Introduction to Cyber Security and Cybercrime

Questions and Answers

What is a common trait of unsolicited loan or investment offers from scammers?

They usually come from trusted financial institutions.

They ask for verification of accounts via official emails.

They always require a large amount of personal information upfront.

They promise guaranteed returns with no risk. (correct)

During which period do scammers frequently pose as Medicare representatives?

Winter holidays.

Tax season.

Medicare open enrollment season. (correct)

Summer vacation.

What is the primary method used by scammers to reach older adults?

Text messages.

Social media ads.

Phone calls. (correct)

Email campaigns.

What does industrial espionage primarily involve?

The unethical stealing of trade secrets for competitive advantage.

How is industrial spying often conducted?

By insiders or employees specifically hired for that purpose.

Which of the following statements is true regarding hackers?

They write or utilize programs to target specific computers.

Which of these scenarios could be a sign of a Medicare or Social Security scam?

A call threatening suspension of benefits unless immediate payment is made.

Which practice does industrial espionage differ from?

Government sanctioned monitoring.

What is the primary goal of a social engineer?

To gain sensitive information or unauthorized access

Which technique refers to direct observation to obtain information?

Shoulder Surfing

What could be a reason why Maria provided the password over the phone?

She felt embarrassed to keep asking questions

What type of social engineering involves person-to-person interaction?

Human-Based Social Engineering

Which of the following actions is an example of dumpster diving?

Searching through discarded documents for sensitive information

Which psychological trait do social engineers often exploit?

Trust and desire to be helpful

In Natasha's example, how did she gain access to the building?

By being recognized by the security guard

Why is shoulder surfing effective in crowded environments?

People are more likely to ignore nearby observers

What is a characteristic of a Trojan in computer sabotage?

It pretends to be a legitimate program to deceive users.

What is the primary goal of an email bombing attack?

To overwhelm a target email address with duplicate messages.

In the context of a man-in-the-middle attack, which of the following describes what the attacker does?

Positions themselves in the communication flow to eavesdrop or impersonate.

Which of the following is NOT considered a method of computer sabotage?

Sending phishing emails disguised as legitimate messages.

What type of attack uses a botnet to overwhelm email addresses?

Email bombing.

What is a 'back door' in the context of computer sabotage?

An unauthorized method to bypass security and access systems.

What consequence can result from data being intercepted in a man-in-the-middle attack?

Personal information can be stolen for various illegal purposes.

How can a denial of service attack affect a target?

It makes a website or service temporarily unavailable.

What is the primary purpose of a proxy server?

To hide the IP address of client systems

Which of the following best describes an inside attack?

An attack conducted by a trusted internal user

What type of tool is an anonymizer considered to be?

A tool for making internet activity untraceable

Which phase involves examining gathered information to identify vulnerabilities?

Scanning and Scrutinizing

Which of the following is true about a DoS (Denial of Service) attack?

It aims to make a system or network resource unavailable

What does SQL injection primarily target?

Web applications that use a database

What is the function of a keylogger?

To capture keystrokes from a user’s keyboard

What best describes steganography?

The practice of hiding a message within another medium

What is considered a strong password?

A long password that is random or difficult to guess.

What is one method attackers use to compromise passwords?

Conducting a brute force attack.

What distinguishes a DDoS attack from a DoS attack?

DDoS attacks originate from multiple sources compared to DoS attacks.

Which of the following is NOT a suggested way to protect against DoS attacks?

Keeping all network services active.

What happens during a buffer overflow?

Data attempts to be stored beyond the boundaries of a fixed-length storage buffer.

SQL injection targets which part of an application?

The database layer of an application.

What is a key characteristic of a brute force attack?

It involves systematically trying many combinations of characters.

Which of the following best describes an attacker’s goal in a DoS attack?

To consume network resources and disrupt service.

What type of mobile workers primarily remain in a single location for their work?

Tethered/Remote Workers

Which of the following best describes the concept of sniffing in wireless networks?

Interception of wireless data on an unsecured network

What is the main goal of a Man in the Middle attack?

Observing or modifying communication between two parties

Which security measure should be taken to secure a wireless network?

Upgrade router's firmware regularly

What is NOT a function of computer forensics?

Creating new software for data analysis

Which type of attack involves an attacker creating a network with a stronger signal and a copied SSID?

Spoofing

When working with computer forensics, what is a primary purpose of preserving and interpreting computer media?

To gather evidence for legal proceedings

Which setting should be modified to enhance the security of a wireless network?

Change default router settings

Study Notes

Introduction to Cyber Security and Cybercrime

• Cybercrime is any illegal activity involving a computer directly and significantly.
• It is any illegal behavior that uses electronic operations to target the security of computer systems and the data they process.
• Cybercrime can involve using a computer and the internet to steal a person's identity or disrupt operations with malicious programs.
• It includes any unlawful activity done through the internet or on a computer, along with any criminal activity performed using computers, the internet, cyberspace, and the WWW.

Types of Cybercriminals

• Type I: Cybercriminals driven by recognition
• Hobby hackers
• IT professionals
• Politically motivated hackers
• Terrorist organizations
• Type II: Cybercriminals not driven by recognition
• Psychologically perverse individuals
• Financially motivated hackers
• Type III: Insiders
• Disgruntled or former employees seeking revenge
• Competing companies using employees to gain an economic advantage through damage and/or sabotage

Cybercrime and Information Security

• The Indian Information Technology Act (ITA) 2000 focuses on information security, now updated as ITA 2008.
• Cybersecurity is about protecting information, equipment, devices, computer resources, and communication devices from unauthorized access, use, disclosure, modification, or destruction.

Cybercrime Activities

• Credit card fraud: Financial crime involving unauthorized use of credit card details.
• Cyberstalking: Harassment or stalking through online channels such as social media, forums or email, usually planned over time.
• Defamation: Damaging someone's reputation online.
• Unauthorized access: Gaining entry to computer systems without permission.
• Child pornography: Illegal online distribution of child sexual abuse material.
• Copyright infringement: Ignoring copyright protections for software or other intellectual property.
• Software piracy: Unauthorized copying of software.
• Identity theft: Stealing someone's identity to perform fraudulent activities.
• Email spoofing: A deceptive email that appears to come from one source but actually originates from another. This is a method used for spam and phishing.
• Spamming: The unethical or unlawful bulk sending of unsolicited communications.
• Cyberdefamation: Damaging someone's reputation by disseminating false or harmful statements online, as per IPC Section 499.
• Internet Time theft: Unauthorized use of someone else's internet connection, usually by gaining access to their user ID and password.
• Data diddling: Altering raw data before processing to perform illegal operations, typically without being noticed, making it hard to track.
• Forgery: Documents are altered using sophisticated computers, printers, and scanners. This leads to fraudulent activities.
• Vishing: Social engineering by phone, aiming to obtain sensitive information like passwords or bank details. This includes receiving calls with false claims to compromise accounts or need for updates.
• Fake mail: Unsolicited email from false or fake sources.
• Industrial Spying/Industrial Espionage: Companies and governments utilize various methods, including the Internet, to obtain confidential information about competitors.
• Hacking: Using computer programs to target and exploit computer systems, driven by various motives including greed, power, publicity, and revenge, or a desire for forbidden information leading to destructive aims.
• White Hat Hacker (Ethical Hacker): Penetration testing and assessing computer systems for security vulnerabilities for the purpose of improving security, rather than causing damage.
• Grey Hat Hacker: Violating ethical standards in hacking, but without malicious intent.
• Black Hat Hacker: Cybercriminals who use malicious intent. Also, known as malicious hackers.
• Online frauds (e.g., lottery scams, scratch cards, fake vouchers, travel prize scams): Deceitful approaches to secure money or other valuable information.
• Malware (malicious software): Includes viruses, worms, trojan horses, spyware, adware, etc.
• Virus: Malicious executable code attached to other files.
• Worm: Self-replicating code that independently exploits vulnerabilities.
• Trojan Horse: Malicious code disguised as legitimate software which can lead to unwanted actions.
• Spyware: Secretly monitors user activity.
• Adware: Advertising-supported software that delivers advertisements.
• Rootkit: Malware designed to modify operating systems by creating backdoors for attackers.
• Buffer overflow: Exploiting a vulnerability where a program writes data beyond intended buffers in memory, potentially causing program crashes or system compromise.
• SQL injection: A code injection technique that exploits security vulnerabilities in database applications, typically to retrieve or manipulate data.
• Keylogger: A device or software that records keystrokes to steal login credentials and other sensitive information.
• Spoofing: Creating a fake identity or source to deceive users.
• Cyberstalking: Harassing someone online through repeated threats or other forms of abuse.
• DoS (Denial of Service) and DDoS (Distributed Denial of Service) attacks: Overwhelming a system with requests to make it unavailable.
• Man-in-the-Middle (MitM) attacks: Interacting as a middleman to observe or modify communications between two parties without their knowledge.
• Identity theft: Stealing someone's personal information to commit unauthorized actions.

Cyber Security

• Preventing, mitigating, and responding to cyber threats.
• Setting policies to prevent or reduce risk and harm.

Cybersecurity Practices

• Strong passwords: Unique and complex passwords.
• Multi-factor authentication: More than one method of verification.
• Software updates and patches: Maintaining secure systems.
• Spam and phishing awareness: Recognizing fraudulent communications.
• Physical Security (Laptop Safes, Motion Sensor and Alarms, Warning Labels): Protective measures against theft.
• Firewall: A system that controls incoming and outgoing network traffic.

Importance of Protecting Intellectual Property

• Copyright.
• Trademark.
• Patent.
• Design registration.
• Plant breeder's right.
• Trade secret.

Tools and Methods in Cybercrime

• Proxy server.
• Anonymizer.
• Steganography (hiding messages within other files).

Description

This quiz explores the fundamental concepts of cyber security and the various types of cybercrime. Readers will learn about the illegal activities that involve computer systems and the motivations behind different types of cybercriminals. Test your knowledge on the important aspects of this pressing issue in today's digital world.