2. Abstract
The Computers have unleashed an era of enhanced productivity
and creativity. Communication and connectedness has seen new
heights in the last two decades. Internet has ushered a new
revolution, The Online Revolution. As more and more people
are shifting their day to day activities online, more and more
people are targeting the easy-to-make money and information.
These are the contemporary criminals, enjoying the anonymity
provided by the Internet and numerous tools to gain entry into
almost any system, taking advantage of human error and system
vulnerabilities . These are the Cyber Criminals, the ill-motivated
hackers, crackers and spammers.
In this report, an attempt has been made to see Cyber Crime in
a broad Spectrum, starting from scratch. Reports &
Investigations from World’s top Cyber Security firms has been
incorporated.
Without delving too much into the actual means of exploitation,
an attempt to visualise the entire process as whole, has been
made.
3. Table Of Contents
S.NO. Title
Abstract
1. What is Cyber Crime?
2. Categorically..
3. Cyber Crime: The Polymorphic One
4. Is it worth all the commotion?
5. Who are the Cyber Criminals?
6. The Cybercrime Ecosystem: Resources,
Motivations and Methods
7. How Cyber Criminals Attack?
8. Current Scenario
9. Indian Laws & Cyber Crime
10. Cyber Crime Prevention Tips
Bibliography
4. 1. What is Cyber Crime?
We often hear the term ‘cybercrime’ bandied about these days, as
it's a bigger risk now than ever before due to the sheer number of
connected people and devices. But what is it exactly?
In a nutshell, it is simply a crime that has some kind of computer or
cyber (computer/computer networks from word cybernetics) aspect
to it. To go into more detail is not as straightforward, as it takes shape
in a variety of different formats. Cyber crime encompasses any
criminal act dealing with computers and networks. Additionally,
cyber crime also includes traditional crimes conducted through the
Internet.
According to Interpol, Cybercrime is one of the fastest growing areas
of crime. More and more criminals are exploiting the speed,
convenience and anonymity that modern technologies offer in order
to commit a diverse range of criminal activities.
These include attacks against computer data and systems such as
Denial of Service Attacks, identity theft, the distribution of child
sexual abuse images, internet auction fraud, the penetration of
online financial services, as well as the deployment of viruses,
Botnets, and various email scams such as phishing.
5. Cyber crimes are broadly categorized into three categories, namely
crimes against:
1. Individual
2. Property
3. Government
Each category can use a variety of methods and the methods used
vary from one criminal to another.
Individual: This type of cyber crime can be in the form of
hacking, identity theft, cyber bullying, cyber stalking, distributing
pornography, trafficking and “grooming”. Today, law enforcement
agencies are taking this category of cyber crime very seriously and
are joining forces internationally to reach and arrest the perpetrators.
Property: Just like in the real world where a criminal can steal and
rob, even in the cyber world criminals resort to stealing and robbing.
In this case, they can steal a person’s bank details and siphon off
money; misuse the credit card to make numerous purchases online;
run a scam to get naïve people to part with their hard earned money;
use malicious software to gain access to an organization’s website or
disrupt the systems of the organization. The malicious software can
also damage software and hardware, just like vandals damage
property in the offline world.
Government: Although not as common as the other two
categories, crimes against a government are referred to as cyber
terrorism. If successful, this category can wreak havoc and cause
panic amongst the civilian population. In this category, criminals hack
government websites, military websites or circulate propaganda. The
perpetrators can be terrorist outfits or unfriendly governments of
2. Categorically ..
6. Cyber Crime may take many forms. The most common ones are
explained below:
Hacking: This is a type of crime wherein a person’s computer is
broken into so that his personal or sensitive information can be
accessed. This is different from ethical hacking, which many
organizations use to check their Internet security protection. In
hacking, the criminal uses a variety of software to enter a person’s
computer and the person may not be aware that his computer is
being accessed from a remote location.
Theft: This crime occurs when a person violates copyrights and
downloads music, movies, games and software. There are even peer
sharing websites which encourage software piracy and many of these
websites are now being targeted by the FBI. Today, the justice system
is addressing this cyber crime and there are laws that prevent people
from illegal downloading.
Cyber Stalking: This is a kind of online harassment wherein the victim
is subjected to a barrage of online messages and emails. Typically,
these stalkers know their victims and instead of resorting to offline
stalking, they use the Internet to stalk. However, if they notice that
cyber stalking is not having the desired effect, they begin offline
stalking along with cyber stalking to make the victims’ lives more
miserable.
Malicious Software: These are Internet-based software or programs
that are used to disrupt a network. The software is used to gain access
to a system to steal sensitive information or data or causing damage
to software present in the system.
3. Cyber Crime : The Polymorphic One
7. Identity Theft: This has become a major problem with people using
the Internet for cash transactions and banking services. In this cyber
crime, a criminal accesses data about a person’s bank account, credit
cards, Social Security, debit card and other sensitive information to
siphon money or to buy things online in the victim’s name. It can
result in major financial losses for the victim and even spoil the
victim’s credit history.
Child soliciting and Abuse: This is also a type of cyber crime wherein
criminals solicit minors via chat rooms for the purpose of child
pornography. The FBI has been spending a lot of time monitoring
chat rooms frequented by children with the hopes of reducing and
preventing child abuse and soliciting.
Cyber-Terrorism
Cyber-terrorism is distinguished from other acts of commercial crime
or incidents of hacking by its severity. Attacks against computer
networks or the information stored therein which result in "violence
against persons or property, or at least cause enough harm to
generate fear" are to be considered cyber-terrorism attacks
according to congressional testimony from Georgetown University
professor Dorothy Denning. "Attacks that disrupt nonessential
services or that are mainly a costly nuisance" are not classified as
cyber-terrorist attacks by her definition.
DoS
Short for denial-of-service attack, a type of attack on a network that
is designed to bring the network to its knees by flooding it with
useless traffic. Many DoS attacks, such as the Ping of Death and
Teardrop attacks, exploit limitations in the TCP/IP protocols.
8. 4. Is It Worth All The Commotion?
Before we delve deeper into the World Of Cyber Crime, let’s see if
its even worth the effort!
In the present decade, this term has gathered a large amount of
attention and hype, and people fear these shadowy group of new
brand of criminals for all sort of reasons. Let’s have a look at some
facts and figures
The "I love you" worm (named after the subject line of the email it
came in) proved irresistible in 2000 as millions of users opened the
spam message and downloaded the attached 'love letter' file and a
bitter virus.
This infamous worm cost companies and government agencies $15
billion to shut down their computers and remove the infection.
MyDoom's Mass Infection
Estimated damage: $38 billion
This fast-moving worm first struck in 2004 and tops McAfee's list in
terms of monetary damage.
Due to all the spam it sent, it slowed down global Internet access
by 10 per cent and reduced access to some websites by 50 per
cent, causing billions in dollars of lost productivity and online
sales.
Conficker's stealthy destruction
Estimated damage $9.1 billion
This 2007 worm infected millions of computers and then took its
infections further than the last two worms on our list, as
cybercrooks moved from notoriety to professionalism.
Conficker was designed to download and install malware from sites
controlled by the virus writers.
9. Once upon a time, “distributed denial of service attacks” were just a
way for quarreling hackers to knock each other out of IRC. Then one
day in February 2000, a 15-year-old Canadian named Michael
“MafiaBoy” Calce experimentally programmed his botnet to hose
down the highest traffic websites he could find. CNN, Yahoo,
Amazon, eBay, Dell and eTrade all buckled under the deluge, leading
to national headlines and an emergency meeting of security experts
at the White House.
In 2003, fear came in 376 bytes. The lightning-fast Slammer worm
targeted a hole in Microsoft’s SQL server, and despite striking six
months after a fix was released, the malware cracked an estimated
75,000 unpatched servers in the space of hours. Bank of America and
Washington Mutual ATM networks ground to a halt. Continental
Airlines delayed and canceled flights when its ticketing system got
gummed up. Seattle lost its emergency 911 network, and a nuclear
power plant in Ohio lost a safety monitoring system.
“Operation Get Rich or Die Tryin’ ”. For nearly four years ending in
2008, 28-year-old Albert “Segvec” Gonzalez and his accomplices in
America and Russia staged the biggest data thefts in history, stealing
credit and debit card magstripe data for sale on the black market.
Using Wi-Fi hacking and SQL injection, the gang popped companies
like 7-Eleven, Dave & Buster’s, Office Max, TJX, and the credit card
processor Heartland Payment Systems, which alone gave up 130
million cards.
These are just a few instances of Cyber Crimes, which caused mass
losses, and troubles. Millions more are happening everyday, every
second, against individuals and organisations alike by individuals
and organisations alike!
10. $113 BN
FRAUD 38%
THEFT OR
LOSS 21%
REPAIRS
24%
OTHER 17%
83% OF DIRECT FINANCIAL
COSTS ARE A RESULT OF FRAUD,
REPAIRS, THEFT AND LOSS
USD $298
AVERAGE COST PER VICTIM
REPRESENTS A 50 PERCENT INCREASE
OVER 2012
Global Price Tag Of Consumer Cyber
Crime:
11. 12VICTIMS PER
SECOND
378 MILLION VICTIMS
PER YEAR
1 MILLION +
VICTIMS PER DAY
NEARLY 2.8 TIMES AS MANY BABIES BORN EACH YEAR
ENOUGH TO FILL WEMBLEY STADIUM (ENGLAND) MORE THAN 10
TIMES
The Scale Of Consumer Cyber Crime:
50% OF ONLINE
ADULTS
HAVE BEEN VICTIMS OF CYBERCRIME AND /
OR NEGATIVE ONLINE SITUATIONS IN THE
PAST YEAR (e.g., RECEIVED NUDE IMAGES
FROM STRANGERS OR WERE BULLIED OR
STALKED ONLINE)
12. 5. Who are the Cyber Criminals?
When we speak about cybercrimes, such as phishing and malware
attacks, we tend to lump cybercriminals into one category and
operate under an assumption that they are all motivated to steal
credentials that lead to some sort of financial theft. While those
types of crimes do occur, it is important to distinguish between the
different types of cybercriminals that comprise today’s threatscape.
Here are the basic types of cybercriminals in operation today:
Nation-states:
Most notably, China, Iran, other nation-states looking to steal and
infiltrate data.
Hacktivists:
Activists or groups (like WikiLeaks) seeking to steal data and release
it publicly. This category also includes Script kiddies, and enthusiasts
messing around status quo and having fun.
Professional Cybercriminals:
This group (led by technologists turned cybercriminal) does the most
damage, particularly to financial institutions, retailers, e-commerce
businesses, governments, etc. This group of cybercriminals actually
creates more fraud, remediation and reputational damage than the
other types of cybercriminals combined.
13. 6. The Cybercrime Ecosystem:
Resources, Motivations and Methods
“ Cybercriminals Today Mirror Legitimate Business Processes “
- Fortinet 2013 Cybercrime Report
Long gone are the days when cybercrime was tantamount to teenage
miscreants causing mischief in their parents’ basement. Today, as any
commercial enterprise, cybercrime has evolved into a complex, highly
organized hierarchy involving leaders, engineers, infantry, and hired
money mules. Looking from the outside in, there’s little to distinguish
cybercrime organizations from any other business.
Like any legitimate commercial enterprise, each player has a
designated role or function to perform. And each job is necessary in
order to create the desired good that turns the wheels of the
machine. The mission? Like any other business, it’s profitability. Or, in
some cases, retribution.
The fundamental laws of economics apply here as well. The
deliverables run the range from consulting, services, and advertising
to a myriad of programs that serve as the “product.” The more
features and/or more complex the service offered, the higher the
price.
14. According to the Fortinet’s 2013 cybercrime report, an interesting
study on cybercriminal ecosystem, identifying the operations, the
motivations, the methods, the resource used and countermeasure
adoptable to mitigate the cyber threats are identified.
As demonstrated by various researchers conducted by principal
security firm’s cybercrime industry operates exactly as legitimate
businesses working in a global industry. What is very concerning is
the capabilities of criminal organizations to quickly react to new
business opportunities demonstrating a high level of
motivation, very common is the habit to recruit skilled
professionals or rent specialist services to arrange illegal activities.
Criminal organizations have different motivations for their
operations, they could adopt a direct method of monetization
earning with frauds and illegal activities such as cyber espionage or
estorsions, or they can decide to monetize the providing of illegal
services such as the renting of botnets or customization of
malicious code.
Cybercrime has no specific Geo localization, it operates on a global
scale in the cyber space exploiting different law framework
adopted by various governments that make cybercrime relatively
risk free compared with traditional crimes.
In too many countries cyber laws are very poor, the level of
enforcement is low exactly such as monitoring of criminal
ecosystem, this advantages the growth cybercriminals
organizations.
15. Cybercrime often goes unpunished ,it is very profitable and
contrary to what we can think the providing of criminal services in
the model dubbed Crime-as-a-Service allows also to ordinary crime
without technological background to become part of “cybercriminal
business”.
Being a cybercriminal allows to gain handsome profits especially in
countries where per capita income is extremely low. Cybercrime
pays, it’s very common to find advertising looking to recruit cyber
specialists (e.g. botmaster, malware engineers) promising amount
of money between $2,000 and $5,000 a month.
This amount of money is very attractive if we consider the monthly
earns for these categories of professionals located in Eastern
Europe, especially in countries such as Russia and Moldova.
16. All these forms of Cyber Crime are due to one or more kind of
Attacks by the Cyber Criminals or the Hacktivist in question
Classes of attack might include passive monitoring of
communications, active network attacks, close-in
attacks, exploitation by insiders, and attacks through the service
provider. Information systems and networks offer attractive targets
and should be resistant to attack from the full range of threat
agents, from hackers to nation-states. A system must be able to limit
damage and recover rapidly when attacks occur.
There are five types of attacks, which are most common:
Passive Attack
A passive attack monitors unencrypted traffic and looks for clear-text
passwords and sensitive information that can be used in other types
of attacks. Passive attacks include traffic analysis, monitoring of
unprotected communications, decrypting weakly encrypted
traffic, and capturing authentication information such as passwords.
Passive interception of network operations enables adversaries to
see upcoming actions. Passive attacks result in the disclosure of
information or data files to an attacker without the consent or
knowledge of the user.
Active Attack
In an active attack, the attacker tries to bypass or break into secured
systems. This can be done through stealth, viruses, worms, or Trojan
horses. Active attacks include attempts to circumvent or break
protection features, to introduce malicious code, and to steal or
modify information.
7. How Cyber Criminals Attack?
17. These attacks are mounted against a network backbone, exploit
information in transit, electronically penetrate an enclave, or attack
an authorized remote user during an attempt to connect to an
enclave. Active attacks result in the disclosure or dissemination of
data files, DoS, or modification of data.
Distributed Attack
A distributed attack requires that the adversary introduce code,
such as a Trojan horse or back-door program, to a “trusted”
component or software that will later be distributed to many other
companies and users Distribution attacks focus on the malicious
modification of hardware or software at the factory or during
distribution. These attacks introduce malicious code such as a back
door to a product to gain unauthorized access to information or to a
system function at a later date.
Insider Attack
An insider attack involves someone from the inside, such as a
disgruntled employee, attacking the network Insider attacks can be
malicious or no malicious. Malicious insiders intentionally
eavesdrop, steal, or damage information; use information in a
fraudulent manner; or deny access to other authorized users. No
malicious attacks typically result from carelessness, lack of
knowledge, or intentional circumvention of security for such reasons
as performing a task.
Close-in Attack
A close-in attack involves someone attempting to get physically
close to network components, data, and systems in order to learn
more about a network Close-in attacks consist of regular individuals
attaining close physical proximity to networks, systems, or facilities
for the purpose of modifying, gathering, or denying access to
information.
18. Close physical proximity is achieved through surreptitious entry into
the network, open access, or both. One popular form of close in
attack is social engineering in a social engineering attack, the
attacker compromises the network or system through social
interaction with a person, through an e-mail message or phone.
Various tricks can be used by the individual to revealing information
about the security of company. The information that the victim
reveals to the hacker would most likely be used in a subsequent
attack to gain unauthorized access to a system or network.
Phishing Attack
In phishing attack the hacker creates a fake web site that looks
exactly like a popular site such as the SBI bank or paypal. The
phishing part of the attack is that the hacker then sends an e-mail
message trying to trick the user into clicking a link that leads to the
fake site. When the user attempts to log on with their account
information, the hacker records the username and password and
then tries that information on the real site.
Hijack attack
Hijack attack In a hijack attack, a hacker takes over a session
between you and another individual and disconnects the other
individual from the communication. You still believe that you are
talking to the original party and may send private information to the
hacker by accident.
Password attack
An attacker tries to crack the passwords stored in a network account
database or a password-protected file. There are three major types
of password attacks: a dictionary attack, a brute-force attack, and a
hybrid attack. A dictionary attack uses a word list file, which is a list
of potential passwords. A brute-force attack is when the attacker
tries every possible combination of characters.
19. Spoof attack
Spoof attack In a spoof attack, the hacker modifies the source
address of the packets he or she is sending so that they appear to be
coming from someone else. This may be an attempt to bypass your
firewall rules.
Buffer overflow
Buffer overflow A buffer overflow attack is when the attacker sends
more data to an application than is expected. A buffer overflow
attack usually results in the attacker gaining administrative access to
the system in a Command prompt or shell.
20. 8. Current Scenario
Recent studies published on the evolution of principal cyber threats
in the security landscape. They present concerning scenarios,
characterized by the constant growth of cyber criminal activities.
Even though the level of awareness of cyber threats has increased,
and law enforcement acts globally to combat them, illegal profits
have reached amazing figures. The impact to society has become
unsustainable, considering the global economic crisis.
It’s necessary to work together to avoid the costs the global
community suffers, which we can no longer sustain. The risk of
business collapse is concrete, due to the high cost for enterprises in
mitigating counter measures, and the damage caused by countless
attacks.
Principal security firms which observe and analyze the incidents
occurred to their clients have provided estimates of the annual loss
suffered by enterprises. Dozens of billion dollars tare eroding their
profits. If we extend the effects of cybercrime to government
circles, public industry and the entire population, it’s easy to
assume that the amount of damage reaches several hundred billion
dollars.
In many cases, that estimate can be misleading. That’s because
there were still too many companies that fail to quantify the losses
related to cybercrime. In some cases, they totally ignore that
they’re victims of attacks. The majority of estimates relied on a
survey, and loss estimates are based on raw assumptions about the
magnitude and effect of cyber attacks to provide an economic
evaluation.
21. Cyber criminal activities are increasing by incidence in a scenario
made worse by the economic crisis. We also face tightened spending
by the private sector, and reduced financial liquidity.
Nearly 80% of cybercrime acts are estimated to originate in some
form of organized activity. The diffusion of the model of fraud-as-
service and the diversification of the offerings of the underground
market is also attracting new actors with modest skills. Cybercrime is
becoming a business opportunity open to everybody driven by profit
and personal gain.
According to experts at RSA security, cybercrime continues to
improve its techniques and the way it organizes and targets victims.
The RSA Anti-Fraud Command Center (AFCC) has developed the
following list of the top cybercrime trends it expects to see evolve:
1. As the world goes mobile, cybercrime will follow
2. The privatization of banking, trojans and other malware
3. Hacktivism and the ever-targeted enterprise
4. Account takeover and increased use of manually-assisted cyber
attacks
5. Cybercriminals will leverage Big Data principles to increase the
effectiveness of attacks
Cybercrime activities are globally diffused, financially-driven acts.
Such computer-related fraud is prevalent, and makes up around one
third of acts around the world.
Another conspicuous portion of cybercrime acts are represented by
computer content, including child pornography, content related to
terrorism offenses, and piracy. Another significant portion of crime
relates to acts against confidentiality, integrity and accessibility of
computer systems.
22. That includes illegal access to a computer system, which accounts
for another one third of all acts.
It’s clear that cyber crime is influenced by national laws and by the
pressure and efficiency of local law enforcement.
23. 8.1. Cyber Crime Statistics
Key findings include:
The average annualized cost of cybercrime incurred per organization
was $11.56 million, with a range of $1.3 million to $58 million. This
is an increase of 26 percent, or $2.6 million, over the average cost
reported in 2012.
Organizations in defense, financial services and energy and utilities
suffered the highest cybercrime costs.
Data theft caused major costs, 43 percent of the total external
costs, business disruption or lost productivity accounts for 36% of
external costs. While the data theft decreased by 2% in the last year,
business disruption increased by 18%.
Organizations experienced an average of 122 successful attacks per
week, up from 102 attacks per week in 2012.
The average time to resolve a cyber attack was 32 days, with an
average cost incurred during this period of $1,035,769, or $32,469
per day—a 55 percent increase over last year’s estimated average
cost of $591,780 for a 24-day period.
Denial-of-service, web-based attacks and insiders account for more
than 55% of overall annual cybercrime costs per organization.
Smaller organizations incur a significantly higher per-capita cost than
larger organizations.
Recovery and detection are the most costly internal activities.
A study, titled The 2013 Cost of Cyber Crime Study, conducted by
Ponemon Institute, provides an estimation of the economic impact
of cybercrime. It’s sponsored by HP for the fourth consecutive year.
It reveals that the cost of cybercrime in 2013 escalated 78
percent, while the time necessary to resolve problems has
increased by nearly 130 percent in four years. Meanwhile, the
average cost to resolve a single attack totalled more than $1
million.
24. Symantec experts have also analyzed the incidence of cybercrime in
different countries around the world.
The 2013 Norton Report states that the lack of efficient
authentication mechanisms and defense mechanisms is the primary
cause of incidents for mobile users. Almost half don’t use basic
precautions and a third were victims of illegal activities last year.
1
38
USA
BN
3
MEXICO
BN
8
BRAZIL
BN
13 EUROPE
BN
1
RUSSIA
BN
37
CHINA
BN
4
INDIA
BN 1
JAPAN
BN
AUSTRALIA
BN
THE GLOBAL PRICE TAG OF CONSUMER CYBERCRIME
0.3
SOUTH
AFRICA
BN
25. What’s very concerning is that, given the awareness level of users
regarding cyber threats, only a small portion of mobile users (26%)
have installed security software and 57% aren’t aware of existence
of security solutions for mobile environments. These numbers
explain why mobile technology is so attractive for cyber crime. In
the majority of cases, the systems are totally exposed to cyber
threats due to bad habits and risky behavior.
Great interest is dedicated to cloud computing, and in particular to
cloud storage solutions that make it easy to archive and share files.
24% of users use the same cloud storage account for personal and
work activities. 18% share their collection of documents with their
friends. Once again, bad habits facillitate cyber crime. Cloud services
bundle a multitude of data services in one place, so they’re
attractive targets for hackers.
A study on 234 benchmarked Organizations Revealed the
following proportions of cyber crime Activity:
26. 9. Indian Laws & Cyber Crime:
The Indian Law has not given any definition to the term ‘cyber crime’.
In fact, the Indian Penal Code does not use the term ‘cyber crime’ at
any point even after its amendment by the Information
Technology (amendment) Act 2008, the Indian Cyber law. But “Cyber
Security” is defined under Section (2) (b) means protecting
information, equipment, devices computer, computer
resource, communication device and information stored therein
from unauthorized access.
In essence, cyber law is an attempt to apply laws designed for
the physical world, to human activity on the Internet. In India, The IT
Act, 2000 as amended by The IT (Amendment) Act, 2008 is known as
the Cyber law. It has a separate chapter XI entitled “Offences” in
which various cyber crimes have been declared as penal offences
punishable with imprisonment and fine.
Let us look into some common cyber-crime scenarios which can
attract prosecution as per the penalties and offences prescribed in
IT Act 2000 (amended via 2008) Act.
a. Harassment via fake public profile on social networking site
A fake profile of a person is created on a social networking site
with the correct address, residential information or contact details
but he/she is labelled as ‘prostitute’ or a person of ‘loose
character’. This leads to harassment of the victim.
Provisions Applicable:- Sections 66A, 67 of IT Act and Section 509
of the Indian Penal Code.
b. Online Hate Community
Online hate community is created inciting a religious group to act
or pass objectionable remarks against a country, national figures
etc.
Provisions Applicable: Section 66A of IT Act and 153A & 153B of
the Indian Penal Code.
27. c. Email Account Hacking
If victim’s email account is hacked and obscene emails are sent to
people in victim’s address book.
Provisions Applicable:- Sections 43, 66, 66A, 66C, 67, 67A and 67B of
IT Act.
d. Credit Card Fraud
Unsuspecting victims would use infected computers to make online
transactions.
Provisions Applicable:- Sections 43, 66, 66C, 66D of IT Act and section
420 of the IPC.
e. Web Defacement
The homepage of a website is replaced with a pornographic or
defamatory page. Government sites generally face the wrath of
hackers on symbolic days.
Provisions Applicable:- Sections 43 and 66 of IT Act and Sections 66F,
67 and 70 of IT Act also apply in some cases.
f. Introducing Viruses, Worms, Backdoors, Rootkits, Trojans, Bugs
All of the above are some sort of malicious programs which are used
to destroy or gain access to some electronic information.
Provisions Applicable:- Sections 43, 66, 66A of IT Act and Section 426
of Indian Penal Code.
g. Cyber Terrorism
Many terrorists are use virtual(GDrive, FTP sites) and physical storage
media(USB’s, hard drives) for hiding information and records of their
illicit business. IT Act 2000: Penalties, Offences with Case Studies
Confidential Network Intelligence (India) Pvt. Ltd. Page 14 of 24
Provisions Applicable: Conventional terrorism laws may apply along
with Section 69 of IT Act.
28. h. Online sale of illegal Articles
Where sale of narcotics, drugs weapons and wildlife is facilitated by
the Internet
Provisions Applicable:- Generally conventional laws apply in these
cases.
j. Phishing and Email Scams
Phishing involves fraudulently acquiring sensitive information
through masquerading a site as a trusted entity.
Provisions Applicable:- Section 66, 66A and 66D of IT Act and Section
420 of IPC
k. Theft of Confidential Information
Many business organizations store their confidential information in
computer systems. This information is targeted by rivals, criminals
and disgruntled employees.
Provisions Applicable:- Sections 43, 66, 66B of IT Act and Section 426
of Indian Penal Code.
l. Source Code Theft
A Source code generally is the most coveted and important "crown
jewel" asset of a company.
Provisions applicable:- Sections 43, 66, 66B of IT Act and Section 63 of
Copyright Act.
m. Tax Evasion and Money Laundering
Money launderers and people doing illegal business activities hide
their information in virtual as well as physical activities.
Provisions Applicable: Income Tax Act and Prevention of Money
Laundering Act. IT Act may apply case-wise.
n. Online Share Trading Fraud
It has become mandatory for investors to have their demat accounts
linked with their online banking accounts which are generally
accessed unauthorized, thereby leading to share trading frauds.
Provisions Applicable: Sections 43, 66, 66C, 66D of IT Act and Section
420 of IPC
29. 10. Cyber Crime Prevention Tips
Use Strong Passwords
Use different user ID / password combinations for different accounts
and avoid writing them down. Make the passwords more complicated
by combining letters, numbers, special characters (minimum 10
characters in total) and change them on a regular basis.
Secure your computer:
Activate your firewall
Firewalls are the first line of cyber defense; they block connections to
unknown or bogus sites and will keep out some types of viruses and
hackers.
Use anti-virus/malware software
Prevent viruses from infecting your computer by installing and
regularly updating anti-virus software.
Block spyware attacks
Prevent spyware from infiltrating your computer by installing and
updating anti-spyware software.
Secure your Mobile Devices
Be aware that your mobile device is vulnerable to viruses and
hackers. Download applications from trusted sources.
Install the latest operating system updates
Keep your applications and operating system (e.g.
Windows, Mac, Linux) current with the latest system updates. Turn on
automatic updates to prevent potential attacks on older software.
Protect your Data
Use encryption for your most sensitive files such as tax returns or
financial records, make regular back-ups of all your important data,
and store it in another location.
30. Secure your wireless network
Wi-Fi (wireless) networks at home are vulnerable to intrusion if they
are not properly secured. Review and modify default settings. Public
Wi-Fi, a.k.a. “Hot Spots”, are also vulnerable. Use VPNs like vemeo.
Avoid conducting financial or corporate transactions on these
networks.
Protect your e-identity
Be cautious when giving out personal information such as your
name, address, phone number or financial information on the
Internet. Make sure that websites are secure (e.g. when making
online purchases) or that you’ve enabled privacy settings (e.g. when
accessing/using social networking sites).
Avoid being scammed
Always think before you click on a link or file of unknown origin. Don’t
feel pressured by any emails. Check the source of the message. When
in doubt, verify the source. Never reply to emails that ask you to
verify your information or confirm your user ID or password.
Review bank and credit card statements regularly.
The impact of identity theft and online crimes can be greatly
reduced if you can catch it shortly after your data is stolen or when
the first use of your information is attempted. One of the easiest
ways to get the tip-off that something has gone wrong is by
reviewing the monthly statements provided by your bank and credit
card companies for anything out of the ordinary.
In an organisation, Education and awareness across the staff will go a
long way to protect against many types of cybercrime.