Cyber Crime

REPORT

ON

CYBER CRIME AND ETHICAL

HACKING

In partial fulfillment for the award of the degreeOf

BTECHIN

INFORMATION TECHNOLOGYBHARAT INSTITUTE OF TECHNOLOGY

SUBMITTED TO: SUBMITTED BY:

MS. AARUSHEE SHUBHAM AGARWAL

CYBER CRIME AND ETHICAL HACKING

0912813111

ACKNOWLEDGEMENT

Apart from the efforts of me, the success of any project depends largely on the

encouragement and guidelines of many others. I take this opportunity to express my

gratitude to the people who have been instrumental in the successful completion of this

project.

I would like to show my greatest appreciation to my mentor Miss Aarushee. I can’t say

thank you enough for her tremendous support and help. I feel motivated and encouraged

every time I attend her meeting. Without his encouragement and guidance this project

would not have materialized.

The guidance and support received from all the members who contributed and who are

contributing to this project, was vital for the success of the project. I am grateful for their

constant support and help.

Page 2


BONAFIDE CERTIFICATE

Certified that this report “ETHICAL HACKING AND CYBER CRIME

” is the bonafide work of SHUBHAM AGARWAL of Btech IT 3rd year

who carried out the project work under my supervision.

SIGNATURE SIGNATURE

HEAD OF THE DEPARTMENT SUPERVISOR

Page 3


TABLE OF CONTENTS

INTRODUCTION………………………………………………………..5

DEFINING CYBER CRIME……………………………………………7

EXAMPLES…………….………………………………………………..8

FREQUENTLY USED CYBER-CRIME......………………………….12

HACKING …………………….. ……………………………………....17

ETHICAL HACKING………………………….....................................18

COUNTER MEASURES.........................................................................20

CONCLUSION..........................................................................................22

BIBLIOGRAPHY……………………………………………………….23

Page 4


INTRODUCTION

The first recorded cyber-crime took place in the year 1820! That is not surprising considering the fact that the abacus, which is thought to be the earliest form of a computer, has been around since 3500 B.C. in India, Japan and China. The era of modern computers, however, began with the analytical engine of Charles Babbage.

In1820, Joseph-Marie Jacquard, a textile manufacturer in France, produced the loom. This device allowed the repetition of a series of steps in the weaving of special fabrics.

This resulted in a fear amongst Jacquard's employees that their traditional employment and livelihood were being threatened. They committed acts of sabotage to discourage Jacquard from further use of the new technology. This is the first recorded cyber-crime!

Today computers have come a long way, with neural networks and Nano-computing promising to turn every atom in a glass of water into a computer capable of performing a Billion operations per second.

Cyber-crime is an evil having its origin in the growing dependence on computers in modern life. In a day and age when everything from microwave ovens and refrigerators to nuclear power plants is being run on computers, cyber-crime has assumed rather sinister implications.

Page 5


Major cyber-crimes in the recent past include the Citibank rip off. US $ 10 million were fraudulently transferred out of the bank and into a bank account in Switzerland. A Russian hacker group led by Vladimir Kevin, a renowned hacker, perpetrated the attack.

The group compromised the bank's security systems. Vladimir was allegedly using his office computer at AO Saturn, a computer firm in St. Petersburg, Russia, to break into Citibank computers. He was finally arrested on Heathrow airport on his way to Switzerland

Page 6


DEFINING CYBER-CRIME

At the onset, let us satisfactorily define "cyber-crime" and differentiate it from "conventional Crime". 166 Computer crime can involve criminal activities that are traditional in nature, such as theft, fraud, forgery, defamation and mischief, all of which are subject to the Indian Penal Code. The abuse of computers has also given birth to a gamut of new age crimes that are addressed by the Information Technology Act, 2000.

Defining cyber-crimes, as "acts that are punishable by the Information Technology Act" would be unsuitable as the Indian Penal Code also covers many cyber-crimes, such as email spoofing and cyber defamation, sending threatening emails etc. A simple yet sturdy definition of cyber-crime would be "unlawful acts wherein the computer is either a tool or a target or both".

Let us examine the acts wherein the computer is a tool for an unlawful act. This kind of activity usually involves a modification of a conventional crime by using Computers.

Page 7


EXAMPLES OF CYBER-CRIME

Financial crimes

This would include cheating, credit card frauds, money laundering etc. To cite a recent case, a website offered to sell Alphonso mangoes at a throwaway price. Distrusting such a transaction, very few people responded to or supplied the website with their credit card numbers. These people were actually sent the Alphonso mangoes. The word about this website now spread like wildfire. Thousands of people from all over the country responded and ordered mangoes by providing their credit card numbers. The owners of what was later proven to be a bogus website then fled taking the numerous credit card numbers and proceeded to spend huge amounts of money much to the chagrin of the card owners.

Cyber pornography

This would include pornographic websites; pornographic magazines produced using computers (to publish and print the material) and the Internet (to download and transmit pornographic pictures, photos, writings etc). Recent Indian incidents revolving around

Page 8


cyber pornography include the Air Force Balbharati School case. A student of the Air Force Balbharati School, Delhi, was teased by all his classmates for having a pockmarked face. Tired of the cruel jokes, he decided to get back at his tormentors. He scanned photographs of his classmates and teachers, morphed them with nude photographs and

put them up on a website that he uploaded on to a free web hosting service. It was only after the father of one of the class girls featured on the website objected and lodged a complaint with the police that any action was taken.In another incident, in Mumbai a Swiss couple would gather slum children and then would force them to appear for obscene photographs. They would then upload these photographs to websites specially designed for pedophiles. The Mumbai police arrested the couple for pornography.

Sale of illegal articles

This would include sale of narcotics, weapons and wildlife etc., by posting information on websites, auction websites, and bulletin boards or 167 simply by using email communication. E.g. many of the auction sites even in India are believed to be selling cocaine in the name of 'honey'.

Online gambling

There are millions of websites; all hosted on servers abroad, that offer online gambling. In fact, it is believed that many of these websites are actually fronts for money laundering.

Intellectual Property crimes

These include software piracy, copyright infringement, trademarks violations, theft of computer source code etc.

Email spoofing

A spoofed email is one that appears to originate from one source but actually has been sent from another source. E.g. Pooja has an e-mail address [email protected]. Her enemy, Sameer spoofs her e-mail and sends obscene messages to all her acquaintances. Since the mails appear to have originated from Pooja, her friends could take offence and relationships could be spoiled for life.

Page 9


Email spoofing can also cause monetary damage. In an American case, a teenager made millions of dollars by spreading false information about certain companies whose shares he had short sold. This misinformation was spread by sending spoofed emails,

purportedly from news agencies like Reuters, to share brokers and investors who were informed that the companies were doing very badly. Even after the truth came out the values of the shares did not go back to the earlier levels and thousands of investors lost a lot of money.

Forgery

Counterfeit currency notes, postage and revenue stamps, mark sheets etc can be forged using sophisticated computers, printers and scanners. Outside many colleges across India, one finds touts soliciting the sale of fake mark sheets or even certificates. These are made using computers, and high quality scanners and printers. In fact, this has becoming a booming business involving thousands of Rupees being given to student gangs in exchange for these bogus but authentic looking certificates.

Cyber Defamation

This occurs when defamation takes place with the help of computers and / or the Internet. E.g. someone publishes defamatory matter about someone on a website or sends e-mails containing defamatory information to all of that person's friends. In a recent occurrence, Surekha (names of people have been changed), a young girl was about to be married to Suraj. She was really pleased because despite it being an arranged marriage, she had liked the boy. He had seemed to be open-minded and pleasant. Then, one day when she met Suraj, he looked worried and even a little upset. He was not really interested in talking to her. When asked he told her that, members of his family had been receiving e-mails that contained malicious things about Surekha's character.

Some of them spoke of affairs, which she had had in the past. He told her 168 that, his parents were justifiably very upset and were also considering breaking off the engagement. Fortunately, Suraj was able to prevail upon his parents and the other elders of his house to approach the police instead of blindly believing what was contained in the mails.During investigation, it was revealed that the person sending those e-mails was none other than Surekha's stepfather. He had sent these e-mails so as to break up the marriage. The girl's marriage would have caused him to lose control of her property of which he was the guardian till she got married. Another famous case of cyber defamation

Page 10


occurred in America. All friends and relatives of a lady were beset with obscene e-mail messages appearing to originate from her account. These mails were giving the lady in question a bad name among her friends. The lady was an activist against pornography. In

reality, a group of people displeased with her views and angry with her for opposing they had decided to get back at her by using such underhanded methods. In addition to sending spoofed obscene e-mails they also put up websites about her, that basically maligned her character and sent e-mails to her family and friends containing matter defaming her.

Cyber stalking

The Oxford dictionary defines stalking as "pursuing stealthily". Cyber stalking involves following a person's movements across the Internet by posting messages (sometimes threatening) on the bulletin boards frequented by the victim, entering the chat-rooms frequented by the victim, constantly bombarding the victim with emails etc.

Page 11


FREQUENTLY USED CYBER-CRIME

Unauthorized access to computer systems or networks

This activity is commonly referred to as hacking. The Indian law has however given a different connotation to the term hacking, so we will not use the term "unauthorized access" interchangeably with the term "hacking".

Theft of information contained in electronic form

This includes information stored in computer hard disks, removable storage me-dia etc.

Email bombing

Page 12


Email bombing refers to sending a large number of emails to the victim resulting in the victim's email account (in case of an individual) or mail servers (in case of a company or an email service provider) crashing. In one case, a foreigner who had

been residing in Simla, India for almost thirty years wanted to avail of a scheme introduced by the Simla Housing Board to buy land at lower rates. When he made an application it was rejected on the grounds that the 169 schemes was available only for citizens of India. He decided to take his revenge. Consequently he sent thousands of mails to the Simla Housing Board and repeatedly kept sending e-mails till their servers crashed.

Data diddling

This kind of an attack involves altering raw data just before it is processed by a computer and then changing it back after the processing is completed. Electricity Boards in India have been victims to data diddling programs inserted when pri-vate parties were computerizing their systems.

Salami attacks

These attacks are used for the commission of financial crimes. The key here is to make the alteration so insignificant that in a single case it would go completely unnoticed. E.g. a bank employee inserts a program, into the bank's servers, that deducts a small amount of money (say Rs. 5 a month) from the account of every customer. No account holder will probably notice this unauthorized debit, but the bank employee will make a sizable amount of money every month. To cite an example, an employee of a bank in USA was dismissed from his job. Disgruntled at having been supposedly mistreated by his employers the man first introduced a logic bomb into the bank's systems. Logic bombs are programs, which are acti-vated on the occurrence of a particular predefined event. The logic bomb was programmed to take ten cents from all the accounts in the bank and put them into the account of the person whose name was alphabetically the last in the bank's rosters. Then he went and opened an account in the name of Ziegler. The amount being withdrawn from each of the accounts in the bank was so insignifi-cant that neither any of the account holders nor the bank officials noticed the fault. It was brought to their notice when a person by the name of Zygler opened his account in that bank. He was surprised to find a sizable amount of money being transferred into his account every Saturday.

Page 13


Denial of Service attack

This involves flooding a computer resource with more requests than it can han-dle. This causes the resource (e.g. a web server) to crash thereby denying autho-rized users the service offered by the resource. Another variation to a typical de-nial of service attack is known as a Distributed Denial of Service (DDoS) attack wherein the perpetrators are many and are geographically widespread. It is very difficult to control such attacks. The attack is initiated by sending excessive de-mands to the victim's computer(s), exceeding the limit that the victim's servers can support and making the servers crash. Denial-of-service attacks have had an impressive history having, in the past, brought down websites like Amazon, CNN, Yahoo and eBay!

Virus / worm attacks

Viruses are programs that attach themselves to a computer or a file and then cir-culate themselves to other files and to other computers on a network. They usu-ally affect the data on a computer, either by altering or deleting it. Worms, un-like viruses do not need the host to attach themselves to. They merely make

Page 14


functional copies of themselves and do this repeatedly till they eat up all the available space on a computer's memory. 170 The VBS_LOVELETTER virus (better

known as the Love Bug or the ILOVEYOU virus) was reportedly written by a Fil-ipino undergraduate.In May 2000, this deadly virus beat the Melissa virus hollow - it became the world's most prevalent virus. It struck one in every five personal computers in the world.When the virus was brought under check the true magnitude of the losses was incomprehensible. Losses incurred during this virus attack were pegged at US $ 10 billion.The original VBS_LOVELETTER utilized the addresses in Microsoft Outlook and emailed itself to those addresses. The e-mail, which was sent out, had "ILOVEYOU" in its subject line. The attachment file was named "LOVE-LETTER-FORYOU. TXT.vbs". The subject line and those who had some knowledge of viruses did not notice the tiny .vbs extension and believed the file to be a text file conquered people wary of opening e-mail attachments. The message in the e-mail was "kindly check the attached LOVELETTER coming from me". Since the initial outbreak over thirty variants of the virus have been developed many of them following the original by just a few weeks. In addition, the Love Bug also uses the Internet Relay Chat (IRC) for its propagation. It e-mails itself to users in the same channel as the infected user. Unlike the Melissa virus this virus does have a destructive effect. Whereas the Melissa, once installed, merely in-serts some text into the affected documents at a particular instant during the day, VBS_LOVELETTER first selects certain files and then inserts its own code in lieu of the original data contained in the file. This way it creates ever-increasing versions of itself. Probably the world's most famous worm was the Internet worm let loose on the Internet by Robert Morris sometime in 1988. The Internet was, then, still in its developing years and this worm, which affected thousands of computers, almost brought its development to a complete halt. It took a team of experts almost three days to get rid of the worm and in the meantime many of the computers had to be disconnected from the network.

Logic bombs

These are event dependent programs. This implies that these programs are cre-ated to do something only when a certain event (known as a trigger event) oc-curs. E.g. even some viruses may be termed logic bombs because they lie dor-mant all through the year and become active only on a particular date (like the Chernobyl virus).

Page 15


Trojan attacks

A Trojan as this program is aptly called, is an unauthorized program which func-tions from inside what seems to be an authorized program, thereby concealing what it is actually doing. There are many simple ways of installing a Trojan in someone's computer. To cite and example, two friends Rahul and Mukesh (names changed), had a heated argument over one girl, Radha (name changed) whom they both liked. When the girl, asked to choose, chose Mukesh over Rahul, Rahul decided to get even. On the 14th of February, he sent Mukesh a spoofed e-card, which appeared to have come from Radha's mail account. The e-card actually contained a Trojan. As soon as Mukesh opened the card, the Trojan was installed on his computer. Rahul now had complete control over Mukesh's computer and proceeded to harass him thoroughly.

Internet time thefts

This connotes the usage by an unauthorized person of the Internet hours paid for by another person. In a case reported before the enactment of the Informa-tion Technology Act, 2000 Colonel Bajwa, a resident of New Delhi, asked a nearby net café owner to come and set up his Internet connection. For this pur-pose, the net café owner needed to know his username and password. After having set up the connection he went away with knowing the present username and password. He then sold this information to another net café. One week later Colonel Bajwa found that his Internet hours were almost over. Out of the 100 hours that he had bought, 94 hours had been used up within the span of that week. Surprised, he reported the incident to the Delhi police. The police could not believe that time could be stolen. They were not aware of the concept of time-theft at all. Colonel Bajwa's report was rejected. He decided to approach The Times of India, New Delhi. They, in turn carried a report about the inade-quacy of the New Delhi Police in handling cyber-crimes. The Commissioner of Po-lice, Delhi then took the case into his own hands and the police under his direc-tions raided and arrested the net café owner under the charge of theft as de-fined by the Indian Penal Code. The net café owner spent several weeks locked up in Tihar jail before being granted bail.

Page 16


HACKING

Hacking is the practice of modifying the features of a system, in order to accomplish a

goal outside of the creator's original purpose. The person who is consistently engaging

in hacking activities, and has accepted hacking as a lifestyle and philosophy of their

choice, is called a hacker.

Computer hacking is the most popular form of hacking nowadays, especially in the field

of computer security, but hacking exists in many other forms, such as phone hacking,

brain hacking, etc. and it's not limited to either of them.

Due to the mass attention given to blackhat hackers from the media, the whole hacking

term is often mistaken for any security related cyber-crime. This damages the

reputation of all hackers, and is very cruel and unfair to the law abiding ones of them,

from who the term itself originated. The goal of this website is to introduce people the

true philosophy and ethics of hackers, hopefully clearing their name and giving them the

social status they deserve.

Page 17


ETHICAL HACKING

Ethical hacking, often performed by white hats or skilled computer experts, is the use of programming skills to determine vulnerabilities in computer systems. While the non-ethical hacker or black hat exploits these vulnerabilities for mischief, personal gain or other reasons, the ethical hacker evaluates them, points them out, and may suggest changes to systems that make them less likely to be penetrated by black hats. White hats can work in a variety of ways. Many companies utilize ethical hacking services from consultants or full-time employees to keep their systems and information as secure as possible.

The work of ethical hacking is still considered hacking because it uses knowledge of computer systems in an attempt to in some way penetrate them or crash them. This work is ethical because it is performed to increase the safety of the computer systems. It’s reasoned that if a white hat can somehow break the security protocols of a system, so can a black hat. Thus, the goal of ethical hacking is to determine how to break in or create mischief with the present programs running, but only at the request of the company that owns the system and specifically to prevent others from attacking it.

People enter the field of ethical hacking in a variety of ways. Many people are very computer savvy and many, but not all, have an educational background in computer science. In some instances, the white hat has gained his or her experience by first being a black hat.

If black hat hacking was at a sufficiently criminal level, the black hat turned white hat may have served jail time before resuming a career in a more productive and positive way as an ethical hacker. The computer world is peopled with former black hats, who now hold ethical hacking jobs. Conversely, some white hats, such as Steve Wozniak, never committed any illegal acts, but simply possess the know-how and skills to analyze problems with any computer system.

With increasing use of the Internet and concerns about its security, especially when it comes to things like consumer information or private medical details, there is considerable need for computer experts to work in ethical hacking. Even sites owned by organizations like the US government have been hacked in the past, and concern about information theft remains incredibly high. Designing impenetrable systems or identifying the current weaknesses of a system are vital parts of keeping the Internet safe and

Page 18


information private, and even with the present legion of ethical hackers that perform this work, there is still more work to do.

Those with interest in the field of ethical hacking often acquire a lot of their skills on their own, and many have particular talent with and affinity for computers. Some knowledge can also be acquired through formal education in computer programming. This work requires creativity, and the ethical hacker must be able to think outside of the box, coming up with as many possible ways as he or she can derive, a system might be encroached upon by black hats.

Page 19


HACKING COUNTER MEASURES

The very use of the word hacking causes some people’s antennae to go up.

This is because computer hacking has always been associated with something

bad. Hacking is when someone gains access to a computer or network without

permission. The changing technological landscape has given rise to what is

known as ethical hacking. This is where a hacker knowingly hacks into a

computer network to find weaknesses so as to help find solutions to strengthen it.

Many companies employ hackers to perform ethical hacking as well as to be part

of their security and technical support staff.

So how do hackers decide which computers to get into? There are many ways, but

it all depends on your security levels. Some hackers do it for money or to steal

company secrets, others just to prove a point. Hackers like to get into ‘secure’

networks to test their skills and show up a company. The average user whose

computer gets hacked sometimes invites the hacker in with their own computing

behavior. One way is the opening of attachments from unknown senders. Another

is by downloading from warez sites — sites that allow the downloading of pirated

software.

The easiest ways to protect against unauthorized access to a PC or network is to

use firewalls, routers, anti-spyware and anti-virus software, and external drives.

They must be updated regularly when updates become available. Use strong

passwords that are a combination of lowercase and uppercase letters, numbers and

other characters.

Avoid downloading software from key generation sites and those that offer

software cracks. If you are so inclined, it is better to have a PC reserved for this

purpose. When you have completed your download, you can check for malicious

programs before using it on your main PC.

Page 20


Knowledge is power when it comes to hacking countermeasures. Knowing what

is possible makes it easier to take preventative steps. In addition to the steps

discussed above, web browsers should also be updated regularly.

Page 21


CONCLUSION

The word "hacker" carries weight. People strongly disagree as to what a hacker

is. Hacking may be defined as legal or illegal, ethical or unethical. The media’s portrayal

of hacking has boosted one version of discourse. The conflict between discourses is

important for our understanding of computer hacking subculture. Also, the outcome of

the conflict may prove critical in deciding whether or not our society and institutions

remain in the control of small elite or we move towards a radical democracy (a.k.a.

socialism). It is my hope that the hackers of the future will move beyond their limitations

(through inclusion of women, a deeper politicization, and more concern for recruitment

and teaching) and become hacktivists. They need to work with non-technologically based

and technology-borrowing social movements (like most modern social movements who

use technology to do their task more easily) in the struggle for global justice. Otherwise

the non-technologically based social movements may face difficulty continuing to resist

as their power base is eroded while that of the new technopower elite is growing – and

the fictionesque cyberpunk-1984 world may become real.

Page 22


BIBLIOGRAPHY

[1] http://en.wikipedia.org/

[2] http://webopedia.com/

[3] http://computerworld.com/

[4] http://lorrie.cranor.org/

Page 23

http://lorrie.cranor.org/

http://computerworld.com/

http://webopedia.com/

http://en.wikipedia.org/

Cyber Crime

Documents

indian penal

simla housing

credit card

information

black hat

white hat

black hats

logic bomb