Sie sind auf Seite 1von 40

An Introduction to Cyber - Crime

Computer crime refers to criminal activity involving a computer. The computer may be used in the

commission of a crime or it may be the target. Net- crime refers to criminal use of the Internet.

Cyber-crimes are essentially a combination of these

two elements and can be best defined as "Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally

harm the reputation of the victim or cause physical or

mental harm to the victim directly or indirectly using modern telecommunication networks such as the

Internet and mobile phones .

The U.S. Department of Justice broadens this definition to include any illegal activity that uses a computer for the storage of evidence.

The term 'cyber-crime' can refer to offenses including criminal activity against data, infringement of content ,copyright, fraud, unauthorized access.

There are two main categories that define the cyber- crimes. Firstly those that target computer networks or devices such as viruses, malware, or denial of service

attacks. The second category relate to crimes that are

facilitated by computer networks or devices like cyber- stalking, fraud, identity-theft, extortion, phishing (spam)

and theft of classified information.

History of Cyber Crime

One may say that the concept of the computer came with the invention of the first abacus, hence it can be said that cybercrimehas been around ever since people used calculating machines for wrong purposes.

However, cybercrime has shown itself as a serious threat to society for less than a decade.

The first recorded cyber crime took place in the year 1820.

The abacus, which is thought to be the earliest form of a computer, has been around since

3500 B.C. in India, Japan and China. The era

of modern computers, however, began with the analytical engine of Charles Babbage.

In 1820, Joseph-Marie Jacquard, a textile manufacturer in France, produced the loom. This device allowed the repetition of a series

of steps in the weaving of special fabrics.

This resulted in a fear amongst Jacquard's employees that their traditional employment and livelihood were being threatened. They committed acts of sabotage to discourage Jacquard from further use of the new technology. This is the first recorded cyber crime.

Different Types Of Cyber Crime Includes These Four Categories:

Data-related crimes, including modification, theft.

Network-related crimes.

Crimes of access, including hacking and virus distribution.

Associated computer-related crimes, including aiding and abetting cyber criminals, computer

fraud, and computer forgery.

Hacker

Hacker • A hacker is an individual who uses computer, networking problem. or other skills to

A hacker is an individual who uses computer,

networking

problem.

or

other

skills

to

overcome

a

technical

The term hacker may refer to anyone with technical skills, but it often refers to a person who uses his or her abilities to gain unauthorized access to systems or networks in order to commit crimes.

Hacking has been defined as "Deliberately gaining unauthorized access to an information system."

Types of hackers

Hackers are divided into three types: white hat,

black hat and gray hat.

  • White Hat Hackers- :

A white hat hacker is

a computer security specialist who breaks into

protected systems and networks to test and asses their security. White hat hackers use

their skills to improve security by exposing

vulnerabilities before malicious hackers (known as black hat hackers) can detect and exploit them.

  • Black Hat Hackers- :

A black hat hacker is a

person who attempts to find computer security

vulnerabilities and exploit them for personal

financial gain or other malicious reasons.

  • Gray Hat Hackers- :

The term “gray hat” refers to a computer hacker or computer security expert who may sometimes violate laws or typical

ethical standards , but does not have the malicious

intent typical of a black hat hacker.

Cracker

A cracker is generally someone who breaks into someone else's computer system, often on a network,

bypasses passwords or licenses in computer programs or in other ways intentionally breaches computer security.

A cracker can be doing this for profit, maliciously, for some cause, or because some challenge is there. Some breaking-and-entering has been done to point out

weaknesses in a site's security system.

.

Malicious Programs

"Malware" is short for malicious software . Malware is designed to cause damage to a stand alone computer or a networked pc.

Malicious software can be divided into two categories:

those that need a host program, and those that are

independent.

The former are essentially fragments of programs that cannot exist independently of some actual application program, utility, or system program. Viruses, logic bombs, and backdoors are examples. The latter are self-contained

programs that can be scheduled and run by the operating

system. Worms and zombie programs are examples.

-Viruses

-A virus is a piece of software that can "infect" other programs by modifying them; the modification includes a

copy of the virus program, which can then go on to infect

other programs. It can attack any area: from corrupting the data of the file using the computer's processing

resources in attempt to crash the machine and more.

-A virus can do anything that other programs do. The only difference is that it attaches itself to another program

and executes secretly when the host program is run. Once

a virus is executing, it can perform any function, such as erasing files and programs.

During its lifetime, a typical virus goes through the following four phases:

Dormant phase: The virus is idle. The virus will eventually be activated by some event, such as a date, the presence of another program or file, or the capacity of the disk exceeding some limit.

Not all viruses have this stage. Propagation phase: The virus places an identical

copy of itself into other programs or into certain

system areas on the disk. Each infected program

will now contain a clone of the virus, which will itself enter a propagation phase.

Triggering phase: The virus is activated to perform the function for which it was intended. As with the dormant phase, the triggering phase

can be caused by a variety of system events,

including a count of the number of times that this copy of the virus has made copies of itself.

Execution phase: The function is performed.

The function may be harmless, such as a message

on the screen, or damaging, such as the

destruction of programs and data files.

Worms - A computer worm is self-replicating malware that duplicates itself to spread to uninfected computers. Worms often use parts of an operating system that are automatic and invisible to the user. It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks.

Logic Bomb Also known as slang code. It is a malicious code that is intentionally injected into software applications

or OS that implements a malicious function after a certain amount of time or when specific conditions are met.

Logic Bomb are often used with virus, worms

&

trojan

horse

to

do

maximum damage before being

noticed. They perform corrupting or altering data ,

reformatting hard drive , deleting important files.

Trojan Horse Type of malware which harm our computer system. Trojans do not replicate by infecting other files or computer systems. They

survive by going unnoticed. They may sit quietly in

your computer , collecting information & setting up holes in your security.

Trapdoor(Backdoor) Provides a secret method of

gaining access service.

to

an

application ,

OS

or

online

It is an entry point into a program that allows

someone that is aware of the trapdoor to gain access without going through the usual security access procedures.

Zombie A computer that has been implanted with

a

daemon

that

puts

it

under

the

control

of

a

   

malicious

hacker

without

the

knowledge

of

the

computer owner.

Zombies are used by malicious hackers to launch DOS attacks.

*Daemon

It

is

a

process

that

runs

in

the

background and performs a specified operation at a predefined time or in response to certain events.

Internet Time Theft

Internet time theft comes under the heading of

hacking. It is used by an unauthorized person of

the Internet hours paid for by another person. The person who gets access to someone else's ISP user

ID and password, either by hacking or by gaining

access to it by illegal means, uses it to access the Internet without the other person's knowledge. You

can identify time theft if your Internet time has to

be recharged often, despite infrequent usage. There are many such cases in India that are prosecuted under the IT Act.

Salami Attack

A salami attack is when small attacks add up to one major attack that can go undetected due to the nature of

this type of cyber crime. It is also known as salami slicing.

Salami slicing is often used to carry out illegal activities, it is only a strategy for gaining an advantage over time by accumulating it in small increments, so it can be used in perfectly legal ways .

The attacker uses an online database to seize the information of customers that is bank/credit card details deducting very little amounts from every account over a

period of time.

The customers remain unaware of the slicing and hence no complaint is launched thus keeping the hacker away from detection. These attacks are used for the commission of financial crimes.

E.g. a bank employee inserts a program, into the bank’s servers, that deducts a small amount of money (say Rs. 5 a

month) from the account of every customer. No account

holder will probably notice this unauthorized debit, but the bank employee will make a sizeable amount of money every month.

WEB JACKING

This occurs when someone forcefully takes control of a website (by cracking the password and later changing it).

The actual owner of the website does not have any more

control over what appears on that website. This term is derived from the term hi jacking.

This may be done for fulfilling political objectives or for money. E.g. recently the site of MIT (Ministry of Information Technology) was hacked by the Pakistani hackers and some obscene matter was placed therein.

The Web Jacking Attack Vector is another phishing technique

Attackers that are using this method are creating a fake website and when the victim opens the link a page appears with the message that the website has moved and they

need to click another link. If the victim clicks the link that

looks real he will redirected to a fake page.

SOFTWARE PIRACY

Software piracy is the unauthorized copying or distribution of copyrighted software.

. Software piracy can be done by copying, downloading, sharing, selling or installing multiple copies of software onto personal or work computers.

If you make more copies of the software or install the software more times than the license permits, upload software code to a website so that others can download and use it, share software license codes or activation keys, or in

some cases, share your user ID and password for a web- based software application (‘cloud’ computing), you are pirating software and breaking the law.

Examples of software piracy include:

Distributing software or mobile apps from the Internet in a manner that violates the license terms.

Buying a single copy of a software program and installing it without authorization on multiple devices.

Making and/or sharing copies of installation CDs.

Sharing the login credentials (without authorization) used to access a web-based software application (“Software as a Service”)

PASSWORD SNIFFING

Password sniffing is an attack on the Internet that is used to steal user names and passwords from the network.

A password sniffer is a software application that scans and records passwords that are used or broadcasted on a computer or network interface. It listens to all incoming and outgoing network traffic and records any instance of a data

packet that contains a password.

A password sniffer installs on a host machine and scans all incoming and outgoing network traffic.

A password sniffer may be applied to most network protocols, including HTTP, Internet Message Access

Protocol (IMAP), file transfer protocol (FTP), POP3, Telnet (TN) and related protocols that carry passwords in some format.

DEFAMATION LAW

There is always a delicate balance between one person's

right to freedom of speech and another's right to protect

their good name.

The term "defamation" is a term that covers any statement that hurts someone's reputation.

If the statement is made in writing and published, the defamation is called “libel”.

If the hurtful statement is spoken, the statement is "slander."

The government can't imprison someone for making a defamatory statement since it is not a crime. Instead, defamation is considered to be a civil wrong, or a tort.

PROBATIVE VALUE OF E EVIDENCE

Digital evidence or electronic evidence is any probative information stored or transmitted in digital form that a

party to a court case may use at trial.

Digital Evidence is “information of probative value that is stored or transmitted in binary form”.

Evidence is not only limited to that found on computers but may also extend to include evidence on digital devices such as telecommunication or electronic multimedia devices.

The e-EVIDENCE can be found in e-mails, digital

photographs, ATM transaction logs, word processing,

documents, instant message histories, files saved from accounting programs, spreadsheets, internet browser histories databases.

JURISDICTION

Jurisdiction means the authority which a court has to decide matters that are litigated before it or to take

cognizance if matters are presented in a formal way for its decisions, it could be said that it is the power/authority of the court to decide matters that are brought before him.

PHISHING

Phishing is the act of sending an email to a user falsely claiming to be an established legitimate enterprise in an

attempt to scam the user into surrendering private

information that will be used for identity theft.

Phishing email will typically direct the user to visit a website where they are asked to update personal

information, such as a password, credit card, social

security, or bank account numbers, that the legitimate organization already has. The website, however, is

bogus and will capture and steal any information the

user enters on the page

There are a number of different techniques used to obtain personal information from users such as-:

Spear phishing - Spear phishing is a much more targeted attack in which the hacker knows

which specific individual or organization they

are after. They do research on the target in order to make the attack more personalized and increase the likelihood of the target falling into

their trap.

Email/Spam - Using the most common phishing technique, the same email is sent to millions of users with a request to fill in personal details. These details will be used by the phishers for their illegal activities.

Most of the messages have an urgent note which

requires the user to enter credentials to update account information, change details, or verify accounts.

Sometimes, they may be asked to fill out a form to

access a new service through a link which is provided in the email.

Web Based Delivery - Web based delivery is one of the most sophisticated phishing techniques. Also known as “man-in-the-middle,” the hacker is located in between the original website and the phishing system.

The phisher traces details during a transaction between

the legitimate website and the user. As the user continues to pass information, it is gathered by the

phishers, without the user knowing about it.

Link Manipulation - Link manipulation is the

technique in which the phisher sends a link to a malicious website. When the user clicks on the deceptive link, it opens up the phishers website instead of the website mentioned in the link.

Key loggers - Keyloggers refer to the malware used

to identify inputs from the keyboard. The information is sent to the hackers who will decipher passwords and

other types of information. To prevent key loggers from

accessing personal information, secure websites provide options to use mouse clicks to make entries through the virtual keyboard.

Digital Signature - A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software

or digital document.

Digital signatures are based on public key cryptography, also known as asymmetric

cryptography.

A valid digital signature gives recipient a reason to believe that the message was created by a

known sender (authentication), that the sender

cannot deny having sent the message (non- repudiation), and that the message was not

altered in transit (integrity).

Proxy Server - Proxy server is a computer that sits between a client computer and the Internet, and provide indirect network services to a client.

It may reside on the user's local computer, or at various

points between the user's computer and destination servers on the Internet.

A proxy server intercepts all client requests, and provide

responses from its cache or forwards the request to the real server.

A client computer is connected to the proxy server, which

acknowledges client requests by providing the requested

resource/data from either a specified server or the local

cache memory. Client requests include files or any other

resources available on various servers.

EXAMPLE OF HOW PROXY SERVERS

WORK:

When a proxy server receives a request for an

Internet resource (such as a Web page), it looks

in its local cache of previously pages. If it finds the page, it returns it to the user without needing

to forward the request to the Internet. If the page

is not in the cache, the proxy server, acting as a client on behalf of the user, uses one of its own IP

addresses to request the page from the server out

on the Internet. When the page is returned, the proxy server relates it to the original request and

forwards it on to the user.

TYPES OF PROXY SERVERS

Proxy servers are classified into several types based on

purpose and functionality. Some of the most common

types and their uses can be described as below:

Web Proxy Transparent Proxy Anonymous Proxy Distorting Proxy Tunneling Proxy Forward Proxy Open Proxy Reverse proxy

ANONYMIZER

An anonymizer or an anonymous proxy is a tool that attempts to make activity on the internet untraceable.

It

is

a

proxy

server

computer

that

acts

as

an

intermediary and privacy shield between a client computer and the rest of the Internet.

It accesses the Internet on the user's behalf,

protecting personal information by hiding the client computer's identifying information.

There are many reasons for using anonymizers. They

can help minimize risk. They can be used to prevent identity theft, or to protect search histories from public disclosure.