UNIT-IV

Syllabus:
Cyber Crimes:
Introduction to Cyber Crimes, Different Types of Cyber Crimes, Scams and Frauds, Analysis of
Crimes, Human Behavior, Stylometry, Incident Handling, Investigation Methods, Criminal
Profiling, Cyber Trails.

Introduction to Cyber Crimes:

A Cybercrime is a crime involving computers and networks. The computer may have been used
in the execution of a crime or it may be the target.
Cybercrime may be defined as “Any unlawful act where computer or communication device or
computer network is used to commit or facilitate the commission of a crime”.
Investigators tend to use various ways to investigate devices suspected to be used or to be a
target of a cybercrime.

Who are The Cybercriminals?

A cybercriminal is a person who uses his skills in technology to do malicious acts and illegal
activities known as cybercrimes. They can be individuals or teams.

Cybercriminals are widely available in what is called the “Dark Web” where they mostly provide
their illegal services or products.

Not every hacker is a cybercriminal because hacking itself is not considered a crime as it can be
used to reveal vulnerabilities to report and batch them which is called a “white hat hacker”.

However, hacking is considered a cybercrime when it has a malicious purpose of conducting any
harmful activities and we call this one “black hat hacker” or a cyber-criminal.

It is not necessary for cybercriminals to have any hacking skills as not all cyber crimes include
hacking.

Cybercriminals can be individuals who are trading in illegal online content or scammers or even
drug dealers. So here are some examples of cybercriminals:
- Black hat hackers
- Cyberstalkers
- Cyber terrorists
- Scammers

Cybercriminals who conduct targeted attacks are better to be named Threat Actors.
How do Cybercrimes happen?
Cybercriminals take advantage of security holes and vulnerabilities found in systems and exploit
them in order to take a foothold inside the targeted environment.

The security holes can be a form of using weak authentication methods and passwords, it can
also happen for the lack of strict security models and policies.
Why are Cybercrimes Increasing?
The world is constantly developing new technologies, so now, it has a big reliance on
technology. Most smart devices are connected to the internet. There are benefits and there are
also risks.

One of the risks is the big rise in the number of cybercrimes committed, there are not enough
security measures and operations to help protect these technologies.

Computer networks allow people in cyberspace to reach any connected part of the world in
seconds.

Cybercrimes can have different laws and regulations from one country to another, mentioning
also that covering tracks is much easier when committing a cybercrime rather than real crimes.

We are listing different below reasons for the big increase in cybercrimes:
- Vulnerable devices:
As we mentioned before, the lack of efficient security measures and solutions introduces a wide
range of vulnerable devices which is an easy target for cybercriminals.
- Personal motivation:
Cybercriminals sometimes commit cybercrimes as a kind of revenge against someone they hate
or have any problem with.
- Financial motivation:
The most common motivation of cybercriminals and hacker groups, most attacks nowadays are
committed to profit from it.

Different Types of Cyber Crimes:

Classification Of Cyber Crimes

Cyber Crime container be classified into four most important categories.
They are as follows:
• Cyber Crime against individuals:
Crimes that are committed by the cyber criminals against an character or a person. A only
some cyber crime against folks are:
send by e-mail spoofing: send off by e-mail spoofing: This system is a false of an propel
header. This route that the connotation appears to hold on to acknowledged from a star or
everyplace other than the blunt or sure source. These tactics are habitually second-hand in
spam campaigns or in phishing, as citizens are in the complete probability obtainable to
kick off an electronic e-mail or an news article as they feeling that the note has been sent
by a legitimate center.

Spamming: convey by e-mail spam which is if not called as cast-offs email. It is unsought
dimension allegation sent through email. The uses of spam impart be suitable for modern
in the mid1990s and it is a conundrum faced by a excellent integer remit an e-mail to users
at the existing a days. Recipients assassinate addresses are obtained by spam bots, which
are automated programs that crawls the internet in search of convey addresses. The
spammers profit spam bots to originate letter distribution lists. With the expectation of in
receipt of hardly shape of play-act in comeback a spammer typically sends an send out to
millions of news entry addresses.

Cyber defamation: Cyber libel agency the injury that is brought on the reputation of an
distinctive in the eyes of other personage through the cyber room . The drive of building
insulting avowal is to convey down the reputation of the individual.

IRC Crime (Internet Relay Chat): IRC servers consent to thepeople around the earth to
approach as one under a on its own platform which is for a time called as accommodation
and they chat to all other.
◦ Cyber Criminals all in all uses it for meeting.
◦ Hacker uses it for discussing their techniques.
◦ Paedophiles expenditure it to glamor diminutive children.

A only some reasons behind IRC Crime:

▪ Chat to triumph ones confidence and shortly starts to harass sexually, and
after that blackmail inhabit for ransom, and if the victim denied paying the
amount, criminal starts threatening to upload victims bare photographs or
videocassette on the internet.
▪ A a small amount of are paedophiles, they bully kids for their peculiar
benefits.
▪ A hardly any uses IRC by donation fake jobs and for a time fake chance
and earns cash

Phishing:
In this print of crimes or fraud the attackers tries to obtain in a row such as
login in rank or accounts in sequence by concealed as a of good reputation
exclusive or being in many consultation channels or in email. around other
cyber crimes against folks includes-Net extortion, Hacking, offensive
exposure, Trafficking, Distribution, Posting, tribute Card, Malicious secret
code etc. The possibility hurt of such a malefaction to an human being
human being know how to scarcely be bigger.
• Cyber Crime against property:
These types of crimes includes vandalism of computers, Intellectual (Copyright, patented,
brand name etc) land Crimes, Online threatening etc. Intellectual assets crime includes:
Software piracy: It preserve be describes as the doubling-up of software unauthorizedly.

Copyright infringement: It be capable of be described as the infringements of an specific

or
Organization's copyright. In straightforward expression it be capable of as well be
describes as the by means of of copyright resources unauthorizedly such as music,
software, content etc.
Trademark infringement: It bottle be described as the via of a overhaul characteristic or
mark unauthorizedly.

• Cyber crime against orderliness

Cyber Crimes against establishment are as follows: illicit shifting or deleting of data.

Reading or photocopying of confidential in sequence

unauthorizedly, but the facts are neither person adjustment nor deleted.

DOS attack: In this attack, the attacker floods the servers, systems or networks with
handing over in calm to overwhelm the victim belongings and conceive it infeasible or
pig-headed for the users to brand waste of them.

Email bombing: It is a sort out of lingering Abuse, where giant in sequence of emails are
sent to an correspondence kill in instruction to overflow or flood the mailbox with mails or
to flood the advance server far and wide the mail by e-mail cheeky is.

Salami attack: The other live assign of Salami put under somebody's nose invasion is
Salami slicing: In this attack, the attackers consumption an online row in fix to capture the
customers in rank like dimension details, judge ticket essentials etc. attacker deduces
inflexible not a allocation amounts from every statement over a pause of time. In this
attack, no object is polish and the hackers farm on free from detection as the clients
preserve on inexperienced of the slicing.

Around other cyber crimes against institute includes:

◦ Logical bomb, Torjan horse, in order diddling etc.

• Cyber Crime against society:

Cyber Crime against the upper crust includes:
Forgery:
fake actions construction of imitation document, signature, currency, revenue stamp etc.
 Maze jacking:
The designate meet people jacking has been ensuing from make out you soon jacking. In
this offence the attacker creates a fake website and in the past the victim opens the
association a new alert appears with the purpose and they duty to click any extra link. If
the victim clicks the correlation that looks actual he will redirected to a fake page. These
types of attacks are accomplished to plead with charm or to drawback amend of note and
direction control the perception of another.

Scams and Frauds:

1. Phishing
is a method that is used by fraudsters to steal personal information. Under this scam,
usually, Fraudsters send you emails by name of genuine or reputed company. The main
purpose of this is to steal your bank details. These emails usually will have an attached
link. If you click on these links, the fake website will open and the fake website will ask
you to provide your sensitive information regarding card details, UPI code or OTP code, or
any other further details.

2. Online shopping Portals

It is one of the biggest and most common internet frauds. Under this scammers made fake
online shopping portals with the intention of cheating and looting the hard-earned money
of innocent people. On the website, they usually display attractive products at the cheapest
price to attain the attention of the customer. But after all the payment process is done,
either the delivered product is fake or the product is not delivered at all. These policies also
don't have any kind of refund or return policies and there will be no proper helpline
number for the customer. These sites usually don't deal with cash on delivery.

3. Lottery fraud
It is one of the most common frauds all around the world on the internet. Under this Scam,
Fraudster sends you email and messages by written you have won a Lottery worth crore.
To receive the lottery money, Fraudsters ask you to send some amount of money in the
name of tax. Even sometimes they ask you to spend money in the name of registration on
fake websites and then try to make a payment on those websites then your sensitive
information on bank details will be stolen.

4. Work from Home

It is one of the most serious crimes on the internet world. Under this, Scammers find those
people who are desperate to work from home to earn some money for themselves. They
use to tell people that they will get a large amount of money by just working a few hours
from home. For job-seeking people, they will first ask you to pay some advance money for
the registration of the scheme. After the deposit of money, they will cut all the connections
from you.
 5. Matrimonial scams
In the busy era people also search for their life partner on online portals. But in return, they
lose a huge amount of money while finding their life-partners on the matrimonial sites.
Fraudsters are basically looking for innocent people by creating fake accounts or fake
profiles. Under this, firstly scammers make victims believe them and then they cooked up
sad stories to innocent people and ask them for money as a favor.

6. OLX Scams
These kinds of scams are very common these days in which people lost their hard-earned
money. Scammers portray their image as any public officer and post their advertisement on
the website. They use people sentiments in the name of the public officer to loot. They
show fake identity cards to the people and make them believe and after that, they usually
ask for the advance payment and promising to deliver the product as soon as possible but
after receiving payment they never deliver products and even cut all the connections from
the client.

7. Social media Scams

Social media frauds and scams are one of the most popular scams all over the world.
Mostly teenagers fall under this scam, In this, scammers try to come close to the common
people and then make them fall in love, and after that, they do whatever they want as they
ask for a huge amount of money by blackmailing them by posting their private pictures on
social media. This scenario comes under cyberbullying and blackmailing.

Analysis of Crimes:

Cybercrime is not restricted to computers only, the huge impact of cybercriminal activities on
mobile devices have been analyzed in recent years. There is an open market place on the Android
platform for various kinds of viruses and malware.

Cybercrime is a threat to the infrastructure of various businesses and governments all around the
world. it can also harm the Civilians in many ways. In a recent survey, hundreds of billions of
dollars have been stolen out from the global economy due to cybercrime and still, there is no sign
of its slowdown. According to the report of Times India, Just 92 days between October 1, 2019,
and December 31, 2019, saw criminal activities make away with nearly 128 crores in frauds
relating to debit as well as credit cards.

According to the Reserve Bank of India (RBI) mostly the higher number of cases of fraud is
related to the Debit/ATM card category which saw 11,058 cases involving 94.5 crores. The credit
card also reported 6,117 fraud cases with almost 89.7 crores of financial loss to common people.

Cybercrime impacts in certain ways, including:

1. Financial Loss
2. Damage to company reputation
 3. Sensitive Data loss
4. Job loss
5. SLA Breaches

Human Behavior:

Some of the most common human behaviors that lead to security fails include:
Falling for Phishing Attacks
Most people are familiar with phishing attacks — those emails we all get that look slightly off,
too good to be true, or from someone who we don’t recognize, claiming to be part of our
organization — but despite this general familiarity, it’s surprising how often people still fall for
them. One click on a link that looks close enough can compromise a whole organization. It’s
important to educate the riskiest individuals or groups within an organization so that they can
identify a phishing email and take the correct action. And ideally it’s not a “one and done,”
“check the box” training. Consider sending one-off “tests” to see who clicks, who forwards to the
security team, and who ignores it completely.
Lack of Password Security
Having a secure password is important, but sometimes, people take shortcuts. Choosing a weak
or common password, or something that can easily be guessed, is like leaving your front door
wide open and asking someone to steal your TV. Keeping on top of weak or common passwords
and informing users that they need to change and strengthen them is a simple but effective way
to add a layer of security and enhance an organization’s risk mitigation defenses. Also helpful? A
company-wide password vault that reminds them automatically. The trick is ensuring everyone
uses it.
Falling for Fake Software Updates
This one is similar to a traditional phishing attack, but can be more sophisticated, and harder to
identify. Most individuals want to comply with keeping their software up to date, thinking that
they’re helping, but they’re really installing malware. So how do you train them to be more
discerning? The next time a popup or email appears before them, will they know what to do?
Lack of Communication
The bottom line with all of these common human risks to cybersecurity is information. When
individuals know what to do, they don’t have to guess. This means keeping the lines of
communication open — not to risk, but to education. When a company’s risk management
strategy includes and prioritizes human risk management, it’s stronger, safer, and its employees
are more empowered because they know what to do.
How to Manage Human Risk Effectively
The solutions that will lead to a more effective risk management strategy should always begin
with gathering more information. You wouldn’t set out on a hiking trip or vacation to a country
you’ve never visited without first informing yourself about what might be ahead of you.
Whatever your organization may be — from the specialized needs of the healthcare industry to
the unique needs of the software industry — your first step is gathering information about what’s
already happening within your organization.
Monitoring
It’s likely that your organization is already monitoring an array of things, or has the capability to
do so. How often are people failing at login or using incorrect passwords? How often are they
clicking phishing links, or visiting unsecured websites? Are there specialized needs within your
organization or industry, and are you looking at them? Of what you’re already doing, what could
be automated to gather data about employee behaviors related to cybersecurity?
Analytics
Once you have the repository of data, how do you parse it and turn it into some sort of actionable
insight? This is the step that often is the most challenging for organizations and program owners,
mostly because there are only so many hours in the workday, and when push comes to shove,
your attention is often divided and the last thing you want to do is manually generate some sort
of spreadsheet or report that is going to be out of date in a week anyway. Ideally, you figure out
the most common or malicious activities and work to get early-warning alerts to help prevent
them from happening in the first place.
Training
In the current era of technology and cybersecurity, old-school security awareness training isn’t
effective. You must do more than “train everyone;” you must also reinforce training to the
riskiest cohorts, make learning fun and relevant, and do it more than once a year. If boosting
security awareness across your entire organization will increase the resilience of your
cybersecurity framework, then imagine what effects training your riskiest members and groups
could have.

Stylometry:

Stylometry is a A statistical method of analyzing a text to determine its author.

Style + Measurement = Stylometry

It is largely based in Attribution Studies and Computational Linguistics, but it can also be used
for Forensic Analysis.
This kind of study assumes that individuals (or authors) are unique and that such uniqueness is
enacted in writing.
Stylometry may be used to unmask pseudonymous or anonymous authors, or to reveal some
information about the author short of a full identification. Authors may use adversarial
stylometry to resist this identification by eliminating their own stylistic characteristics without
changing the meaningful content of their communications. It can defeat analyses that do not
account for its possibility, but the ultimate effectiveness of stylometry in an adversarial
environment is uncertain: stylometric identification may not be reliable, but nor can non-
identification be guaranteed; adversarial stylometry's practice itself may be detectable.

Stylometry poses a significant privacy challenge in its ability to unmask anonymous authors or to
link pseudonyms to an author's other identities,[31] which, for example, creates difficulties for
whistleblowers,[32] activists,[33] and hoaxers and fraudsters.[34] The privacy risk is expected to
grow as machine learning techniques and text corpora develop.
Incident Handling:

In the field of cybersecurity, incident management can be defined as the process of identifying,
managing, recording, and analyzing the security threats and incidents related to cybersecurity in
the real world. This is a very important step after a cyber disaster or before a cyber disaster takes
place in an IT infrastructure. This process includes knowledge and experience. Good incident
management can reduce the adverse effects of cyber destruction and can prevent a cyber-attack
from taking place. It can prevent the compromising of a large number of data leaks. An
organization without a good incident response plan can become a victim of a cyber-attack in
which the data of the organization can be compromised at large. There is a five-step process for
incident management in cybersecurity given by the ISO/IEC Standard 27035. They are as
follows. Step-1 : The process of incident management starts with an alert that reports an incident
that took place. Then comes the engagement of the incident response team (IRT). Prepare for
handling incidents. Step-2 : Identification of potential security incidents by monitoring and
report all incidents. Step-3 : Assessment of identified incidents to determine the appropriate next
steps for mitigating the risk. Step-4 : Respond to the incident by containing, investigating, and
resolving it (based on the outcome of step 3). Step-5 : Learn and document key takeaways from
every incident.

Some tips for security incident management :

• Each and every organization needs to have a good and matured plan for the security
incident management process, implementing the best process is very useful to make a
comprehensive security incident management plan.
• Create a security incident management plan with supporting policies including proper
guidance on how incidents are detected, reported, assessed, and responded. It should have a
checklist ready. The checklist will be containing actions based on the threat. The security
incident management plan has to be continuously updated with security incident
management procedures as necessary, particularly with lessons learned from prior
incidents.
• Creating an Incident Response Team (IRT) which will work on clearly defined roles and
responsibilities. The IRT will also include functional roles like finance, legal,
communication, and operations.
• Always create regular training and mock drills for security incident management
procedures. This improves the functionality of the IRT and also keep them on their toes.
• Always perform a post-incident analysis after any security incident to learn from any
success and failure and make necessary adjustments to the program and incident
management processes when needed.
• Establish clear communication channels: It’s important to establish clear communication
channels within the Incident Response Team and with other stakeholders such as senior
management, legal teams, and external agencies. This ensures that everyone is on the same
page and can respond effectively during a security incident.
 • Implement a centralized incident tracking system: A centralized incident tracking system
allows you to track the progress of incident response activities, monitor incidents in real-
time, and share information across the team.
• Develop incident response playbooks: Incident response playbooks are step-by-step guides
that provide instructions on how to respond to specific types of security incidents. These
playbooks can help ensure a consistent and effective response, and can be customized
based on the organization’s needs.
• Conduct regular vulnerability assessments: Regular vulnerability assessments can help
identify potential security weaknesses before they are exploited by attackers. This can help
prevent security incidents before they occur.
• Consider outsourcing incident response: Some organizations may not have the necessary
expertise or resources to handle security incidents internally. In these cases, outsourcing
incident response to a third-party provider can be an effective option.
• Ensure compliance with regulatory requirements: Depending on the industry and location,
organizations may be subject to specific regulatory requirements for incident management.
It’s important to ensure that incident management processes comply with these
requirements to avoid any legal or financial consequences.

Investigation Methods:

The steps required to identify potential digital evidence, and how to work with different kinds of
digital evidence (e.g. mobile devices, social media, IP addresses, etc). Assess the Situation
As with any investigation, the officer must first determine the specific elements of the crime and
whether the laws in their jurisdiction support prosecution. For example, can the charges be
sustained even if guilt is proven? Given the many new technologies in use, very often common
law, and federal and state statutes have not caught up to the offenses. Another factor to consider
when investigating cyber crimes is the global nature of the Internet. It is often beneficial to
consult with your prosecutor to gain additional insight into specific crimes.
Conduct the Initial Investigation
When conducting a cybercrime investigation, normal investigative methods are still important.
Asking who, what, where, when, why and how questions is still important. The investigator
should also still ask the following questions:
• Who are the potential suspects?
• What crimes were committed?
• When were the crimes committed?
• Were these crime limited to US jurisdiction?
• What evidence is there to collect?
• Where might the physical and digital evidence be located?
• What types of physical and digital evidence were involved with the crime?
• Does any of the evidence need to be photographed/preserved immediately?
• How can the evidence be preserved and maintained for court proceedings?
Identify Possible Evidence
Digital evidence can come in many file types and sizes. For example, see Most Common
Electronic Devices. Further, the evidence may be encrypted, protected, or otherwise hidden. If
your agency does not have the resources, tools, or specific expertise necessary to identify and
collect this evidence, consider partnering with other agencies that do have these capabilities. See
the Community page for more information.
Secure Devices and Obtain Court Orders
In many cases, investigators may seize electronic devices without a warrant, but must obtain a
warrant in order to conduct a search on the device(s). Multiple warrants may need to be obtained
if a particular device is connected to multiple crimes.
Warrants should clearly describe all files, data, and electronic devices to be searched as
specifically as possible and seek approval to conduct analysis off-site (e.g. at a specialized
forensics laboratory).
Subpoenas can also be used to obtain digital evidence. Many Internet- and communication-based
companies have guides to assist law enforcement in understanding their information sharing
policies (see Handling Evidence from Specific Sources).
Non-disclosure agreement (NDA) are often times needed when law enforcement is requesting
information from an Electronic Service Provider (ESP) and they don’t want the ESP to notify the
user of someone requesting information from their account.
Court order is required to compel the ESP for information above the basic subscriber
information. This could include but not limited to message headers or IP addresses. This does
not include content.
Analyze Results with Prosecutor
It will also be important to work with the prosecutor to identify the appropriate charges (based on
existing common law and state and federal statutes), and to determine what additional
information or evidence will be needed prior to filing charges.

Criminal Profiling:

Profiling is a technique or approach for solving crime. Some scientist define it as a forensic
technique used by forensic investigators and law enforcement agencies to understand why
criminals are committing crime, to classify criminal behavior and to solve crimes that have
already been committed.
Others view it as a tool used by forensic experts to identify the offender’s behavioral tendencies,
personality traits, demographic variables, and geographical variables based on the information
and characteristics of the crime
However, the general consensus is that criminal profiling involves collecting inferences about the
traits of the individual responsible for the series of crime or for a particular crime. It involves
understanding what a particular crime says about the perpetrator.
It is used by forensic investigators and law enforcement agencies to understand and apprehend
criminal offenders. As a forensic technique, criminal profiling enables investigative agencies to
use the specific information to focus their attention on people with personality traits that parallel
those of other offenders who have committed other similar offences.
criminal profiling contains information about the perpetrators.

Likely demographics (i.e., gender and age)

Legal history including history of prior criminal convictions/offenses and any
antecedence
Vocational backgrounds that is the work the perpetrator is likely to be involved in, if any
Social interests and habits (hobbies, sports, and other interests in which the perpetrator
may have)
Family characteristics including the offender’s family background
Various personality characteristics including the offender’s appearance, demeanor etc
Mode of transport (i.e., type of vehicle that they offender may have)

criminal profiling means a lot to the investigators. It allows investigators to link motive,
character, act and behavior of the offender. Although it primarily focuses on serial violent
offenses such as sexual assaults and murders, the changes in technology has increased the
emphasis and interest on applying it to cybercrime.

Cyber Trails: