Cyber Security 2012

>@.,QWURGXFWLRQWR&\EHU&ULPHV

Computer crime, or super crime, refers to any crime that involves a computer and a network. Computer crime, or super crime, refers to any crime that involves a computer and a network.The computer may have been used in the commission of a crime, or it may be the target. Netcrime refers to criminal exploitation of the Internet.Cybercrimes are defined as: "Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm to the victim directly or indirectly, using modern telecommunication networks such as Internet (Chat rooms, emails, notice boards and groups) and mobile phones (SMS/MMS)".[4] Such crimes may threaten a nation s security and financial health. Issues surrounding this type of crime have become high-profile, particularly those surrounding cracking, copyright infringement, child pornography, and child grooming. There are also problems of privacy when confidential information is lost or intercepted, lawfully or otherwise

CYBER CRIME IS AN EVIL HAVING ITS ORIGIN IN THE GROWING DEPENDENCE ON COMPUTERS IN MODERN LIFE. A simple yet sturdy definition of cyber crime would be unlawful acts wherein the computer is either a tool or a target or both . Defining cyber crimes, as acts that are punishable by the information Technology Act would be unsuitable as the Indian Penal Code also covers many cyber crimes, such as e-mail spoofing, cyber defamation, etc.

A. Cybercrime in a narrow sense (computer crime): Any illegal behavior directed by means of electronic operations that targets the security of computer systems and the data processed by them. B. Cybercrime in a broader sense (computer-related crime): Any illegal behavior committed by means of, or in relation to, a computer system or network, including such crimes as illegal possession [and] offering or distributing information by means of a computer system or network.

1|P a ge

Cyber Security 2012

TYPES OF CYBER CRIME Cyber Crime refers to all activities done with criminal intent in cyberspace. These fall into three slots. y Those against persons. y Against Business and Non-business organizations. y Crime targeting the government. Let us examine the acts wherein the computer is a tool for an unlawful act. This kind of activity usually involves a modification of a conventional crime by using computer. Some examples are; Financial Claims: This would include cheating, credit card frauds, money laundering etc. Cyber Pornography: This would include pornographic websites; pornographic magazines produced using computer and the Internet (to down load and transmit pornographic pictures, photos, writings etc.) Sale of illegal articles: This would include sale of narcotics, weapons and wildlife etc., by posting information on websites, bulletin boards or simply by using e-mail communications. Online gambling: There are millions of websites, all hosted on servers abroad, that offer online gambling. In fact, it is believed that many of these websites are actually fronts for money laundering. Intellectual Property Crimes: These include software piracy, copyright infringement, trademarks violations etc. E-Mail spoofing: A spoofed email is one that appears to originate from one source but actually has been sent from another source. This can also be termed as E-Mail forging. Forgery: Counterfeit currency notes, postage and revenue stamps, mark sheets etc., can be forged using sophisticated computers, printers and scanners. Cyber Defamation: This occurs when defamation takes place with the help of computers and or the Internet e.g. someone published defamatory matter about someone on a websites or sends e-mail containing defamatory information to all of that person s friends. Cyber Stalking: Cyber stalking involves following a person s movements across the Internet by posting messages on the bulletin boards frequented by the victim, entering the chat-rooms frequented by the victim. Let us examine some of the acts wherein the computer or computer Network is the target for an unlawful act. It may be noted that in these activities the computer may also be a tool. This kind of activity is usually out of the purview of conventional criminal law. Some examples are: 2|P a ge

Cyber Security 2012

Unauthorized access to computer system or network: This activity is commonly referred to as hacking. The Indian Law has however given a different connotation to the term hacking. Theft of information contained in electronic from: This includes information stored in computer hard disks, removable storage media etc. E-Mail bombing: Email bombing refers to sending a large amount of e-mails to the victim resulting in the victims e-mail account or mail servers. Data diddling: This kind of an attack involves altering the raw data just before it is processed by a computer and then changing it back after the processing is completed. Salami attacks: Those attacks are used for the commission of financial crimes. The key here is to make the alteration so insignificant that in a single case it would go completely unnoticed e.g. A bank employee inserts a program into bank s servers, that deducts a small amount from the account of every customer. Denial of Service: This involves flooding computer resources with more requests than it can handle. This causes the resources to crash thereby denying authorized users the service offered by the resources. Virus/worm: Viruses are programs that attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network. They usually affect the data on a computer, either by altering or deleting it. Worms, unlike viruses don not need the host to attach themselves to. Logic bombs: These are dependent programs. This implies that these programs are created to do something only when a certain event occurs, e.g. some viruses may be termed logic bombs because they lie dormant all through the year and become active only on a particular date.

3|P a ge

Cyber Security 2012

Trojan Horse: A Trojan as this program is aptly called, is an unauthorized program which functions from inside what seems to be an authorized program, thereby concealing what it is actually doing. Internet Time Theft: This connotes the usage by unauthorized persons of the Internet hours paid for by another person. Physically damaging a computer system: This crime is committed by physically damaging a computer or its peripherals.

[2].Category of Cyber crimes

The IT Act,2000 notified for implementation in October 2000,explicitly deals with the following categories of cyber crimes. Tampering with a computer source code(65) Hacking(66) Publishing any information which is obscene(67) Breach of privacy(72) Misrepresentation(71) Publishing digital signature which is false in certain particulars or for fraudulent act.(73)

Tampering with a computer source code:

According to section 65 of the IT Act Whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy or alter any computer source code used for a computer, computer programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force, shall be punishable.

Punishment:
Criminal whoever concern with this types of crime shall be punishable with imprisonment -Up toThree years, Or -With fine which may extend up to two lakh rupees, Or - With both. 4|P a ge

Cyber Security 2012

Explanation. For the purposes of this section, "computer source code" means the Listing of programmes, computer commands, design and layout and programme analysis of computer resource in any form.

Hacking:
Hacking means an illegal intrusion into a computer system and/network. Using one's own programming abilities as also various programmes with malicious intent to gain unauthorized access to a computer or network are very serious crimes. Similarly, the creation and dissemination of harmful computer programs which do irreparable damage to computer systems is another kind of cyber crime. There is an equvalent term to hacking i.e. cracking, but the Indian law does not distinguish between the two. Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person, destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hacking.

Punishment:
Whoever commits hacking shall be punished with imprisonment -Up to three years Or - With fine which may extend up to two lakh rupees, Or - With both

Publishing any information which is obscene:

Whoever publishes or transmits or causes to be published in the electronic form, any material which is Lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it.

Punishment:
Criminal whoever concern with this types of crime shall be punished -on first conviction with imprisonment of either description for a term -which may extend to two years and -with fine which may extend to one lakh rupees and -in the event of a second or subsequent conviction with imprisonment of either description for a term 5|P a ge

Cyber Security 2012

-which may extend to ten years and -also with fine which may extend to two lakh rupees.

Breach of privacy
Protected system,The appropriate Government may, by notification in the Official Gazette, declare that any computer,computer system or computer network to be a protected system. Any person who secures access or attempts to secure access to a protected system in contravention of the Provisions of this section.

Punishment:
shall be punished with imprisonment for a term which may -Extend to two years, OR - With fine which may extend to one lakh rupees, OR - With both.

Misrepresentation:
Whoever makes any misrepresentation to, or suppresses any material fact from, the Controller or the Certifying Authority for obtaining any licence or Digital Signature Certificate, as the case may be. Punishment: shall be punished with imprisonment for a term which may -Extend to two years, OR - With fine which may extend to one lakh rupees, OR - With both.

Publishing digital signature which is false in certain particulars or for fraudulent act:
Whoever Publishing or sales or share any type digital signature which is false that act also should be punishable. Punishment: shall be punished with imprisonment for a term which may -Extend to two years, OR - With fine which may extend to one lakh rupees, OR - With both. 6|P a ge

Cyber Security 2012

[3] Technical Aspects of Cyber Crimes

Technological advancements have created new possibilities for criminal activity, in particular the criminal misuse of information technologies such as

[A]. Unauthorized access & Hacking:Access means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network. Unauthorized access would therefore mean any kind of access without the permission of either the rightful owner or the person in charge of a computer, computer system or computer network. Every act committed towards breaking into a computer and/or network is hacking. Hackers write or use ready-made computer programs to attack the target computer. They possess the desire to destruct and they get the kick out of such destruction. Some hackers hack for personal monetary gains, such as to stealing the credit card information, transferring money from various bank accounts to their own account followed by withdrawal of money. By hacking web server taking control on another persons website called as web hijacking

[B]. Trojan Attack:The program that act like something useful but do the things that are quiet damping. The programs of this kind are called as Trojans.The name Trojan Horse is popular. Trojans come in two parts, a Client part and a Server part. When the victim (unknowingly) runs the server on its machine, the attacker will then use the Client to connect to the Server and start using the trojan. TCP/IP protocol is the usual protocol type used for communications, but some functions of the trojans use the UDP protocol as well. When a Trojan is activated on your computer, the results can vary. Some Trojans are designed to be more annoying than malicious (like changing your desktop, adding silly active desktop icons) or they can cause serious damage by deleting files and destroying information on your system. Trojans are also known to create a backdoor on your computer that gives malicious users access to your system, possibly allowing confidential or personal information to be compromised. Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate.

7|P a ge

Cyber Security 2012

[C]. Virus and Worm attack:Virus Attack:
A program that has capability to infect other programs and make copies of itself and spread into other programs is called virus. A computer virus attaches itself to a program or file enabling it to spread from one computer to another, leaving infections as it travels. Like a human virus, a computer virus can range in severity: some may cause only mildly annoying effects while others can damage your hardware, software or files. Almost all viruses are attached to an executable file, which means the virus may exist on your computer but it actually cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, (such as running an infected program) to keep it going. Because a virus is spread by human action people will unknowingly continue the spread of a computer virus by sharing infecting files or sending emails with viruses as attachments in the email.

Worm Attack:
Programs that multiply like viruses but spread from computer to computer are called as worms. A worm is similar to a virus by design and is considered to be a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any human action. A worm takes advantage of file or information transport features on your system, which is what allows it to travel unaided. The biggest danger with a worm is its capability to replicate itself on your system, so rather than your computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect. One example would be for a worm to send a copy of itself to everyone listed in your e-mail address book. Then, the worm replicates and sends itself out to everyone listed in each of the receiver's address book, and the manifest continues on down the line. Due to the copying nature of a worm and its capability to travel across networks the end result in most cases is that the worm consumes too much system memory (or network bandwidth), causing Web servers, network servers and individual computers to stop responding. In recent worm attacks such as the much-talked-about Blaster Worm, the worm has been designed to tunnel into your system and allow malicious users to control your computer remotely.

8|P a ge

Cyber Security 2012

[4]. E-mail & IRC related crimes : Email Related Crime
[1]E-mail spoofing:
A spoofed email is one that appears to originate from one source but has actually emerged from another source. Falsifying the name and / or email address of the originator of the email usually does email spoofing. usually to send an email the sender has to enter the following information:
y y y

y y

email address of the receiver of the email email address(es) of the person(s) who will receive a copy of the email (referred to as CC for carbon copy) email address(es) of the person(s) who will receive a copy of the email (referred to as CC for carbon copy, but whose identities will not be known to the other recipients of the e-mail (known as BCC for blind carbon copy) Subject of the message (a short title / description of the message) Message

Certain web-based email services like www.SendFakeMail.com, offer a facility wherein in addition to the above, a sender can also enter the email address of the purported sender of the email. Consider Mr. Siddharth whose email address is siddharth@hotmail.com. His friend Golu's email address is golu@yahoo.com. Using SendFakeMail, Siddharth can send emails purporting to be sent from Golu's email account. All he has to do is enter golu@yahoo.com in the space provided for sender's email address. Golu's friends would trust such emails, as they would presume that they have come from Golu (whom they trust). Siddharth can use this misplaced trust to send viruses, Trojans, worms etc. to Golu's friends, who would unwittingly download them. Email spoofing is email activity in which the sender address and other parts of the email header are altered to appear as though the email originated from a different source. Because core SMTP doesn't provide any authentication, it is easy to impersonate and forge emails. A spoofed email is one that appears to originate from one source but actually has been sent from another source. E.g. Pooja has an e-mail address pooja@asianlaws.org. Her enemy, Sameer spoofs her e-mail and sends obscene messages to all her acquaintances. Since the emails appear to have originated from Pooja, her friends could take offence and relationships could be spoiled for life. A spoofed email is one that appears to originate from one source but actually has been sent from another source. E.g. Pooja has an e-mail address pooja@asianlaws.org. Her enemy, Sameer spoofs her e-mail and sends obscene messages to all her acquaintances. Since the e-mails appear to have originated from Pooja, her friends could take offence and relationships could be spoiled for life.

9|P a ge

Cyber Security 2012

Email spoofing refers to the process of sending an email message from one source, but making it appear as though the email was sent from a different source. For example, an email originates from user@domain.com but it appears to be from email@address.com. Another method of spoofing is to make the message appear to come from an unknown user within your domain name. For example, the message appears to be from support@yourdomain.com. This does not mean that your email account was compromised. It means that the sender has fooled the mail client into believing the email originated from a different address. This is usually done for malicious reasons, either to distribute unsolicited email or to distribute email viruses. Unfortunately, there is no real way to prevent spoofing from occurring. If you receive an email that has questionable content, it is recommended to delete the email message or use an antivirus program to scan the message before opening it. Email spoofing may occur in different forms, but all have a similar result: a user receives email that appears to have originated from one source when it actually was sent from another source. Email spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information (such as passwords). Examples of spoofed email that could affect the security of your site include: o email claiming to be from a system administrator requesting users to change their passwords to a specified string and threatening to suspend their account if they do not do this o email claiming to be from a person in authority requesting users to send them a copy of a password file or other sensitive information

Disadvantages :
Hide the identity of sender

Prevention (Deterrence)
o Use cryptographic signatures (e.g., PGP "Pretty Good Privacy" or other encryption technologies) to exchange authenticated email messages. Authenticated email provides a mechanism for ensuring that messages are from whom they appear to be, as well as ensuring that the message has not been altered in transit. Similarly, sites may wish to consider enabling SSL/TLS in their mail transfer software. Using certificates in this manner increases the amount of authentication performed when sending mail. Configure your mail delivery daemon to prevent someone from directly connecting to your SMTP port to send spoofed email to other sites. Ensure that your mail delivery daemon allows logging and is configured to provide sufficient logging to assist you in tracking the origin of spoofed email. Consider a single point of entry for email to your site. You can implement this by configuring your firewall so that SMTP connections from outside your firewall must go through a central mail hub. This will provide you with centralized logging, which may assist in detecting the origin of mail spoofing attempts to your site.

o o o

10 | P a g e

Cyber Security 2012

o Educate your users about your site's policies and procedures in order to prevent them from being "social engineered," or tricked, into disclosing sensitive information (such as passwords). Have your users report any such activities to the appropriate system administrator(s) as soon as possible. See also CERT advisory CA-1991-04, available from

[2].E-mail Spamming:
Email spam, also known as junk email or unsolicited bulk email (UBE), is a subset of spam that involves nearly identical messages sent to numerous recipients by email. Spam is flooding the Internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it. Most spam is commercial advertising, often for dubious products, get-rich-quick schemes, or quasi-legal services. Spam costs the sender very little to send -- most of the costs are paid for by the recipient or the carriers rather than by the sender. Email spam targets individual users with direct mail messages. Email spam lists are often created by scanning Usenet postings, stealing Internet mailing lists, or searching the Web for addresses. Email spams typically cost users money out-of-pocket to receive. Many people - anyone with measured phone service - read or receive their mail while the meter is running, so to speak. Spam costs them additional money. On top of that, it costs money for ISPs and online services to transmit spam, and these costs are transmitted directly to subscribers. The purpose of spam mail is to make customers think they are going to receive the real product or service at a reduced price. However, before the deal can occur, the sender of the spam asks for money, the recipients credit card number or other personal information.The customer will send that information and never receive the product nor hear from the spammer. The case of Jeremy Jaynes is a prime example of what a criminal can do with spam mail. Jaynes recently became the nation s first convicted purveyor of spam mail when he was found guilty in Leesburg, Virginia (AP, 2004). Apparently, Jaynes was able to send out over 10 million spam emails a day offering such products as software to remove personal information, and investment strategies (AP, 2004). During his trial, lawyers learned that Jaynes would receive anywhere between 10,000 to 17,000 responses a month to his spam mail. Depending on the number of responses Jaynes received, he could earn up to $750,000 per month (AP, 2004). The details of his apprehension have not been revealed (AP, 2004).

[3]. Email bombing

Email bombing refers to sending a large amount of emails to the victim resulting in the victim's email account (in case of an individual) or servers (in case of a company or an email service provider) crashing. A simple way of achieving this would be to subscribe the victim's email address to a large number of mailing lists. Mailing lists are special interest groups that share and exchange information on a common topic of interest with one another via email. Mailing lists are very popular and can generate a lot of daily email traffic - depending upon the mailing list. Some generate only a few 11 | P a g e

Cyber Security 2012

messages per day others generate hundreds. If a person has been unknowingly subscribed to hundreds of mailing lists, his incoming email traffic will be too large and his service provider will probably delete his account. The simplest email bomb is an ordinary email account. All that one has to do is compose a message, enter the email aaddress of the victim multiple times in the "To" field, and press the "Send" button many times. Writing the email address 25 times and pressing the "Send" button just 50 times (it will take less than a minute) will send 1250 email messages to the victim! If a group of 10 people do this for an hour, the result would be 750,000 emails! There are several hacking tools available to automate the process of email bombing. These tools send multiple emails from many different email servers, which makes it very difficult, for the victim to protect himself. E-mail bombing involves sending several thousand identical messages to an electronic mailbox in order to overflow it. E-mails are stored on a messaging server until they are picked up by the owner of the messaging account. In this case, when the owner collects his mail, the latter will take way too much time and the mailbox will become unusable... A malicious act where huge numbers of e-mails are directed to a specific system or a targeted user of that system. Mail bombs will usually fill the allotted space on an e-mail server for the users e-mail and can result in crashing the e-mail server, or at the very least, possibly rendering the user's computer useless as their e-mail client attempts to download the huge amounts of email. Also called a mail bomb.E-mail bomb is different from bomb which usually refers to a program hanging or ending prematurely. A huge amount of mail may simply fill up the recipient's disk space on the server or, in some cases, may be too much for a server to handle and may cause the server to stop functioning. In the past, mail bombs have been used to "punish" Internet users who have been egregious violators of netiquette (for example, people using e-mail for undesired advertising, or spam). Mail bombs not only inconvenience the intended target but they are also likely to inconvenience everybody using the server. Senders of mail bombs should be wary of exposing themselves to reciprocal mail bombs or to legal actions. There are several ways to coordinate an email bombing attack. One is to send large numbers of email directly, often using multiple accounts. Spreading the emails out over many accounts will also make it harder to pin down the source of the attack, and it will not tip off ISPs that flag high email volume from a single account. A virus can be written to hijack email accounts held by other people and use them to bomb the target.

Prevention (Deterrence)
To protect yourself from e-mail bombing, do as follows:
o o

Have several mailboxes: a main mailbox you give only to people worthy of your trust and another one you care less about and that you use for example to sign up for online services; Install an antispam software program that will keep you from receiving several identical messages over a short time period.

12 | P a g e

Cyber Security 2012

[4].Sending threatening emails :

Email is a useful tool for technology savvy criminals thanks to the relative anonymity offered by it. It becomes fairly easy for anyone with even a basic knowledge of computers to become a blackmailer by threatening someone via e-mail. In a recent case, Poorva received an e-mail message from someone who called him or herself 'your friend'. The attachment with the e-mail contained morphed pornographic photographs of Poorva. The mail message said that if Poorva were not to pay Rs. 10,000 at a specified place every month, the photographs would be uploaded to the Net and then a copy sent to her fianc. Scared, Poorva at first complied with the wishes of the blackmailer and paid the first Rs. 10, 000. Next month, she knew she would have to approach her parents. Then, trusting the reasonableness of her fianc she told him the truth. Together they approached the police. Investigation turned up the culprit - Poorva's supposed friend who wanted that Poorva and her fianc should break up so that she would get her chance with him.

[5].Defamatory emails
This occurs when defamation takes place with the help of computers and / or the Internet. E.g. someone publishes defamatory matter about someone on a website or sends e-mails containing defamatory information to all of that person's friends. Defamation is injury to the reputation of a person. If a person injures the reputation of another, he does so at his own risk, as in the case of an interference with the property. A man s reputation is his property, and if possible, more valuable than the other property. Cyber defamation is not different from conventional defamation except the involvement of a virtual medium. Example: A defamatory article can be published in a newspaper or it can be published on a website. Publishing through a website would amount to cyber defamation. The three essentials of Defamation are: a. The statement must be defamatory. b. The said statement must refer to the plaintiff. c. The statement must be published. Internet provides us with a very cheap and a quick way of communication. It has made the world a close nit organisation. Also, with the growth of social networking sites like orkut, facebook, etc., lot of personal information is shared amongst many people therefore, the chances of defamation through internet has become a major threat in today s world. Even if a single defamatory email is forwarded, it becomes very difficult to trace and stop its circulation. Any article published on a website is open for

13 | P a g e

Cyber Security 2012

the entire world to read. The damage or losses caused to the victim is very huge especially if the imputation is intended to harm the business of an individual or a business entity.

[6].Email frauds
Email spoofing is very often used to commit financial crimes. It becomes a simple thing not just to assume someone else's identity but also to hide one's own. The person committing the crime understands that there is very little chance of his actually being identified. In a recently reported case, a Pune based businessman received an email from the Vice President of the Asia Development Bank (ADB) offering him a lucrative contract in return for Rs 10 lakh. The businessman verified the email address of the Vice President from the web site of the ADB and subsequently transferred the money to the bank account mentioned in the email. It later turned out that the email was a spoofed one and was actually sent by an Indian based in Nigeria. In another famous case, one Mr. Rao sent himself spoofed e-mails, which were upposedly from the Euro Lottery Company. These mails informed him that he had won the largest lottery. He also created a website in the name of the Euro Lottery Company, announced n it that he had won the Euro Lottery and uploaded it on to the Internet. He then approached the Income Tax authorities in India and procured a clearance certificate from them for receiving the lottery amount. In order to let people know about the lottery, he approached many newspapers and magazines. The media seeing this as a story that would interest a lot of readers hyped it up and played a vital role in spreading this misinformation. Mr. Rao then went to many banks and individuals and told them that having won such a large sum of money he was afraid for his safety. He also wanted to move into a better house. He wheedled money out of these institutions and people by telling them that since the lottery prize money would take some time to come to him, he would like to borrow money from them. He assured them that the loan amount would be returned as soon as the lottery money came into his possession. Lulled into believing him (all thanks to the Income Tax clearance) most of these people loaned large amounts of money to him. It was only when he did not pay back the loan amounts to the banks that they became suspicious. A countercheck by the authorities revealed the entire scheme. Mr. Rao was arrested. Later, it was found that some of the money had been donated for philanthropic causes and also to political parties!

IRC related Crimes

Internet Relay Chat (IRC) is a protocol for real-time Internet text messaging (chat) or synchronous conferencing. It is mainly designed for group communication in discussion forums, called channels, but also allows one-to-one communication via private message as well as chat and data transfer, including file sharing.

14 | P a g e

Cyber Security 2012

[1].Denial of Service attacks Flooding a computer resource with more requests than it can handle. This causes the resource to crash thereby denying access of service to authorized users.

Examples include
o o o o attempts to "flood" a network, thereby preventing legitimate network traffic attempts to disrupt connections between two machines, thereby preventing access to a service attempts to prevent a particular individual from accessing a service attempts to disrupt service to a specific system or person.

Denial-of-service (or DoS) attacks are usually launched to make a particular service unavailable to someone who is authorized to use it. These attacks may be launched using one single computer or many computers across the world. In the latter scenario, the attack is known as a distributed denial of service attack. Usually these attacks do not necessitate the need to get access into anyone's system.

Mode of DOS Attack

There are three basic types of attack: o o o Consumption of scarce, limited, or non-renewable resources like NW bandwith, RAM, CPU time. Even power, cool air, or water can affect. Destruction or Alteration of Configuration Information Physical Destruction or Alteration of Network Components

Impact OF DOS Attack

Denial-of-service attacks can essentially disable your computer or your network. Depending on the nature of your enterprise, this can effectively disable your organization. Some denial-of-service attacks can be executed with limited resources against a large, sophisticated site. This type of attack is sometimes called an "asymmetric attack." For example, an attacker with an old PC and a slow modem may be able to disable much faster and more sophisticated machines or networks.

A distributed denial of service (DoS) attack

15 | P a g e

Cyber Security 2012

A distributed denial of service (DoS) attack is accomplished by using the Internet to break into computers and using them to attack a network. Hundreds or thousands of computer systems across the Internet can be turned into zombies and used to attack another system or website. A distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users. In a typical DDoS attack, a hacker (or, if you prefer, cracker) begins by exploiting a vulnerability in one computer system and making it the DDoS master. It is from the master system that the intruder identifies and communicates with other systems that can be compromised. The intruder loads cracking tools available on the Internet on multiple -- sometimes thousands of -compromised systems. With a single command, the intruder instructs the controlled machines to launch one of many flood attacks against a specified target. The inundation of packets to the target causes a denial of service.

16 | P a g e

Cyber Security 2012

Prohibited Actions on Cyber

6.1. Pornography 6.2. IPR Violations : software piracy, copyright infringement, trademarks violations, theft of computer source code, patent violations 6.3. Cyber Squatting 6.4. Cyber Terrorism: Targeted attacks on military installations, power plants, air traffic control, banks, trail traffic control, telecommunication networks are the most likely targets. Others like police, medical, fire and rescue systems etc. 6.5. Banking/Credit card Related crimes 6.6. E-commerce/ Investment Frauds 6.6.1. Sales and Investment frauds 6.7. Sale of illegal articles 6.8. Defamation (Cyber smearing) 6.9. Cyber Stacking

17 | P a g e

Cyber Security 2012

[1]. Pornography:
There is no settled definition of pornography or obscenity. What is considered simply sexually explicit but not obscene in USA may well be considered obscene in India. There have been many attempts to limit the availability of pornographic content on the Internet by governments and law enforcement bodies all around the world but with little effect. This would include pornographic websites; pornographic magazines produced using computers (to publish and print the material) and the Internet (to download and transmit pornographic pictures, photos, writings etc). Recent Indian incidents revolving around cyber pornography include the Air Force Balbharati School case. A student of the Air Force Balbharati School, Delhi, was teased by all his classmates for having a pockmarked face. Tired of the cruel jokes, he decided to get back at his tormentors. He scanned photographs of his classmates and teachers, morphed them with nude photographs and put them up on a website that he uploaded on to a free web hosting service. It was only after the father of one of the class girls featured on the website objected and lodged a complaint with the police that any action was taken. In another incident, in Mumbai a Swiss couple would gather slum children and then would force them to appear for obscene photographs. They would then upload these photographs to websites specially designed for paedophiles. The Mumbai police arrested the couple for pornography. Pornography on the Internet is available in different formats. These range from pictures and short animated movies, to sound files and stories. The Internet also makes it possible to discuss sex, see live sex acts, and arrange sexual activities from computer screens. Although the Indian Constitution guarantees the fundamental right of freedom of speech and expression, it has been held that a law against obscenity is constitutional. The Supreme Court has defined obscene as offensive to modesty or decency; lewd, filthy, repulsive. Section 67 of the IT Act is the most serious Indian law penalizing cyber pornography. Other Indian laws that deal with pornography include the Indecent Representation of Women (Prohibition) Act and the Indian Penal Code.

18 | P a g e

Cyber Security 2012

According to Section 67 of the IT Act
Whoever publishes or transmits or causes to be published in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to one lakh rupees and in the event of a second or subsequent conviction with imprisonment of either description for a term which may extend to ten years and also with fine which may extend to two lakh rupees.

[2].IPR Violations:

[3].Cyber Squatting
Cybersquatting (also known as domain squatting), according to the United States federal law known as the Anticybersquatting Consumer Protection Act, is registering, trafficking in, or using a domain name with bad faith intent to profit from the goodwill of a trademark belonging to someone else. The cybersquatter then offers to sell the domain to the person or company who owns a trademark contained within the name at an inflated price.Main Objective of cyber squatting is to obtain financial gain.

Categories of Cyber Squatting

Cyber squatting can be of various categories, most commonly seen is typo squatting, when a cyber squatter registers domain names containing variant of popular trademarks. Typo squatters rely on the fact that Internet users will make typographical errors when entering domain names into their web browsers. Some common examples of typo squatting include: o o o o The omission of the dot in the domain name: wwwexample.com; A common misspelling of the intended site: exemple.com A differently phrased domain name: examples.com A different top-level domain: example.org 19 | P a g e

Cyber Security 2012

# Daniyal Waseem of Quetta in Pakistan was using the domain name rediffpk.com . To this, the NASDAQ-listed Indian firm had contended that the disputed Internet site was identical in part and confusingly similar as a whole to the Rediff trademark, for which it has rights. Finding that Waseem had no rights to the REDIFF mark the WIPO Panel concluded the proceeding by transferring Rediff.com.pk to the Indian REDIFF trademark owner Rediff.com India Ltd.

Moreover cyber squatters also rely on the fact that trademark holders often forget to re-register their domain names, because domain registration is for a fixed period and if the owner does not re-register the domain name prior to expiration, then the domain name can be purchased by anybody. Cyber squatters will snatch up a domain name as it becomes available. This process is often referred to as renewal snatching.

SOME INDIAN CYBER-SQUATTING CASES

#Yahoo!Inc.v.AkashArora Probably the first reported Indian case is, wherein the plaintiff, who is the registered owner of the domain name yahoo.com succeeded in obtaining an interim order restraining the defendants and agents from dealing in service or goods on the Internet or otherwise under the domain name yahooindia.com or any other trademark/ domain name which is deceptively similar to the plaintiffs trademark Yahoo Although, as on the date of writing, there are very few reported judgments in our country, newspaper reports and information from reliable sources indicate that there are at least twenty-five disputes pertaining to domain names pending before the Delhi High Court itself. #TataSonsLtdVs.Ramadasoft Tata Sons, the holding company of Indias biggest industrial conglomerate, the Tata Group, won a case to evict a cyber-squatter from 10 contested internet domain names. Tata Sons had filed a complaint at the World Intellectual Property Organisation.The Respondent was proceeded exparte. The Panel concluded that the Respondent owns the domain names. These domain names are confusingly similar to the Complainants trademark TATA, and the Respondent has no rights or legitimate interests in respect of the domain names, and he has registered and used the domain names in bad faith. These facts entitle the Complainant to an order transferring the domain names from the Respondent.

Recognizing Cybersquatting
How do you know if the domain name you want is being used by a cybersquatter? Follow these steps to find out. Check where the domain name takes you. As a general rule, first check to see if the domain name takes you to a website. If it does not take you to a functioning website, but instead takes you to a site stating "this domain name for sale," or "under construction," or "can't find server," the likelihood increases that you are dealing with a cybersquatter. The absence of a real site may indicate that the domain name owner's only purpose in buying the name is to sell it back to you at a higher price.
20 | P a g e

Cyber Security 2012

Of course, absence of a website does not always mean the presence of a cybersquatter. There may also be an innocent explanation and the domain name owner may have perfectly legitimate plans to have a website in the future.
If the domain takes you to a functioning website that is comprised primarily of advertisements for products or services related to your trademark, you may also have a case of cybersquatting. For example, if your company is well-known for providing audio-visual services and the website you encounter is packed with ads for other company's audio-visual services, the likelihood is very strong that the site is operated by a cybersquatter who is trading off your company's popularity to sell Google ads to your competitors. If the domain name takes you to a website that appears to be functional, has a reasonable relation to the domain name, but does not compete with your products or services, you probably aren't looking at a case of cybersquatting. For example, if your trademark is "Moby Dick" for fine art dealing with whaling, and the website you encounter (www.mobydick.com) is for road cleaning machines, you do not have a case of cybersquatting. You may, under certain circumstances, have a case of trademark infringement. (For more information, see Nolo's article What to Do If the Domain Name You Want Is Taken.)

What You Can Do to Fight a Cybersquatter

A victim of cybersquatting in the United States has two options:
y y

sue under the provisions of the Anticybersquatting Consumer Protection Act (ACPA), or use an international arbitration system created by the Internet Corporation of Assigned Names and Numbers (ICANN).

Trademark experts consider the ICANN arbitration system to be faster and less expensive than suing under the ACPA, and the procedure does not require an attorney.

[3].Cyber Terrorism:
Cyberterrorism is the use of Internet based attacks in terrorist activities, including acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet, by the means of tools such as computer viruses. Cyberterrorism is a controversial term. Some authors choose a very narrow definition, relating to deployments, by known terrorist organizations, of disruption attacks against information systems for the primary purpose of creating alarm and panic. By this narrow definition, it is difficult to identify any instances of cyberterrorism. Cyberterrorism is the use of Internet based attacks in terrorist activities, including acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet, by the means of tools such as computer viruses.

21 | P a g e

Cyber Security 2012

Cyberterrorism is a controversial term. Some authors choose a very narrow definition, relating to deployments, by known terrorist organizations, of disruption attacks against information systems for the primary purpose of creating alarm and panic. By this narrow definition, it is difficult to identify any instances of cyberterrorism.

Main Reason of Cyberterrorism

Vulnerability of information technology

Possible Targets:
o o o o o o o o o o Electricity Supply, Traffic Control, Economy in general Targeted attacks on military installations, Power plants, Air traffic control, banks, trail traffic control, telecommunication networks are the most likely targets. Others like police, medical, fire and rescue systems etc.

Main activities:
o o o o o Research Publishing Information (recruitment) Communication between members ofterrorist groups Terrorist financing and moneylaundering Committing Cybercrime (politicalmotivated attacks)

Cyber terrorism takes many forms. One of the more popular is to threaten a large bank. The terrorists hack into the system and then leave an encrypted message for senior directors, which threatens the bank. In essence, the message says that if they do not pay a set amount of money, then the terrorists will use anything from logic bombs to electromagnetic pulses and high-emission radio frequency guns to destroy the banks files. What adds to the difficulty to catch the criminals is that the criminals may be in another country. A second difficulty is that most banks would rather pay the money than have the public know how vulnerable they are. Here are some examples of cyber-terroism in its many forms:

Case 1:
Cyber-terrorists often commit acts of terrorism simply for personal gain. Such a group, known as the Chaos Computer Club, was discovered in 1997. They had created an Active X Control for the Internet that can trick the Quicken accounting program into removing money from a user's bank account. This 22 | P a g e

Cyber Security 2012

could easily be used to steal money from users all over the world that have the Quicken software installed on their computer. This type of file is only one of thousands of types of viruses that can do everything from simply annoy users, to disable large networks, which can have disastrous, even life and death, results.

Case 2:
Cyber-terrorist are many times interested in gaining publicity in any possible way. For example, information warfare techniques like Trojan horse viruses and network worms are often used to not only do damage to computing resources, but also as a way for the designer of the viruses to "show off." This is a serious ethical issue because many people are affected by these cases. For one, the viruses can consume system resources until networks become useless, costing companies lots of time and money. Also, depending on the type of work done on the affected computers, the damage to the beneficiaries of that work could be lethal. Even if the person never meant to harm someone with their virus, it could have unpredictable effects that could have terrible results.

Case 3:
In one of its more unusual forms, cyber-terrorism can be used for an assassination. In one case, a mob boss was shot but survived the shooting. That night while he was in the hospital, the assassins hacked into the hospital computer and changed his medication so that he would be given a lethal injection. He was dead a few hours later. They then changed the medication order back to its correct form, after it had been incorrectly administered, to cover their tracks so that the nurse would be blamed for the "accident". There are many ethical issues involved in a case like this. Most obviously, a man was killed by the hackers' actions. Also, the life of the nurse was probably ruined, along with the reputation of the hospital and all its employees. Thus, there are often more stakeholders in a terrorist situation that the immediate recipient of the terrorism.

Case 4:
Terrorism can also come in the form of disinformation. Terrorists can many times say what they please without fear of reprisal from authorities or of accountability for what they say. In a recent incident, the rumor that a group of people were stealing people's kidneys for sale was spread via the Internet. The rumor panicked thousands of people. This is an ethical issue similar to screaming 'Fire' in a crowded theater. In case like this, the number of people affected is unlimited. Thousands of people were scared by this and could have suffered emotionally.

Case 5:
Minor attacks come in the form of "data diddling", where information in the computer is changed. This may involve changing medical or financial records or stealing of passwords. Hackers may even prevent users who should have access from gaining access to the machine. Ethical issues in this case include things like invasion of privacy and ownership conflicts. It could be even more serious if, for instance, the person who needed access to the machine was trying to save someone's life in a hospital and couldn't 23 | P a g e

Cyber Security 2012

access the machine. The patient could die waiting for help because the computer wouldn't allow the necessary access for the doctor to save his or her life.

[4]Banking Related Crime:

In the corporate world, Net hackers are continually searching for opportunities to compromise a company s security in order to gain access to confidential banking and monetary data. Use of stolen card details or fake credit/debit cards are common. Even Bank employee can grab income making use of programs to deduce tiny amount of money from all customer accounts and adding it to own account also called as salami. Banking related crime can be categories into three ways. [A].ATM frauds [B].Money Laundering [C].Credit card related crime.

[A].ATM frauds:
Cyber crime can be done through the ATM fruds.

WAYS TO CARD FRAUDS

Some of the popular techniques used to carry out ATM crime are: 1. Through Card Jamming ATM s card reader is tampered with in order to trap a customer s card. Later on the criminal removes the card. 2. Card Skimming, is the illegal way of stealing the card s security information from the card s magnetic stripe. 3. Card Swapping, through this customer s card is swapped for another card without the knowledge of cardholder. 4. Website Spoofing, here a new fictitious site is made which looks authentic to the user and customers are asked to give their card number. PIN and other information, which are used to reproduce the card for use at an ATM. 5. Physical Attack. ATM machine is physical attacked for removing the cash.

[B].Money Laundering
The term 'money laundering' is typically used to refer to any financial transaction that was meant to be kept secret, but was eventually found out. In many cases it refers to the process of concealing a source of money, which is often earned by illegal means such as drug trafficking, health care fraud, and smuggling, just to name a few. Various laundering techniques can be used by individuals, groups, officials, and corporations. The goal of a money 24 | P a g e

Cyber Security 2012

laundering operation is usually to hide either the source or the destination of money; in many cases it aims to make illegal transactions appear legitimate and legal. Money laundering is the process by which large amounts of illegally obtained money (from drug trafficking, terrorist activity or other serious crimes) is given the appearance of having originated from a legitimate source. If done successfully, it allows the criminals to maintain control over their proceeds and ultimately to provide a legitimate cover for their source of income. Money laundering plays a fundamental role in facilitating the ambitions of the drug trafficker, the terrorist, the organised criminal, the insider dealer, the tax evader as well as the many others who need to avoid the kind of attention from the authorities that sudden wealth brings from illegal activities. By engaging in this type of activity it is hoped to place the proceeds beyond the reach of any asset forfeiture laws.

How Money is Laundered

The money laundering process usually involves several steps that make it difficult to trace the original source of money. Some of these steps include transferring the money between bank accounts, breaking up large amounts of money into small deposits, or buying acceptable forms of money such as money orders or cashier's checks. The process is usually planned and organized to avoid being caught and facing punishment. Perhaps the best way to understand the concept is to take a look at some common techniques. Suppose, for example, that an employee was stealing large sums of cash from her employer without getting caught. If she was to make large deposits into her bank account, some regulator (or computer program) might notice the unusually large deposits, thereby increasing her chance of getting caught. Instead, the criminal might launder the money by simply using the cash to make purchases and then reselling the items in a legitimate market. The money gained from these sales is 'cleaner' and the criminal is drawing less attention to herself. Quite often, criminals will use the Internet as a tool to launder money. One group of people that are often victimized in the process are job seekers, quite often from Australia. These job seekers will unknowingly apply for fraudulent jobs that require them to give their bank information to the criminal, as the position requires them to transfer money and process payments. In many cases, people who think they were hired for a new job were actually part of a money laundering scheme. Another common scheme to launder money involves hiring employees to package and ship stolen items, most of which are electronics. The employee is reimbursed for the shipping charges and paid with a fake check. The criminal is usually selling the electronics, most likely to people in foreign countries, in order to launder their money without being caught. The transaction looks legal because it appears to be nothing more than a buy and sell situation, when in reality, it is part of a bigger laundering scheme.

[C].Credit card related crime.

Credit card fraud is a wide-ranging term for theft and fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account. Credit card fraud is 25 | P a g e

Cyber Security 2012

also an adjunct to identity theft. According to the Federal Trade Commission, while identity theft had been holding steady for the last few years, it saw a 21 percent increase in 2008. Credit card related crime may be occurs for the following reasons. -If card is stolen -Hacker get credit card related information through Mail/internet fraud. - Account Takeover There are two types of fraud within the identity theft category: 1. Application Fraud 2. Account Takeover. 1. Application Fraud Application fraud occurs when criminals use stolen or fake documents to open an account in someone else's name. Criminals may try to steal documents such as utility bills and bank statements to build up useful personal information. Alternatively, they may create counterfeit documents. 2. Account Takeover Account takeover involves a criminal trying to take over another person's account, first by gathering information about the intended victim, then contacting their bank or credit issuer masquerading as the genuine cardholder asking for mail to be redirected to a new address. The criminal then reports the card lost and asks for a replacement to be sent. The replacement card is then used fraudulently.

[5].Sale of illegal articles

This would include sale of narcotics, weapons and wildlife etc., by posting information on websites, bulletin boards or simply by using e-mail communications. It is becoming increasingly common to find cases where sale of narcotic drugs, weapons, wildlife etc. is being facilitated by the Internet. Information about the availability of the products for sale is being posted on auction websites, bulletin boards etc. Scenario: The suspect posts information about the illegal sale that he seeks to make. Potential customers can contact the seller using the email IDs provided. If the buyer and seller trust each other after their email and / or telephonic conversation, the actual transaction can be concluded. In most such cases the buyer and seller will meet face to face only at the time of the final transaction.

26 | P a g e

Cyber Security 2012

Illustration: In March 2007, the Pune rural police cracked down on an illegal rave party and arrested hundreds of illegal drug users. The social networking site, Orkut.com, is believed to be one of the modes of communication for gathering people for the illegal drug party. Modus Operandi: The suspect creates an email ID using fictitious details. He then posts messages, about the illegal products, in various chat rooms, bulletin boards, newsgroups etc. Potential customers can contact the seller using the email IDs provided. Objective: Illegal financial gain. Applicable law (Before 27 October, 2009): Information Technology Act usually does not apply. Depending upon the illegal items being transacted in, the following may apply: Narcotic Drugs and Psychotropic Substances Act, Arms Act, Indian Penal Code, Wildlife related laws etc. Applicable law (After 27 October, 2009): Information Technology Act usually does not apply. Depending upon the illegal items being transacted in, the following may apply: Narcotic Drugs and Psychotropic Substances Act, Arms Act, Indian Penal Code, Wildlife related laws etc.

[6].CyberDefamation:
This occurs when defamation takes place with the help of computers and or the Internet e.g. someone published defamatory matter about someone on a websites or sends e-mail containing defamatory information to all of that person s friends. Defamation is injury to the reputation of a person. If a person injures the reputation of another, he does so at his own risk, as in the case of an interference with the property. A man s reputation is his property, and if possible, more valuable than the other property.

Cyber defamation is not different from conventional defamation except the involvement of a virtual medium. Example: A defamatory article can be published in a newspaper or it can be published on a website. Publishing through a website would amount to cyber defamation. The three essentials of Defamation are:  The statement must be defamatory.  The said statement must refer to the plaintiff.  The statement must be published. Internet provides us with a very cheap and a quick way of communication. It has made the world a close nit organisation. Also, with the growth of social networking sites like orkut, facebook, etc., lot of personal information is shared amongst many people therefore, the chances of defamation through internet has become a major threat in today s world. Even if a single defamatory email is forwarded, it becomes very difficult to trace and stop its circulation. Any article published on a website is open for the entire world to read. The damage or losses caused to the victim is very huge especially if the imputation is intended to harm the business of an individual or a business entity. 27 | P a g e

Cyber Security 2012

[7]CyberStalking:
Cyberstalking is a technologically-based attack on one person who has been targeted specifically for that attack for reasons of anger, revenge or control. Cyberstalking can take many forms, including:
y y y y

harassment, embarrassment and humiliation of the victim emptying bank accounts or other economic control such as ruining the victim's credit score harassing family, friends and employers to isolate the victim scare tactics to instill fear and more.

The term can also apply to a traditional stalker who uses technology to trace and locate their victim and their movements more easily (e.g. using Facebook notifications to know what party they are attending). A true cyberstalker s intent is to harm their intended victim using the anonymity and untraceable distance of technology. In many situations, the victims never discover the identity of the cyberstalkers who hurt them, despite their lives being completely upended by the perpetrator. Cyberstalking is not identity theft. An identity thief, whether stealing from a stranger or a family member, has a very specific goal in mind financial gain. Identity thieves are unconcerned by the consequences of their behavior on the victim s life, whereas the actions of a cyberstalker are deliberate and focused on the consequences to the victim. Typology of Cyber Stalking: There are three primary ways in which cyber stalking is conducted (Ogilvie, 2000) Email Stalking: Direct communication through email. Internet Stalking: Global communication through the Internet. Computer Stalking: Unauthorised control of another person s computer.

1. Email Stalking
While the most common forms of stalking in the physical world involve telephoning, sending mail, and actual surveillance (Burgess et al. 1997; Mullen et al. 1999; Tjaden 1997), cyber stalking can take many forms. Unsolicited email is one of the most common forms of harassment, including hate, obscene, or threatening mail. Other forms of harassment include sending the victim viruses or high volumes of electronic junk mail (spamming). It is important to note here that sending viruses or telemarketing solicitations alone do not constitute stalking. However, if these communications are repetitively sent in a manner which is designed to intimidate (that is, similar to the manner in which stalkers in the physical world send subscriptions to pornographic magazines), then they may constitute concerning behaviours and hence be categorized as stalking (Ogilvie, 2000).

28 | P a g e

Cyber Security 2012

In many ways, stalking via email represents the closest replication of traditional stalking patterns. Given that the most common forms of stalking behavior are telephoning and sending mail, the adoption of email by stalkers is not surprising. As a medium, email incorporates the immediacy of a phone call and introduces the degree of separation entailed in a letter. It might be argued that email stalking is actually less invasive than phone calls because the victim can undermine the interaction by deleting, without opening, any suspicious or unsolicited messages. This argument does, however, deny the social meaning of email communication. As with telephone stalking, email harassment constitutes an uninvited and arguably threatening incursion into private space. As with stalking in the physical world, email stalking can result from an attempt to initiate a relationship, repair a relationship, or threaten and traumatize a person. Interestingly though, those cases which have been prosecuted have tended to fall into the latter category (Ogilvie, 2000).

2. Internet Stalking
As with stalking in the physical world, few examples of stalking are confined to one medium. While email stalking may be analogous to traditional stalking in some instances, it is not restricted to this format. Stalkers can more comprehensively use the Internet in order to slander and endanger their victims. In such cases, the cyber stalking takes on a public, rather than a private, dimension. What is particularly disturbing about this second form of cyber stalking is that it appears to be the most likely to spill over into physical space . In these instances, cyber stalking is accompanied by traditional stalking behaviours such as threatening phone calls, vandalism of property, threatening mail, and physical attacks (Laughren 2000). As noted by Gilbert (1999): In real life, stalkers usually stalk in proximity to their victims they want the victim to see them and know they are there they feed on the victim s reaction. On the internet, proximity takes on a new meaning (Ogilvie, 2000). Obviously, there are important differences between the situation of someone who is regularly within shooting range of her or his stalker and someone who is being stalked from two thousand miles away. While the previous examples can be viewed as offensive and threatening, they can, nevertheless, be viewed as distinct from traditional stalking in that they remain in cyber space. While emotional distress is (appropriately) acknowledged in most criminal sanctions, it is not considered as serious as actual physical threat. Thus, while links between stalking, domestic violence, and feticide have been empirically demonstrated in real life (Burgess et al. 1997; Kurt 1995; McFarlane et al. 1999), much cyber stalking remains at the level of inducing emotional distress, fear, and apprehension. However, this is not to say that causing apprehension and fear should not be criminally sanctioned, or that the cyber and the real are somehow inherently or intrinsically disconnected (Ogilvie, 2000).

3. Computer Stalking
Whilst the first two categories of cyber stalking can spill over into real world interactions, the distancing quality of the cyber component of the interaction is, nevertheless, a defining feature of the interaction. If there is no movement into the real world, targets of the harassment are still able to buffer themselves from exposure to the stalker by avoiding parts of the Internet used by the stalker. The necessity to do this is of course an intrusion upon the rights of the individual, but it is at least a strategy that can be employed to obtain a degree of distance between the stalker and the victim. In the third 29 | P a g e

Cyber Security 2012

category of cyber stalking, this defensive strategy is undermined by the stalker. In essence, the stalker exploits the workings of the Internet and the Windows operating system in order to assume control over the computer of the targeted victim (Ogilvie, 2000). It is probably not widely recognized that an individual Windows based computer connected to the Internet can be identified, and connected to, by another computer connected to the Internet. This connection is not the link via a third party characterizing typical Internet interactions; rather, it is a computer-to-computer connection allowing the interloper to exercise control over the computer of the target. At present, a reasonably high degree of computer savvy is required to undertake this form of exploitation of the Internet and the Windows operating system. However, and inevitably, instructions on how to use the technologies in this way are available on the Internet. It is likely that progressively easier scripts for the exercise will be made freely available for anyone so inclined to download. In practice, what this means is that individual computer users have a vastly reduced buffer between themselves and the stalker (Ogilvie, 2000). A cyber stalker can communicate directly with their target as soon as the target computer connects in any way to the Internet. The stalker can assume control of the victim s computer and the only defensive option for the victim is to disconnect and relinquish their current Internet address . The situation is like discovering that anytime you pick up the phone, a stalker is on-line and in control of your phone. The only way to avoid the stalker is to disconnect the phone completely, and then reconnect with an entirely new number. Only one specific example of this technique was used in stalking. A woman received a message stating I m going to get you , the interloper then opened the woman s CDROM drive in order to prove he had control of her computer (Karp 2000). More recent versions of this technology claim to enable real-time keystroke logging (the recording of every keystroke) and view the computer desktop in real time (Spring 1999). It is not difficult to hypothesize that such mechanisms would appear as highly desirable tools of control and surveillance for those engaging in cyber stalking (Ogilvie, 2000).

6.2. IPR Violations : software piracy, copyright infringement, trademarks violations, theft of computer source code, patent violations

30 | P a g e