Download Study Material for MCA (SEM-V) Subject: Cyber Security and

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Information privacy law wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Trusted Computing wikipedia , lookup

Mobile security wikipedia , lookup

Malware wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Cyberwarfare wikipedia , lookup

Cyberterrorism wikipedia , lookup

Computer security wikipedia , lookup

Social engineering (security) wikipedia , lookup

Cyberattack wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

International cybercrime wikipedia , lookup

Cybercrime wikipedia , lookup

Transcript
Study Material for MCA (SEM-V)
Subject: Cyber Security and Forensics (Elective-II)
Subject Code: 650008
Unit 1: Introduction to Cybercrime
Q1) What is cybercrime? How do you define it.
OR
What is cybercrime? Explain in brief about its origin and its impact in the cyber world.
Ans)
Cybercrime : Definition and origins of the word
•
There are many definitions for cyber crime:
 Cyber crime is any illegal behaviour, directed by means of electronic operations, that targets the
security of computers and data processed by them.
 A crime committed using the computer and the internet to steal a person’s identity or sell
contraband or stalk victims or disrupt operations with malevolent programs.
 Cybercrime is any criminal activity which uses network access to commit a criminal act.
 Opportunities for the exploitation have grown due to weakness in information security and
exponential growth of the internet.
 Cybercrime may be internal or external.
 The term cybercrime has evolved over the past few years since the adoption of internet
connection on global scale.
•
Two types of attack are prevalent
1) Techno crime:
•
A premeditated act against a system or systems, with the intent to copy, steal, prevent access,
corrupt or otherwise deface or damage parts of or the complete computer system .
•
The 24x7 connection to the internet makes this type of cybercrime a real possibility to the
engineer from anywhere in the world, leaving few, if any “finger prints”.
1
2) Techno-vandalism:
•
The acts of brainless defacement of websites and/or other activities, such as copying files and
publicizing their contents, are usually opportunistic in nature.
•
The term cybercrime has become notorious due to the word terrorism attached with it that is
cyber terrorism.
•
There is often a very thin line between the two terms computer crime and computer fraud both
are punishable.
•
Cybercrime differs form most terrestrial crimes in four ways:
a) How to commit them is easier to learn
b) They require few resources relative to potential damage caused.
c) They can be committed in jurisdiction without being physically present in it
d) They are often not clearly illegal
•
The term cyber has some interesting synonyms : fake, replicated, pretend, imitation, virtual,
computer generated.
•
Cyber means combining forms relating to information technology, the internet and virtual
reality.
•
This term owes its origin to the word “cybernetics” which deals with information and its use.
•
Worldwide cyber terrorists use computer as a tool, target or both for their unlawful act to gain
information which can result heavy loss/damage to the owner of that intangible (vague)
sensitive information.
•
This can be done using using methods such as phishing, spoofing , pharming, wire transfer etc.
Q.2) How cybercrime is associated with information security?
Ans)
Cybercrime and information security.
•
Lack of information security gives rise to cyber crimes
•
India has amended the Indian Information Technology Act (ITA)2000 in the context of
cybercrime.
•
The new version of act ITA 2008 provides a new focus on “Information security in India”
2
•
Cyber security means protecting information , equipment, devices, computer , computer
resource, communication device and information stored therein from unauthorized access, use,
disclosure, disruption(trouble), modification and destruction.
•
Where financial losses to the organization due to insider crimes are concerned often some
difficulty is faced in estimating the losses because the financial impacts may not be detected by
the victimized organization and no direct costs may be associated with the data theft.
•
For anyone trying to compile data on business impact of cybercrime, there are number of
challenges.
•
One of them comes from the fact that organizations do not incorporate the cost of vast majority
of computer security incidents into their accounting.
•
The other comes from the difficulty in attaching a quantifiable monetary value to the corporate
data and yet corporate data get stolen/lost through loss/theft of laptops.
•
Because of these reasons reporting of financial losses often remains approximate.
•
In an attempt to avoid negative publicity, most organizations abstains (avoid) from revealing
facts and figures about security incidents including cybercrime.
•
Even awareness about data privacy tends to be low in organizations.
Q.3) Who are cybercriminals? Explain their types.
Ans)
Cybercriminals:
•
Cybercrime involves such activities as child pornography, credit card fraud, cyber stalking,
ignoring copyright, software licensing, software piracy and identity theft etc.
•
Cyber criminals are those who conduct such acts.
They can be categorized into three groups.
Type 1: Cybercriminals -hungry for recognition
•
Hobby hackers
•
IT professionals
•
Politically motivated hackers
•
Terrorist organizations
3
Type 2: Cybercriminals – not interested in recognition
•
Psychological perverts
•
Financially motivated hackers(corporate espionage)
•
State sponsored hacking(national espionage, sabotage)
•
Organized criminals
Type III: Cybercriminals- the insiders
•
Disgruntled or former employees seeking revenge
•
Competing companies using companies to gain economic advantage through damage and/ or
theft.
Thus the typical motives behind cybercrime seem to be greed, desire to gain power and/or publicity,
desire for revenge, a sense of adventure, destructive mindset and desire to sell network security
services
Q.4) Give the classification of cybercrime.
Ans)
Classifications of cyber crimes:
Cybercrimes are classified as follows:
1) Cybercrime against individual

E-mail spoofing and other online frauds

Phishing, spear phishing and its various forms such as vishing and smishing

Spamming

Cyberdefamation

Cyberstalking and harassment

Computer sabotage

Pornographic offenses

Password sniffing
4
2)Cybercrime against property

Credit card frauds

Intellectual property crimes

Internet time theft
3) Cybercrime against organization

Unauthorized accessing of computer

Password sniffing

Denial-of-service attacks

Virus attack

E-mail bombing/ mail bombs

Salami attacks

Logic bomb

Trojan horse

Data diddling

Crimes emanating from Usenet newsgroup

Industrial spying/ industrial espionage

Computer network intrusion

Software piracy
4) Cybercrime against society

Forgery

Cyberterrorism

Web jacking
5) Crimes emanating from Usenet newsgroup:
5
Q.5) How do we classify cybercrime? Explain each one briefly.
Ans)
N.B) Classification is as above, separate questions can be asked on mix of topics.
1) E-mail spoofing:

A spoofed e-mail is one that appears to originate from one source but actually has been sent
from another source.
2) Spamming:

People who create electronic spam are called spammers.

Spam is the abuse of electronic messaging systems to send unsolicited bulk messages
indiscriminately.

E-mail spam is the most widely recognized spam.

There are various other spam instant messaging spam, UseNet newsgroup spam, spam blogs
etc.

Spamming is difficult to control because it has economic (feasibility)-advertisers have no
operating costs beyond the management of their mailing lists, and it is difficult to senders
accountable for their mass mailings.
3)Cyber defamation:

Defamation is the act in which, words either spoken or intended to be read, or by signs or by
visible representations any allegation concerning any person intending to harm the reputation
of that person

Cyber defamation happens when defamation takes place with the help of computers and/or
internet.

For eg. Some one publishes defamatory matter about someone on website or sends an e-mail
containing defamatory information to all friends of that person.

Libel is written defamation and slander is oral defamation.
4) Internet time theft:

Such a theft occurs when an unauthorized person uses the internet hours paid for by another
person.
6

Internet time theft comes under hacking because the person who gets access to someone else’s
ISP user ID and password , either by hacking or by gaining access to it by illegal means , uses it to
access the internet without the other person’s knowledge.

However, one can identify the time theft if the internet time has to be recharged often.
5) Salami attack/ salami technique:
N.B).
(Salami is cured sausage, fermented and air-dried meat, originating from one of a variety of animals.)
The name ‘salami attack’ comes from the fact that salami is cut into very thin slices. It is also known as
salami shaving.

A salami attack is a series of minor attacks that together results in a larger attack.

These attacks are used for committing financial crime.

The idea here is to make an alteration so insignificant that in a single case it would go
completely unnoticed.

For eg a bank employee inserts a program, into the bank servers, that deducts a small amount of
money from the account of every customer.

No account holder will probably notice this unauthorized debit, but the bank employee will
make a sizable amount of money every month.
6) Data diddling:

A data diddling attack involves altering raw data just before it is processed by a computer and
then changing it back after the processing is completed.

Electricity boards in India have been victims to data diddling programs when private parties
computerize their systems.
7)Forgery:

Counterfeit currency notes, postage and revenue stamps, mark sheets etc. can be forged using
sophisticated computers, printers and scanners.

Outside many colleges there are many miscreants soliciting sale of fake mark sheets or even
degree certificates.
8) Web jacking:

Web jacking occurs when someone forcefully takes control of a website.
7

The first stage involves password sniffing.

The actual owner of the website does not have any control over what appears on that website.
9) Newsgroup spam/ Crimes emanating from Usenet newsgroups:

The advent of Google groups and its large UseNet archive has made UseNet more attractive to
spammers than ever.

Spamming of Usenet newsgroups actually predates e-mail spam.

The first widely recognized UseNet spam titled “Global alert for all: Jesus is coming soon” was
posted on 18th Jan 1994
10) Industrial spying/ industrial espionage:

Today corporations like government often spy on the enemy.

The internet and the privately owned systems provide new and better opportunities for
espionage.

Spies can get information about product finances , research and development and marketing
strategies, an activity called as industrial spying.

Cyber spies rarely leave behind a trail.

This has been the reserved hunting field of few hundreds of highly skilled hackers, contracted by
high profile companies or certain governments.

With growing public availability of Trojans and spyware material even low skilled individuals
have got involved into it

One interesting case is the famous Israeli Trojan story, where a software engineer created a
Trojan horse program specifically designed to extract critical data gathered from machines
infected by his program.

He made business out of it by selling his program to companies in Israel.
11) Hacking:
The purpose of hacking are many, the main are:

Greed

Power

Publicity

Revenge
8

Adventure

Desire to access forbidden information.

Destructive mindset.

Every act committed toward breaking into computer and/or network is hacking and it is an
offense.

Hackers write or use readymade computer programs to attack the target computer.

They possess the desire to destruct and get an enjoyment out of this.

Some do it for monetary gains such as stealing credit card information, transferring money from
various bank accounts to their account.

They extort money from corporate giant threatening him to publish the stolen information.

Government websites are hot favorite for hackers.

Hackers, crackers and phreakers are some of the oft heard terms.

The original meaning of the word hack meaning an elegant, witty or inspired way of doing
almost anything
12) Online frauds:

There are few major types of crimes under the category of hacking: spoofing websites and Email security alerts, hoax mails about virus threats, lottery frauds and spoofing.

In spoofing websites and e-mail security fear, fraudsters create authentic looking websites that
are nothing but spoof.

It prompts the user to enter personal information which is then used to access business and
bank accounts.

Such links come embedded in e-mails

In virus hoax(fraud) emails, the warning may be genuine, so there is always a dilemma whether
to take them lightly or seriously.

Lottery frauds are typically letters or e-mails that inform the recipient that he or she has won a
prize in a lottery.

They take bank details to transfer money and they also ask for processing fee.

The details provided can easily be used for other scams.

Spoofing means illegal intrusion, wherein the hacker poses as a genuine user(false identity).
9
13)Pornographic offense:

Child pornography means any visual depiction, including but not limited to the following.
 Any photograph that can be considered obscene and/or unsuitable for the age of a child viewer.
 Film, video, picture
 Computer generated image or picture of sexually explicit conduct where the production of such
visual depiction involves the use of minor engaging in sexually explicit conduct.

Child pornography is considered an offense.

Internet explosion has made children a viable victim to the cybercrime and pedophiles.

Pedophiles are the people who physically or psychologically pressurize minors to engage in
sexual activities.

The modus operandi of pedophiles is as under:
 Pedophiles use false identity to trap the children/teenagers.
 They seek children/teens in the kids areas on the services where the children gather.
 They befriend them.
 They extract children’s personal information by gaining their confidence.
 They start mailing these children using sexually explicit language.
 They start sending pornographic images/text in order to shed their inhibitions so that a feeling is
created in the mind of victim that what is being fed to them is normal and that everybody does
it.
 At thee end of it the pedophiles set up a meeting with the child out of the house and then drag
them into the net to further sexually assault him as a sex object.

Such things can be avoided if the parents are aware about it.

In most of the scenarios parents are unaware about the internet and the hidden dangers of it.

Most children remain unprotected in cyber world.
14) Software piracy:

Cybercrime investigation cell of India defines software piracy as theft of software through the
illegal copying of genuine programs or the counterfeiting and distribution of products intended
to pass for the original.
10

Various examples of software piracy
 End user copying –friends loaning disks to one another, organizations not tracking their software
licenses
 Hard disks loading with illicit means- hard disk vendors load pirated software.
 Counterfeiting – large scale duplication and distribution of illegally copied software.
 Illegal downloads from the internet- by intrusion , by cracking serial numbers.
•
Those who buy pirated software lose a lot:
a. Getting untested software that may have been copied thousands of times
b. The software may contain hard drive infecting virus
c. No proper license so no technical support.
d. There is no warranty protection.
e. No legal right to use the product.
15) Computer sabotage:

The use of internet to hinder(hamper) the normal functioning through the introduction of
worms, viruses or logic bombs, is referred to as computer sabotage.

It can be used to gain economic advantage over a competitor.

To promote illegal activities of the terrorists

To steal data or programs for extortion.

Logic bombs are event driven programs created to do something only when a certain event
(trigger) occurs.
16) Email bombs:

It refers to sending a large number of emails to crash victim’s email account or mail servers.

Computer programs can be written to instruct a computer to do such tasks on repeated basis.

In recent times, terrorism has hit the internet in the form of mail bombings.

This maybe or may not be legal but is certainly disruptive.
17)Usenet newsgroup as a source of cybercrime:
11

Usenet is a popular means of sharing and distributing information on the web with respect topic
or subject.

Usenet is a mechanism that allows sharing information in many to many manner.

The newsgroups are spread across 30000 different topics.

There is no technical method available for controlling the contents of any news group.

It is subject self regulation or net etiquette.

it is possible to put UseNet to following criminal use.
1. Distribution/ sale of pornographic material.
2. Distribution/ sale of pirated software packages.
3. Distribution of hacking software.
4. Sale of stolen credit card numbers.
5. Sale of stolen data/ stolen property.
18) Computer network intrusions:

Computer networks pose a problem by way security threat because people can get into them
from anywhere.

Crackers who are often misnamed hackers can break into computer systems from anywhere in
the world and steal data, plant viruses, create backdoors, insert Trojan horse or change
username and passwords.

Current laws are limited and many intrusions go undetected.

The cracker can easily by pass the password hence , the practice of strong password is
important.
19)Password sniffing:

Password sniffers are programs that monitor and record the name and password of network
users as they login, jeopardizing security at a site.

Whoever installs the sniffer can then impersonate an authorized user and login to access
restricted documents.

Laws are not yet set up to adequately prosecute a person for impersonating another person
online.

Laws designed to prevent unauthorized access to information should be implemented.
12
20) Credit card frauds:

Information security requirements for anyone handling credit cards have been increased
dramatically recently.

Millions of dollars may be lost annually by consumers who have credit card and calling card
numbers stolen from online databases.

Bulletin boards and other online services are frequent targets for hackers who want to access
large databases of credit card information.

Such attacks usually result in the implementation of stronger security systems.
21) Identity theft:

It is a fraud involving another person’s identity for an illicit purpose.

This happens when a criminal uses someone else’s identity for his own illegal purposes.

Phishing and identity theft are related offenses.

Examples include fraudulently obtaining credit cards, stealing money from the victim’s bank
accounts, using the victim’s credit card number, renting an apartment etc.
Q.6) Write a short note on “Indian legal perspective on cybercrime”
Ans)
Cybercrime the legal perspective:

Cybercrime poses a mammoth challenge.

International legal aspects of computer crimes were studied in 1983.

In that study, computer crime was consequently defined as encompass any illegal act for which
knowledge of computer technology is essential for its perpetration.

Cybercrime is an outcome of globalization.

Globalized information systems accommodate an increasing number of transnational offences.

The network context of makes it one of the most globalized offences of the present and most
modernized threats of the future.

This problem can be resolved in two ways:
Cybercrimes: An Indian perspective

India has the fourth highest number of internet users in the world around 45 million users.
13

37% of all internet access happens from cybercafés and 57% users are between age 18 to 35.

There has been a 50% rise in cybercrime in the year 2007 as compared to 2006.

Majority of the offenders were under 30

46% cases were related to cyber pornography and hacking.

The Indian government is doing its best to control cybercrimes.

Police are being trained to handle cybercrimes.

They are trained for 6 weeks in computer software and hardware, data communication network,
network protocol and network security.
Q.7) Explain about the cybercrime and Indian ITA 2000.
Ans)
Cybercrime and the Indian ITA 2000:

In India the ITA 2000 was enacted after the United Nation General Assembly Resolution in
January 30, 1997.
Hacking and the Indian laws:

Cybercrime is punishable under two categories: the ITA 2000 and the IPC
 Key provisions under ITA 2000
Section Ref. and
title
Chapter of the act
and title
Crime
Punishment
Sec. 43
Chapter IX
Penalties and
Adjudication
Damage to
computer system
Compensation for
Rs 1 cr.
Sec. 66
Chapter XI
Offences
Hacking (with
intent or
knowledge)
Fine of Rs 2 lakhs
and imprisonment
for 3 yrs.
Sec. 67
Chapter XI
Offences
Publication of
obscene material in
electronic form
Fine of Rs 1 lakh,
imprisonment of 5
yrs and double
conviction on
second offence.
Sec. 68
Chapter XI
Offences
Not complying with
directions of
controller
Fine upto Rs. 2
lakhs and
imprisonment of 3
yrs.
14
Section Ref. and
title
Chapter of the
act and title
Crime
Punishment
Sec.70
Chapter XI
Offences
Attempting or
securing access to
computer of
another person
without his/her
knowledge
Imprisonment up
to 10 yrs.
Sec. 72
Chapter XI
Offences
Attempting or
securing access to
computer for
breaking
confidentiality of
the information of
the computer
Fine up to Rs. 1
lakh and
imprisonment
upto 2 yrs.
Sec. 73
Chapter XI
Offences
Publishing false
digital signature,
false in certain
particulars
Fine up to Rs. 1
lakh or
imprisonment
upto 2 yrs, or both
Sec.74
Chapter XI
Offences
Publication of
digital signatures
for fraudulent
purpose
Fine up to Rs. 1
lakh and
imprisonment
upto 2 yrs.
Q.8) What is the difference between computer fraud and computer crime?
Ans)
Fraud vs Crime

There is a difference between computer fraud and computer crime.

These terms are often used interchangeably with little distinction made between them although
substantial differences between them exist.

A general definition of computer fraud is:

Any defalcation or embezzlement accomplished by tampering with computer programs, data
files, operations, equipment, or media, and resulting in losses sustained by the organisation
whose computer system was manipulated.

The distinguishing characteristic of computer fraud is that access occurs with the intent to
defraud.

About half of reported frauds are committed by insiders who have authorised access to the
computer system. When investigating cases of potential computer fraud, it is vital to establish
the system of the organisation's authorisation procedures.
Computer Fraud


At a basic level, computer fraud is the use of computer systems to perpetrate a fraud.
In many cases, the computer has replaced manual records, and the fraudulent input document
has been substituted by manipulating data held in a computer system.
15




This manipulation does not need to be sophisticated.
The dramatic erosion of clearly segregated duties in different locations to people in the same
office with different user ID and passwords on the same PC means that a forged payment
instruction may be approved simply by logging on to a computer with a stolen supervisor's
logon.
At the other extreme, the use of the Internet and e-mail with "sniffer" programs to capture
user's passwords and credit card details can only exist because of the global explosion in the use
of networked computers.
Many industries will be at risk from a specific type of computer fraud, but by reducing the crime
to its basic elements - input, manipulation, and output -the investigator should be able to
identify the likely culprits, the methods of manipulation, and the means of conversion or
diversion of funds.
Computer Crime

Computer crime differs from computer fraud in two major ways.

Employees who as a part of their normal duties have access to the computers are deemed to
have authorised access and thus do not come under the law against access.

Manipulation (alteration) or destruction of data (including computer software) is independent of
fraudulent or other schemes. Such action does not fit into the normal vandalism crimes because
the data is intangible.
Q.9)Explain the terms:
1) Cyberspace
2)Cybersquatting
3)Cyberpunk and Cyberwarfare
4)Cyberterrorism
Ans)
1) Cyberspace:

Cyberspace is where users mentally travel through matrices of data.

It is a space where humans interact over computer network.

The term Cyberspace is now used to describe the internet and other computer networks.

It makes the use f TCP/IP for communication and facilitates transmission and exchange of data.

Cyberspace is most definitely a place where you chat, explore, research and play.
2) Cybersquatting:

The term is derived from squatting which is the act of occupying an abandoned/unoccupied
space that the squatter does not own, rent or have permission to use.

Cybersquatting however, is a bit different in that the domain names that are being squatted are
being paid by the cybersquatters through the registration process.

Cybersquatters usually ask for the prices far greater than those at which they purchased it.
16

Some Cybersquatters put up defamatory remarks about the person or company the domain is
meant to represent in an effort to encourage the subject to buy the domain from them.

Cybersquatting is the act of registering a popular internet address, usually a company name ,
with the intent of selling to its rightful owner.

It is the practice of buying domain names that have existing business names and then sell them
to earn profit.

The topic of domain name dispute is closely connected with Cybersquatting.

Such disputes arise because Cybersquatters exploit the FCFS nature of the domain name
registration system to register names of trademarks, famous people or business with which they
have no connections.

Cybersquatters put the domain names for auction, or offer them for sale directly to the
company or person involved at prices far beyond the cost of registration.

In India Cybersquatting is considered to be an intellectuall property right evil.
3)Cyberpunk and Cyberwarfare:

According to science fiction literature the words cyber and punk emphasize the two basic
aspects of cyberpunk, technology and individualism.

The term cyberpunk means anarchy via machines.

This term was coined for a bunch of teenage hackers/crackers.

The idea behind calling it cyberpunk was to invent a new term that will express the combination
of punk attitudes and high technology.

Cyberwarfare for many people means information warriors unleashing vicious attacks against
an unsuspecting opponent’s computer networks, wreaking havoc and paralyzing .

Cyberattacks are often presented as threat to military forces and the internet has major
implications for espionage(spying) and warfare.
4)Cyberterrorism:

The premeditated use of disruptive activities, or the threat thereof against computer and/or
networks , with the intention to cause harm or further social , ideological, religious, political or
similar objectives or to intimidate any person in furtherance of such objectives.

It is the use of information technology and means by terrorist groups and agents.
Q.10) Write a note on spam.
Ans)



Spam is the abuse of electronic messaging systems to send unsolicited bulk messages
indiscriminately.
Although the most widely recognized form of spam is E-mail spam , this term is applied to
similar abuses in other media: instant messaging spam , mobile phone messaging spam, internet
forum spam, UseNet newsgroup spam, web search engine spam, spam in blogs, wiki spam etc.
Spam is caused by flooding the internet with many copies of the same message.
17




Often this may result in DoS attacks.
Commercial advertising often happens to be the cause of spams.
Such advertisements are often for dubious(doubtful) reputation and fraud schemes meant to
make people believe they can get rich overnight.
Spam hardly costs much to the sender: most of the costs are paid by the recipients rather than
by the senders.
18