Introduction to Cybercrime

Definition
• A crime conducted in which a computer was
directly and significantly instrumental
• Any illegal behavior directed by means of
electronic operations, that targets the security
of the computer systems and the data
processed by them
 Some more definitions
• Crime committed using a computer and the
Internet to steal a person’s identity or sell
contraband or stalk victims or disrupt operations
with malevolent programs
• Crimes completed either on or with a computer
• Any illegal activity done through the internet or
on the computer
• All criminal activities done using the medium of
computers, internet, cyberspace and WWW
 Cybercrime and Information Security
• Lack of information security gives rise to
cybercrimes
• Cyber security is protection of information,
equipment devices, computer, computer resource,
communication device and information stored
therein from unauthorized access, use, disclosure,
disruption, modification and destruction
• Information Technology Act (ITA)2000 provides
focus on Information Security in India
 Cybercriminals
• Type I : Hungry for recognition
• Type II: Not interested in recognition
• Type III: The insiders
 Type I
• Hobby hackers
• IT professionals
• Politically motivated hackers
• Terrorist organization
 Type II
• Psychological perverts
• Financially motivated hackers
• State sponsored hacking
• Organized criminals
 Type III
• Disgruntled or former employees seeking
revenge
• Competing companies using employees to
gain economic advantage through damage or
threat
 Classification of Cybercrimes
• E-mail spoofing
• Phishing
• Spamming
• Cyber defamation
• Cyber stalking and harassment
• Computer Sabotage
• Pornographic offenses
• Password sniffing
 Email spoofing
• Appears to be originated from source but
actually has been sent from another source
• Warning Signs of a Spoof Email
• A. Sender's Email Address
Spoof email may include a forged email address in the "From" line - Some may
actually be real email addresses that have been forged. (From: [email protected];
From: [email protected]; From: [email protected]).
• B. Email Greeting
Many Spoof emails will begin with a general greeting such as "Welcome eBay User."
• C. Urgency
Claims that eBay is updating its files or accounts - Don't worry, it is highly unlikely
that eBay will lose your account information.
• D. Account Status Threat
Most Spoof emails try to deceive you with the threat that your account is in
jeopardy and you will not be able to buy or sell on eBay if you do not update it
immediately.
• E. Links in an Email
While many emails have links included, just remember that these links can be
forged too.
• F. Requests Personal Information
Requests that you enter sensitive personal information such as a User ID, password
or bank account number by clicking on a link or completing a form within the email
are a clear indicator of a Spoof email.
 Spamming
• People who create electronic spams are called
spammers
• Sending bulk messages indiscriminately
 Types of Spams
1. Email spam
2. Usenet newsgroup spam
3. Web search engine spam
4. Spam in blogs
5. Wiki spam
6. Online classified ads spam
7. Mobile phone messaging spam
8. Internet forum spam
9. Junk fax transmission spam
10. Social networking spam
11. File sharing network spam
12. Video sharing sites
 Cyberdefamation
• Whoever by words either spoken or intended
to be read, or by signs or by visible
representation, makes or publishes any
imputation concerning any person intending
to harm, or knowing or having reason to
believe that such imputation will harm, the
reputation of such person, is said, except in
the cases hereinafter expected, to defame that
person – Section 499 of Chapter XXI of IPC
 Internet Time Theft
• This occurs when an unauthorized person uses
the Internet hours paid for by another person
 Salami attack ? Salami Theft
• Used for committing financial crime
• Idea here is to make the alteration so
insignificant that in a single case it would go
completely unnoticed
 Data Diddling
• Involves altering raw data just before it is
processed by a computer and then changing it
back after the processing is complete
 Forgery
• Counterfeit currency notes, postage and
revenue stamps, mark sheets etc. can be
forged using sophisticated computers, printers
and scanners
 Web Jacking
• Occurs when someone forcefully takes control
of website by cracking the password and then
later changing it
Web Jacking
 Industrial spying/Industrial espoinage
• Spies can get information about product
finances, research and development and
marketing strategies
• With growing public availability of Trojans and
spyware, even low skilled individuals are now
inclined to generate high volume profit out of
industrial spying
 Hacking
• Every act committed toward breaking into a
computer or network is hacking and it is an
offense
• Those who break into the computer systems
should ideally be called crackers and those
targeting phones should be called phreaks
 Online frauds
• Spoofing websites and Email security alerts,
hoax mails about virus threats, lottery frauds
and spoofing
 Pornographic offenses
• Child pornography is considered an offense
• Internet is being highly used by abusers to
reach and abuse children sexually worldwide
 Child pornography
• Any photograph that can be considered
obscene and/or unsuitable for the age of child
viewer
• Film, video, picture
• Computer generated image or picture
 How pedophiles operate
• Use false identity to trap children/teenager
• They seek children/teens in the kids area on the services
like games chat rooms etc
• They befriend children
• Extract personal information by winning their confidence
• Get email address and start making regular contacts with
the children
• They start sending pornographic materials to help child
shed inhibitions and feel that whatever is being fed to
them is normal and everybody does it
• Set up a meeting and drag them out of the house and
sexually assault them
 Software piracy
• Theft of software through illegal copying of
genuine programs or the counterfeiting and
distribution of products intended to pass for
the original
 Using pirated software leads to…
• Getting untested software that may have been
copied thousand times over
• May potentially contain hard drive infecting
viruses
• No technical support in case of software
failure
• No warranty protection
• No legal right to use the product
 Computer Sabotage
• Use of Internet to hinder the normal
functioning of a computer system using
worms, viruses or logic bombs
• Logic bombs are triggered only when an event
occurs
 Email bombing/Mail bombs
• Send a large number of emails to the victim to
crash victim’s email account or to make
victim’s mail server crash in case of a company
or service provider
 Usenet groups
• Popular means of sharing and distributing
information on the web with respect to
specific topic/subject
 Usenet for criminal use…
• Distribution/sale of pornographic material
• Distribution/sale of pirated software packages
• Distribution of hacking software
• Sale of stolen credit card numbers
• Sale of stolen data/stolen property
 Computer Network Intrusions
• Crackers can break into the system from
anywhere in the world and steal data, plant
viruses, create backdoors, insert Trojan horses
or change user names and passwords
 Password sniffing
• Program that monitor and record the name
and password of network users as they login
 Credit card fraud
• Millions of dollars may be lost annually by
consumers who have credit card and calling
card number stolen from online databases
• Bulletin boards and other online services are
targeted to access large database of credit
card information
 Identity theft
• It is a fraud involving another person’s identity
for illicit purpose
 Phishing
• Phishing is the attempt to acquire
sensitive information such as usernames,
passwords, and credit card details (and
sometimes, indirectly, money) by
masquerading as a trustworthy entity in an
electronic communication.[
Phishing
Phishing through voice calls
Phishing through messages
Smishing