Beruflich Dokumente
Kultur Dokumente
“Any crime that involves a computer and a network is called a “Computer Crime” or “Cyber
Crime”.
For this purpose a computer may have been used to commit such crime or simply a computer
may be the target.
Another term called “Internet crime” refers to criminal activities for exploiting the internet.
These crimes include and is not limited to identity theft, threatening a nation‘s security,
copyright infringement and child pornography. These crimes have become a threat to
individual privacy, where confidential data, individual‘s identity or photos and videos etc. is
stolen or intercepted by the attacker.
In ―Cyber Crime‖ such as identity theft, financial theft, espionage mostly non-state agents
and government organizations are involved.
state and explain the defference cyber crime and cyber fraud?
1. Hacking
Keep in mind, though, that in the strictest sense of the word, hacking is not illegal in and of
itself, and is therefore not a crime. It is simply a skill, and it is what people can do with this
skill that may be illegal.
2. Cyberstalking
Cyberstalking is the use of the internet and various online platforms within as well as other
electronic devices to stalk, harass, or blackmail any person or group. In some cases,
cyberstalking can escalate to physical violence, rape, and even murder.
Just like actual stalking, cyberstalking is considered a crime in most parts of the world. In the
United States, for example, cyberstalking is a federal crime under Title 47 of the U.S. Code.
This is when a person is able to steal your personal information (Social Security number,
credit card information, bank account numbers) through online means. It can be achieved in a
variety of ways such as email phishing, malware injection, and brute force hacking.
In terms of financial loss as well as the serious hassle it causes, identity theft is one of the
most destructive forms of cybercrime. In one fell swoop, a cybercriminal can take over your
finances and take your money.
This is, without a doubt, the most heinous type of cybercrime. There are many activities that
constitute online child abuse including the downloading, selling, and distribution of child
pornography through websites and forums and the solicitation of children for sex via
chatrooms.
Along with cyberstalking, online child abuse (and child abuse in general) is a federal crime
under the U.S. Code.
5. Ransomware attack
Ransomware attacks also cause significant financial damage. In 2017, it was reported that the
global cost of ransomware exceeded $5 billion dollars.
The purpose of an online scam is for you the victim, into willingly giving up money under
false pretenses. One typical scenario is called the ―charity fraud‖. Here, a criminal appeals to
your sense of righteousness by posing as a representative of a charitable organization
dedicated to a meaningful cause like cancer or AIDS research. After spinning you around, the
perpetrator will then ask for a hefty donation, which can be a either a one-time payment or a
series of payments.
Cyberstalking is the use of the internet and various online platforms within as well as other
electronic devices to stalk, harass, or blackmail any person or group. In some cases,
cyberstalking can escalate to physical violence, rape, and even murder.
Just like actual stalking, cyberstalking is considered a crime in most parts of the world. In the
United States, for example, cyberstalking is a federal crime under Title 47 of the U.S. Code.
A cybercriminal is an individual who commits cybercrimes, where he/she makes use of the
computer either as a tool or as a target or as both.
The word ‗botnet‘ is a combination of two words, ‗robot‘ and ‗network.‘ Here, a
cybercriminal who performs the role of a botmaster uses Trojan viruses to breach the security
of several computers and connect them into a network for malicious purposes. Each computer
on the network acts as a ‗bot‘ and is controlled by a scammer to transmit malware or spam or
malicious content in order to launch the attack. A botnet is also known as a Zombie Army as
the computers involved are being controlled by someone other than their owner.
The origin of botnets was mainly to serve as a tool in internet relay chat (IRC) channels.
Eventually, spammers exploited the vulnerabilities present in IRC networks and developed
bots. This was intentionally done to perform malicious activities such as keystroke logging,
password theft, etc. [6]
Botnet Structure
The structure of the botnet usually takes one of two forms: Client-server model or Peer-to-
peer model.
Client-server model
In the client-server botnet structure, a basic network is established with one server acting as a
botmaster. The botmaster controls the transmission of information from each client to
establish command and control (C&C) of the client devices. The client-server model works
with the help of special software and allows the botmaster to maintain control. This model
has a few drawbacks such as it can be located easily and has only one control point. In this
model, if the server is destroyed, the botnet perishes.
Peer-to-peer
To overcome the drawback of relying on one centralized server, botnets have evolved. New
botnets are interconnected in the form of peer-to-peer structure. In the P2P botnet model,
each connected device works independently as a client and a server, coordinating among each
other to update and transmit information between them. The P2P botnet structure is stronger
because of the absence of a single centralized control.
Grum is the type of spam which is hard to detect as it infects files used by Autorun registries.
This botnet has attracted the researches as it is relatively small with only 600,000 members
but accounts for 40 billion spam-emails per day which is approximately 25% of the total
spam emails. [2]
Keylogging:
With the help of keylogger, it becomes easy for a botmaster to retrieve sensitive information
and steal data. Using a keylogger program, an attacker can gather only the keys typed that
come in the sequence of interesting words like PayPal, Yahoo, etc.
Pay-per-click abuse:
Google‘s AdSense program allows websites to display Google advertisements and thereby
earn money from them. Google pays money to the website owners on the basis of the number
of clicks their advertisements gather. Compromised machines are used to automatically click
on a site, inflating the number of clicks sent to the company with the ad.
These are attacks that go straight to our devices or hosts in general. We‘ll mention only some
of the best known.
Malware: Includes all programs that introduce malicious codes (viruses, worms,
Trojans) on our computers, causing multiple and invaluable damage.
Keyloggers:
Employs programs to collect everything that the user types via keyboard. They can
even take screenshots.
Social engineering: Obtaining confidential information from a person or organization
to use it for malicious purposes. The most striking examples are phishing and spam.
o
Phishing: Consist in deceiving the users to obtain their confidential
information by spoofing the identity of a body or Internet website.
Spam: Unsolicited messages, commonly in the shape of ads, sent in a
massive and repetitive manner. Email is the most used means for such
attacks; but also instant messaging programs; and even unsolicited
calls via cell phone.
Computer networks are the favorite means of many hackers to steal information to sell to the
highest bidder white; or causing sabotage aimed at slowing down the network‘s traffic. They
can be active and passive attacks.
So, active attacks occur when an intruder manages to install malicious codes aimed to
sabotage the good performance of networks and computers; while on the other hand,
the passive attack occurs when an attacker gets into a network and
intercepts data exchange on the network.
Attack vectors in cybersecurity: Active attacks
The Government of India enacted its Information Technology Act 2000 with the objectives
stating officially as:
“to provide legal recognition for transactions carried out by means of electronic data
interchange and other means of electronic communication, commonly referred to as
“electronic commerce”, which involve the use of alternatives to paper-based methods of
communication and storage of information, to facilitate electronic filing of documents with
the Government agencies and further to amend the Indian Penal Code, the Indian Evidence
Act, 1872, the Bankers’ Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934
and for matters connected therewith or incidental thereto.”
Thus the need for an amendment – a detailed one – was felt for the I.T. Act. Major industry
bodies were consulted and advisory groups were formed to go into the perceived lacunae in
the I.T. Act and comparing it with similar legislations in other nations and to suggest
recommendations. Such recommendations were analyzed and subsequently taken up as a
comprehensive Amendment Act and after considerable administrative procedures, the
consolidated amendment called the Information Technology Amendment Act 2008 was
placed in the Parliament and passed at the end of 2008 (just after Mumbai terrorist attack of
26 November 2008 had taken place). The IT Amendment Act 2008 got the President assent
on 5 Feb 2009 and was made effective from 27 October 2009.
Inclusion of some additional cyber crimes like child pornography and cyber terrorism
Authorizing an Inspector to investigate cyber offenses (as against the DSP earlier)
Structure of IT Act
A will as defined in clause (h) of section 2 of the Indian Succession Act, 1925 including any
other testamentary disposition
Credit and debit card fraud is a form of identity theft that involves an unauthorized taking of
another's credit card information for the purpose of charging purchases to the account or
removing funds from it. This theft can occur physically when the actual credit and debit card
is taken, or the theft can occur when just the numbers are stolen from an unprotected website
or a card reader at a gas station.
Continue on to learn more about credit card fraud, the federal and state laws that apply to it,
and the possible penalties you could face if convicted of the crime.
Debit/credit card fraud can be committed in a variety of ways, such as when a person:
1. Fraudulently obtains, takes, signs, uses, sells, buys, or forges someone else's credit or
debit card or card information;
2. Uses his or her own card with the knowledge that it is revoked or expired or that the
account lacks enough money to pay for the items charged; or
3. Sells goods or services to someone else with knowledge that the credit or debit card
being used was illegally obtained or is being used without authorization.
Credit and debit card fraud has become a huge problem, and both the states and the federal
government have passed laws in attempt to address the problem.
State Laws
Each state has credit card fraud laws that prohibit the illegal possession and use of a credit or
debit card. They have statutes for the physical possession and use of a stolen card. Then there
are statutes if just the account number information is stolen, referred to as identity theft. For
instance, Alabama Code § 13A-9-14 punishes credit or debit card theft, while § 13A-8-
192 punishes identity theft or the possession of identifying information.
Some states have passed more protections that other states. California has been on the
forefront of passing numerous laws to try to prevent credit card and identity theft, as can be
seen in the following sections from the California Penal Code:
Federal Law
Federal credit card fraud laws focus on interstate and foreign commerce, making it illegal to
use a stolen or fraudulently obtained credit or debit card. The penalties for such use shall be
fined not more than $10,000 and/or imprisoned not more than ten years. Here is a list of
federal statutes addressing credit card fraud:
Credit fraud is a broad term for the use of a credit card (or any comparable type of credit) to
buy goods or services with the intention of evading payment. While it is simple to understand
the physical theft of a credit or debit card from a wallet or purse, today it is much more
common to just have information stolen and not the card itself. There are several forms of
credit card fraud with new and ingenious methods being devised almost daily. The most
common types of credit fraud include:
Identity Theft
One of the most damaging forms of credit card fraud is identity theft, because once personal
identifying information is taken it can be used for numerous fraudulent activities. Several
credit card frauds depend on identity theft. If a bad actor steals a person's identifying
information they can open new accounts or they can contact credit card companies and
change addresses to take over an existing account.
Data Breach
Sometimes the identity theft falls short of stealing a person's complete identity. The thief may
just get the number from one card. This sometimes happens when a company has its customer
information hacked in a data breach. Companies that store a customer's credit card
information sometimes have that information stolen. The thief can then use the credit card
number to make telephone or on-line purchases without the credit card being present.
It used to be that when you used a credit card an impression of the card was made on carbon
paper. Then when the carbon paper was discarded, the credit card numbers could be stolen.
That does not happen very often these days, but a modern version of that is electronic credit
card skimmers that can read the credit card information from the magnetic strip on the credit
card. There are a couple of forms of electronic card skimmers.
One type is a portable reader that can read cards carried in pockets and purses of people as
they walk down the street. Another type is a reader that is affixed to a stationary location,
such as an ATM machine or a gas station pump. The credit or debit card imprint can then be
used to make a counterfeit or fake credit card that will function just like the real thing.
Then, of course, there is the old stand-by for credit card fraud and that is the physical stealing
of the card itself. A purse or wallet can be stolen, but the card can also be simply lost. There
are a number of ways a card can be stolen. They can be taken from mailboxes or as part of a
house burglary or a car break-in. A waiter can take in the information at a restaurant. Often,
this type of theft will result in a fraud spree, where the perpetrator racks up charges as quickly
as possible before the victim has a chance to report the card lost or stolen.
The state and federal laws require that someone has an intent to defraud or steal to be guilty
of credit card fraud. Mistakenly using someone else's card or unintentionally using a
cancelled or expired card is not grounds to hold someone criminally liable for credit card
fraud.
Illustrate what is phishing attack?
Phishing is the fraudulent use of electronic communications to deceive and take advantage of
users. Phishing attacks attempt to gain sensitive, confidential information such as usernames,
passwords, credit card information, network credentials, and more. By posing as a legitimate
individual or institution via phone or email, cyber attackers use social engineering to
manipulate victims into performing specific actions—like clicking on a malicious link or
attachment—or willfully divulging confidential information.
Both individuals and organizations are at risk; almost any kind of personal or organizational
data can be valuable, whether it be to commit fraud or access an organization‘s network. In
addition, some phishing scams can target organizational data in order to support espionage
efforts or state-backed spying on opposition groups.
Phishing Methods
Phishing attempts most often begin with an email attempting to obtain sensitive information
through some user interaction, such as clicking on a malicious link or downloading an
infected attachment.
Through link manipulation, an email may present with links that spoof legitimate URLs;
manipulated links may feature subtle misspellings or use of a subdomain.
Phishing scams may use website forgery, which employs JavaScript commands to make a
website URL look legitimate.
Using covert redirection, attackers can corrupt legitimate websites with malicious pop-up
dialogue boxes that redirect users to a phishing website.
Infected attachments, such as .exe files, Microsoft Office files, and PDF documents can
install ransomware or other malware.
Phishing scams can also employ phone calls, text messages, and social media tools to trick
victims into providing sensitive information.
A buffer overflow is a situation where a running program attempts to write data outside the
memory buffer which is not intended to store this data. When this happens we are talking
about a buffer overflow or buffer overrun situation. A memory buffer is an area in the
computer‘s memory (RAM) meant for temporarily storing data. This kind of buffers can be
found in all programs and are used to store data for input, output and processing.
An example of data stored in buffers are login credentials or the hostname for an FTP server.
Also other data temporarily stored before processing can be stored in buffers. This literally
could be anything from user input fields such as username and password fields to input files
used to import certain configuration files. When the amount of data written to the buffer
exceeds the expected amount of data, the memory buffer is overrun. This happens for
example when a username with a maximum of 8 bytes is expected and a username of 10
bytes is given and written to the buffer. In this case the buffer is exceeded by 2 bytes and an
overflow will occur when it‘s not prevented from happening. This often happens due to bad
programming and the lack of input sanitization.
When a memory buffer overflow occurs and data is written outside the buffer, the running
program may become unstable, crash or return corrupt information. The overwritten parts of
memory may have contained other important data for the running application which is now
overwritten and not available to the program anymore. Buffer overflows can even run other
(malicious) programs or commands and result in arbitrary code execution.
When a buffer overflow vulnerability is used to write malicious data in the memory and the
attacker is able to take control of the execution flow of a program, we are dealing with a
serious security vulnerability. Buffer overflows can then become serious security issues.
These security issues can be exploited by hackers to take (remote) control of a host, perform
privilege escalation or a lot more bad things as a result of arbitrary code execution. Arbitrary
code execution is the process of injecting code in the buffer and get it to execute.
Not all buffer overflow vulnerabilities can be exploited to gain arbitrary code execution. Also
(remote) Denial of Service attacks can be performed when they only crash the running
program. As buffer overflows vulnerabilities can occur in any software DoS attacks are not
just limited to services and computers. Also routers, firewalls IoT devices and anything else
running an OS can be targeted. An example of this situation is the recent Cisco ASA IKEv1
and IKEv2 Buffer Overflow exploits lately. Some of these remote exploits only crash and
force reboot the firewall resulting in a couple minutes downtime.
Denial of Service attacks (DoS) are becoming highly popular mode of web attack
these days.
It involves making the computer systems inaccessible by flooding servers, networks,
or even end user systems with useless traffic so that legitimate users can no longer
gain access to those resources
A popular form of DoS attacks which happens worldwide is DDoS(Distributed Denial
of Service) wherein multiple computer (also called zombies) participate in sending the
traffic.
DoS attacks exploit the asymmetric nature of certain types of network traffic. .
Therefore DoS attacks can be classified into three categories
DDoS is a type of DOS attack where multiple compromised systems, which are often
infected with a Trojan, are used to target a single system causing a Denial of Service
(DoS) attack.
Victims of a DDoS attack consist of both the end targeted system and all systems
maliciously used and controlled by the hacker in the distributed attack.
Not all hackers are out to steal your identity or even your money. Sometimes, like
real-life street vandals, hackers just want to disrupt business-as-usual for a company
for no reason other than just to do it.
That's the idea behind an attack known as a Distributed Denial of Service, or "DDoS."
A DDoS is aimed at disrupting the normal function of a specific website. That means
the attack isn't random, such as a launched virus that's aimed at everyone and anyone
but no one in particular.
A DDoS is planned and coordinated, and the goal is to make an entire website
unavailable to its regular visitors or customers.
What does "Distributed" mean?
What makes the attack distributed is the focused effort within a team ofdisruptors who
share the common goal of preventing targeted Web servers (and, therefore, targeted
websites) from working normally.
The attack is distributed among hundreds or thousands of computers.
When that happens, the website's regular customers are denied the service they want.
Even worse, the company that runs the website is denied the money they'd earn for
the day. And they may also lose some customers forever who get frustrated or worried
about coming back to the site.
The differences between DoS and DDoS are substantive and worth noting.
In a DoS attack, a perpetrator uses a single Internet connection to either exploit a
software vulnerability or flood a target with fake requests—usually in an attempt to
exhaust server resources (e.g., RAM and CPU).
On the other hand, distributed denial of service (DDoS) attacks are launched from
multiple connected devices that are distributed across the Internet.
These multi-person, multi-device barrages are generally harder to deflect, mostly due
to the sheer volume of devices involved.
Unlike single-source DoS attacks, DDoS assaults tend to target the network
infrastructure in an attempt to saturate it with huge volumes of traffic.
DDoS attacks also differ in the manner of their execution. Broadly speaking, DoS
attacks are launched using homebrewed scripts or DoS tools (e.g., Low Orbit Ion
Canon), while DDoS attacks are launched from botnets—large clusters of connected
devices (e.g., cellphones, PCs or routers) infected with malware that allows remote
control by an attacker.
How DDoS Attacks Work
The size of application layer attacks is typically measured in requests per second
(RPS), with no more than 50 to 100 RPS being required to cripple most mid-sized
websites.
4. Bandwidth attacks
This DDos attack overloads the target with massive amounts of junk data.
This results in a loss of network bandwidth and equipment resources and can lead to a
complete denial of service.
write down in brief the different security issues or challenges faced by mobile devices?
The mobile computing is the communication between computing devices without a physical
connection between them through wireless networks, which mean there are some of new
mobile security issues that are originated from wireless security issues. The security issues
and threats of mobile computing can be divided into two categories: security issues that
related to transmission of information over wireless networks, and the issues that related to
information and data residing on mobile devices.
A General Security Issue Confidentiality: Preventing unauthorized users from gaining
access to critical information of any particular user.
Integrity: Ensures unauthorized modification, destruction or creation of information cannot
take place.
Availability: Ensuring authorized users getting the access they require.
Legitimate: Ensuring that only authorized users have access to services.
E. Accountability: Ensuring that the users are held responsible for their security related
activities by arranging the user and his/her activities are linked if and when necessary.
B Wireless Security Issues
The security issues that related of wireless networks are happened by intercepted of their
radio signals by hacker, and by non-management of its network entirely by user because most
of wireless networks are dependent on other private networks which managed by others, so
the user has less control of security procedures. There are some of the main security issues of
mobile computing, which introduced by using of wireless networks are:
Denial of Service (DOS) attacks: It's one of common attacks of all kinds of networks and
specially in wireless network, which mean the prevent of users from using network services
by sending large amounts of unneeded data or connection requests to the communication
server by an attacker which cause slow network and therefore the users cannot benefit from
the use of its service.
Traffic Analysis: It's identifying and monitoring the communicating between users through
listening to traffic flowing in the wireless channel, in order to access to private information of
users that can be badly used by attacker.
Eavesdropping: The attacker can be log on to the wireless network and get access to
sensitive data, this happens if the wireless a network was not enough secure and also the
information was not encrypted. Session Interception and Messages Modification: Its
interception the session and modify transmitted data in this session by the attacker through
scenario which called: man in the middle which inserts the attacker‘s host between sender
and receiver host.
Spoofing: The attacker is impersonating an authorized account of another user to access
sensitive data and unauthorized services.
Captured and Re transmitted Messages: Its can get some of network services to attacker
by get unauthorized access through capture a total message and replay it with some
modifications to the same destination or another
C Device Security Issues Mobile devices are vulnerable to new types of security attacks and
vulnerable to theft not because of the get these devices itself, but because of get to sensitive
data That exists within its devices. Mobile computing, like any computer software may
damage by malware such as Virus, Spyware and Trojan. A virus is a real part of malicious
software and Spyware is gathering information about the user without his knowledge. Some
of main new mobile computing security issues introduced by using mobile devices include:
Pull Attacks: In pull Attack, the attacker controls the device as a source of data by an
attacker which obtained data by device itself.
Push Attacks: It's creation a malicious code at mobile device by attacker and he may spread
it to affect on other elements of the network.
Forced De-authentication: The attacker convinces the mobile end-point to drop its
connection and re-connection to get new signal, then he inserts his device between a mobile
device and the network. Multi-protocol Communication: It is the ability of many mobile
devices to operate using multiple protocols, e.g. a cellular provider‘s network protocol, most
of the protocols have a security holes, which help the attacker to exploit this weakness and
access to the device.
Mobility: The mobility of users and their data that would introduce security threats
determined in the location of a user, so it must be replicate of user profiles at different
locations to allow roaming via different places without any concern regarding access to
personal and sensitive data in any place and at any time. But the repetition of sensitive data
on different sites that increase of security threats.
Disconnections: When the mobile devices cross different places it occurs a frequent
disconnections caused by external party resulting hand off.
1. Phishing: Phishing is the leading form of social engineering attacks that are typically
delivered in the form of an email, chat, web ad or website that has been designed to
impersonate a real systems and organisation. Phishing messages are crafted to deliver
a sense of urgency or fear with the end goal of capturing an end user‘s sensitive data.
A phishing message might come from a bank, the government or a major corporation.
The call to actions vary. Some ask the end user to ―verify‖ their login information of
an account, and include a mocked-up login page complete with logos and branding to
look legitimate. Some claim the end user is the ―winner‖ of a grand prize or lottery
and request access to a bank account in which to deliver the winnings. Some ask for
charitable donations (and wiring instructions) after a natural disaster or tragedy.
2. Baiting: Baiting involves offering something enticing to an end user, in exchange for
login information or private data. The ―bait‖ comes in many forms, both digital, such
as a music or movie download on a peer-to-peer site, and physical, such as a corporate
branded flash drive labeled ―Executive Salary Summary Q3 2016‖ that is left out on a
desk for an end user to find. Once the bait is downloaded or used, malicious software
is delivered directly into the end users system and the hacker is able to get to work.
3. Quid Pro Quo: Quid pro quo involves a hacker requesting the exchange of critical
data or login credentials in exchange for a service. For example, an end user might
receive a phone call from the hacker who, posed as a technology expert, offers free IT
assistance or technology improvements in exchange for login credentials. Another
common example is a hacker, posed as a researcher, asks for access to the company‘s
network as part of an experiment in exchange for £100. If an offer sounds too good to
be true, it probably is quid pro quo.
4. Pretexting: Pretexting, the human equivalent of phishing, is when a hacker creates a
false sense of trust between themselves and the end user by impersonating a co-
worker or a figure of authority well known to an end user in order to gain access to
login information. An example of this type of scam is an email to an employee from
what appears to be the head of IT Support or a chat message from an investigator who
claims to be performing a corporate audit.
5. Piggybacking: Piggybacking, also called tailgating, is when an unauthorised person
physically follows an authorised person into a restricted corporate area or system. One
tried-and-true method of piggybacking is when a hacker calls out to an employee to
hold a door open for them as they‘ve forgotten their RFID card. Another method
involves a person asking an employee to ―borrow‖ his or her laptop for a few minutes,
during which the criminal is able to quickly install malicious software.