Cybercrime and Information

Security
Kavya Gupta
Department of CSE(AI&ML)
KIET Group of Institutions

Kavya Gupta, https://www.linkedin.com/in/kavya-gupta-

508443105
What is cybercrime?
• Cybercrime is a criminal activity that either targets or uses a
computer, a computer network, or a networked device. Most
cybercrime is committed by cybercriminals or hackers who want to
make money. However, occasionally cybercrime aims to damage
computers or networks for reasons other than profit. These could be
political or personal.
• Individuals or organizations can carry out cybercrime. Some
cybercriminals are organized, use advanced techniques, and are
highly technically skilled. Others are novice hackers.

Kavya Gupta, https://www.linkedin.com/in/kavya-gupta-

508443105
What are the categories of cybercrimes?
• The major categories of cybercrimes are:

• Attacks on individuals: identity theft, cyberstalking, or credit card

fraud
• Attacks on property: DDoS attacks, installing viruses on computers, or
copyright infringement
• Attacks on government: hacking, cyber terrorism, or spreading
propaganda

Kavya Gupta, https://www.linkedin.com/in/kavya-gupta-

508443105
Classification of Cybercrimes
Types of cybercrime include:
1. Email and internet fraud.
2. Identity fraud (where personal information is stolen and used).
3. Theft of financial or card payment data.
4. Theft and sale of corporate data.
5. Cyberextortion (demanding money to prevent a threatened attack).
6. Ransomware attacks (a type of cyberextortion).
7. Cryptojacking (where hackers mine cryptocurrency using resources they do not own).
8. Cyberespionage (where hackers access government or company data).
9. Interfering with systems in a way that compromises a network.
10. Infringing copyright.
11. Illegal gambling.
12. Selling illegal items online.
13. Soliciting, producing, or possessing child pornography.

Kavya Gupta, https://www.linkedin.com/in/kavya-gupta-

508443105
• Cybercrime involves one or both of the following:
• Criminal activity targeting computers using viruses and other types of malware.
• Criminal activity using computers to commit other crimes.

• Cybercriminals that target computers may infect them with malware to damage
devices or stop them working. They may also use malware to delete or steal data.
Or cybercriminals may stop users from using a website or network or prevent a
business providing a software service to its customers, which is called a Denial-of-
Service (DoS) attack.

• Cybercrime that uses computers to commit other crimes may involve using
computers or networks to spread malware, illegal information or illegal images.

• Cybercriminals are often doing both at once. They may target computers with
viruses first and then use them to spread malware to other machines or
throughout a network. Some jurisdictions recognize a third category of
cybercrime which is where a computer is used as an accessory to crime. An
example of this is using a computer to store stolen data.

Kavya Gupta, https://www.linkedin.com/in/kavya-gupta-

508443105
Motivations behind Cybercrimes
• Financial Gain: Many cybercriminals are motivated by financial incentives.
They engage in activities such as phishing, online fraud, ransomware
attacks, and identity theft to steal money or valuable financial information
from individuals, businesses, or financial institutions. The anonymity and
global reach of the internet provide opportunities for lucrative financial
gains with a relatively low risk of detection.
• Ideological Motivations: Some cybercriminals are driven by ideological or
political agendas. They may target government agencies, corporations, or
individuals whose beliefs or actions they oppose. Ideologically motivated
cybercrimes can include hacking into websites, defacing web pages,
launching distributed denial-of-service (DDoS) attacks, or leaking sensitive
information to promote their cause or disrupt their perceived adversaries.

Kavya Gupta, https://www.linkedin.com/in/kavya-gupta-

508443105
Motivations behind Cybercrimes
• Espionage: Nation-states, intelligence agencies, and corporate
entities may engage in cyber espionage to gather sensitive
information, trade secrets, or classified data from other governments,
competitors, or organizations. Cyber espionage activities can involve
hacking into computer networks, conducting reconnaissance, and
exfiltrating valuable data for political, economic, or military purposes.
• Revenge: In some cases, individuals may resort to cybercrimes as a
form of retaliation or revenge against perceived injustices or personal
grievances. This motivation can manifest in various ways, such as
hacking into social media accounts, spreading false information, or
launching cyberattacks to disrupt the operations of specific
individuals, businesses, or organizations.
Kavya Gupta, https://www.linkedin.com/in/kavya-gupta-
508443105
Motivations behind Cybercrimes
• Thrill-Seeking: Some cybercriminals are motivated by the challenge and
excitement of engaging in illicit activities online. They may derive
satisfaction from bypassing security measures, exploiting vulnerabilities, or
causing chaos in cyberspace. For these individuals, the thrill of committing
cybercrimes outweighs the potential consequences, and they may continue
their activities to satisfy their adrenaline rush.
• Social Status or Recognition: A desire for recognition or status within
online communities or hacker groups can drive individuals to engage in
cybercriminal activities. They may seek validation and admiration from
their peers by demonstrating their hacking skills, gaining access to high-
profile systems, or carrying out notable cyberattacks that attract media
attention.

Kavya Gupta, https://www.linkedin.com/in/kavya-gupta-

508443105
Cybercriminals
• Cybercriminals use computers and the internet to commit crimes. Their
motivation may be to commit vandalism, make money, cause political
upheaval, or accomplish some other aim. They can use malware,
phishing, brute force attacks, information found on the dark web, or other
hacking techniques to further their goals.

• Cybercriminals operate around the world and commit a range of illegal

activities like:
• Buying and selling illegal goods
• Spreading malicious programs like Trojans, rootkits, and spyware
• Stealing identities, money, and other proprietary info
• Cyberstalking and doxing/doxxing people (the act of revealing identifying
information about someone online, such as their real name, home address,
workplace, phone, financial, and other personal information)
Kavya Gupta, https://www.linkedin.com/in/kavya-gupta-
508443105
Common kinds of cybercriminals

Kavya Gupta, https://www.linkedin.com/in/kavya-gupta-

508443105
Hackers
• The most basic definition of a hacker is someone who uses a computer to
look for and take advantage of weak spots in computer systems. While
some hackers provide their services as a way of helping governments and
businesses patch vulnerabilities, many of them are motivated by money
and power.
• To gain access to the data they want, hackers deploy malware or engage
in social engineering to trick users into giving up their credentials. Once
the hacker has access, they may steal as much data as possible before
they’re caught or set up a backdoor that provides unfettered access to the
system.
• Hackers often sell the data to the highest bidder (usually a rival company or
government), hold it for ransom, or release it for free to damage
reputations and spill secrets.

Kavya Gupta, https://www.linkedin.com/in/kavya-gupta-

508443105
Scammers
• Scammers use social engineering tactics to convince people to provide them with
information or money without giving their victims what they promised.
• Most internet scams allow cybercriminals to steal money from other people. Some
common scam tactics include:
• Phishing: Scammers send fake messages and emails to get people to provide information
so the scammer can steal their money or identity.
• Ransomware: These programs let scammers encrypt someone’s data and refuse to
decrypt it until they pay a ransom.
• Scareware: A scammer will inject code into someone’s computer that tells them there’s
been a security breach and that they need to download more software to stop it.
• Travel scams: With bogus “free” or “discounted” travel offers, scammers can steal credit
card information.
• Online shopping scams: By building a spoofed website, scammers can get access to
personal information, credit card numbers, and more.

Kavya Gupta, https://www.linkedin.com/in/kavya-gupta-

508443105
Hacktivists
• Hacktivists are cybercriminals who commit crimes in the name of
a political, religious, or other ideology. The most common targets
of hacktivism are governments, multinational corporations, religious
groups, and individuals in power. To accomplish their goals,
hacktivists will force their way into websites to crash them, steal
information to release it to the public, and even dox people they
believe need to be exposed.
• While the intentions of some of these individuals may be good, in
most cases, they are still breaking the law. Since 2022, the lines
between some hacktivist groups and state-sponsored hackers have
blurred. Some reports show that there may be direct links between
military hackers, civilian hacking groups, and state actors.
Kavya Gupta, https://www.linkedin.com/in/kavya-gupta-
508443105
Disgruntled employees
• For the disgruntled employee, the entire point behind a cyberattack is to
cause financial and reputation damage to the organization they work for
or used to work for. Many disgruntled employees who launch these attacks
against their employers do so because they feel mistreated or fired without
cause.
• Depending on their access, these employees can cause tremendous
damage very quickly. They may damage the company’s internal network,
delete data, steal information, and then sell it to rival organizations (or
release it to create PR problems).
• While it’s easy to assume that this kind of damage can only be caused by
employees in the IT department, nearly anyone with some money and
access to the dark web can purchase malicious software and upload it to a
network.

Kavya Gupta, https://www.linkedin.com/in/kavya-gupta-

508443105
State actors
• State actors are cybercriminals a government employs to commit
cybercrime and espionage against other governments and their
citizens. With state sponsorship, these cybercriminals commonly have
access to a much larger resource pool than others, leading to more
dangerous attacks.
• Troll farms working to subvert elections and spread disinformation
around the world are one example of state actors.

Kavya Gupta, https://www.linkedin.com/in/kavya-gupta-

508443105
Script kiddies
• Script kiddies are cybercriminals (usually younger and less
experienced than hackers and other cybercriminals) who launch
attacks using the code and programs developed by other people.
Their lack of experience doesn’t mean they aren’t dangerous—
without the full knowledge of how the code they use works, they can
do a lot of damage very quickly.
• Lots of script kiddies don’t have a true motivation other than chaos
and curiosity. They use other people’s code simply to see the damage
it can cause. Their recklessness, impulsiveness, and inexperience
mean they get caught more frequently than other criminals, because
they can’t, or don’t, mask their actions.

Kavya Gupta, https://www.linkedin.com/in/kavya-gupta-

508443105
Cyberwarfare and cyberespionage
• Espionage and warfare are usually the realm of state-sponsored
groups, but hacktivists and individuals can also attack
infrastructure and other governmental resources digitally. While
some forms of cyberespionage and warfare are designed to humiliate
or embarrass a target, perhaps by changing imagery or writing on
a public-facing website, other types of cyberwarfare result in
damaged systems, stolen data, or infiltrated networks that can be
spied on.

Kavya Gupta, https://www.linkedin.com/in/kavya-gupta-

508443105
Cryptocurrency scams
• Cryptocurrency scams have led to billions in losses for large funds
and individual investors. One of the most common cryptocurrency
scams is cryptojacking, where a cybercriminal commandeers a
victim’s computing power to mine Bitcoin directly. Or they may
convince their victim to let someone else use their computing power
to mine crypto in return for a share of the profits.
• However, the scammer never shares those profits and never uses the
investor’s money to rent servers to mine cryptocurrency. Instead,
they steal the money and use that computing power to mine more for
themselves.

Kavya Gupta, https://www.linkedin.com/in/kavya-gupta-

508443105
Downloading, selling, or distributing illegal
items or content
• Using the internet to download stolen versions of copyrighted
material, along with free games, movies, and music, is one of the
most popular forms of cybercrime. Along with those types of content,
illegal pornography, corporate data, drugs, and malware are also
available to people who know where to find it.

Kavya Gupta, https://www.linkedin.com/in/kavya-gupta-

508443105
Cyberstalking
• A cyberstalker uses the internet to track, harass, and otherwise
intimidate someone else. Cyberstalking can take many forms,
including sending threats, doxxing, posing as the victim, or destroying
data. While many cyberstalkers choose people they know, others
target people on the opposite side of the political spectrum or a part
of a group the cybercriminal dislikes.

Kavya Gupta, https://www.linkedin.com/in/kavya-gupta-

508443105
How to report a cybercriminal
• You should always report cybercrime to the proper authorities. By doing so,
you can help them learn more about individual criminals and the intricacies
of the scams and crimes they commit. If they stole from you, reporting it
may be the only way for your bank and credit card company to reimburse
or remove fraudulent charges.

1. Report a cybercrime to law enforcement. Local law enforcement and

federal agencies may be able to help if the criminal is working in your area.
They can also catalog and pass on cybersecurity reports and relevant
information to other investigators.
2. Report cybercrime to relevant platforms. You should report
cybercriminals to the platforms they use to commit their crimes. This can
help these companies identify weak spots in their security.

Kavya Gupta, https://www.linkedin.com/in/kavya-gupta-

508443105
Cybercafe and Cybercrimes
• Cybercafes, also known as internet cafes or cyber lounges, are
establishments that provide public access to computers and internet
services for a fee. These venues typically offer amenities such as
computer workstations, internet access, printing facilities, and
sometimes food and beverages. Cybercafes serve as communal
spaces where individuals can access the internet, check emails,
browse websites, play online games, or engage in other online
activities.

Kavya Gupta, https://www.linkedin.com/in/kavya-gupta-

508443105
Cybercafe and Cybercrimes
Potential Risks: While cybercafes offer convenient access to digital resources and online
services, they also present potential risks and security concerns, particularly concerning
cybercrimes. Some of the risks associated with cybercafes include:
• Anonymity: Cybercafes provide users with a level of anonymity, as individuals can access the
internet without revealing their identities or personal information. This anonymity can facilitate
illicit activities and cybercrimes, as perpetrators may exploit the lack of accountability to engage in
malicious behavior.
• Unsecured Networks: Cybercafes may use unsecured or poorly configured networks, making them
vulnerable to cyber attacks, data breaches, and unauthorized access. Malicious actors can exploit
network vulnerabilities to intercept sensitive information, deploy malware, or conduct cyber
espionage.
• Shared Computers: Users in cybercafes often share computers and workstations, increasing the
risk of malware infections, data theft, and unauthorized access to personal or sensitive
information. Malicious software installed on shared computers can compromise the security and
privacy of users' data, leading to financial losses or identity theft.
• Lack of Oversight: In some cases, cybercafes may lack proper oversight, management, or security
protocols to monitor user activities and enforce cybersecurity measures. This oversight gap can
enable cybercriminals to operate with impunity, conduct illegal activities, or exploit vulnerable
individuals, such as children or unsuspecting users.
Kavya Gupta, https://www.linkedin.com/in/kavya-gupta-
508443105
Cybercafe and Cybercrimes
Preventive Measures: To mitigate the risks associated with cybercafes and prevent
cybercrimes, stakeholders can implement various preventive measures and security
practices, including:
• Network Security: Cybercafes should establish secure and encrypted Wi-Fi networks,
implement firewall and intrusion detection systems, and regularly update software and
security patches to protect against cyber threats.
• User Authentication: Implement user authentication mechanisms, such as login credentials
or biometric authentication, to verify the identity of users and prevent unauthorized access
to computer workstations and internet services.
• Surveillance and Monitoring: Employ surveillance cameras, logging mechanisms, and
monitoring tools to track user activities, detect suspicious behavior, and deter cybercrimes.
Regular audits and inspections can help ensure compliance with security policies and
regulations.
• Education and Awareness: Provide cybersecurity awareness training and educational
resources to cybercafe staff and users, emphasizing the importance of safe online practices,
password security, and vigilance against cyber threats. Promote a culture of cybersecurity
awareness and responsibility among all stakeholders to enhance the overall security posture
of cybercafes.
Kavya Gupta, https://www.linkedin.com/in/kavya-gupta-
508443105