Module II

Cyber-crime and Cyber law

Classification of cybercrimes:

Cyber-crimes are majorly of 4 types

(1) Cyber- crime against Individual
(2)Cyber-crime Against Property
(3)Cyber-crime Against Organization
(4)Cyber-crime Against Society

(1) Cyber- crime against Individual:

(i) Email spoofing : A spoofed email is one in which the e-mail header is forged so that the mail
appears to originate from one source but actually has been sent from another source.
(ii) Spamming: Spamming means sending multiple copies of unsolicited mails or mass e-mails
such as chain letters.
(iii) Cyber Defamation: This occurs when defamation takes place with the help of computers
and/or the Internet. E.g. someone publishes defamatory matter about someone on a website
or sends e-mails containing defamatory information.
(iv) Harassment & Cyber stalking : Cyber Stalking Means following an individual's activity over
internet. It can be done with the help of many protocols available such as e- mail, chat rooms,
and user net groups.

(2) Against Property:

(i)Credit Card Fraud: As the name suggests, this is a fraud that happens by the use of a credit
card. This generally happens if someone gets to know the card number or the card gets stolen.
(ii) Intellectual Property crimes: These include Software piracy: Illegal copying of programs,
distribution of copies of software. Copyright infringement: Using copyrighted material without
proper permission. Trademarks violations: Using trademarks and associated rights without
permission of the actual holder. Theft of computer source code: Stealing, destroying or
misusing the source code of a computer.
(iii) Internet time theft: This happens by the usage of the Internet hours by an unauthorized
person which is actually paid by another person.

(3) Against Organizations:

(i) Unauthorized Accessing of Computer: Accessing the computer/network without permission
from the owner. It can be of 2 forms: a) Changing/deleting data: Unauthorized changing of data.
b) Computer voyeur: The criminal reads or copies confidential or proprietary information, but
the data is neither deleted nor changed.
(ii) Denial Of Service : When Internet server is flooded with continuous bogus requests so as to
denying legitimate users to use the server or to crash the server.
(iii) Computer contamination / Virus attack : A computer virus is a computer program that can
infect other computer programs by modifying them in such a way as to include a (possibly
evolved) copy of it. Viruses can be file infecting or affecting boot sector of the computer.
Worms, unlike viruses do not need the host to attach themselves to.
(iv) Email Bombing : Sending large numbers of mails to the individual or company or mail
servers thereby ultimately resulting into crashing.
(v) Salami Attack : When negligible amounts are removed & accumulated in to something larger.
These attacks are used for the commission of financial crimes.
(vi) Logic Bomb : It is an event dependent program. As soon as the designated event occurs, it
crashes the computer, release a virus or any other harmful possibilities.
(vii) Trojan Horse : This is an unauthorized program which functions from inside what seems to
be an authorized program, thereby concealing what it is actually doing.
(viii) Data diddling : This kind of an attack involves altering raw data just before it is processed
by a computer and then changing it back after the processing is completed.

(4) Against Society:

(i) Forgery: Currency notes, revenue stamps, mark sheets etc. can be forged using computers
and high quality scanners and printers.
(ii) Cyber Terrorism: Use of computer resources to intimidate or coerce people and carry out the
activities of terrorism.
(iii) Web Jacking: Hackers gain access and control over the website of another, even they change
the content of website for fulfilling political objective or for money.

Common Cyber-crimes:
Cyber-crime targeting computers and mobiles:
 Cyber-crime against women and children:
 Harassment through e-mails: Harassment via email, includes black mailing, threatening
and constant sending of love letters in anonymous names or regular sending of
embarrassing mails.
 Cyber stalking: ‘Stalkers are strengthened by the anonymity the internet offers. He may
be on the other side of the earth, or a next door neighbor or a near relative!’ It involves
following a person’s movements across the Internet by posting messages (sometimes
threatening) on the bulletin boards frequented by the victim, entering the chat-rooms
frequented by the victim, constantly bombarding the victim with emails etc. In general,
the stalker intends to cause emotional distress and has no legitimate purpose to his
communications.
 Cyber defamation: Cyber defamation also called Cyber smearing can be understood as
the intentional infringement of ‘another person's right to his good name. ‘Cyber
Defamation occurs with the help of computers and / or the Internet. It is considered
more of a menace owing to its expeditious nature.
 Child pornography: Child sexually abusive material (CSAM) refers to material containing
sexual image in any form, of a child who is abused or sexually exploited. Section 67 (B)
of IT Act states that “it is punishable for publishing or transmitting of material depicting
children in sexually explicit act, etc. in electronic form.
 Cyber bullying: A form of harassment or bullying inflicted through the use of electronic
or communication devices such as computer, mobile phone, laptop, etc.
 Cyber grooming: Cyber Grooming is when a person builds an online relationship with a
young person and tricks or pressures him/ her into doing sexual act.

Financial Frauds:
Cybercrime in finance is the act of obtaining financial gain through profit-driven criminal
activity, including identity fraud, ransomware attacks, email and internet fraud, and attempts to
steal financial account, credit card, or other payment card information.

In other words Financial cybercrime includes activities such as stealing payment card
information, gaining access to financial accounts in order to initiate unauthorised transactions,
extortion, identity fraud in order to apply for financial products, and so on.

Various social engineering techniques are most often used in order to manipulate victims into
providing confidential information. This can be everything from fake emails supposedly sent by
Netflix asking you to pay your subscription invoice, to illegitimate replica emails pretending to
be from Paypal or iTunes informing you of your monthly invoice trying to get you to click on a
fraudulent link.

Other well-known scams are Bitcoin scams or love scams, where people are targeted through
fake profiles on dating sites or popular social media sites to strike up relationships, leading to
the scammer asking for money transactions exploiting the victim’s feelings.
The consequences of a successful attack can be dramatic and have devastating effects on a
company. Loss of large sums can impact the whole economy of the company and even lead to
bankruptcy in the most severe cases, especially if the company is small.

Reputational damage in the eyes of stakeholders, clients, and the general public is also an
unfortunate consequence.

As a company, it is also important to focus on awareness so that the employees will be

equipped with the knowledge of how they can be tricked in order to change these behaviours.
It is also essential to have well-functioning threat intelligence in place, regular vulnerability
tests run by the IT security team, and overall good cyber hygiene.

When it comes to you as an individual, try thinking about these things:

 Always be alert and careful when shopping online, making transactions, or signing into
your online bank and government portals
 Always make payments and transfers through official sites and be critical of who you’re
sending money to and why
 Be careful not to click on suspicious links, always verify the sender’s identity and if in
doubt, ask for a second opinion.

Social engineering attacks:

 Social engineering is the term used for a broad range of malicious activities
accomplished through human interactions. It uses psychological manipulation to trick
users into making security mistakes or giving away sensitive information.
 Social engineering attacks happen in one or more steps. A perpetrator first investigates
the intended victim to gather necessary background information, such as potential
points of entry and weak security protocols, needed to proceed with the attack.
 Social engineering attacks come in many different forms and can be performed
anywhere where human interaction is involved. The following are the five most
common forms of digital social engineering assaults.
 Baiting: As its name implies, baiting attacks use a false promise to a victim’s greed or
curiosity. They lure users into a trap that steals their personal information or inflicts
their systems with malware.
 Scareware: Scareware involves victims being bombarded with false alarms and fictitious
threats. Users are deceived to think their system is infected with malware, prompting
them to install software that has no real benefit (other than for the perpetrator) or is
malware itself. Scareware is also referred to as deception software, rogue scanner
software and fraudware.
 Pretexting: Here an attacker obtains information through a series of cleverly crafted lies.
The scam is often initiated by a perpetrator pretending to need sensitive information
from a victim so as to perform a critical task.
  The attacker usually starts by establishing trust with their victim by impersonating co-
workers, police, bank and tax officials, or other persons who have right-to-know
authority.

Malware and Ransomware attacks:

Ransomware is a type of malware (malicious software) that cybercriminals use to infect
computers, devices, and networks, and restrict access to data until a sum of money is paid.
Ransomware attacks have impacted businesses, hospitals, and public utilities worldwide .

Ransomware is typically spread via phishing emails that contain links to malicious web pages or
attachments. Infection can also occur through “drive-by” downloading, which occurs when a
user visits an infected website, and malware is downloaded and installed without the user’s
knowledge.

If the ransomware is successful, files are locked through a process known as “encryption,”
which generates a “key,” and an on-screen ransom note offers the decryption key in exchange
for payment. Ransom varies greatly but is and typically must be paid in virtual currency, such as
bitcoins.

Infections on one machine may migrate to network drives; additionally, vulnerable web servers
may be exploited directly by cybercriminals to deliver ransomware and other forms of malware
to multiple users in an organization.

Malware attacks are any type of malicious software designed to cause harm or damage to a
computer, server, client or computer network and/or infrastructure without end-user
knowledge.

Types of Malware Attacks

Most malware types can be classified into one of the following categories:

 Virus: When a computer virus is executed, it can replicate itself by modifying other
programs and inserting its malicious code. It is the only type of malware that can
“infect” other files and is one of the most difficult types of malware to remove.
 Worm: A worm has the power to self-replicate without end-user involvement and can
infect entire networks quickly by moving from one machine to another.
 Trojan: Trojan malware disguises itself as a legitimate program, making it one of the
most difficult types of malware to detect. This type of malware contains malicious code
and instructions that, once executed by the victim, can operate under the radar. It is
often used to let other types of malware into the system.
 Hybrid malware: Modern malware is often a “hybrid” or combination of malicious
software types. For example, “bots” first appear as Trojans then, once executed, act as
 worms. They are frequently used to target individual users as part of a larger network-
wide cyber attack.
 Adware: Adware serves unwanted and aggressive advertising (e.g., pop-up ads) to the
end-user.
 Malvertising: Malvertising uses legitimate ads to deliver malware to end-user machines.
 Spyware: Spyware spies on the unsuspecting end-user, collecting credentials and
passwords, browsing history and more.

Zero day and zero click attacks:

A zero-click attack takes advantage of vulnerabilities in software to carry out an attack without
user interaction. By exploiting this vulnerability, the exploit can install malware or perform
other malicious interactions on a user’s device without the target needing to click on a link,
open a malicious file or take any other action.

A zero-click exploit is designed to work without user interaction, which means that it needs to
achieve code execution on its own. Most zero-click exploits are designed to take advantage of
vulnerabilities in applications that accept and process untrusted data. Common examples
include SMS and other messaging platforms, email apps, and phone apps.

These applications accept data from an untrusted source and process it before presenting it to
the user. If this data processing code contains an unpatched vulnerability, then a carefully
crafted message could exploit this vulnerability, allowing the malicious message or phone call to
run malicious code on the device.

Receiving an email, receiving an SMS, and similar actions don’t require user interaction;
smartphones display notifications based on the contents of an SMS or other message before
the user decides to open and read it. A well-crafted malicious message can install malware,
delete itself, and suppress notifications to give the user no indication that the attack has
occurred.
Zero-click exploits pose a significant threat to the security of smartphones and other devices
because of their subtlety and high success rate.
Smartphones are the most common and widely-known target of zero-click attacks. These
devices use various communications apps, including SMS, phone, messaging, and social media
apps. This provides a wide attack surface for attackers looking for an exploitable vulnerability.
Certain groups are well-known for identifying and weaponizing zero-click exploits. For example,
the NSO Group has identified and created exploits for several zero-click vulnerabilities in
iPhones and Android devices and the apps that run on them.
 mitigating the threat of zero-click exploits requires proactive, preventative actions, such as:

 Updating Apps and Devices: Zero-click exploits take advantage of unpatched vulnerabilities in
device operating systems and applications. Keeping devices and apps up-to-date can reduce
devices’ vulnerability to these attacks.

 Installing Anti-Spyware and Anti-Malware Solutions: Zero-click exploits are commonly used to
deploy spyware and other malware to devices. Using anti-spyware and anti-malware solutions
that can detect and remediate these infections can mitigate the impact of a successful zero-
click exploit.

 Avoid Unsafe Applications: Applications downloaded from third-party app stores or sideloaded
onto a device are more likely to contain exploitable vulnerabilities. Only installing reputable
apps from trusted app stores can minimize exploitability.

Cybercriminals modus-operandi

Modus operandi is the method acquired by any criminal for the successful commission of a
crime. Calls can be made by spoofing the mobile number using various sites. These are called
web based calls. Such calls are intended to hide the actual location of the caller and any fake or
annoying calls are made.

An MO is simple a particular way or method of doing something, especially one that is

characteristic. It's a recognizable pattern. For example, a criminal might break into a specific
type of lock or window in a certain way, leave evidence of particular behavior that seems
unusual or notable, or leave or take some specific item from a crime scene.

Reporting of cyber-crimes

Please contact local police in case of an emergency or for reporting crimes other than
cybercrimes. National police helpline number is 112. National women helpline number is 181
and Cyber Crime Helpline is 1930.

https://cybercrime.gov.in/ This portal is an initiative of Government of India to facilitate

victims/complainants to report cyber-crime complaints online.
Remedial and mitigation measures
Mitigation is the application of policies, technologies and procedures to reduce the likelihood
and impact of a successful cyber-attack. It is a critical practice to help guide decision-making
around risk control and mitigation and allows your organization to
1. Risk assessment
Before you start your risk mitigation strategy, your IT security team should conduct a
cybersecurity risk assessment, which will identify potential gaps in your organisation’s security
controls. Your organisation’s assets can be identified through a risk assessment, along with the
security controls currently in place
2. Establish network access controls
Once you’ve identified high-priority problem areas and assessed your assets, the next step is to
establish network access controls to help mitigate the risk of insider threats
3. Continuously monitor network traffic
Cybersecurity risk can be effectively minimised through the use of proactive action. Every day,
there are approximately 2,200 cybercrime attacks, necessitating constant monitoring
of network traffic as well as an organisation’s cybersecurity posture. Rather than trying to
manually detect and address emerging threats, using tools that provide a comprehensive
picture of your IT ecosystem at any moment in time can provide a comprehensive view of your
IT ecosystem. Security personnel can then identify and deal with new threats in a timely
manner.
4. Create an incident response plan
An incident response plan is one of the most critical aspects of an organisation’s cybersecurity
strategy. It must be comprehensive enough to allow all portions of the IT security team and
non-tech staff to understand what to do if a data breach occurs or an attack occur
5. Minimise your attack surface
A business’s security posture and threat landscape can be identified by surveying all of its entry
points, vulnerabilities, or sensitive information. The attack surface of a company can be
anything from firewalls, software updates, web applications, and employees. The proper
interpretation of entry point intelligence can assist businesses to identify and reduce any
vulnerabilities throughout their business.
6. Stay on top of patch updates
Threat actors can quickly exploit vulnerabilities that remain unpatched. Because many software
providers release patches continuously, today’s cybercriminals are aware of that. An effective
patch management schedule can help your IT security team stay ahead of attackers by
providing them with an idea of the patch release schedule among your service or software
providers.
IT Act 2000 and its amendments

The Information Technology Act, 2000 was enacted by the Indian Parliament in 2000. It is the
primary law in India for matters related to cybercrime and e-commerce.

 The act was enacted to give legal sanction to electronic commerce and electronic
transactions, to enable e-governance, and also to prevent cybercrime.
 Under this law, for any crime involving a computer or a network located in India, foreign
nationals can also be charged.
 The law prescribes penalties for various cybercrimes and fraud through
digital/electronic format.
 It also gives legal recognition to digital signatures.
 The IT Act also amended certain provisions of the Indian Penal Code (IPC), the Banker’s
Book Evidence Act, 1891, the Indian Evidence Act, 1872 and the Reserve Bank of India
Act, 1934 to modify these laws to make them compliant with new digital technologies.
 In the wake of the recent Indo-China border clash, the Government of India banned
various Chinese apps under the Information Technology Act. Read more about this in an
RSTV titled, ‘TikTok, Other Chinese Apps Banned’.

The IT Act 2000 was amended in 2008.

The Rules have been framed under Section 79 of the Information Technology Act. This section
covers intermediary liability.

According to the 2018 Rules, social media intermediaries should publish rules and privacy
policies to curb users from engaging in online material which is paedophilic, pornographic,
hateful, racially and ethnically objectionable, invasive of privacy, etc.

The Rules make it obligatory for online intermediaries to appoint a ‘Nodal person of Contact’
for 24X7 coordination with law enforcement agencies and officers to ensure compliance.

Cyber-crime and offences,

Cyber offences are the illegitimate actions, which are carried out in a classy manner where
either the computer is the tool or target or both.

Cyber-crime usually includes the following −

 Unauthorized access of the computers

 Data diddling
 Virus/worms attack
  Theft of computer system
 Hacking
 Denial of attacks
 Logic bombs
 Trojan attacks
 Internet time theft
 Web jacking
 Email bombing
 Salami attacks
 Physically damaging computer system.

Organizations dealing with Cyber-crime

1 National Cybercrime Threat Analytics Unit (TAU)

2 National Cybercrime Reporting Portal (www.cybercrime.gov.in )
3 Platform for Joint Cybercrime Investigation Team
4 National Cybercrime Forensic Laboratory National Cybercrime Forensic Laboratory Ecosystem
5 National Cybercrime Training Centre (NCTC) (www.cytrain.ncrb.gov.in )
6 Cybercrime Ecosystem Management Unit
7 National Cyber Crime Research and Innovation Centre