Fundamentals of Cyber Security - Unit 1 - Introduction to Cybercrime PDF
Document Details
Uploaded by Deleted User
2013
Sunit Belapure and Nina Godbole
Tags
Summary
This is a textbook about the fundamentals of cyber security, specifically focusing on Unit 1: Introduction to Cybercrime. It covers definitions, origins, classifications, and planning of cybercrimes. Reference books and publication details are provided.
Full Transcript
FUNDAMENTALS OF CYBER SECURITY UNIT-I 1. Introduction to Cybercrime 2. Cyber offenses: How Criminals Plan Them 3. Mobile and Wireless Devices UNIT-II 1. Tools and methods used in Cybercrime 2. Phishing and Identity Theft UNIT – III 1. Understanding Computer Forens...
FUNDAMENTALS OF CYBER SECURITY UNIT-I 1. Introduction to Cybercrime 2. Cyber offenses: How Criminals Plan Them 3. Mobile and Wireless Devices UNIT-II 1. Tools and methods used in Cybercrime 2. Phishing and Identity Theft UNIT – III 1. Understanding Computer Forensics 09-08-2023 10:06:55 1 Unit-I 1. Introduction to Cybercrime Cybercrime - Definition and Origins of the Word Cybercrime and Information Security Who are Cybercriminals? Classifications of Cyber Crimes. 09-08-2023 10:06:56 2 Unit-I 2. Cyber offenses: How Criminals Plan Them Introduction How Criminals Plan the Attacks Social Engineering Cyberstalking Cybercafe and Cybercrimes Botnets: The Fuel for Cybercrime 09-08-2023 10:06:56 3 Unit-I 3. Cybercrime: Mobile and Wireless Devices Introduction Proliferation of Mobile and Wireless Devices Credit Card Frauds in Mobile and Wireless Computing Era Authentication Service Security Attacks on Mobile/Cell Phones Organizational Measures for Handling Mobile 09-08-2023 10:06:56 4 TEXTBOOK Sunit Belapure and Nina Godbole, “Cyber Security: Understanding Cyber Crimes, Computer Forensics And Legal Perspectives”, Wiley India Pvt Ltd, ISBN: 978-81- 265-21791, Publish Date 2013. REFERENCE BOOKS: 1. Thomas J. Mowbray, “Cybersecurity: Managing Systems, Conducting Testing, and Investigating Intrusions”, Copyright © 2014 by John Wiley & Sons, Inc, ISBN: 978-1-118 -84965 -1. 2. James Graham, Ryan Olson, Rick Howard, “Cyber Security Essentials”, CRC Press, 15-Dec 2010. 3. Anti- Hacker Tool Kit (Indian Edition) by Mike Shema, Publication Mc Graw- Hill 09-08-2023 10:06:56 5 Introduction to Cybercrime Dr. Ravi B , Dept of ISE 09-08-2023 10:07:15 6 Introduction to Cybercrime Topics : 1. Cybercrime - Definition and Origins of the Word 2. Cybercrime and Information Security 3. Who are Cybercriminals? 4. Classifications of Cyber Crimes. 09-08-2023 10:06:56 7 1) Introduction to Cybercrime Cybercrime is a new way of exploitation (involves the use of computers, the Internet, cyberspace and the world wide web ). The first recorded cybercrime took place in the year 1820. While the worldwide scenario on cybercrime looks bleak, the situation in India is not any better. Indian corporate and government sites have been attacked or defaced more than 780 times between February 2000 and December 2002. According to a story posted on 3 December 2009, a total of 3,286 Indian websites were hacked in 5 months – between January and June 2009 (Old data) 09-08-2023 10:06:56 8 1) Introduction to Cybercrime Figure below is based on a 2008 survey in Australia, shows the cybercrime trend. 09-08-2023 10:06:56 9 1) Introduction to Cybercrime Definition : Cybercrime is any illegal behaviour, directed by means of electronic operations, that targets the security of computer systems and the data processed by them. Cyberspace is a term coined by William Gibson, a science fiction writer, in his Sci-fi novel Neuromancer published in 1984 (He suggested it as a consensual hallucination) The term “cybercrime” relates to a number of other terms: Computer- related crime, Computer crime, Internet crime, E-crime, High-tech crime 09-08-2023 10:06:56 10 1) Introduction to Cybercrime Cybercrime specifically can be defined in a number of ways; 1. A crime committed using a computer and the Internet to steal a person’s identity (identity theft) or sell contraband(illegal items) or stalk victims or disrupt operations with malevolent(causing harm) programs. 2. Crimes completed either on or with a computer. 3. Any illegal activity done through the Internet or on the computer. 4. All criminal activities done using the medium of computers, the Internet, cyberspace and the WWW. 09-08-2023 10:06:56 11 1) Introduction to Cybercrime Two types of cyber attacks are prevalent: Techno-crime and Techno-vandalism 1. Techno-crime: A premeditated act against a system or systems, with the intent to copy, steal, prevent access, corrupt or otherwise deface or damage parts of or the complete computer system. The 24 × 7 connection to the Internet makes this type of cybercrime a real possibility to engineer from anywhere in the world, leaving few, if any, “finger prints.” 09-08-2023 10:06:56 12 1) Introduction to Cybercrime 2. Techno-vandalism: These acts of “brainless” defacement of websites and/or other activities, such as copying files and publicizing their contents publicly, are usually opportunistic in nature. Tight internal security, allied to strong technical safeguards, should prevent the vast majority of such incidents. 09-08-2023 10:06:56 13 1) Introduction to Cybercrime What is cyber? Cyber means combining forms relating to Information Technology, the Internet and Virtual Reality. This term owes its origin to the word “cybernetics” which deals with information and its use; Cybernetics is the science that overlaps the fields of neurophysiology, information theory, computing machinery and automation. According to Wikipedia cybernetics is the interdisciplinary study of the structure of regulatory systems. It is closely related to control theory and systems theory. 09-08-2023 10:06:56 14 1) Introduction to Cybercrime cyberterrorists usually use computer as a tool, target or both for their unlawful act to gain information which can result in heavy loss/damage to the owner of that intangible sensitive information. Internet is one of the means by which the offenders can gain priced sensitive information of companies, firms, individuals, banks and can lead to intellectual property (IP) crimes (such as stealing new product plans, its description, market program plans, list of customers, etc.), selling illegal articles, pornography/child pornography, etc. This is done using methods such as Phishing, Spoofing, Pharming, Internet Phishing, wire transfer, etc 09-08-2023 10:06:56 15 1) Introduction to Cybercrime “Phishing” refers to an attack using mail programs to deceive or coax Internet users into disclosing confidential information that can be then exploited for illegal purposes. Figure 1.2 shows the increase in Phishing hosts. 09-08-2023 10:06:56 16 2) Cybercrime and Information Security What is Cybersecurity? Lack of information security gives rise to cybercrimes “Cybersecurity” means protecting information, equipment, devices, computer, computer resource, communication device and information stored therein from unauthorized access, use, disclosure, disruption, modification or destruction. (Indian Information Technology Act (ITA- 2008)) The term incorporates both the physical security of devices as well as the information stored therein. It covers protection from unauthorized access, use, disclosure, disruption, modification and destruction. 09-08-2023 10:06:56 17 2) Cybercrime and Information Security To avoid negative publicity, most organizations abstain from revealing facts and figures about “security incidents” including cybercrime(outsider or insider crime). Reporting of financial losses due cybercrime also often remains approximate. Typical network misuses are for Internet radio/streaming audio, streaming video, file sharing, instant messaging and online gaming (such as online poker, online casinos, online betting, etc.; ) Online gambling is illegal in some countries – for example, in India. However, India has yet to pass laws that specifically deal with the issue, leaving a sort of legal loophole in the meantime. 09-08-2023 10:06:56 18 2) Cybercrime and Information Security Figure 1.4 shows several categories of incidences – viruses, insider abuse, laptop theft and unauthorized access to systems. 09-08-2023 10:06:56 19 2) Cybercrime and Information Security The Botnet menace The term Botnet is used to refer to a group of compromised computers(zombie computers, i.e., personal computers secretly under the control of hackers) running malwares under a common command and control infrastructure. A Botnet maker can control the group remotely for illegal purposes, the most common being DoS attack, Adware, Spyware, E-mail spam, click fraud, theft of application serial numbers, login IDs and financial information such as credit card numbers, etc. The computer may continue to operate normally without the owner’s knowledge that his computer has been compromised. 09-08-2023 10:06:56 20 2) Cybercrime and Information Security The Botnet menace (Cont…) Small and medium businesses in the country are at greater risk, as they are highly vulnerable to Bots, Phishing, Spam and Malicious Code attacks. Mumbai with 33% incidences tops the Bot-infected city list, followed by New Delhi at 25%, Chennai at 17% and Bangalore at 13%. If the computers, computer systems, computer resources, etc. are unsecured and vulnerable to security threats, it can be detrimental to the critical infrastructure of the country 09-08-2023 10:06:56 21 2) Cybercrime and Information Security The Botnet menace - How it works? (Cont…) 09-08-2023 10:06:56 22 2) Cybercrime and Information Security The Cybercrime trend over the years 09-08-2023 10:06:56 23 3) Who are Cybercriminals? Cybercrime involves such activities as child pornography; credit card fraud; cyberstalking; defaming another online; gaining unauthorized access to computer systems; ignoring copyright, software licensing and trademark protection; overriding encryption to make illegal copies; software piracy and stealing another’s identity (known as identity theft) to perform criminal acts Cybercriminals are those who conduct such acts. 09-08-2023 10:06:56 24 3) Who are Cybercriminals? They can be categorized into three groups that reflect their motivation 1. Type I: Cybercriminals – hungry for recognition Hobby hackers; IT professionals (social engineering is one of the biggest threat); politically motivated hackers; terrorist organizations. 2. Type II: Cybercriminals – not interested in recognition Psychological perverts; Financially motivated hackers (corporate espionage); state-sponsored hacking (national espionage, sabotage); organized criminals. 09-08-2023 10:06:56 25 3) Who are Cybercriminals? Type III: Cybercriminals – the insiders Disgruntled or former employees seeking revenge; competing companies using employees to gain economic advantage through damage and/or theft. The typical “motives” behind cybercrime seem to be greed, desire to gain power and/or publicity, desire for revenge, a sense of adventure, looking for thrill to access forbidden information, destructive mindset and desire to sell network security services. 09-08-2023 10:06:56 26 3) Who are Cybercriminals? Motives for cybercrimes Revenge/settling scores Greed/money Extortion Cause disrepute Prank/satisfaction of gaining control Fraud/illegal gain Eve teasing/harassment others 09-08-2023 10:06:56 27 4) Classifications of Cybercrimes The typical motives behind cybercrime seem to be greed, desire to gain power and/or publicity, desire for revenge, a sense of adventure, looking for thrill to access forbidden information, destructive mindset and desire to sell network security services. Crime is defined as “an act or the commission of an act that is forbidden, or the omission of a duty that is commanded by a public law and that makes the offender liable to punishment by that law.” Cyber crimes are classified as: 1. Cybercrime against individual 2. Cybercrime against property 3. Cybercrime against organization 4. Cybercrime against Society 5. Crimes emanating from Usenet newsgroup 09-08-2023 10:06:56 28 4) Classifications of Cybercrimes 1. Cybercrime against individual E-Mail spoofing and other online frauds Phishing, spear phishing and its various other forms such as Vishing and Smishing. Spamming Cyberdefamation Cyberstalking and harassment Computer sabotage Pornographic offenses Password sniffing 09-08-2023 10:06:56 29 4) Classifications of Cybercrimes 2. Cybercrime against property Credit card frauds Intellectual property crimes Internet time theft 3. Cybercrime against organization Unauthorized accessing of computer Password sniffing Denial-of-service attacks Virus attack/dissemination of viruses E-Mail bombing/mail bombs Salami attack/Salami technique Logic bomb Trojan Horse Data diddling Crimes emanating from Usenet newsgroup Industrial spying/industrial espionage Computer network intrusions Software piracy 09-08-2023 10:06:56 30 4) Classifications of Cybercrimes 4. Cybercrime against Society Forgery Cyberterrorism Web jacking 5. Crimes emanating from Usenet newsgroup: Usenet groups may carry very offensive, harmful, inaccurate or otherwise inappropriate material, or in some cases, postings that have been mislabelled or are deceptive in another way. 09-08-2023 10:06:56 31 4) Classifications of Cybercrimes Email Spoofing- A spoofed E-Mail is one that appears to originate from one source but actually has been sent from another source. Example Let us say, Roopa has an E-Mail address [email protected]. Let us say her boyfriend Suresh and she happen to have a showdown. Then Suresh, having become her enemy, spoofs her E-Mail and sends obscene/vulgar messages to all her acquaintances. Since the E-Mails appear to have originated from Roopa, her friends could take offense and relationships could be spoiled for life. 09-08-2023 10:06:56 32 4) Classifications of Cybercrimes Spamming- People who create electronic spam are called spammers. Spam is the abuse of electronic messaging systems(including most broadcast media, digital delivery systems) to send unsolicited bulk messages indiscriminately. Although the most widely recognized form of Spam is E-Mail Spam, the term is applied to similar abuses in other media: instant messaging spam, Usenet newsgroup spam, web search engine spam, spam in blogs, wiki spam, online classified ads spam, mobile phone messaging spam, Internet forum spam, junk fax transmissions, social networking spam, file sharing network spam, video sharing sites, etc. 09-08-2023 10:06:56 33 4) Classifications of Cybercrimes Spamming- (Cont…) Spamming is difficult to control because it has economic viability – advertisers have no operating costs beyond the management of their mailing lists, and it is difficult to hold senders accountable for their mass mailings. In the context of search engine spamming, spamming is alteration or creation of a document with the intent to deceive an electronic catalog or a filing system. Some web authors use “subversive techniques” to ensure that their site appears more frequently or higher number in returned search results – this is strongly discouraged by search engines and there are fines/ penalties associated with the use of such subversive techniques. 09-08-2023 10:06:56 34 4) Classifications of Cybercrimes The following web publishing techniques should be avoided Repeating keywords Use of keywords that do not relate to the content on the site Use of fast meta refresh Redirection IP cloaking Use of colored text on the same colour background Tiny text usage Duplication of pages with different URLs Hidden links Use of different pages that bridge to the same URL(gateway pages) (webpage designed to rank highly for particular search queries that does not offer useful information to the searcher) 09-08-2023 10:06:56 35 4) Classifications of Cybercrimes Cyberdefamation Cyberdefamation is a cognizable offense. Cyberdefamation occurs when defamation takes place with the help of computers and/or the Internet, for eg., someone publishes defamatory matter about someone on a website or sends an E-Mail containing defamatory information to all friends of that person. According to the IPC section 499: 1. It may amount to defamation to impute anything to a deceased person, if the imputation would harm the reputation of that person if living, and is intended to be hurtful to the feelings of his family or other near relatives. 2. It may amount to defamation to make an imputation concerning a company or an association or collection of persons as such. 09-08-2023 10:06:56 36 4) Classifications of Cybercrimes Cyberdefamation (Cont…) (According to the IPC section 499): 3. An imputation in the form of an alternative or expressed ironically, may amount to defamation. 4. No imputation is said to harm a person’s reputation unless that imputation directly or indirectly, in the estimation of others, lowers the moral or intellectual character of that person, or lowers the character of that person in respect of his caste or of his calling, or lowers the credit of that person, or causes it to be believed that the body of that person is in a loathsome state or in a state generally considered as disgraceful. 09-08-2023 10:06:56 37 4) Classifications of Cybercrimes Cyberdefamation (Cont…) Libel is written defamation and slander is oral defamation. The only issue to consider for defamation is whether a person would believe that the words would indeed injure the person’s reputation. Even if there is no damage to a person’s reputation, the person who made the allegations may still be held responsible for defamation The law on defamation attempts to create a workable balance between two equally important human rights: The right to an unimpaired reputation and the right to freedom of expression. 09-08-2023 10:06:56 38 4) Classifications of Cybercrimes Internet Time Theft Such a theft occurs when an unauthorized person uses the Internet hours paid for by another person. Basically, Internet time theft comes under hacking because the person who gets access to someone else’s ISP user ID and password, either by hacking or by gaining access to it by illegal means, uses it to access the Internet without the other person’s knowledge. However, one can identify time theft if the Internet time has to be recharged often, even when one’s own use of the Internet is not frequent. (related to the crimes conducted through “identity theft.”) 09-08-2023 10:06:56 39 4) Classifications of Cybercrimes Salami Attack/Salami Technique These attacks are used for committing financial crimes. The idea here is to make the alteration so insignificant that in a single case it would go completely unnoticed Example : A bank employee inserts a program, into the bank’s servers, that deducts a small amount of money (say ` 2/- or a few cents in a month) from the account of every customer. No account holder will probably notice this unauthorized debit, but the bank employee will make a sizable amount every month. 09-08-2023 10:06:56 40 4) Classifications of Cybercrimes Data diddling attack Involves altering raw data just before it is processed by a computer and then changing it back after the processing is completed. Electricity boards in India have been victims to data diddling programs inserted when private parties computerize their systems. Forgery Counterfeit currency notes, postage and revenue stamps, marksheets, etc. can be forged using sophisticated computers, printers and scanners. Outside many colleges there are miscreants soliciting the sale of fake marksheets or even degree certificates. These are made using computers and high-quality scanners and printers. 09-08-2023 10:06:56 41 4) Classifications of Cybercrimes Web Jacking Web jacking occurs when someone forcefully takes control of a website (by cracking the password and later changing it). Thus, the first stage of this crime involves “password sniffing.” The actual owner of the website does not have any more control over what appears on that website. Newsgroup Spam/Crimes Emanating from Usenet Newsgroup The advent of Google Groups, and its large Usenet archive, has made Usenet more attractive to spammers than ever. The first widely recognized Usenet Spam titled Global Alert for All: Jesus is Coming Soon was posted on 18 January 1994 by Clarence L. Thomas IV, a sys admin at Andrews University. 09-08-2023 10:06:56 42 4) Classifications of Cybercrimes Industrial Spying/Industrial Espionage Spies can get information about product finances, research and development and marketing strategies , an activity known as “industrial spying”. Highly skilled hackers are contracted by high-profile companies or certain governments to carryout spying With the growing public availability of Trojans and Spyware material even a low-skilled one can generate high volume profit out of industrial spying. This is referred to as “Targeted Attacks” 09-08-2023 10:06:56 43 3) Classifications of Cybercrimes Industrial Spying/Industrial Espionage (Cont…) Real Example: One interesting case is the famous Israeli Trojan story, where a software engineer in London created a Trojan Horse program specifically designed to extract critical data gathered from machines infected by his program. He had made a business out of selling his Trojan Horse program to companies in Israel, which would use it for industrial spying by planting it into competitors’ networks. 09-08-2023 10:06:56 44 4) Classifications of Cybercrimes Industrial Spying/Industrial Espionage There are also the E-Mail worms automating similar “data exfiltration features”. E-Mail worms can scan the hard drive of infected machines for all files with the following extensions:.. Such files are uploaded on an FTP server owned by the cybercrooks, with the pdf,.doc,.dwg,.sch,.pcb,.dwt,.dwf,.max,.mdbaim of stealing as much IP as possible wherever it can be and then selling it to people who are ready to pay for it. Organizations subject to online extortion tend to keep quiet about it to avoid negative publicity about them. 09-08-2023 10:06:56 45 4) Classifications of Cybercrimes Hacking Purposes Greed Power Publicity Revenge Adventure Desire to access forbidden information Destructive mindset Every act committed toward breaking into a computer and/or network is hacking and it is an offense. Those who break into computer systems are called crackers and those targeting phones are phreaks. 09-08-2023 10:06:56 46 4) Classifications of Cybercrimes Hacking (Cont…) Hackers write or use ready-made computer programs to attack the target computer. They possess the desire to destruct, and they get enjoyment out of such destruction. Some hackers hack for personal monetary gains, such as stealing credit card information, transferring money from various bank accounts to their own account followed by withdrawal of money. They extort money from some corporate giant threatening him to publish the stolen information that is critical in nature. Government websites are hot on hackers’ target lists and attacks on Government websites receive wide press coverage. (For example, according to the story posted on December 2009, the NASA site was hacked via SQL Injection) 09-08-2023 10:06:56 47 4) Classifications of Cybercrimes Hacking (Cont…) 09-08-2023 10:06:56 48 4) Classifications of Cybercrimes Hacking (Cont…) 09-08-2023 10:06:56 49 4) Classifications of Cybercrimes Online frauds There are a few major types of crimes under the category of hacking: Spoofing website and E-Mail security alerts, hoax mails about virus threats, lottery frauds and Spoofing In Spoofing websites and E-Mail security threats, fraudsters create authentic looking websites that are actually nothing but a spoof The purpose of these websites is to make the user enter personal information which is then used to access business and bank accounts. Fraudsters are increasingly turning to E-Mail to generate traffic to these websites. This kind of online fraud is common in banking and financial sector. 09-08-2023 10:06:56 50 4) Classifications of Cybercrimes Online frauds (Cont…) In virus hoax E-Mails, the warnings may be genuine, so there is always a dilemma whether to take them lightly or seriously. A wise action is to first confirm by visiting an antivirus site such as McAfee, Sophos or Symantec before taking any action, such as forwarding them to friends and colleagues. Lottery frauds are typically letters or E-Mails that inform the recipient that he/she has won a prize in a lottery. To get the money, the recipient has to reply, after which another mail is received asking for bank details so that the money can be directly transferred. The E-Mail also asks for a processing fee/handling fee. Of course, the money is never transferred in this case; the processing fee is swindled, and the banking details are used for other frauds and scams. 09-08-2023 10:06:56 51 4) Classifications of Cybercrimes Online frauds (Cont…) “Spoofing” means illegal intrusion, posing as a genuine user. A hacker logs-in to a computer illegally, using a different identity than his own. He is able to do this by having previously obtained the actual password. He creates a new identity by fooling the computer into thinking that the hacker is the genuine system operator and then hacker then takes control of the system. He can commit innumerable number of frauds using this false identity. 09-08-2023 10:06:56 52 4) Classifications of Cybercrimes Pornographic Offenses “Child pornography” means any visual depiction, including but not limited to the following: 1. Any photograph that can be considered obscene and/or unsuitable for the age of child viewer; 2. film, video, picture; 3. computer-generated image or picture of sexually explicit conduct where the production of such visual depiction involves the use of a minor engaging in sexually explicit conduct. 09-08-2023 10:06:56 53 4) Classifications of Cybercrimes Pornographic Offenses (Cont…) “Child pornography” is considered an offense. The Internet is being highly used by its abusers to reach and abuse children sexually, worldwide. Its explosion has made the children a viable victim to the cybercrime. As the broad-band connections get into the reach of more and more homes, larger child population will be using the Internet and therefore greater would be the chances of falling victim to the aggression of pedophiles. “Pedophiles” are people who physically or psychologically coerce minors to engage in sexual activities, which the minors would not consciously consent to. 09-08-2023 10:06:56 54 4) Classifications of Cybercrimes Pornographic Offenses (Cont…) Here is how pedophiles operate: Step 1: Pedophiles use a false identity to trap the children/teenagers (using “false identity”) Step 2: They seek children/teens in the kids’ areas on the services, such as the Teens BB, Games BB or chat areas where the children gather. Step 3: They befriend children/teens. Step 4: They extract personal information from the child/teen by winning his/her confidence. Step 5: Pedophiles get E-Mail address of the child/teen and start making contacts on the victim’s E-Mail address as well. Sometimes, these E-Mails contain sexually explicit language. 09-08-2023 10:06:56 55 4) Classifications of Cybercrimes Pornographic Offenses (Cont…) Step 6: They start sending pornographic images/text to the victim including child pornographic images in order to help child/teen shed his/her inhibitions so that a feeling is created in the mind of the victim that what is being fed to him is normal and that everybody does it. Step 7: At the end of it, the pedophiles set up a meeting with the child/teen out of the house and then drag him/her into the net to further sexually assault him/her or to use him/her as a sex object. 09-08-2023 10:06:56 56 4) Classifications of Cybercrimes Pornographic Offenses (Cont…) Parents can follow simple rules to avoid this and accordingly they advice their children to keep away from dangerous things and ways. However, it is possible, even in the modern times most parents may not know the basics of the Internet and the associated (hidden) dangers from the services offered over the Internet. Hence most children may remain unprotected in the cyberworld. 09-08-2023 10:06:56 57 4) Classifications of Cybercrimes Software piracy It Is defined as theft of software through the illegal copying of genuine programs, or the counterfeiting and distribution of products intended to pass for the original. There are many examples of software piracy: end-user copying – friends loaning disks to each other, or organizations under- reporting the number of software installations they have made, or organizations not tracking their software licenses; hard disk loading with illicit means – hard disk vendors load pirated software; counterfeiting – large-scale duplication and distribution of illegally copied software; illegal downloads from the Internet – by intrusion, by cracking serial numbers, etc. 09-08-2023 10:06:56 58 4) Classifications of Cybercrimes Software piracy (Cont…) Beware that those who buy pirated software have a lot to lose: (a) getting untested software that may have been copied thousands of times over, (b) the software, if pirated, may potentially contain hard-drive- infecting viruses, (c) there is no technical support in the case of software failure, that is, lack of technical product support available to properly licensed users, (d) there is no warranty protection (e) there is no legal right to use the product, etc. 09-08-2023 10:06:56 59 4) Classifications of Cybercrimes Software piracy (Cont…) Economic impact : According to some Study in Asia Pacific 55% of the software installed in 2006 on personal computers (PCs) was obtained illegally, while software losses due to software piracy amounted to US$ 11.6 billion. The Study covered software that runs on personal computers, including desktops, laptops and ultra-portables. The study includes operating systems, systems software such as databases and security packages, business applications and consumer applications such as PC games, personal finance and reference software. 09-08-2023 10:06:56 60 4) Classifications of Cybercrimes Software piracy (Cont…) Dollars lost (year 2008) due to (software) piracy 09-08-2023 10:06:56 61 4) Classifications of Cybercrimes Software piracy (Cont…) Regional scenario on piracy rate. 09-08-2023 10:06:56 62 4) Classifications of Cybercrimes Computer sabotage The use of the Internet to hinder the normal functioning of a computer system through the introduction of worms, viruses or logical bombs. It can be used to gain economic advantage over a competitor, to promote the illegal activities of terrorists or to steal data or programs for extortion purposes. Logic bombs are event-dependent programs created to do something only when a certain event occurs. Some viruses may be termed as logic bombs because they lie dormant all through the year and become active only on a particular date(eg., Chernobyl virus and Y2K viruses). 09-08-2023 10:06:56 63 4) Classifications of Cybercrimes E-Mail Bombing/Mail Bombs E-Mail bombing refers to sending a large number of E-Mails to the victim to crash victim’s E-Mail account (in the case of an individual) or to make victim’s mail servers crash (in the case of a company or an E-Mail service provider). Computer program can be written to instruct a computer to do such tasks on a repeated basis. In recent times, terrorism has hit the Internet in the form of mail bombings. By instructing a computer to repeatedly send E-Mail to a specified person’s E-Mail address, the cybercriminal can overwhelm the recipient’s personal account and potentially shut down entire systems. This may or may not be illegal, but it is certainly disruptive. 09-08-2023 10:06:56 64 4) Classifications of Cybercrimes Usenet Newsgroup as the source of cybercrimes Usenet is a mechanism that allows sharing information in a many-to- many manner. In reality, however, there is no technical method available for controlling the contents of any newsgroup. It is merely subject to self-regulation and net etiquette. It is possible to put Usenet to following criminal use: 1. Distribution/sale of pornographic material 2. Distribution/sale of pirated software packages 3. Distribution of hacking software 4. Sale of stolen credit card numbers 5. Sale of stolen data/stolen property 09-08-2023 10:06:56 65 4) Classifications of Cybercrimes Computer network intrusions Crackers who are often misnamed Hackers can break into computer systems from anywhere in the world and steal data, plant viruses, create backdoors, insert Trojan horses or change user names and passwords. Network intrusions are illegal, but detection and enforcement are difficult. Current laws are limited and many intrusions go undetected. The cracker can bypass existing password protection by creating a program to capture logon IDs and passwords. The practice of “strong password” is therefore important 09-08-2023 10:06:56 66 4) Classifications of Cybercrimes Password sniffing These are programs that monitor and record the name and password of network users as they login Whoever installs the Sniffer can then impersonate an authorized user and login to access restricted documents. Laws are not yet set up to adequately prosecute a person for impersonating another person online. Laws designed to prevent unauthorized access to information may be effective in apprehending crackers using Sniffer programs. 09-08-2023 10:06:56 67 4) Classifications of Cybercrimes Credit card frauds Bulletin boards and other online services are frequent targets for hackers who want to access large databases of credit card information. Such attacks usually result in the implementation of stronger security systems. credit card Security measures are improving, and traditional methods of law enforcement seem to be sufficient for prosecuting the thieves of such information. 09-08-2023 10:06:56 68 4) Classifications of Cybercrimes Identity theft This fraud involves another person’s identity for an illicit purpose. Phishing and identity theft are related offenses. Examples include fraudulently obtaining credit, stealing money from the victim’s bank accounts, using the victim’s credit card number, establishing accounts with utility companies, renting an apartment or even filing bankruptcy using the victim’s name. The cyberimpersonator can steal unlimited funds in the victim’s name without the victim even knowing about it for months, 09-08-2023 10:06:56 69