Categories of Cybercrime

• Categories of Cybercrime can be categorized

based on the following:
1 . The target of the crime
2.whether the crime occurs as a single event or
as a series of events.
cybercrime can be targeted against individuals
(persons), assets(property) and organizations
(government, business and social).
 1. Crimes targeted at individuals
• The goal is to exploit human weakness such as
greed and naivery. These crimes include financial
frauds, sale of non-existent or stolen items, child
pornography, copyright violation, harassment, etc.
with the development in the IT and the Internet;
• Thus criminals have a new tool that allows them
to expand the pool of potential victims. However,
this also makes difficult to trace and apprehend
the criminals.
 2. Crimes targeted at property
• This includes stealing mobile devices such as
cell phone, laptops ,personal digital assistant
(PDAs), and removable medias (CDs and pen
drives);
• Transmitting harmfull programs that can
disrupt functions of the systems and/or can
wipe out data from hard disk, and can create
the malfunctioning of the attached devices in
the system such as modem, CD drive, etc.
3. Crimes targeted at organizations
• Cyber terrorism is one of the distinct crimes
against organizations/governments.
• Attackers (individuals or groups of individuals)
use computer tools and the Internet to usually
terrorize the citizens of a particular country by
stealing the private information and also to
damage the programs and files or plant
programs to get control of the network.
 4. Single event of cybercrime
• It is the single event from the perspective of
the victim. For example, unknowingly open an
attachment that may contain virus that will
infect the system (PC/laptop).This is known as
hacking or fraud.
5. Series of events:

• This involves attacker interacting with the

victims repetitively. For example, attacker
interacts with the victim on the phone and/or
via chat rooms to establish relationship first
and then they exploit that relationship to
commit the sexual assault.
 How Criminals Plan the Attacks
• Criminals use many methods and tools to locate
the vulnerabilities of their target. The target can
be an individual and/or an organization. (The
custodian of a property can be an individual or an
organization; for discussion purpose not
mentioned here.) Criminals plan passive and
active attacks .
• Active attacks are usually used to alter the system
(i.e., computer network) whereas passive attacks
attempt to gain information about the target.
• In addition to the active and passive
categories, attacks can be categorized as
either inside or outside.
• An attack originating and/or attempted within
the security perimeter of an organization is an
inside attack; it is usually attempted by an
"insider" who gains access to more resources
than expected.
• An outside attack is attempted by a source
outside the security perimeter, maybe
attempted by an insider and/or an outsider,
who is indirectly associated with the
organization, it is attempted through the
Internet or a remote access connection.
 ->The following phases are involved in planning
cybercrime:
1.Reconnaissance (information gathering) is the
first phase and is treated as passive attacks.
2.Scanning and scrutinizing the gathered
information for the validity of the information as
well as to identify the existing vulnerabilities.
3. Launching an attack (gaining and maintaining
the system access)
 Reconnaissance
• The literal meaning of "Reconnaissance" is an act
of reconnoitering - explore, often with the goal of
finding something or somebody (especially to gain
information about an enemy or potential enemy).
• In the world of "hacking," reconnaissance phase
begins with "Foot printing" — this is the
preparation toward pre attack phase, and involves
accumulating data about the target's environment.
• Foot printing gives an overview about system vulnerabilities
and provides a judgment about possible exploitation of those
vulnerabilities. The objective of this preparatory phase is to
understand the system, its. networking ports and services,
and any other aspects of it’s security that are needful for
launching the attack .
• Thus, an attacker attempts to gather information in two
phases: passive and active attacks. Let us under-stand these
two phases.
 Passive Attacks
• A passive attack involves gathering information
about a target without his/her (individual's or
company's)knowledge. It can be as simple as
watching a building to identify what time
employees enter the building premises.
• However, it is usually done using Internet
searches or by Googling (i.e., searching the
required information with the help of search
engine Google) an individual or company to gain
information.
1. Google or Yahoo search: People search to
locate information about employees .

2. Surfing online community groups like

Orkut/Facebook wil prove useful to gain the
information about an individual.
3. Organization's website may provide a personnel
directory or information about key employees, for
example, contact details, E-Mail address, etc. These can
be used in a social engineering attack to reach the
target .
4. Blogs, newsgroups, press releases, etc. are generally
used as the mediums to gain information about the
company or employees.
• 5. Going through the job postings in particular
job profiles for technical persons can provide
information about type of technology, that is,
servers or infrastructure devices a company
maybe using on its network.
 Active Attacks
• An active attack involves probing the network to discover
individual hosts to confirm the information(IP addresses,
operating system type and version, and services on the
network) gathered in the passive attack phase. It involves the
risk of detection and is also called "Rattling the doorknobs" or
"Active reconnaissance .
• Active reconnaissance can provide confirmation to an attacker
about security measures in place (eg, whether the front door
is locked?), but the process can also increase the chance of
being caught or raise a suspicion assessment and/or
penetration testing.
Table 2.2 gives the list of tools used for active atacks
 Scanning and Scrutinizing Gathered
Information
• Scanning is a key step to examine intelligently while
gathering information about the target. The
objectives of scanning are as follows:
1. Port scanning: Identify open/close ports and
services.
2. Network scanning: Understand IP Addresses and
related information about the computer network
systems.
3. Vulnerability scanning: Understand the existing
weaknesses in the system.
Some of the well known ports are:
• The scrutinizing phase is always called
"enumeration" in the hacking world. The
objective behind this step is to identity:
1. The valid user accounts or groups.
2. network resources and/or shared resources.
3. OS and different applications that are running
on the OS.
 Attacks
• It means Gaining and Maintaining the System Access.
• After the scanning and enumeration, the attack is
launched using the following steps:
1. Crack the password
2. exploit the privileges.
3. execute the malicious commands/applications.
4. hide the files (if required).
5. cover the tracks - delete the access logs, so that
there is no trail illegal activity.
 Social Engineering
• Social engineering is the "technique to influence" and
"persuasion to deceive" people to obtain the information or
perform some action. Social engineers exploit the natural
tendency of a person to trust social engineers‘ word, rather
than exploiting computer security holes.
• It is generally agreed that people are the weak link insecurity
and this principle makes social engineering possible. A social
engineer usually uses telecommunication (i.e., telephone
and/or cell phone) or Internet to get them to do something
that is against the security practices and/or policies of the
organization .
• Social engineering involves gaining sensitive
information or unauthorized access privileges by
building in appropriate trust relationships with
insiders. It is an art of exploiting the trust of
people, which is not doubted while speaking in a
normal manner.
• The goal of a social engineer is to fool someone
into providing valuable information or access to
that information. Social engineer studies the
human behavior.
Classification of Social Engineering
• Human-based social engineering refers to person-to-
person interaction to get the required/desired
information. An example is calling the help desk and
trying to find out a password.
1. Impersonating an employee or valid user:
"Impersonation" (e.g., posing oneself as an employee
of the same organization) is perhaps the greatest
technique used by social engineers to deceive people..
2. Posing as an important user: The attacker
pretends to be an important user - for example, a
Chief Executive Officer (CEO) or high-level manager
who needs immediate assistance to gain access a
system. The attacker uses intimidation so that a
lower-level employee such as a help-desk work will
help him/her in gaining access to the system. Most
of the low-level employees will not ask all question
to someone who appears to be in a position of
authority.
• 3.Using a third person: An attacker pretends to
have permission from an authorized source to
us contacted for verification.
4. Caling technical support: Caling the technical
support for assistance is a classic social engineering
example. Help-desk and technical support personnel
are trained to help users, which makes them
5. Shoulder surfing: It is a technique of gathering
information such as usernames and passwords by
watching over a person's shoulder while he/she logs
into the system, thereby helping an attacker to gain
access to the system .
6. Dumpster diving: It involves looking in the trash for
information written on pieces of paper or computer printouts.
This is a typical North American term; it is used to describe the
practice of rummaging through commercial or residential trash
to find useful free items that have been discarded.
->It is also called dumpstering, binning, trashing, garbing or
garbage gleaning. "Scavenging" is another term to describe
these habits. In the UK, the practice is referred to as "binning" or
"skipping"
 Cyberstalking
• The dictionary meaning of "stalking" is an act or process of
following prey stealthily - trying to approach some-body or
something.
• Cyber stalking has been defined as the use of information and
communications technology particularly the Internet, by an
individual or group of individuals to harass another individual,
group66 Cyber Security.
• Understanding Cyber Crimes, Computer
Forensics and Legal Perspectives of
individuals, or organization. The behavior
includes false accusations, monitoring,
transmission of threats ,ID theft, damage to
data or equipment, solicitation of minors for
sexual purposes, and gathering information
for harassment purposes.
• Cyber stalking refers to the use of Internet
and/or other electronic communications
devices to stalk another person.
• It involves harassing or threatening behavior
that an individual will conduct repeatedly, for
example, following a person, visiting a
person's home and/or at business place,
making phone calls, leaving written messages,
or vandalizing against the person's property.
 Types of Stalkers

There are primarily two types of stalkers.

1. Online stalkers: They aim to start the interaction with the
victim directly with the help of the Internet. E-Mail and chat
rooms are the most popular communication medium to get
connected with the victim, rather than using traditional
instrumentation like telephone/cell phone. The stalker
makes sure that the victim recognizes the attack attempted
on him/her.
• 2. Offline stalkers: The stalker may begin the
attack using traditional methods such as
following the victim, watching the daily routine
of the victim, etc. Searching on message
boards/newsgroups, personal websites, and
people finding services or websites are most
common ways to gather information about the
victim using the Internet. The victim is not
aware that the Internet has
 How Stalking Works
->It is seen that stalking works in the following
ways:
1. Personal information gathering about the
victim: Name; family background; contact details
such as cell phone and telephone numbers (of
residence as well as office); address of residence
as well as of the office; E-Mail address; date of
birth, etc.
2.Establish a contact with victim through
telephone/cell phone. Once the contact is
established, the stalker may make calls to the
victim to threaten/harass.
3. Stalkers will almost always establish a contact
with the victims through E-Mail. The letters may
have the tone of loving, threatening or can be
sexually explicit. The stalker may use multiple
names while contacting the victim.
4. Some stalkers keep on sending repeated E-
Mails asking for various kinds of favors or
threaten the victim.
5. The stalker may post the victim's personal
information on any website related to illicit services
such as sex-workers' services or dating services,
posing as if the victim has posted the information
and invite the people to call the victim on the given
contact details (telephone numbers/cell phone
numbers/E-Mail address) to have sexual services.
The stalker will use bad and/or offensive/attractive
language to invite the interested persons.
6. Whosoever comes across the information,
start calling the victim on the given contact
details(telephone/cell phone no), asking for
sexual services or relationships.
7. Some stalkers subscribe/register the E-Mail
account of the victim to innumerable
pornographic and sex
 Cyber cafe and Cybercrimes
• In February 2009, Nielsen survey on the profile of
cyber cafes users in India, it was found that 90%
of the audience, across eight cities and 3,500
cafes, were male and in the age group of 15-35
years; 52% were graduates and postgraduates,
though almost over 50% were students.
• Hence, it is extremely important to understand
the IT security and governance practiced in the
cybercafes
• Understanding Cyber Crimes, Computer
Forensics and Legal Perspectives In the past
several years, many instances have been
reported in India, where cyber cafes are known
to be used for either real or false terrorist
communication.
• Cybercrimes such as stealing of bank passwords
and subsequent fraudulent withdrawal of money
have also happened through cyber cafes.
Cyber cafes have also been used regularly for sending obscene
mails to harass people .Public computers, usually referred to the
systems, available in cyber cafes, hold two types of risks.
First ,we do not know what programs are installed on the
computer - that is, risk of malicious programs such as key loggers
or Spyware, which maybe running at the background that can
capture the keystrokes to know the passwords and other
confidential information and/or monitor the browsing behavior.
Second, over-the-shoulder peeping (i.e., shoulder surfing) can
enable others to find out your passwords.
• . Therefore, one has to be extremely careful about protecting
his/her privacy on such systems, as one does not know who
will use the computer after him/her. Indian Information
Technology Act (ITA) 2000" does not define cyber cafes and
interprets cyber cafes as "network service providers" referred
to under the erstwhile Section 79,which imposed on them a
responsibility for "due diligence" failing which they would be
liable for the offenses committed in their network.
• The concept of "due diligence" was interpreted from the
various provisions in cyber-cafe regulations where available or
normal responsibilities were expected from network service
providers .Cybercriminals prefer cyber cafes to carry out their
activities. The criminals tend to identify one particular
personal computer (PC) to prepare it for their use.
Cybercriminals can either install malicious programs such as
key loggers and/or Spyware or launch an attack on the target -
techniques used . Cybercriminals will visit these cafes at a
particular time and on the prescribed frequency, may
 Botnets: The Fuel for Cybercrime.
• Botnet The dictionary meaning of Bot is computing an
automated program for doing some particular task, often over
a network. Botnet is a term used for collection of software
robots, or Bots, that run autonomously and automatically.
• The term is often associated with malicious software but can
also refer to the network of computers using distributed
computing software. In simple terms, a Bot is simply an
automated computer program .
• One can gain the control of your computer by
infecting them with a virus or other Malicious
Code that gives the access. Your computer
system maybe a part of a Botnet . even though
it appears to be operating normally.
• Botnets are often used to conduct a range of
activities, from distributing Spam and viruses
to conducting denial-of-service (DoS) attacks .
• A botnet (also called as zombie network) is a network of
computers infected with a malicious program that allows
cybercriminals to control the infected machines remotely
without the users' knowledge.
• "Zombie networks" have become a source of income for
entire groups of cybercriminals. The invariably low cost of
maintaining a Botnet and the ever diminishing degree of
knowledge required to manage one are conducive to the
growth in popularity and, consequently, the number of
Botnets.
• If someone wants to start a "business" and has
no programming skills, there are plenty of
"Bot for sale“ offers on forums. encryption of
these programs code can also be ordered in
the same way to protect them from detection
by antivirus tools. Another option is to steal an
existing Botnet.
 Attack Vector
• An "attack vector" is a path or means by which
an attacker can gain access to a computer or
to a network server to deliver a payload or
malicious outcome.
• Attack vectors enable attackers to exploit
system vulnerabilities, including the human
element. Attack vectors include viruses, E-Mail
attachments, webpages, pop-up windows,
instant messages, chat rooms; and deception.
• To some extent, firewalls and antivirus
software can block attack vectors. However,
no protection method is totally attack-proof. A
defense method that is effective today may
not remain so for long because attackers are
constantly updating attack vectors, and
seeking new ones, in their quest to gain
unauthorized acces.
 The attack vectors described here are

1. Attack by E-Mail: The hostile content is

either embedded in the message or linked to by
the message. Sometimes attacks combine the
two vectors, so that if the message does not get
you, the attachment will. Spam is almost always
carrier for scams, fraud, dirty tricks, or malicious
action of some kind. Any link that offers
something "free" or tempting is a suspect.
2. Attachments (and other files):
Malicious attachments install malicious
computer code. The code could be a virus,
Trojan Horse, Spyware, or any other kind of
malware.
• 3.Attack by deception: Deception is
aimed at the user/operator as a vulnerable entry
point. It is nor just malicious computer code that
one needs to monitor. Fraud, scams, hoaxes, and to
some extent Spam, not to mention viruses, worms
and such require the unwitting cooperation of the
computers operator to succeed. Social engineering
and hoaxes are other forms of deception that are
often an attack vector too.
4. Hackers: Hackers/crackers are a formidable
attack vector because, unlike ordinary Malicious
Code , people are flexible and they can
improvise. Hackers/crackers use a variety of
hacking tools, heuristics , Cyberoffenses: How
Criminals Plan Them and social engineering to
gain access to computers and online accounts.
They often install a Trojan Horse to commandate
the computer for their own use.
5.Heedless guests (attack by webpage)
-> Counterfeit websites are used to extract personal
information. Such websites look very much like the genuine
websites they imitate.
->One may think he/she is doing business with someone you
trust. However, he/she is really giving their personal information,
like address, credit card number, and expiration date.
-> They are often used in conjunction with Spam, which gets you
there in the first place. Pop-up webpages may install Spyware,
Adware or Trojans.
6.Attack of the worms:
• Many worms are delivered as E-Mail
attachments, but network worms use holes in
network protocols directly. Any remote access
service, like file sharing, is likely to be
vulnerable to this sort of worm. In most cases,
a firewall will block system worms. Many of
these system worms install Trojan Horses.
• Next they begin scanning the Internet from
the computer they have just infected, and
start looking for other computers to infect. If
the worm is successful , it propagates rapidly.
The worm owner soon has thousands of
"zombie" computers to use for more mischief.
7.Malicious macros:
Microsoft Word and Microsoft Excel are some of the examples
that allow macros .A macro does something like automating a
spreadsheet, for example. Macros can also be used for malicious
purposes.
All Internet services like instant messaging, Internet Relay Chart
(IRC), and P2Pfile-sharing networks rely on cozy connections
between the computer and the other computers on the Internet.
8.Foistware (sneakware):
Foistware is the software that adds hidden
components to the system on the sly. Spyware is
the most common form of foistware. Foistware
is quasi-legal software bundled with some
attractive software. Sneak software often hijacks
your browser and diverts you to some revenue
opportunity" that the foistware has set up.
9.Viruses:
->These are malicious computer codes that hitch
a ride and make the payload. Nowadays , virus
vectors include E-mail attachments ,
downloaded files ,worms etc.