UNIT 1

What is Cybercrime?
Cybercrime is defined as a crime where a computer is the object of the crime or is used as a
tool to commit an offense. A cybercriminal may use a device to access a user’s personal
information, confidential business information, government information, or disable a device.
It is also a cybercrime to sell or elicit the above information online.

Cybercrimes can generally be divided into two categories:

Crimes that target networks or Crimes using devices to participate in criminal
devices activities

Viruses Phishing Emails

Malware Cyberstalking

DoS Attacks Identity Theft

Categories of Cybercrime
There are three major categories that cybercrime falls into: individual, property and
government. The types of methods used and difficulty levels vary depending on the category.

 Property: This is similar to a real-life instance of a criminal illegally possessing an

individual’s bank or credit card details. The hacker steals a person’s bank details to gain
access to funds, make purchases online or run phishing scams to get people to give away their
information. They could also use a malicious software to gain access to a web page with
confidential information.
 Individual: This category of cybercrime involves one individual distributing malicious or
illegal information online. This can include cyberstalking, distributing pornography and
trafficking.

 Government: This is the least common cybercrime, but is the most serious offense. A crime
against the government is also known as cyber terrorism. Government cybercrime includes
hacking government websites, military websites or distributing propaganda. These criminals
are usually terrorists or enemy governments of other nations.
Types of Cybercrime
DDoS Attacks
These are used to make an online service unavailable and take the network down by
overwhelming the site with traffic from a variety of sources. Large networks of infected
devices known as Botnets are created by depositing malware on users’ computers. The hacker
then hacks into the system once the network is down.

Botnets
Botnets are networks from compromised computers that are controlled externally by remote
hackers. The remote hackers then send spam or attack other computers through these botnets.
Botnets can also be used to act as malware and perform malicious tasks.

Identity Theft
This cybercrime occurs when a criminal gains access to a user’s personal information to steal
funds, access confidential information, or participate in tax or health insurance fraud. They
can also open a phone/internet account in your name, use your name to plan a criminal
activity and claim government benefits in your name. They may do this by finding out user’s
passwords through hacking, retrieving personal information from social media, or sending
phishing emails.

Cyberstalking
This kind of cybercrime involves online harassment where the user is subjected to a plethora
of online messages and emails. Typically cyberstalkers use social media, websites and search
engines to intimidate a user and instill fear. Usually, the cyberstalker knows their victim and
makes the person feel afraid or concerned for their safety.

Social Engineering
Social engineering involves criminals making direct contact with you usually by phone or
email. They want to gain your confidence and usually pose as a customer service agent so
you’ll give the necessary information needed. This is typically a password, the company you
work for, or bank information. Cybercriminals will find out what they can about you on the
internet and then attempt to add you as a friend on social accounts. Once they gain access to
an account, they can sell your information or secure accounts in your name.

PUPs
PUPS or Potentially Unwanted Programs are less threatening than other cybercrimes, but are
a type of malware. They uninstall necessary software in your system including search engines
and pre-downloaded apps. They can include spyware or adware, so it’s a good idea to install
an antivirus software to avoid the malicious download.

Phishing
This type of attack involves hackers sending malicious email attachments or URLs to users to
gain access to their accounts or computer. Cybercriminals are becoming more established and
many of these emails are not flagged as spam. Users are tricked into emails claiming they
need to change their password or update their billing information, giving criminals access.
Prohibited/Illegal Content
This cybercrime involves criminals sharing and distributing inappropriate content that can be
considered highly distressing and offensive. Offensive content can include, but is not limited
to, sexual activity between adults, videos with intense violent and videos of criminal activity.
Illegal content includes materials advocating terrorism-related acts and child exploitation
material. This type of content exists both on the everyday internet and on the dark web, an
anonymous network.

Online Scams
These are usually in the form of ads or spam emails that include promises of rewards or
offers of unrealistic amounts of money. Online scams include enticing offers that are “too
good to be true” and when clicked on can cause malware to interfere and compromise
information.

Exploit Kits
Exploit kits need a vulnerability (bug in the code of a software) in order to gain control of a
user’s computer. They are readymade tools criminals can buy online and use against anyone
with a computer. The exploit kits are upgraded regularly similar to normal software and are
available on dark web hacking forums.

IDENTITY THEFT

Identity theft occurs when someone steals your personal information, such as your
date of birth, name, and address history. Criminals can then use this information to
commit identity fraud, typically using your identity to gain financially. Unfortunately,
identity theft can happen to anyone. If your identity is stolen and used to commit
identity fraud, you could face serious consequences. Perpetrators may:

 Max out your bank or credit card funds.

 Leave you liable for debts you didn’t accrue.
 Use your identity to commit non-financial crimes.
 Severely damage your credit score so you are unable to take out loans or
mortgages.

Though it might be possible for you to clear your name or regain lost funds, the
emotional toll and financial worries can linger for a long time. Therefore, it’s
important that you are aware of the common types of identity theft and how criminals
steal information so you can protect yourself.

Common Types of Identity Theft

Identity thieves are always finding new ways to steal and use personal and
confidential information. Below are some examples of how a criminal might commit
identity fraud.

 Driver’s license fraud. Driver’s license fraud occurs when a criminal has a

driver’s license issued to themselves under another person’s identity. They
 might use the license to commit traffic violations that end up on your record
and you could lose your license.
 Financial identity theft. Criminals are able to use your stolen personal
information to take over your financial accounts or create their own, which can
be very serious and stressful. It can take you months or years to rectify the
effects of financial identity theft and it could result in large volumes of debt
and a poor credit score.
 Child identity theft. Child identity theft is usually committed by a relative
who will take out loans and credit cards in the child’s name. As children have
no reason to check or monitor their credit reports, they will usually remain
unaware of the fraudulent activity until they come of age and require loans.
This type of fraud can take years to sort out and could stop you from being able
to buy a house or car. It’s also likely to increase the interest rates on any loans
you might be offered.
 Change of address fraud. A fraudster could change your mailing address,
diverting it to themselves instead. This allows them to look through all your
mail and find out bank details, credit card details and other personal
information.
 Employment identity theft. Criminals, illegal immigrants and the jobless use
stolen identification and personal details to obtain employment. By using stolen
identification, they are able to conceal their real personal history from their
employers.

Techniques Used by Identity Thieves

Skimmer devices
Thieves can copy your credit card information using a hand held device called a skimmer. This illegal act

is often committed by seemingly innocent people such as waitresses, store clerks, and hotel employees.

The skimmer is small enough to fit into a pocket and it only takes a few seconds for someone to swipe

your card and record the necessary information. The thief then sells your information to an organized

crime ring. They make and sell duplicate credit cards. Skimmer devices can also be placed on ATM

machines.

Dumpster diving
Printed documents that state private information should be shredded before being thrown away. Thieves go

through the garbage to find account numbers, Social Security Numbers, and other sensitive information

from personal, financial, and medical documents. They use this information to assume or sell your

financial identity.
Mail theft
Thieves will dig through your mail box in plain daylight, looking for credit card offers, bank or credit card

statements, and personal checks. Identity thieves have been known to reroute mail in an attempt to get their

hands on your sensitive information.

Internet
According to the Federal Trade Commission, 1 in 8 Americans in the last 5 years have been affected by

Internet identity theft. These thieves know how to intercept information sent over unsecured internet

connections. Some plant spyware into seemingly innocent downloads.

Phishing
Thieves send emails and pop-ups that appear to be from banks and credit card companies. They will ask

you to click a link and provide information related to your account. They may threaten you with severe

consequences if you fail to provide the information. The link will direct you to a site that looks just like the

official bank or credit card site, but is actually a fictitious site created to convince you to reveal your

personal information.

Pretext Calling
It is human nature to want to be helpful. Thieves exploit this tendency by calling and pretending to be a

legitimate organization that you do business with. They ask for seemingly inconsequential information,

like your date of birth. Then they use that information to learn more about you from other sources. It

doesn't take long for them to gather all of the information they need to steal and/or sell your identity.

Shoulder Surfing
This is the old fashioned way of stealing your identity. Thieves simply look over your shoulder as you

complete financial transactions to get your credit card number, account number, and perhaps even your

social security number.

Card Verification Value Code Requests

The Card Verification Value Code (CVV) is located on the back of your credit or debit card. It is a three or

four digit number that was created to reduce fraud. Merchants and banks ask you to provide the CVV to

prove that you have possession of the card before approving a transaction. Unfortunately, identity thieves

have found a way to use it too. You may receive a call from someone claiming to be from your bank,
saying that they are calling because there is a charge that they believe to be fraudulent. He or she asks you

to verify, for security purposes, CVV code on your card.

CYBERTERRORISM

Cyberterrorism is the use of the Internet to conduct violent acts that result in, or threaten, loss of life or
significant bodily harm, in order to achieve political or ideological gains through threat or intimidation. It
is also sometimes considered an act of Internet terrorism where terrorist activities, including acts of
deliberate, large-scale disruption of computer networks, especially of personal computers attached to the
Internet by means of tools such as computer viruses, computer worms, phishing, and other malicious
software and hardware methods and programming scripts. Cyberterrorism is a controversial term. Some
authors opt for a very narrow definition, relating to deployment by known terrorist organizations of
disruption attacks against information systems for the primary purpose of creating alarm, panic, or physical
disruption. 

Types of cyberterror capability

In 1999 the Center for the Study of Terrorism and Irregular Warfare at the Naval Postgraduate School in
Monterey, California defined three levels of cyberterror capability:

 Simple-Unstructured: the capability to conduct basic hacks against individual systems using tools
created by someone else. The organization possesses little target-analysis, command-and-control, or
learning capability.
 Advanced-Structured: the capability to conduct more sophisticated attacks against multiple
systems or networks and possibly, to modify or create basic hacking-tools. The organization possesses
an elementary target-analysis, command-and-control, and learning capability.
 Complex-Coordinated: the capability for a coordinated attack capable of causing mass-disruption
against integrated, heterogeneous defenses (including cryptography). Ability to create sophisticated
hacking tools. Highly capable target-analysis, command-and-control, and organization learning-
capability.

CROSS SITE SCRIPTING

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web

applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A
cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-
origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security
vulnerabilities documented by Symantec up until 2007.[1] In 2017, XSS was still considered a major threat
vector.[2] XSS effects vary in range from petty nuisance to significant security risk, depending on the
sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented
by the site's owner network.

Types

 Non-persistent (reflected)
 Persistent (or stored)
 Server-side versus DOM-based vulnerabilities
 Self-XSS
 Mutated XSS (mXSS)
Preventive measures

 Contextual output encoding/escaping of string input

 Safely validating untrusted HTML input
 Cookie security
 Disabling scripts
 Selectively disabling scripts
 Emerging defensive technologies
 SameSite cookie parameter

UNIT 2

Cyber Security Goals

The objective of Cybersecurity is to protect information from being stolen, compromised
or attacked. Cybersecurity can be measured by at least one of three goals-

1. Protect the confidentiality of data.

2. Preserve the integrity of data.
3. Promote the availability of data for authorized users.

These goals form the confidentiality, integrity, availability (CIA) triad, the basis of
all security programs. The CIA triad is a security model that is designed to guide
policies for information security within the premises of an organization or
company. This model is also referred to as the AIC (Availability, Integrity, and
Confidentiality) triad to avoid the confusion with the Central Intelligence
Agency. The elements of the triad are considered the three most crucial
components of security.

1. Confidentiality
Confidentiality is roughly equivalent to privacy and avoids the unauthorized
disclosure of information. It involves the protection of data, providing access for
those who are allowed to see it while disallowing others from learning anything
about its content. It prevents essential information from reaching the wrong
people while making sure that the right people can get it. Data encryption is a
good example to ensure confidentiality.
Tools for Confidentiality

2. Integrity
Integrity refers to the methods for ensuring that data is real, accurate and
safeguarded from unauthorized user modification. It is the property that
information has not be altered in an unauthorized way, and that source of the
information is genuine.
Tools for Integrity

3. Availability
Availability is the property in which information is accessible and modifiable in a
timely fashion by those authorized to do so. It is the guarantee of reliable and
constant access to our sensitive data by authorized people.

Tools for Availability

o Physical Protections
o Computational Redundancies

Physical Protections
Physical safeguard means to keep information available even in the event of
physical challenges. It ensure sensitive information and critical information
technology are housed in secure areas.

Computational redundancies
It is applied as fault tolerant against accidental faults. It protects computers and
storage devices that serve as fallbacks in the case of failures.
Cyber Security Policies
Security policies are a formal set of rules which is issued by an organization to
ensure that the user who are authorized to access company technology and
information assets comply with rules and guidelines related to the security of
information. It is a written document in the organization which is responsible
for how to protect the organizations from threats and how to handles them when
they will occur. A security policy also considered to be a "living document"
which means that the document is never finished, but it is continuously updated
as requirements of the technology and employee changes.

Need of Security policies-

1) It increases efficiency.
2) It upholds discipline and accountability
3) It can make or break a business deal
4) It helps to educate employees on security literacy

EVOLUTION OF CYBER SECURITY

The Start of Cybersecurity

In the early seventies, Robert (Bob) Thomas was a researcher for BBN
Technologies in Cambridge, Massachusetts.
Thomas realized that a computer program can move across a network leaving a
small trail wherever it went. So, he created the first computer “worm” which he
named Creeper. It could replicate itself over multiple computer systems.
Thomas designed it to travel between Tenex terminals (DEC PDD-10
computers) on the early ARPANET, with the message, “I’M THE CREEPER:
CATCH ME IF YOU CAN.”
Ray Tomlinson, the inventor of email was also working for BBN Technologies
at the time. He, in turn, created the first antivirus, Reaper, a program that could
replicate itself while moving through a network of computers and, it thus, found
copies of Creeper. The Reaper solution would simply log Creeper out of the
system.
After the creation of Creeper and Reaper, cybercrime in many forms became
more rampant as computer hardware and software continued to evolve.   
As software development and protection methods progress, hackers continue to
find vulnerabilities in them, and so, cybercrime has evolved in parallel.
 

Cybersecurity Today
Today, technology is no longer limited to just simple hardware and software.
Most modern organizations make use of the Internet of Things (IoT), data
analytics, blockchain and mobile computing. All these provide an easier and
more seamless way to conduct business every day.As technology continues to
improve workflow and business processes, cybercriminals are also improving
their methods of attack. Needless to say, businesses have proven to be their
main priority.
According to McAfee’s 2017 State of Cloud Adoption and Security report , 93% of
organizations utilize cloud services in some form [based on a survey of more
than 2,000 cloud security professionals]. Of these, 74% reported storing some or
all of their sensitive data in public clouds.
However, the report also indicates that 52% of security experts say that there is
a likelihood of getting a malware infection from a cloud app. In addition, 49%
of survey respondents said, they had slowed their adoption of cloud usage due
to a lack of cybersecurity skills.
The volume of data going through various networks all over the world continues
to increase and if not safeguarded could cost organizations tens of thousands to
millions of dollars.

CYBER SECURITY VS CYBER FORENSIC

Cyber Security is an umbrella which encompasses various verticals such as
Data Security, Application Security, OS Security, Hardware Security, Network
Security, Physical Security and Personnel Security. It is a defensive act. By
carrying out cyber security audits you can implement cyber security.

Where is Cyber Forensics is about analysis and investigation of digital crimes.

It involves Identification, Sezuire, Analysis, Preservation, Documentation and
Presentation (in the court of Law).

Cyber Forensics is always carried out after the incident has occurred while
cyber security is done to prevent such in incidents.