CYBER CRIME AND SECURITY

SENGUNTHAR ENGINEERING COLLEGE

TIRUCHENGODE

PRESENTED BY:
SAI SIVA KUMAR.D
SRIHARI.G

EMAIL ID:
saicsedon@gmail.com
srihari8@gmail.com

CONTACT NO:
9789261553
9600692334
CYBER CRIME AND SECURITY

Abstract:
With the rapid growth of Information Technology, organizations are taking extra precautions when
it comes to protecting information. In the complex interconnected business world, the common
practice of deploying company-wide security solutions (e.g., anti-virus software and firewalls) is
only the very first step of cyber security management. Adding to this first layer of security
defence, two business-oriented security solutions are included in this paper: global partnership
and proactive participation. In addition, an evolutionary process of learning to enhance the three
layers of cyber security management is recommended to be done continuously. In order to
manage these three layers of cyber security economically and effectively, an intranet-based
framework of cyber security knowledge repositories based on the 80/20 rule is also proposed

Introduction:
Net extortion, credit card fraud, hacking, virus dissemination, harassment via email - all this was unheard of a
few years ago but now have become common names in the area of cyber crime.

The nature of cyber crimes that have been reported lately have left us shocked. The recently reported crime
being the transfer of 1.5 crore from the bank account of a US client by a BPO employee.
Internet is being used as a medium by many people to make fast money or to indulge in criminal acts. There is
no limit to the way a human mind can think but it is in our hands to take precautions to prevent falling prey to
such insidious acts. In this article, we have defined what cyber crime is, offences under the Information
Technology (IT) act, 2000 and precautions that one can take from being a victim of cyber crime.
What is cyber crime?
“Cyber” refers to imaginary space, which is created when the electronic devices communicate, like network of
computers.
Cyber crime refers to anything done in the cyber space with a criminal intent. These could be either the criminal
activities in the conventional sense or could be activities, newly evolved with the growth of the new medium.
Cyber crime includes acts such as hacking, uploading obscene content on the Internet, sending obscene e-mails
and hacking into a person's e-banking account to withdraw money.
Hacking:
Hacking means an illegal intrusion into a computer system and/network. Using one's own programming
abilities as also various programmes with malicious intent to gain unauthorized access to a computer or
network are very serious crimes. Similarly, the creation and dissemination of harmful computer programs
which do irreparable damage to computer systems is another kind of cyber crime. There is an equvalent
term to hacking i.e. cracking, but the Indian law does not distinguish between the two.
Cyber Stalking:
Cyber Stalking can be defined as the repeated acts of harassment or threatening behavior of the cyber
criminal towards the victim by using internet services. It includes following the victim, making harassing
phone calls, killing the victims pet, vandalizing victims property, leaving written messages or objects. Stalking
may be followed by serious violent acts such as physical harm to the victim and the same has to be treated
and viewed seriously. It all depends on the course of conduct of the stalker.
Denial of service attack:
Denial of service attack is an act by the criminal, who floods the bandwidth of the victim’s network or fills his
e-mail box with spam mail depriving him of the services he is entitled to access.
Virus Dissemination:
Malicious software that attaches itself to other software. (Virus, worms, Trojan Horse, Time bomb, Logic
Bomb, Rabbit and Bacterium are examples of malicious software that destroys
Data diddling:
This kind of an attack involves altering raw data just before it is processed by a computer and then changing
it back after the processing is completed. Electricity boards in India have been victims to data diddling
programs inserted when private parties were computerizing their systems.
Salami attacks:
These attacks are used for the commission of financial crimes. The key here is to make the alteration so
insignificant that in a single case it would go completely unnoticed. E.g. a bank employee inserts a program,
into the bank’s servers, that deducts a small amount of money (say Rs. 5 a month) from the account of every
customer. No account holder will probably notice this unauthorized debit, but the bank employee will make a
sizeable amount of money every month.
Software Piracy:
Theft of software through the illegal copying of genuine programs or the counterfeiting and distribution of
products intended to pass for the original.
Phishing:
The act of sending an e-mail to a user falsely claiming to be an established for identity theft. The e-mail
directs the user to visit a website where they are asked to update personal information, such as passwords
and credit card, social security, and bank account numbers that the legitimate organization already has.
Attack techniques

Email bombing:
Email bombing refers to sending a large number of emails to the victim resulting in the victim’s email account
(in case of an individual) or mail servers (in case of a company or an email service provider) crashing.
Predicting the future of cyber crime and security
We have divided them into five groups:

• those involving mobile devices;

• attack targets;
• attack techniques;
• government action;
• Defensive strategies.

Mobile devices:

1. Laptop encryption:
Laptop encryption will be made mandatory at many government agencies and other organizations that store
customer/patient data and will be pre-installed on new equipment. Senior executives, concerned about potential
public ridicule, will demand that sensitive mobile data be protected.
This development provides a reasonable safety blanket to protect against an epidemic of laptop and PDA theft.

Whether the data on the stolen (or lost) laptops is ever read, the mere theft makes the company and its
executives subject to security breach disclosure laws and public ridicule. If the data is encrypted, in most cases,
the loss does not have to be disclosed.

2. PDA smart phones:

Theft of PDA smart phones will grow significantly. Both the value of the devices for resale and their content will
draw large numbers of thieves.

Attack targets:

3.Targeted cyber attacks:

Targeted attacks will be more prevalent, in particular against government agencies. Targeted cyber attacks by
nation states against US government systems over the past three years have been enormously successful,
demonstrating the failure of federal cyber security activities. Other antagonistic nations and terrorist groups,
aware of the vulnerabilities, will radically expand the number of attacks. Targeted attacks on commercial
organizations will focus on military contractors and businesses with valuable customer information.
The most common technique used in targeted attacks against military sites is spear phishing. Spear phishing
uses fake emails sent to the employees of a target organization. The email seems to come from a key manager
of the target and orders each recipient to load a piece of spy ware or to provide log-in information that the
attackers use to break in and steal important data.

4. Cell phone worms:

Cell phone worms will infect at least 100,000 phones, jumping from phone to phone over wireless data networks.
Cell phones are becoming more powerful with full-featured operating systems and readily available software
development environments. That makes them fertile territory for attackers fuelled by cell phone adware
profitability.

5. Voice over IP (VoIP) systems:

Voice over IP (VoIP) systems will be the target of cyber attacks. VoIP is an immature technology that is often
deployed hastily in organizations that do not understand the security challenges they will face. A new type of
phishing attack is also using VoIP technology to get bank credentials to steal money. The attacker sends an
email to a potential victim saying that a bank doesn't want the victim to use the internet but needs some data
verified and gives a phone number to call that seems to be in the correct (local) area code (VoIP technology
allows people anywhere in the world to appear to have a local phone number in any location they choose). The
victim calls the number and is asked to key in or say their account number and password. The criminals use the
data to empty the victim's bank account.

Attack techniques:

6. Spy ware
Spy ware will continue to be a huge and growing issue. The spyware developers can make money so many
ways that development and distribution centres will be established throughout the world.

One of the more lucrative (for the criminals) types of spyware is keystroke loggers that wait for the victim to sign
on to a bank and capture the keystrokes for the user name and password. Banks tried to fight this with graphical
point and click password entry, but sophisticated keystroke loggers now also capture the images on which the
victim clicks.

Zero-day vulnerabilities will result in major outbreaks resulting in many thousands of PCs being infected
worldwide. Security vulnerability researchers often exploit the holes they discover before they sell them to
vendors or vulnerability buyers like 'TippingPoint'.
The ranks of security researchers is growing rapidly, in part because they can sell what they find to Verisign's
iDefense or 3Com's TippingPoint. Sadly by the time the researchers sell their discoveries, most have already
been used by someone as zero-day attacks breaking into high-value sites.

8. Rootkits:
The majority of bots will be bundled with rootkits. The rootkits will change the operating system to hide the
attack's presence and make uninstalling the malware almost impossible without reinstalling a clean operating
system.

Rootkit sophistication is soaring. Ed Skoudis, SANS Hacker Exploits course director, tells of a tool called the
Blue Pill that uses new virtualization features of recent AMD processors to create a practically undetectable
rootkit as a virtual machine hypervisor, subverting a system at an extremely deep level, far below the operating
system itself.

Government action:

9. Legislation governing the protection of customer information :

Congress and state governments will pass more legislation governing the protection of customer information. If
Congress, as expected, reduces the state-imposed data breach notification requirements significantly, state
attorney generals and state legislatures will find ways to enact harsh penalties for organizations that lose
sensitive personal information. Data breach notification laws do make a difference. Executives become very
focused on computer security when they fear being shamed on the front page of the local paper. Sadly the
business lobbyists have used their political clout to persuade congressional leaders that state disclosure laws
are overly burdensome. Committee chairmen in the US House of Representatives have drafted federal laws that
eliminate much of the responsibility of business to disclose losses. The result will be a significant decline in
management concern about security.

Defensive strategies:

10. Network access control (NAC):

Network access control (NAC) will become common and will grow in sophistication. As defending laptops becomes inc
difficult, large organizations will try to protect their internal networks and users by testing each computer's attempts to c
the internal network. Tests will grow from today's simple configuration checks and virus signature validation to deeper a
searching for traces of malicious code.
NACcontrols introduce their own security problems. For example they set up quarantine zones where all systems must
they are brought up to the current standard. Sophisticated
attackers will penetrate the quarantine zones and infect other systems with hard-to-detect rootkits. When the infected s
get their patches updated and are allowed into the sensitive network, the rootkit will still be present, ready to inflict dam
steal information.

Beating the cyber criminals:

How can we keep our computers secure, prevent them being attacked and the information on them stolen? IT
security is vital to all our working lives, and it's something I've been passionate about for over 20 years.

Over that time, the nature of the threats we face has changed, but the need for vigilance and strong protection in
both the software we use and the way we use it has always been of the utmost importance.

If you think of a cyber criminal, you might think of a hacker working alone, but organized crime has moved in and
runs much of the criminal activities on the Internet. The people working for those organised crime groups on the
Internet may not ever have met any of their fellow gang members; they may be spread across many countries.

It's a new type of crime gang. What's more, the Internet enables the gang bosses to base themselves in
countries where they are unlikely to be caught and prosecuted.

For example, a classic Internet crime happens when someone advertises something for sale on one of the online
sites; maybe they're selling a car. The seller receives an email offering a good price for the car, conditional on
them accepting more money than they advertised the car for, and passing on the extra to a third party. I owe
someone in the UK £500.

If I send you a cheque for £500 more than you want for the car, can you transfer the £500 for me? The seller
waits for the cheque to clear, passes the money on, and a couple of weeks later the bank discovers that the
cheque was stolen. It’s a relatively small amount of money, it won't make the front page of a national newspaper,
but the thieves are £500 closer to their next million in profit from cyber crime.

So many people rely on Microsoft software to run their computers, to write their emails, to browse the Internet,
and we know we have to ensure our software is secure. For example, our Hotmail servers are filtering out 3.4
billion spam emails a day. We're spending billions on research to ensure our software is secure. However,
the criminals never stop trying.

They'll attack any organization; they'll attack government departments The fact is that every company has some
data that can be bought and sold.

Address books, for example, that you may not perceive as particularly valuable - provide valid email addresses for sp
target, and every PC is likely to contain at least one address Book. One question that is always asked is who
responsible for tackling the problems? The answer lies in the collaboration between many parties. Law enforcemen
governments and those in the industry all play their part. Microsoft has brought a number of civil actions to pu
criminals, and we're part of various industry consortiums, because this is an industry-wide problem, and we all have to

It's been built into the technology as part of our Trustworthy Computing initiative. This is a long-term,
collaborative effort to provide more secure, private, and reliable computing experiences for everyone.
Trustworthy Computing is built on four pillars: Security, Privacy, and Reliability in our software, services, and
products; and integrity in our Business Practices.

Analysts estimate that spam (unwanted e-mails) accounts for anywhere from 50 to 70 percent of all e-mail traffic.
In addition to e-mail threats, an evolving ecosystem of viruses, worms, and blended threats are finding new ways
to propagate inside corporate networks - including Web portals and instant messaging applications.

Security products, or the security technologies built into our software are just one part of the overall security
picture. Equally important is the need for all of us to know what threats exist and how we should behave to
minimise them. The threats to the users of your networks are becoming more prevalent, because in many cases
they are the easiest point to attack.

Security tips:
Remember, when you keep your laptop with you.

1. Get it out of the vehicle, don't ever leave it behind.

2. Treat it like your cash.

3. Keep passwords separate, not close to the laptop or case.

4. Keep it locked...use a security codes.

5. Pay attention in airports...especially at security.

When you Sign out, Sign out completely:

Instead of clicking on the "Sign out" button to terminate your online session. In addition, don't permit your
browser to "remember" your username and password information. If this browser

feature is active, anyone using your computer will have access to your account information. So clear the
passwords & web address.

Turn off your wireless devices when it's not in use

Turn off your wireless devices when you know you won't be at home or when it's not in use by which no one can
access.

Do you know whom your kids are chatting with online?

While accessing social networking, here are tips for helping your kids use social networking sites safely:

1. Help your kids to understand social responsibility.

2. Explain that kids should post only information that you - and they - are comfortable with others seeing.

3. Realized your kids that once they post information online, they can't take it ack.

4. Talk to your kids about avoiding sex talk online.

Use strong Passwords

Use the passwords like "Easy to remember, difficult to guess". Use the combination of alphabets, number &
special symbols.

Be safe while trading online

Visit only known trading websites & keep your online accounts and personal information secure from online
frauds.

Secure your cell phone

1. Secure your cell phone by using SIM / Handset locking codes.

2. Remove SIM Card from handset before giving it for servicing.

The problem with uncontrolled use of iPods, USB sticks and flash drives on your network

Introduction:
Increased portability, ease of use, stylish looks and a good dose of marketing hype are the perfect cocktail to
entice the population at large! As the popularity of iPods continues to grow, an alarming army of white earphones
is slowly taking over the workplace. But what is so alarming about having iPods and MP3 players at work?

How can insiders steal your data?

The latest versions of MP3 players and flash memory devices have huge storage capabilities; yet these gadgets
are small enough to easily conceal and sneak in behind the corporate line of defence .A user may simply
plug the device into a USB or FireWire port and they are up and running - no drivers or configuration required! In
practice, this means that a data thief can get away with even more precious data, and a negligent employee can
dump more viruses onto the corporate network even when connecting for only a short time.

iPod is just one example of such portable contraptions that boasts up to 60 GB of portable storage space;
practically large enough to store all the data found in a typical workstation.

This means that a malicious insider can use an iPod to covertly take out (i.e. 'steal') proprietary data and
millions of financial, consumer or otherwise sensitive corporate records at one go!

An easy technique for stealing data:

Usher uses the term 'pod slurping' to describe how MP3 players such as iPods and other USB mass storage
devices can be easily used to steal sensitive corporate data. To demonstrate the vulnerability of corporate
security, Usher developed a "proof of concept" software application that can automatically search corporate
networks and copy (or "slurp") business critical data on to an iPod.

This software application runs directly from an iPod and when connected to a computer it can slurp (copy) large
volumes of corporate data on to an iPod within minutes. What's more is that all portable storage devices can be
used to slurp information.

Insider information theft is a real problem:

Information theft has now become a major concern for every organization and thus data leakage prevention is
slowly taking up a bigger portion of the IT budget. More stringent controls and severe penalties are forcing
organizations to address regulatory compliance more seriously.

A misconception shared by many organizations is that security threats mostly originate from outside the
corporation. However statistics show that internal security breaches are growing faster than external attacks and
at least half of security breaches originate from behind the corporate firewall.

Why would insiders want to slurp information?

Malicious intent, monetary gain and curiosity are probably the major motives behind information theft. Trusted
insiders can also turn into paid informers and engage in industrial espionage, data warfare or other extensive
fraudulent activities such as 'identity theft'.

The term 'identity theft' refers to crimes in which someone obtains and uses the personal details of another
person to commit criminal acts, usually for financial gain. To date it is the fastest growing crime in the United
States. It was estimated that identity theft victims amounted to around nine million adults in the U.S. in 2005
(Johannes, 2006).

How can corporations mitigate the risks of information theft?

You never know what users may be doing with their portable devices. An employee might appear to be listening
to music on his iPod, but actually he or she might be uploading malicious files or slurping gigabytes of valuable
data.

The ideal way to ensure complete control over portable storage devices is by introducing technological barriers
such as GFI Endpoint Security. GFI Endpoint Security is a software solution that allows total control over data
transfers, to and from portable storage devices on a user by user basis throughout the network. To read more
and download a trial version, visit

Conficker, the perfect storm worm

The Conficker worm, also known as Downup, Downadup or Kido, is floating around since October 2008. Security
firms know it pretty well, and in the past days the malware has become known as much well to users too having
infected a significant amount of machines all over the world. We have returned to the “good” old times of Sasser,
Blaster and Mydoom outbreaks, and the already worrisome proliferation of the worm threatens to get even worse
because of some conditions that increasingly support its spreading.

As I have previously highlighted, Conficker first of all exploits a bug in the Windows Server service, probing LAN
networks and casual targets on the Internet in search for unprotected machines. Once identified the next victim
the worm makes use of the bug to execute code remotely, copying itself on the client and inevitably gaining
control over the system. The Microsoft security bulletin containing the fix for the bug is available since October
23, 2008, but notwithstanding this the malware spreading hasn’t done anything but growing reaching the levels
of a true outbreak less than three months after the flaw disclosure.

The Conficker outbreak is what can be defined as a perfect storm, because aside from being able to exploit a
manifold number of vectors the infection takes advantage of a series of situations, coincidences and steady
habits that enormously increase its proliferation capability and, accordingly, its destructive potential. The third
infection mechanism exploited by Conficker is to get the user accounts list of all the machines connected in a
network, using a simple yet surprisingly effective brute-force attack based on a dictionary with a hundred words
to “guess” the access password.

If the attack is successful, the worm deploys a copy of itself in the System32 folder of the involved account,
simultaneously creating a scheduled job to make sure to execute the code on the targeted machine. In this case
Conficker profits by the wicked, atavic habit of users and administrators to use mean passwords, very simple to
recall (”root”, “123456″, “admin” and so on) yet as much simple to bypass for a malicious code.

So the poor security policies are one of the triggering elements of the perfect storm that feeds the Conficker
outbreak, an element heavily blamed by the security enterprise Trend Micro that together with many others ha
given and continues to give full coverage to the problem. And here we aren’t only talking about useless
passwords but also about the guilty delay in deploying the MS08-067 fix released by Microsoft, despite the news
about working exploits had started to spread almost immediately. Once gained control of a system, in that
regard, the worm itself closes the hole to cut off the eventual competition from other malicious codes.

And if the inability to protect network accounts isn’t a chance, the update Microsoft released on October 20, 2008
for its anti-copy technology Windows Geniune Advantage (WGA) was surely less predictable, a new version
designed to complicate the “pirates” life but that has incidentally brought many users of the most piracy-affected
countries to disable the operating system automatic updates. At least this is the assumption made by Symantec,
that in one of its articles devoted to investigate specific aspects of Conficker/Downadup compares the nations
with the biggest piracy rates and those most affected by the infection discovering highly suspicious similarities.

In this case Microsoft’s business policy has rebounded on the company, further concurring to the worm
proliferation with no practical results, what’s more, over those users accustomed to use copied software. In the
Conficker vicissitude Microsoft seems to be guilty for more than once, and the US-CERT is right in underlining
the release of improper information about disabling the Auto Run feature exploited by the malware. “Now we
have learned that the information from the source is not complete“, stated Andrew Storms from encircle Network
Security.

The perfect storm isn’t in any case solely based on chances, carelessness and incompetence of the companies
IT staff. At the heart of Conficker outbreak there’s much more, there is by people aware of what they were doing,
that has eventually been able to improve correcting the early deficiencies and anticipating the moves of security
firms analysts like so those of competitors in the huge business of cyber-crime.

A security is a fungible, negotiable instrument representing financial value. Securities are broadly categorized
into debt securities (such as banknotes, bonds and debentures), and equity

Securities, e.g., common stocks. The company or other entity issuing the security is called the issuer. What
specifically qualifies as a security is dependent on the regulatory structure in a country. For example, private
investment pools may have some features of securities, but they may not be registered or regulated as such if
they meet various restrictions.

Securities may be represented by a certificate or, more typically, by an electronic book entry. Certificates may be
bearer, meaning they entitle the holder to rights under the security merely by holding the security, or registered,
meaning they entitle the holder to rights only if he or she appears on a security register maintained by the issuer
or an intermediary. They include shares of corporate stock or mutual funds, bonds issued by corporations or
governmental agencies, stock options or other options, limited partnership units, and various other formal
investment instruments that are negotiable and fungible.

Cyber Security:
Today's government agencies face complex security risks and challenges. Relying on traditional firewalls,
intrusion detection systems, and encryption alone are not effective against the evolving threats. Limiting risk to
data before attacks occur is accomplished through risk assessment and management.
General precautions:
• Maintain computer security: Computer security helps you to stop unauthorized users (also known as
“intruders”) from accessing any part of your computer system. Detection helps you to determine whether
or not someone attempted to break into your system, if they were successful, and what they may have
done
• Do not operate your accounts from a cyber cafe: Do not give out the password and do not give your
phone numbers in the chat room
• Password: For each computer and service you use (e-mail, chatting, online purchasing, for example),
you should have a password
• Stay informed about the security related news
• Protect Your Personal Computer: Use the latest version of a good anti-virus software package which
allows updation from the Internet
• Do not disclose information: Do not give out identifying information such as name, home address,
school name or telephone number in a chat room

Solution:
We provide the following ProActive & ReActive techniqs : peventive safety measures to tackle cyber attacks,
setting up own CERT team, Computer Forensics, Social Engineering, identifying vulnerabilities and patching up,
investigating various Cyber Crimes, Penetration/VulnerabiliTesting, setting up PKI/VPN, MS Office, and other
crash courses.

Penetration/Vulnerability Testing
We provide the following : Internal/Exernal, with Variations (Black Box, White Box, Grey Box), for Computers,
Networks, Applications, etc.

Cyber Crime Investigation (CCI)

We perform the following : Investigation of Cases, Computer/Disk/Network Forensics, Data Recovery, carry out
Internal Investigation, assist in Filing Cases, Case Report/Documentation, etc.

Software Development
We develop the following : customized software/applications based on client's specific requirements, customized
software to protect private and confidential data from third parties.

Website Design/Hosting
We develop the following : professional web pages, customized web-related applications, assist in web hosting,
and other web-related solutions.

Network Setup/Configuration
We provide the following : RAID setup, VPN, wireless network, wired network, and all kinds of server setup.

Data Backup
We provide the following : BCP, DRP, Automation Backup, Data Backup/Recovery, e-mail Backup/Recovery,
RAID Backup, Full/Incremental/Differential Backups, On-The-Fly Backup, Storage Media Backup, etc. IT
Audit We conduct the following : IT audit, Internal Audit, (all types of Audit are accompanied by certified
auditors), providing certification of documents, etc.

Drafting IT Policies/Procedures
It is without doubt that the above solutions will facilitate to ensure that a firm is on the right track, but only up to a
certain extent; because we assume the member(s) of staff to be the weakest link in the entire network. To
prevent this assumption from becoming a reality, we proceed to provide our clients with the service of drafting IT
policies/procedures.