Beruflich Dokumente
Kultur Dokumente
January 4, 2013
Cyber crimes
Cyber Crimes
Definition of Cyber Crime, computer crimes, cyber frauds, computer frauds etc.
Legal definition: I.T. Act No Accepted definitions and usages
Illegal behavior that targets the security of computer systems and/or the data accessed and processed by computer networks An act where computer is an object or a subject of crime Any crime where an I.T. gadget is used in the act
Cyber Crimes are technological variants of normal crimes. The Act of committing, investigation, trial, evidence .. ALL VARY Theft, forgery, fraud, blackmail, harassment, law of torts.
January 4, 2013 Cyber crimes 3
evidence Acceptability, irretrievability, technological issues Jurisprudence and related issues Irrefutability and reliability of records and process Justice should not only be done but should also appear to have been done
Cyber crimes 5
January 4, 2013
Against property:
larceny, data, information, software piracy, trade
January 4, 2013
crime
Computer as incidental to crime
January 4, 2013
Cyber crimes
or computer networks Theft of data / information Theft of intellectual property such as computer software Theft of marketable information Blackmails based on information gained from computerized files such as medical information, personal history, sexual preferences, financial data etc.
January 4, 2013 Cyber crimes 8
January 4, 2013
Cyber crimes
10
A. Internet Crimes
Hacking
Theft of information Theft of passwords Theft of credit card numbers Launch of malicious programmes
Espionage Spamming
January 4, 2013
Cyber crimes
11
availability of data and systems Offences related to contents Offences related to crime on web
January 4, 2013 Cyber crimes 12
January 4, 2013
Cyber crimes
18
January 4, 2013
Cyber crimes
19
January 4, 2013
Cyber crimes
21
Unauthorized Access
Any person who secures access or attempts
to secure access to a computer system or networks that is protected from unauthorized entry.
January 4, 2013
Cyber crimes
23
Data Diddling
One of the most common forms of computer crime is
data diddling - illegal or unauthorized data alteration. These changes can occur before and during data input or before output. Data diddling cases have affected banks, payrolls, inventory records, credit records, school transcripts and virtually all other forms of data processing known.
Case: The New Delhi Municipal Corp Electricity Billing Fraud
Case that took place in 1996 is a typical example. Collection of money, computerized accounting, record maintenance and remittance in the bank were exclusively left to a private contractor who was a computer professional. He misappropriated huge amount of funds by manipulating data files to show less receipt and bank remittance.
January 4, 2013 Cyber crimes 24
Data Manipulation
A misuse of statistics occurs when a statistical
secretly gathering information about a foreign government or a competing industry, with the purpose of placing one's own government or corporation at some strategic or financial advantage. Access to the network is done from a remotely located computer; like a home PC using the legitimate password or breaking the password. The data collected is either used or sold for money. It involve the analysis of diplomatic reports, publications, statistics, and broadcasts, as well as spying, a clandestine activity carried out by an individual or individuals working under secret identity to gather classified information on behalf of another entity or nation. January 4, 2013 Cyber crimes In the United States, the organization that heads most
26
Scavenging
Scavenging is the obtaining of information left
around a computer system, in the computer room rubbish bins, etc. Bin diving (called 'Dumpster Diving' in the US) also involves obtaining sensitive information from an organisation's rubbish receptacles and bins. This also refers to scavenging from areas of hard disks that are not in use by files but are currently 'file slack' or 'unallocated clusters'
January 4, 2013
Cyber crimes
27
Data Leakage
Data leakage is the removing of information
by smuggling it out as part of a printed document, encoding the information to look like something different, and removing it from the facility.
Many instances of employees of software
January 4, 2013
Cyber crimes
28
piggybacking/ impersonation.
Examples include following someone in through a door with
a badge reader, electronically using another's user identification and password to gain computer access, and tapping into the terminal link of a user to cause the computer to believe that both terminals are the same person.
January 4, 2013
Cyber crimes
29
Masquerading
IP masquerading is a form of network address translation
(NAT) which allows internal computers with no known address outside their network, to communicate to the outside. It allows one machine to act on behalf of other machines.
It's similar to someone buying stocks through a broker. The
person buying stocks, tells the broker to buy the stocks, the broker gets the stocks and passes them to the person who made the purchase. The broker acts on behalf of the stock purchaser as though he was the one buying the stock.
January 4, 2013
Cyber crimes
30
January 4, 2013
Cyber crimes
32
January 4, 2013
Cyber crimes
33
system without the owner's informed consent. Software is considered to be malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses, worms, trojan horses , spyware, crimeware etc.
Spyware is a type of malware that can be installed on computers
and collects bits of information at a time about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Spyware is secretly installed on the user's personal computer. Sometimes, spywares such as keyloggers are installed by the owner of a shared, corporate, or public computer on purpose in order to secretly monitor other users.
January 4, 2013 Cyber crimes 34
designed to spread from one computer to another and to interfere with computer operation. A virus might corrupt or delete data on the victims computer, even erase everything on the victims hard disk. (Brain) Worms, unlike viruses do not need the host to attach themselves to. They merely make functional copies of themselves and do this repeatedly till they eat up all the available space on a computers memory.
Case 1: The VBS_LOVELETTER virus (better known as the Love Bug or
the ILOVEYOU virus) was reportedly written by a Filipino undergraduate. In May 2000, this deadly virus became the worlds most prevalent virus. Losses incurred during this virus attack were pegged at US $ 10 billion. VBS_LOVELETTER utilized the addresses in Microsoft Outlook and emailed itself to those addresses. The e-mail, which was sent out, had ILOVEYOU in its subject line. The attachment file was named LOVEJanuary 4, 2013 35 Cyber crimes LETTER-FOR-YOU.TXT.vbs.
Virus / Worms ,
Case: 2
In 2002, the creator of the Melissa computer virus was convicted. The virus had spread in 1999 and caused more than $80 million in damage by disrupting personal computers, business and government computer networks.
Case -3: The most famous worm was the Internet worm let loose
on the Internet by Robert Morris sometime in 1988, then, still internet was developing years and this worm, which affected thousands of computers, almost brought its development to a complete halt. It took a team of experts almost three days to get rid of the worm and in the meantime many of the computers had to be disconnected from the network.
January 4, 2013
Cyber crimes
36
Trojan Horses
A Trojan, as this program is aptly called, is an
unauthorized program which functions from inside what seems to be an authorized program, thereby concealing what it is actually doing.
Case- 1: A young lady reporter was working on an article about
online relationships. The article focused on how people can easily find friendship and even love on the Internet. During the course of her research she made a lot of online friends. One of these friends managed to infect her computer with a Trojan. She stayed in a small one bedroom apartment and her computer was located in one corner of her bedroom. Unknown to her, the Trojan would activate her web camera and microphone even when the Internet was switched off. A year January 4, 2013 Cyber later she realizedcrimes hundreds of her pictures were posted on 37 that
Salami Techniques
These attacks are used for committing financial crimes. The
key here is to make the alteration so insignificant that in a single case it would go completely unnoticed. For instance, a bank employee inserts a program, into the banks servers, that deducts a small amount of money (say Rs. 2 a month) from the account of every customer. No account holder will probably notice this unauthorized debit, but the bank employee will make a sizeable amount of money every month.
Case-1: In January 1997, Willis Robinson of Maryland USA, was
sentenced to 10 years in prison for having reprogrammed his Taco Bell drive-up-window cash register - causing it to ring up each $2.99 item internally as a 1-cent item, so that he could pocket $2.98 each time. Case -2: Four executives of a rental-car franchise in Florida USA defrauded at least 47,000 customers using a salami technique. January 4, 2013 modified a computer billing program to add five extra 38 Cyber crimes They
Key loggers
Key loggers are regularly used were to log all
the strokes a victim makes on the keyboard generally installed on a computer used for online banking and other financial transactions. Key-loggers are most commonly found in public computers such as those in cyber cafes, hotels etc.
January 4, 2013
Cyber crimes
39
engineer who had misused the login name and password of a customer whose Internet connection he had set up. The case was filed under the Indian Penal Code and the Indian Telegraph Act.
January 4, 2013
Cyber crimes
40
Web Jacking
Just as conventional hijacking of an airplane is done by
using force, similarly web jacking means forcefully taking over control of a website. The motive is usually the same as hijacking - ransom. The perpetrators have either a monetary or political purpose which they try to satiate by holding the owners of the website to ransom.
Case-1: In an incident reported in the USA, the owner of a
hobby website for children received an e-mail informing her that a group of hackers had gained control over her website. They demanded a ransom of 1 million dollars and she ignored as fake. Three days later that she came to know that the hackers had web jacked her website. Subsequently, they had altered a portion of the website which was entitled -How to have fun with goldfish. They had replaced the word goldfish- with the word piranhas a tiny but extremely dangerous flesh-eating fish. Many children had visited the popular website and had believed the contents Cyber crimes to play with piranhas, and were very and tried January 4, 2013 41
Trapdoors
Trapdoor is a programme by which the
security protocols are bypassed to directly enter into a specific portion of the programme through a short-cut.
Used during the time of testing the
programme to reach to the specific portion quickly using short-cut. In case, if the trapdoor are not deleted before the launch of the program by oversight, the person who have this knowledge misuses it through authorized January 4, 2013 42 Cyber crimes entry.
Super Zapping
A logic through which an intruder is able to
penetrate into the system areas and can even change the programmes.
The intruder can create an extra-system
administrator level password for himself without the knowledge of the actual system administrator.
Can introduce any crime related logic
January 4, 2013
43
code of the system with the help of malware, spyware with an intent to gain access and misuse.
To render useless of the system for the user.
January 4, 2013
Cyber crimes
45
Electronic eavesdropping
Eavesdropping is the act of secretly
listening to the private conversation of others without their consent and later misuses those information for some benefit. Eavesdropping can also be done over telephone lines (wiretapping), email, instant messaging and other methods of communication considered private VoIP communications software is also vulnerable to electronic eavesdropping by via January 4, 2013 46 Cyber crimes malware infections such as Trojan.
computers / networks with an intent to gain access to the computer / network and misuse for monetary or other gains.
Oldest and most dangerous cybercrimes. No geographical boundaries and great
Steganography
Steganography is the art and science of writing hidden
messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity.
Steganography includes the concealment of information
within computer files. In digital steganography, electronic communications may include steganographic coding inside of a transport layer, such as a document file, image file, program or protocol. Media files are ideal for steganographic transmission because of their large size.
While cryptography protects the contents of a message,
steganography can be said to protect both messages and communicating parties. January 4, 2013 Cyber crimes
48
pornographic magazines produced using computers and Internet (to download and transmit pornographic pictures, photos, writings etc). Images of children performing a variety of sexual acts on internet. Pornography per se is not illegal in many countries, child pornography is strictly illegal in most countries. Millions of pornographic websites flourish today.
Case: The CEO of online auction website bazee.com (a part of the
ebay group) was arrested by the Delhi police for violating Indias strict laws on cyber pornography. An engineering student was using the bazee website to sell a video depicting two school students havingCyber crimes sexual intercourse. Bazee.com was held liable for January 4, 2013
49
Cyber Stalking
Cyber stalking refers to the use of the Internet, e-
mail, or other electronic communications devices to harass or threatening individual / family repeatedly such as following, appearing at a person's home or business place, making harassing phone calls, or vandalizing a person's property.
Case: A student of University of San Diego in USA terrorized
five female students over the Internet for more than a year through hundreds of violent and threatening e-mails, sometimes receiving four or five messages a day. The student, who pleaded guilty, told the police that he had committed the crimes because he thought the women were laughing at him and causing others to ridicule him. In January 4, 2013 50 Cyber crimes
computer with more requests than it can handle. This causes the computer (e.g. a web server) to crash and results in authorized users being unable to access the service offered by the computer.
Another variation to a typical denial of service attack is
known as a Distributed Denial of Service (DDoS) attack wherein the perpetrators are many and are geographically widespread.
A series of distributed denial of service attacks in February
2000 crippled many popular websites including yahoo.com, amazon.com and cnn.com A series of more than 125 separate but coordinated denial of service attacks hit the cyber infrastructure of Estonia in early 2007. The attacks were apparently connected with protests January 4, 2013 Cyber crimes
51
Email bombing
Email bombing refers to sending a large
number of emails to the victim resulting in the victims email account (in case of an individual) or mail servers (in case of a company or an email service provider) crashing. Email bombing is a type of denial-ofservice attack.
Case: In one case, a foreigner who had been residing in Simla,
India for almost 30 years wanted to avail of a scheme introduced by the Simla Housing Board to buy land at lower rates. When he made an application it was rejected on the grounds that the scheme was available only for citizens of India. He decided to take his revenge. Consequently, he sent thousands of mails to the Simla Housing Board and repeatedly January 4, 2013 sendingCyber crimestill their servers crashed. kept e-mails
52
Spoofing email / IP
A spoofed email is one that appears to
originate from one source but actually has been sent from another source
e.g Pooja has an e-mail address pooja@gmail.com. Her
ex-boyfriend, sham spoofs her e-mail and sends obscene messages to all her acquaintances to damage her image.
Case: In an American case, a teenager made millions of dollars by
spreading false information about certain companies whose shares he had short sold, by sending spoofed emails, purportedly from news agencies like Reuters, to share brokers and investors who were informed that the companies were doing very badly, thousands of investors lost a lot of money.
January 4, 2013 Cyber crimes 53
Email Frauds
Most of these scam emails promise the receiver millions (or
sometimes billions) of dollars. Most commonly the email says that some rich African bureaucrat or businessman or politician has died and left behind a lot of money. These scams mails are commonly referred to as Nigerian 419 scams. These scam emails are believed to originate from Nigeria and section 419 of the Nigerian Penal Code relates to cheating (like the famous section 420 of the Indian Penal Code). In 2007, Asian School of Cyber Laws conducted a 3 month intensive investigation of hundreds of scam emails. The results were very surprising to say the least. Less than 10% of these emails had actually originated from Nigeria! A majority of these emails (more than 60%) have originated from Israel, followed by the Netherlands, UK and other European countries.
January 4, 2013 Cyber crimes 54
Email Frauds
Asking for bank details for deposit of money Lottery scams stating Microsoft / Yahoo etc
Employee of the Euro Lottery British National Lottery
prayer)
Case -1: In 2005, an Indian businessman received an email from
the Vice President of a major African bank offering him a lucrative contract in return for a kickback of Rs 1 million. The businessman had many telephonic conversations with the sender of the email. He also verified the email address of the Vice President from the website of the bank and subsequently transferred the money to the bank account mentioned in the email. It later turned out that the email was a spoofed one and was actually sent by an Indian based in Nigeria. A new type of scam e-mail threatens to kill recipients if they do January 4, 2013 55 Cyber crimes not pay thousands of dollars to the sender, who purports to be
Botnets
A group of computers infected with malicious kind
of robot software, then the computer becomes a zombie or drone , unable to resist the command of the bot commander.
Bot is a programme that operates an automatic
task on the internet and executes repeatedly the task during the operation.
The owner of the computer do not know that his
computer is infected with robot software and remotely controlled by another person. January 4, 2013 Cyber crimes
56
Card Skimming
Illegal copying of information from the
magnetic trip of the credit card / debit card either to produce a fake card for misuse or steel the information to access your account.
More direct version of phishing.
January 4, 2013
Cyber crimes
57
3. On line scams
Banking online account scams Chain letter and pyramid scams Health and medical scams Identity theft scams Investment scams Job/ employment scams Lottery / competition scam Money transfer scam Small business scams
January 4, 2013 Cyber crimes 58
pretending to be from banks or other financial institutions. They make up some reason for you to give your account details and then use these details to steal your money.
Phoney Fraud Alerts: Scammers pretend to be from your bank or financial institution and tell you that there is a problem with your account. They ask for your account details to protect your money, but then use theseCyber crimes to steal your money details January 4, 2013 59
Spam mails
Most spam is commercial advertising, often
for dubious products, get-rich-quick schemes, or quasi-legal services. There are two main types of spam, and they have different effects on Internet users. Cancellable Usenet spam is a single message sent to 20 or more Usenet newsgroups. Email spam lists are often created by scanning Usenet postings, stealing Internet mailing lists, or searching the Web for addresses.
January 4, 2013 Cyber crimes 61
4. IPR Crimes
Cyber squatting Patent and copyright infringements Software piracy Industrial piracy Corporate piracy
January 4, 2013 Cyber crimes 62
Cyberquatting
Cybersquatting (also known as domain squatting), is
registering, trafficking in, or using a domain name with bad faith intent to profit from the goodwill of a trademark belonging to someone else.
The cyber squatter then offers to sell the domain to the
person or company who owns a trademark contained within the name at an inflated price.
Some cybersquatters put up derogatory remarks about the
person or company the domain is meant to represent in an effort to encourage the subject to buy the domain from them
January 4, 2013 Cyber crimes 63
January 4, 2013
Cyber crimes
64
Software piracy
Duplicating the original software without
January 4, 2013
Cyber crimes
65
Industrial Piracy
A group of individuals attempt duplication and
nations.
Cyber crimes
66
Corporate Piracy
Installing one copy of the software application
organization.
It is illegal as it violates the copyright law and
Other Crimes
Cyber defamation Cyberventing Cyber Terrorism
January 4, 2013
Cyber crimes
68
Cyber defamation
An act, deed, word, gesture etc. in the
cyberspace designed to harm a persons, institutions, organizations, countrys reputation on the internet or even off-line.
This type of violation is similar to
cyberventing.
January 4, 2013
Cyber crimes
69
Cyberventing
Setting up a website to anonymously air
January 4, 2013
Cyber crimes
70
Cyber Terrorism
Use of cyber tools to shut down critical
national infrastructure such as energy, communication, transportation in order to coerce governments into submission.
Internet bomb threats, internet harassment
and tech driven crimes such as focused virus strikes are the next wave of crime that the world has to encounter in the coming days.
January 4, 2013 Cyber crimes 71
Physical crimes
Computer Larceny Sabotage Theft of storage devices: CDs, Pen-drives,
hard-disks
January 4, 2013 Cyber crimes 72
Computer Larceny
Theft and burglary of computer systems /
January 4, 2013
Cyber crimes
73
Computer sabotage
Use of the internet to hinder the normal
functioning of a computer system through the introduction of worms, viruses or logic bombs.
Some times used to gain economic advantage
over a competitor, promote illegal activities of terrorists, or to steel data or programmes for extortion purposes.
January 4, 2013
Cyber crimes
74
classification Computer is used as a device for information exchange in most of the serious and major crimes Murders and kidnaps with computer data Data theft, Id theft, 419 Nigerian frauds Password theft, Phishing based crimes Crimes where mobile is used to communicate Offences where other electronic gadgets used
January 4, 2013
Cyber crimes
75
Thank you
January 4, 2013
Cyber crimes
76