted within the security perimeter of an
organization
Gains access to more resources than expected.
Outside attack
Is attempted by a source outside the security perimeter,
May be an insider or an outsider , who is indirectly associated with the
organization
Attempted through internet or remote access connection
Cyber-Attackers use various different methods to carry out the execution of Cyber-
Attacks on the computer network, depending on the ease through which the computer
network can be attacked on its vulnerability. Each type of Cyber-Attack is risky and
harmful in nature. Awareness about cyber crimes is very important for today’s young
generation to prevent cyber crimes from taking place and feel safe while using the internet
/ cyber technology.
Here, we will discuss one such very harmful Cyber-Attack Port Scanning Attack.
a port scan consists of sending a message to each port, one at a time. The kind of
response received indicates whether the port is used and can therefore be probed
for weakness.
The result of a scan on a port is usually generalised into one of the following
categories:
1. Open or accepted
2. Closed or not listening
3. Filtered or blocked.
The preventive ways for Port Scan attack are listed as follows :
Secured Firewalls
Strong Security Mechanisms
Social engineering is a manipulation technique that exploits human error to obtain private
information or valuable data. In cybercrime, the human hacking scams entice unsuspecting
users to disclose data, spread malware infections, or give them access to restricted systems.
Attacks can occur online, in-person, and by other interactions. Social engineering scams are
Impersonation
In this type of social-engineering attack, the hacker pretends to be an employee or
valid user on the system. A hacker can gain physical access by pretending to be a
janitor, employee, or contractor.
Desktop support
Calling tech support for assistance is a classic social-engineering technique.
Help desk and technical support personnel are trained to help users, which makes
them good prey for social engineering attacks.
Shoulder surfing—
o Shoulder surfing is the technique of gathering passwords by watching over a
person’s shoulder while they log in to the system.
Dumpster diving
Dumpster diving involves looking in the trash for information written on pieces of
paper or computer printouts.
The hacker can often find passwords, filenames, or other pieces of confidential
information like SSN, PAN, Credit card ID numbers etc
2. Computer –Based Social Engineering
Computer-based social engineering uses computer software that attempts to retrieve
the desired information.
Fake E-mails
E-mail attachments
Pop-up windows
Fake E-mails
A message might come from a bank or other well-known institution with the need
to “verify” your login information.
E-Mail attachments
Emails sent by scammers may have attachments that include malicious code inside the
attachment. Those attachments can include keyloggers to capture users’ passwords,
viruses, Trojans, or worms.
Pop-up windows
Pop-up windows that advertise special offers may tempt users to unintentionally
install malicious software.
12. Explain briefly about Cloud Computing and its various types
of Services.
Cloud Computing can be defined as the practice of using a network of remote servers
hosted on the Internet to store, manage, and process data, rather than a local server or a
personal computer. Companies offering such kinds of cloud computing services are
called cloud providers
Software as a Service(SaaS)
Advantages of SaaS
1. Cost-Effective: Pay only for what you use.
2. Reduced time: Users can run most SaaS apps directly from their web
browser without needing to download and install any software. This reduces
the time spent in installation and configuration and can reduce the issues that
can get in the way of the software deployment.
3. Accessibility: We can Access app data from anywhere.
4. Automatic updates: Rather than purchasing new software, customers rely
on a
5. Scalability: It allows the users to access the services and features on-demand.
Platform as a Service
Advantages of PaaS:
1. Simple and convenient for users: It provides much of the infrastructure and
other IT services, which users can access anywhere via a web browser.
2. Cost-Effective: It charges for the services provided on a per-use basis thus
eliminating the expenses one may have for on-premises hardware and
software.
3. Efficiency: It allows for higher-level programming with reduced complexity
thus, the overall development of the application can be more effective.
Infrastructure –as –a-service(IaaS):
Examples :
AWS
Microsoft Azure
Advantages of IaaS:
1. Cost-Effective: Eliminates capital expense and reduces ongoing cost and
IaaS customers pay on a per-user basis, typically by the hour, week, or
month.
2. Website hosting: Running websites using IaaS can be less expensive than
traditional web hosting.
3. Security: The IaaS Cloud Provider may provide better security than your
existing software.
4. Maintenance: There is no need to manage the underlying data center or the
introduction of new releases of the development or underlying software. This
is all handled by the IaaS Cloud Provider.