Professional Documents
Culture Documents
February 1, 2012
Cyber crimes
Cyber Crimes
Definition of Cyber Crime, computer crimes, cyber frauds, computer frauds etc.
Legal definition: I.T. Act No Accepted definitions and usages
Illegal behavior that targets the security of computer systems and/or the data accessed and processed by computer networks An act where computer is an object or a subject of crime Any crime where an I.T. gadget is used in the act Cyber Crimes are technological variants of normal crimes. The Act of committing, investigation, trial, evidence .. ALL VARY Theft, forgery, fraud, blackmail, harassment, law of torts .
February 1, 2012
Cyber crimes
February 1, 2012
Cyber crimes
February 1, 2012
Cyber crimes
Against property:
larceny, data, information, software piracy, trade marks,
February 1, 2012
Cyber crimes
computer networks y Theft of data / information y Theft of intellectual property such as computer software y Theft of marketable information y Blackmails based on information gained from computerized files such as medical information, personal history, sexual preferences, financial data etc.
February 1, 2012 Cyber crimes 8
February 1, 2012
Cyber crimes
10
A. Internet Crimes
y Hacking
y Theft of information y Theft of passwords y Theft of credit card numbers y Launch of malicious programmes
y Espionage y Spamming
February 1, 2012
Cyber crimes
11
availability of data and systems y Offences related to contents y Offences related to crime on web
February 1, 2012 Cyber crimes 12
unsuspecting victims
y Criminals use it for meeting conspirators y Hackers use it for discussing their expertise of showing
the techniques
y Pedophiles use chat room to allure small children
February 1, 2012 Cyber crimes 16
February 1, 2012
Cyber crimes
18
related rights
February 1, 2012
Cyber crimes
19
February 1, 2012
Cyber crimes
21
Unauthorized Access
y Any person who secures access or attempts to secure
February 1, 2012
Cyber crimes
23
Data Diddling
y One of the most common forms of computer crime is data
diddling - illegal or unauthorized data alteration. These changes can occur before and during data input or before output. y Data diddling cases have affected banks, payrolls, inventory records, credit records, school transcripts and virtually all other forms of data processing known.
y Case: The New Delhi Municipal Corp Electricity Billing Fraud Case that took
place in 1996 is a typical example. Collection of money, computerized accounting, record maintenance and remittance in the bank were exclusively left to a private contractor who was a computer professional. He misappropriated huge amount of funds by manipulating data files to show less receipt and bank remittance.
February 1, 2012
Cyber crimes
24
Data Manipulation
y A misuse of statistics occurs when a statistical
February 1, 2012
Cyber crimes
25
gathering information about a foreign government or a competing industry, with the purpose of placing one's own government or corporation at some strategic or financial advantage. Access to the network is done from a remotely located computer; like a home PC using the legitimate password or breaking the password. The data collected is either used or sold for money. It involve the analysis of diplomatic reports, publications, statistics, and broadcasts, as well as spying, a clandestine activity carried out by an individual or individuals working under secret identity to gather classified information on behalf of another entity or nation. In the United States, the organization that heads most activities dedicated to espionage is the CIA.
Cyber crimes 26
February 1, 2012
Scavenging
y Scavenging is the obtaining of information left around
a computer system, in the computer room rubbish bins, etc. Bin diving (called 'Dumpster Diving' in the US) also involves obtaining sensitive information from an organisation's rubbish receptacles and bins. y This also refers to scavenging from areas of hard disks that are not in use by files but are currently 'file slack' or 'unallocated clusters'
February 1, 2012
Cyber crimes
27
Data Leakage
y Data leakage is the removing of information by
smuggling it out as part of a printed document, encoding the information to look like something different, and removing it from the facility.
y Many instances of employees of software companies involved
February 1, 2012
Cyber crimes
28
impersonation.
y Examples include following someone in through a door with a badge
reader, electronically using another's user identification and password to gain computer access, and tapping into the terminal link of a user to cause the computer to believe that both terminals are the same person.
February 1, 2012
Cyber crimes
29
Masquerading
y IP masquerading is a form of network address translation (NAT) which
allows internal computers with no known address outside their network, to communicate to the outside. It allows one machine to act on behalf of other machines.
y It's similar to someone buying stocks through a broker. The person
buying stocks, tells the broker to buy the stocks, the broker gets the stocks and passes them to the person who made the purchase. The broker acts on behalf of the stock purchaser as though he was the one buying the stock.
February 1, 2012
Cyber crimes
30
February 1, 2012
Cyber crimes
32
February 1, 2012
Cyber crimes
33
without the owner's informed consent. Software is considered to be malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses, worms, trojan horses , spyware, crimeware etc.
y Spyware is a type of malware that can be installed on computers and collects
bits of information at a time about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Spyware is secretly installed on the user's personal computer. y Sometimes, spywares such as keyloggers are installed by the owner of a shared, corporate, or public computer on purpose in order to secretly monitor other users.
February 1, 2012
Cyber crimes
34
spread from one computer to another and to interfere with computer operation. A virus might corrupt or delete data on the victims computer, even erase everything on the victims hard disk. (Brain) y Worms, unlike viruses do not need the host to attach themselves to. They merely make functional copies of themselves and do this repeatedly till they eat up all the available space on a computers memory.
1: The VBS_LOVELETTER virus (better known as the Love Bug or the ILOVEYOU virus) was reportedly written by a Filipino undergraduate. In May 2000, this deadly virus became the world s most prevalent virus. Losses incurred during this virus attack were pegged at US $ 10 billion. y VBS_LOVELETTER utilized the addresses in Microsoft Outlook and e-mailed itself to those addresses. The e-mail, which was sent out, had ILOVEYOU in its subject line. The attachment file was named LOVE-LETTER-FOR-YOU.TXT.vbs.
y Case
February 1, 2012 Cyber crimes 35
Virus / Worms ,
y Case: 2 In 2002, the creator of the Melissa computer virus was convicted. The
virus had spread in 1999 and caused more than $80 million in damage by disrupting personal computers, business and government computer networks.
y Case -3: The most famous worm was the Internet worm let loose on the Internet
by Robert Morris sometime in 1988, then, still internet was developing years and this worm, which affected thousands of computers, almost brought its development to a complete halt. It took a team of experts almost three days to get rid of the worm and in the meantime many of the computers had to be disconnected from the network.
February 1, 2012
Cyber crimes
36
Trojan Horses
y A Trojan, as this program is aptly called, is an
unauthorized program which functions from inside what seems to be an authorized program, thereby concealing what it is actually doing.
y Case- 1: A young lady reporter was working on an article about online
relationships. The article focused on how people can easily find friendship and even love on the Internet. During the course of her research she made a lot of online friends. One of these friends managed to infect her computer with a Trojan. y She stayed in a small one bedroom apartment and her computer was located in one corner of her bedroom. Unknown to her, the Trojan would activate her web camera and microphone even when the Internet was switched off. A year later she realized that hundreds of her pictures were posted on pornographic sites around the world!
February 1, 2012 Cyber crimes 37
Salami Techniques
y These attacks are used for committing financial crimes. The key here is
to make the alteration so insignificant that in a single case it would go completely unnoticed. y For instance, a bank employee inserts a program, into the bank s servers, that deducts a small amount of money (say Rs. 2 a month) from the account of every customer. No account holder will probably notice this unauthorized debit, but the bank employee will make a sizeable amount of money every month.
y Case-1: In January 1997, Willis Robinson of Maryland USA, was sentenced to
10 years in prison for having reprogrammed his Taco Bell drive-up-window cash register - causing it to ring up each $2.99 item internally as a 1-cent item, so that he could pocket $2.98 each time. y Case -2: Four executives of a rental-car franchise in Florida USA defrauded at least 47,000 customers using a salami technique. They modified a computer billing program to add five extra gallons to the actual gas tank capacity of their vehicles.
February 1, 2012 Cyber crimes 38
Key loggers
y Key loggers are regularly used were to log all the
strokes a victim makes on the keyboard generally installed on a computer used for online banking and other financial transactions. Key-loggers are most commonly found in public computers such as those in cyber cafes, hotels etc.
February 1, 2012
Cyber crimes
39
misused the login name and password of a customer whose Internet connection he had set up. y The case was filed under the Indian Penal Code and the Indian Telegraph Act.
February 1, 2012
Cyber crimes
40
Web Jacking
y Just as conventional hijacking of an airplane is done by using
force, similarly web jacking means forcefully taking over control of a website. The motive is usually the same as hijacking ransom. The perpetrators have either a monetary or political purpose which they try to satiate by holding the owners of the website to ransom.
y Case-1: In an incident reported in the USA, the owner of a hobby website for
children received an e-mail informing her that a group of hackers had gained control over her website. They demanded a ransom of 1 million dollars and she ignored as fake. Three days later that she came to know that the hackers had web jacked her website. Subsequently, they had altered a portion of the website which was entitled -How to have fun with goldfish. They had replaced the word goldfish- with the word piranhas a tiny but extremely dangerous flesheating fish. Many children had visited the popular website and had believed the contents and tried to play with piranhas, and were very seriously injured.
February 1, 2012 Cyber crimes 41
Trapdoors
y Trapdoor is a programme by which the security
protocols are bypassed to directly enter into a specific portion of the programme through a short-cut.
y Used during the time of testing the programme to
reach to the specific portion quickly using short-cut. In case, if the trapdoor are not deleted before the launch of the program by oversight, the person who have this knowledge misuses it through authorized entry.
February 1, 2012 Cyber crimes 42
Super Zapping
y A logic through which an intruder is able to penetrate
into the system areas and can even change the programmes.
y The intruder can create an extra-system administrator
level password for himself without the knowledge of the actual system administrator.
y Can introduce any crime related logic programmes like
February 1, 2012
Cyber crimes
44
the system with the help of malware, spyware with an intent to gain access and misuse.
y To render useless of the system for the user.
February 1, 2012
Cyber crimes
45
Electronic eavesdropping
y Eavesdropping is the act of secretly listening to the
private conversation of others without their consent and later misuses those information for some benefit. y Eavesdropping can also be done over telephone lines (wiretapping), email, instant messaging and other methods of communication considered private y VoIP communications software is also vulnerable to electronic eavesdropping by via malware infections such as Trojan.
February 1, 2012 Cyber crimes 46
networks with an intent to gain access to the computer / network and misuse for monetary or other gains.
y Oldest and most dangerous cybercrimes. y No geographical boundaries and great challenge to the
February 1, 2012
Cyber crimes
47
Steganography
y Steganography is the art and science of writing hidden messages in
such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity.
y Steganography includes the concealment of information within
computer files. In digital steganography, electronic communications may include steganographic coding inside of a transport layer, such as a document file, image file, program or protocol. Media files are ideal for steganographic transmission because of their large size.
y While cryptography protects the contents of a message, steganography
magazines produced using computers and Internet (to download and transmit pornographic pictures, photos, writings etc). y Images of children performing a variety of sexual acts on internet. y Pornography per se is not illegal in many countries, child pornography is strictly illegal in most countries. y Millions of pornographic websites flourish today.
y Case: The CEO of online auction website bazee.com (a part of the ebay group)
was arrested by the Delhi police for violating India s strict laws on cyber pornography. An engineering student was using the bazee website to sell a video depicting two school students having sexual intercourse. Bazee.com was held liable for distributing porn and hence the CEO was arrested.
February 1, 2012 Cyber crimes 49
Cyber Stalking
y Cyber stalking refers to the use of the Internet, e-mail, or other electronic communications devices to harass or threatening individual / family repeatedly such as following, appearing at a person's home or business place, making harassing phone calls, or vandalizing a person's property.
y Case: A student of University of San Diego in USA terrorized five female
students over the Internet for more than a year through hundreds of violent and threatening e-mails, sometimes receiving four or five messages a day. The student, who pleaded guilty, told the police that he had committed the crimes because he thought the women were laughing at him and causing others to ridicule him. In reality, the victims had never met him.
February 1, 2012 Cyber crimes 50
with more requests than it can handle. This causes the computer (e.g. a web server) to crash and results in authorized users being unable to access the service offered by the computer. y Another variation to a typical denial of service attack is known as a Distributed Denial of Service (DDoS) attack wherein the perpetrators are many and are geographically widespread.
y A series of distributed denial of service attacks in February 2000 crippled
many popular websites including yahoo.com, amazon.com and cnn.com y A series of more than 125 separate but coordinated denial of service attacks hit the cyber infrastructure of Estonia in early 2007. The attacks were apparently connected with protests against the Estonian government's decision to remove a Soviet-era war memorial from the capital city. It is suspected that the attacks were carried out by Russian hackers.
February 1, 2012 Cyber crimes 51
Email bombing
y Email bombing refers to sending a large number of
emails to the victim resulting in the victims email account (in case of an individual) or mail servers (in case of a company or an email service provider) crashing. Email bombing is a type of denial-of-service attack.
y Case: In one case, a foreigner who had been residing in Simla, India for almost
30 years wanted to avail of a scheme introduced by the Simla Housing Board to buy land at lower rates. When he made an application it was rejected on the grounds that the scheme was available only for citizens of India. He decided to take his revenge. Consequently, he sent thousands of mails to the Simla Housing Board and repeatedly kept sending e-mails till their servers crashed.
February 1, 2012
Cyber crimes
52
Spoofing email / IP
y A spoofed email is one that appears to originate from
one source but actually has been sent from another source
y e.g Pooja has an e-mail address pooja@gmail.com. Her ex-boyfriend,
sham spoofs her e-mail and sends obscene messages to all her acquaintances to damage her image.
y Case: In an American case, a teenager made millions of dollars by spreading false information about certain companies whose shares he had short sold, by sending spoofed emails, purportedly from news agencies like Reuters, to share brokers and investors who were informed that the companies were doing very badly, thousands of investors lost a lot of money.
February 1, 2012
Cyber crimes
53
Email Frauds
y Most of these scam emails promise the receiver millions (or sometimes
billions) of dollars. Most commonly the email says that some rich African bureaucrat or businessman or politician has died and left behind a lot of money. y These scams mails are commonly referred to as Nigerian 419 scams. These scam emails are believed to originate from Nigeria and section 419 of the Nigerian Penal Code relates to cheating (like the famous section 420 of the Indian Penal Code). y In 2007, Asian School of Cyber Laws conducted a 3 month intensive investigation of hundreds of scam emails. The results were very surprising to say the least. Less than 10% of these emails had actually originated from Nigeria! A majority of these emails (more than 60%) have originated from Israel, followed by the Netherlands, UK and other European countries.
February 1, 2012
Cyber crimes
54
Email Frauds
y Asking for bank details for deposit of money y Lottery scams
stating Microsoft / Yahoo etc y Employee of the Euro Lottery y British National Lottery y Promise to transfer property to people who pray (wealth and prayer)
y Case -1: In 2005, an Indian businessman received an email from the Vice
President of a major African bank offering him a lucrative contract in return for a kickback of Rs 1 million. The businessman had many telephonic conversations with the sender of the email. He also verified the email address of the Vice President from the website of the bank and subsequently transferred the money to the bank account mentioned in the email. It later turned out that the email was a spoofed one and was actually sent by an Indian based in Nigeria. y A new type of scam e-mail threatens to kill recipients if they do not pay thousands of dollars to the sender, who purports to be a hired assassin.
February 1, 2012 Cyber crimes 55
Botnets
y A group of computers infected with malicious kind of robot software, then the computer becomes a zombie or drone , unable to resist the command of the bot commander. y Bot is a programme that operates an automatic task on the internet and executes repeatedly the task during the operation. y The owner of the computer do not know that his computer is infected with robot software and remotely controlled by another person.
February 1, 2012 Cyber crimes 56
Card Skimming
y Illegal copying of information from the magnetic trip
of the credit card / debit card either to produce a fake card for misuse or steel the information to access your account.
y More direct version of phishing.
February 1, 2012
Cyber crimes
57
3. On line scams
y Banking online account scams y Chain letter and pyramid scams y Health and medical scams y Identity theft scams y Investment scams y Job/ employment scams y Lottery / competition scam y Money transfer scam y Small business scams
February 1, 2012 Cyber crimes 58
February 1, 2012
Cyber crimes
60
Spam mails
y Most spam is commercial advertising, often for
dubious products, get-rich-quick schemes, or quasilegal services. y There are two main types of spam, and they have different effects on Internet users. Cancellable Usenet spam is a single message sent to 20 or more Usenet newsgroups. y Email spam lists are often created by scanning Usenet postings, stealing Internet mailing lists, or searching the Web for addresses.
February 1, 2012 Cyber crimes 61
4. IPR Crimes
y Cyber squatting y Patent and copyright infringements y Software piracy y Industrial piracy y Corporate piracy
February 1, 2012 Cyber crimes 62
Cyberquatting
y Cybersquatting (also known as domain squatting), is registering,
trafficking in, or using a domain name with bad faith intent to profit from the goodwill of a trademark belonging to someone else.
y The cyber squatter then offers to sell the domain to the person or
company who owns a trademark contained within the name at an inflated price.
y Some cybersquatters put up derogatory remarks about the person or
company the domain is meant to represent in an effort to encourage the subject to buy the domain from them
February 1, 2012
Cyber crimes
63
February 1, 2012
Cyber crimes
64
Software piracy
y Duplicating the original software without notifying to
February 1, 2012
Cyber crimes
65
Industrial Piracy
y A group of individuals attempt duplication and
to civil liability.
y Industrial piracy are more in developing nations.
February 1, 2012
Cyber crimes
66
Corporate Piracy
y Installing one copy of the software application on a
organization.
y It is illegal as it violates the copyright law and amounts
to civil liability.
February 1, 2012 Cyber crimes 67
Other Crimes
y Cyber defamation y Cyberventing y Cyber Terrorism
February 1, 2012
Cyber crimes
68
Cyber defamation
y An act, deed, word, gesture etc. in the cyberspace
designed to harm a persons, institutions, organizations, country s reputation on the internet or even off-line.
y This type of violation is similar to cyberventing.
February 1, 2012
Cyber crimes
69
Cyberventing
y Setting up a website to anonymously air grouses in the
cyberspace.
y Indulged by former employees, ex-boy/girl friends,
February 1, 2012
Cyber crimes
70
Cyber Terrorism
y Use of cyber tools to shut down critical national
infrastructure such as energy, communication, transportation in order to coerce governments into submission.
y Internet bomb threats, internet harassment and tech
driven crimes such as focused virus strikes are the next wave of crime that the world has to encounter in the coming days.
February 1, 2012
Cyber crimes
71
Physical crimes
Computer Larceny Sabotage Theft of storage devices: CDs, Pen-drives, hard-disks
February 1, 2012
Cyber crimes
72
Computer Larceny
y Theft and burglary of computer systems /
February 1, 2012
Cyber crimes
73
Computer sabotage
y Use of the internet to hinder the normal functioning
competitor, promote illegal activities of terrorists, or to steel data or programmes for extortion purposes.
February 1, 2012
Cyber crimes
74
February 1, 2012
Cyber crimes
75
Thank you
February 1, 2012
Cyber crimes
76