Cyber crime and security 1

BYINDHURANI CII M.E SE

CYBER CRIME AND SECURITY

CONTENTS

What is cyber crime?

History

Classification of cyber crime

Types of cyber crime

Cyber Security

Cyber Security standards

Cyber Law

WHAT IS CYBER CRIME?

Cyber crime refers to any crime that involves a computer/mobile and a network. The computer may have been used in the commission of a crime, or it may be the target.

Cyber hackers apply all sorts of techniques (hacking, use of malware for intercepting data, etc.) in stealing personal or financial data from their victims, generally from their computers.

HISTORY

The first spam email took place in 1978 when it was sent out over the ARPANET (Advanced Research Projects Agency Network).

The first virus was installed on an Apple computer by a high school student, Rich Skrenta in the year 1982.

Cyber Crime refers to all activities done with criminal intent in cyberspace. These fall into three slots.

Cyberspace is the electronic medium of computer networks in which online communication takes place.

Those against persons.

Against Business and Non-business organizations.

Crime targeting the government.

CLASSIFICATION OF CYBER CRIME

Computer as a tool

Computer as a target

Computer as an instrumentality

Crime associated with prevalence of computers

COMPUTER AS A TOOL

When the individual is the main target of the crime the computer can be considered as a tool rather than target.

These crimes are not done by technical experts.

Eg: Spam, cyber stalking , cyber theft etc.

COMPUTER AS A TARGET

These crimes are committed by a selected group of people with technical knowledge.

Destruction of information in the computer by spreading virus.

Eg : Defacement, cyber terrorism etc.

COMPUTER AS AN INSTRUMENTALITY

The crime is committed by manipulating the contents of computer systems.

With the advent of computer the criminal have started using the technology as an aid for its perpetuation.

Eg: Drug trafficking, money laundering etc.

CRIME ASSOCIATED WITH PREVALENCE OF COMPUTERS

Copyright violation

Material copied from sources that are not public domain or compatibly licensed without the permission of copyright holder.

Copyright violation causes legal issues.

TYPES OF CYBER CRIME

Financial crimes

Sale of illegal articles

Online gambling

Intellectual Property crimes

Theft of information contained in electronic form

Email bombing

Key loggers

CONTD.

Cyber Defamation

Cyber stalking

Data Diddling

Salami attacks

Email spoofing

Phishing

Click jacking

CONTD.

Hacking

Denial of Service attack

Virus/worm attacks

Logic bombs

Trojan attacks

Internet time theft

Web jacking

Financial crime includes credit card frauds, money laundering, Forgery etc

Money laundering is the process by which large amount of illegally obtained money is given the appearance of having originated from a legitimate source

Sale of illegal articles includes selling of narcotic drugs, weapons, wildlife etc to terrorists.

Email bombing refers to sending a large amount of e-mails to the victim resulting in crashing of victims e-mail account or mail servers.

Data diddling is a kind of an attack which involves altering of raw data just before it is processed by a computer and then changing it back after the processing is completed.

Intellectual Property Crimes includes software piracy, copyright infringement, trademarks violations etc.

Theft of information contained in electronic from-This includes information stored in computer hard disks, removable storage media etc.

Web defacement is usually the substitution of the original home page of a website with another page (usually pornographic or defamatory in nature) by a hacker.

Cyber Defamation occurs when defamation takes place with the help of computers and or the Internet e.g. e-mail containing defamatory information about that person.

What is defamation?

Defamation is the act of harming the reputation of person by making a false statement to another.

Cyber Stalking refers to the use of the Internet, e-mail, or other electronic communications devices to stalk another person.

Stalking generally involves harassing or threatening behavior that an individual engages in repeatedly, such as following a person, appearing at a person's home or place of business, making harassing phone calls, leaving written messages or objects, or vandalizing a person's property.

Denial of Service involves flooding computer resources with more requests than it can handle. This causes the resources to crash thereby denying authorized users the service offered by the resources.

Virus/worm are programs that attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network. They usually affect the data on a computer, either by altering or deleting it. Worms, unlike viruses don not need the host to attach themselves to.

Trojan Horse-A Trojan as this program is aptly called, is an unauthorized program which functions from inside what seems to be an authorized program, thereby concealing what it is actually doing.

Internet Time Theft-This connotes the usage by unauthorized persons of the Internet hours paid for by another person.

Web jacking-This occurs when someone forcefully takes control of a website (by cracking the password ). The actual owner of the website does not have any more control over what appears on that website.

Logic bombs are dependent programs. This implies that these programs are created to do something only when a certain event occurs, e.g. some viruses may be termed logic bombs because they lie dormant all through the year and become active only on a particular date.

E-Mail spoofing-A spoofed email is one that appears to originate from one source but actually has been sent from another source. This can also be termed as E-Mail forging.

Salami attacks are used for the commission of financial crimes. The key here is to make the alteration so insignificant that in a single case it would go completely unnoticed e.g. A bank employee inserts a program into bank’s servers, that deducts a small amount from the account of every customer.

Clickjacking is a form of cyber attack where the hacker uses an invisible layer over the embedded web content (this could be an image, video or button) to intercept and ‘hijack’ you to a mirror website and mine information from you.

Cyber terrorism is the premeditated use of disruptive activities, or the threat thereof, in cyber space, with the intention to further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives.

Eg: A simple propaganda in the Internet/SMS, that there will be bomb attacks during the holidays

Mobile pickpocketing (SMS/call fraud), or the ability to charge a phone bill via SMS billing and phone calls. Malware uses these mechanisms to steal directly from user accounts.

Keyloggers are regularly used in computers to log all the strokes a victim makes on the keyboard.

Eg: If a key logger is installed on a computer which is regularly used for online banking and other financial transactions then their passwords can be taken without the knowledge of the user

CYBER SECURITY

It is not possible to eliminate cyber crime from the cyber space. It is quite possible to check them.

Awareness is the first step in protecting yourself.

Invest in Anti-virus, Firewall, and SPAM blocking software for your PC.

Change passwords on a regular basis

Use complex passwords (include numbers and special characters)

CONTD.

Do not automatically check boxes before reading the contents of any agreement of the software.

Avoiding use of unauthorized software.

Avoid opening of unknown emails.

Use internet filtering software.

Data Level Security Using encrypting softwares

Disable remote connectivity (such as Bluetooth)

CYBER SECURITY STANDARDS

Cyber security standards are security standards which enable organizations to practice safe security techniques to minimize the number of successful cyber security attacks.

It provides general outlines as well as specific techniques for implementing cyber security.

Some of the standards are ISO 27002,NERC, NIST,ISO 15408,RFC 2196,ISA-99.

LEGAL ACTS

• The Computer Fraud and Abuse Act

• The Digital Millennium Copyright Act

• The Electronic Communications Privacy Act

• The Stored Communications Act

• Identity Theft and Aggravated Identity Theft

• Identity Theft and Assumption Deterrence Act

• Gramm-Leach-Bliley Act

• Internet Spyware Prevention Act

CONTD.

Stored Communications Act which is passed in 1986 is focused on protecting the confidentiality, integrity and availability of electronic communications that are currently in some form of electronic storage

Digital Millennium Copyright Act which is passed in 1998 is a United States copyright law that criminalizes the production and dissemination of technology, devices

Electronic Communications Privacy Act of 1986 extends the government restrictions on wiretaps from telephones.

CONTD.

Internet Spyware Prevention Act (I-SPY) prohibits the implementation and use of spyware.

Gramm-Leach-Bliley Act (GLBA) requires financial institutions and credit agencies increase the security of systems that contain their customers’ personal information.

Identity Theft and Aggravated Identity Theft defines the conditions under which an individual has violated identity theft laws.

CYBER LAW

Cyberlaw is a generic term which refers to all the legal and regulatory aspects of Internet and the World Wide Web. Anything concerned with or related to or emanating from any legal aspects or issues concerning any activity of netizens in and concerning Cyberspace comes within the ambit of Cyberlaw.

SNAPSHOT OF IMPORTANT CYBERLAW PROVISIONS IN INDIA

Offence Section under act

Tampering with Computer source documents

Sec.65

Hacking with Computer systems, Data alteration

Sec.66

Publishing obscene information Sec.67

Un-authorized access to protected system

Sec.70

Breach of Confidentiality and Privacy

Sec.72

Publishing false digital signature certificates

Sec.73

CONTD.

Offence Section under act

Sending threatening messages by email

Sec 503 IPC

Sending defamatory messages by email

Sec 499 IPC

Forgery of electronic records Sec 463 IPC

Bogus websites, cyber frauds Sec 420 IPC

Email spoofing Sec 463 IPC

Web-Jacking Sec 383 IPC

E-Mail Abuse Sec 500 IPC

Online sale of Drugs NDPS Act

Online sale of Arms Arms Act

Though we have so many methods to protect from cyber crime, only awareness will help us to get rid of this problem.

In case of emergency to complaint about cyber crime contact the following email ids and phone numbers.

cbcyber@tn.nic.in ,cop@vsnl.net , cidap@cidap.gov.in , info@cidap.gov.in

0422-23452350, 98414-94329,22201026 ,22943050 .

REFERENCES

http://en.wikipedia.org/wiki/Computer crime

http://en.wikipedia.org/wiki/Computer security

http://en.wikipedia.org/wiki/Computer crime

http://en.wikipedia.org/wiki/Cyber Security And Identity Theft

http://en.wikipedia.org/wiki/Cyber security standards

http://en.wikipedia.org/wiki/Cyber Security Tips

http://en.wikipedia.org/wiki/ Cybercrime and countermeasures

Evolution_of_Cyber_Crime.pdf

QUERIES??!

THANK YOU