SVIMS, Batch 2010-11

Cyber Crime

What is Cyber Space?

Cyber space is a worldwide network of computers and the equipment
that connect them, which by its very design is free and open to the public (the Internet).

Cyberspace is the electronic medium of computer networks, in which

online communication takes place. Weve become increasingly reliant on the net, and it is being used right now to transfer everything from friendly emails to hypersensitive data.

What is Cybercrime?
Cybercrime refers to any crime that involves a computer and a
network, where the computers may or may not have played an instrumental part in the commission of a crime. Issues surrounding this type of crime have become high-profile, particularly those surrounding hacking, copyright infringement, child pornography, child grooming, releasing of viruses, identity theft, interception, access and manipulation of non public data and systems.

What is Cybercrime?
Cybercrime encompasses a broad range of potentially illegal
activities. Generally, however, it may be divided into one of two types of categories:

Cybercrime

Crimes that target computer networks or devices directly

Crimes facilitated by computer networks or devices, the primary target of which is independent of the computer network or device

Why learn about CYBER CRIME ?

Everybody is using COMPUTERS.
From white collar criminals to terrorist organizations and from teenagers to adults.

Conventional crimes like forgery, extortion, kidnapping etc. are

being committed with the help off computers. New generation is growing up with computers. MOST IMPORTANT - monetary transactions are moving on to the INTERNET

Types of Cybercrimes
Hacking Denial of service attack Virus dissemination Software piracy Pornography IRC crime Credit card fraud Net extortion Phishing Spoofing Cyber stalking Cyber defamation Threatening Salami attack Spam Fraud Obscene or offensive content Drug trafficking Cyber terrorism Cyber warfare Virus/worms Forgery

Hacking
The act of gaining unauthorized access to a computer system or
network and in some cases making unauthorized use of this access. Hacking is also the act by which other forms of cyber-crime (e.g.,

fraud, terrorism, etc.) are committed.

Hacking in simple terms means illegal intrusion into a computer system without the permission of the computer owner/user.

Denial of service attack

This is an act by the criminal, who floods the bandwidth of the
victims network or fills his e-mail box with spam mail depriving him of the services he is entitled to access or provide.

This involves flooding computer resources with more requests than it

can handle. This causes the resources to crash thereby denying authorized users the service offered by the resources.

Virus dissemination
Malicious software that attaches itself to other software.
Eg. - Virus, worms, Trojan Horse, Time bomb, Logic Bomb, Rabbit and Bacterium are the malicious softwares

Software piracy
Software piracy is theft of software through the illegal copying of genuine programs or the counterfeiting and distribution of products intended to pass for the original. Retail revenue losses worldwide are ever increasing due to this crime. Piracy can be done in various ways such as end user copying, hard

disk loading, Counterfeiting, Illegal downloads from the internet etc.

Pornography
Pornography is the first consistently successful e-commerce product. Pornography has deceptive marketing tactics and mouse trapping technologies which encourages customers to access their websites. Anybody including children can log on to the internet and access websites with pornographic contents with a click of a mouse.

Publishing, transmitting any material in electronic form which is

lascivious or appeals to the prurient interest is an offence under the provisions of section 67 of I.T. Act -2000.

IRC crimes
Internet Relay Chat (IRC) servers have chat rooms in which people
from anywhere the world can come together and chat with each other Criminals use it for meeting co-conspirators. Hackers use it for discussing their exploits / sharing the technique. Paedophiles use chat rooms to allure small children.

Credit card fraud

Credit card fraud is a wide-ranging term for theft and fraud
committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction.

If electronic transactions are not secured the credit card numbers can
be stolen by the hackers who can misuse this card by impersonating the credit card owner.

Net extortion
Copying the companys confidential data in order to extort said
company for huge amount.

Phishing
In computing, phishing is the criminally fraudulent process of
attempting to acquire sensitive information such as usernames, password and credit card details, by masquerading as a trustworthy entity in an electronic communication.

Spoofing
The process of deception by which an individual or system alters its identity or creates additional identities, thereby causing another person or system to act incorrectly.

Getting one computer on a network to pretend to have the identity of

another computer, usually one with special access privileges, so as to obtain access to the other computers on the network.

Cyber stalking
Stalking in General terms can be referred to as the repeated acts of
harassment targeting the victim such as following the victim, making harassing phone calls, killing the victims pet, vandalizing victims property, leaving written messages or objects. Cyber Stalking can be defined as the repeated acts of harassment or

threatening behaviour of the cyber criminal towards the victim by

using internet services.

Cyber defamation
The Criminal sends emails containing defamatory matters to all
concerned of the victim or post the defamatory matters on a website. Eg. - Disgruntled employee may do this against boss, ex-boys friend

against girl, divorced husband against wife etc.

Threatening
The Criminal sends threatening email or comes in contact in chat rooms with victim. Any one disgruntled may do this against boss, friend or official.

Salami attack
In such crime criminal makes insignificant changes in such a manner that such changes would go unnoticed.

Criminal makes such program that deducts small amount like $ 2.50
per month from the account of all the customer of the Bank and deposit the same in his account. In this case no account holder will approach the bank for such small amount but criminal gains huge amount.

Spam
Spam, or the unsolicited sending of bulk email for commercial
purposes, is unlawful to varying degrees. As applied to email, specific anti-spam laws are relatively new, however limits on unsolicited electronic communications have existed in some forms for some time.

Fraud
Computer fraud is any dishonest misrepresentation of fact intended
to let another to do or refrain from doing something which causes loss.

Drug trafficking
Drug traffickers are increasingly taking advantage of the Internet to
sell their illegal substances through encrypted e-mail and other Internet Technology. Some drug traffickers arrange deals at internet cafes, use courier Web sites to track illegal packages of pills, and swap recipes for amphetamines in restricted-access chat rooms.

Cyber terrorism
Cyber terrorism in general, can be defined as an act of terrorism
committed through the use of cyberspace or computer resources (Parker 1983).

As such, a simple propaganda in the Internet, that there will be bomb

attacks during the holidays can be considered cyber terrorism. As well there are also hacking activities directed towards individuals, families, organized by groups within networks, tending to cause fear among people, demonstrate power, collecting information relevant for ruining peoples' lives, robberies, blackmailing etc.

Cyber warfare
The U.S. Department of Defence (DoD) notes that cyberspace has
emerged as a national-level concern through several recent events of geo-strategic significance.

Among those are included the attack on Estonia's infrastructure in

2007, allegedly by Russian hackers. Cyberwarfare has been defined by government security expert Richard A. Clarke, in his book Cyber War (May 2010), as "actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption."

Forgery
Counterfeit currency notes, postage and revenue stamps, mark sheets
etc., can be forged using sophisticated computers, printers and scanners.

Preventive Measures For Individuals

Preventive measures should be adopted by both children as well as parents.

For instance children should not reveal any kind of identity while
chatting etc. Parents should use content filter software on PC. For any individual, he/she should share any personal information online to whomsoever it might be.

Preventive measures for Government & other organizations

Physical security
Access control Password Finding the holes in network Firewalls Frequent password changing

Safe surfing
Frequent virus checks

Using network scanning programs Email filters

Using intrusion alert programs

Using encryption

Cyber law
India has enacted the first I.T.Act,2000 based on the UNCITRAL
model. Chapter XI of this Act deals with offence/crimes along with certain other provisions scattered in this Acts.

Offence Section Under IT Act

OFFENCE Tampering with computer source documents Hacking with computer systems , Data alteration Publishing obscene information Un- authorized access to protected System Breach of Confidentiality & Privacy Publishing false digital signature certificates SECTION Sec.65 Sec.66 Sec.67 Sec.70 Sec.72 Sec.73

Computers Related Crimes Covered Under IPC & Special Laws

OFFENCE Sending threatening messages by e-mail Sending defamatory messages by e-mail Forgery of electronic records Bogus websites , cyber frauds E-mail spoofing Web-Jacking E-mail Abuse SECTIONS Sec 503 IPC Sec 499 IPC Sec 463 IPC Sec 420 IPC Sec 463 IPC Sec.383 IPC Sec.500 IPC

Online sale of Drugs

NDPS Act

Cyber security
Cyber security involves protection of sensitive personal and business
information through prevention, detection and response to different online attack.

Cyber security standards are security standards which enable

organizations to practice safe security techniques to minimize the number of successful cyber security attacks. ISO/IEC 27002 BS7799 part I & BS 7799 part II

NIST has also released several publications addressing cyber security.

Advantages of cyber security

It defends us from critical attacks. It helps us browse safe websites. It defends us from hacks and virus.

Security developers update their database every week hence new

virus also gets deleted. Internet security process all the incoming and outgoing data on our computer.

Case studies
Pune Citibank emphasis Call Center Fraud
Baazee.com case Andhra Pradesh Tax Case

Conclusion

The modern thief can steal more with a computer than with a gun. Tomorrow's terrorist may be able to do more damage with a keyboard than with a bomb.

Bibliography & Webliography

Information Technology for Management book
By E Fraim Turban Dorothy Leiner Ephraim Mclean

James Wetherbe
www.cyberlawsindia.net www.iprfirm.com www.cybercellmumbai.com www.cybercrime.planetindia.net www.indiacyberlab.in www.virtualpune.com www.brighthub.com www.cyberlawclinic.org

Thank you