Introduction to Cyber SecurityCybercrime: Definition and Origins of the Word + The internet in India is growing rapidly. It has given rise to new opportunities in every field we can think of be it business, medical science, education and different fields. Prepared By:Pro. Chandan A Patel (VIVA) * But also it increase threats regarding security, it leads the concept of cyber crime — illegal activity committed on the internet. + Internet has undeniably opened a new way of exploitation known as cybercrime involving the use of computers, the Internet, cyberspace and the worldwide web (www).Cybercrime: Definition and Origins of the Word Cyber crime (Computer Crime) is any illegal behavior, directed by means of electronic operations that target the security of computer systems and the data processed by them. + Any illegal act where a special knowledge of computer technology is essential for its perpetration, investigation or prosecution. Prepared By: Prof Chandan Patel VIVA) + Any financial dishonesty that takes place in a computer environment. + Any threats to the computer itself, such as theft of hardware or software, sabotage and demands for ransom.Cybercrime: Definition and Origins of the Word The term “cybercrime” relates to a number of other terms such as: * Computer-related crime repre By Pro Chandan Patel UA * Computer crime + Internet crime + E-crime * High-tech crime 1108-2001wh (Cybercrime is any criminal ‘etivity that involves a ‘computer, network device or 2 retwork Cybercrime ‘Prepare By: Prot Chandan A Pata (UA) ©, Gybercrimes are carried out Most Cybercrimes are carried against computers or devices ‘out in order to generate profit directly to damage or disable for the Cyber criminals, ‘them spread malware, sta! ‘secrat information, ete.Cybercrime: Definition and Origins of the Word * Cyberterrorism is defined as “any person, group or organization who, with terrorist intent, utilizes accesses or aids in accessing a computer or computer network or electronic system or electronic device by any available means, and thereby knowingly engages in or attempts to engage in a terrorist act commits the offence of cyberterrorism.” repre By: rf Chandan A. Patel VA Cyber crimes differ from most terrestrial crimes in four ways: > How to commit them is easier to learn > They require few resources relative to the potential damage caused > They can be committed in a jurisdiction without being physically present in it > They are often not clearly illegal.How cybercrimes are planned and how they actually take place * Cyberterrorists usually use computer as a tool, target or both for their unlawful act to gain information. * Internet is one of the means by which the offenders can gain priced sensitive information of companies, firms, individuals, banks and can lead to intellectual property (IP), selling illegal articles, pornography/child pornography, etc. * This is done using: Phishing, Spoofing, Pharming, Internet Phishing, wire transfer, etc. Prepare By Prof Chara A Patel VIVA)ce an What is Cyber Security?Cybercrime and Information Security * Lack of information security gives rise to cyber crime. Prepared By Prof Chandar A Patel (UV) * Indian Information Technology Act (ITA 2008) provides a new focus on “Information Security in India.” + “Cyber security” means protecting information, equipment, devices, computer, computer resource, communication device and information stored therein from unauthorized access.Cyber Security Prepared By: Prof chandoni A. Pats [VVA)Cybercrime and Information Security For anyone trying to compile data on business impact of cybercrime, there are number of challenges: Prpaed BPC Pat Organizations do not explicitly incorporate the cost of the vast majority of computer security incidents into their accounting. There is always a difficulty in attaching a quantifiable monetary value to the corporate data and yet corporate data get stolen/lost. Most organizations abstain from revealing facts and figures about “security incidents” including cybercrime. Organizations perception about “insider attacks” seems to be different than that made out by security solution vendor. Awareness about “data privacy” too tends to be low in most organizations.Why Cyber security?Who are Cybercriminals? > Cybercriminals are those who conduct activities such as Credit card fraud Cyberstalking Defaming another online Gaining unauthorized access to computer systems Ignoring copyright, software licensing and trademark protection Overriding encryption to make illegal copies Software piracy Stealing another’s identity to perform criminal actsWho are Cybercriminals? * Cyber criminals can be categorized into three groups that reflect their motivation. > Type I: Cybercriminals — hungry for recognition > Type II: Cybercriminals — not interested in recognition > Type III: Cybercriminals — the insiders Prepared By: Prof, Chandan A Patel (VIVA)Classification of Cybercrimes Cybercrimes are classified as follows: Prepared By: Prk Chndan A Pet (UN > Cybercrime against individual > Cybercrime against property > Cybercrime against organization > Cybercrime against SocietyClassification of Cybercrimes- Example E-Mail Spoofing * A spoofed E-Mail is one that appears to originate from one source but actually has been sent from another source. repre By: Prt Chondan A Patel Spamming + People who create electronic Spam are called spammers + Spam is the abuse of electronic messaging systems to send unsolicited bulk messages indiscriminately. Search engine spamming + Spamming is alteration or creation of a document with the intent to deceive an electronic catalog, + Some web authors use techniques to ensure that their site appears more frequently or higher number in returned search results.Classification of Cybercrimes- Example Cyber defamation >*Cyber defamation” occurs when defamation takes place with the help of computers and/or the According to the IPC Section 499 Prepared By Prof Charan A Patel VIVA) >The term ‘Cyber Defamation’ basically means publishing of false statement about an individual in cyberspace that can injure or demean the reputation of that individual. Flt refers to the publishing of defamatory material against any person in cyberspace or with the help of computers or the Internet. Identity Theft > Identity theft is a fraud involving another person’s identity for an illicit purpose. >This occurs when a criminal uses someone else’s identity for his/her own illegal purposes.Classification of Cybercrimes- Example Internet Time Theft + Internet time theft occurs when an unauthorized person uses the Internet hours paid for by another person. + It comes under hacking because the person gets access to someone else’s ISP user ID and password, either by hacking or by gaining access to it by illegal means Prepared By Prof Chandan A Patel VIVA) Salami Attack/Salami Technique + Asalami attack is when small attacks add up to one major attack that can go undetected due to the nature of this type of cyber crime. + Ttalso known as salami slicing. * A salami attack is a small attack that can be repeated many times very efficiently. Thus the combined output of the attack is great.Classification of Cybercrimes- Example Data Diddling * Data diddling is a type of cybercrime in which data is altered as it is entered into a computer system. + Adata diddling attack involves altering raw data just before it is processed by a computer and then changing it back after the processing is completed. + Computerized processing of the altered data results in a fraudulent benefit. Forgery + Forging counterfeit currency notes, postage and revenue stamps, marksheets, etc. using sophisticated computers, printers and scanners. Web Jacking + Web jacking occurs when someone forcefully takes control of a website.Classification of Cybercrimes- Example Newsgroup Spam/Crimes Emanating from Usenet Newsgroup + The advent of Google Groups, and its large Usenet archive, has made Usenet more attractive to spammers than ever. * Usenet is a popular means of sharing and distributing information on the Web with respect to specific topic or subjects. It is a mechanism that allows sharing information in a many-to- many manner. Industrial Spying/Industrial Espionage + “Spies” can get information about product finances, research and development and marketing strategies, an activity known as “industrial spying.” * There are two distinct business models for cybercrime applied to industrial spying > Selling Trojan-ware > Selling Stolen Intellectual Property.Classification of Cybercrimes- Example Hacking + Every act committed towards breaking into a computer or network is hacking and it is an offence. * Hackers write or use ready-made computer programs to attack the target computer. * They possess the desire to destruct and they get enjoyment out of such destruction. * Some hackers hack for personal monetary gains, such as stealing credit card information, transferring money from various bank accounts to their own account followed by withdrawal of money.Classification of Cybercrimes- Example Online Frauds /Scams > Spoofing websites and E-mail security threats + Fraudsters create authentic looking website that are actually nothing but a spoof. Fraudsters are increasingly turning to E-Mail to generate traffic to these websites, > Lottery frauds + Typically letters or E-Mails that inform the recipient that he/she has won a prize in a lottery. + To get the money, the recipient has to reply, after which another mail is received asking for bank details so that the money can be directly transferred. > Spoofing + Ahacker logs-in to a computer illegally, using a different identity than his own. + He creates new identity by footing the computer into thinking thatthe hacker isthe genuine system operator and then hacker then takes control of the system,Classification of Cybercrimes- Example Software Piracy + Theft of software through the illegal copying of genuine programs or the counterfeiting and distribution of products intended to pass for the original repay: Pf Chandon A Pt i Computer Sabotage + It is the use of the Intemet to hinder the normal functioning of a computer system through the introduction of worms, viruses or logic bombs + It can be used to gain economic advantage over a competitor, to promote the illegal activities of terrorists or to steal data or programs for extortion purposes. E-Mail Bombing/Mail Bombs * It refers to sending a large number of E-Mails to the victim to crash victim’s E-Mail account or to make victim's mail servers crash. + Computer program can be written to instruct a computer to do such tasks on a repeated basis.Classification of Cybercrimes- Example Computer Network Intrusions + Computer Networks pose a problem by way of security threat because people can get into them from anywhere + The cracker can bypass existing password protection by creating a program to capture logon IDs and passwords. + The practice of “strong password” is therefore important. Password Sniffing * Password Sniffers are programs that monitor and record the name and password of network users as they login, threatening security at a site. + Whoever installs the Sniffer can then impersonate an authorized user and login to access restricted documents.Classification of Cybercrimes Credit Card Frauds * Millions of dollars may be lost annually by consumers who have credit card and calling card numbers stolen from online databases. * Bulletin boards and other online services are frequent targets for hackers who want to access large databases of credit card information. * The cyber impersonator can steal unlimited funds in the victim’s name without the victim even knowing about it for months, sometimes even for years! Prepared By Pot Chandan A Patel VIVA)Cybercrime and the Indian ITA 2000 Hacking and the Indian Law(s) * Cybercrimes are punishable under two categories: the ITA 2000 and the IPC. + There are some key provisions under the ITA 2000. PRE RTRAT Sec. Sec. Sec. Sec. Sec. Sec. 43 66 67 70 7 3 Damage to computer systems etc. Hacking with computer system Publication of obscene material in electrical form. Attempting or securing access to computer of another person withouthis/her knowledge. ‘Attempting or securing access to computer for breaking confidentiality. Publishing false digital signatures, false in certain particulars.A Global Perspective on Cybercrimes Cybercrime and the Extended Enterprise * Itis the responsibility of each user to become aware of the threats as well as the opportunities that “connectivity” and “mobility” presents them with. + Extended enterprise - represents the concept that a company is made up not just of its employees, its board members and executives, but also its business partners, its suppliers and even its customers ‘Virtual Strategic integration alliances Core competencies Prepared By Prof Chanda A Patel VINA)A Global Perspective on Cybercrimes Seamless flow of information to support decision making ability is crucial for the external enterprise. This becomes possible through interconnectedness. Due to the interconnected features of information and communication technologies security overall can only be fully promoted when the users have full awareness of the existing threats and dangers > Government, businesses and international community must, therefore, proactively help users access information on how to protect themselves. Prepared By:Prol Chandon A. Patel (A)