University term test-I SECOND HALF - 2019

Term Test QP code:

Note the following instructions
1. Attempt any two questions of the three.
2. Draw neat diagrams wherever necessary.
3. Write everything in ink (no pencil) only.
4. Assume data, if missing, with justification.
Max marks: 40

Q.1 a) Explain How criminal plan the attacks with examples ? [10]

5. Criminals use many methods and tools to locate the vulnerabilities of their
targets.
6. The target can be an individual or organization.
7. Criminals plan passive and active attacks.
8. Active attacks are used to alter the system whereas passive attacks attempt to
gain information about the target.
9. Attacks can be either from inside or outside.

The following phases are involved in planning cybercrime.

1. Reconnaissance(information gathering) is the first phase and is treated as passive

attacks.
2. Scanning and scrutinizing the gathered information as well to identify the existing
vulnerabilities.
3. Launching an attack.

1. Reconnaissance:
b) It is an act of reconnoitering-explore, often with the goal of finding
something or somebody.
c) In the world of hacking reconnaissance phase begins “Footprinting”- this is
the preparation toward pre-attack phase, and involves accumulating data
about the target’s environment and computer architecture to find ways to
intrude into that environment.
d) Footprinting gives an overview about system vulnerabilities and provides a
judgment about their possible exploitation.
e) The objective of this preparatory step is to understand the system, its
networking ports and services.
f) An attacker attempts to gather information in two phases active and passive.
2. Passive attacks:
b) A passive attack involves gathering information about a target without his/her
knowledge.
c) It can be done using search engines.

Following methods can be used:

i. Google or Yahoo search: people search to locate info about employees.

ii. Surfing online community groups like Orkut/Facebook
iii. Organization’s website may provide a personnel directory or info about key
employees. This can be used in a social engineering attack.
iv. Blogs, newsgroups, press releases are generally used as mediums to gain info.
v. Going through the job postings in particular job profiles for technical persons can
provide info about type of technology that a company might be using on its network.
vi. Network sniffing is another means of passive attack to yield info such as IP
address, hidden servers or networks and other available services on system.
vii. Attacker watches the flow of data to see what time certain transactions takes
place and where the traffic is going.

3. Active attacks:
 An active attack involves probing the network to discover individual hosts to
confirm the info gathered in the passive attack phase.
 It involves the risk of detection.
 It can provide confirmation to an attacker about security measures in place
but the process can also the chance of being caught or raise a suspicion.

4. Scanning and scrutinizing(examine) gathered information:

 Scanning is a key step to examine intelligently while gathering information
about the target.
 The objective of scanning are as follows.

a) Port scanning: Identify open/close ports and services.

b) Network scanning: Understand IP addresses and related information about the
computer network systems.
c) Vulnerability scanning: Understand the existing weaknesses in the system.
 The scrutinizing phase is always called enumeration in the hacking world.
 The objective behind this step is to identify:
i. The valid user account or groups.
ii. Network resources and shared resources.
iii. OS and different applications that are running on it.

5. Attack (gaining and maintaining system access)


The attack is launched using following steps.
a) Crack the password
b) Exploit the privileges
c) Execute the malicious command/application
d) Hide the files (if required).
e) Cover the tracks- d
b) How do we classify cybercrime? Explain each one briefly. [10]

Classification is as above, separate questions can be asked on mix of topics.

1) E-mail spoofing:
 A spoofed e-mail is one that appears to originate from one source but
actually has been sent from another source.

2) Spamming:
 People who create electronic spam are called spammers.
 Spam is the abuse of electronic messaging systems to send unsolicited bulk
messages indiscriminately.
 E-mail spam is the most widely recognized spam.
 There are various other spam instant messaging spam, UseNet newsgroup
spam, spam blogs etc.
 Spamming is difficult to control because it has economic (feasibility)-
advertisers have no operating costs beyond the management of their mailing
lists, and it is difficult to senders accountable for their mass mailings.

3)Cyber defamation:
 Defamation is the act in which, words either spoken or intended to be read, or
by signs or by visible representations any allegation concerning any person
intending to harm the reputation of that person Cyber defamation happens
when defamation takes place with the help of computers and/or internet.
 For eg. Some one publishes defamatory matter about someone on website or
sends an e-mail containing defamatory information to all friends of that
person.
 Libel is written defamation and slander is oral defamation.

4) Internet time theft:

 Such a theft occurs when an unauthorized person uses the internet hours
paid for by another person.
 Internet time theft comes under hacking because the person who gets access
to someone else’s ISP user ID and password , either by hacking or by gaining
access to it by illegal means , uses it to access the internet without the other
person’s knowledge.
  However, one can identify the time theft if the internet time has to be
recharged often.

5) Salami attack/ salami technique:

 (Salami is cured sausage, fermented and air-dried meat, originating from one
of a variety of animals.)
 The name ‘salami attack’ comes from the fact that salami is cut into very thin
slices. It is also known as salami shaving.
 A salami attack is a series of minor attacks that together results in a larger
attack.
 These attacks are used for committing financial crime.
 The idea here is to make an alteration so insignificant that in a single case it
would go completely unnoticed.
 For eg a bank employee inserts a program, into the bank servers, that deducts
a small amount of money from the account of every customer.
  No account holder will probably notice this unauthorized debit, but the bank
employee will make a sizable amount of money every month.

6) Data diddling:

 A data diddling attack involves altering raw data just before it is processed by
a computer and then changing it back after the processing is completed.
 Electricity boards in India have been victims to data diddling programs when
private parties computerize their systems.

7)Forgery:

 Counterfeit currency notes, postage and revenue stamps, mark sheets etc. can
be forged using sophisticated computers, printers and scanners.
 Outside many colleges there are many miscreants soliciting sale of fake mark
sheets or even degree certificates.

8) Web jacking:

 Web jacking occurs when someone forcefully takes control of a website.
 The first stage involves password sniffing.
 The actual owner of the website does not have any control over what appears
on that website.

9) Newsgroup spam/ Crimes emanating from Usenet newsgroups:

 The advent of Google groups and its large UseNet archive has made UseNet
more attractive to spammers than ever.
 Spamming of Usenet newsgroups actually predates e-mail spam.
 The first widely recognized UseNet spam titled “Global alert for all: Jesus is
coming soon” was posted on 18 th Jan 1994

10) Industrial spying/ industrial espionage:

 Today corporations like government often spy on the enemy.
 The internet and the privately owned systems provide new and better
opportunities for espionage.
 Spies can get information about product finances , research and development
and marketing strategies, an activity called as industrial spying.
 Cyber spies rarely leave behind a trail.
 This has been the reserved hunting field of few hundreds of highly skilled
hackers, contracted by high profile companies or certain governments.
 With growing public availability of Trojans and spyware material even low
skilled individuals have got involved into it
 One interesting case is the famous Israeli Trojan story, where a software
engineer created a Trojan horse program specifically designed to extract
critical data gathered from machines infected by his program.
 He made business out of it by selling his program to companies in Israel.

11) Hacking:

The purpose of hacking are many, the main are:

   Greed
  Power
  Publicity
  Revenge
 Adventure
  Desire to access forbidden information.
  Destructive mindset.
 Every act committed toward breaking into computer and/or network is
hacking and it is an offense.
 Hackers write or use readymade computer programs to attack the target
computer.
 They possess the desire to destruct and get an enjoyment out of this.
 Some do it for monetary gains such as stealing credit card information,
transferring money from various bank accounts to their account.
 They extort money from corporate giant threatening him to publish the stolen
information.
 Government websites are hot favorite for hackers.
 Hackers, crackers and phreakers are some of the oft heard terms.
 The original meaning of the word hack meaning an elegant, witty or inspired
way of doing
 almost anything

12) Online frauds:

 There are few major types of crimes under the category of hacking: spoofing
websites and E- mail security alerts, hoax mails about virus threats, lottery
frauds and spoofing.
 In spoofing websites and e-mail security fear, fraudsters create authentic
looking websites that are nothing but spoof.
 It prompts the user to enter personal information which is then used to access
business and bank accounts.
 Such links come embedded in e-mails In virus hoax(fraud) emails, the
warning may be genuine, so there is always a dilemma whether to take them
lightly or seriously.
 Lottery frauds are typically letters or e-mails that inform the recipient that he
or she has won a prize in a lottery.
 They take bank details to transfer money and they also ask for processing fee.
 The details provided can easily be used for other scams.
 Spoofing means illegal intrusion, wherein the hacker poses as a genuine
user(false identity).

13)Pornographic offense:

 Child pornography means any visual depiction, including but not limited to
the following.
 Any photograph that can be considered obscene and/or unsuitable for the age
of a child viewer.
 Film, video, picture
 Computer generated image or picture of sexually explicit conduct where the
production of such visual depiction involves the use of minor engaging in
 sexually explicit conduct.
 Child pornography is considered an offense.
 Internet explosion has made children a viable victim to the cybercrime and
pedophiles.
 Pedophiles are the people who physically or psychologically pressurize
minors to engage in sexual activities.
 The modus operandi of pedophiles is as under:
 Pedophiles use false identity to trap the children/teenagers.
 They seek children/teens in the kids areas on the services where the children
gather.
 They befriend them.
 They extract children’s personal information by gaining their confidence.
 They start mailing these children using sexually explicit language.
 They start sending pornographic images/text in order to shed their inhibitions
so that a feeling is created in the mind of victim that what is being fed to
them is normal and that everybody do it.
 At thee end of it the pedophiles set up a meeting with the child out of the
house and then drag them into the net to further sexually assault him as a sex
object.
 Such things can be avoided if the parents are aware about it.
 In most of the scenarios parents are unaware about the internet and the
hidden dangers of it.
 Most children remain unprotected in cyber world.

14) Software piracy:


 Cybercrime investigation cell of India defines software piracy as theft of
software through the illegal copying of genuine programs or the
counterfeiting and distribution of products intended to pass for the original.
 Various examples of software piracy
 End user copying –friends loaning disks to one another, organizations not
tracking their software licenses
 Hard disks loading with illicit means- hard disk vendors load pirated
software.
 Counterfeiting – large scale duplication and distribution of illegally copied
software.
 Illegal downloads from the internet- by intrusion , by cracking serial
numbers.

Those who buy pirated software lose a lot:

a. Getting untested software that may have been copied thousands of times
b. The software may contain hard drive infecting virus
c. No proper license so no technical support.
d. There is no warranty protection.
e. No legal right to use the product.

15) Computer sabotage:

  The use of internet to hinder(hamper) the normal functioning through the

introduction of
 worms, viruses or logic bombs, is referred to as computer sabotage.
   It can be used to gain economic advantage over a competitor.
  To promote illegal activities of the terrorists
  To steal data or programs for extortion.
  Logic bombs are event driven programs created to do something only
when a certain event (trigger) occurs.

16) Email bombs:


 It refers to sending a large number of emails to crash victim’s email account
or mail servers.
 Computer programs can be written to instruct a computer to do such tasks on
repeated basis.
 In recent times, terrorism has hit the internet in the form of mail bombings.
 This maybe or may not be legal but is certainly disruptive.

17)Usenet newsgroup as a source of cybercrime:

 Usenet is a popular means of sharing and distributing information on the web

with respect topic or subject.
  Usenet is a mechanism that allows sharing information in many to many
manner.
  The newsgroups are spread across 30000 different topics.
  There is no technical method available for controlling the contents of any
news group.
  It is subject self regulation or net etiquette.
  it is possible to put UseNet to following criminal use.
1. Distribution/ sale of pornographic material.
2. Distribution/ sale of pirated software packages.
3. Distribution of hacking software.
4. Sale of stolen credit card numbers.
5. Sale of stolen data/ stolen property.

18) Computer network intrusions:

 Computer networks pose a problem by way security threat because people

can get into them from anywhere.
 Crackers who are often misnamed hackers can break into computer systems
from anywhere in the world and steal data, plant viruses, create backdoors,
insert Trojan horse or change username and passwords.
 Current laws are limited and many intrusions go undetected.
 The cracker can easily by pass the password hence , the practice of strong
password is important.

19)Password sniffing:

 Password sniffers are programs that monitor and record the name and
password of network
 users as they login, jeopardizing security at a site.
 Whoever installs the sniffer can then impersonate an authorized user and
 login to access restricted documents.
 Laws are not yet set up to adequately prosecute a person for impersonating
another person online.
 Laws designed to prevent unauthorized access to information should be
implemented.

20) Credit card frauds:


 Information security requirements for anyone handling credit cards have been
increased dramatically recently.
 Millions of dollars may be lost annually by consumers who have credit card
and calling card numbers stolen from online databases.
 Bulletin boards and other online services are frequent targets for hackers who
want to access large databases of credit card information.
 Such attacks usually result in the implementation of stronger security
systems.

21) Identity theft:

 It is a fraud involving another person’s identity for an illicit purpose.

 This happens when a criminal uses someone else’s identity for his own illegal
purposes.
 Phishing and identity theft are related offenses.
 Examples include fraudulently obtaining credit cards, stealing money from
the victim’s bank accounts, using the victim’s credit card number, renting an
apartment etc.

Q.2 a) Explain about the cybercrime and Indian ITA 2000. [10]
Cybercrime and the Indian ITA 2000:

In India the ITA 2000 was enacted after the United Nation General Assembly
Resolution in January 30, 1997.
Hacking and the Indian laws:
Cybercrime is punishable under two categories: the ITA 2000 and the IPC
 b)Identify categories of cybercrime and explain it with examples. [10]
Categories of cybercrime:

Cybercrime can be categorized based on the following
1. The target of the crime and
2. Whether the crime occurs as a single event or as a series of event.

Cybercrime can be targeted against individuals, property and organizations

1. Crimes targeted at individuals:

 The goal is to exploit human weaknesses such as greed and

naivety(immaturity).
 These crimes include financial frauds, sale of non-existent or stolen items,
 child pornography, copyright violation, harassment etc.
 With the development of internet criminals have a new tool that allows them
to expand the pool of potential victims.
 this also makes difficult to trace and apprehend(arrest) the criminals.

2. Crimes targeted at property:


 This includes stealing mobile devices such as cell phones, laptops, PDA’s,
removable medias (pen drives, CD), transmitting programs that can disrupt
functions of the systems and/or can wipe out data from hard disks and can
create malfunctioning of the attached devices.

3. Crimes targeted at organizations:

 Cyber terrorism is one of the distinct crimes against

organizations/governments.
 Attackers usually use computer tools and the internet to usually terrorize the
citizens of a particular country by stealing the private information and also to
damage the programs and files or plant programs to get control of the
network and/or system

4. Single event of cybercrime:

 It is the single event from the perspective of the victim.
 For eg. Unknowingly open an attachment that may contain virus that will
infect the system.
 This is known as hacking or fraud.

5. Series of events:
 this involves attacker interacting with the victims repetitively.
 For eg. attacker interacts with the victim on the phone or via chat rooms to
establish
relationship first and they exploit that relationship to commit sexual
assault(Cyberstalking).

Q.3 a) Write a short note on 1) Cyber Stalking 2) Cyber Cafe and Cybercrime [10]

Cyberstalking:
 Cyberstalking has been defined as the use of information and
communications technology, particularly the internet, by an individual or a
group of individuals to harass another individual, group of individuals or
organization.
 The behavior includes false accusation(blame),monitoring, transmission of
threats, ID theft, damage to data or equipment, solicitation of minors for
sexual purposes, and gathering info for harassment purposes.
 Cyberstalking refers to the use of internet and other devices.

Types of stalkers:

There are primarily two types of stalkers:
1. Online stalkers:

 They aim to start the interaction with the victim directly with the help of the
internet.
 E-mail and chat rooms are the most popular communication medium to get
connected with the victim.
 The stalker makes sure that the victim recognizes the attack attempted on
him/her.
 The stalker can make the use of third party to harass the victim.

2. Offline stalkers:

 The stalker may begin attacks using traditional methods such as following the
victim, watching the daily routine of the victim, visiting the person’s home or
business place.
 Searching on message boards/newsgroups personal websites are the most
common ways of gathering info about the victim on internet about which
victim is not aware.
 Cases reported on cyberstalking:
 The majority of cyberstalkers are men and victims are women.
 In many cases the cyberstalker and the victim hold a prior relationship, for
example, ex-lover, ex-spouse, boss/subordibnate and neighbour or strangers.

How stalking works(Modus Operandi)?

 It is seen that stalking works in the following ways:

 Personal info gathering about the victim: Name , family background, contact
details, address of residence as well as office, E-mail id, date of birth.
 Establish a contact a contact with the victim through mail/phone. Once the
contact is established the stalker may make calls to the victim to threaten.
 Stalkers will almost establish contacts with through e-mail. The letters may
have tone of loving, threatening or can be sexually explicit. The stalker may
use multiple names.
 Some stalkers keep on sending repeated e-mails asking for various kinds of
favours or threaten the victim.
 The stalker may post the victim’s personal information on any website
related to illicit services such as sex workers services or dating services,
posing as if the victim has posted the information and invite the people to call
the victim on the given contact details to have sexual services. The stalker
would use bad or offensive language to invite the interested persons.
 Whosoever comes across the info, start calling the victim, asking for sexual
services or relationships.
 Some stalkers register the e-mail account of the victim to innumerable
pornographic and sex sites, because of which victim will start receiving such
kind of unsolicited(unwanted) e-mails.

Example:

The Delhi Police has registered India’s First Case of Cyberstalking. One Mrs.
Khanna(namechanged)complained to the police against the a person who was using
her identity to chat over the Internet at the website www.mirc.com, mostly in the
Delhi channel for four consecutive days. Mrs. Khanna further complained that the
person was chatting on the Net, using her name and giving her address and was
talking obscene language. The same person was also deliberately giving her
telephone number to other chatters encouraging them to call Mrs. Khanna at odd
hours. Consequently, Mrs Khanna received almost 40 calls in three days mostly at
odd hours from as far away as Kuwait, Cochin, Bombay and Ahmedabad. The said
calls created havoc in the personal life and mental peace of Mrs. Khanna who
decided to report the matter.

Cyber Cafe and Cyber crime

 In Feb 2009, Nielson survey on the profile of cybercafes users in India, it was
found that 90% of the audience, across 8 cities and 3500 cafes, were male
and in the age group of 15-35 years, 52% were graduates and post graduates,
50% were students.
 It is extremely important to understand the IT security and governance
practiced in the cybercafes.
 In past several years, many instances have been reported in India where
cybercafes are used for real or false terrorist communication.
 Cybercafes are often used for frauds, sending obscene mails to harass people.
 Computers available in CC are hold two types of risks:
 First, we do not what programs are installed on computer-there is a risk of
spyware or keylogger being installed at the background and monitoring the
browsing behaviour.
 Second, shoulder surfing can enable others to find out your passwords.
 Therefore, one should be extremely protective about privacy.
 ITA 2000 does not define cybercafes and interprets them as network service
providers referred under section 79, which imposed on them a responsibility
for due diligence(attentiveness), failing which they would be liable for
offences committed in their n/w.
 Cybercriminals prefer cybercafes to carry out their activities.
 The criminal tend to identify one particular PC to prepare it for their use.
 Cybercriminals can either install malicious programs such as keyloggers or
spyware or launch an attack on the target.
 Cybercriminals will visit these cafes at a particular time and on the prescribed
frequency, maybe alternate day or twice a week.
 A recent survey conducted in one of the metropolitan cities reveals the
following facts.
 Pirated software such as OS, browser, office automation software(MS Office)
are installed in all the computers.
 Antivirus software is found to be not updated to the latest patch or antivirus
signature.
 Several cafes had installed “Deep freeze”(is widely used software in some
kind of networks which requires to keep every workstations clean, without
changing their configuration or installing new software. This could apply to
libraries, schools, offices, cybercafes and more.
 In a few words, no matter what programs you install or what things you do,
when you restart the PC...everything comes back to the restore point) for
protecting their computers form malware attacks. Deep freeze can wipe out
the details of all activities carried on the computer when one clicks on the
 restart button which poses a challenge to the police and crime investigators.
 Annual maintenance contract found to be not in place for servicing the
computer; hence hard disks for all computers are not formatted unless the
computer is down. Not having the AMC is a risk because the cybercriminal
can install a malicious code on computer and conduct criminal activities
without any interruption.
 Porn websites and other similar websites are not blocked.
 CC owners have very less awareness about IT security and IT governance.
 Government/ISP/ state police do not seem to provide IT governance
guidelines to cybercafe owners.
 CC associations or cyber cell wing do not seem to conduct periodic visits to
CC. Secondly an FIR is to be reported regarding the crime to take some
action.

Tips for safety and security using a computer in CC.

Always logout:

While using emails at the cybercafé simply closing browser window is not enough
one should always sign-out, because if somebody uses the same service after you one
can get an easy access to your account.

Stay with the computer

While surfing one should never leave the system unattended for any period of time.
If one has to go out logout and close all windows and then go.

Clear history and temporary files:
Browser saves pages that you have visited in the history folder and temporary
internet files.
Your passwords may also be stored in the browser if that option is enabled.

Be alert:
One should be alert and aware of the surroundings while using a public computer.
Snooping over the shoulder is an easy way of getting your username and password.

Avoid online financial transactions:
One should avoid online banking, shopping or other transactions. One should change
the
passwords frequently using trusted computer.

Change passwords:
Passwords should be changed suitably and should not be revealed to anybody after
any
transaction on public computer.

Virtual keyboard:
 Nowadays almost every bank has provided the virtual keyboard on their
websites. It is malware protected.

Security warnings:
 One should take utmost care while accessing the websites of any
 banks/financial institutions.
 Above measures are not only applicable to CC but also other public places
wherever internet is available.