Special Session on “CYBER SECURITY” by Shri.

Dhanushkodi
Sivanandhan, Retd. Director General of Police, Maharashtra and
Former Police Commissioner, Mumbai: A Brief Report

Date: 09th March, 2024

Venue: Dhirjyot Auditorium, 1st Floor, Law Building, D.T.S.S. College of Law,
Malad (East), Mumbai – 400 097

No. of Participants: 100 and above

Objective: to impart knowledge to the Students, Professors and Staff about the
various issues related to cybercrime and hacking

Description:
The Dhirajlal Talakchand Sankalchand Shah College of Law, organized a Special
Session on “CYBER SECURITY” to impart knowledge to the Students, Professors
and Staff about the various issues related to cybercrime and hacking. The lecture was
delivered by Shri. Dhanushkodi Sivanandhan, Retd. Director General of Police,
Maharashtra and Former Police Commissioner, Mumbai. promoted as part of the
aftermath of the November 2008 Mumbai attacks. He is India's one of the most well-
known and highly regarded Indian Police Service (IPS) officers. His career spanned
multiple high-profile postings over 35 years and he is known for his use of strategy &
intelligence to uphold the rule of law. During his tenure as CP,Nagpur,Thane and
Mumbai he helped establishing training centres, schools, canteens, gymnasiums and
officers’ club- all with state of the art infrastructure for the welfare of the policemen.
He provided the youth of the city an online portal for better communication called
copconnect.com and created an online portal for the safety of senior citizens called
humarisuraksha.com. Mr. M. S. Kurhade, Campus Director of the D.T.S.S. College
presented the floral greetings to him. Shri. Dhanushkodi Sivanandhan Sir was guided
and described following points on session –

 Introduction on Cyber Security:–

It is the body of technologies, processes, and practices designed to protect networks,
devices, programs, and data from attack, theft, damage, modification or unauthorized
access. The field is becoming more important due to increased reliance on computer
systems , the Internet and wireless network standards such as Bluetooth and Wi-Fi
and due to the growth of smart devices including smartphones, telephones, and the
various devices that constitute the “Internet of things”.

 Why do we need cyber security?

• With an increasing amount of people getting connected to internet, the security
threats that cause massive harm are increasing also.
• Cyber security is necessary since it helps in securing data from threats such as data
theft or misuse, also safeguards your system from viruses.

 Cyber Savvy Youth: Empowering Genz with Original Security:

Cybercrime is a criminal activity in which a computer is used as a source, tool or
target. He discussed various theories in the Cyber Crime world like ‘The Broken
Window Theory’ which states that due to negligence of crimes full society can be
corrupted if one criminal starts living in the society. “If minor petty crime is not dealt
with, crime will increase’. There are different types of cybercrimes like hacking,
denial of service, virus dissemination, piracy, phishing, spoofing, defamation, IRC
crimes etc.

 Categories of Cybercrime:
We can categorize cybercrime into two ways:
• The computer as a target: Using a computer to attack other computers e.g.
Hacking, Virus/Worms attack, Dos attack etc.
• The computer as a weapon: Using a computer to commit real world crime e.g.
Credit card fraud etc.

 Challenges of Cyber Security:

 Network Security: Network security is a broad term that covers a multitude of
technologies, devices and processes. In its simplest term, it is a set of rules and
configurations designed to protect the integrity, confidentiality and accessibility of
computer networks and data using both software and hardware technologies.
 Application Security: Application security is the process of making apps more
secure by finding, fixing, and enhancing the security of apps. Much of this happens
during the development phase, but it includes tools and methods to protect apps
once they are deployed. This is becoming more important as hackers increasingly
target applications with their attacks.
 Data Security: Data security refers to the process of protecting data from
unauthorized access and data corruption throughout its lifecycle. Data security
includes data encryption, hashing, tokenization, and key management practices that
protect data across all applications and platforms.
 Identity Security: Identity security describes the proactive approach to safely
controlling user and system information that is used to authenticate and authorize
user identities for access to secure resources.
 Cloud Security: Cloud security, also known as cloud computing security, consists
of a set of policies, controls, procedures and technologies that work together to
protect cloud-based systems, data, and infrastructure. These security measures are
configured to protect cloud data, support regulatory compliance and protect
customers' privacy as well as setting authentication rules for individual users and
devices.
 Mobile Security: Mobile security is the protection of smartphones, tablets, laptops
and other portable computing devices, and the networks they connect to, from
threats and vulnerabilities associated with wireless computing. Mobile security is
also known as wireless security.
 End-User Security: The end-user is usually the weakest link when it comes to
cyber security and that is what attackers are counting on. This is why phishing is
such a popular technique for spreading ransomware.

 CYBER THREATS:

 Hacking: Hacking in simple term means an illegal intrusion in a computer system

or network. It is also known as cracking. Govt. and MNC’s websites are the hot
targets of hackers due to press coverage it receives. Hacking is an attempt to
exploit a computer system or a private network inside a computer. Simply put, it is
the unauthorised access to or control over computer network security systems for
some illicit purpose.
How can we prevent ourselves from being getting hacked?
 Update regularly
 Passwords: don’t re-use them
 Download from authorised sources
 Administrator' shouldn't be your default setting
  Turn off when you’re done
 Encrypt to keep your stuff unreadable

 Phishing: Phishing is fraudulent attempt, usually made through email, to steal your
personal information. Phishing is the attempt to obtain sensitive information such
as username , password and credit card details often for malicious reasons through
an electronic communication(such as E-mail). A common online phishing scam
starts with an email message that appears to come from a trusted source(legitimate
site) but actually directs recipients to provide information to a fraudulent website.

 Denial of Service (DoS): This is an act by the criminals who floods the bandwidth
of the victims network. In the Dos attack, a hacker uses a single internet connection
to either exploit a software vulnerability or flood a target with fake request with
fake request usually I an attempt to exhaust server resources.
 Spam Email: Email Spam is the electronic version of junk mail. It involves
sending unwanted messages often unsolicited advertising, to a large number of
recipients. Spam is a serious security concern as it can be used to deliver Trojan
horses, viruses, worms, spyware, and targeted phishing attacks.
 Malware: It’s malicious software (such as virus, worms and Trojan) which
specifically designed to disrupt or damage computer system or mobile device.
Hackers use malware for any number of reasons such as, extracting personal info.
Or passwords, stealing money, or preventing owners from accessing their device.
Viruses are programs that attach themselves to a computer or file and then circulate
themselves to other files and to other computers on a network. They either alter or
delete the data.
 ATM Skimming and Point of Scale Crimes: It is a technique of compromising the
ATM machine by installing a skimming device a top the machine keypad to appear
as a genuine keypad or a device made to be a fixed to the card reader to look like a
part of the machine. Additionally, malware that steals credit card data directly can
also be installed on these devices. Successful implementation of skimmers cause in
ATM machine to collect card numbers and personal identification number codes
that are later replicated to carry out fraudulent transaction.
 Prevention Of Cyber Crime:
Prevention is always better than cure. It is always better to take certain precaution
while operating the net. A should make them his part of cyber life. Saileshkumar
Zarkar, technical advisor and network security consultant to the Mumbai Police
Cybercrime Cell, advocates the 5P mantra for online security: Precaution, Prevention,
Protection, Preservation and Perseverance. A citizen should keep in mind the
following things-
1. To prevent cyber stalking avoid disclosing any information pertaining to oneself.
This is as good as disclosing your identity to strangers in public place.
2. Always avoid sending any photograph online particularly to strangers and chat
friends as there have been incidents of misuse of the photographs.
3. Always use latest and update anti-virus software to guard against virus attacks.
4. Always keep back up volumes so that one may not suffer data loss in case of virus
contamination
5. Never send your credit card number to any site that is not secured, to guard against
frauds.
6. Always keep a watch on the sites that your children are accessing to prevent any
kind of harassment or depravation in children.
7. It is better to use a security programme that gives control over the cookies and send
information back to the site as leaving the cookies unguarded might prove fatal.
8. Web site owners should watch traffic and check any irregularity on the site. Putting
host-based intrusion detection devices on servers may do this.
9. Use of firewalls may be beneficial.
10.Web servers running public sites must be physically separate protected from
internal corporate network.
Cybercrimes can be done by using a key logger or some spyware software like Creep
ware. He shared lots of case studies with us like the case of Cassidy wolf. Websites
used for downloading songs like Songs.pk are also supporting piracy and are
underworld operated sites to hack user data. Credit card frauds are done with the help
of skimmers.
Emerging fields for coders and non-coders were stated by him. At last, the interaction
round was conducted where students and teachers asked their queries and he solved
all of them. He also shared his and other helpline numbers to all, for their security and
safety concerns in future. The session ended with a thank you note.
Outcome of the Session: got to learn a lot about cybercrime, its awareness, its
investigation from an official Cyber Crime Investigator and How to report Cyber
fraud and How to complaint Cybercrime online.

 Conclusion:
Capacity of human mind is unfathomable. It is not possible to eliminate cybercrime
from the cyber space. It is quite possible to check them. History is the witness that no
legislation has succeeded in totally eliminating crime from the globe. The only
possible step is to make people aware of their rights and duties (to report crime as a
collective duty towards the society) and further making the application of the laws
more stringent to check crime. Undoubtedly the Act is a historical step in the cyber
world. Further I all together do not deny that there is a need to bring changes in the
Information Technology Act to make it more effective to combat cybercrime. I would
conclude with a word of caution for the pro-legislation school that it should be kept in
mind that the provisions of the cyber law are not made so stringent that it may retard
the growth of the industry and prove to be counter-productive.