Cyber Crime PDF

Summary

This document provides an overview of cybercrime, including different types like hacking, phishing, and ransomware. It also covers the concept of identity theft. Prevention methods for cybercrime are also mentioned.

Full Transcript

Cyber crime

Cyber crime

Cyber Crime

Criminal activities or offences carried out in a digital

environment can be considered as cyber crime. In such

crimes, either the computer itself is the target or the

computer is used as a tool to commit a crime. Cyber

crimes are carried out against either an individual, or

a group, or an organisation or even against a country,

with the intent to directly or indirectly cause physical

harm, financial loss or mental harassment. A cyber

criminal attacks a computer or a network to reach other

computers in order to disable or damage data or services.

Apart from this, a cyber criminal may spread viruses and

other malwares in order to steal private and confidential

data for blackmailing and extortion. A computer virus is

some lines of malicious code that can copy itself and can

have detrimental effect on the computers, by destroying

data or corrupting the system. Similarly, malware is

a software designed to specifically gain unauthorised

access to computer systems. The nature of criminal

activities are alarmingly increasing day-by-day, with

frequent reports of hacking, ransomware attacks,

denial-of-service, phishing, email fraud, banking fraud
and identity theft.

11.5.1 Hacking

Hacking is the act of unauthorised access to a computer,

computer network or any digital system. Hackers usually

have technical expertise of the hardware and software.

They look for bugs to exploit and break into the system.

Hacking, when done with a positive intent, is called

ethical hacking. Such ethical hackers are known as

white hat hackers. They are specialists in exploring any

vulnerability or loophole during testing of the software.

Thus, they help in improving the security of a software.

An ethical hacker may exploit a website in order to

discover its security loopholes or vulnerabilities. He

then reports his findings to the website owner. Thus,

ethical hacking is actually preparing the owner against

any cyber attack.

A non-ethical hacker is the one who tries to gain

unauthorised access to computers or networks in order

to steal sensitive data with the intent to damage or

bring down systems. They are called black hat hackers or crackers. Their primary focus is on
security cracking

and data stealing. They use their skill for illegal or

malicious purposes. Such hackers try to break through

system securities for identity theft, monetary gain, to

bring a competitor or rival site down, to leak sensitive

information, etc.
11.5.2 Phishing and Fraud Emails

Phishing is an unlawful activity where fake websites or

emails that look original or authentic are presented to

the user to fraudulently collect sensitive and personal

details, particularly usernames, passwords, banking

and credit card details. The most common phishing

method is through email spoofing where a fake or

forged email address is used and the user presumes

it to be from an authentic source. So you might get an

email from an address that looks similar to your bank

or educational institution, asking for your information,

but if you look carefully you will see their URL address

is fake. They will often use logo’s of the original, making

them difficult to detect from the real! Phishing attempts

through phone calls or text messages are also common

these days.

(A) Identity Theft

Identity thieves increasingly use personal information

stolen from computers or computer networks, to commit

fraud by using the data gained unlawfully. A user’s

identifiable personal data like demographic details,

email ID, banking credentials, passport, PAN, Aadhaar

number and various such personal data are stolen and

misused by the hacker on behalf of the victim. This

is one type of phishing attack where the intention is
largely for monetary gain. There can be many ways in

which the criminal takes advantage of an individual’s

stolen identity. Given below are a few examples:

Financial identity theft: when the stolen identity is

used for financial gain.

Criminal identity theft: criminals use a victim’s

stolen identity to avoid detection of their

true identity.

Medical identity theft: criminals can seek medical

drugs or treatment using a stolen identity.

Ransomware

This is another kind of cyber crime where the attacker

gains access to the computer and blocks the user from

accessing, usually by encrypting the data. The attacker

blackmails the victim to pay for getting access to the

data, or sometimes threaten to publish personal and

sensitive information or photographs unless a ransom

is paid.

Ransomware can get downloaded when the users

visit any malicious or unsecure websites or download

software from doubtful repositories. Some ransomware

are sent as email attachments in spam mails. It can

also reach our system when we click on a malicious

advertisement on the Internet.

11.5.4 Combatting and Preventing Cyber Crime
The challenges of cyber crime can be mitigated with

the twin approach of being alert and taking legal help.

Following points can be considered as safety measures

to reduce the risk of cyber crime:

Take regular backup of important data

Use an antivirus software and keep it updated

always

Avoid installing pirated software. Always download

software from known and secure (HTTPS) sites

Always update the system software which include

the Internet browser and other application software

Do not visit or download anything from untrusted

websites

Usually the browser alerts users about doubtful

websites whose security certificate could not be

verified; avoid visiting such sites

Use strong password for web login, and change

it periodically. Do not use same password for

all the websites. Use different combinations

of alphanumeric characters including special

characters. Ignore common words or names

in password

While using someone else’s computer, don’t allow

browser to save password or auto fill data, and try to browse in your private browser window

For an unknown site, do not agree to use cookies
when asked for, through a Yes/No option.

Perform online transaction like shopping, ticketing,

and other such services only through well-known

and secure sites

Always secure wireless network at home with strong

password and regularly change it.

Activity 11.6

Explore and find out

how to file a complaint

with the cyber cell in

your area.

Beware !!

Accepting links from

untrusted emails can be

hazardous, as they may

potentially contain a

virus or link to malicious

website. We should ensure

to open any email link or

attachment only when it is

from a trusted source and

doesn’t look doubtful.

Activity 11.5

How can you

unsubscribe from a
mail group or block an

email sender?

Remember!!

Cyber crime is defined

as a crime in which

computer is the medium

of crime (hacking,

phishing, spamming), or

the computer is used as

a tool to commit crimes

(extortion, data breaches,

theft).

From source 2

CYBERCRIME

Cybercrime is defined as a crime in which a computer is the object of the crime (hacking,
phishing, spamming) or is used as a tool to commit an offence (child pornography, hate
crimes, etc.).

Cyber crimes are carried out against an individual, a group, an organization or even against a
country, with the intent to directly or indirectly cause physical harm, financial loss or mental
harassment. A cybercriminal attacks a computer or a network to reach other computers in
order to disable or damage data or services.

Cybercriminals may use computer technology to access personal information, business trade
secrets or use the internet for exploitative or malicious purposes. Criminals can also use
computers for communication and document or data storage. Criminals who perform these
illegal activities are often referred to as hackers.

Common types of cybercrimes include online banking information theft, identity theft, online
predatory crimes and unauthorized computer access. More serious crimes like cyber
terrorism are also of significant concern.

Cybercrime encompasses a wide range of activities hut these are generally divided into twu
categories:

1. Crimes that target computer networks or devices: These types of crimes include viruses
and denial-of-service (DoS) attacks.

2. Crimes that use computer networks to advance other criminal activities, These types
crimes include cyberstalking, phishing and fraud or identity theft.

10.11.1 Hacking

Hacking is an act of unauthorized access to a compiter computer network or any digital
system. Hackers usually have technical expertise of the hardware and software They look for
bugs to exploit and break into the system.

Hacking, when done with a positive intent, is called ethical hacking Such ethical hackers are
known as white hat hackers. They are specialists in exploring any vulnerability or loophole
during the testing of the software. Thus, they help in improving the security of a software. An
ethical hacker may exploit a website in order to discover its security Inopholes or
vulnerabilities The findings are then reported to the website owner. Thus, ethical hacking is
actually preparing the owner against any cyber attack.

A non-ethical hacker is one who tries to gain unauthorized access to computers or networks
in order to steal sensitive data with the intent to damage or bring down systems. They are
called black hat hackers or crackers. Their primary focus is on security cracking and data
stealing They use their skills for illegal or malicious purposes. Such hackers try to break
through system securities for identity theft, monetary gain, to bring a competitor or rival site
down, to leak sensitive information, etc.

Types of Hackers

Black hat hackers or crackers are Individuals with extraordinary computing skills, resorting to
malicious/destructive activities. Black hat hackers use their knowledge and skill for their own
personal gatns by hurting others.

White hat hackers are those individuals who use their hacking skills for defensive purposes
This means that the white hat hackers use their knowledge and skill for the good of others
and for the common good. Ethical hacking, also known as penetration testing or white hat
hacking, involves the same tools, tricks and techniques that black hat hackers use, but with
one major difference-ethical hacking is legal.

Grey hat hackers are individuals who work both offensively and defensively at different times.
Their behaviour cannot be predicted. Sometimes they use their skills for the common good.

Eavesdropping

An eavesdropping attack occurs when a hacker intercepts, deletes or modifies data that is
transmitted between two devices. Eavesdropping, also known as sniffing or snooping, relies
on unsecured network communications to access data in transit between devices. It typically
occurs when a user connects to a network in which traffic is not secured or encrypted.

Phishing/Fraud Emails

Phishing is an attempt to acquire sensitive information such as ernatres, passwords and
credit card details (and sometimes, directly, money) by masquerading as a trustworthy entity
in an electronic communication.
Phishing is an unlawful activity where fake websites or emails that look original or authentic
de presented to the user to fraudulently collect sensitive and personal details, particularly
ernames, passwords, banking and credit card details.

Phishing is typically carried out by email spoofing or instant messaging and it often directs
the sers to enter personal information on a fake website, the look and feel of which is
identical to the legitimate one, the only difference being the URL of the website

Communications purporting to be from social websites, auction sites, banks, online payment
processors or IT administrators are often used to lure victims. Phishing emails may contain
links to websites that distribute malware.

The protective measures to be followed against Phishing include:

1.Never open or download a file from an unsolicited email, even from someone you know.
(You can call or email the person to double check that it really came from them.)

2. Keep your operating system updated.

3.Use a trusted antivirus program.

4.Enable two-factor authentication whenever available.

5. Confirm the authenticity of a website prior to entering login credentials by looking for a
reputable security trust mark.
6.Look for HTTPS in the address bar when you enter any sensitive personal information on a
website to make sure your data will be encrypted.

Ransomware

Ransomware is malicious software that infects your computer and displays messages
demanding a fee to be paid in order to access your ystem. This class of malware is a criminal
moneymaking scheme that can be installed through deceptive links in an email message,
instant message or website. It has the ability to lock a computer screen or encrypt important,
predetermined files with a password.

Luses scare tactics or intimidation to trick victims into paying up. It can come in the form of
fake antivirus software in which a message suddenly appears claiming your computer has
various ames and an online payment is necessary to fix them!

Illegal Downloading

legal downloading means obtaining files from the internet that wu don't have the right to use.
Illegal downloading is the root cause of digital piracy.

Ingital piracy involves illegally sharing copyrighted media such games, music, movies, TV
shows and software. It does not matter whether you upload the content to share with others
without permission or whether you download it for free or at a tharont priteshayene hvolved
in this type of operation is treated as law-breaker.

For example, if you are a member of a website that shares music files without permission
frome the recording labels, you are considered as involved in piracy, even if you have paid a
fee to the website for downloading files. Another example could be if you are able to access
and download movies or TV showsing files. Another example prices, which are usually illegal
copies, and thus come within the ambit of piracy. To avoid downloading media illegally, obtain
it from reputed dealers that have the rights to sell them.
Therefore, illegal downloading should be discouraged as it incurs heavy losses to developers/
producers and the person who is carrying out this illegal downloading can face punishment
or fine due to this unethical act.

Child Pornography

Child pornography is publishing and transmitting obscene material about children in
electronic form. In recent years, child pornography has increased due to easy internet access
and easily available videos on the internet. Child pornography is the most heinous crime
which occurs and has led to various other crimes such as sex tourism, sexual abuse of the
child, etc.

There are provisions under the cyber law to stop child pornography, leading to punishment
like:

1st conviction with 2 to 5 years of imprisonment and a fine of 1 lakh.

2nd or subsequent conviction with an imprisonment of up to 7-10 years and a fine which may
extend up to 10 lakh.

Child pornography laws provide severe penalties for producers and distributors in almost all
Western societies, usually including incarceration, with shorter duration of sentences for
non-commercial distribution depending on the extent and content of the material
distributed. Convictions for possessing child pornography material also usually include
prison sentences, but those sentences are often converted to probation for first-time
offenders.

Cyber Scams and Frauds

The term 'Internet fraud generally refers to any scheme that uses one or more components of
the internet, such as chat rooms, email, message boards or websites, to present fraudulent
solicitations to prospective victims, to conduct fraudulent transactions, or to transmit the
proceeds of fraud to financial institutions or to others connected with the scheme.

The various cyber frauds that are carried out online across the world are:

Credit/Debit Card Fraud-This involves the use of credit/debit card to obtain money or acquire
properties without appropriate authorization. Fraudsters obtain credit/debit card numbers of
victims from unsecured web media and use them to carry out illegal or unethical
transactions.

Non-delivery of Goods/Service Fraud-This refers to a scam in which people are encouraged to
pay for goods and/or services via a web portal, and then nothing is delivered to the buyer.

Spoofing/Phishing Scam-Spoofing is a type of fraud in which a fraudster masquerades

as another person by using the other person's identity to transact business and obtain vital
information such as bank account numbers, credit card numbers and associated passwords.
Phishing is a form of spoofing in which the web page of a particular entity can be duplicated
and positioned with URL for the purpose of luring people to divulge vital financial
information.

Identity Theft-This entails the use of another person's personal information, without
appropriate consent, for the purpose of fraudulent practices. Often personal information
may even be leaked online or stolen during web surfing.

Identity theft is a type of fraud that involves using someone else's identity to steal money or
gain other benefits. Online identity theft refers to an act of stealing someone else's personal
information such as name, login details, etc., and then posing as that person online.

Auction Fraud-In auction frauds, people are encouraged to participate in online auction and
when money has been paid for specific items, the fraudster would send either a lower
standard item or a counterfeit.
Preventing Cybercrime

Anyone using the internet should exercise some basic precautions. Here are some tips you
can use to help protect yourself from cybercrime:

1. Keep the computer system up-to-date and take regular backup of important data.

2. Protect your personal information by managing your social media privacy settings.

3 Update your antivirus software on a regular basis.

4 Choose a strong password (combination of letters, numbers, symbols and special
characters) and change it periodically. Do not use same password for all websites.

5. Before downloading any software, ensure that the website address contains HTTPS or lock
symbol.

6 While using someone else's computer, do not allow the browser to save password or auto
fill data and try to browse in incognito mode.

7 For an unknown site, do not agree to accept cookies when asked for, through a Yes/No
option.

8. Perform online transactions like shopping, ticketing and other such services only through
well-known and secure sites.

9. Always secure wireless network at home with a strong password and regularly change it.
10 Do not download songs, videos or software from untrustworthy websites. Often these files
tome with hidden malware such as ransomware or Trojan.

11. Never download attachments from emails that appear suspicious.

12. Adjust the settings in the web browser. It may limit some functionality but can provide
best protection from malicious content.

I need help with seminar preparation and presentation please in interactive and interesting
manner