Anzeige
Anzeige

Más contenido relacionado

Anzeige

Introduction.pptx

  1. What is Cybercrime? • Cybercrime is defined as a crime where a computer is the object of the crime or is used as a tool to commit an offense. • A cybercriminal may use a device to access a user’s personal information, confidential business information, government information, or disable a device. • It is also a cybercrime to sell or elicit the above information online. •
  2. Categories of Cybercrime The heads are: • cyber crimes against individuals, • cyber crimes against Property, and • cyber crimes against Government(society at large).
  3. • Crimes Against Individual • These crimes include cyber harassment and stalking, distribution of child pornography, credit card fraud, human trafficking, spoofing, identity theft, and online libel or slander. • 2. Crimes Against Property • Some online crimes occur against property, such as a computer or server. These crimes include DDOS attacks, hacking, virus transmission, phishing attacks,,ramsomeware computer vandalism, copyright infringement, and IPR violations. • Crimes Against Government • When a cybercrime is committed against the government, it is considered an attack on that nation's sovereignty. Cybercrimes against the government include hacking, accessing confidential information, cyber warfare, cyber terrorism, and pirated software.
  4. How Criminal Plan the Attacks • Reconnaissance (information gathering) is the first phase and is treated as passive attacks. • Scanning and scrutinizing the gathered information for the validity of the information as well as to identify the existing vulnerabilities. • Launching an attack (gaining and maintaining the system access).
  5. 1. Reconnaissance • "Footprinting" - this is the preparation toward preattack phase, and involves accumulating data about the target's environment and computer architecture to find ways to intrude into that environment. • provides a judgment about possible exploitation of those vulnerabilities
  6. 2. Passive Attacks A passive attack involves gathering information about a target without his/her (individual's or company's) knowledge. • Google or Yahoo search: People search to locate information about employees. • Surfing online community groups like Orkut/Facebook will prove useful to gain the information about an individual. • Organization's website may provide a personnel directory or information about key employees, for example, contact details, E-Mail address, etc. These can be used in a social engineering attack to reach the target. • Blogs, newsgroups, press releases, etc. are generally used as the mediums to gain information about the company or employees. • Going through the job postings in particular job profiles for technical persons can provide information about type of technology, that is, servers or infrastructure devices a company maybe using on its network
  7. 3. Active Attacks • An active attack involves probing the network to discover individual hosts to confirm the information (IP addresses, operating system type and version, and services on the network) gathered in the passive attack, phase.
  8. 4. Scanning and Scrutinizing Gathered Information • Port scanning: Identify open/close ports and services. • Network scanning: Understand IP Addresses and related information about the computer network systems. • Vulnerability scanning: Understand the existing weaknesses in the system. • The scrutinizing phase is always called "enumeration" in the hacking world. The objective behind this step is to identify: • The valid user accounts or groups; • Network resources and/or shared resources • OS and different applications that are running on the OS.
  9. 5. Attack The attack is launched using the following steps: • Crack the password • Exploit he password • Execute the malicious command/applications; • Hide the files (if required); • Cover the tracks - delete the access logs, so that there is no trail illicit activity.
  10. Cyber crimes against individuals Cyberbullying • Humiliating/embarrassing content posted online about the victim of online bullying, • Hacking social media accounts • Posting vulgar messages on social media • Threatening the victim to commit any violent activity • Child pornography or threatening someone with child pornography
  11. Cyberstalking • Browsing anyone’s internet history or online activity, and sending obscene content online with the help of any social media, software, application, etc. to know about that particular person is called cyberstalking. • In India, in the year 2020, the state of Uttar Pradesh witnessed the highest number of cyberstalking incidents against women and children • Section 67 of the IT Act punishes cyber stalkers who send, cause to send, or publish obscene posts or content on electronic media with imprisonment of up to three years and a fine.
  12. Cyber defamation • Cyber defamation means injuring the other person’s reputation via the internet through social media, Emails etc. There are two types of Cyber defamation: libel and slander • Libel: It refers to any defamatory statement which is in written form. For instance, writing defamatory comments on posts, forwarding defamatory messages on social media groups, etc. are a part of cyber defamation in the form of libel. • Slander: It refers to any defamatory statement published in oral form. For instance, uploading videos defaming someone on YouTube is a part of cyber defamation in the form of slander. • Section 67 of the IT Act; whoever publishes or transmits a defamatory statement about a person shall be punished with 2 years imprisonment and a fine up to ₹25000.
  13. Phishing • Phishing refers to the impersonation of a legitimate person and fraudulently stealing someone’s data. • Phishing refers to the fraudulent practice of sending emails under the pretext of reputable companies to induce individuals to reveal personal information, such as passwords, credit card numbers, etc., online. • Section 66C of the IT Act penalises any offender committing phishing- related activities & is punishable with imprisonment of up to three years and a fine of up to rupees one lakh.
  14. Cyber fraud • Any person who dishonestly uses the internet to illegal deceive people and gets personal data, communication, etc. with a motive to make money is called a cyber fraud. • Examples of cyber fraud include sending emails containing fake invoices, sending fake emails from email addresses similar to the official ones, etc. • Section 420 of IPC is imprisonment of up to seven years with a fine.
  15. Cyber theft • Cyber theft is a type of cybercrime which involves the unauthorized access of personal or other information of people by using the internet. • c yber theft is to gather confidential data like passwords, images, phone numbers, etc. and use it as leverage to demand a lumpsum amount of money. • Section 66C of the IT Act. The punishment for the same is imprisonment of up to three years and/or up to Rs 2 lakh fine.
  16. Spyware • Spyware is a type of malware or malicious software, when it is installed it starts accessing and computing the other person’s device without the end user’s knowledge. The primary goal of this software is to steal credit card numbers, passwords, One-Time Passwords (OTPs), etc.
  17. Cyber crimes against organizations • Attacks by virus • A computer virus is a kind of malware which connects itself to another computer program and can replicate and expand when any person attempts. • For example, the opening of unknown attachments received from malicious emails may lead to the automatic installation of the virus on the system in which it is opened. • These viruses are extremely dangerous, as they can steal or destroy computer data, crash computer systems, etc.
  18. Salami attack • It is one of the tactics to steal money, which means the hacker steals the money in small amounts. The damage done is so minor that it is unnoticed. • . In Salami slicing, the attacker uses an online database to obtain customer information, such as bank/credit card details.
  19. Web Jacking • illegal redirection of a user’s browser from a trusted domain’s page to a fake domain without the user’s consent. • people visiting any well-known or reliable website can be easily redirected to bogus websites, which in turn lead to the installation of malware, leak of personal data, etc. • Section 383 of IPC is imprisonment of up to three years or with a fine, or both.
  20. Denial of Service Attack • The attackers generally attack systems in such a manner by trafficking the targeted system until it ultimately crashes. • DoS attacks cost millions of dollars to the corporate world,
  21. Cyber crimes against society at large • Cyber pornography • It states that the following activities are punishable with imprisonment of up to 3 years and a fine of up to 5 lakhs: • Uploading pornographic content on any website, social media, etc. where third parties may access it. • Transmitting obscene photos to anyone through email, messaging, social media, etc.
  22. Cyber terrorism • Hacking government-owned systems of the target country and getting confidential information. • Destructing and destroying government databases and backups by incorporating viruses or malware into the systems. • Disrupting government networks of the target nation. • Distracting the government authorities and preventing them from focusing on matters of priority.
  23. Cyber Espionage • espionage is “the practice of spying or using spies to obtain information about the plans and activities especially of a foreign government or a competing company.” • Similarly, cyber espionage refers to the unauthorized accessing of sensitive data or intellectual property for economic, or political reasons. It is also called ‘cyber spying’. • Military data • Academic research-related data • Intellectual property • Politically strategic data, etc.
Anzeige