Fundamentals of Cyber Security - Unit 1 - Introduction to Cybercrime PDF

Summary

This is a textbook about the fundamentals of cyber security, specifically focusing on Unit 1: Introduction to Cybercrime. It covers definitions, origins, classifications, and planning of cybercrimes. Reference books and publication details are provided.

Full Transcript

FUNDAMENTALS OF CYBER SECURITY
UNIT-I
1. Introduction to Cybercrime
2. Cyber offenses: How Criminals Plan Them
3. Mobile and Wireless Devices
UNIT-II
1. Tools and methods used in Cybercrime
2. Phishing and Identity Theft
UNIT – III
1. Understanding Computer Forensics

09-08-2023 10:06:55 1
 Unit-I
1. Introduction to Cybercrime
Cybercrime - Definition and Origins of the Word
Cybercrime and Information Security
Who are Cybercriminals?
Classifications of Cyber Crimes.

09-08-2023 10:06:56 2
 Unit-I
2. Cyber offenses: How Criminals Plan Them
Introduction

How Criminals Plan the Attacks

Social Engineering

Cyberstalking

Cybercafe and Cybercrimes

Botnets: The Fuel for Cybercrime

09-08-2023 10:06:56 3
 Unit-I
3. Cybercrime: Mobile and Wireless Devices
Introduction
Proliferation of Mobile and Wireless Devices
Credit Card Frauds in Mobile and Wireless Computing Era
Authentication Service Security
Attacks on Mobile/Cell Phones
Organizational Measures for Handling Mobile

09-08-2023 10:06:56 4
 TEXTBOOK
Sunit Belapure and Nina Godbole, “Cyber Security: Understanding Cyber Crimes,
Computer Forensics And Legal Perspectives”, Wiley India Pvt Ltd, ISBN: 978-81-
265-21791, Publish Date 2013.

REFERENCE BOOKS:
1. Thomas J. Mowbray, “Cybersecurity: Managing Systems, Conducting Testing,
and Investigating Intrusions”, Copyright © 2014 by John Wiley & Sons, Inc,
ISBN: 978-1-118 -84965 -1.
2. James Graham, Ryan Olson, Rick Howard, “Cyber Security Essentials”, CRC
Press, 15-Dec 2010.
3. Anti- Hacker Tool Kit (Indian Edition) by Mike Shema, Publication Mc Graw-
Hill
09-08-2023 10:06:56 5
 Introduction to Cybercrime

Dr. Ravi B , Dept of ISE

09-08-2023 10:07:15 6
 Introduction to Cybercrime
Topics :
1. Cybercrime - Definition and Origins of the Word
2. Cybercrime and Information Security
3. Who are Cybercriminals?
4. Classifications of Cyber Crimes.

09-08-2023 10:06:56 7
 1) Introduction to Cybercrime
Cybercrime is a new way of exploitation (involves the use of computers, the Internet,
cyberspace and the world wide web ).

The first recorded cybercrime took place in the year 1820.

While the worldwide scenario on cybercrime looks bleak, the situation in India is not any
better.

Indian corporate and government sites have been attacked or defaced more than 780 times
between February 2000 and December 2002.

According to a story posted on 3 December 2009, a total of 3,286 Indian websites were
hacked in 5 months – between January and June 2009 (Old data)

09-08-2023 10:06:56 8
 1) Introduction to Cybercrime
Figure below is based on a 2008 survey in Australia, shows the cybercrime
trend.

09-08-2023 10:06:56 9
 1) Introduction to Cybercrime
Definition :
Cybercrime is any illegal behaviour, directed by means of electronic
operations, that targets the security of computer systems and the data
processed by them.
Cyberspace is a term coined by William Gibson, a science fiction
writer, in his Sci-fi novel Neuromancer published in 1984
(He suggested it as a consensual hallucination)
The term “cybercrime” relates to a number of other terms: Computer-
related crime, Computer crime, Internet crime, E-crime, High-tech
crime

09-08-2023 10:06:56 10
 1) Introduction to Cybercrime
Cybercrime specifically can be defined in a number of ways;
1. A crime committed using a computer and the Internet to steal a person’s
identity (identity theft) or sell contraband(illegal items) or stalk victims or
disrupt operations with malevolent(causing harm) programs.

2. Crimes completed either on or with a computer.

3. Any illegal activity done through the Internet or on the computer.

4. All criminal activities done using the medium of computers, the Internet,
cyberspace and the WWW.

09-08-2023 10:06:56 11
 1) Introduction to Cybercrime
Two types of cyber attacks are prevalent: Techno-crime and Techno-vandalism

1. Techno-crime:
A premeditated act against a system or systems, with the intent to copy, steal, prevent
access, corrupt or otherwise deface or damage parts of or the complete computer
system.

The 24 × 7 connection to the Internet makes this type of cybercrime a real possibility
to engineer from anywhere in the world, leaving few, if any, “finger prints.”

09-08-2023 10:06:56 12
 1) Introduction to Cybercrime
2. Techno-vandalism:

These acts of “brainless” defacement of websites and/or other activities, such as
copying files and publicizing their contents publicly, are usually opportunistic in
nature.

Tight internal security, allied to strong technical safeguards, should prevent the
vast majority of such incidents.

09-08-2023 10:06:56 13
 1) Introduction to Cybercrime
What is cyber?
Cyber means combining forms relating to Information Technology, the Internet
and Virtual Reality.
This term owes its origin to the word “cybernetics” which deals with information
and its use; Cybernetics is the science that overlaps the fields of neurophysiology,
information theory, computing machinery and automation.
According to Wikipedia cybernetics is the interdisciplinary study of the structure of
regulatory systems. It is closely related to control theory and systems theory.

09-08-2023 10:06:56 14
 1) Introduction to Cybercrime
cyberterrorists usually use computer as a tool, target or both for their unlawful
act to gain information which can result in heavy loss/damage to the owner of that
intangible sensitive information.
Internet is one of the means by which the offenders can gain priced sensitive
information of companies, firms, individuals, banks and can lead to intellectual
property (IP) crimes (such as stealing new product plans, its description, market
program plans, list of customers, etc.), selling illegal articles, pornography/child
pornography, etc.
This is done using methods such as Phishing, Spoofing, Pharming, Internet
Phishing, wire transfer, etc

09-08-2023 10:06:56 15
 1) Introduction to Cybercrime
“Phishing” refers to an attack using mail programs to deceive or coax
Internet users into disclosing confidential information that can be then
exploited for illegal purposes. Figure 1.2 shows the increase in Phishing
hosts.

09-08-2023 10:06:56 16
 2) Cybercrime and Information Security
What is Cybersecurity?
Lack of information security gives rise to cybercrimes
“Cybersecurity” means protecting information, equipment, devices,
computer, computer resource, communication device and information
stored therein from unauthorized access, use, disclosure, disruption,
modification or destruction. (Indian Information Technology Act (ITA-
2008))
The term incorporates both the physical security of devices as well as
the information stored therein.
It covers protection from unauthorized access, use, disclosure,
disruption, modification and destruction.
09-08-2023 10:06:56 17
 2) Cybercrime and Information Security
To avoid negative publicity, most organizations abstain from revealing
facts and figures about “security incidents” including
cybercrime(outsider or insider crime). Reporting of financial losses due
cybercrime also often remains approximate.
Typical network misuses are for Internet radio/streaming audio,
streaming video, file sharing, instant messaging and online gaming
(such as online poker, online casinos, online betting, etc.; )
Online gambling is illegal in some countries – for example, in India.
However, India has yet to pass laws that specifically deal with the issue,
leaving a sort of legal loophole in the meantime.

09-08-2023 10:06:56 18
 2) Cybercrime and Information Security
Figure 1.4 shows several categories of incidences – viruses, insider abuse, laptop theft and
unauthorized access to systems.

09-08-2023 10:06:56 19
 2) Cybercrime and Information Security
The Botnet menace
The term Botnet is used to refer to a group of compromised computers(zombie
computers, i.e., personal computers secretly under the control of hackers)
running malwares under a common command and control infrastructure.
A Botnet maker can control the group remotely for illegal purposes, the most
common being DoS attack, Adware, Spyware, E-mail spam, click fraud, theft of
application serial numbers, login IDs and financial information such as credit card
numbers, etc.
The computer may continue to operate normally without the owner’s knowledge
that his computer has been compromised.

09-08-2023 10:06:56 20
 2) Cybercrime and Information Security
The Botnet menace (Cont…)
Small and medium businesses in the country are at greater risk, as
they are highly vulnerable to Bots, Phishing, Spam and Malicious
Code attacks.
Mumbai with 33% incidences tops the Bot-infected city list, followed
by New Delhi at 25%, Chennai at 17% and Bangalore at 13%.
If the computers, computer systems, computer resources, etc. are
unsecured and vulnerable to security threats, it can be detrimental to
the critical infrastructure of the country

09-08-2023 10:06:56 21
 2) Cybercrime and Information Security
The Botnet menace - How it works? (Cont…)

09-08-2023 10:06:56 22
 2) Cybercrime and Information Security
The Cybercrime trend over the years

09-08-2023 10:06:56 23
 3) Who are Cybercriminals?
Cybercrime involves such activities as
child pornography;
credit card fraud;
cyberstalking;
defaming another online;
gaining unauthorized access to computer systems;
ignoring copyright, software licensing and trademark protection;
overriding encryption to make illegal copies;
software piracy and stealing another’s identity (known as identity theft) to
perform criminal acts
Cybercriminals are those who conduct such acts.

09-08-2023 10:06:56 24
 3) Who are Cybercriminals?
They can be categorized into three groups that reflect their motivation
1. Type I: Cybercriminals – hungry for recognition
Hobby hackers;
IT professionals (social engineering is one of the biggest threat);
politically motivated hackers;
terrorist organizations.
2. Type II: Cybercriminals – not interested in recognition
Psychological perverts;
Financially motivated hackers (corporate espionage);
state-sponsored hacking (national espionage, sabotage);
organized criminals.

09-08-2023 10:06:56 25
 3) Who are Cybercriminals?
Type III: Cybercriminals – the insiders
Disgruntled or former employees seeking revenge;
competing companies using employees to gain economic advantage through
damage and/or theft.
The typical “motives” behind cybercrime seem to be greed, desire to
gain power and/or publicity, desire for revenge, a sense of adventure,
looking for thrill to access forbidden information, destructive mindset
and desire to sell network security services.

09-08-2023 10:06:56 26
 3) Who are Cybercriminals?
Motives for cybercrimes
Revenge/settling scores
Greed/money
Extortion
Cause disrepute
Prank/satisfaction of gaining control
Fraud/illegal gain
Eve teasing/harassment
others

09-08-2023 10:06:56 27
 4) Classifications of Cybercrimes
The typical motives behind cybercrime seem to be greed, desire to gain power and/or
publicity, desire for revenge, a sense of adventure, looking for thrill to access forbidden
information, destructive mindset and desire to sell network security services.
Crime is defined as “an act or the commission of an act that is forbidden, or the omission
of a duty that is commanded by a public law and that makes the offender liable to
punishment by that law.”

Cyber crimes are classified as:
1. Cybercrime against individual
2. Cybercrime against property
3. Cybercrime against organization
4. Cybercrime against Society
5. Crimes emanating from Usenet newsgroup

09-08-2023 10:06:56 28
 4) Classifications of Cybercrimes
1. Cybercrime against individual
E-Mail spoofing and other online frauds
Phishing, spear phishing and its various other forms such as Vishing and
Smishing.
Spamming
Cyberdefamation
Cyberstalking and harassment
Computer sabotage
Pornographic offenses
Password sniffing

09-08-2023 10:06:56 29
 4) Classifications of Cybercrimes
2. Cybercrime against property
Credit card frauds
Intellectual property crimes
Internet time theft
3. Cybercrime against organization
Unauthorized accessing of computer
Password sniffing
Denial-of-service attacks
Virus attack/dissemination of viruses
E-Mail bombing/mail bombs
Salami attack/Salami technique
Logic bomb
Trojan Horse
Data diddling
Crimes emanating from Usenet newsgroup
Industrial spying/industrial espionage
Computer network intrusions
Software piracy
09-08-2023 10:06:56 30
 4) Classifications of Cybercrimes
4. Cybercrime against Society
Forgery
Cyberterrorism
Web jacking
5. Crimes emanating from Usenet newsgroup: Usenet groups may
carry very offensive, harmful, inaccurate or otherwise inappropriate
material, or in some cases, postings that have been mislabelled or are
deceptive in another way.

09-08-2023 10:06:56 31
 4) Classifications of Cybercrimes

Email Spoofing- A spoofed E-Mail is one that appears to originate
from one source but actually has been sent from another source.

Example
Let us say, Roopa has an E-Mail address [email protected]. Let us say her
boyfriend Suresh and she happen to have a showdown. Then Suresh, having become
her enemy, spoofs her E-Mail and sends obscene/vulgar messages to all her
acquaintances. Since the E-Mails appear to have originated from Roopa, her friends
could take offense and relationships could be spoiled for life.

09-08-2023 10:06:56 32
 4) Classifications of Cybercrimes

Spamming-
People who create electronic spam are called spammers.

Spam is the abuse of electronic messaging systems(including most broadcast media,
digital delivery systems) to send unsolicited bulk messages indiscriminately.

Although the most widely recognized form of Spam is E-Mail Spam, the term is applied
to similar abuses in other media: instant messaging spam, Usenet newsgroup spam,
web search engine spam, spam in blogs, wiki spam, online classified ads spam, mobile
phone messaging spam, Internet forum spam, junk fax transmissions, social
networking spam, file sharing network spam, video sharing sites, etc.

09-08-2023 10:06:56 33
 4) Classifications of Cybercrimes
Spamming- (Cont…)
Spamming is difficult to control because it has economic viability – advertisers
have no operating costs beyond the management of their mailing lists, and it is
difficult to hold senders accountable for their mass mailings.

In the context of search engine spamming, spamming is alteration or creation of
a document with the intent to deceive an electronic catalog or a filing system.
Some web authors use “subversive techniques” to ensure that their site appears
more frequently or higher number in returned search results – this is strongly
discouraged by search engines and there are fines/ penalties associated with the
use of such subversive techniques.

09-08-2023 10:06:56 34
 4) Classifications of Cybercrimes
The following web publishing techniques should be avoided
Repeating keywords
Use of keywords that do not relate to the content on the site
Use of fast meta refresh
Redirection
IP cloaking
Use of colored text on the same colour background
Tiny text usage
Duplication of pages with different URLs
Hidden links
Use of different pages that bridge to the same URL(gateway pages)
(webpage designed to rank highly for particular search queries that does not offer useful
information to the searcher)

09-08-2023 10:06:56 35
 4) Classifications of Cybercrimes
Cyberdefamation
Cyberdefamation is a cognizable offense.
Cyberdefamation occurs when defamation takes place with the help of
computers and/or the Internet, for eg., someone publishes defamatory matter
about someone on a website or sends an E-Mail containing defamatory
information to all friends of that person.
According to the IPC section 499:
1. It may amount to defamation to impute anything to a deceased person, if the
imputation would harm the reputation of that person if living, and is intended
to be hurtful to the feelings of his family or other near relatives.
2. It may amount to defamation to make an imputation concerning a company or
an association or collection of persons as such.

09-08-2023 10:06:56 36
 4) Classifications of Cybercrimes
Cyberdefamation (Cont…)
(According to the IPC section 499):
3. An imputation in the form of an alternative or expressed ironically,
may amount to defamation.
4. No imputation is said to harm a person’s reputation unless that
imputation directly or indirectly, in the estimation of others, lowers
the moral or intellectual character of that person, or lowers the
character of that person in respect of his caste or of his calling, or
lowers the credit of that person, or causes it to be believed that the
body of that person is in a loathsome state or in a state generally
considered as disgraceful.

09-08-2023 10:06:56 37
 4) Classifications of Cybercrimes
Cyberdefamation (Cont…)

Libel is written defamation and slander is oral defamation.

The only issue to consider for defamation is whether a person would believe that
the words would indeed injure the person’s reputation. Even if there is no
damage to a person’s reputation, the person who made the allegations may still
be held responsible for defamation

The law on defamation attempts to create a workable balance between two
equally important human rights: The right to an unimpaired reputation and the
right to freedom of expression.

09-08-2023 10:06:56 38
 4) Classifications of Cybercrimes
Internet Time Theft
Such a theft occurs when an unauthorized person uses the Internet
hours paid for by another person.
Basically, Internet time theft comes under hacking because the person
who gets access to someone else’s ISP user ID and password, either by
hacking or by gaining access to it by illegal means, uses it to access the
Internet without the other person’s knowledge.
However, one can identify time theft if the Internet time has to be
recharged often, even when one’s own use of the Internet is not
frequent. (related to the crimes conducted through “identity theft.”)

09-08-2023 10:06:56 39
 4) Classifications of Cybercrimes
Salami Attack/Salami Technique
These attacks are used for committing financial crimes. The idea here is
to make the alteration so insignificant that in a single case it would go
completely unnoticed

Example :
A bank employee inserts a program, into the bank’s servers, that deducts
a small amount of money (say ` 2/- or a few cents in a month) from the
account of every customer. No account holder will probably notice this
unauthorized debit, but the bank employee will make a sizable amount
every month.

09-08-2023 10:06:56 40
 4) Classifications of Cybercrimes
Data diddling attack
Involves altering raw data just before it is processed by a computer and
then changing it back after the processing is completed.
Electricity boards in India have been victims to data diddling programs
inserted when private parties computerize their systems.
Forgery
Counterfeit currency notes, postage and revenue stamps, marksheets,
etc. can be forged using sophisticated computers, printers and scanners.
Outside many colleges there are miscreants soliciting the sale of fake
marksheets or even degree certificates. These are made using
computers and high-quality scanners and printers.

09-08-2023 10:06:56 41
 4) Classifications of Cybercrimes
Web Jacking
Web jacking occurs when someone forcefully takes control of a website
(by cracking the password and later changing it).
Thus, the first stage of this crime involves “password sniffing.”
The actual owner of the website does not have any more control over
what appears on that website.

Newsgroup Spam/Crimes Emanating from Usenet Newsgroup
The advent of Google Groups, and its large Usenet archive, has made Usenet
more attractive to spammers than ever.
The first widely recognized Usenet Spam titled Global Alert for All: Jesus is
Coming Soon was posted on 18 January 1994 by Clarence L. Thomas IV, a sys
admin at Andrews University.

09-08-2023 10:06:56 42
 4) Classifications of Cybercrimes
Industrial Spying/Industrial Espionage
Spies can get information about product finances, research and
development and marketing strategies , an activity known as “industrial
spying”.
Highly skilled hackers are contracted by high-profile companies or
certain governments to carryout spying
With the growing public availability of Trojans and Spyware material
even a low-skilled one can generate high volume profit out of industrial
spying. This is referred to as “Targeted Attacks”

09-08-2023 10:06:56 43
 3) Classifications of Cybercrimes
Industrial Spying/Industrial Espionage (Cont…)
Real Example:
One interesting case is the famous Israeli Trojan story, where a software engineer in
London created a Trojan Horse program specifically designed to extract critical data
gathered from machines infected by his program. He had made a business out of
selling his Trojan Horse program to companies in Israel, which would use it for
industrial spying by planting it into competitors’ networks.

09-08-2023 10:06:56 44
 4) Classifications of Cybercrimes
Industrial Spying/Industrial Espionage

There are also the E-Mail worms automating similar “data exfiltration
features”.
E-Mail worms can scan the hard drive of infected machines for all files
with the following extensions:.. Such files are uploaded on an FTP server
owned by the cybercrooks, with the pdf,.doc,.dwg,.sch,.pcb,.dwt,.dwf,.max,.mdbaim of stealing as much IP as possible wherever it can be and
then selling it to people who are ready to pay for it.
Organizations subject to online extortion tend to keep quiet about it to
avoid negative publicity about them.

09-08-2023 10:06:56 45
 4) Classifications of Cybercrimes
Hacking
Purposes
Greed
Power
Publicity
Revenge
Adventure
Desire to access forbidden information
Destructive mindset
Every act committed toward breaking into a computer and/or network
is hacking and it is an offense. Those who break into computer systems
are called crackers and those targeting phones are phreaks.

09-08-2023 10:06:56 46
 4) Classifications of Cybercrimes
Hacking (Cont…)
Hackers write or use ready-made computer programs to attack the target
computer.
They possess the desire to destruct, and they get enjoyment out of such
destruction.
Some hackers hack for personal monetary gains, such as stealing credit card
information, transferring money from various bank accounts to their own
account followed by withdrawal of money.
They extort money from some corporate giant threatening him to publish the
stolen information that is critical in nature.
Government websites are hot on hackers’ target lists and attacks on
Government websites receive wide press coverage. (For example, according to
the story posted on December 2009, the NASA site was hacked via SQL
Injection)

09-08-2023 10:06:56 47
 4) Classifications of Cybercrimes
Hacking (Cont…)

09-08-2023 10:06:56 48
 4) Classifications of Cybercrimes
Hacking (Cont…)

09-08-2023 10:06:56 49
 4) Classifications of Cybercrimes
Online frauds
There are a few major types of crimes under the category of
hacking: Spoofing website and E-Mail security alerts, hoax mails
about virus threats, lottery frauds and Spoofing
In Spoofing websites and E-Mail security threats, fraudsters create
authentic looking websites that are actually nothing but a spoof
The purpose of these websites is to make the user enter personal
information which is then used to access business and bank
accounts.
Fraudsters are increasingly turning to E-Mail to generate traffic to
these websites. This kind of online fraud is common in banking and
financial sector.

09-08-2023 10:06:56 50
 4) Classifications of Cybercrimes
Online frauds (Cont…)
In virus hoax E-Mails, the warnings may be genuine, so there is always a dilemma
whether to take them lightly or seriously.

A wise action is to first confirm by visiting an antivirus site such as McAfee, Sophos or
Symantec before taking any action, such as forwarding them to friends and colleagues.

Lottery frauds are typically letters or E-Mails that inform the recipient that he/she has
won a prize in a lottery. To get the money, the recipient has to reply, after which
another mail is received asking for bank details so that the money can be directly
transferred.

The E-Mail also asks for a processing fee/handling fee. Of course, the money is never
transferred in this case; the processing fee is swindled, and the banking details are
used for other frauds and scams.

09-08-2023 10:06:56 51
 4) Classifications of Cybercrimes
Online frauds (Cont…)
“Spoofing” means illegal intrusion, posing as a genuine user. A hacker logs-in
to a computer illegally, using a different identity than his own.

He is able to do this by having previously obtained the actual password.

He creates a new identity by fooling the computer into thinking that the hacker
is the genuine system operator and then hacker then takes control of the
system.

He can commit innumerable number of frauds using this false identity.

09-08-2023 10:06:56 52
 4) Classifications of Cybercrimes
Pornographic Offenses
“Child pornography” means any visual depiction, including but not limited to the
following:

1. Any photograph that can be considered obscene and/or unsuitable for the
age of child viewer;

2. film, video, picture;

3. computer-generated image or picture of sexually explicit conduct where the
production of such visual depiction involves the use of a minor engaging in
sexually explicit conduct.

09-08-2023 10:06:56 53
 4) Classifications of Cybercrimes
Pornographic Offenses (Cont…)
“Child pornography” is considered an offense.
The Internet is being highly used by its abusers to reach and abuse children
sexually, worldwide. Its explosion has made the children a viable victim to the
cybercrime.
As the broad-band connections get into the reach of more and more homes, larger
child population will be using the Internet and therefore greater would be the
chances of falling victim to the aggression of pedophiles.
“Pedophiles” are people who physically or psychologically coerce minors to
engage in sexual activities, which the minors would not consciously consent to.

09-08-2023 10:06:56 54
 4) Classifications of Cybercrimes
Pornographic Offenses (Cont…)
Here is how pedophiles operate:
Step 1: Pedophiles use a false identity to trap the children/teenagers (using “false identity”)

Step 2: They seek children/teens in the kids’ areas on the services, such as the Teens BB,
Games BB or chat areas where the children gather.

Step 3: They befriend children/teens.

Step 4: They extract personal information from the child/teen by winning his/her confidence.

Step 5: Pedophiles get E-Mail address of the child/teen and start making contacts on the
victim’s E-Mail address as well. Sometimes, these E-Mails contain sexually explicit language.

09-08-2023 10:06:56 55
 4) Classifications of Cybercrimes
Pornographic Offenses (Cont…)
Step 6: They start sending pornographic images/text to the victim
including child pornographic images in order to help child/teen shed
his/her inhibitions so that a feeling is created in the mind of the victim
that what is being fed to him is normal and that everybody does it.
Step 7: At the end of it, the pedophiles set up a meeting with the
child/teen out of the house and then drag him/her into the net to
further sexually assault him/her or to use him/her as a sex object.

09-08-2023 10:06:56 56
 4) Classifications of Cybercrimes

Pornographic Offenses (Cont…)
Parents can follow simple rules to avoid this and accordingly they
advice their children to keep away from dangerous things and ways.
However, it is possible, even in the modern times most parents may
not know the basics of the Internet and the associated (hidden)
dangers from the services offered over the Internet.
Hence most children may remain unprotected in the cyberworld.

09-08-2023 10:06:56 57
 4) Classifications of Cybercrimes
Software piracy
It Is defined as theft of software through the illegal copying of genuine
programs, or the counterfeiting and distribution of products intended to
pass for the original.
There are many examples of software piracy:
end-user copying – friends loaning disks to each other, or organizations under-
reporting the number of software installations they have made, or
organizations not tracking their software licenses;
hard disk loading with illicit means – hard disk vendors load pirated software;
counterfeiting – large-scale duplication and distribution of illegally copied
software;
illegal downloads from the Internet – by intrusion, by cracking serial numbers,
etc.

09-08-2023 10:06:56 58
 4) Classifications of Cybercrimes
Software piracy (Cont…)
Beware that those who buy pirated software have a lot to lose:
(a) getting untested software that may have been copied thousands
of times over,
(b) the software, if pirated, may potentially contain hard-drive-
infecting viruses,
(c) there is no technical support in the case of software failure, that
is, lack of technical product support available to properly licensed
users,
(d) there is no warranty protection
(e) there is no legal right to use the product, etc.

09-08-2023 10:06:56 59
 4) Classifications of Cybercrimes
Software piracy (Cont…)
Economic impact : According to some Study in Asia Pacific 55% of the software
installed in 2006 on personal computers (PCs) was obtained illegally, while
software losses due to software piracy amounted to US$ 11.6 billion.

The Study covered software that runs on personal computers, including desktops,
laptops and ultra-portables.

The study includes operating systems, systems software such as databases and
security packages, business applications and consumer applications such as PC
games, personal finance and reference software.

09-08-2023 10:06:56 60
 4) Classifications of Cybercrimes
Software piracy (Cont…)
Dollars lost (year 2008) due to (software) piracy

09-08-2023 10:06:56 61
 4) Classifications of Cybercrimes
Software piracy (Cont…)
Regional scenario on piracy rate.

09-08-2023 10:06:56 62
 4) Classifications of Cybercrimes
Computer sabotage
The use of the Internet to hinder the normal functioning of a computer
system through the introduction of worms, viruses or logical bombs. It
can be used to gain economic advantage over a competitor, to promote
the illegal activities of terrorists or to steal data or programs for
extortion purposes.
Logic bombs are event-dependent programs created to do something
only when a certain event occurs.
Some viruses may be termed as logic bombs because they lie dormant
all through the year and become active only on a particular date(eg.,
Chernobyl virus and Y2K viruses).

09-08-2023 10:06:56 63
 4) Classifications of Cybercrimes
E-Mail Bombing/Mail Bombs
E-Mail bombing refers to sending a large number of E-Mails to the victim to
crash victim’s E-Mail account (in the case of an individual) or to make
victim’s mail servers crash (in the case of a company or an E-Mail service
provider).

Computer program can be written to instruct a computer to do such tasks
on a repeated basis.
In recent times, terrorism has hit the Internet in the form of mail bombings.
By instructing a computer to repeatedly send E-Mail to a specified person’s
E-Mail address, the cybercriminal can overwhelm the recipient’s personal
account and potentially shut down entire systems.
This may or may not be illegal, but it is certainly disruptive.

09-08-2023 10:06:56 64
 4) Classifications of Cybercrimes
Usenet Newsgroup as the source of cybercrimes
Usenet is a mechanism that allows sharing information in a many-to-
many manner.
In reality, however, there is no technical method available for controlling
the contents of any newsgroup. It is merely subject to self-regulation
and net etiquette. It is possible to put Usenet to following criminal use:
1. Distribution/sale of pornographic material
2. Distribution/sale of pirated software packages
3. Distribution of hacking software
4. Sale of stolen credit card numbers
5. Sale of stolen data/stolen property

09-08-2023 10:06:56 65
 4) Classifications of Cybercrimes
Computer network intrusions
Crackers who are often misnamed Hackers can break into computer
systems from anywhere in the world and steal data, plant viruses, create
backdoors, insert Trojan horses or change user names and passwords.
Network intrusions are illegal, but detection and enforcement are
difficult. Current laws are limited and many intrusions go undetected.
The cracker can bypass existing password protection by creating a
program to capture logon IDs and passwords.
The practice of “strong password” is therefore important

09-08-2023 10:06:56 66
 4) Classifications of Cybercrimes
Password sniffing
These are programs that monitor and record the name and password of
network users as they login
Whoever installs the Sniffer can then impersonate an authorized user
and login to access restricted documents.
Laws are not yet set up to adequately prosecute a person for
impersonating another person online.
Laws designed to prevent unauthorized access to information may be
effective in apprehending crackers using Sniffer programs.

09-08-2023 10:06:56 67
 4) Classifications of Cybercrimes
Credit card frauds
Bulletin boards and other online services are frequent targets for
hackers who want to access large databases of credit card information.

Such attacks usually result in the implementation of stronger security
systems.

credit card Security measures are improving, and traditional methods of
law enforcement seem to be sufficient for prosecuting the thieves of
such information.

09-08-2023 10:06:56 68
 4) Classifications of Cybercrimes
Identity theft
This fraud involves another person’s identity for an illicit purpose.
Phishing and identity theft are related offenses.
Examples include fraudulently obtaining credit, stealing money from the
victim’s bank accounts, using the victim’s credit card number,
establishing accounts with utility companies, renting an apartment or
even filing bankruptcy using the victim’s name.
The cyberimpersonator can steal unlimited funds in the victim’s name
without the victim even knowing about it for months,

09-08-2023 10:06:56 69