An Introduction to Cyber - Crime

Computer crime refers to criminal activity involving a

computer. The computer may be used in the
commission of a crime or it may be the target. Net-
crime refers to criminal use of the Internet.

Cyber-crimes are essentially a combination of these

two elements and can be best defined as "Offences that
are committed against individuals or groups of
individuals with a criminal motive to intentionally
harm the reputation of the victim or cause physical or
mental harm to the victim directly or indirectly using
modern telecommunication networks such as the
Internet and mobile phones .
 The U.S. Department of Justice broadens this definition
to include any illegal activity that uses a computer for
the storage of evidence.

The term 'cyber-crime' can refer to offenses including

criminal activity against data, infringement of content
,copyright, fraud, unauthorized access.

There are two main categories that define the cyber-

crimes. Firstly those that target computer networks or
devices such as viruses, malware, or denial of service
attacks. The second category relate to crimes that are
facilitated by computer networks or devices like cyber-
stalking, fraud, identity-theft, extortion, phishing (spam)
and theft of classified information.
 History of Cyber Crime
One may say that the concept of the computer
came with the invention of the first abacus,
hence it can be said that cybercrime has been
around ever since people used calculating
machines for wrong purposes.

However, cybercrime has shown itself as a

serious threat to society for less than a decade.
 The first recorded cyber crime took place in
the year 1820.

The abacus, which is thought to be the earliest

form of a computer, has been around since
3500 B.C. in India, Japan and China. The era
of modern computers, however, began with
the analytical engine of Charles Babbage.
 In 1820, Joseph-Marie Jacquard, a textile
manufacturer in France, produced the loom.
This device allowed the repetition of a series
of steps in the weaving of special fabrics.

This resulted in a fear amongst Jacquard's

employees that their traditional employment
and livelihood were being threatened. They
committed acts of sabotage to discourage
Jacquard from further use of the new
technology. This is the first recorded cyber
crime.
 Different Types Of Cyber Crime Includes These
Four Categories:
Data-related crimes, including modification,
theft.
Network-related crimes.
Crimes of access, including hacking and virus
distribution.
Associated computer-related crimes, including
aiding and abetting cyber criminals, computer
fraud, and computer forgery.
 Hacker
A hacker is an individual who uses computer,
networking or other skills to overcome a technical
problem.

The term hacker may refer to anyone with technical

skills, but it often refers to a person who uses his or her
abilities to gain unauthorized access to systems or
networks in order to commit crimes.

Hacking has been defined as "Deliberately gaining

unauthorized access to an information system."
 Types of hackers
Hackers are divided into three types: white hat,
black hat and gray hat.
White Hat Hackers- :
A white hat hacker is
a computer security specialist who breaks into
protected systems and networks to test and
asses their security. White hat hackers use
their skills to improve security by exposing
vulnerabilities before malicious hackers
(known as black hat hackers) can detect and
exploit them.
 Black Hat Hackers- :
A black hat hacker is a
person who attempts to find computer security
vulnerabilities and exploit them for personal
financial gain or other malicious reasons.

Gray Hat Hackers- :

The term gray hat
refers to a computer hacker or computer security
expert who may sometimes violate laws or typical
ethical standards , but does not have the malicious
intent typical of a black hat hacker.
 Cracker
A cracker is generally someone who breaks into
someone else's computer system, often on a network,
bypasses passwords or licenses in computer programs or
in other ways intentionally breaches computer security.

A cracker can be doing this for profit, maliciously, for

some cause, or because some challenge is there. Some
breaking-and-entering has been done to point out
weaknesses in a site's security system.

.
 Malicious Programs
"Malware" is short for malicious software . Malware is
designed to cause damage to a stand alone computer or a
networked pc.
Malicious software can be divided into two categories:
those that need a host program, and those that are
independent.

The former are essentially fragments of programs that

cannot exist independently of some actual application
program, utility, or system program. Viruses, logic bombs,
and backdoors are examples. The latter are self-contained
programs that can be scheduled and run by the operating
system. Worms and zombie programs are examples.
-Viruses
-A virus is a piece of software that can "infect" other
programs by modifying them; the modification includes a
copy of the virus program, which can then go on to infect
other programs. It can attack any area: from corrupting
the data of the file using the computer's processing
resources in attempt to crash the machine and more.

-A virus can do anything that other programs do. The

only difference is that it attaches itself to another program
and executes secretly when the host program is run. Once
a virus is executing, it can perform any function, such as
erasing files and programs.
During its lifetime, a typical virus goes through the
following four phases:
Dormant phase: The virus is idle. The virus will
eventually be activated by some event, such as a
date, the presence of another program or file, or
the capacity of the disk exceeding some limit.
Not all viruses have this stage.
Propagation phase: The virus places an identical
copy of itself into other programs or into certain
system areas on the disk. Each infected program
will now contain a clone of the virus, which will
itself enter a propagation phase.
 Triggering phase: The virus is activated to
perform the function for which it was intended.
As with the dormant phase, the triggering phase
can be caused by a variety of system events,
including a count of the number of times that this
copy of the virus has made copies of itself.

Execution phase: The function is performed.

The function may be harmless, such as a message
on the screen, or damaging, such as the
destruction of programs and data files.
 Worms - A computer worm is self-replicating malware
that duplicates itself to spread to uninfected computers.
Worms often use parts of an operating system that are
automatic and invisible to the user. It is common for worms
to be noticed only when their uncontrolled replication
consumes system resources, slowing or halting other tasks.
Logic Bomb Also known as slang code. It is a malicious
code that is intentionally injected into software applications
or OS that implements a malicious function after a certain
amount of time or when specific conditions are met.
Logic Bomb are often used with virus, worms
& trojan horse to do maximum damage before being
noticed. They perform corrupting or altering data ,
reformatting hard drive , deleting important files.
 Trojan Horse Type of malware which harm our
computer system. Trojans do not replicate by
infecting other files or computer systems. They
survive by going unnoticed. They may sit quietly in
your computer , collecting information & setting up
holes in your security.
Trapdoor(Backdoor) Provides a secret method of
gaining access to an application , OS or online
service.
It is an entry point into a program that allows
someone that is aware of the trapdoor to gain access
without going through the usual security access
procedures.
 Zombie A computer that has been implanted with
a daemon that puts it under the control of a
malicious hacker without the knowledge of the
computer owner.
Zombies are used by malicious hackers to
launch DOS attacks.
*Daemon It is a process that runs in the
background and performs a specified operation at a
predefined time or in response to certain events.
 Internet Time Theft

Internet time theft comes under the heading of

hacking. It is used by an unauthorized person of
the Internet hours paid for by another person. The
person who gets access to someone else's ISP user
ID and password, either by hacking or by gaining
access to it by illegal means, uses it to access the
Internet without the other person's knowledge. You
can identify time theft if your Internet time has to
be recharged often, despite infrequent usage. There
are many such cases in India that are prosecuted
under the IT Act.
 Salami Attack

A salami attack is when small attacks add up to one

major attack that can go undetected due to the nature of
this type of cyber crime.
It is also known as salami slicing.
Salami slicing is often used to carry out illegal activities,
it is only a strategy for gaining an advantage over time by
accumulating it in small increments, so it can be used in
perfectly legal ways .
The attacker uses an online database to seize the
information of customers that is bank/credit card details
deducting very little amounts from every account over a
period of time.
 The customers remain unaware of the slicing and hence
no complaint is launched thus keeping the hacker away
from detection.
These attacks are used for the commission of financial
crimes.
E.g. a bank employee inserts a program, into the banks
servers, that deducts a small amount of money (say Rs. 5 a
month) from the account of every customer. No account
holder will probably notice this unauthorized debit, but the
bank employee will make a sizeable amount of money
every month.
 WEB JACKING
This occurs when someone forcefully takes control of a
website (by cracking the password and later changing it).
The actual owner of the website does not have any more
control over what appears on that website.
This term is derived from the term hi jacking.
This may be done for fulfilling political objectives or for
money. E.g. recently the site of MIT (Ministry of
Information Technology) was hacked by the Pakistani
hackers and some obscene matter was placed therein.
The Web Jacking Attack Vector is another phishing
technique
 Attackers that are using this method are creating a fake
website and when the victim opens the link a page appears
with the message that the website has moved and they
need to click another link. If the victim clicks the link that
looks real he will redirected to a fake page.
 SOFTWARE PIRACY
Software piracy is the unauthorized copying or
distribution of copyrighted software.
. Software piracy can be done by copying, downloading,
sharing, selling or installing multiple copies of software
onto personal or work computers.
If you make more copies of the software or install the
software more times than the license permits, upload
software code to a website so that others can download and
use it, share software license codes or activation keys, or in
some cases, share your user ID and password for a web-
based software application (cloud computing), you are
pirating software and breaking the law.
Examples of software piracy include:

Distributing software or mobile apps from the Internet in

a manner that violates the license terms.
Buying a single copy of a software program and installing
it without authorization on multiple devices.
Making and/or sharing copies of installation CDs.
Sharing the login credentials (without authorization) used
to access a web-based software application (Software as a
Service)
 PASSWORD SNIFFING
Password sniffing is an attack on the Internet that is used
to steal user names and passwords from the network.
A password sniffer is a software application that scans and
records passwords that are used or broadcasted on a
computer or network interface. It listens to all incoming and
outgoing network traffic and records any instance of a data
packet that contains a password.
A password sniffer installs on a host machine and scans all
incoming and outgoing network traffic.
A password sniffer may be applied to most network
protocols, including HTTP, Internet Message Access
Protocol (IMAP), file transfer protocol (FTP), POP3, Telnet
(TN) and related protocols that carry passwords in some
format.
 DEFAMATION LAW
There is always a delicate balance between one person's
right to freedom of speech and another's right to protect
their good name.
The term "defamation" is a term that covers any statement
that hurts someone's reputation.
If the statement is made in writing and published, the
defamation is called libel.
If the hurtful statement is spoken, the statement is
"slander."
The government can't imprison someone for making a
defamatory statement since it is not a crime. Instead,
defamation is considered to be a civil wrong, or a tort.
 PROBATIVE VALUE OF E EVIDENCE
Digital evidence or electronic evidence is any probative
information stored or transmitted in digital form that a
party to a court case may use at trial.
Digital Evidence is information of probative value that is
stored or transmitted in binary form.
Evidence is not only limited to that found on computers but
may also extend to include evidence on digital devices such
as telecommunication or electronic multimedia devices.
The e-EVIDENCE can be found in e-mails, digital
photographs, ATM transaction logs, word processing,
documents, instant message histories, files saved from
accounting programs, spreadsheets, internet browser
histories databases.
 JURISDICTION

Jurisdiction means the authority which a court has to

decide matters that are litigated before it or to take
cognizance if matters are presented in a formal way for its
decisions, it could be said that it is the power/authority of
the court to decide matters that are brought before him.
 PHISHING
Phishing is the act of sending an email to a user falsely
claiming to be an established legitimate enterprise in an
attempt to scam the user into surrendering private
information that will be used for identity theft.
Phishing email will typically direct the user to visit a
website where they are asked to update personal
information, such as a password, credit card, social
security, or bank account numbers, that the legitimate
organization already has. The website, however, is
bogus and will capture and steal any information the
user enters on the page
There are a number of different techniques used to
obtain personal information from users such as-:
Spear phishing - Spear phishing is a much
more targeted attack in which the hacker knows
which specific individual or organization they
are after. They do research on the target in
order to make the attack more personalized and
increase the likelihood of the target falling into
their trap.
Email/Spam - Using the most common
phishing technique, the same email is sent to
millions of users with a request to fill in
personal details. These details will be used by
the phishers for their illegal activities.
Most of the messages have an urgent note which
requires the user to enter credentials to update account
information, change details, or verify accounts.
Sometimes, they may be asked to fill out a form to
access a new service through a link which is provided
in the email.

Web Based Delivery - Web based delivery is one

of the most sophisticated phishing techniques. Also
known as man-in-the-middle, the hacker is located in
between the original website and the phishing system.
The phisher traces details during a transaction between
the legitimate website and the user. As the user
continues to pass information, it is gathered by the
phishers, without the user knowing about it.
Link Manipulation - Link manipulation is the
technique in which the phisher sends a link to a
malicious website. When the user clicks on the
deceptive link, it opens up the phishers website
instead of the website mentioned in the link.

Key loggers - Keyloggers refer to the malware used

to identify inputs from the keyboard. The information
is sent to the hackers who will decipher passwords and
other types of information. To prevent key loggers from
accessing personal information, secure websites provide
options to use mouse clicks to make entries through the
virtual keyboard.
Digital Signature - A digital signature is a
mathematical technique used to validate the
authenticity and integrity of a message, software
or digital document.
Digital signatures are based on public key
cryptography, also known as asymmetric
cryptography.
A valid digital signature gives recipient a reason
to believe that the message was created by a
known sender (authentication), that the sender
cannot deny having sent the message (non-
repudiation), and that the message was not
altered in transit (integrity).
Proxy Server - Proxy server is a computer that sits
between a client computer and the Internet, and provide
indirect network services to a client.
It may reside on the user's local computer, or at various
points between the user's computer and destination
servers on the Internet.
A proxy server intercepts all client requests, and provide
responses from its cache or forwards the request to the
real server.
A client computer is connected to the proxy server, which
acknowledges client requests by providing the requested
resource/data from either a specified server or the local
cache memory. Client requests include files or any other
resources available on various servers.
 EXAMPLE OF HOW PROXY SERVERS
WORK:

When a proxy server receives a request for an

Internet resource (such as a Web page), it looks
in its local cache of previously pages. If it finds
the page, it returns it to the user without needing
to forward the request to the Internet. If the page
is not in the cache, the proxy server, acting as a
client on behalf of the user, uses one of its own IP
addresses to request the page from the server out
on the Internet. When the page is returned, the
proxy server relates it to the original request and
forwards it on to the user.
 TYPES OF PROXY SERVERS

Proxy servers are classified into several types based on

purpose and functionality. Some of the most common
types and their uses can be described as below:
Web Proxy
Transparent Proxy
Anonymous Proxy
Distorting Proxy
Tunneling Proxy
Forward Proxy
Open Proxy
Reverse proxy
 ANONYMIZER

An anonymizer or an anonymous proxy is a tool that

attempts to make activity on the internet untraceable.
It is a proxy server computer that acts as an
intermediary and privacy shield between a client
computer and the rest of the Internet.
It accesses the Internet on the user's behalf,
protecting personal information by hiding the client
computer's identifying information.
There are many reasons for using anonymizers. They
can help minimize risk. They can be used to prevent
identity theft, or to protect search histories from
public disclosure.