Cyber Security

Unit Topic

INTRODUCTION TO CYBER CRIME: Cybercrime- Definition and Origins of

the word Cybercrime and Information Security, Who are Cybercriminals?
Classifications of Cyber Crimes, cybercrime: the legal perspectives, an Indian
1 perspective, cybercrime and the Indian IT act 2000, A Global Perspective on
Cybercrimes.

CYBER CRIME-MOBILE & WIRELESS DEVICES: Introduction,

Proliferation of Mobile and Wireless Devices, Trends in Mobility, Credit Card
Frauds in Mobile and Wireless Computing Era, Authentication Service Security,
Attacks on Mobile/Cell Phones.
2
Mobile Devices: Security Implications for organizations, Organizational
Measures for Handling Mobile device-related security issues, Organizational
Security Policies and Measures in Mobile Computing Era, laptops.

TOOLSANDMETHODSUSEDINCYBERCRIME:
Password Cracking, Key loggers and Spywares, Virus and Worms, Trojan-horses
and Backdoors, Stenography, Attacks on Wireless Networks, Phishing and
3
Identity Theft: Introduction to Phishing, Identity Theft (ID Theft).
 Unit-1
Introduction to Cyber Crime

Definition: Cybercrime refers to any illegal activity that involves computer,

network, or the internet. It can from hacking into someone’s computer to steal
personal information to spreading malicious software (like viruses) that
disrupts system or network. It targets sensitive data, financial information, or
computer system, and the intent can be to harm individuals, businesses, or
government.

Origins of the word cyber crime:

The word “Cybercrime" is a combination of “cyber”, derived from
“cybernetics”, and “crime”. Back in the 1990s, when computers were
becoming popular globally, people needed a word for the new digital crimes.
So, they created "cybercrime" to describe illegal activities happening in the
digital space.
Cybernetics: The term “cybernetics” comes from a Greek word meaning “to steer” or “to
given” and was originally used to describe the study of communication and control in living
beings and machines. Over time “cyber” became closely associated with computers,
networks, and digital technology.
Crime: This refers to activities that are illegal or against the law. When
combines with “cyber”, it specifically refers to illegal activities carried out
using technology.
Key mile stones in the evolution of cyber crime include:
Hacking and unauthorized access: In the early days, cyber criminals focused on breaking
into systems to steal information or showcase their technical prowess.
Data theft and Escape: With businesses and governments storing sensitive data online,
cyber criminals began targeting these systems for financial gain or political purposes.
Ransome ware Attacks: Malicious software designed to lock users out of their systems until
a ransom is paid became a significant threat in then21st century.
Phishing Scams: Fraudulent methods to trick individuals into sharing sensitive information,
such as passwords or credit card details, grew in sophistication.
Cyber terrorism: Large scale attacks aimed at disrupting critical infrastructure spreading
fear, or furthering ideological goals became a global concern.
 Cybercrime and Information Security

Cybercrime and information security are closely connected because both

involve the use of digital systems and networks. Understanding their
relationship is essential to protecting individuals, organizations, and
governments from threats in the digital world.
Cyber crime and information security are basically two sides of the same
coin. While cyber criminals exploit weaknesses in systems and human
behavior, information security aims to close these gaps and protect digital
assets.
It involves a set of tools, policies, and practices designed to safeguard
sensitive information. Information security focuses on three main principles,
often called the CIA triad:
1. Confidentiality: Ensuring that information is accessible is accessible only to
authorized individuals.
2. Integrity: Protecting information from being altered or tampered
with.
3. Availability: Ensuring that information and system are accessible
when needed.
Who are Cybercriminals
Cybercriminals are individuals or groups who use technology, particularly
computers, network, and the internet, to carry out illegal activates. Their primary
goals include stealing information, causing harm, disrupting system, or earring
money through fraudulent activities. Cybercriminals come from various
backgrounds and use different methods to achieve the objectives. Below is a detailed
explanation of who they are and what they do:
1. Type I- Hungry for recognition:
• Hobby hackers
• IT professional
• Politically motivated hackers
• Terrorist organizations
2. Type II-Not interested in recognition:
• Psychological perverts
• Financially motivated hackers
• State sponsored hacking
• Organized criminals
3. Type III-The Insiders
• Disgruntled(unsatisfied/unhappy)
• Seeking revenge
 Classifications of Cybercrimes

Cybercrimes can be classified into4majorcategoriesasthefollowing:

(1) Cybercrime Against Individual

(2) Cybercrime Against Property

(3) Cybercrime Against Organization

(4) Cybercrime Against Society

1. Against Individuals:
i. Email spoofing: A spoofed email is one in which thee-mail header is forged
so that the mail appears to originate from one source but actually has been
sent from another source.
ii. Spamming: Spamming means sending multiple copies of unsolicited mails
or mass e-mails such as chain letters.

iii. Harassment & Cyber stalking: Cyber Stalking Means following an individual's
Activity over internet .It can be done with the help of many protocols
Available such as e-mail, chat rooms, user net groups.
2. Against Property:

i. Credit Card Fraud: As the name suggests, this is a fraud that happens by
the use of a credit card. This generally happens if someone gets to know the
card Number or the card gets stolen.
ii. Intellectual Property crimes: These include
• Software piracy: Illegal copying of programs, distribution of copies of
software.
• Copyright infringement: Using copy righted material without proper
permission.
• Trademarks violations: Using trademarks and associated rights without
permission of the actual holder. Theft of computer source code:
Stealing, destroying or misusing the source code of a computer.

iii. Internet time theft: This happens by the usage of the Internet hours by an
unauthorized person which is actually paid by another person.

3. Against Organizations:

i) Unauthorized Accessing of Computer:

Accessing the computer /network without permission from the owner. It can be of 2
forms:

• Changing / deleting data: Unauthorized changing of data.

(ii) Email Bombing: Sending large numbers of mails to the individual or company or Mail
servers there by ultimately resulting in to crashing.

(iii) Salami Attack: When negligible amounts are removed & accumulated in
to something larger. These attacks are used for the commission of financial
crimes.
 (iv) Logic Bomb: It is an event dependent program. As soon as the designated event
occurs, it crashes the computer, release a virus or any other harmful possibilities.
(v) Trojan horse: This is an unauthorized program which functions from inside what
seems to be an authorized program, thereby concealing what it is actually doing.

4. Against Society:

(i) Forgery: Currency notes, revenue stamps, mark sheets etc. can be forged using
Computers and high quality scanners and printers.
(ii) Cyber Terrorism: Use of computer resources to intimidate or coerce people and
Carry out the activities of terrorism.
(iii) Web Jacking: Hackers gain access and control over the website of another, even they
changethecontentofwebsiteforfulfillingpoliticalobjectiveorformoney.

How to protect yourself from cyber crimes

1. Be Cyber-Aware: Stay alert and aware of potential online threats.

2. Use Strong Passwords: Create and regularly update strong, unique
passwords.
3. Keep Software Updated: Ensure your computer and apps have the
latest security updates.
4. Emails: Don't trust every email; be cautious, especially with links
or attachments.
5. Use Trusted Websites: Stick to reputable websites to minimize risks.
6. Secure Personal Information: Be cautious about sharing sensitive
info online.
7. Install Antivirus Software: Have reliable antivirus software to
protect against digital threats.

Common Types of Cybercrimes: Cybercrimes are like digital offences,

where people use computers and the internet to break the law or cause harm.
These actions can range from stealing personal information to disrupting digital
systems.
Common Types:
1. Hacking: Unauthorized access to computer systems or networks.
2. Phishing: Tricking individuals into revealing sensitive information
through fake emails or messages.
3. Identity Theft: Pretending to be someone else online to steal personal
information.
4. Malware Attacks: Spreading harmful software to compromise computer
systems.
5. Online Fraud: Deceiving individuals to gain money or sensitive
information.

CYBER CRIME: THE LEGAL PERSPECTIVE

Cybercrime is a big problem for legal systems around the world. Unlike regular cyber
crime happens online and can affect people in different countries, making it has catch and
punish criminals. Laws and rules are being created to handle these crimes, a challenge because
of how they spread across borders. Legal systems focus on strong laws, creating systems, and
finding strategies to deal with cybercrime effective. The key legal issues in cybercrime
involves a variety of challenges that legal system when trying to address online crimes.
Here are some of the main legal issues:
• Jurisdiction: Cybercrimes often occur across borders, meaning a crime can be
committed in one country, but the criminal might be in another. This makes it hard to
figure out which country’s law apply and who has the power to investigate or
prosecute crime.
• Anonymity and Identification: Online criminals can hide their using fake names,
VPN (virtual private network), and other methods. This makes it difficult for
authorities to track down and identify the person responsible for the crime.
• Lack of global laws: Many countries have different laws related to cybercrime, which
creates confusion when crimes cross borders. There is no single, global law to handle
all types of cyber crimes. So it is often hard to bring criminals to justice across
different countries.
• Evidence Collection: In cyber crime, evidence is often digital (like emails, data and
logs) and can be easily erased or altered. Collecting digital evidence and ensuring its
integrity can be difficult, and laws need to ensure proper procedures for this.
• Cyber security laws: Many countries lack strong laws about protecting computer
systems and networks. Without proper cyber security measures, systems can be
vulnerable to hacking, data breaches, and other crimes, legal systems must focus on
creating laws that protect against these threats.
• Digital forensics: Investigating cyber crimes requires expertise in digital forensics,
which is recovering and analyzing digital evidence. Legal systems need to ensure that
forensic methods are reliable and follow the right legal procedures so evidence can be
used in court.
 • Hacking and Unauthorized Access: Hacking into systems without permission is a
form of cyber crime. However, providing who is behind the attack and the attack and
the extent of the damage can be difficult. Laws must be clear on what constitutes
illegal access and how to punish offenders.
• Cyber bullying and Harassment: Cyber bullying, where individuals area harassed or
harmed online, has become a major issue, especially with the rise of social media.
Laws need to protect people from online abuse while also defining clear boundaries
for what is considered illegal behavior.

INDIAN PERSPECTIVE ON CYBER CRIMES

In India, cyber crimes are becoming more common as more people use the internet and
technology. These crimes include things like hacking, online fraud, identity theft, and
spreading harmful content. The Indian government has made laws to fight cybercrime, such as
the information technology act 2000. Which aims to punish those who miss use technology?
Despite these laws, challenges remain in stopping cyber crimes because they can
happen anywhere, and the criminals may be hard to trace. Law enforcement agencies are
working to improve their skills and tools to handle these cases, but more awareness and
stronger systems are needed to protect people online.
India also faces issues like a lack of cyber crimes awareness among the public, slow
legal processes and insufficient training for police. To tackle cyber crime India needs to
continue improving its laws, educate citizens and build better technology systems to catch and
punish cyber crimes.
GLOBAL PERSPECTIVE ON CYBER CIMES

Cybercrime is a growing problem that affects people, business, and governments around
the world. It refers to illegal activities that happen on the internet or through computer
systems, such as hacking, identity theft, online fraud, and spreading malicious software.
Because the internet connects people across different countries, cyber crimes often cross
borders, making them harder to control and prosecute.
1. The rise of cyber crimes globally:
Cyber crimes are increasing as more people use the internet and technology, Hackers target
individuals, businesses, and even governments for various reasons, such as stealing money,
stealing personal information, or causing damage. The more we rely on technology for things
like shopping, banking, and communication, the more opportunities cyber criminals have to
commit crimes.
2. Global challenges:
One of the biggest challenges with cybercrimes is that it doesn’t happen in just one country.
Cyber criminals can attacks from anywhere in the world, making it hard for local law
enforcement to catch them. Laws about cyber crime are also different in each country, and this
lack of consistency makes it even harder to fight cyber crime on a global level.
Anonymity: Cyber criminals can hide their identity online, making it difficult to trace them
back to a specific person or location.
Lack of international laws: Different countries have different laws and regulations, which
makes it harder to handle cyber crimes that cross borders.
Technical complexity: Cyber criminals use advanced tools and techniques that are difficult for
many law enforcement agencies to keep up with.
3. GlobalImpactofCybercrimes:cybercrimescanhaveseriouseffectsontheglobal economy,
security, and privacy:
Economic loss: Cyber crimes can cost businesses and individuals billions of dollars.
For example, online fraud, ransomeware attacks, and data breaches can cause significant financial
damage.
Privacy concerns: Cyber criminals can steal sensitive personal information, such as bank details,
medical records, and social security numbers, leading to identity theft and fraud.
National security: Some cyber attacks target governments or critical infrastructure, such as
power grids, transportation systems, or financial markets, putting national security at risk.

CYBER CRIME AND THE INDIAN IT ACT 2000

➢ The Information Technology Act, 2000 also known as an IT Act is an act proposed
by the Indian Parliament reported on 17th October 2000.
➢ This Information Technology Act is based on the United Nations Model Law on
Electronic Commerce 1996(UNCITRAL Model) which was suggested by the
General Assembly of the United Nations by a resolution dated 30th January 1997.
➢ It is the most important law in India dealing with Cybercrime and E-Commerce.
➢ The main objective of this act is to carry out lawful and trust worthy electronic,
digital, and online transactions and alleviate or reduce cybercrimes.
➢ The IT Act has13chapters and 94sections.
➢ The last four sections which start from‘section91 –section94’, deal with the
revisions to the Indian Penal Code 1860.
➢ The IT Act, of 2000 has two schedules:
➢ First Schedule: Deals with documents to which the Act shall not apply.
➢ Second Schedule: Deals with electronic signature or electronic authentication
method.
The features of The IT Act,2000 are as follows:

➢ The digital signature has been changed to an electronic signature to make it a greater
generation-impartial act.
➢ It elaborates on offenses, penalties, and breaches.
➢ It outlines the Justice Dispensation Systems for cyber crimes.
➢ The Information Technology Act defines in a new segment that a cyber cafe is any
facility where in access to tenets offered by any person inside the normal business to
the general public.
➢ It offers the constitution of the Cyber Regulations Advisory Committee.
The Information Technology Act is based totally on The Indian Penal Code, of 1860, The
Indian Evidence Act, of 1872, The Bankers’ Books Evidence Act, of 1891, The Reserve
Bank of India Act, of 1934, and many others.
It adds a provision to Section 81, which states that the provisions of the Act shall have
overriding effect. The provision states that nothing contained inside the Act shallow it any
person from exercising any right conferred under the Copyright Act, of 1957.
 The offenses and the punishments that all under the IT Act, of 2000areas follows:-
➢ Tampering with the computer source documents.
➢ DirectionsofControllertoasubscribertoextendfacilitiestodecryptinformation.
➢ Publishing of information that is obscene in electronic form.
➢ Penalty for breach of confidentiality and privacy.
➢ Hacking for malicious purposes.
➢ Penalty form is representation.
➢ Protected System.
➢ Penalties for confiscation are not to interfere with other punishments.
➢ Act to apply for offense or contravention committed outside India.
➢ Publication for fraud purposes.
Sections and Punishments under the Information Technology Act, of 2000 are as follows:

SECTION PUNISHMENT

Section 43 This section of the IT Act, 2000 states that any act of destroying, altering,
or stealing a computer system/network or deleting data with malicious
intentions without authorization from the owner of the computer is liable
for the payment to be made to the owner as compensation for damages.

Section 43A This section of the IT Act, 2000 states that any corporate body dealing
with sensitive information that fails to implement reasonable security
practices causing the loss of another person will also be liable as a convict
for compensation to the affected party.

Hacking a Computer System with malicious intentions like fraud will be

Section 66
punished with 3 years imprisonment or a fine of Rs.5, 00,000 or both.

Fraud or dishonesty using or transmitting information or identity theft is

Section66B,C,D punishable with 3 years imprisonment or a Rs. 1, 00,000 fine or both.

This Section is on Cyber Terrorism affecting the unity, integrity, security,

Section66F
and sovereignty of India through digital mediums is liable for life
imprisonment.
Section 67
This section states publishing obscene information or pornography or
transmission of obscene content in public is liable for imprisonment of up
to 5 years or a fine of Rs. 10,00,000 or both.