1 Introduction to

Cybercrime
Learning 0bjectives
After reading this chapter. you will able to:
overview of cybercrime scenario
Leam what cybercrime is and appreciate the Get an
in Indi as well as the overall global
importanae of cybercrime as the topic.
Understand the different types perspective.
of cybercrime. Understand the legal perspective on cyber-
Understand the difference between cybercrime
crime including the
Indian ITA 2000 and
and cyberfraud.
as the ITA
Learn about different ypes of cybercriminals its latest amendment known
and the motives behind them. 2008.

1.1 Introduction
statistics on Indian growth for
Almost everyone is aware of the phenomenal growth of the Internet (the
Internet and mobile usage are indicated through links provided in
Ref. # 26, Additional Useful Web References,
Internet has undeniably openeda new
Further Reading). Given the unrestricted number of free websites, the
way of exploitation known as cybercrime.
These activities involve the use of computers, the Internet, cyber
space (see Box 1.1) and the worldwide web (Www). Interestingly,
cybercrime is not a new phenomena; the
hrst recorded cybercrime took place in the year 1820. It is one
of the most talked about topics in the recent
to Appendix L.
in Australia, shows the cybercrime trend. Also refer
years. Figure 1.1, based on a 2008 survey
While the worldwide scenario on cybercrime looks bleak, the situation in
India is not any better. Indian

corporate and government sites have been

attacked or defaced more than 780 times between February 2000
and December 2002. There are also stories/news of other attacks; for example, according to a story posted
on 3 December 2009, a total of 3,286 Indian websites were hacked in 5 months - berween January and June

2009 (see Ref. #2, Articles and Research Papers, Further Reading).
Similar data for later years is presented in Tables 1.1-1.4; the data in those tables show statistics related
to various cybercrimes and cases registered under cybercrimes by motives and suspects in States and Union
Territories (UTs).

1.2 Cybercrime: Definition and Origins of the Word

With the backdrop of information in the previous section and the staistics presented in Tables 1.1 and
1.2. let us understand the origins of the term gybercrime. Reaching consensus on a deinition of computer
 dehnition that
is advocated is, "a crime conducted
in mk.
which computer was
a
:.1

rime is
difhault One
mauldl"This definition
is not universally accepted. It, however, initiatee
ther
didirectscussily oandm
"cybercrime: for example,
for "cyb
we can propose the follnu
defnition for
frhe dehinition
to
narTow
the scope of the
crime:
dehnivons of computer

where special knowledge

of compurer technology is ssential
essen
tor its
. Any illegal
act

invesigacion or prosecution.
a
perpeuration,
acquired a di
new of magnitude
2. Any tradiaional crime that
has
because of compurers.
through the aid of
and abuses that havecome into being
a computer,

Any financial dishonesty

that takes place in a computer environment.
3.
itselt, such as theft of hardware or sofrware, sabotage
sabotaoe and
4. Any threats to the computer demands for
ransom.

Here is yet another dehinition: "cybercrime (computer crime) iS any illegal behavior, dirnctod
Neans
eectronic openations, hat hargets the securiy J conmpuier 9ems ana tihe aata processed by them." Note thar
in a
wider sense, "computer-related crime" can be any ilegal behavior committed by means of, or in relationto,
a computer system or nerwork; however, this is not cybercrime.
treary law both reter to "cybercrime. The term cybercrime relates to a number of other term
that may someimes be used interchangeably to describe crimes committed using computers.
Compuer-rdd
crime, Computer crime, Internet crime, E-crime, High-tech crime, etc. are the other
pecihcally can be dehned in a number of ways; a few dehnitions are:
terms. synonymous Cybercime
. A crime commited
using a computer and the Internet tosteal a person's identity (idenity theft) or
sell contraband or stalk victims or
disrupt operations with malevolent programs. Refer to Chapter
 witha computer.
Cims ompletedenher
on or

the Internet o r on the uter.

acrivioy done through
Anv illegal
done using the the Intere
medium of computers, the
Internet,
cimunal activities
Al oerspace and the
activiry which uses W
cybercrime is any criminal lW
intomation security glossary
According to one

a c c e s to commit
a
criminal act. OPporrunities for oitation ddue to
exploitation
the
weaknesses
newr
of Internet connerr
because of the exponentia growth
(see Ref. #26, infAddiormtaulo
arr multiplying
securiry be internal or external
Further Reading). Cybercrime may
Usehul Web References,
to perpetratre. The term "cybercrime"
has evolved over the past few years since the or
bal scale with hundreds of millions of users. ybercrime refers toadoption
theo f of1Intcme
emet ca
communications vehicle (the term "cybersnae
criminal aca using cyberspace as the is
Some people argue thar a cybercrime is not a crime as it i5 a Crime against sofrware a
pace" explained ierformin,
sofrware and not Box I.
or propery However, while he legal systems around the
world scramble introduce
lawe againt
to

criminals (refer to Section 1.5), rwo of attack

ypes are prevalent:
1. Techno-crime: A premeditated act against a system or systems, with the intent to c o n .
vent acces, comupt or otherwise
or damage parts of or the complete nputer
deface comn
24 x 7 connection to the Internet makes this eype of cybercrime a real
to
system. The
possibility
anywhere in che world, leaving few, if any, "hnger prints." cng
 of websites and/ar a
These acts of "brainless
detacement
other activitie such
2Techno-vandalism:

their contents
publidy,
are usually opportuni
istic in ature,
nature. T
files and publiazing
majority of Tigh
a copving technical sateguards, should prevent the vast
Vacr

allied to strong
inrerna securiry, such
inadents
"computer and fraud". hoL
rwo rerms computer crime
There is a very thin line berween the
(harmful acts committed
from or against a compurer r punishable
nerwork
Tables 1.1-14). Cybercrimes differ
trom most terrestrial cnms in four ways: (a) now to commit hem is easier to learn, (b) r h . require
) differ
few

be committed in a jurisdiction
the porential damage they can
caused, (c) tion without bein
resources relztive to
are often not clearly illegal.
physicaly present in it and (d) they artached and is notorious "terrorism" or
due to the word
The rem cbercrime has some stigma
of the term inCyberterrorism is des..oist
box1.).
atached with it, that is. cybererrorism (ser explanacion as
"any
with terrorist intent, utilizes acceses or aias in accessinga computer.
peson, group organizzarion who,
or
electronic sssem or elecronic devvce by any
availabie means, ana DeretOy Rnowingy engages in or ate
neruork or
empts
commits the offence of eyberterrorim. ydercrime, especially through the Interner
o engage in a terroriss a t
has become central to commerce, entertainment and govermmen.
grown in number as the use of computer
The rerm cyber has some interesting synonyms: take, replicated, pretend, imitation, virtual, comniuto
generated. Cyber means combining forms relating to Information lechnology the Internet and Virtual Realiny
This term owes its origin to the word "cybernetics which dealswith information and its use; furthermore
cyberneric is the science that overlaps the helds of neurophysiology, intormation theory, computing
machinery and automation. However, beyond this, there does not seem to beany further connection to the
term cybernetics per other sources searched.
as According to Wikipedia, cybernetics is the interdisci-
plinary study of the structure of regulatory systems.
1.3 Cybercrime and Information Security
9.
Lack of intormation cybercrimes. This subject is explained in greater detail in Chapter
security gives rise to

Let us refer to the amended Indian Information Technology Act (ITA) 2000 in the context of cybercrime.
tocus
From an Indian perspective, the new version of the Act (referred to as /7A 2008) provides a new on

protecting information, equipment, devices, com-

Information Security in India." "Cybersecurity means

resource, communication device and information stored therein from unauthorized access,
puter, computer
use, disclosure, disruption, modification or destruction. The term incorporates both the physical security ot
devices well as the information stored therein. It covers prorection from unauthorized access, use, disclosure,
as
see Ref. #2, Books,
disruption, modification and destruction. (For a thorough discussion about these aspects,
Further Reading.
Where financial losses to the organization due to insider crimes are concerned (eg. leaking customer data),
often some dificulty is faced in estimating the losses because the hnancial impacts may not be detected by the
victimized organization and no direct costs may be associated with the data theft. The 2008 CSI Survey on
computer crime and security supports this. Cybercrimes occupy an important space in information security
domain because of their impact. For anyone trying to compile data on business impact of cybercrime, there
are number of challenges. One of them comes from the fact that do not explicitly
organizations incorpo-
rate the cost of the vast majority of computer security incidents into their accounting as opposed to, say,
accounting for the "shrinkage"of goodsfrom retail The other challenge comesfrom
stores. the dithcuy
artaching quantihable
a monctary value to the corporaic daa and stolen/s
yet coporatc data get

notalbiy through
los/thct oflaptops. sec th survev conductcd by P'onenon nsitute in Ret. #19,
Nddittona"
setul Web Reterenoes. FurtherRcading). Because of these reasons,reporting of financíal lossesoften remains
PPONIn1arc. In arn attempt to avoid negative publicin, most organizations abstain rom revcalng lacts and
hgures abour security incidents" including cybenrime.
In general.
organizations perccption about "insider
seems to be difterent than
attacks that madc our by security solution vendor. HowevCr, t h s Percc
i7aton
tends
docs seem
not
be low in most
to be true as revealed by
the 20o08 CSI Survey.
Awarcness about "data privacy
too
to
organizations.
1.4 Who are Cybercriminals?
Cybercrime involves such activities child pornography: credit card fraud; cyberstalkings defaming anode
as

onlines gaining unauthorized access computer systems; ignoring copyright, sofrware licensing and un
to

mark protection; overriding encryption make illegal copies; software piracy and stealing anothers idenin
to
discussion
theft) to pertorm criminal acts (see detailed on identity theft inChaprer i
(known as identity
Cybereriminals are those who conduct such They can be categorized into three groups that retea d
acts.
motivation (see Ref. # 2, Books, Further Reading):

Type I: Cybercriminals hungry for recognition

-

Hobby hackers;
IT professionals (social engineering is one of the biggest threat);
politically motivated hackers;
terrorist organizations.
2. Type II: Cybercriminals not interested in recognition
-

.Psychological perverts;
.financially motivated hackers (corporate espionage);
 State-sponsored hacking (national cspionayge, sabotagc);
organized criminals.
3. Type Ill: Cybercriminals - the insiders
Disgruntled or former cmplovecs secking revcnge;
and/or thef.
onpcting companics using cniployces to gain cconomic advantage through damage
desire
Lhus. the typical "motives" behind vbenerinme seem to be grecd, desire to gain power and/or publicity,
forbidden infornmation, destructive mindset and
"EC a Sense of adventure. looking for thrill to access
role
desire o sell nenwork seuriy services. This is explaincd in Chaprer 10. Cybercales are known to play
in committing gbercrimes.
1.5 Classifications of Cybercrimes
1able 1.6 presents a scheme for cybercrime classification (broad and narrow classihcatio B com-
forbidden, the omission of u 1uiy har to
as "an act or the commission ofan act that is
or
e is defined punishment by that law" (Webster
Dictionary).

lauw and that makes the offender liable to

aaea by public
a

Cybercrimes are classified as follows:

1. Cybercrime against individual this chapter
Refer to Section 1.5.1 of
other online frauds:
lectronic mail (E-Mail) Spoofing and
and Chapter 4 for more details.
(Section 3.8.4) and Smishing
and its various other forms such as Vishing
Phishing Spear Phishing and Spear Phishing.
discussion about Phishing
Section 3.8.5): Refer to Chapter 5 for

Spamming: It is explained in Section 1.5.2.

in Section 1.5.3.
Cyberdefamation: It is explained later
2.
Cyberstalking and harassment: It is explained Chapter
in
later in Section 1.5.15.
Computer sabotage: It is explained
Section 1.5.13.
Pornographic offenses: It is explained in of cybercrimes against organization
because the
Password snitfing: This also belongs to the category
work he/she is doing using
use of password could be by an
individual for his/her personal work or the
an organization. It is explained
in Section 1.5.19 (also see Table 1.5).
a computer that belongs to

broad and narrow

Table 1.6 Classifying cybercrimes

Cybercrime in Narrow Sense Cybercrime in Broad Sense

Role of Computer as an object Computer as a tool Computer as the environment or

The computer/or context
computer The computer/information
stored on the computer is the intormation stored on The computer/information stored on
subjec/target of the crime the computer constitutes the computer plays a non-substantial
an important tool for role in the act of crime, but does
committing the crime contain evidence of the crime
Examples Hacking., computer sabotage, Compurer fraud, forgery Murder using computer techniques,
DDoS-attacks (distributed distribution of child bank robbery and drugs trade
denial-of-service attacks). pornography
virtual child pornography
18 Cyber Security: Understanding Cyber Crimes, Computer Forensics nd Legal Perspoctive

2.
Cybercrime against property
Crmdit card frauds: Refer o Chapter 5 for Phishing and Spear Phishing and Cha0e, ts
Section 11.4 (in CD).
Intelloctal popery (1P) crimo: Basically. IP' crimes includc sofrware piracy, copyrighr intri
ment. trademarks violations, theft of compuer source code, cte. (reter to Chapters 9 and rinp
l
Internet time thefi: It is explaincd in Scction 1.5.4 as well as in Chapter 1I (Mini
Section 11.3.4).
3. Cybercrime against organization
Unaut/orized acroong of computer: Hacking is one method of doing this and hacking is a punishatl,
offense (see point 2 in Box 1.7).
Passwordsnifing It is explained in Section 1.5.19 (also see Table 1.5).
Denial-ofserice attacks (known as DoS attacks): It is explained more in detail in Chaptcr4
Virus attackldissemination of viruses: Refer to Chapter 4 for detailed discussion on this.
E-Mail bombing/mail bombs: lt is explained in Section 1.5.16.
Salami artack/Salami techmique: It is explained in Section 1.5.5.
Logic bomb: It is explained in Section 1.5.15 (Computer Sabotage).
Trojan Horse: It is explained more in detail in Chapter 4.
Data diddling: It is explained in Section 1.5.6. Refer to Section 11.2.6, Chapter 11.
Crimes
emanating from Usenet newgroup: It is explained in Section 1.5.9
Industrial spying/industrial espionage: It is explained in Section 1.5.10.
Computer nerwork intrusions: It is explained in Section 1.5.18.
Software piracy- It is explained in Section 1.5.14. Also refer to Section 9.2.2, Chapter 9.
Cybercrime against Society
Forgery: It is explained in Section 1.5.7 (see Table 1.6 and Box 1.6).
Cyberterrorism: Refer to Box 1.1 and Box 1.7, and Section 1.2 for detailed discussion on th
Web jacking: It is explained in Section 1.5.8.
5. Crimes emanating from Usenet newsgroup: By its very nature, Usener
groups may carry very offensive,
harmhul, inaccurate or otherwise inappropriate material, or in some cases,
labeled or are deceptive in another way. Theretore, it is postings that have been mis-
expected that will use caution and
you common
sense and exercise proper
judgment when using Usenet, 25 well as use the service at your own risk.
Let us take a brief look at some of the cybercrime forms mentioned above.

1.5.1 E-Mail Spoofing

A spoofed E-Mail is one that appears to originate from one source but
source. For example, let us
actually has been sent from another
say, Roopa has an E-Mail address
Suresh and she happen to have a show down. Then Suresh, [email protected] Let us say her boytriend
sends obscene/vulgar messages to all her having become her enemy, spoofs her E-Mail and
acquaintances. Since the E-Mails appear to have originated trom
Roopa, her friends could take offense and relationships could be
spoiled for life. See Box 2.7 in Chapter 2.
1.5.2 Spamming
People who create electronic Spam are called spammers. Spam is the abuse
of electronic messaging
(including most broadcast media, digital delivery systems) to send unsolicited system
nately. Although the most widely recognized form of Spam is E-Mail bulk messages indiscrimi
abuses in other media: instant Spam, the
messaging Spam, Usenet newsgroup Spam, web search
term is applied to similar
blogs, wiki Spam, online classified ads Spam, mobile phone engine Spam, Spam in
rransmissions, social nerworking Spam, hle sharing network messaging Spam, Internet forum Spam, junk tax
Spam, video sharing sites, etc.
 Introduction to Cybercrime 19

Snanaming is difhcult to control becausc it has cconomic

viability- advertiscrs have no operating
hevond the management of their mailing lists, and it is dilhcult to hold sencders accountable for
costs

mailines, Spammers are numerous: the volume of unsolicited mail has become very high because their mass

the harrier
taentry is low. The costs, such as lost productivity and traud, are borne by the public and
Amviders (ISPS), who are forced to add extra cajpacity to cope with the deluge. by Internet secrvice
d has been the subject of legislation in many jurisdictions for cxample, theSpamuming
pr is widely detested,
CAN-SPAM Act of 2003.
Another definition of spamming is in the context ot scarch cngine
spamming." In this context.
shamming is alteration or creation of a document With the intent to deceive an clectronic cataloe or a
flino
ng
srent. Some web authors use "subversive techniques to ensure that their site more appcars
hicher number in returned search results - this is strongly discouraged by search engines and there are fines/ frequently or

nenalties associated with the use of such subversive techniques. Those who continually attempt to subvertor
Snam the search engines may be permanently excluded from the search index. Thercfore, the followine web
be avoided:
publishing techniques should
1. Repeating keywords:
2. use of keywords that do not relate to the content on the site;
3. use of fast meta refresh:
4. redirection;
5. IP Cloaking;
6. use of colored text on the same color background;
7. tiny text usage:
8. duplication of pages with diterent URILs;
9. hidden links;
10. use of different pages that bridge to the same URIL (gateway pages).

Further discussion on each of the above is beyond the scope of this chapter which is meant to be only an
overview of cybercrimes.

1.5.3 Cyberdefamation

Cyberdefamation is a cognizable offense.

Let us first understand what the term entails. CHAPTER XXI of the Indian Penal Code (IPC) is about
DEFAMATION. In Section 499 of CHAPTER XXI of IPC, regarding "defamation" there is a mention thatr

makes
"Whoever.by words either spoken or intended to be read, or by signs or by visible representations,
or publishes any impusation concerning any person intending to harm. or knowing or having reason to
believe ihat such imputation will harm, the reputation ofsuch person, is said, except in the cases hereinafier
expected, to defamethat person."
Cyberdefamation happens when the above takes place in an electronic form. In other words, "cyberdefa-
mation' occurs when defamation takes place with the help of computers and/or the Internet, for example,
Someone publishes defamatory matter about someone on a website or sends an E-Mail containing detama-
tory information to all friends of that person. According to the IPC Section 499:
1. It may amount to defamation to impute anything to a deceased person, if the imputation would

arm the reputation of that

person if living, and is intended to be hurtful to the feelings of his family
or other near relatives.
 Introduction to Cybercrime 21

2. Ttmay amount to detamation to make an imputation concerning a company or an association or

collection ot persons as such.
3. An
imputation in the form of an alternative or cxpressed isonically, may amount to defamation
No
imputation is said to harm a person's recputation unless that imputation directly or indirectly,
in the cstimation of others. lowers the moral or intellectual character of that
character of that person in person, or lowers the
respect of his caste or of his calling, or lowers the credit of that
it
person,
or causes to be belicved that the body of that
person is in a loathsomc state or in a state generally
considered as disgraceful.
Libel is wTitten detamation and slander is oral defamation. When
has taken place. the determining whether or not defamation
only
issue to consider is whether a person of ordinary
intelligence in society would
believe that the words would indeed
injure the person's eputation. Even if there is no (apparent) damage to
a
person's reputation, the person who made the allegations may still be held
The law on detamation responsible for defamation.
attempts to create a workable balance berween two equally
In a important
human
ights The right to an unimpaired reputation and the right to freedom of expression. cybersociety, both
these interests are
increasinglyimportant. Protection of
reputation arguably even more important in
is a
highly technological society, because one may not even encounter an individual or organization other than
through the medium of the Internet. Some courts have held that the plaintiff must also have to show that the
defamatory statements were unlawful and that it must not be for the defendant to justify his conduct
ing that the statements were in accordance with law. Indias first case of by show
assumed jurisdiction over a matter where a cyberdefamation, at the Delhi Court,

corporate reputation was being defamed

passed an important ex-parte injunction. Further details on this case can be read at the through
E-Mails and
link
net/cyberindia/defamation.htm (14 December 2009). Readers can also refer to the link http://cyberlaws.
http://en.wikipedia.
org/wiki/Cyber_defamation_law (14 December 2009) for understanding cyberdefamation law.
1.5.4 Internet Time Theft
Such a theft occurs when an unauthorized person uses the Internet hours
paid for by another person. Basically,
Internet time theft comes under hacking because the who to someone else's ISP user ID and
person gets access
password, either by hacking or by gaining access to it by illegal means, uses it to access the Internet without the
other person's knowledge. However, one can identify time theft if the Internet time has to be
even when one's own use of the Internet is not
recharged often,
frequent. The issue of Internet time theft is related to the crimes
conducted through "identity theft." In Chapter 11, there is a case described about theft
of Internet
time.

1.5.5 Salami Attack/Salami Technique

These attacks areused for committing financial crimes. The idea here is to make the alteration so
that in a single case it would go completely unnoticed; for
insignihcant
example a bank employee inserts a program, into the
banks servers, that deducts a small amount of money (say 2/-or a few cents in a month) from the account of
every customer. No account holder will probably notice this unauthorized debit, but the bank employee will
make a sizable amount every month. In Chapter 11, there are a number
of examples, illustrations provided
about use of Salami Technique in real life. Refer to Section 11.2 Real-Life Examples (Section 11.2.13
Example
13: Small Shavings" for Big Gains! and Section 11.2.20 Example 20: The Petrol Pump Fraud).

1.5.6 Data Diddling

A data diddling attack involves altering
data just betore it is processed by a computer and then
raw
chang-
ing it back afier the procesing is completed. Electriciry Boards in India have ben victims to data diddling
 Forensics and L
22 Cyber Security: Understanding Cyber Crimes, Computer
there are a umber of data
num
I 1,
In Chapter
their systems.
programs inserted when private parties computerize
6: Doodle me Didale
diddling examples (refer to Section 11.2.6 Example

1.5.7 Forgery be forged

using sophisticate
the sale of fake
can
etc.
marksheets,
soliciting
revenue stamps,
currency notes, postage and
m i s c r e a n t s

Counterfeit there are scanners and print

scanners. Outside many
colleges and high quality
computers, printers and given to student gangs in
stud
These are made using compu
a m o u n t

marksheets or even degree certificates.

monetary

ess involving
large
ers. In fact, this is becoming a booming busi
certihcates.
authentic looking
exchange tor these bogus but
the p a s s w o r d .and later
1.5.8 Web Jacking website (by cracking of
o the website
takes
control ofa actual
The
owner

forcefully sniffing.
jacking occurs when s "password
someone
Web crime
involves
this
changing it). Thus, the first stage of what appears
website.
on
that
control o v e r
does have any more
Usenet Newsgrouup
not
from
Emanating excessive
Spam/Crimes taken to mean
usually
1.5.9 Newsgroup Spam
was
The word has made Usenet mare

form of spamming. Usenet archive,

this is one
and its large E-Mail Spam. The f r
As explained earlier, Groups,
The advent of Google actually predates
(EMP). n o t the m o s t famous
newsgroups
multiple posting of Usener Soon (though
than ever. Spamming is Coming
All: Jesus lt was a fun
titled Global Alertfor
attractive to spammers Andrews Universiry.
at
Usenet Spam IV, a sysadmin
widely recognized 1994 by
Clarence L.
Thomas
to a climax.
The newsgroup posting
on 18 January history is coming
was posted world's
that "this to various newsgroups,
religious tract claiming thousands of messages
damentalist tens of
in early 1994, posting Genocide.
also appeared the Armenian
Bor Serdar Argic screed relating to
identical copies of a political
consisting of

Spying/Industrial Espionage
1.5.10 Industrial on the enemy. The Internet
Corporations, like governments, often spy
for espionage. "Spies" can get
infor-
Spying is not limited
to governments.
new and better opportunities

and privately nerworked systems provide an activity known as

and marketing strategies,
about product fhnances, research and development is not new; in fact it is
mation
However. cyberspies rarely
leave behind a trail. Industrial spying
"industrial spyving." Internet to achieve this is probably
as old as the Internet itself
industries themselves. The use of the
as old as hundreds of highly skilled hackers, contracted
this has been the reserved hunting held of a few
Traditionally, the means of escrow organizations (it is said that they
or certain governments via
byhigh-profile companies on the "assignment).
get several hundreds of thousands of dollars, depending material (for Trojans and Spyware discus-
With the growing public availabiliry of Trojans and Spyware
Further Reading), even low-skilled
sion, refer to Chapter 4 in the book and Chapter 3 of Ref. #1, Books,
individuals are now inclined to generate high volume profit out of industrial spying. This is referred to
a Targeted Atacks" (which includes "Spear Phishing"). This aspect of Industrial Spying is the one to be
addressed in the hght against cybercrime.
Organizations subject to online extortrion tend to keep quiet abour it to avoid negative publicity about
them. Not surprisingly. this also applies very well to organizations that are victim of focused attacks
aiming at stealing corporate data, Intellectual Properry or whatever else that may yield a competitive
advantage tor a rival company.
 Introduction to
-
Cybercrime 23
One interesting case is the
famous Israeli Trojan
story, whcre a software cngineer in London created
a Trojan Horse program specifically
designed to cxtract critical data
his program. He had made a business out of gathered from machines infected by
which would use it for industrial
selling his Trojan Horse program to
companies in Israel,
spying by planting it into compctitors' nctworks. The methods used to
inoculate the Trojan Horse were varied and
sometimes quite inventive, from simple E-Mail traps
to the
mailing of promotional CDs infectcd with the evil program! Moreranging about 'Trojan Horse is addressed
in Chapter 2.
There are also the E-Mail worms
automating similar "data exfiltration fcatures." For example, the main
characteristic of mass mailing worm deemed
for all files with the W32.Myfip.Ais to scan the hard drive of infected machines
following extensions: pdf, .doc, .dwg, .sch, .pcb, .dwt, .dwf, .max, .mdb. Such files are
uploaded on an FTP server owned by the cybercrooks, with the aim of stealing as much IP as
ever it can be and then possible wher
selling it to people who are ready to pay for it. There are two distinct business models
for cybercrime applied to industrial
spying: Selling Trojan-ware and Selling Stolen Intellectual Property
1.5.11 Hacking
Although the purposes of hacking are many, the main ones are as follows:
1.
Greed
2. power
publicity:
revenge
adventure;
6. desire to access forbidden information;
7. destructive mindset.
Every act committed toward breaking into a computer and/or nerwork is hacking and it is an offense.
Hackers write or use
ready-made computer programs to attack the target computer. They possess the desire
to destruct and they
get enjoyment out of such destruction. Some hackers hack for
gains, such personal monetary
stealing credit card information, transterring money from various bank accounts
as
to their own
account followed by withdrawal of
money. They extort money from some corporate
publish the stolen information that is critical in nature. Government websites are hotgiant threatening him to
on hackers'
and attacks on Government websites receive wide target lists
press coverage. For example, according to the
on December 2009, the NASA site
was hacked via
story posted
SQL Injection (see Ref. #22, Additional Useful Web
References, Further Reading). SQL Injection is covered more in detail in
websites hacked are shown in Figs. Chapter 4. Examples of prominent
1.6-1.10.
Hackers, crackers and phrackers are some of the oft-heard terms. The
hack" meaning an elegant, witty or original meaning of the word
inspired way of doing almost anything originated at MIT. The
has now changed to become something associated with the meaning
puter or
breaking into or
telecommunications system. Some people claim that those who break harming of any kind of com-
ideally be called "crackers" and those targeting phones should be known as into computer systems should
17.3 of Ref. #3, Books, Further
Reading). "phreaks" (see Chapter 17, Box
1.5.12 Online Frauds
Refer to Chapter 11, Section 11.7: Online Scams.
There
are few
Spoofing website and E-Mail security alerts, hoax mailsmajor
a
of hacking: types of crinmes under the category
lottery frauds and Spoofing. In Spoofing websites and E-Mail about virus threats (refer to Chapter 4),
security threats., fraudsters create authentic
looking websites that are actually nothing but a spoof (see Chapter 5 for details of Spoofing). The purpose
of these websites is to make the user enter personal information which is then used to access business and
bank accounts. Fraudsters are increasingly turning to E-Mail to generate traffhc to these websites. This kind
ofonline fraud is common in banking and financial sector. Refer to Chapter 11, Section 11.4. There is a rise
in the number of financial institutions customers who receive such E-Mails which usually contain a link to
a spoof website and mislead users to enter user ids and passwords on the pretence that security details can be
updated or passwords changed. It is wise to be alert and careful about E-Mails containing an embedded link,
with a request for you to enter secret details. It is strongly recommended not to input any sensitive informa-
tion that might help criminals to gain access to sensitive information, such as bank account details, even it
the page appears legitimate.
In virus hoax E-Mails, the warnings may be genuine, so there is always a dilemma whether to take them
lightly or seriously. A wise action is to first confirm by visiting an antivirus site such as McAfee, Sophos or
Symantec before taking any action, such as forwarding them to friends and colleagues.
1.5.13 Pornographic Offenses
Child pornography" mcans any visual depiction, including but not limited to thefollowing
1. Any photograph that can be considered obscene and/or unsuitable for the age of child viewer
2. film, video, picture:
3. computer-generated image or picture of sexually cxplicit conduct where the production of such
visual depiction involves the use of a minor engaging in sexually explicit conduct.
Child pornography is considered an offense. Unfortunately, child pornography is a reality of the Internet.
The Internet is being highly used by its abusers to reach and abuse children sexually, worldwide. In India too,
the Internet has become a household commodity in the urban areas of the nation. Its explosion has made the
children a viable victim to the cybercrime. As the broad-band connections get into the reach of more and
more homes, larger child population will be using the Internet and therefore greater would be the chances
of falling victim to the aggression of pedophiles. "Pedophiles" are people who physically or psychologically
coerce minors to engage in sexual activities, which the minors would not consciously consent to. Here is how
pedophiles operate:
Step 1: Pedophiles use a false identiry to trap the children/teenagers (using "false identity" which in itself is
another crime called "identity theft"). ID Theft is addressed in Chapter 5.
Step 2: They seek children/teens in the kids' areas on the services, such as the Teens BB, Games BB or char
areas where the children gather.
Step 3: They befriend children/teens.
Step 4: They extract personal informacion from the child/teen by winning his/her confidence.
Step 5: Pedophiles get E-Mail address of the child/teen and start making contacts on the victims E-Mail
address as well. Sometimes, these E-Mails contain sexually explicit language.
Step 6: They start sending pornographic images/ text to the victim including child pornographic images
in order to help child/teen shed his/her inhibitions so that a feeling is created in the mind of the
victim that what is being fed to him is normal and that everybody does it.
Step 7: At the end of it, the pedophiles set up a meeting with the child/teen out of the house and then drag
him/her into the net to further sexually assault him/her or to use him/her as a sex object.
This is the irony of the "digital world"; in physical world, parents know the face of dangers and they know
how to avoid and face the problems by following simple rules and accordinglv they advice their children to
keep away from dangerous things and ways. However, it is possible, even in the modern times most parents
may nor know the basics of the Internet and the associated (hidden) dancers from the services offered over
 in the cyberworlkd. Pedophiles talke al.
Internet.
thethis Hence children may remain unprotected
of situation and most
lure the children, who are not advised by their parchts or by their teacheIs abouwhar
extenu; for examl.
Legal remedies exist only
to some
is right/wrong for them while browsing the Internet.
COPPA is a way of preventing onne pornograhy. Inteteuel
Children's Online Privacy Protection Act or that Net Nanny and Cybetsitte
referred COPPA sites. Readers would like to note
readers are to
their childrens unrestricted acccss to
concerned about the
are sofrware. originally designed for parents
websites containing "danuero
be used to block a user's
access to
scamier side of the Internet, which can

or "offensive" material.

1.5.14 Software Piracy

refer 38 and other relevant pagcs
Chapter af
indeed. (Readers may like to to
This is big challenge
a area
defines "software piracy" as thefi
investigation cell of India
of
Ref. #3, Books, Further Reading.) Cybercrime
or the counterfeiting
and distribution ofproducts intended
software through illegal
the copying ofgenuine programs
triends loaning disks
of software piracy: cnd-user copying
-

There are many examples

to pas for the original installations they have madc, or
under-reporting che number of sofrware
to cach other, or organizations with illicit means hard disk vendors
software licenses; hard disk loading
-

not tracking their

organizations distribution of illegally copied sofrware;
sofrware: counterfeitring large-scale
-
duplication and
load pirated numbers, etc. Beware that those who
the Internet by intrusion, by cracking serial
illegal downloads from
-

untested software that may have

been copied thousands of
software have a lot to lose: (a) getting
buy pirated hard-drive-infecting viruses, (c) there is no
potentially contain
times over, (b) the software, if pirated, may
technical product support available to prop-
software failure, that is, lack of
technical support in the case of
there is no legal right to use the product,
etc.

licensed (d) there is no warranty protection, (e) and

erly to the Fourth Annual BSA
users,
is (see Fig. 1.11). According
Economic impact of software piracy grave
installed in 2006 on personal
Study, in Asia Pacific 55% of the sofrware
IDC Global Sofrware Piracy amounted to USS 11.6
while software losses due to software piracy
computers (PCs)
was obtained illegally, software that runs on persona
Study mentioned covers all packaged
billion. The Global Sofrware Piracy includes operating systems, systems
laptops and ultraportables. The study
computers, including desktops, and c o n s u m e r applications
such as
business applications
sofrware such as databases and security packages, 9.
finance and reference software. Refer to Section 9.2.2, Chapter
PC games, personal of software such as those which
run on
2006 did not include other types
The BSA/IDC study of year the sofrware installed
service. It is shocking to know that 35% of
or software sold as a
servers or mainframes in global losses due
to
to nearly $40 billion
in 2006 on PCs worldwide
was obtained illegally, amounting where the
markets, most notably in China,
seen in a number of emerging
sofrware piracy. Progress
was
and in Russia, where piracy fell seven percentage point6
dropped 10 percentage points in 3 years,
piracy rate

1.12 shows the regional scenario on piracy

rate.
over 3 years. Figure

1.5.15 Computer Sabotage

Section 1.2, Sectiou
has been mentioned many times in this chapter (Table 1.5,
The term "sabotage functioning ot
The use of the Internet to hinder the normal
1.4 Type II criminals, Table 1.6). viruses (refer 4) or logic bombs,
Chapter
the introduction of worms, to
computer system through to
p
It can be used to gain economic advantage over a competitor,
referred to as compurer sabotage. mbs

mote the illegal activities

of cerrorists or to steal data or programs for extortion purposes. LogiC Do
as a trigB
are event-dependent programs
created to do something only when a certain event (known
termed as logic bombs because they lie dormant all througn
event) occurs. Some viruses may be
30 Cyber Security: Understanding Cyber Crimes, Computer Forensics and Legal Porsne
Perspetives
year and become active only on a particular date (c.g. the Chernobyl virus and Y2K virtse.lu
let us understand the term "mail bombs." .Ne
1.5.16 E-Mail Bombing/Mail Bombs
E-Mail bombing refers to sending a large number of E-Mails to the victim to crash victims E.Mail.
(in the case of an individual) or to make victims mail servers crash (in the case of a company of an
service provider). Compurer program an be written to instruct a computer to do such tasks on a t
basis. In recent times, rerrorism has hit the Internet in the form of mail bombings. By instructing ac
to repeatedly send E-Mail to a specified person's E-Mail address,the cybercriminal can overwhelm thereruter
ent's personal account and potentially shut dowm entire systems. This may or may not be illegal, bu
certainly disruptive. Refer to Box 1.2, Tables 1.5 and 1.6 and Chapter 4 for DoS attacks.

1.5.17 Usenet Newsgroup as the Source of Cybercrimes

Usenet i popular means of sharing and distributing information on the Web with respea to specihc topi
or subjects. Usenet is a mechanism that allows
sharing intormation in a many-to-many manner. The newy
groups are spread across 30.000 ditferent topics. In principle, it is possible to prevent the distribution of
specifc newsgroup. In realiny, however, there is no technial method available for controlling the contents o
any newsgroup. It is merely subject to self-regulation and net etiquette. It is feasible to block specihc new
groups, however, this cannot be considered as a dehnitive solution to illegal or harmful content. It is posible
to put Usenet to following criminal use:
1. Distribution/sale of pornographic material;
2. distribution/sale of pirated software packages;
3. distribution of hacking sofrware;
4. sale of stolen credit card numbers. Refer to Chapter 11, Section 11.4.2, Illustration 5:
5. sale of stolen data/stolen propery.

1.5.18 Computer Network Intrusions

Computer Networks pose a problem by way of security threat because people can get into them from anywhere
The popular movie "War Games" illustrated an extreme but useful example of this. "Crackers" who are oten
misnamed "Hackers"" can break into computer systems from
anywhere in the world and steal data. plant
viruses, create backdoors, insert Trojan Horses or change user names and
passwords. Nerwork intrusions are
gal, but detection and enforcement are dificult. Current laws are limited and many intrusions go undetecredu
The cracker can bypass existing password protection
by creating a program to capture logon Ds
passwords. The practice of "strong password" is therefore important (password strength is explained2ndi
Chapter 4). Importance of passwords and password rules is
explained in Chapter 11 (Nerwork Secuny
inPerspective) in Ref. #3, Books, Further
Reading. Ref. #3, Books, Chapter 35 (Auditing for
In
explains about password cracking tools in the context of vulnerability scanning and penetration Secuny
Refer to Ref. #3, Books, Chapter 17 (Security of tsting
Wireless Nerworks and Box 17.3 in particular) for cracie
and hackers and Chapter 14 (Intrusion Detection for
Securing Nerworks) for Trojans.
1.5.19 Password Sniffing
Password Sniffers are
programs that monitor and record the
name and password of nerwork users 25
login, jeopardizing securitry at a site. Whoever installs the
Sniffer can then impersonate an
authorizeu
 Introduction to Cybercrime 31
31
and login to accessrestricted documents. Laws are not
impersonating another person online. Laws
yet set
adcquately prosecute person
up to a tor
designed
effective in apprehending crackers using Sniffer
to prevent unauthorized access to
information may be
programs. "Password cracking" and "password sniffing" are
Cxplained in Chapter 4.

1.5.20 Credit Card Frauds

Information security requirements for
anyone handling credit cards have been increased dramatically recentdy.
Millions of dollars may be lost annually by consumers who have
credit card and calling card numbers stolen
from online databases. Security measures are
to be sufficient for
improving, and traditional methods of law enforcement seem
prosecuting the thieves of such information. Bulletin boards and other online services
are
frequent targets for hackers who want to access large databases of credit card information. Such attacks
usually result in the
implementation of stronger security systems. For more on credit card frauds see Chapter
3, Section 3.4 (Credit Card Frauds in Mobile and Wireless Computing Era) in Ref. # Books, Further
1,
Reading. Security of cardholder data has become one of the biggest issues facing the payment card industry.
Payment Card Industry Data Security Standard (PCI-DSS) is a set of regulations developed jointly by the
leading card schemes to prevent cardholder data theft and to help combat credit card fraud. We urge readers
tovisit the PCI-DSS-related URLs.Refer to Chapter 11, Section 11.4.2.

1.5.21 Identity Theft

Identity theft is a fraud involving another person's identity for an illicit purpose. This occurs when a criminal
uses someone clse's identicy for his/her own illegal purposes. Phishing and identicy theft are related offenses
(the topic is addressed in Chapter 5). Examples include fraudulently obtaining credit, stealing money from
the victim's bank accounts, using the victimis credit card number (recall the discussion in the section
previous
 with urility companies, renting apartmcnt or evcn filing
an
abour credit card frauds), establishing accounts
stcal unlimitcd funds in the victim's name
bankruptcy using the victims name. The cyberimpcrsonator can
sometimes cven for ycars:
without the victim even knowing abour it for mon1hs,
well-known cybcrcrimes. In most cybercrime
Thus far, we have provided an overvicw of various rypes of
as one or a combination of the
forms. computers and/or other digital devices end up getting used
following:
I. As the tool for committingcybercrime:
. crime involving attack against the compurer:
3. use for
storing information related to cybercrime/information useful
for committing cybercrime.
 REVIEW QUESTIONS
. What is cybercrime? How do you define it? 6. Write a short note on "Indian Legal Perspectin
2. How do we classify cybercrimes? Explain each You may like
on
Cybercrime. to augment
one briely. your note using your own research, in addi-
3. What are thhe different types of tion to the material presented in this chaptet
cybercriminals? 7. How do you think cybercrime has relevance in
4. Is there a difference berween "cybercrime" and the extended enterprise context? Explain.
"cyberfraud"? Explain. 8. Explain in your own words what you under
5. How do viruses get disseminated? Explain stand about the global cooperation required io
with diagrams. hghting against cybercrime.