CYBER CRIME & INFORMATION SECURITY

Cyber Crime
Meaning – Criminal activities carried out by means of computers or the
internet. Definition –
 Cybercrime is defined as a crime where a computer is the object of the crime or is used as
a tool to commit an offense.
 A cybercriminal may use a device to access a user's personal information, confidential
business information, government information, or disable a device.
 Cybercrime, also called computer crime, the use of a computer as an instrument to further
illegal ends, such as committing fraud, trafficking in child pornography and intellectual
property, stealing identities, or violating privacy.
 Cybercrime, especially through the Internet, has grown in importance as the computer has
become central to commerce, entertainment, and government.
 Cyber crime or computer-oriented crime is a crime that includes a computer and a
network. The computer may have been used in the execution of a crime or it may be the
target.
Cyber crime encloses a wide range of activities, but these can generally be divided into two
categories:
a) Crimes that aim computer networks or devices. These types of crimes involve different threats
(like virus, bugs etc.) and denial-of-service attacks.
b) Crimes that use computer networks to commit other criminal activities. These types of crimes
include cyber stalking, financial fraud or identity theft.
5.2 Classification of Cyber Crimes
Email spoofing
 Email spoofing is a form of cyber attack in which a hacker sends an email that has been
manipulated to seem as if it originated from a trusted source.
 For example, a spoofed email may pretend to be from a well-known shopping website,
asking the recipient to provide sensitive data, such as a password or credit card number.
 Alternatively, a spoofed email may include a link that installs malware on the user's
device if clicked.
  An example of spoofing is when an email is sent from a false sender address, that asks
the recipient to provide sensitive data.
 This email could also contain a link to a malicious website that contains malware.
Spamming
 Spamming is the use of electronic messaging systems like e-mails and other digital
delivery systems and broadcast media to send unwanted bulk messages indiscriminately.
 The term spamming is also applied to other media like in internet forums, instant
messaging, and mobile text messaging, social networking spam, junk fax transmissions,
television advertising and sharing network spam.
 Spam is any kind of unwanted, unsolicited digital communication that gets sent out in
bulk. Often spam is sent via email, but it can also be distributed via text messages, phone
calls, or social media.
Cyber defamation
 The tort of cyber defamation is an act of intentionally insulting, defaming or offending
another individual or a party through a virtual medium.
 It can be both written and oral.
 Defamation means giving an “injury to the reputation of a person” resulting from a
statement which is false. The term defamation is used in the section 499 of Indian Penal
Code, 1860.
 Cyber defamation is also known as internet defamation or online defamation in the world
of internet and its users.
 Cyber defamation is also known as internet defamation or online defamation in the world
of internet and its users.
 Cyber defamation is a new concept but it virtually defames a person through new
medium. The medium of defaming the individual's identity is through the help of
computers via internet.
Internet time theft
 It refers to the theft in a manner where the unauthorized person uses internet hours paid
by another person.
 The authorized person gets access to another person's ISP user ID and password, either
by hacking or by illegal means without that person's knowledge.
  Basically, Internet time theft comes under hacking. It is the use by an unauthorized
person, of the Internet hours paid for by another person.
Salami Attack
 A salami attack is a small attack that can be repeated many times very efficiently. Thus
the combined output of the attack is great.
 In the example above, it refers to stealing the round-off from interest in bank accounts.
 Even though it is less than 1 cent per account, when multiplied by millions of accounts
over many months, the adversary can retrieve quite a large amount. It is also less likely to
be noticeable since your average customer would assume that the amount was rounded
down to the nearest cent.
Data Diddling
 Data diddling is a type of cybercrime in which data is altered as it is entered into a
computer system, most often by a data entry clerk or a computer virus.
 Data diddling is an illegal or unauthorized data alteration. Changing data before or as it is
input into a computer or output.
 Example: Account executives can change the employee time sheet information of
employees before entering to the HR payroll application.
Forgery
When a perpetrator alters documents stored in computerized form, the crime committed may be
forgery. In this instance, computer systems are the target of criminal activity.
 The term forgery usually describes a message related attack against a cryptographic
digital signature scheme. That is an attack trying to fabricate a digital signature for a
message without having access to the respective signer's private signing key.
 Among the many examples of this crime, taking another's work, whether it be written or
visual, such as a artwork, and attempting to distribute it as either your own or as an
original is an example of forgery.
 Likewise, either creating fake documents or producing counterfeit items is considered to
be forgery as well.
Hacking
 Hacking refers to activities that seek to compromise digital devices, such as computers,
smartphones, tablets, and even entire networks.
  Hacking is an attempt to exploit a computer system or a private network inside a
computer. Simply put, it is the unauthorized access to or control over computer network
security systems for some illicit purpose
Email bombing
 An email bomb or "mail bomb" is a malicious act in which a large number of email
messages are sent to a single email address in a short period of time. The purpose of an
email bomb is typically to overflow a user's inbox. In some cases, it will also make the
mail server unresponsive.

Tools and Methods used in Cyber Crime

Proxy Server
 It is a server (a computer system or an application) that acts as an intermediary for
requests from clients seeking resources from other servers.
 A client connects to the proxy server, requesting some service, such as a file, connection,
web page, or other resource available from a different server and the proxy server
evaluates the request as a way to simplify and control its complexity.
 Proxies were invented to add structure and encapsulation to distributed systems.
 Today, most proxies are web proxies, facilitating access to content on the World Wide
Web and providing anonymity
Anonymizer
 An anonymizer or an anonymous proxy is a tool that attempts to make activity on the
Internet untraceable.
 It is a proxy server computer that acts as an intermediary and privacy shield between a
client computer and the rest of the Internet.
 It accesses the Internet on the user’s behalf, protecting personal information by hiding the
client computer’s identifying information
Phishing
 Phishing is a cybercrime in which a target or targets are contacted by email, telephone or
text message by someone posing as a genuine (legal) organization to ensnare individuals
into providing sensitive data such as personally identifiable information, banking and
credit card details, and passwords.
Keylogger
 Keyloggers are a form of spyware where users are unaware their actions are being
tracked. Keyloggers can be used for a variety of purposes; hackers may use them to
 maliciously gain access to your private information, while employers might use them to
monitor employee activities. Spyware is largely invisible software that gathers
information about your computer use, including browsing. Key loggers are a form of
spyware that capture every keystroke you type; they can send this information to remote servers,
where log-in information--including your passwords--can be extracted and used.
 A keylogger is a tool that captures and records a user's keystrokes. It can record instant
messages, email, passwords and any other information you type at any time using your
keyboard. Keyloggers can be hardware or software.
 Spyware is any software that installs itself on your computer and starts covertly
monitoring your online behaviour without your knowledge or permission. Spyware is a
kind of malware that secretly gathers information about a person or organization and
relays this data to other parties.
There are two common types of keyloggers.
Software and Hardware keyloggers.
 Software Keyloggers.
 Hardware Keyloggers.
 Spear Phishing.
 Drive-by-Downloads.
 Trojan Horse.
 2-Step Verification.
 Install Anti Malware Software
 Use Key Encryption Software
Hardware Keyloggers
 Hardware keyloggers are small hardware devices.

 These are connected to the PC and/or to the keyboard and save every keystroke into a file
or in the memory of the hardware device.
 Cybercriminals install such devices on ATM machines to capture ATM Cards’ PINs.
 Each keypress on the keyboard of the ATM gets registered by these keyloggers.
 These keyloggers look like an integrated part of such systems; hence, bank customers are
unaware of their presence.
Software Keyloggers
Software keyloggers are software programs installed on the computer systems which usually are
located between the OS and the keyboard hardware, and every keystroke is recorded. Software
keyloggers are installed on a computer system by Trojans or viruses without the knowledge of
the user.
Antikeylogger
 Antikeylogger is a tool that can detect the keylogger installed on the computer system
and also can remove the tool.
 Advantages of using antikeylogger are as follows:
 Firewalls cannot detect the installations of keyloggers on the systems; hence,
antikeyloggers can detect installations of keylogger.
 This software does not require regular updates of signature bases to work effectively such
as other antivirus and antispy programs if not updated, it does not serve the purpose,
which makes the users at risk.
Spywares
Spyware is a type of malware, that is installed on computers which collects information about
users without their knowledge. The presence of Spyware is typically hidden, from the user, it is
secretly installed on the user's personal computer. Sometimes, however, Spywares such as
keyloggers are installed by the owner of a shared, corporate or public computer on purpose to
secretly monitor other users.

Password Cracking
Password cracking is the process of attempting to gain Unauthorized access to restricted systems
using common passwords or algorithms that guess passwords. In other words, it's an art of
obtaining the correct password that gives access to a system protected by an authentication
method.
Password cracking refers to various measures used to discover computer passwords. This is
usually accomplished by recovering passwords from data stored in, or transported from, a
computer system. Password cracking is done by either repeatedly guessing the password, usually
through a computer algorithm in which the computer tries numerous combinations until the
password is successfully discovered.
Password cracking can be done for several reasons, but the most malicious reason is in order to
gain unauthorized access to a computer without the computer owner’s awareness. This results in
cybercrime such as stealing passwords for the purpose of accessing banking information. Other,
nonmalicious, reasons for password cracking occur when someone has misplaced or forgotten a
password.
The purpose of password cracking is as follows:
 To recover a forgotten password
 Testing the strength of a password
 To gain unauthorized access to a system
Manual password cracking is a process of trying out different password combinations and
checking if each one of them working or not and is quite a time consuming process. Manual
password cracking involves:
1. Find a valid user account
2. Create a list of possible passwords (dictionary)
3. Rank the passwords from high to low probability
4. Key-in each password
5. Try again until a successful password is found
Sometimes password can be guessed with the prior knowledge of the target user’s information.
Different characteristics of a guessable password are as follows:
 Blank (no password)
 General passwords like password, admin, 123456, etc.
 Series of letters like QWERTY
 User’s name or login name
 Name of user’s friend/relative/pet
 User’s birth date or birth place
 User’s vehicle number, office number, residence or mobile number
 Name of a celebrity or idol
 Simple modification of the above mentioned passwords (like adding numbers)
Password Cracking Techniques
Password cracking can be classified into three types:
 Online attacks
 Offline attacks
 Non-electronic attacks (social engineering, shoulder surfing, dumpster diving etc)

SQL Injection
An SQL injection is a type of cyber-attack in which a hacker uses a piece of SQL (Structured
Query Language) code to manipulate a database and gain access to potentially valuable
information. ... Prime examples include notable attacks against Sony Pictures and Microsoft
among others.
SQL injection (SQLi) is a type of cyberattack against web applications that use SQL databases
such as IBM Db2, Oracle, MySQL, and MariaDB. As the name suggests, the attack involves the
injection of malicious SQL statements to interfere with the queries sent by a web application to
its database.
Using SQL injection, a hacker will try to enter a specifically crafted SQL commands into a form
field instead of the expected information. The intent is to secure a response from the database
that will help the hacker understand the database construction, such as table names.
Steps for SQL Injection Attack
Following are some steps for SQL injection attack:
1. The attacker looks for the webpages that allow submitting data, that is, login page,
search page, feedback, etc.
2. To check the source code of any website, right click on the webpage and click on “view
source” (if you are using IE – Internet Explorer) – source code is displayed in the notepad.
The attacker checks the source code of the HTML, and look for “FORM” tag in theHTML
code. Everything between the
<FORM< and </FORM> have potential parameters that might be useful to find
the vulnerabilities.
<FORM action=Search/search.asp method=post>
<input type=hidden name=A value=C></FORM>
3. The attacker inputs a single quote under the text box provided on the webpage to accept
the user- name and password. This checks whether the user-input variable is sanitized or
interpreted literally by the server.
4. The attacker uses SQL commands such as SELECT statement command to retrieve
data from the database or INSERT statement to add information to the database
Blind SQL Injection

Blind SQL injection is used when a web application is vulnerable to an SQL injection but the
results of the injection are not visible to the attacker. The page with the vulnerability may not be
the one that displays data.
Using SQL injections, attackers can:
1. Obtain some basic information if the purpose of the attack is reconnaissance.
2. May gain access to the database by obtaining username and their password.
3. Add new data to the database.
4. Modify data currently in the database
Tools used for SQL Server penetration
 1. AppDetectivePro
2. DbProtect
3. Database Scanner
4. SQLPoke
5. NGSSQLCrack
6. Microsoft SQL Server Fingerprint (MSSQLFP) Tool
How to Prevent SQL Injection Attacks
SQL injection attacks occur due to poor website administration and coding. The following
steps can be taken to prevent SQL injection.
1. Input validation
2. Modify error reports
3. Other preventions

Cloud Security
Cloud computing which is one of the most demanding technology of the current time, starting
from small to large organizations have started using cloud computing services. Where there are
different types of cloud deployment models are available and cloud services are provided as
per requirement like that internally and externally security is maintained to keep the cloud
system safe. Cloud computing security or cloud security is an important concern which refers
to the act of protecting cloud environments, data, information and applications against
unauthorized access, DDOS attacks, malwares, hackers and other similar attacks.
Community Cloud : These allow to a limited set of organizations or employees to access a
shared cloud computing service environment.
Planning of security in Cloud Computing:
As security is a major concern in cloud implementation, so an organization have to plan for
security based on some factors like below represents the three main factors on which planning
of cloud security depends.
 Resources that can be moved to the cloud and test its sensitivity risk are picked.
 The type of cloud is to be considered.
 The risk in the deployment of the cloud depends on the types of cloud and service models.
Types of Cloud Computing Security Controls :
There are 4 types of cloud computing security controls i.e.
1. Deterrent Controls : Deterrent controls are designed to block nefarious attacks on a cloud
 system. These come in handy when there are insider attackers.
2. Preventive Controls : Preventive controls make the system resilient to attacks by
eliminating vulnerabilities in it.
3. Detective Controls : It identifies and reacts to security threats and control. Some examples
of detective control software are Intrusion detection software and network security
monitoring tools.
4. Corrective Controls : In the event of a security attack these controls are activated. They
limit the damage caused by the attack.