Introduction to Cybercrime

Questions and Answers

What is the primary goal of the reconnaissance phase in hacking?

• To secure the network against intrusions
• To develop new hacking tools
• To execute the first attack
• To explore and gather information about the target (correct)

Which of the following is a method used in passive information gathering?

• Probing individual hosts
• Network sniffing (correct)
• Port scanning
• Running vulnerability scans

What does active reconnaissance involve?

• Probing the network to confirm information (correct)
• Collecting data without detection
• Using social engineering to manipulate targets
• Conducting physical surveillance

What is the objective of port scanning during the scanning phase?

To systematically scan computer ports (C)

Which of the following is NOT a technique used during the reconnaissance phase?

Network scanning (B)

What characterizes the difference between passive and active attacks in the information gathering phase?

Passive attacks obtain information without detection, while active attacks involve direct probing (B)

What is the main purpose of vulnerability scanning?

To identify weaknesses in the system (B)

Which of the following is considered an active reconnaissance technique?

Network probing (C)

What is a common method used in phishing attacks to capture sensitive data?

Sending false emails (B)

What type of malware can be executed through email attachments?

Worms (B)

Under which section of the Indian IT Act is cyberstalking punishable?

Section 67 (B)

Which of the following best describes cyberstalking?

Harassment through electronic communication (A)

What is one way that pop-up windows can be used maliciously?

To install malicious software (D)

Which of the following is NOT a characteristic of cyberstalking?

Friendly online conversations (B)

What is one example of a false accusation in the context of cyberstalking?

Filing a police report about imaginary threats (C)

Which type of stalkers include those who track individuals online?

Online Stalkers (C)

What incident led to the registration of the first case of cyberstalking in Delhi?

Mrs. Joshi received numerous strange calls from different cities. (B)

How did the cyberstalker use Mrs. Joshi's identity for malicious purposes?

By chatting online using her name and disclosing her address. (B)

Which platform was used by the cyberstalker to chat impersonating Mrs. Joshi?

www.mirc.com (C)

What was the primary emotional impact on Mrs. Joshi due to the cyberstalking incident?

Destruction of her mental peace. (D)

What percentage of cybercafe users in India are male between the ages of 15 to 35 years?

90% (D)

How do cybercafes contribute to the potential for cybercrimes?

They allow for anonymous online interactions. (B)

What is a common method used in cybercrimes as mentioned in the content?

Keyloggers or spyware. (C)

What can be defined as cyberstalking?

Threatening or unwarranted behavior online directed towards someone. (C)

What is a significant issue related to the use of deep freeze software in cyber cafes?

It complicates investigations by erasing user activity. (D)

Which of the following is NOT mentioned as a problem in cyber cafes?

Regular updates of antivirus software. (B)

What recommendation is given regarding logging into services at a cyber cafe?

Log out before leaving the computer. (B)

Why is having an Annual Maintenance Contract (AMC) important for cyber cafes?

It minimizes the risk of cybercriminals installing malicious code. (B)

What should users avoid when logging into accounts at a cyber cafe?

Saving their login credentials for automatic access. (C)

Which of the following is a safety measure while using computers in a cyber cafe?

Always sign out after personal use. (C)

What issue relates to the awareness of IT security among cyber cafe owners?

They lack knowledge of IT security and governance. (A)

What is discouraged regarding the presence of pornography in cyber cafes?

Indecent websites are frequently unblocked. (B)

What happens to information in an Active Attack?

Information is modified. (C)

Which type of attack poses a greater danger to integrity and availability?

Active Attack (D)

Which of the following is a characteristic of a Passive Attack?

It has no impact on system functionality. (B)

What is an example of a Passive Attack?

Eavesdropping (D)

What does port scanning help to identify?

Open ports to a computer (B)

What software can impede the effectiveness of port scanning?

Firewall applications (D)

How do attackers perform a port scan?

By sending messages to each port one at a time. (B)

What is a consequence of an Active Attack for the victim?

The system may be damaged. (C)

What is the first step in the process of stalking as described?

Personal information gathering about the victim. (B)

How might an online stalker first attempt to connect with their victim?

By using chat rooms to interact. (C)

What method is NOT used by online stalkers to gather information about their victims?

Following the victim around. (D)

What type of threats may an online stalker make to the victim?

Threats sent via email and chat. (B)

What might an online stalker do to harass the victim after gathering their information?

Subscribe the victim's email to pornographic sites. (A)

What is the ultimate aim of both online and offline stalkers?

Controlling, intimidating, or influencing the victim. (C)

Which method of stalking primarily uses traditional means of contact?

Following and watching the victim's routine. (C)

Which of the following would NOT be a potential consequence of online stalking?

Victims becoming more social in real life. (C)

Flashcards

Reconnaissance (Phase 1)

Exploring a target (person or system) to gather information for potential attack.

Footprinting

Gathering data about a target system's architecture and security posture in hacking reconnaissance.

Passive Reconnaissance

Gathering information about a target without their knowledge.

Active Reconnaissance

Probing a target system to confirm information gathered passively.

Port scanning

Systematically checking computer ports for vulnerabilities.

Network scanning

Analyzing a network to identify active devices and potential vulnerabilities.

Vulnerability scanning

Identifying security flaws in a system.

Information gathering

First phase of passive reconnaissance that gathers information about the target without their knowledge.

Active Attack

An attack that modifies information, impacting both integrity and availability of the system. The victim is aware of the attack.

Passive Attack

An attack that does not modify information, leaving confidentiality at risk. The victim is unaware of the attack.

Cyber Offense (Port Scanning)

Identifying vulnerabilities in a system by scanning open ports.

Computer Port

A point of entry/exit for data on a computer.

Active Attack Impact

Can damage a computer system, affecting integrity and availability.

Passive Attack Impact

Does not directly harm a system, but risks confidentiality.

What is cyberstalking?

Using the internet or electronic means to harass or stalk a person, group, or organization. It includes actions like false accusations, defamation, threats, and identity theft.

What are some examples of cyberstalking?

Examples include spreading false rumors, sending threats, monitoring someone's online activity, stealing their identity, or gathering information to harass them.

Is cyberstalking a crime?

Yes, cyberstalking is a punishable offense in India under the Information Technology Act. Specific sections like 354(D), 509, and 67 address it.

Online Stalkers

These stalkers use the internet and electronics to harass their victims. They might send harassing messages, spread rumors online, or track their victims' online activity.

Offline Stalkers

These stalkers primarily act in the physical world, but might use technology to supplement their activities. They might follow their victims physically, vandalize property, or engage in physical threats.

What is phishing?

Phishing is a cyberattack that uses deceptive emails, chats, or websites to trick people into giving up sensitive information like passwords or financial details.

Email Attachment Risks

Attachments in emails can contain malicious code like viruses, Trojans, or worms. If you open these attachments, they can harm your computer or steal your information.

Pop-up Window Risks

Pop-up windows can be used to trick users into installing malicious software. They often try to entice you with special offers or other alluring content.

Cyberstalking

Harassing or threatening someone online using various communication channels, like email, social media, or messaging apps.

Cyberstalking Case (Mrs. Joshi)

A woman received numerous calls from unknown people, at strange hours. Someone was pretending to be her online, giving out her information and using obscene language. This was considered the first cyberstalking case reported in Delhi.

Cybercafe

A public place offering internet access for a fee.

Cybercafe User Demographics

Most users of cyber cafes are males between 15-35 years old, with many being students and graduates.

Cybercafe & Cybercrime

Cybercafes can be used for illegal activities like terrorist communication, stealing bank passwords, and spreading malware.

Cybercafe Security & Governance

It's crucial to have strong IT security measures and governance practices in cybercafes to prevent criminal activity.

Cybercrimes in Cybercafes

Examples of cybercrimes in cybercafes include spreading misinformation, stealing sensitive data, and using the internet for illegal activities.

Keyloggers & Spyware

Software used to capture keystrokes and other computer activity, allowing for unauthorized monitoring and data theft.

Stalking

A crime where someone repeatedly harasses or threatens another person, aiming to control, intimidate, or influence them. It can involve online or offline tactics.

Stalking Tactics

Methods used by a stalker to harass, threaten, or control their victim. These can include personal information gathering, unwanted contact, and spreading harmful information.

Information Gathering (Stalking)

The first step of stalking where the perpetrator gathers personal information about their victim, often through online resources or by observing their routines.

Unwanted Contact (Stalking)

The stalker directly contacts the victim through various methods like phone calls, emails, or even social media, creating a sense of fear and harassment.

Harmful Information Dissemination (Stalking)

The stalker may spread harmful information about the victim online or offline, damaging their reputation and causing emotional distress.

Cybersecurity Implications (Stalking)

Stalking can have serious cybersecurity implications, as it can involve data breaches, identity theft, and the misuse of personal information.

Cybercafe Security Risks

Cybercafes face various security risks, including pirated software, outdated antivirus, deep freeze software, lack of annual maintenance contracts, unblocked pornographic websites, and inadequate IT security awareness.

Deep Freeze Software

A software that automatically resets all computer modifications upon restart, leaving no trace of user activity and hindering investigations.

Annual Maintenance Contract (AMC)

Regular maintenance and security updates are crucial for cybercafes. Lack of an AMC makes computers vulnerable to malicious software installation.

Cybercafe Security Guidelines

Cybercafe owners require guidance on IT security and governance, including awareness of laws and best practices.

Cybercafe Security Measures

Cybercafe users should take precautions, such as logging out completely, not saving login information, and never leaving the system unattended.

Why 'Logout' is Important

Simply closing the browser window is insufficient. Users should always click 'Logout' or 'Sign Out' to prevent unauthorized access to their accounts.

Leaving Computer Unattended

Users should never leave their computer unattended in a cybercafe, as someone could access their accounts or personal information.

Cybersecurity Awareness

Government agencies, Internet Service Providers (ISPs), and state police should educate cybercafe owners about IT security and governance.

Study Notes

Cybercrime Introduction

• Cybercrime encompasses various criminal activities employing technology, including social engineering, cyberstalking, and botnets.

Hacker vs Cracker

• Hacker: A person with keen interest in computers, proficient in them, and enjoys learning and experimentation.
• Cracker: Often employed in criminal activities, cracking refers to unauthorized access or vandalism. Crackers may utilize tools to break into systems.

Brute Force Hacking

• A technique employing trial-and-error combinations to break passwords or encryption.

Phreaking

• Unauthorized access to telephone communication systems.

War Dialer

• A program that automatically dials phone numbers to locate computers for potential exploitation.

Cracker Tools

• Software programs used to breach computer systems. These tools are frequently distributed online without proper disclosure of use.

Categories of Cybercrime

• Targeted against: Individuals, property, organizations (government, business, social).
• Single event or a series of events.

Cyberstalking

• Harassment or stalking using technology.

Black Hat vs White Hat

• Black Hat: Malicious actors aiming to exploit vulnerabilities.
• White Hat: Ethical hackers who use skills to counteract black hats, thus protecting systems.

Other Topics

• Crimes targeted at individuals: Exploiting human weaknesses for financial fraud, child pornography, and harassment.
• Crimes targeted at property: Theft of data or devices(Laptops, phones).
• Crimes targeted at organizations: Cyberterrorism, stealing information, and disrupting operations.

Social Engineering

• Manipulating individuals to divulge sensitive information.

Port Scanning

• Identifying open ports on a computer to determine services running.

Attack Vectors

• Various methods hackers use to penetrate systems, including E-mails, malicious attachments , social engineering, and software flaws.

Botnets

• A network of compromised computers, used as a tool to commit malicious acts, such as DDOS (Distribute Denial of Service) attacks. Rented to criminals or used by organizations.

Zero-day Attack

• Exploits previously unknown vulnerabilities in software or operating systems.

Description

Explore the diverse world of cybercrime, including the roles of hackers and crackers, techniques like brute force hacking, and the tools used for illegal activities. This quiz will enhance your understanding of cyber threats and the technologies behind them.