UNIT 1

1. INTRODUCTION TO CYBERCRIME

List of Topics:
• Introduction
• Cybercrime: Definition and Origins of the Word
• Cybercrime and Information Security
• Who are Cybercriminals?
• Classifications of Cybercrimes
• A Global Perspective on Cybercrimes
• Cybercrime Era: Survival Mantra for the Netizens
How Criminals Plan Them – Introduction, How Criminals Plan The Attacks, Social
Engineering, and Cyber Stalking, Cyber Cafe And Cybercrimes, Botnets: The Fuel For
Cybercrime, Attack Vector Cloud Computing.

INTRODUCTION

• “Cyber security is the protection of internet-connected systems, including hardware,

software and data, from cyber attacks”.
• “Cybersecurity” means protecting information, equipment, devices, computer, computer
resource, communication device and information stored therein from unauthorized access,
use, disclosure, disruption, modification or destruction.
• Almost everyone is aware of the rapid growth of the Internet.
• Given the unrestricted number of free websites, the Internet has undeniably opened a new
way of exploitation known as cybercrime.
• These activities involve the use of computers, the Internet, cyberspace and the worldwide
web (WWW).
• Interestingly, cybercrime is not a new phenomena; the first recorded cybercrime took place
in the year 1820.
• It is one of the most talked about topics in the recent years.
• Based on a 2008 survey in Australia, the below shows the cybercrime trend

1|Page
 Figure: Cybercrime Trend

• Indian corporate and government sites have been attacked or defaced more than 780 times
between February 2000 and December 2002.
• There are also stories/news of other attacks; for example, according to a story posted on 3
December 2009, a total of 3,286 Indian websites were hacked in 5 months – between
January and June 2009.
• Various cybercrimes and cases registered under cybercrimes by motives and suspects in
States and Union Territories (UTs).

CYBERCRIME: DEFINITION AND ORIGINS OF THE WORD

Definition:
“A crime conducted in which a computer was directly and significantly instrumental is called as
a Cybercrime.”

Alternative definitions of Cybercrime are as follows:

1. Any illegal act where a special knowledge of computer technology is essential for its
perpetration (to commit a crime), investigation or prosecution.
2. Any traditional crime that has acquired a new dimension or order of magnitude through
the aid of a computer, and abuses that have come into being because of computers.

2|Page
 3. Any financial dishonesty that takes place in a computer environment.
4. Any threats to the computer itself, such as theft of hardware or software, damage and
demands for money.
5. “Cybercrime (computer crime) is any illegal behavior, directed by means of electronic
operations, that targets the security of computer systems and the data processed by them.”
Note that in a wider sense, “computer-related crime” can be any illegal behavior committed
by means of, or in relation to, a computer system or network; however, this is not cybercrime.
The term “cybercrime” relates to a number of other terms that may sometimes be used to describe
crimes committed using computers. • Computer-related crime
• Computer crime
• Internet crime
• E-crime
• High-tech crime, etc. are the other synonymous terms.

Cybercrime specifically can be defined in a number of ways; a few definitions are:

1. A crime committed using a computer and the Internet to steal a person’s identity (identity
theft) or sell contraband or stalk victims or disrupt operations with malevolent programs.
2. Crimes completed either on or with a computer.
3. Any illegal activity done through the Internet or on the computer.
4. All criminal activities done using the medium of computers, the Internet, cyberspace and
the WWW.

According to one information security, cybercrime is any criminal activity which uses network
access to commit a criminal act. Cybercrime may be internal or external, with the former easier to
perpetrate. The term “cybercrime” has evolved over the past few years since the adoption of
Internet connection on a global scale with hundreds of millions of users. Cybercrime refers to the
act of performing a criminal act using cyberspace as the communications vehicle.

Important Definitions related to Cyber Security:

Cyberterrorism:

3|Page
 This term was coined in 1997 by Barry Collin, a senior research fellow at the institute for
Security and Intelligence in California. Cyberterrorism seems to be a controversial term. The use
of information technology and means by terrorist groups & agents is called as Cyberterrorism.
“The premeditated use of disruptive activities, or the threat thereof, against computers
and/or networks, with the intention to cause harm or further social, ideological, religious, political
or similar objectives or to intimidate any person in furtherance of such objectives.”
(or)
Cyberterrorism is defined as “any person, group or organization who, with terrorist intent,
utilizes accesses or aids in accessing a computer or computer network or electronic system or
electronic device by any available means, and thereby knowingly engages in or attempts to engage
in a terrorist act commits the offence of cyberterrorism.”

Cybernetics:
Cybernetics deals with information and its use. Cybernetics is the science that overlaps the
fields of neurophysiology, information theory, computing machinery and automation. Worldwide,
including India, cyberterrorists usually use computer as a tool, target for their unlawful act to gain
information.
Internet is one of the means by which the offenders can gain priced sensitive information
of companies, firms, individuals, banks and can lead to intellectual property (IP) crimes, selling
illegal articles, pornography/child pornography, etc. This is done using methods such as Phishing,
Spoofing, Pharming, Internet Phishing, wire transfer, etc. and use it to their own advantage without
the consent of the individual.

Phishing:
Phishing is a cyber attack that uses disguised email as a weapon. The goal is to trick the
email recipient into believing that the message is something they want or need a request from their
bank, for instance, or a note from someone in their company and to click a link or download an
attachment.

4|Page
 Phishing is an attempt by an individual or a group to thieve personal confidential
information such as passwords, credit card information from unsuspecting victims for identity
theft, financial gain & other fraudulent activities.
(or)
Phishing is a form of online identity theft that aims to steal sensitive information such as online
banking
passwords, credit card information from users etc.

Cyberspace:
This is a term coined by William Gibson, a science fiction writer in 1984. Cyberspace is
where users mentally travel through matrices of data. Conceptually, cyberspace is the nebulous
place where humans interact over computer networks. The term “cyberspace” is now used to
describe the Internet and other computer networks. In terms of computer science, “cyberspace” is
a worldwide network of computer networks that uses the Transmission Control Protocol/Internet
Protocol (TCP/IP) for communication to facilitate transmission and exchange of data. Cyberspace
is most definitely a place where you chat, explore, research and play.

Cybersquatting:
The term is derived from “squatting” which is the act of occupying an
abandoned/unoccupied space/ building that the user does not own, rent or otherwise have
permission to use. Cybersquatting, however, is a bit different in that the domain names that are
being squatted are (sometimes but not always) being paid for by the cybersquatters through the
registration process.
Cybersquatting means registering, selling or using a domain name with the intent of
profiting from the goodwill of someone else’s trademark. In this nature, it can be considered to be
a type of cybercrime.
Cybersquatting is the practice of buying “domain names” that have existing businesses names. In
India, Cybersquatting is considered to be an Intellectual Property Right (IPR). In India,
Cybersquatting is seen to interfere with “Uniform Dispute Resolution Policy” (a contractual
obligation to which all domain name registrants are presently subjected to).

Cyberpunk:

5|Page
 This is a term coined by Bruce Bethke, published in science fiction stories magazine in
November 1983. According to science fiction literature, the words “cyber” and “punk” emphasize
the two basic aspects of cyberpunk: “technology” and “individualism.” The term “cyberpunk”
could mean something like “anarchy via machines” or “machine/computer rebel movement.”

Cyberwarfare:
Cyberwarfare means information attacks against an unsuspecting opponent’s computer
networks, destroying and paralyzing nations. This perception seems to be correct as the terms
cyberwarfare and
Cyberterrorism have got historical connection in the context of attacks against infrastructure. The
term
“information infrastructure” refers to information resources, including communication systems
that support an industry, institution or population. These type of Cyber attacks are often presented
as threat to military forces and the Internet has major implications for espionage and warfare.

CYBERCRIME AND INFORMATION SECURITY

Lack of information security gives rise to cybercrimes. Let us refer to the amended Indian
Information Technology Act (ITA) 2000 in the context of cybercrime. From an Indian perspective,
the new version of the Act (referred to as ITA 2008) provides a new focus on “Information
Security in India". "Cybersecurity” means protecting information, equipment, devices, computer,
computer resource, communication device and information stored therein from unauthorized
access, use, disclosure, disruption, modification or destruction. The term incorporates both the
physical security of devices as well as the information stored therein. It covers protection from
unauthorized access, use, disclosure, disruption, modification and destruction.
Where financial losses to the organization due to insider crimes are concerned (e.g., leaking
customer data), often some difficulty is faced in estimating the losses because the financial impacts
may not be detected by the victimized organization and no direct costs may be associated with the
data theft. The 2008 CSI Survey on computer crime and security supports this. Cybercrimes

6|Page
occupy an important space in information security domain because of their impact. The other
challenge comes from the difficulty in attaching a quantifiable monetary value to the corporate
data and yet corporate data get stolen/lost (through loss/theft of laptops).
Because of these reasons, reporting of financial losses often remains approximate. In an attempt
to avoid negative publicity, most organizations abstain from revealing facts and figures about
“security incidents” including cybercrime. In general, organizations perception about “insider
attacks” seems to be different than that made out by security solution vendor. However, this
perception of an organization does not seem to be true as revealed by the 2008 CSI Survey.
Awareness about “data privacy” too tends to be low in most organizations. When we speak of
financial losses to the organization and significant insider crimes, such as leaking customer data,
such “crimes” may not be detected by the victimized organization and no direct costs may be
associated with the theft

Figure: Cybercrime trend over the years

7|Page
 Figure: shows several categories of incidences – viruses, insider abuse, laptop theft and
unauthorized access to systems
The Botnet Menace:
A group of computers that are controlled by software containing harmful programs, without their
users' knowledge is called as Botnet. The term “Botnet” is used to refer to a group of
compromised computers (zombie computers, i.e., personal computers secretly under the control
of hackers) running malwares under a common command and control infrastructure. Below figure
shows how a “zombie” works.

8|Page
 Figure: How a Zombie works
• A Botnet maker can control the group remotely for illegal purposes, the most common
being
• denial-of-service attack (DoS attack),
• Adware,
• Spyware,
• E-Mail Spam,
• Click Fraud
• theft of application serial numbers,
• login IDs
• financial information such as credit card numbers, etc.
• An attacker usually gains control by infecting the computers with a virus or other
Malicious Code. The computer may continue to operate normally without the owner’s
knowledge that his computer has been compromised.
• The problem of Botnet is global in nature and India is also facing the same.
• India has an average of 374 new Bot attacks per day and had more than 38,000 distinct
Bot-infected computers in the first half of the year 2009.
• Small and medium businesses in the country are at greater risk, as they are highly
vulnerable to Bots, Phishing, Spam and Malicious Code attacks.

9|Page
 • Mumbai with 33% incidences tops the Bot-infected city list,
• followed by New Delhi at 25%,
• Chennai at 17% and
• Bangalore at 13%.
• Tier-II locations are now also a target of Bot-networks with Bhopal at 4% and
Hyderabad, Surat, Pune and Noida at 1% each.
• The Internet is a network of interconnected computers. If the computers, computer
systems, computer resources, etc. are unsecured and vulnerable to security threats, it
can be detrimental to the critical infrastructure of the country.

WHO ARE CYBERCRIMINALS?

Cybercrime involves such activities

• credit card fraud;
• cyberstalking;
• defaming another online;
• gaining unauthorized access to computer systems;
• ignoring copyright, software licensing and trademark protection;
• overriding encryption to make illegal copies;
• software piracy and stealing another’s identity (known as identity theft) to perform
criminal acts

10 | P a g e
Types of Cybercriminals:

1. Type I: Cybercriminals – hungry for recognition

• Hobby hackers;
• IT professionals (social engineering is one of the biggest threat);
• Politically motivated hackers;
• Terrorist organizations.
2. Type II: Cybercriminals – not interested in recognition
• Psychological perverts;
• financially motivated hackers (corporate espionage);
• state-sponsored hacking (national espionage, sabotage)
• organized criminals
3. Type III: Cybercriminals – the insiders
• Disgruntled or former employees seeking revenge;
• Competing companies using employees to gain economic advantage through
damage and/or theft.

CLASSIFICATIONS OF CYBERCRIMES

11 | P a g e
 Table: Classifying Cybercrimes

“Crime is defined as an act or the commission of an act that is forbidden, or the omission of a duty
that is commanded by a public law and that makes the off ender liable to punishment by that law”.
Cyber crimes are classified as follows:
• Cybercrime against individual
• Cybercrime against property
• Cybercrime against organization
• Cybercrime against society
• Crimes emanating from Usenet newsgroup

12 | P a g e
Cybercrime against individual
1. E-Mail Spoofing: A spoofed E-Mail is one that appears to originate from one source but
actually has been sent from another source. For example, let us say, Roopa has an E-Mail
address [email protected]. Let us say her boyfriend Suresh and she happen to have a show
down. Then Suresh, having become her enemy, spoofs her E-Mail and sends vulgar messages
to all her acquaintances. Since the E-Mails appear to have originated from Roopa, her friends
could take offense and relationships could be spoiled for life.
2. Online Frauds: The most common types of online fraud are called phishing and spoofing.
Phishing is the process of collecting your personal information through e-mails or websites
claiming to be legitimate. This information can include usernames, passwords, credit card
numbers, social security numbers, etc. Often times the e-mails directs you to a website where
you can update your personal information. Because these sites often look “official,” they hope
you’ll be tricked into disclosing valuable information that you normally would not reveal. This
often times, results in identity theft and financial loss.
Spyware and viruses are both malicious programs that are loaded onto your computer without
your knowledge. The purpose of these programs may be to capture or destroy information, to
ruin computer performance or to overload you with advertising. Viruses can spread by infecting

13 | P a g e
computers and then replicating. Spyware disguises itself as a legitimate application and embeds
itself into your computer where it then monitors your activity and collects information.
3. Phishing, Spear Phishing and its various other forms such as Vishing and Smishing:
Phishing is the process of collecting your personal information through e-mails or websites
claiming to be legitimate. This information can include usernames, passwords, credit card
numbers, social security numbers, etc. Often times the e-mails directs you to a website where you
can update your personal information. Because these sites often look “official,” they hope you’ll
be tricked into disclosing valuable information that you normally would not reveal. This often
times, results in identity theft and financial loss.
Spear Phishing is a method of sending a Phishing message to a particular organization to gain
organizational information for more targeted social engineering. Here is how Spear Phishing
scams work; Spear Phishing describes any highly targeted Phishing attack. Spear phishers send E-
Mail that appears genuine to all the employees or members within a certain company, government
agency, organization or group. The message might look as if it has come from your employer, or
from a colleague who might send an E-Mail message to everyone in the company; it could include
requests for usernames or passwords. While traditional Phishing scams are designed to steal
information from individuals, spear phishing scam works to gain access to a company's entire
computer system.
Vishing (voice phishing) is a type of phishing attack that is conducted by phone and often targets
users of Voice over IP (VoIP) services like Skype.
It’s easy to for scammers to fake caller ID, so they can appear to be calling from a local area code
or even from an organization you know. If you don’t pick up, then they’ll leave a voicemail
message asking you to call back. Sometimes these kinds of scams will employ an answering
service or even a call center that’s unaware of the crime being perpetrated.
Once again, the aim is to get credit card details, birthdates, account sign-ins, or sometimes just to
harvest phone numbers from your contacts. If you respond and call back, there may be an
automated message prompting you to hand over data and many people won’t question this,
because they accept automated phone systems as part of daily life now.
Smishing (SMS phishing) is a type of phishing attack conducted using SMS (Short Message
Services) on cell phones. Just like email phishing scams, smishing messages typically include a

14 | P a g e
threat or enticement to click a link or call a number and hand over sensitive information.
Sometimes they might suggest you install some security software, which turns out to be malware.
Smishing example: A typical smishing text message might say something along the lines of,
“Your ABC Bank account has been suspended. To unlock your account, tap here:
https://bit.ly/2LPLdaU” and the link provided will download malware onto your phone. Scammers
are also adept at adjusting to the medium they’re using, so you might get a text message that says,
“Is this really a pic of you? https://bit.ly/2LPLdaU” and if you tap that link to find out, once again
you’re downloading malware.
4. Spamming: People who create electronic Spam are called spammers. Spam is the abuse
of electronic messaging systems (including most broadcast media, digital delivery systems) to
send unrequested bulk messages indiscriminately. Although the most widely recognized form of
Spam is E-Mail Spam, the term is applied to similar abuses in other media: instant messaging
Spam, Usenet newsgroup Spam, web search engine Spam, Spam in blogs, wiki Spam, online
classified ads Spam, mobile phone messaging Spam, Internet forum Spam, junk fax transmissions,
social networking Spam, file sharing network Spam, video sharing sites, etc. Spamming is
difficult to control because it has economic viability – advertisers have no operating costs beyond
the management of their mailing lists, and it is difficult to hold senders accountable for their mass
mailings. Spammers are numerous; the volume of unrequested mail has become very high because
the barrier to entry is low. Therefore, the following web publishing techniques should be avoided:
• Repeating keywords;
• use of keywords that do not relate to the content on the site;
• use of fast meta refresh;
• redirection;
• IP Cloaking;
• use of colored text on the same color background;
• tiny text usage;
• duplication of pages with different URLs;
• hidden links;
• use of different pages that bridge to the same URL (gateway pages).
5. Cyber defamation: It is a cognizable (Software) offense. “Whoever, by words either
spoken or intended to be read, or by signs or by visible representations, makes or publishes any
imputation concerning any person intending to harm, or knowing or having reason to believe that

15 | P a g e
such imputation will harm, the reputation of such person, is said, except in the cases hereinafter
expected, to defame that person.”
Cyber defamation happens when the above takes place in an electronic form. In other words,
cyber defamation occurs when defamation takes place with the help of computers and/or the
Internet. For example, someone publishes defamatory matter about someone on a website or sends
an E-Mail containing defamatory information to all friends of that person.
6. Cyberstalking and harassment: The dictionary meaning of “stalking” is an “act or
process of following prey stealthily – trying to approach somebody or something.” Cyberstalking
has been defined as the use of information and communications technology, particularly the
Internet, by an individual or group of individuals to harass another individual, group of
individuals, or organization. The behavior includes false accusations, monitoring, transmission of
threats, ID theft, damage to data or equipment, solicitation of minors for sexual purposes, and
gathering information for harassment purposes.
As the internet has become an integral part of our personal & professional lives, cyberstalkers take
advantage of ease of communication & an increased access to personal information available with
a few mouse clicks or keystrokes. They are 2 types of stalkers: Online Stalkers: aim to start the
interaction with the victim directly with the help of the internet. Offline Stalkers: the stalker may
begin the attack using traditional methods such as following the victim, watching the daily routine
of the victim.
7. Computer Sabotage: The use of the Internet to stop the normal functioning of a computer
system through the introduction of worms, viruses or logic bombs, is referred to as computer
sabotage. It can be used to gain economic advantage over a competitor, to promote the illegal
activities of terrorists or to steal data or programs for extortion purposes. Logic bombs are event-
dependent programs created to do something only when a certain event (known as a trigger event)
occurs. Some viruses may be termed as logic bombs because they lie dormant all through the year
and become active only on a particular date.
8. Pornographic Offenses: Child pornography means any visual depiction, including but not
limited to the following:
1. Any photograph that can be considered obscene and/or unsuitable for the age of
child viewer; 2. film, video, picture;

16 | P a g e
 3. computer-generated image or picture of sexually explicit conduct where the production of
such visual depiction involves the use of a minor engaging in sexually explicit conduct.
Child Pornography is considered an offense. The internet is being highly used by its abusers to
reach and abuse children sexually, worldwide. The Internet has become a household commodity
in the urban areas of the nation. Its explosion has made the children a viable victim to the
cybercrime. As the broad-band connections get into the reach of more and more homes, larger
child population will be using the Internet and therefore greater would be the chances of falling
victim to the aggression of pedophiles. Pedophiles are the people who physically or
psychologically coerce minors to engage in sexual activities, which the minors would not
consciously consent too. Here is how pedophiles operate:
• Step 1: Pedophiles use a false identity to trap the children/teenagers.
• Step 2: They seek children/teens in the kids’ areas on the services, such as the Games BB
or chat areas where the children gather.
• Step 3: They befriend children/teens.
• Step 4: They extract personal information from the child/teen by winning his/her
confidence.
• Step 5: Pedophiles get E-Mail address of the child/teen and start making contacts on the
victim’s E-Mail address as well. Sometimes, these E-Mails contain sexually explicit
language.
• Step 6: They start sending pornographic images/text to the victim including child
pornographic images in order to help child/teen shed his/her inhibitions so that a feeling is
created in the mind of the victim that what is being fed to him is normal and that everybody
does it.
• Step 7: At the end of it, the pedophiles set up a meeting with the child/teen out of the house
and then drag him/her into the net to further sexually assault him/her or to use him/her as
a sex object.
9. Password Sniffing: is a hacking technique that uses a special software application that
allows a hacker to steal usernames and passwords simply by observing and passively recording
network traffic. This often happens on public WiFi networks where it is relatively easy to spy on
weak or unencrypted traffic.
And yet, password sniffers aren’t always used for malicious intent. They are often used by IT
professionals as a tool to identify weak applications that may be passing critical information

17 | P a g e
unencrypted over the Local Area Network (LAN). IT practitioners know that users download and
install risky software at times in their environment, running a passive password sniffer on the
network of a business to identify leaky applications is one legitimate use of a password sniffer.

Cybercrime against property

1. Credit Card Frauds: Credit card fraud is an inclusive term for fraud committed using a
payment card, such as a credit card or debit card. The purpose may be to obtain goods or
services, or to make payment to another account which is controlled by a criminal. The
Payment Card Industry Data Security Standard (PCI DSS) is the data security standard created
to help businesses process card payments securely and reduce card fraud. Credit card fraud
can be authorised, where the genuine customer themselves processes a payment to another
account which is controlled by a criminal, or unauthorised, where the account holder does not
provide authorisation for the payment to proceed and the transaction is carried out by a third
party.
Credit cards are more secure than ever, with regulators, card providers and banks taking
considerable time and effort to collaborate with investigators worldwide to ensure fraudsters
aren't successful. Cardholders' money is usually protected from scammers with regulations that
make the card provider and bank accountable. The technology and security measures behind
credit cards are becoming increasingly sophisticated making it harder for fraudsters to steal
money.
2. Intellectual Property (IP) Crimes: With the growth in the use of internet these days the cyber
crimes are also growing. Cyber theft of Intellectual Property (IP) is one of them. Cyber theft
of IP means stealing of copyrights, software piracy, trade secrets, patents etc., using internet
and computers.
Copyrights and trade secrets are the two forms of IP that is frequently stolen. For example,
stealing of software, business strategies etc. Generally, the stolen material is sold to the rivals
or others for further sale of the product. This may result in the huge loss to the company who
originally created it. Another major cyber theft of IP faced by India is piracy. These days one
can get pirated version of movies, software etc. The piracy results in a huge loss of revenue to
the copyright holder. It is difficult to find the cyber thieves and punish them because everything

18 | P a g e
 they do is over internet, so they erase the data immediately and disappear within fraction of a
second.
Internet time theft: Such a theft occurs when an unauthorized person uses the Internet hours
paid for by another person. Basically, Internet time theft comes under hacking because the
person who gets access to someone else’s ISP user ID and password, either by hacking or by
gaining access to it by illegal means, uses it to access the Internet without the other person’s
knowledge. However, one can identify time theft if the Internet time has to be recharged often,
even when one’s own use of the Internet is not frequent. The issue of Internet time theft is related
to the crimes conducted through identity theft.

Cybercrime against Organization

1. Unauthorized accessing of Computer: Hacking is one method of doing this and hacking is
punishable offense. Unauthorized computer access, popularly referred to as hacking,
describes a criminal action whereby someone uses a computer to knowingly gain access to
data in a system without permission to access that data.
2. Password Sniffing: Password Sniffers are programs that monitor and record the name and
password of network users as they login, jeopardizing security at a site. Whoever installs the
Sniffer can then impersonate an authorized user and login to access restricted documents.
Laws are not yet set up to adequately prosecute a person for impersonating another person
online. Laws designed to prevent unauthorized access to information may be effective in
apprehending crackers using Sniffer programs.
3. Denial-of-service Attacks (DoS Attacks): It is an attempt to make a computer resource (i.e..,
information systems) unavailable to its intended users. In this type of criminal act, the attacker
floods the bandwidth of the victim’s network or fills his E-Mail box with spam mail depriving
him of the services he is entitled to access or provide. The goal of DoS is not to gain
unauthorized access to systems or data, but to prevent intended users (i.e., legitimate users)
of a service from using it. A DoS attack may do the following:
a. Flood a network with traffic, thereby preventing legitimate network traffic.
b. Disrupt connections between two systems, thereby preventing access to a service.
c. Prevent a particular individual from accessing a service.
d. Disrupt service to a specifi c system or person.
4. Virus attacks/dissemination of Viruses:
19 | P a g e
 Computer virus is a program that can “infect” legitimate (valid) programs by modifying them
to include a possibly “evolved” copy of itself. Viruses spread themselves, without the
knowledge or permission of the users, to potentially large numbers of programs on many
machines. A computer virus passes from computer to computer in a similar manner as a
biological virus passes from person to person. Viruses may also contain malicious instructions
that may cause damage or annoyance; the combination of possibly Malicious Code with the
ability to spread is what makes viruses a considerable concern. Viruses can often spread
without any readily visible symptoms. Viruses can take some typical actions:
• Display a message to prompt an action which may set of the virus
• Delete files inside the system into which viruses enter
• Scramble data on a hard disk
• Cause erratic screen behavior
• Halt the system (PC)
• Just replicate themselves to propagate further harm
5. E-Mail bombing/Mail bombs: E-Mail bombing refers to sending a large number of E-Mails
to the victim to crash victim’s E-Mail account (in the case of an individual) or to make
victim’s mail servers crash (in the case of a company or an E-Mail service provider).
Computer program can be written to instruct a computer to do such tasks on a repeated basis.
In recent times, terrorism has hit the Internet in the form of mail bombings. By instructing a
computer to repeatedly send E-Mail to a specified person’s E-Mail address, the cybercriminal
can overwhelm the recipient’s personal account and potentially shut down entire systems.
This may or may not be illegal, but it is certainly disruptive.

6. Salami Attack/Salami technique: These attacks are used for committing financial crimes.
The idea here is to make the alteration so insignificant that in a single case it would go
completely unnoticed; For example a bank employee inserts a program, into the bank’s
servers, that deducts a small amount of money (say Rs. 2/- or a few cents in a month) from
the account of every customer. No account holder will probably notice this unauthorized
debit, but the bank employee will make a sizable amount every month.
7. Logic Bomb: A Logic Bomb is a piece of often-malicious code that is intentionally inserted
into software. It is activated upon the host network only when certain conditions are met.

20 | P a g e
 Some viruses may be termed as logic bombs because they lie dormant all through the year
and become active only on a particular date.
8. Trojan Horse: A Trojan Horse, Trojan for short, is a term used to describe malware that
appears, to the user, to perform a desirable function but, in fact, facilitates unauthorized access
to the user’s computer system.
9. Data Diddling: A data diddling (data cheating) attack involves altering raw data just before
it is processed by a computer and then changing it back after the processing is completed.
Electricity Boards in India have been victims to data diddling programs inserted when private
parties computerize their systems.
10. Newsgroup Spam/Crimes emanating from Usenet newsgroup: This is one form of
spamming. The word “Spam” was usually taken to mean Excessive Multiple Posting (EMP).
The advent of Google Groups, and its large Usenet archive, has made Usenet more attractive
to spammers than ever. Spamming of Usenet newsgroups actually predates E-Mail Spam.
11. Industrial spying/Industrial espionage: Spying is not limited to governments.
Corporations, like governments, often spy on the enemy. The Internet and privately
networked systems provide new and better opportunities for espionage. “Spies” can get
information about product finances, research and development and marketing strategies, an
activity known as “industrial spying.”
However, cyberspies rarely leave behind a trail. Industrial spying is not new; in fact it is as
old as industries themselves. The use of the Internet to achieve this is probably as old as the
Internet itself. Traditionally, this has been the reserved hunting field of a few hundreds of
highly skilled hackers, contracted by high-profile companies or certain governments via the
means of registered organizations (it is said that they get several hundreds of thousands of
dollars, depending on the “assignment”). With the growing public availability of Trojans and
Spyware material, even low-skilled individuals are now inclined to generate high volume
profit out of industrial spying. This is referred to as “Targeted Attacks” (which includes
“Spear Phishing”).
12. Computer network intrusions: “Crackers” who are often misnamed “Hackers can break
into computer systems from anywhere in the world and steal data, plant viruses, create
backdoors, insert Trojan Horses or change user names and passwords. Network intrusions are
illegal, but detection and enforcement are difficult. Current laws are limited and many
intrusions go undetected. The cracker can bypass existing password protection by creating a

21 | P a g e
 program to capture logon IDs and passwords. The practice of “strong password” is therefore
important.
13. Software piracy: This is a big challenge area indeed. Cybercrime investigation cell of India
defines “software piracy” as theft of software through the illegal copying of genuine programs
or the counterfeiting and distribution of products intended to pass for the original. There are
many examples of software piracy:
1. end-user copying: friends loaning disks to each other, or organizations under-reporting
the number of software installations they have made, or organizations not tracking
their software licenses;
2. hard disk loading with illicit means: hard disk vendors load pirated software;
3. counterfeiting: large-scale duplication and distribution of illegally copied software;
4. Illegal downloads from the Internet: by intrusion, by cracking serial numbers, etc.
Beware that those who buy pirated software have a lot to lose:
• getting untested software that may have been copied thousands of times
over,
• the software, if pirated, may potentially contain hard-drive-infecting
viruses,
• there is no technical support in the case of software failure, that is, lack of
technical product support available to properly licensed users,
• there is no warranty protection,
• there is no legal right to use the product, etc.

Cybercrime against Society

1. Forgery: Counterfeit currency notes, postage and revenue stamps, marksheets, etc. can be
forged using sophisticated computers, printers and scanners. Outside many colleges there are
miscreants soliciting the sale of fake mark-sheets or even degree certificates. These are made
using computers and high quality scanners and printers. In fact, this is becoming a booming
business involving large monetary amount given to student gangs in exchange for these bogus
but authentic looking certificates.
2. Cyberterrorism: Cyberterrorism is a controversial term. Cyberterrorism is the use of the
Internet to conduct violent acts that result in, or threaten, loss of life or significant bodily harm,
in order to achieve political or ideological gains through threat or intimidation. It is also

22 | P a g e
 sometimes considered an act of Internet terrorism where terrorist activities, including acts of
deliberate, large-scale disruption of computer networks, especially of personal computers
attached to the Internet by means of tools such as computer viruses, computer worms, phishing,
and other malicious software and hardware methods and programming scripts.
3. Web Jacking: Web jacking occurs when someone forcefully takes control of a website (by
cracking the password and later changing it). Thus, the first stage of this crime involves
“password sniffing”. The actual owner of the website does not have any more control over
what appears on that website.

Crimes emanating from Usenet newsgroup:

By its very nature, Usenet groups may carry very offensive, harmful, inaccurate or
otherwise inappropriate material, or in some cases, postings that have been mislabeled or are
deceptive in another way.
Therefore, it is expected that you will use caution and common sense and exercise proper judgment
when using Usenet, as well as use the service at your own risk.
Usenet is a popular means of sharing and distributing information on the Web with respect
to specific topic or subjects. Usenet is a mechanism that allows sharing information in a many-to-
many manner. The newsgroups are spread across 30,000 different topics.

23 | P a g e
CYBERCRIME & THE INDIAN ITA 2000
In India, the ITA 2000 was enacted after the United Nation General Assembly Resolution
A/RES/51/162 in January 30, 1997 by adopting the Model Law on Electronic Commerce adopted
by the United
24 | P a g e
Nations Commission on International Trade Law. This was the first step toward the Law relating
to ECommerce at international level to regulate an alternative form of commerce and to give legal
status in the area of E-Commerce. It was enacted taking into consideration UNICITRAL model of
Law on Electronic Commerce (1996). Section 72 of Information Technology Act, 2000 provides
punishment for an unauthorized access or, disclosure of that information to third person punishable
with an imprisonment upto 2 years or fine which may extend to 1 lakh rupees or with both.

A GLOBAL PERSPECTIVE ON CYBERCRIMES

According to the 2020 Cost of Cybercrime Study by Accenture, the average number of security
breaches experienced by organizations increased by 11% between 2018 and 2019. Cybercrime
is also becoming more sophisticated, with the emergence of new threats such as ransomware
and advanced persistent threats (APTs).
In Australia, cybercrime has a narrow statutory meaning as used in the Cyber Crime Act 2001,
which details offenses against computer data and systems. However, a broad meaning is given to
cybercrime at an international level. In the Council of Europe’s (CoE’s) Cyber Crime Treaty,
cybercrime is used as an umbrella term to refer to an array of criminal activity including offenses
against computer data and systems, computer related offenses, content offenses and copyright
offenses.
This wide definition of cybercrime overlaps in part with general offense categories that need not
be Information & Communication Technology (ICT)-dependent, such as white-collar crime and
economic crime. Although this status is from the International Telecommunication Union (ITU)
survey conducted in 2005, we get an idea about the global perspective. ITU activities on
countering Spam can be read by visiting the link www.itu.int/spam (8 May 2010). The Spam
legislation scenario mentions “none” about India as far as E-Mail legislation in India is concerned.
The linkage of cybersecurity and critical infrastructure protection has become a big issue as a
number of countries have begun assessment of threats, vulnerabilities and started exploring
mechanisms to redress them. Recently, there have been a number of significant developments such
as
1. August 4, 2006 Announcement: The US Senate ratifies CoE Convention on Cyber Crime.
The convention targets hackers, those spreading destructive computer viruses, those using
the Internet for the sexual exploitation of children or the distribution of racist material, and

25 | P a g e
 terrorists attempting to attack infrastructure facilities or financial institutions. The
Convention is in full accord with all the US constitutional protections, such as free speech
and other civil liberties, and will require no change to the US laws.
2. In August 18, 2006, there was a news article published “ISPs Wary About ‘Drastic
Obligations’ on Web
Site Blocking.” European Union (EU) officials want to debar suspicious websites as part
of a 6-point plan to boost joint antiterrorism activities. They want to block websites that
incite terrorist action. Once again it is underlined that monitoring calls, Internet and E-Mail
traffic for law enforcement purposes is a task vested in the government, which must
reimburse carriers and providers for retaining the data.
3. CoE Cyber Crime Convention (1997–2001) was the first international treaty seeking to
address Internet crimes by harmonizing national laws, improving investigative techniques
and increasing cooperation among nations. More than 40 countries have ratified the
Convention to date.

CYBERCRIME ERA: SURVIVAL MANTRA FOR THE NETIZENS

The term “Netizen” was coined by Michael Hauben. Quite simply, “Netizens” are the Internet
users. Therefore, by corollary, “Netizen” is someone who spends considerable time online and
also has a considerable presence online (through websites about the person, through his/her active
blog contribution and/or also his/her participation in the online chat rooms). The 5P Netizen
mantra for online security is: a. Precaution
b. Prevention
c. Protection
d. Preservation
e. Perseverance
For ensuring cyber safety, the motto for the “Netizen” should be “Stranger is Danger!” If you
protect your customer’s data, your employee’s privacy and your own company, then you are doing
your job in the grander scheme of things to regulate and enforce rules on the Net through our
community. NASSCOM urges that cybercrime awareness is important, and any matter should be
reported at once. This is the reason they have established cyberlabs across major cities in India

26 | P a g e
More importantly, users must try and save any electronic information trail on their computers.
That is all one can do until laws become more stringent or technology more advanced. Some
agencies have been advocating for the need to address protection of the Rights of Netizens. There
are agencies that are trying to provide guidance to innocent victims of cybercrimes. However,
these NGO like efforts cannot provide complete support to the victims of cybercrimes and are
unable to get the necessary support from the Police. There are also a few incidents where Police
have pursued false cases on innocent IT professionals. The need for a statutorily empowered
agency to protect abuse of ITA 2000 in India was, therefore, a felt need for quite some time.

How Criminals Plan Them – Introduction, How Criminals Plan The Attacks, Social Engineering, and
Cyber Stalking, Cyber Cafe And Cybercrimes, Botnets: The Fuel For Cybercrime, Attack Vector
Cloud Computing.

Learning Objectives
 Understand different types of cyber attacks.
 Get an overview of the steps involved in planning cybercrime.
 Understand tools used for gathering information about the target.
 Get an overview on social engineering – what and how.
 Learn about the role of cybercafés in cybercrime.
 Understand what cyber stalking is.
 Learn about Botnets and attack vector.
 Get an overview on cloud computing – what and how.

How Criminals Plan Them –Introduction

• Technology is a “double-edged sword” as it can be used for both good and bad purposes
• People with the tendency to cause damages or carrying out illegal activities will use it for bad
purpose.
• Computers and tools available in IT are also used as either target of offense.
• In today’s world of Internet and computer networks, a criminal activity can be carried out across
national borders.
• Chapter 1 provided an overview of hacking, cyber terrorism, network intrusions, password
sniffing, computer viruses, etc. They are the most commonly occurring crimes that target the
computer.
• Cybercriminal use the World Wide Web and Internet to an optimum level for all illegal
activities to store data, contacts, account information, etc.
• The criminals take advantage of the widespread lack of awareness about cybercrimes and cyber
laws among the people who are constantly using the IT infrastructure for official and personal
purposes.
• People who commit cybercrimes are known as “Crackers” (Box 2.1).

27 | P a g e
Box 2.1 | Hackers, Crackers and Phreakers
Hacker: A hacker is a person with a strong interest in computers who enjoys learning and
experimenting with them. Hackers are usually very talented, smart people who understand
computers better than others. The term is often confused with cracker that defines someone who
breaks into computers (refer to Box 2.2).

Brute force hacking: It is a technique used to find passwords or encryption keys. Brute force
hacking involves trying every possible combination of letters, numbers, etc., until the code is broken.

Cracker: A cracker is a person who breaks into computers. Crackers should not be confused with
hackers. The term “cracker” is usually connected to computer criminals. Some of their crimes
include vandalism, theft and snooping in unauthorized areas.

Cracking: It is the act of breaking into computers. Cracking is a popular, growing subject on the
Internet. Many sites are devoted to supplying crackers with programs that allow them to crack
computers. Some of these programs contain dictionaries for guessing passwords. Others are used to
break into phone lines (called “phreaking”). These sites usually display warnings such as
“These files are illegal; we are not responsible for what you do with them.”
Cracker tools: These are programs used to break into computers. Cracker tools are widely
distributed on the Internet. They include password crackers, Trojans, viruses, war dialers and worms.

Phreaking: This is the notorious art of breaking into phone or other communication systems.
Phreaking sites on the Internet are popular among crackers and other criminals.
War dialer: Program automatically dials phone numbers looking for computers on the other end. It
catalogs numbers so that the hackers can call back and try to break in. An attacker would look to
exploit the vulnerabilities in the networks, most often so because the networks are not adequately
protected.

28 | P a g e
 • The categories of vulnerabilities that hackers typically search for are the following:
o Inadequate border protection (border as in the sense of network
periphery); o remote access servers (RASs) with weak access controls;
o application servers with well-known exploits; o misconfigured systems
and systems with default configurations.
• To help the reader understand the network attack scenario, Fig. 2.2 illustrates a small network
highlighting specific occurrences of several vulnerabilities described above.

Box 2.2 | What Color is Your Hat in the Security World?

A black hat is also called a “cracker” or “dark side hacker.” Such a person is a malicious or criminal
hacker. Typically, the term “cracker” is used within the security industry. However, the general
public uses the term hacker to refer to the same thing. In computer terminology, the meaning of
“hacker” can be much broader. The name comes from the opposite of “white hat hackers.”

A white hat hacker is considered an ethical hacker. In the realm of IT, a “white hat hacker” is a
person who is ethically opposed to the abuse of computer systems. It is said that the term is derived
from American western movies, where the protagonist typically wore a white cowboy hat and the
antagonist typically wore a black one. As a simplified explanation, a “white hat” generally focuses
on securing IT systems, whereas a “black hat” (the opposite) would like to break into them, so this
sounds like an age-old game of a thief and a police.

29 | P a g e
A brown hat hacker is one who thinks before acting or committing a malice or non-malice deed.
A grey hat commonly refers to a hacker who releases information about any exploits or security
holes he/she finds openly to the public. He/she does so without concern for how the information is
used in the end (whether for patching or exploiting).

2.1.1 Categories of Cybercrime

Cybercrime can be categorized based on the following:
1. The target of the crime and
2. whether the crime occurs as a single event or as a series of events.
Cybercrime can be targeted against individuals (persons), assets (property) and/or organizations
(government, business and social).
1. Crimes targeted at individuals: The goal is to exploit human weakness such as greed and
naivety. These crimes include financial frauds, sale of non-existent or stolen items, child
pornography (explained in Section 1.5.13, Chapter 1), copyright violation, harassment, etc.
with the development in the IT and the Internet; thus, criminals have a new tool that allows
them to expand the pool of potential victims. However, this also makes difficult to trace and
apprehend the criminals.
2. Crimes targeted at property: This includes stealing mobile devices such as cell phone,
laptops, personal digital assistant (PDAs), and removable medias (CDs and pen drives);
transmitting harmful programs that can disrupt functions of the systems and/or can wipe out
data from hard disk, and can create the malfunctioning of the attached devices in the system
such as modem, CD drive, etc.
3. Crimes targeted at organizations: Cyber terrorism is one of the distinct crimes against
organizations/ governments. Attackers (individuals or groups of individuals) use computer
tools and the Internet to usually terrorize the citizens of a particular country by stealing the
private information, and also to damage the programs and fi les or plant programs to get control
of the network and/or system (see Box 2.3).
4. Single event of cybercrime: It is the single event from the perspective of the victim. For
example, unknowingly open an attachment that may contain virus that will infect the system
(PC/laptop). This is known as hacking or fraud.
5. Series of events: This involves attacker interacting with the victims repetitively. For example,
attacker interacts with the victim on the phone and/or via chat rooms to establish relationship
first and then they exploit that relationship to commit the sexual assault.

Box 2.3 | Patriot Hacking

Patriot hacking [1] also known as Digital Warfare, is a form of vigilante computer systems’
cracking done by individuals or groups (usually citizens or supports of a country) against a real or
perceived threat. Traditionally, Western countries, that is, developing countries, attempts to launch
attacks on their perceived enemies.

30 | P a g e
Although patriot hacking is declared as illegal in the US, however, it is reserved only for government
agencies [i.e., Central Intelligence Agency (CIA) and National Security Agency (NSA)] as a
legitimate form of attack and defense. Federal Bureau of Investigation (FBI) raised the concern
about rise in cyber-attacks like website defacements (explained in Box 1.4, Chapter1) and denial-
of-service attacks (DoS – refer to Section 4.9, Chapter 4), which adds as fuel into increase in
international tension and gets mirrored it into the online world.

After the war in Iraq in 2003, it is getting popular in the North America, Western Europe and Israel.
These are countries that have the greatest threat to Islamic terrorism and its aforementioned digital
version.

The People’s Republic of China is allegedly making attacks upon the computer networks of the US
and the UK. Refer to Box 5.15 in Chapter 5. For detailed information visit www.patriothacking.com

2.2 How Criminals Plan the Attacks

• Criminals use many methods and tools to locate the vulnerabilities of their target.
• The target can be an individual and/or an organization.
• Criminals plan passive and active attacks
• Active attacks are usually used to alter the system (i.e., computer network) whereas passive
attacks attempt to gain information about the target.
• Active attacks may affect the availability, integrity and authenticity of data whereas passive
attacks lead to violation of confidentiality.
The following phases are involved in planning cybercrime:
1. Reconnaissance (information gathering) is the first phase and is treated as passive attacks.
2. Scanning and scrutinizing the gathered information for the validity of the information as well
as to identify the existing vulnerabilities.
3. Launching an attack (gaining and maintaining the system access).

2.2.1 Reconnaissance

• The literal meaning of “Reconnaissance” is an act of finding something or somebody

(especially to gain information about an enemy or potential enemy).
• In the world of “hacking,” reconnaissance phase begins with “Footprinting” – this is the
preparation toward pre-attack phase, and involves accumulating data about the target’s
environment and computer architecture to find ways to intrude into that environment.
• Footprinting gives an overview about system vulnerabilities and provides a judgment about
possible exploitation of those vulnerabilities.
• The objective of this preparatory phase is to understand the system, its networking ports and
services, and any other aspects of its security that are needful for launching the attack.
• Thus, an attacker attempts to gather information in two phases: passive and active attacks. Let
us understand these two phases.

31 | P a g e
2.2.2 Passive Attacks

A passive attack involves gathering information about a target without his/her (individual’s or
company’s) knowledge. It can be as simple as watching a building to identify what time employees
enter the building premises. However, it is usually done using Internet searches or by Googling (i.e.,
searching the required information with the help of search engine Google) an individual or company
to gain information.
1. Google or Yahoo search: People search to locate information about employees.
2. Surfing online community groups like Orkut/Facebook will prove useful to gain the
information about an individual.
3. Organization’s website may provide a personnel directory or information about key employees,
for example, contact details, E-Mail address, etc. These can be used in a social engineering
attack to reach the target (see Section 2.3).
4. Blogs, newsgroups, press releases, etc. are generally used as the mediums to gain information
about the company or employees.
5. Going through the job postings in particular job profiles for technical persons can provide
information about type of technology, that is, servers or infrastructure devices a company
maybe using on its network.

2.2.3 Active Attacks

An active attack involves probing the network to discover individual hosts to confirm the
information (IP addresses, operating system type and version, and services on the network) gathered
in the passive attack phase. It involves the risk of detection and is also called “Rattling the doorknobs”
or “Active reconnaissance.” Active reconnaissance can provide confirmation to an attacker about
security measures in place (e.g., whether the front door is locked?), but the process can also increase
the chance of being caught or raise a suspicion.

2.2.4 Scanning and Scrutinizing Gathered Information

Scanning is a key step to examine intelligently while gathering information about the target.
The objectives of scanning are as follows:
1. Port scanning: Identify open/close ports and services. Refer to Box 2.5.
2. Network scanning: Understand IP Addresses and related information about the computer
network systems.
3. Vulnerability scanning: Understand the existing weaknesses in the system.

2.2.5 Attack (Gaining and Maintaining the System Access)

After the scanning and enumeration, the attack is launched using the following steps:
1. Crack the password.
2. exploit the privileges.
3. execute the malicious commands/applications.
4. hide the files (if required).

32 | P a g e
 5. cover the tracks – delete the access logs, so that there is no trail illicit activity.

2.3 Social Engineering

• Social engineering is the “technique to influence” and “persuasion to deceive” people to obtain
the information or perform some action.
• Social engineers exploit the natural tendency of a person to trust social engineers’ word, rather
than exploiting computer security holes.
• It is generally agreed that people are the weak link in security and this principle makes social
engineering possible.
• A social engineer usually uses telecommunication (i.e., telephone and/or cell phone) or Internet
to get them to do something that is against the security practices and/or policies of the
organization.
• Social engineering involves gaining sensitive information or unauthorized access privileges by
building inappropriate trust relationships with insiders.
• It is an art of exploiting the trust of people, which is not doubted while speaking in a normal
manner.
• The goal of a social engineer is to fool someone into providing valuable information or access
to that information.
• Social engineer studies the human behavior so that people will help because of the desire to be
helpful, the attitude to trust people, and the fear of getting into trouble.
• The sign of truly successful social engineers is that they receive information without any
suspicion.
• A simple example is calling a user and pretending to be someone from the service desk working
on a network issue; the attacker then proceeds to ask questions about what the user is working
on, what file shares he/she uses, what his/her password is, and so on… (see Box 2.6).

Box 2.6 | Social Engineering Example

Mr. Joshi: Hello?
The Caller: Hello, Mr. Joshi. This is Geeta Thomas from Tech Support. Due to some disk space
constraints on the file server, we will be moving few user’s home directories to another disk. This
activity will be performed tonight at 8:00 p.m. Your account will be a part of this move and will be
unavailable temporarily.

Mr. Joshi: Ohh … okay. I will be at my home by then, anyway.

Caller: Great!!! Please ensure to log off before you leave office. We just need to check a couple of
things. What is your username?
Mr. Joshi: Username is “pjoshi.” None of my files will be lost in the move, right?
Caller: No sir. But we will have to check your account to ensure the same. What is the password of
that account?

33 | P a g e
Mr. Joshi: My password is “ABCD1965,” all characters in upper case.
Caller: Ok, Mr. Joshi. Thank you for your cooperation. We will ensure that all the files are there.
Mr. Joshi: Thank you. Bye.
Caller: Bye and have a nice day.

2.3.1 Classification of Social Engineering Human-Based

Social Engineering
• Human-based social engineering refers to person-to-person interaction to get the
required/desired information.
• An example is calling the help desk and trying to find out a password.
1. Impersonating an employee or valid user:
• “Impersonation” is perhaps the greatest technique used by social engineers to deceive people.
• Social engineers “take advantage” of the fact that most people are basically helpful, so it seems
harmless to tell someone who appears to be lost where the computer room is located, or to let
someone into the building who “forgot” his/her badge, etc., or pretending to be an employee or
valid user on the system.
2. Posing as an important user:
• The attacker pretends to be an important user – for example, a Chief Executive Officer (CEO)
or high-level manager who needs immediate assistance to gain access to a system.
• The attacker uses intimidation so that a lower-level employee such as a help-desk worker will
help him/her in gaining access to the system. Most of the low-level employees will not ask any
question to someone who appears to be in a position of authority.
3. Using a third person:
• An attacker pretends to have permission from an authorized source to use a system. This trick
is useful when the supposed authorized personnel is on vacation or cannot be contacted for
verification.
4. Calling technical support:
• Calling the technical support for assistance is a classic social engineering example.
• Help-desk and technical support personnel are trained to help users, which makes them good
prey for social engineering attacks.
5. Shoulder surfing:
• It is a technique of gathering information such as usernames and passwords by watching over
a person’s shoulder while he/she logs into the system, thereby helping an attacker to gain access
to the system.
6. Dumpster diving:
• It involves looking in the trash for information written on pieces of paper or computer
printouts.
• This is a typical North American term; it is used to describe the practice of rummaging through
commercial or residential trash to find useful free items that have been discarded.
• It is also called dumpstering, binning, trashing, garbing or garbage gleaning.

34 | P a g e
 • “Scavenging” is another term to describe these habits.
• In the UK, the practice is referred to as “ binning” or “skipping” and the person doing it is a
“binner” or a “skipper.”

Computer-Based Social Engineering

• Computer-based social engineering refers to an attempt made to get the required/desired
information by using computer software/Internet.
• For example, sending a fake E-Mail to the user and asking him/her to re-enter a password in
a webpage to confirm it.
1. Fake E-Mails:
• The attacker sends fake E-Mails (see Box 2.7) to users in such that the user finds it as a real e-
mail.
• This activity is also called “Phishing”.
• It is an attempt to attract the Internet users (netizens) to reveal their personal information, such
as usernames, passwords and credit card details by impersonating as a trustworthy and
legitimate organization or an individual.
• Banks, financial institutes and payment gateways are the common targets.
• Phishing is typically carried out through E-Mails or instant messaging and often directs users
to enter details at a website, usually designed by the attacker with abiding the look and feel of
the original website.
• Thus, Phishing is also an example of social engineering techniques used to fool netizens.
• The term “Phishing” has been evolved from the analogy that Internet scammers are using E-
Mails attract to fish for passwords and financial data from the sea of Internet users (i.e.,
netizens).
• The term was coined in 1996 by hackers who were stealing AOL Internet accounts by
scamming passwords without the knowledge of AOL users.
• As hackers have a tendency of replacing “f” with “ph,” the term “Phishing” came into being.
2. E-Mail attachments:
• E-Mail attachments are used to send malicious code to a victim’s system, which will
automatically (e.g., keylogger utility to capture passwords) get executed.
• Viruses, Trojans, and worms can be included cleverly into the attachments to entice a victim to
open the attachment.
3. Pop-up windows:
Pop-up windows are also used, in a similar manner to E-Mail attachments. Pop-up windows
with special offers or free stuff can encourage a user to unintentionally install malicious
software.

2.4 Cyberstalking
• The dictionary meaning of “stalking” is an “act or process of following prey stealthily – trying
to approach somebody or something.”

35 | P a g e
 • Cyberstalking has been defined as the use of information and communications technology,
particularly the Internet, by an individual or group of individuals to harass another
individual, group of individuals, or organization.
• The behavior includes false accusations, monitoring, transmission of threats, ID theft, damage
to data or equipment, solicitation of minors for sexual purposes, and gathering information for
harassment purposes.
• Cyberstalking refers to the use of Internet and/or other electronic communications devices to
stalk another person.
• It involves harassing or threatening behavior that an individual will conduct repeatedly,
for example, following a person, visiting a person’s home and/or at business place, making
phone calls, leaving written messages, or vandalizing against the person’s property. As the
Internet has become an integral part of our personal and professional
lives, cyberstalkers take advantage of ease of communication and an increased access to personal
information available with a few mouse clicks or keystrokes.

2.4.1 Types of Stalkers

There are primarily two types of stalkers.
1. Online stalkers:
• They aim to start the interaction with the victim directly with the help of the Internet.
• E-Mail and chat rooms are the most popular communication medium to get connected with
the victim, rather than using traditional instrumentation like telephone/cell phone.
• The stalker makes sure that the victim recognizes the attack attempted on him/her.
• The stalker can make use of a third party to harass the victim.
2. Offline stalkers:
• The stalker may begin the attack using traditional methods such as following the victim,
watching the daily routine of the victim, etc.
• Searching on message boards/newsgroups, personal websites, and people finding services
or websites are most common ways to gather information about the victim using the
Internet.
• The victim is not aware that the Internet has been used to perpetuate an attack against them.

2.4.2 Cases Reported on Cyberstalking

• The majority of cyberstalkers are men and the majority of their victims are women.
• Some cases also have been reported where women act as cyberstalkers and men as the victims
as well as cases of same-sex cyberstalking.
• In many cases, the cyberstalker and the victim hold a prior relationship, and the cyberstalking
begins when the victim attempts to break off the relationship, for example, ex-lover, ex-spouse,
boss/subordinate, and neighbor.
• However, there also have been many instances of cyberstalking by strangers.

2.4.3 How Stalking Works?

It is seen that stalking works in the following ways:

36 | P a g e
 1. Personal information gathering about the victim: Name; family background; contact details
such as cell phone and telephone numbers (of residence as well as office); address of residence
as well as of the office; E-Mail address; date of birth, etc.
2. Establish a contact with victim through telephone/cell phone. Once the contact is established,
the stalker may make calls to the victim to threaten/harass.
3. Stalkers will almost always establish a contact with the victims through E-Mail. The letters
may have the tone of loving, threatening or can be sexually explicit. The stalker may use
multiple names while contacting the victim.

4. Some stalkers keep on sending repeated E-Mails asking for various kinds of favors or threaten
the victim.
5. The stalker may post the victim’s personal information on any website related to illicit services
such as sex-workers’ services or dating services, posing as if the victim has posted the
information and invite the people to call the victim on the given contact details (telephone
numbers/cell phone numbers/E-Mail address) to have sexual services. The stalker will use bad
and/or offensive/attractive language to invite the interested persons.
6. Whosoever comes across the information, start calling the victim on the given contact details (
telephone/cell phone nos), asking for sexual services or relationships.
7. Some stalkers subscribe/register the E-Mail account of the victim to innumerable pornographic
and sex sites, because of which victim will start receiving such kind of unsolicited E-Mails.

2.4.4 Real-Life Incident of Cyberstalking

Case Study
The Indian police have registered first case of cyberstalking in Delhi – the brief account of the case
has been mentioned here. To maintain confidentiality and privacy of the entities involved, we have
changed their names.
• Mrs. Joshi received almost 40 calls in 3 days mostly at odd hours from as far away as Kuwait,
Cochin, Bombay, and Ahmadabad.
• The said calls created havoc in the personal life destroying mental peace of Mrs. Joshi who
decided to register a complaint with Delhi Police.
• A person was using her ID to chat over the Internet at the website www.mirc.com, mostly in
the Delhi channel for four consecutive days.
• This person was chatting on the Internet, using her name and giving her address, talking in
obscene language.
• The same person was also deliberately giving her telephone number to other chatters
encouraging them to call Mrs. Joshi at odd hours.
• This was the first time when a case of cyberstalking was registered.
• Cyberstalking does not have a standard definition but it can be defined to mean threatening,
unwarranted behavior, or advances directed by one person toward another person using Internet
and other forms of online communication channels as medium.

37 | P a g e
Cyberbullying
The National Crime Prevention Council defines Cyberbullying as “when the Internet, cell
phones or other devices are used to send or post text or images intended to hurt or embarrass another
person.” www.StopCyberbullying.org, an expert organization dedicated to Internet safety, security,
and privacy defines cyberbullying as “a situation when a child, tween, or teen is repeatedly ‘tormented,
threatened, harassed, humiliated, embarrassed, or otherwise targeted’ by another child, tween, or teen
using text messaging, E-Mail, instant messaging, or any other type of digital technology.”
The practice of cyberbullying is not limited to children and, while the behavior is identified by
the same definition in adults, the distinction in age groups is referred to as cyberstalking or cyber
harassment when perpetrated by adults toward adults. Source: http://en.wikipedia.org/wiki/Cyber-
bullying (2 April 2009).

2.5 Cybercafé and Cybercrimes

• In February 2009, Nielsen survey on the profile of cybercafés users in India, it was found that
90% of the audience, across eight cities and 3,500 cafes, were male and in the age group of 15–
35 years; 52% were graduates and postgraduates, though almost over 50% were students.
• Hence, it is extremely important to understand the IT security and governance practiced in the
cybercafés.
• In the past several years, many instances have been reported in India, where cybercafés are
known to be used for either real or false terrorist communication.
• Cybercrimes such as stealing of bank passwords and subsequent fraudulent withdrawal of
money have also happened through cybercafés.
• Cybercafé’s have also been used regularly for sending obscene mails to harass people.
• Public computers, usually referred to the systems, available in cybercafé’s, hold two types of
risks.
• First, we do not know what programs are installed on the computer – that is, risk of malicious
programs such as keyloggers or Spyware, which maybe running at the background that can
capture the keystrokes to know the passwords and other confidential information and/or
monitor the browsing behavior.
• Second, over-the-shoulder surfing can enable others to find out your passwords. Therefore, one
has to be extremely careful about protecting his/her privacy on such systems, as one does not
know who will use the computer after him/her.
• Indian Information Technology Act (ITA) 2000, does not define cybercafes and interprets
cybercafes as “network service providers” referred to under the Section 79, which imposed on
them a responsibility for “due diligence” failing which they would be liable for the offenses
committed in their network.
• Cybercriminals prefer cybercafes to carry out their activities.
• The criminals tend to identify one particular personal computer (PC) to prepare it for their use.
• Cybercriminals can either install malicious programs such as keyloggers and/or Spyware or
launch an attack on the target.
• Cybercriminals will visit these cafes at a particular time and on the prescribed frequency, maybe
alternate day or twice a week.

38 | P a g e
 • A recent survey conducted in one of the metropolitan cities in India reveals the following facts:
1. Pirated software(s) such as OS, browser, office automation software(s) (e.g., Microsoft
Office) are installed in all the computers.
2. Antivirus software is found to be not updated to the latest patch and/or antivirus
signature.
3. Several cybercafes had installed the software called “Deep Freeze” for protecting the
computers from prospective malware attacks. Deep Freeze can wipe out the details of
all activities carried out on the computer when one clicks on the “restart” button. Such
practices present challenges to the police or crime investigators when they visit the
cybercafes to pick up clues after the Interet Service Provider (ISP) points to a particular
IP address from where a threat mail was probably sent or an online Phishing attack was
carried out, to retrieve logged files.
4. Annual maintenance contract (AMC) found to be not in a place for servicing the
computers; hence, hard disks for all the computers are not formatted unless the
computer is down. Not having the AMC is a risk from cybercrime perspective because
a cybercriminal can install a Malicious Code on a computer and conduct criminal
activities without any interruption.
5. Pornographic websites and other similar websites with indecent contents are not
blocked.
6. Cybercafe owners have very less awareness about IT Security and IT Governance.
7. Government/ISPs/State Police (cyber cell wing) do not seem to provide IT Governance
guidelines to cybercafe owners.
8. Cybercafe association or State Police (cyber cell wing) do not seem to conduct periodic
visits to cybercafes – one of the cybercafe owners whom we interviewed expressed a
view that the police will not visit a cybercafe unless criminal activity is registered by
filing an First Information Report (FIR). Cybercafe owners feel that police either have
a very little knowledge about the technical aspects involved in cybercrimes and/or about
conceptual understanding of IT security. There are thousands of cybercafes across
India.
In the event that a central agency takes up the responsibility for monitoring cybercafes, an
individual should take care while visiting and/or operating from cybercafe. Here are a few tips for
safety and security while using the computer in a cybercafe:
1. Always logout:
2. Stay with the computer:
3. Clear history and temporary files:
4. Be alert:
5. Avoid online financial transactions:
6. Change passwords:
7. Use Virtual keyboard:
8. Security warnings:

2.6 Botnets: The Fuel for Cybercrime

39 | P a g e
2.6.1 Botnet
• The dictionary meaning of Bot is “(computing) an automated program for doing some particular
task, often over a network.”
• Botnet is a term used for collection of software robots, or Bots, that run autonomously and
automatically.
• The term is often associated with malicious software but can also refer to the network of
computers using distributed computing software.
• In simple terms, a Bot is simply an automated computer program One can gain the control of
computer by infecting them with a virus or other Malicious Code that gives the access.
• Computer system maybe a part of a Botnet even though it appears to be operating normally.
• Botnets are often used to conduct a range of activities, from distributing Spam and viruses to
conducting denial-of-service (DoS) attacks.
• A Botnet (also called as zombie network) is a network of computers infected with a malicious
program that allows cybercriminals to control the infected machines remotely without the
users’ knowledge.
• “Zombie networks” have become a source of income for entire groups of cybercriminals. The
invariably low cost of maintaining a Botnet and the ever diminishing degree of knowledge
required to manage one are conducive to the growth in popularity and, consequently, the
number of Botnets.
• If someone wants to start a “business” and has no programming skills, there are plenty of “Bot
for sale” offers on forums.
• ‘encryption of these programs’ code can also be ordered in the same way to protect them from
detection by antivirus tools.
• Another option is to steal an existing Botnet. Figure 2.8 explains how Botnets create business.
• One can reduce the chances of becoming part of a Bot by limiting access into the system.
• Leaving your Internet connection ON and unprotected is just like leaving the front door of the
house wide open.

One can ensure following to secure the system:

1. Use antivirus and anti-Spyware software and keep it up-to-date:
2. Set the OS to download and install security patches automatically:
3. Use a firewall to protect the system from hacking attacks while it is connected on the Internet:
A firewall is a software and/or hardware that is designed to block unauthorized access while
permitting authorized communications.
4. Disconnect from the Internet when you are away from your computer:
5. Downloading the freeware only from websites that are known and trustworthy:
6. Check regularly the folders in the mail box – “sent items” or “outgoing” – for those messages
you did not send:
7. Take an immediate action if your system is infected:

40 | P a g e
Box 2.9 | Technical Terms
Malware: It is malicious software, designed to damage a computer system without the owner’s
informed consent. Viruses and worms are the examples of malware.
Adware: It is advertising-supported software, which automatically plays, displays, or downloads
advertisements to a computer after the software is installed on it or while the application is being
used. Few Spywares are classifi ed as Adware.

Spam: It means unsolicited or undesired E-Mail messages

Spamdexing: It is also known as search Spam or search engine Spam. It involves a number of
methods, such as repeating unrelated phrases, to manipulate the relevancy or prominence of
resources indexed by a search engine in a manner inconsistent with the purpose of the indexing
system.

DDoS: Distributed denial-of-service attack (DDoS) occurs when multiple systems flood the
bandwidth or resources of a targeted system, usually one or more web servers. These systems are
compromised by attackers using a variety of methods.

2.7 Attack Vector

• An “attack vector” is a path, which an attacker can gain access to a computer or to a network
server to deliver a payload or malicious outcome.
• Attack vectors enable attackers to exploit system vulnerabilities, including the human element.
• Attack vectors include viruses, E-Mail attachments, webpages, pop-up windows, instant
messages, chat rooms, and deception. All of these methods involve programming (or, in a few
cases, hardware), except deception, in which a human operator is fooled into removing or
weakening system defenses.
• To some extent, firewalls and antivirus software can block attack vectors.
• However, no protection method is totally attack-proof.
• A defense method that is effective today may not remain so for long because attackers are
constantly updating attack vectors, and seeking new ones, in their quest to gain unauthorized
access to computers and servers. Refer to Box 2.10.
• The most common malicious payloads are viruses (which can function as their own attack
vectors), Trojan Horses, worms, and Spyware.
• If an attack vector is thought of as a guided missile, its payload can be compared to the warhead
in the tip of the missile.
• In the technical terms, payload is the necessary data being carried within a packet or other
transmission unit – in this scenario (i.e., attack vector) payload means the malicious activity
that the attack performs.
• From the technical perspective, payload does not include the “overhead” data required to get
the packet to its destination. Payload may depend on the following point of view: “What
constitutes it?” To a communications layer that needs some of the overhead data to do its job,
the payload is sometimes considered to include that part of the overhead data that this layer
handles. The attack vectors described here are how most of them are launched.
41 | P a g e
 1. Attack by E-Mail: The content is either embedded in the message or linked to by the message.
Sometimes attacks combine the two vectors, so that if the message does not get you, the
attachment will. Spam is almost always carrier for scams, fraud, dirty tricks, or malicious action
of some kind. Any link that offers something “free” or tempting is a suspect.
2. Attachments (and other files): Malicious attachments install malicious computer code.
The code could be a virus, Trojan Horse, Spyware, or any other kind of malware. Attachments
attempt to install their payload as soon as you open them.
3. Attack by deception: Deception is aimed at the user/operator as a vulnerable entry point. It is
not just malicious computer code that one needs to monitor. Fraud, scams, and to some extent
Spam, not to mention viruses, worms and such require the unwitting cooperation of the
computer’s operator to succeed. Social engineering are other forms of deception that are often
an attack vector too.
4. Hackers: Hackers/crackers are a formidable attack vector because, unlike ordinary Malicious
Code, people are flexible and they can improvise. Hackers/crackers use variety of hacking
tools, heuristics, Cyberoffenses: How and social engineering to gain access to computers and
online accounts. They often install a Trojan Horse to commandeer the computer for their own
use.
5. Heedless guests (attack by webpage): Counterfeit websites are used to extract personal
information. Such websites look very much like the genuine websites they imitate. One may
think he/she is doing business with someone you trust. However, he/she is really giving their
personal information, like address, credit card number, and expiration date. They are often used
in conjunction with Spam, which gets you there in the first place. Pop-up webpages may install
Spyware, Adware or Trojans.
6. Attack of the worms: Many worms are delivered as E-Mail attachments, but network worms
use holes in network protocols directly. Any remote access service, like file sharing, is likely
to be vulnerable to this sort of worm. In most cases, a firewall will block system worms. Many
of these system worms install Trojan Horses.
7. Malicious macros: Microsoft Word and Microsoft Excel are some of the examples that allow
macros. A macro does something like automating a spreadsheet, for example. Macros can also
be used for malicious purposes. All Internet services like instant messaging, Internet Relay
Chart(IRC), and P2P fi le-sharing networks rely on cozy connections between the computer
and the other computers on the Internet. If one is using P2P software then his/her system is
more vulnerable to hostile exploits.
8. Foistware (sneakware): Foistware is the software that adds hidden components to the system
with cunning nature. Spyware is the most common form of foistware. Foistware is partial- legal
software bundled with some attractive software. Sneak software often hijacks your browser and
diverts you to some “revenue opportunity” that the foistware has set up.
9. Viruses: These are malicious computer codes that hitch a ride and make the payload.
Nowadays, virus vectors include E-Mail attachments, downloaded files, worms, etc.

Box 2.10 | Zero-Day Attack

42 | P a g e
A zero-day (or zero-hour) attack[17] is a computer threat which attempts to exploit computer
application vulnerabilities that are unknown to anybody in the world (i.e., undisclosed to the
software vendor and software users) and/or for which no patch (i.e., security fi x) is available. Zero-
day exploits are used or shared by attackers before the software vendor knows about the
vulnerability.

Sometimes software vendors discover the vulnerability but developing a patch can take time.
Alternatively, software vendors can also hold releasing the patch reason to avoid the flooding the
customers with numerous individual updates. A “zero-day” attack is launched just on or before the
first or “zeroth” day of vendor awareness, reason being the vendor should not get any opportunity
to communicate/distribute a security fix to users of such software. If the vulnerability is not
particularly dangerous, software vendors prefer to hold until multiple updates (i.e., security fixes
commonly known as patches) are collected and then release them together as a package. Malware
writers are able to exploit zero-day vulnerabilities through several different attack vectors.

Zero-day emergency response team (ZERT): This is a group of software engineers who work to
release non-vendor patches for zero-day exploits. Nevada is attempting to provide support with the
Zeroday Project at www.zerodayproject.com, which purports to provide information on upcoming
attacks and provide support to vulnerable systems. Also, visit the weblink http://www.isotf.org/zert
to get more information about it.

43 | P a g e