1.

1 Introduction to Cybercrime
 Cybercrime is a criminal activity that either targets or uses a computer or a computer
network or a networked device.
 Cybercrime is committed by cyber criminals or hackers who want to make money and it is
carried out by individuals or organisations.
 Cybercrime can be basically categorized into 3 parts.
o Crime against person.
o Crime against property.
o Crime against government.
 Natures of cybercrime is transactional
 These crimes are committed without being physically present at the crime location
1.2 Cybercrime: Definition and Origins of the Word

There are many definitions:

 One definition that is advocated is, “a crime conducted in which a computer was directly and
siginificantly instrumental.” This definition is not universallyaccepted.
 “cybercrime is any illegal behaviour ,directed by means of electronic operations,that targets
the security and the data processed by them”
 Other definitions includes the following:
 Cybercrime is also referred as Computer-related crime, Internet crime, E-crime, High tech
crime.

Origin of the word:

 Cyberspace: coined by William Gilbson ,A global domain within the information

environment consisting of the interdependent network of information systems
infrastructures including the Internet, telecommunications networks, computer
systems, and embedded processors and controllers.An example of cyberspace is the
home of Google, Yahoo and Facebook.
 Cybersquatting: The term is derived from “squatting” which is the act of occupying an
abanded building that the squatter does not own. The term cybersquatting refers to
the unauthorized registration and use of Internet domain names that are identical or
similar to trademarks, service marks, company names, or personal names.
 Cyberpunk:According to science fiction literature, the words “cyber” and “punk” emphasize
the two basic concepts of cyberpunk: “technology” and “individualism”. Cyberpunk is a
sensibility or belief that a few outsiders, armed with their own individuality and
technological capability, can fend off the tendencies of traditional institutions to use
technology to control society.
 Cyberwarfare: The use of computer technology to disrupt the activities of a state or
organization, especially the deliberate attacking of information systems for strategic or
military purposes.
 Cyberterrorism: Cyberterrorism is often defined as any premeditated, politically
motivated attack against information systems, programs and data that threatens
violence or results in violence. The definition is sometimes expanded to include any
cyber attack that intimidates or generates fear in the target population.
Cybercrime trend:
1.3 Cybercrime and Information security:

Lack of information security gives rise to cybercrimes. This subject is explained in greater detail in
Chapter 9. Let us refer to the amended Indian Information Technology Act (ITA) 2000 in the context
of cybercrime. From an Indian perspective, the new version of the Act (referred to as ITA 2008)
provides a new focus on "Information Security in India." "Cybersecurity" means protecting
information, equipment, devices, computer, computer resource, communication device and
information stored therein from unauthorized access, use, disclosure, disruption, modification or
destruction. The term incorporates both the physical security of devices as well as the information
stored therein. It covers protection from unauthorized access, use, disclosure, disruption,
modification and destruction. (For a thorough discussion about these aspects, see Ref. #2, Books,
Further Reading

Where financial losses to the organization due to insider crimes are concerned (e.g., leaking
customer data) often some difficulty is faced in estimating the losses because the financial impacts
may not be detected by the victimized organization and no direct costs may be associated with the
data theft. The 2008 CSI Surveylon computer crime and security supports this. Cybercrimes occupy
an important space in information security domain because of their impact. For anyone trying to
compile data on business impact of cybercrime, there are number of challenges. One of them comes
from the fact that organizations do not explicitly incorporate the cost of the vast majority of
computer security incidents into their accounting as opposed to, say, accounting for the "shrinkage"
of goods from retail stores. The other challenge comes from the difficulty in attaching a quantifiable
monetary value to the corporate data and yet corporate data get stolen/lost (most notably through
loss/theft of laptops, see the survey conducted by Ponemon Institute in Ref. #19, Additional Useful
Web References, Further Reading). Because of these reasons, reporting of financial losses often
remains approximate. In an attempt to avoid negative publicity, most organizations abstain from
revealing facts and figures about "security incidents including cybercrime. In general, organizations
perception about "insider attacks" seems to be different than that made out by security solution
vendor. However, this perception of an organization does not seem to be true as revealed by the
2008 CSI Survey. Awareness about "data privacy" too tends to be low in most organizations. When
we speak of financial losses to the organization and significant insider crimes, such as leaking
customer data, such crimes" may not be detected by the victimized organization and no direct costs
may be associated with the theft (Table 1.5).

Figure 1.4 shows several categories of incidences - viruses, insider abuse, laptop theft and
unauthorized access to systems. Refer to Ref. #1 (Chapter 3, Section 3.11), Book, Further Reading for
laptop threats and information security implications in mobile computing paradigm and
"thefts/losses." Also read Chapter 9 of this book.

Typical nerwork misuses are for Internet radio/streaming audio, streaming video, file sharing, instant
messaging and online gaming (such as online poker, online casinos, online betting, etc.;
1.4 Who are cybercriminals?
Cybercrime involves such activities as child pornography; credit card fraud; cyberstalking;
defaming another online; gaining unauthorized access to computer systems; ignoring copyright,
software licensing and trade-mark protection; overriding encryption to make illegal copies;
software piracy and stealing another's identity(known as identity theft) to perform criminal acts .
Cybercriminals are those who conduct such acts.
They can be categorized into three groups that reflect their motivation
1. ‘Type ls Cybereriminals - hungry for recognition
 Hobby hackers;
 IT professionals (social engineering is one ofthe biggest threat);
 politically motivated hackers;
 terrorist organizaions.
2. Type Il: Cybercriminals not interested in recognition
 Paychological perverts;
 financially motivated hackers (corporate espionage):

 state-sponsored hacking (national espionage, sabotage): • organized criminals.

3. Type III: Cybercriminals - the insiders

 Disgruntled or former employees seeking revenge;

 competing companies using employees to gain economic advantage through
damage and/or theft.

Thus, the typical "motives" behind cybercrime seem to be greed, desire to gain power and/or
publicity, desire for revenge, a sense of adventure, looking for thrill to access forbidden
information, destructive mindset and desire to sell network security services. This is
explained in Chapter 10. Cybercafes are known to play role in committing cybercrimes. A
link about cybercafes under ITA 2008 (amendment to Indian ITA 2000) is provided in Ref.
#23. Additional Useful Web References, Further Reading Another link, describing views if
the amended ITA 2000 is stringent enough for cybercriminals, is provided in the same
section as Ref. #24.

1.5 Classifications of Cybercrimes

Table 1.6 presents a scheme for cybercrime classification (broad and narrow
classification).

Crime is defined as "an act or the commission of an act that is forbidden, or the
omission of a duty that is commanded by a public law and that makes the offender
liable to punishment by that law" (Webster Dictionary).

Cybercrimes are classified as follows:

1.Cybercrime against individual

a. Electronic mail (E-Mail) Spoofing and other online frauds: Refer to Section 1.5.1
of this chapter and Chapter 4 for more details.
b. Phishing, Spear Phishing and its various other forms such as Vishing (Section
3.8.4) and Smishing (Section 3.8.5): Refer to Chapter 5 for discussion about Phishing
and Spear Phishing.
c. Spamming: It is explained in Section 1.5.2.
d. Cyberdefamation: It is explained later in Section 1.5.3.
e. Cyberstalking and harassment: It is explained in Chapter 2.
f. Computer sabotage: It is explained later in Section 1.5.15.
g. Pornographic offenses: It is explained in Section 1.5.13.
h. Password sniffing: This also belongs to the category of cybercrimes against
organization because the use of password could be by an individual for his/her
personal work or the work he/she is doing using a computer that belongs to an
organization. It is explained in Section 1.5.19 (also see Table 1.5).
2. Cybercrime against property
 Credit card frauds: Refer to Chapter 5 for Phishing and Spear
Phishing and Chapter 11, Section 11.4 (in CD).
 Intellectual property (IP) crime: Basically, IP crimes include
software piracy, copyright infringement, trademarks violations, theft of
computer source code, etc. (refer to Chapters 9 and 10).
 Internet time theft: It is explained in Section 1.5.4 as well as in
Chapter 11 (Mini-Case 4, Section 11.3.4).
3. Cybercrime against organization
 Unauthorized accessing of computer. Hacking is one method of
doing this and hacking is a punishable offense (see point 2 in Box
1.7).
 Pasword sniffing: It is explained in Section 1.5.19 (also see Table
1.5). Denial-of-service attacks (known as DoS attacks):
 Virus attack dissemination of viruses: Refer to Chapter 4 for
detailed discussion on this
 E-Mail bombing/mail bombs: It is explained in Section 1.5.16.
 Salami attack/Salami technique: It is explained in Section 1.5.5.
 Logic bomb: It is explained in Section 1.5.15 (Computer Sabotage).
 Trojan Horse: It is explained more in detail in Chapter 4 Data
diddling: It is explained in Section 1.5.6. Refer to Section 11.2.6,
Chapter 11.
 Crimes emanating from Usenet newsgroup: It is explained in
Section 1.5.9.
 Industrial spying/industrial espionage: It is explained in Section
1.5.10. Computer network intrusions: It is explained in Section
1.5.18. • Software pinacy - It is explained in Section 1.5.14. Also
refer to Section 9.2.2, Chapter 9
4.Cybercrime against Society
 Forgery: It is explained in Section 1.5.7 (see Table 1.6 and Box 1.6).
 Cyberterrorism: Refer to Box 1.1 and Box 1.7, and Section 1.2 for
detailed discussion on this
 Web jacking: It is explained in Section 1.5.8. 5.
5.Crimes emanating from Usenet newsgroup.
By its very nature, Usenet groups may carry very offensive, harmful,
inaccurate or otherwise inappropriate material, or in some cases, postings
that have been mai labeled or are deceptive in another way. Therefore, it is
expected that you will use caution and common sense and exercise proper
judgment when using Usenet, as well as use the service at your own risk.
Let us take a brief look at some of the cybercrime forms mentioned above.
1.5.1 E-Mail Spoofing
A spoofed E-Mail is one that appears to originate from one source but
actually has been sent from another source. For example, let us say,
Roopa has an E-Mail address roopa@asianlaws.org. Let us say her
boyfriend Suresh and she happen to have a show down. Then Suresh,
having become her enemy, spoofs her E-Mail and sends obscene/vulgar
messages to all her acquaintances. Since the E-Mails appear to have
originated from Roopa, her friends could take offense and relationships
could be spoiled for life. See Box 2.7 in Chapter 2.
1.5.2 Spamming
People who create electronic Spam are called spammers. Spam is the
abuse of electronic messaging systems (including most broadcast media,
digital delivery systems) to send unsolicited bulk messages
indiscriminately. Although the most widely recognized form of Spam is E-
Mail Spam, the term is applied to similar abuses in other media: instant
messaging Spam, Usenet newsgroup Spam, web search engine Spam,
Spam in blogs, wiki Spam, online classified ads Spam, mobile phone
messaging Spam, Internet forum Spam, junk fax transmissions, social
networking Spam, file sharing network Spam, video sharing sites, etc.
1.5.7 Forgery
Counterfeit currency notes, postage and revenue stamps, marksheets, etc.
can be forged using sophisticated computers, printers and scanners.
Outside many colleges there are miscreants soliciting the sale of fake
marksheets or even degree certificates. These are made using computers
and high quality scanners and printers. In fact, this is becoming a booming
business involving large monetary amount given to student gangs in
exchange for these bogus but authentic looking certificates.
1.5.8 Web Jacking
Web jacking occurs when someone forcefully takes control of a website
(by cracking the password and later changing it). Thus, the first stage of
this crime involves "password sniffing. The actual owner of the website
does not have any more control over what appears on that website.
1.5.11 Hacking
Although the purposes of hacking are many, the main ones are as follows:
1. Greed;
2. power;
3. publicity
4.revenge:
5.adventure;
6. desire to access forbidden information:
7. destructive mindset.
Every act committed toward breaking into a computer and/or network is
hacking and it is an offense. Hackers write or use ready-made computer
programs to attack the target computer. They possess the desire to
destruct and they get enjoyment out of such destruction. Some hackers
hack for personal monetary gains, such as stealing credit card information,
transferring money from various bank accounts to their own account
followed by withdrawal of money. They extort money from some corporate
giant threatening him to publish the stolen information that is critical in
nature. Government websites are hot on hackers' target lists and attacks on
Government websites receive wide press coverage. For example,
according to the story posted on December 2009, the NASA site was
hacked via SQL Injection (see Ref. #22, Additional Useful Web References,
Further Reading). SQL Injection is covered more in detail in Chapter 4.
Examples of prominent websites hacked are shown in Figs. 1.6-1.10.
Hackers, crackers and phrackers are some of the oft-heard terms.
The original meaning of the word "hack" meaning an elegant, witty or
inspired way of doing almost anything originated at MIT. The meaning has
now changed to become something associated with the breaking into or
harming of any kind of computer or telecommunications system. Some
people claim that those who break into computer systems should ideally be
called "crackers" and those targeting phones should be known as
"phreaks" (see Chapter 17, Box 17.3 of Ref. #3, Books, Further Reading).
1.5.12 Online Frauds
Refer to Chapter 11, Section 11.7: Online Scams. There are a few major
types of crimes under the category of hacking: Spoofing website and E-Mail
security alerts, hoax mails about virus threats (refer to Chapter 4), lottery
frauds and Spoofing. In Spoofing websites and E-Mail security threats,
fraudsters create authentic looking websites that are actually nothing but a
spoof (see Chapter 5 for details of Spoofing). The purpose of these
websites is to make the user enter personal information which is then used
to access business and bank accounts. Fraudsters are increasingly turning
to E-Mail to generate traffic to these websites. This kind of online fraud is
common in banking and financial sector. Refer to Chapter 11, Section 11.4.
There is a rise in the number of financial institutions' customers who
receive such E-Mails which usually contain a link to a spoof website and
mislead users to enter user ids and passwords on the pretence that
security details can be updated or passwords changed. It is wise to be alert
and careful about E-Mails containing an embedded link, with a request for
you to enter secret details. It is strongly recommended not to input any
sensitive information that might help criminals to gain access to sensitive
information, such as bank account details, even if the page appears
legitimate. In virus hoax E-Mails, the warnings may be genuine, so there is
always a dilemma whether to take them lightly or seriously. A wise action is
to first confirm by visiting an antivirus site such as McAfee, Sophos or
Symantec before taking any action, such as forwarding them to friends and
colleagues.
1.5.13 Pornographic Offenses
"Child pornography" means any visual depiction, including but not limited to
the following:
1. Any photograph that can be considered obscene and/or unsuitable for
age of child viewer
2. film, video, picture;
3.computer-generated image or picture of sexually explicit conduct where
the production of such visual depiction involves the use of a minor
engaging in sexually explicit conduct.
Child pornography is considered an offense. Unfortunately, child
pornography is a reality of the Internet. The Internet is being highly used by
its abusers to reach and abuse children sexually, worldwide. In India too,
the Internet has become a household commodity in the urban areas of the
nation. Its explosion has made the children a viable victim to the
cybercrime. As the broad-band connections get into the reach of more and
more homes, larger child population will be using the Internet and therefore
greater would be the chances of falling victim to the aggression of
pedophiles. "Pedophiles are people who physically or psychologically
coerce minors to engage in sexual activities, which the minors would not
consciously consent to. Here is how pedophiles operate:
Step 1: Pedophiles use a false identity to trap the children/teenagers (using
"false identity" which in itself is another crime called "identity theft"). ID
Theft is addressed in Chapter 5.
Step 2: They seek children/teens in the kids' areas on the services, such
as the Teens BB, Games BB or chat areas where the children gather.
Step 3: They befriend children/teens.
Step 4: They extract personal information from the child/teen by winning
his/her confidence.
Step 5: Pedophiles get E-Mail address of the child/teen and start making
contacts on the victim's E-Mail address as well. Sometimes, these E-Mails
contain sexually explicit language.
Step 6: They start sending pornographic images/text to the victim including
child pornographic images in order to help child/teen shed his/her
inhibitions so that a feeling is created in the mind of the victim that what is
being fed to him is normal and that everybody does it.
Step 7: At the end of it, the pedophiles set up a meeting with the child/teen
out of the house and then drag him/her into the net to further sexually
assault him/her or to use him/her as a sex object.
This is the irony of the “digital world"; in physical world, parents know the
face of dangers and they know how to avoid and face the problems by
following simple rules and accordingly they advice their children to keep
away from dangerous things and ways. However, it is possible, even in the
modern times most parents may not know the basics of the Internet and the
associated (hidden) dangers from the services offered over the Internet.
Hence most children may remain unprotected in the cyberworld.
Pedophiles take advantage of this situation and lure the children, who are
not advised by their parents or by their teachers about what is right/wrong
for them while browsing the Internet. Legal remedies exist only to some
extent, for example, Children's Online Privacy Protection Act or COPPA is
a way of preventing online pornography. Interested readers are referred to
COPPA sites. Readers would like to note that Net Nanny and Cybersitter
are software, originally designed for parents concerned about their
children's unrestricted access to the seamier side of the Internet, which can
be used to block a user's access to websites containing "dangerous" or
offensive material.
1.5.14 Software Piracy
This is a big challenge area indeed. (Readers may like to refer to Chapter
38 and other relevant pages of Ref. #3, Books, Further Reading.)
Cybercrime investigation cell of India defines "software piracy" as theft of
software through the illegal copying of genuine programes or the
counterfeiting and distribution of products intended to pass for the original.
There are many examples of software piracy: end-user copying-friends
loaning disks to each other, or organizations under-reporting the number of
software installations they have made, or organizations not tracking their
software licenses; hard disk loading with illicit means - hard disk vendors
load pirated software; counterfeiting-large-scale duplication and distribution
of illegally copied software; illegal downloads from the Internet - by
intrusion, by cracking serial numbers, etc. Beware that those who buy
pirated software have a lot to lose: (a) getting untested software that may
have been copied thousands of times over, (b) the software, if pirated, may
potentially contain hard-drive-infecting viruses, (c) there is no technical
support in the case of software failure, that is, lack of technical product
support available to properly licensed users, (d) there is no warranty
protection, (e) there is no legal right to use the product, etc.
Economic impact of software piracy is grave (see Fig. 1.11).
According to the Fourth Annual BSA and IDC Global Software Piracy
Study, 14 in Asia Pacific 55% of the software installed in 2006 on personal
computers (PCs) was obtained illegally, while software losses due to
software piracy amounted to USS 11.6 billion. The Global Software Piracy
Study mentioned covers all packaged software that runs on personal
computers, including desktops, laptops and ultraportables. The study
includes operating systems, systems software such as databases and
security packages, business applications and consumer applications such
as PC games, personal finance and reference software. Refer to Section
9.2.2, Chapter 9.
The BSA/IDC study of year 2006 did not include other types of
software such as those which run on servers or mainframes or software
sold as a service. It is shocking to know that 35% of the software installed
in 2006 on PCs worldwide was obtained illegally, amounting to nearly $40
billion in global losses due to software piracy. Progress was seen in a
number of emerging markets, most notably in China, where the piracy rate
dropped 10 percentage points in 3 years, and in Russia, where piracy fell
seven percentage points over 3 years. Figure 1.12 shows the regional
scenario on piracy rate
1.5.20 Password Sniffing
Password sniffers are programs that monitor and record the name and
password of network users as they login,jeopardizing security at a site.
Whoever installs the sniffer can then impersonate an authorized user and
login to access restricted documents. Laws are not yet set up to adequately
prosecure a person for impersonating another person online.Laws
designed to prevent unauthorised access to information may be effective in
apprehending crackers using Sniffer programs.
1.5.20 Credit Card Frauds
Information security requirements for anyone handling credit cards have
been increased dramatically recently Millions of dollars may be lost
annually by consumers who have credit card and calling card numbers
stolen from online databases. Security measures are improving, and
traditional methods of law enforcement seem to be sufficient for
prosecuting the thieves of such information. Bulletin boards and other
online services are frequent targets for hackers who want to access large
databases of credit card information. Such attacks usually result in the
implementation of stronger security systems. For more on credit card
frauds see Chapter 3, Section 3.4 (Credit Card Frauds in Mobile and
Wireless Computing Era) in Ref. #1, Books, Further Reading, Security of
cardholder data has become one of the biggest issues facing the payment
card industry. Payment Card Industry Data Security Standard (PCI-DSS) is
a set of regulations developed jointly by the leading card schemes to
prevent cardholder data theft and to help combat credit card fraud. We urge
readers to visit the PCI-DSS-related URLs. 16 Refer to Chapter 11, Section
11.4.2.
1.5.21Identity Theft
Identity theft is a fraud involving another person's identity for an illicit
purpose. This occurs when a criminal uses someone else's identity for
his/her own illegal purposes. Phishing and identity theft are related
offenses (the topic is addressed in Chapter 5). Examples include
fraudulently obtaining credit, stealing money from the victim's bank
accounts, using the victim's credit card number (recall the discussion in the
previous section about credit card frauds), establishing accounts with utility
companies, renting an apartment or even filing bankruptcy using the
victim's name. The cyberimpersonator can steal unlimited funds in the
victim's name without the victim even knowing about it for months,
sometimes even for years! Thus far, we have provided an overview of
various types of well-known cybercrimes. In most cybercrime forms,
computers and/or other digital devices end up getting used as one or a
combination of the following:
1. As the tool for committing cybercrime;
2. crime involving attack against the computer;
3. use for storing information related to cybercrime/information useful for
committing cybercrime.
1.6 Cybercrime:
The Legal Perspectives Greater details on this are discussed in Chapter 6
and only a brief discussion is done in this section. Cybercrime poses a
mammoth challenge. In the first comprehensive presentation of computer
crime, Computer Crime: Criminal Justice Resource Manual (1979) (see
Ref. #2, Additional Useful Web References, Further Reading), computer-
related crime was defined in the broader meaning as: any illegal act for
which knowledge of computer technology is essential for a successful
prosecution. International legal aspects of computer crimes were studied in
1983. In that study, computer crime was consequently defined as:
encompasses any illegal act for which knowledge of computer technology
is essential for its perpetration.
Cybercrime, in a way, is the outcome of "globalization." However,
globalization does not mean globalized welfare at all. Globalized
information systems accommodate an increasing number of transnational
offenses. The network context of cybercrime makes it one of the most
globalized offenses of the present and the most modernized threats of the
future. This problem can be resolved in two ways. One is to divide
information systems into segments bordered by state boundaries (cross-
border flow of information). The other is to incorporate the legal system into
an integrated entity obliterating these state boundaries. Apparently, the first
way is unrealistic. Although all ancient empires including Rome, Greece
and Mongolia became historical remnants, and giant empires are not
prevalent in current world, the partition of information systems cannot be an
imagined practice. In a globally connected world, information systems
become the unique empire without tangible territory.
1.6 Cybercrimes:
An Indian Perspective India has the fourth highest number of Internet users
in the world. According to the statistics posted on the site
(http://www.iamai.in/), there are 45 million Internet users in India, 37% of all
Internet accesses happen from cybercafes and 57% of Indian Internet
users are between 18 and 35 years. The population of educated youth is
high in India. It is reported that compared to the year 2006, cybercrime
under the Information Technology (IT) Act recorded a whopping 50%
increase in the year 2007." A point to note is that the majority of offenders
were under 30 years. The maximum cybercrime cases, about 46%, were
related to incidents of cyberpornography, followed by hacking. In over 60%
of these cases, offenders were between 18 and 30 years, according to the
"Crime in 2007" report of the National Crime Record Bureau (NCRB). Box
1.6 shows the Indian Statistics on cybercrimes. Also revisit Tables 1.1-1.4.
The Indian Government is doing its best to control cybercrimes. For
example, Delhi Police have now trained 100 of its officers in handling
cybercrime and placed them in its Economic Offences Wing. As at the time
of writing this, the officers were trained for 6 weeks in computer hardware
and software, computer networks comprising data communication
networks, network protocols, wireless networks and network security.
1.7 Cybercrime and the Indian ITA 2000
In India, the ITA 2000 was enacted after the United Nation General
Assembly Resolution A/RES/51/162 in January 30, 1997 by adopting the
Model Law on Electronic Commerce adopted by the United Nations
Commission on International Trade Law. This was the first step toward the
Law relating to E-Commerce at international level to regulate an alternative
form of commerce and to give legal status in the area of E-Commerce. It
was enacted taking into consideration UNICITRAL model of Law on
Electronic Commerce (1996).
1.8.1 Hacking and the Indian Law(s)
Cybercrimes are punishable under two categories: the ITA 2000 and the
IPC (see Tables 1.1 and 1.2). A total of 207 cases of cybercrime were
registered under the IT Act in 2007 compared to 142 cases registered in
2006. Under the IPC too, 339 cases were recorded in 2007 compared to
311 cases in 2006. There are some noteworthy provisions under the ITA
2000, which is said to be undergoing key changes very soon (as at the time
of writing this, Table 1.7).