Cc Report.docx
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Cc Report.docx as PDF for free.
More details
- Words: 4,674
- Pages: 20
CYBER CRIME ABSTRACT “Cyber” refers to imaginary space, which is created when the electronic devices communicate, like network of computers. Cyber crime refers to anything done in the cyber space with a criminal intent. These could be either the criminal activities in the conventional sense or could be activities, newly evolved with the growth of the new medium. Cyber crime includes acts such as hacking, uploading obscene content on the Internet, sending obscene e-mails and hacking into a person's e-banking account to withdraw money.Computer crime, or cybercrime, refers to any crime that involves a computer and a network, where the computers played an instrumental part in the commission of a crime. Cyber Crime has nowhere been defined in any statute /Act passed or enacted by the Indian Parliament.
CHAPTER1
Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 1
CYBER CRIME INTRODUCTION
The internet in India is growing rapidly. It has given rise to new opportunities in every field we can think of – be it entertainment, business, sports or education. There are two sides to a coin. Internet also has its own disadvantages. One of the major disadvantages is Cybercrime – illegal activitiy committed on the internet. The internet, along with its advantages, has also exposed us to security risks that come with connecting to a large network. Computers today are being misused for illegal activities like e-mail espionage, credit card fraud, spams, software piracy and so on, which invade our privacy and offend our senses. Criminal activities in the cyberspace are on the rise. Here we publish an article by NandinI Ramprasad in series for the benefit of our netizens. –Ed. "The modern thief can steal more with a computer than with a gun. Tomorrow's terrorist may be able to do more damage with a keyboard than with a bomb". – National Research Council, "Computers at Risk", 1991 What is this Cyber crime? We read about it in newspapers very often. Let's look at the dictionary definition of Cybercrime: "It is a criminal activity committed on the internet This is a broad term that describes everything from electronic cracking to denial of service attacks that cause electronic commerce sites to lose.
Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 2
CYBER CRIME HISTORY
•
The first recorded cyber crime took place in the year 1820!
•
In 1820, Joseph-Marie Jacquard, a textile manufacturer in France, produced the loom. This device allowed the repetition of a series of steps in the weaving of special fabrics.
•
This resulted in a fear amongst Jacquard‘s employees that their traditional employment and livelihood were being threatened.
•
They committed acts of sabotage to discourage Jacquard from further use of the new technology. This is the first recorded cyber crime!
Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 3
CYBER CRIME CHAPTER 2 DEFINITION OF COMPUTER CRIMES: Experts debated on what exactly constitutes computer crime or a computer related crime. Even after several years there is no internationally recognized definition of these terms. A global definition of computer crime has not been achieved. Computer crime has been defined as “any illegal unethical or unauthorized behavior involving automatic processing or transmission of data”. COMPUTER CRIME is any crime where – • Computer is a target. • Computer is a tool of crime • Computer is incidental to crime Threats come in two categories: 1.Passive threats. 2. Active threats. Passive threats: This involves monitoring the transmission data of an organization. Here the goal of the assembler if to obtain information that is being transmitted. Passive threats are difficult to detect because they do not involve alterations of data. These are of two types: a. Release of message content. b. traffic analysis.
Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 4
CYBER CRIME Active threats: These threats involve some modification of data stream or the creation of a false stream. These are of three types: a. Modification. b. Denial of message service. c. Masquerade.
Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 5
CYBER CRIME CHAPTER 3 REASONS FOR CYBER CRIME: Capacity to store data in comparatively small space - The computer has unique characteristics of storing data in a very small space. This affords to remove information either through physical or virtual medium makes it much more easier. Easy to access- the problem encountered in guarding a computer system from unauthorized access is that there is possibility of breach not due to human error but due to the complex technology. By secretly implanted logic bomb, key loggers that can steal access codes, advanced voice recoders; retina imagers etc. that can fool biometric systems and bypass firewalls can be utilized to get past many a security system. Complex- the computers work on operating system & these operating systems in turn are composed of millions of codes. Human mind is falliable &is not possible that there might not be a lapse at any stage. The cyber criminals take advantage of these lacunas and penetrate into the computer system. Negligence-Negligence is very closely connected with human conduct. It is therefore very probable that while protecting the computer system there might be any negligence, which in turn provides a cyber criminal to gain access and control over the computer system. Loss of evidence-Loss of evidence is a very common & obvious problem as all the data are routinely destroyed. Further collection of data outside the territorial extent also paralyses this system of crime investigation.
Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 6
CYBER CRIME CHAPTER 4 TYPES OF CYBER CRIME:
BLOCK DIAGRAM:
CYBER CRIMES
HACKING
EMAIL BOMBING AND SPAMMING
SALAMI ATTACKS
DENIAL OF SERVICE ATTACKS
CREDIT CARD FRAUD
COMPUTER FROGERY CYBER STALKING PHISHING VIRUS DISSEMINATION
WEB JACKING
Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 7
CYBER CRIME
HACKING: In simple words, hacking is an act committed by an intruder by accessing your computer system without your permission. Hackers (the people doing the ‘hacking’) are basically computer programmers, who have an advanced understanding of computers and commonly misuse this knowledge for devious reasons. They’re usually technology buffs who have expert-level skills in one particular software program or language. As for motives, there could be several, but the most common are pretty simple and can be explained by a human tendancy such as greed, fame, power, etc. Some people do it purely to show-off their expertise – ranging from relatively harmless activities such as modifying software (and even hardware) to carry out tasks that are outside the creator’s intent, others just want to cause destruction. Greed and sometimes voyeuristic tendancies may cause a hacker to break into systems to steal personal banking information, a corporation’s financial data, etc. They also try and modify systems so hat they can execute tasks at their whims. Hackers displaying such destructive conduct are also called “Crackers” at times. they are also called “Black Hat” hackers On the other hand, there are those who develop an interest in computer hacking just out of intellectual curiosity. Some companies hire these computer enthusiasts to find flaws in their security systems and help fix them. Referred to as “White Hat” hackers, these guys are against the abuse of computer systems. They attempt to break into network systems purely to alert the owners of flaws. It’s not always altruistic, though, because many do this for fame as well, in order to land jobs with top companies, or just to be termed as security experts. “Grey Hat” is another term used to refer to hacking activities that are a cross between black and white hacking.
DENIAL OF SERVICE ATTACK: A Denial of Service (“DoS”) attack is a rather primitive technique that overwhelms the resources of the target computer which results in the denial of server access to other computers. There are several different techniques that hackers use to “bring down” a server. As the network administrators learn how to limit the damage of one technique, hackers often create more powerful and more sophisticated techniques that force system administrators to continually react
Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 8
CYBER CRIME against assaults. In order to understand how to apply the law to these attacks, a basic understanding of the anatomy of the attacks is necessary This is an act by the criminal,, who floods the bandwidth of the victim’s network or fills his e-mail box with spam mail depriving him of the services he is entitled to access or provide.
VIRUS DISSEMINATION: This category of criminal activity involves either direct or search unauthorized access to computer system by introducing new programs known as viruses, worms or logic bombs. The unauthorized modification suppression or erasure of computer data or functions with the Internet to hinder normal functioning of the system is clearly a criminal activity and is commonly referred to as computer sabotage. Malicious code is computer code that is written with the sole intent to cause damage to a machine or to invade the machine to steal information. The most common forms of malicious code are viruses, worms, and Trojan programs VIRUS: (Vital information resources under seize). Virus is a series of program codes with the ability to attach itself to legitimate programs and propagate itself to other computer programs. Viruses are file viruses and bootsector viruses. It attacks the fat so that there is no sequence of file content and it destroys the data content. WORMS: (Write Once Read Many).They are just added to the files and they do not manipulate. It differs from a virus in that it does not have the ability to replicate itself. LOGIC BOMB: As it involves the programming the destruction or modification of data is at a specific time in the future.
Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 9
CYBER CRIME
Why do people Create These Viruses?
To distribute political message.
To attack the products of specific companies.
Some consider their creations to be works of art, and see as a creative hobby.
Financial gain from identity theft
CREDIT CARD FRAUD: Intangible assets represented in data format such as money on deposits or hours of work are the most common targets related to fraud. Modern business is quickly replacing cash with deposits transacted on computer system creating computer fraud. Credit card information as well as personal and financial information on credit card has been frequently targeted by organized criminal crimes. Assets represented in data format often have a considerably higher value than traditionally economic assets resulting in potentially greater economic class.
Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 10
CYBER CRIME
COMPUTER FROGERY: This happens when data is altered which is stored in documents that are in computerized form. Computers however can also be used as instruments for committing forgery. A new generation of fraudulent alteration or duplication emerged when computerized color laser copies became available. These copies are capable of high-resolution copying, modification of documents that are even creating false documents without benefit of original. They produce documents with an equality that is indistinguishable from original documents. Experts can only distinguish this The widespread of computer networks is the need for people with common and shared interest to communicate with each other. Information can easily be represented and manipulated in electronic form. To meet the needs of sharing and communicating information, the computers need to be connected which is called data communication network.
PHISHING: Phishing, the mass distribution of “spoofed” e-mail messages, which appear to come from banks, insurance agencies, retailers or credit card companies and are designed to fool recipients into divulging personal data such as account names, passwords, or credit card numbers. This a technique of extracting confidential information such as credit card numbers and username password combos by masquerading as a legitimate enterprise. Phishing is typically carried out by email spoofing. You’ve probably received email containing links to legitimate appearing websites. You probably found it suspicious and didn’t click the link. Smart move. How phishing can net some really interesting catches The malware would have installed itself on your computer and stolen private information. Cybercriminals use social engineering to trick you into downloading malware off the internet or make you fill in your personal information under false pretenses. A phishing scam in an email message can be evaded by keeping certain things in mind.
Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 11
CYBER CRIME
Look for spelling mistakes in the text. Cyber-criminals are not known for their grammar and spelling. Hover your cursor over the hyperlinked URL but don’t click. Check if the address matches with the one written in the message. Watch out for fake threats. Did you receive a message saying “Your email account will be closed if you don’t reply to this email”? They might trick you by threatening that your security has been compromised. Attackers use the names and logos of well-known web sites to deceive you. The graphics and the web addresses used in the email are strikingly similar to the legitimate ones, but they lead you to phony sites.
Not all phishing is done via email or web sites. Vishing (voice phishing) involves calls to victims using fake identity fooling you into considering the call to be from a trusted organisation. They may claim to be from a bank asking you to dial a number (provided by VoIP service and owned by attacker) and enter your account details. Once you do that, your account security is compromised. Treat all unsolicited phone calls with skepticism and never provide any personal information. Many banks have issued preemptive warnings informing their users of phishing scams and the do’s and don’ts regarding your account information. Those of you reading Digit for long enough will remember that we successfully phished hundreds of our readers by reporting a way to hack other people’s gmail accounts by sending an email to a made up account with your own username and password… and we did that years ago in a story about , yes, you guessed it, phishing
CYBER STALKING : Cyber stalking is a new form of internet crime in our society when a person is pursued or followed online. A cyber stalker doesn’t physically follow his victim; he does it virtually by following his online activity to harvest information about the stalkee and harass him or her and make threats using verbal intimidation. It’s an invasion of one’s online privacy. Cyber stalking uses the internet or any other electronic means and is different from offline stalking, but is usually accompanied by it. Most victims of this crime are women who are stalked Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 12
CYBER CRIME by men and children who are stalked by adult predators and pedophiles. Cyber stalkers thrive on inexperienced web users who are not well aware of netiquette and the rules of internet safety. A cyber stalker may be a stranger, but could just as easily be someone you know. Cyber stalkers harass their victims via email, chat rooms, web sites, discussion forums and open publishing web sites (e.g. blogs). The availability of free email / web site space and the anonymity provided by chat rooms and forums has contributed to the increase of cyber stalking incidents. Everyone has an online presence nowadays, and it’s really easy to do a Google search and get one’s name, alias, contact number and address, contributing to the menace that is cyber stalking. As the internet is increasingly becoming an integral part of our personal and professional lives, stalkers can take advantage of the ease of communications and the availability of personal information only a few mouse clicks away. In addition, the anonymous and nonconfrontational nature of internet communications further tosses away any disincentives in the way of cyber stalking. Cyber stalking is done in two primary ways:
Internet Stalking: Here the stalker harasses the victim via the internet. Unsolicited email is the most common way of threatening someone, and the stalker may even send obscene content and viruses by email. However, viruses and unsolicited telemarketing email alone do not constitute cyber stalking. But if email is sent repeatedly in an attempt to intimidate the recipient, they may be considered as stalking. Internet stalking is not limited to email; stalkers can more comprehensively use the internet to harass the victims. Any other cyber-crime that we’ve already read about, if done with an intention to threaten, harass, or slander the victim may amount to cyber stalking.
Computer Stalking: The more technologically advanced stalkers apply their computer skills to assist them with the crime. They gain unauthorised control of the victim’s computer by exploiting the working of the internet and the Windows operating system. Though this is usually done by proficient and computer savvy stalkers, instructions on how to accomplish this are easily available on the internet.
Cyber stalking has now spread its wings to social networking. With the increased use of social media such as Facebook, Twitter, Flickr and YouTube, your profile, photos, and status updates are up for the world to see. Your online presence provides enough information for you to become a potential victim of stalking without even being aware of the risk. With the “check-ins”, the “life-events”, apps which access your personal information and the need to put up just about everything that you’re doing and where you’re doing it, one doesn’t really leave anything for the stalkers to figure out for themselves. Social networking technology provides a social and collaborative platform for internet users to interact, express their thoughts and share almost everything about their lives. Though it promotes socialisation amongst people, along the way it contributes to the rise of internet violations.
Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 13
CYBER CRIME WEB JACKING: Web jacking derives its name from “hijacking”. Here, the hacker takes control of a web site fraudulently. He may change the content of the original site or even redirect the user to another fake similar looking page controlled by him. The owner of the web site has no more control and the attacker may use the web site for his own selfish interests. Cases have been reported where the attacker has asked for ransom, and even posted obscene material on the site. The web jacking method attack may be used to create a clone of the web site, and present the victim with the new link saying that the site has moved. Unlike usual phishing methods, when you hover your cursor over the link provided, the URL presented will be the original one, and not the attacker’s site. But when you click on the new link, it opens and is quickly replaced with the malicious web server. The name on the address bar will be slightly different from the original website that can trick the user into thinking it’s a legitimate site. For example, “gmail” may direct you to “gmai1”. Notice the one in place of ‘L’. It can be easily overlooked.
Obviously not gmail.com, but still enough people click Web jacking can also be done by sending a counterfeit message to the registrar controlling the domain name registration, under a false identity asking him to connect a domain name to the webjacker’s IP address, thus sending unsuspecting consumers who enter that particular domain name to a website controlled by the webjacker. The purpose of this attack is to try to harvest the credentials, usernames, passwords and account numbers of users by using a fake web page with a valid link which opens when the user is redirected to it after opening the legitimate site. Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 14
CYBER CRIME EMAIL BOMBING AND SPAMMING: Email bombing is characterised by an abuser sending huge volumes of email to a target address resulting in victim’s email account or mail servers crashing. The message is meaningless and excessively long in order to consume network resources. If multiple accounts of a mail server are targeted, it may have a denial-of-service impact. Such mail arriving frequently in your inbox can be easily detected by spam filters. Email bombing is commonly carried out using botnets (private internet connected computers whose security has been compromised by malware and under the attacker’s control) as a DDoS attack. This type of attack is more difficult to control due to multiple source addresses and the bots which are programmed to send different messages to defeat spam filters. “Spamming” is a variant of email bombing. Here unsolicited bulk messages are sent to a large number of users, indiscriminately. Opening links given in spam mails may lead you to phishing web sites hosting malware. Spam mail may also have infected files as attachments. Email spamming worsens when the recipient replies to the email causing all the original addressees to receive the reply. Spammers collect email addresses from customer lists, newsgroups, chat-rooms, web sites and viruses which harvest users’ address books, and sell them to other spammers as well. A large amount of spam is sent to invalid email addresses.
Email filters cleaning out spam mail
Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 15
CYBER CRIME Sending spam violates the acceptable use policy (AUP) of almost all internet service providers. If your system suddenly becomes sluggish (email loads slowly or doesn’t appear to be sent or received), the reason may be that your mailer is processing a large number of messages. Unfortunately, at this time, there’s no way to completely prevent email bombing and spam mails as it’s impossible to predict the origin of the next attack. However, what you can do is identify the source of the spam mails and have your router configured to block any incoming packets from that address.
SALAMI ATTACK:In such crime criminal makes insignificant changes in such a manner that such changes would go unnoticed. Criminal makes such program that deducts small amount like Rs. 2.50 per month from the account of all the customer of the Bank and deposit the same in his account. In this case no account holder will approach the bank for such small amount but criminal gains huge amount. It seems like in the modern age of technology, hackers are taking over our systems and no one is safe. The average dwell-time, or time it takes a company to detect a cyber breach, is more than 200 days. Most internet users are not dwelling on the fact that they may get hacked and many rarely change their credentials or update passwords. This leaves many people susceptible to cybercrime and it’s important to become informed. Educate yourself and others on the preventive measures you can take in order to protect yourself as an individual or as a business.
Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 16
CYBER CRIME CHAPTER 5 PRECAUTIONS TO PREVENT CYBER CRIME: It seems like in the modern age of technology, hackers are taking over our systems and no one is safe. The average dwell-time, or time it takes a company to detect a cyber breach, is more than 200 days. Most internet users are not dwelling on the fact that they may get hacked and many rarely change their credentials or update passwords. This leaves many people susceptible to cybercrime and it’s important to become informed. Educate yourself and others on the preventive measures you can take in order to protect yourself as an individual or as a business.
1. Firewalls: These are the gatekeepers to a network from the outside. Firewall should be installed at every point where the computer system comes in contact with other networks, including the Internet a separate local area network at customer’s site or telephone company switch.
2. Password protection: At minimum, each item they logon, all PC users should be required to type-in password that only they and network administrator know. PC users should avoid picking words, phrases or numbers that anyone can guess easily, such as birth dates, a child’s name or initials. Instead they should use cryptic phrases or numbers that combine uppercase and lowercase. Letters such as the “Akash66”. In addition the system should require all users to change passwords every month or so and should lockout prospective users if they fail to enter the correct password three times in a row.
3. Viruses: Viruses generally infect local area networks through workstations. So anti-virus software that works only on the server isn’t enough to prevent infection. You cannot get a virus or any system-damaging software by reading e-mail. Viruses and other system-destroying bugs can only exist in files, and e-mail is not a system file. Viruses cannot exist there. Viruses are almost always specific of the operating system involved. Meaning, viruses created to infect DOS application can do no damage to MAC systems, and vice versa. The only exception to this is the Microsoft Word “macro virus” which infects documents instead of the program.
4. Encryption: Even if intruders manage to break through a firewall, the data on a network can be made safe if it is encrypted. Many software packages and network programs – Microsoft Windows NT, Novel NetWare, and lotus notes among others- offer and – on encryption schemes that encode all the data sent on the network. In addition, companies can buy stand alone encryption packages to
Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 17
CYBER CRIME work with individual applications. Almost every encryption package is based on an approach known as public-private key. Scrambled data is encoded using a secret key unique to that transmission. Receiver’s use a combination of the sender’s public key and their own private encryption key to unlock the secret code for that message decipher it. 5. Never send your credit card number to any site which is not secured. 6. Uninstall unnecessary software.
7.Become vigilant when browsing websites. 8.Flag and report suspicious emails. 9.Never click on unfamiliar links or ads. 10.Use a VPN whenever possible.. 11.Ensure websites are safe before entering credentials. 12.Keep antivirus/application systems up to date. 13.Use strong passwords with 14+ characters.
ADVANTAGES:
It helps automate various tasks that can’t be done manually. It helps organize data and information in a better way. It has much more computing and calculating power than human. It may be the storage of important data and files.
DISADVANTAGES:
It may damage your study and social life. The way it distracts can deviate our thoughts and activities towards unproductive activities. It could cause violation of privacy.
Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 18
CYBER CRIME CONCLUSION The issue of network and Internet security has become increasingly more important as more and more business and people go on-line. To avoid the information from hackers we use the passwords secretly and we change the passwords regularly. We cannot use our names, initials as passwords that are easily traced. We should not download any executable files from unknown sources, information from any sources without checking for virus. We have to use licensed anti-virus software.
Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 19
CYBER CRIME REFERENCES: 1.Gordon, Sarah (July 25, 2006). "On the definition and classification of cybercrime" (PDF). Retrieved January 14, 2018. 2.Ammar Yassir, S. N. (2012). "Cybercrime: A threat to Network Security." International Journal of Computer Science and Network Security 3.Árpád, I. (2013). "A Greater Involvement of Education in Fight Against Cybercrime." Procedia - Social and Behavioral Sciences 4."Distributed Denial of Service Attack". csa.gov.sg. Archived from the original on 6 August 2016. Retrieved 12 November 2014. 5."Identifying Phishing Attempts". Case. Archived from the original on 13 September 2015.
Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 20
CHAPTER1
Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 1
CYBER CRIME INTRODUCTION
The internet in India is growing rapidly. It has given rise to new opportunities in every field we can think of – be it entertainment, business, sports or education. There are two sides to a coin. Internet also has its own disadvantages. One of the major disadvantages is Cybercrime – illegal activitiy committed on the internet. The internet, along with its advantages, has also exposed us to security risks that come with connecting to a large network. Computers today are being misused for illegal activities like e-mail espionage, credit card fraud, spams, software piracy and so on, which invade our privacy and offend our senses. Criminal activities in the cyberspace are on the rise. Here we publish an article by NandinI Ramprasad in series for the benefit of our netizens. –Ed. "The modern thief can steal more with a computer than with a gun. Tomorrow's terrorist may be able to do more damage with a keyboard than with a bomb". – National Research Council, "Computers at Risk", 1991 What is this Cyber crime? We read about it in newspapers very often. Let's look at the dictionary definition of Cybercrime: "It is a criminal activity committed on the internet This is a broad term that describes everything from electronic cracking to denial of service attacks that cause electronic commerce sites to lose.
Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 2
CYBER CRIME HISTORY
•
The first recorded cyber crime took place in the year 1820!
•
In 1820, Joseph-Marie Jacquard, a textile manufacturer in France, produced the loom. This device allowed the repetition of a series of steps in the weaving of special fabrics.
•
This resulted in a fear amongst Jacquard‘s employees that their traditional employment and livelihood were being threatened.
•
They committed acts of sabotage to discourage Jacquard from further use of the new technology. This is the first recorded cyber crime!
Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 3
CYBER CRIME CHAPTER 2 DEFINITION OF COMPUTER CRIMES: Experts debated on what exactly constitutes computer crime or a computer related crime. Even after several years there is no internationally recognized definition of these terms. A global definition of computer crime has not been achieved. Computer crime has been defined as “any illegal unethical or unauthorized behavior involving automatic processing or transmission of data”. COMPUTER CRIME is any crime where – • Computer is a target. • Computer is a tool of crime • Computer is incidental to crime Threats come in two categories: 1.Passive threats. 2. Active threats. Passive threats: This involves monitoring the transmission data of an organization. Here the goal of the assembler if to obtain information that is being transmitted. Passive threats are difficult to detect because they do not involve alterations of data. These are of two types: a. Release of message content. b. traffic analysis.
Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 4
CYBER CRIME Active threats: These threats involve some modification of data stream or the creation of a false stream. These are of three types: a. Modification. b. Denial of message service. c. Masquerade.
Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 5
CYBER CRIME CHAPTER 3 REASONS FOR CYBER CRIME: Capacity to store data in comparatively small space - The computer has unique characteristics of storing data in a very small space. This affords to remove information either through physical or virtual medium makes it much more easier. Easy to access- the problem encountered in guarding a computer system from unauthorized access is that there is possibility of breach not due to human error but due to the complex technology. By secretly implanted logic bomb, key loggers that can steal access codes, advanced voice recoders; retina imagers etc. that can fool biometric systems and bypass firewalls can be utilized to get past many a security system. Complex- the computers work on operating system & these operating systems in turn are composed of millions of codes. Human mind is falliable &is not possible that there might not be a lapse at any stage. The cyber criminals take advantage of these lacunas and penetrate into the computer system. Negligence-Negligence is very closely connected with human conduct. It is therefore very probable that while protecting the computer system there might be any negligence, which in turn provides a cyber criminal to gain access and control over the computer system. Loss of evidence-Loss of evidence is a very common & obvious problem as all the data are routinely destroyed. Further collection of data outside the territorial extent also paralyses this system of crime investigation.
Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 6
CYBER CRIME CHAPTER 4 TYPES OF CYBER CRIME:
BLOCK DIAGRAM:
CYBER CRIMES
HACKING
EMAIL BOMBING AND SPAMMING
SALAMI ATTACKS
DENIAL OF SERVICE ATTACKS
CREDIT CARD FRAUD
COMPUTER FROGERY CYBER STALKING PHISHING VIRUS DISSEMINATION
WEB JACKING
Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 7
CYBER CRIME
HACKING: In simple words, hacking is an act committed by an intruder by accessing your computer system without your permission. Hackers (the people doing the ‘hacking’) are basically computer programmers, who have an advanced understanding of computers and commonly misuse this knowledge for devious reasons. They’re usually technology buffs who have expert-level skills in one particular software program or language. As for motives, there could be several, but the most common are pretty simple and can be explained by a human tendancy such as greed, fame, power, etc. Some people do it purely to show-off their expertise – ranging from relatively harmless activities such as modifying software (and even hardware) to carry out tasks that are outside the creator’s intent, others just want to cause destruction. Greed and sometimes voyeuristic tendancies may cause a hacker to break into systems to steal personal banking information, a corporation’s financial data, etc. They also try and modify systems so hat they can execute tasks at their whims. Hackers displaying such destructive conduct are also called “Crackers” at times. they are also called “Black Hat” hackers On the other hand, there are those who develop an interest in computer hacking just out of intellectual curiosity. Some companies hire these computer enthusiasts to find flaws in their security systems and help fix them. Referred to as “White Hat” hackers, these guys are against the abuse of computer systems. They attempt to break into network systems purely to alert the owners of flaws. It’s not always altruistic, though, because many do this for fame as well, in order to land jobs with top companies, or just to be termed as security experts. “Grey Hat” is another term used to refer to hacking activities that are a cross between black and white hacking.
DENIAL OF SERVICE ATTACK: A Denial of Service (“DoS”) attack is a rather primitive technique that overwhelms the resources of the target computer which results in the denial of server access to other computers. There are several different techniques that hackers use to “bring down” a server. As the network administrators learn how to limit the damage of one technique, hackers often create more powerful and more sophisticated techniques that force system administrators to continually react
Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 8
CYBER CRIME against assaults. In order to understand how to apply the law to these attacks, a basic understanding of the anatomy of the attacks is necessary This is an act by the criminal,, who floods the bandwidth of the victim’s network or fills his e-mail box with spam mail depriving him of the services he is entitled to access or provide.
VIRUS DISSEMINATION: This category of criminal activity involves either direct or search unauthorized access to computer system by introducing new programs known as viruses, worms or logic bombs. The unauthorized modification suppression or erasure of computer data or functions with the Internet to hinder normal functioning of the system is clearly a criminal activity and is commonly referred to as computer sabotage. Malicious code is computer code that is written with the sole intent to cause damage to a machine or to invade the machine to steal information. The most common forms of malicious code are viruses, worms, and Trojan programs VIRUS: (Vital information resources under seize). Virus is a series of program codes with the ability to attach itself to legitimate programs and propagate itself to other computer programs. Viruses are file viruses and bootsector viruses. It attacks the fat so that there is no sequence of file content and it destroys the data content. WORMS: (Write Once Read Many).They are just added to the files and they do not manipulate. It differs from a virus in that it does not have the ability to replicate itself. LOGIC BOMB: As it involves the programming the destruction or modification of data is at a specific time in the future.
Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 9
CYBER CRIME
Why do people Create These Viruses?
To distribute political message.
To attack the products of specific companies.
Some consider their creations to be works of art, and see as a creative hobby.
Financial gain from identity theft
CREDIT CARD FRAUD: Intangible assets represented in data format such as money on deposits or hours of work are the most common targets related to fraud. Modern business is quickly replacing cash with deposits transacted on computer system creating computer fraud. Credit card information as well as personal and financial information on credit card has been frequently targeted by organized criminal crimes. Assets represented in data format often have a considerably higher value than traditionally economic assets resulting in potentially greater economic class.
Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 10
CYBER CRIME
COMPUTER FROGERY: This happens when data is altered which is stored in documents that are in computerized form. Computers however can also be used as instruments for committing forgery. A new generation of fraudulent alteration or duplication emerged when computerized color laser copies became available. These copies are capable of high-resolution copying, modification of documents that are even creating false documents without benefit of original. They produce documents with an equality that is indistinguishable from original documents. Experts can only distinguish this The widespread of computer networks is the need for people with common and shared interest to communicate with each other. Information can easily be represented and manipulated in electronic form. To meet the needs of sharing and communicating information, the computers need to be connected which is called data communication network.
PHISHING: Phishing, the mass distribution of “spoofed” e-mail messages, which appear to come from banks, insurance agencies, retailers or credit card companies and are designed to fool recipients into divulging personal data such as account names, passwords, or credit card numbers. This a technique of extracting confidential information such as credit card numbers and username password combos by masquerading as a legitimate enterprise. Phishing is typically carried out by email spoofing. You’ve probably received email containing links to legitimate appearing websites. You probably found it suspicious and didn’t click the link. Smart move. How phishing can net some really interesting catches The malware would have installed itself on your computer and stolen private information. Cybercriminals use social engineering to trick you into downloading malware off the internet or make you fill in your personal information under false pretenses. A phishing scam in an email message can be evaded by keeping certain things in mind.
Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 11
CYBER CRIME
Look for spelling mistakes in the text. Cyber-criminals are not known for their grammar and spelling. Hover your cursor over the hyperlinked URL but don’t click. Check if the address matches with the one written in the message. Watch out for fake threats. Did you receive a message saying “Your email account will be closed if you don’t reply to this email”? They might trick you by threatening that your security has been compromised. Attackers use the names and logos of well-known web sites to deceive you. The graphics and the web addresses used in the email are strikingly similar to the legitimate ones, but they lead you to phony sites.
Not all phishing is done via email or web sites. Vishing (voice phishing) involves calls to victims using fake identity fooling you into considering the call to be from a trusted organisation. They may claim to be from a bank asking you to dial a number (provided by VoIP service and owned by attacker) and enter your account details. Once you do that, your account security is compromised. Treat all unsolicited phone calls with skepticism and never provide any personal information. Many banks have issued preemptive warnings informing their users of phishing scams and the do’s and don’ts regarding your account information. Those of you reading Digit for long enough will remember that we successfully phished hundreds of our readers by reporting a way to hack other people’s gmail accounts by sending an email to a made up account with your own username and password… and we did that years ago in a story about , yes, you guessed it, phishing
CYBER STALKING : Cyber stalking is a new form of internet crime in our society when a person is pursued or followed online. A cyber stalker doesn’t physically follow his victim; he does it virtually by following his online activity to harvest information about the stalkee and harass him or her and make threats using verbal intimidation. It’s an invasion of one’s online privacy. Cyber stalking uses the internet or any other electronic means and is different from offline stalking, but is usually accompanied by it. Most victims of this crime are women who are stalked Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 12
CYBER CRIME by men and children who are stalked by adult predators and pedophiles. Cyber stalkers thrive on inexperienced web users who are not well aware of netiquette and the rules of internet safety. A cyber stalker may be a stranger, but could just as easily be someone you know. Cyber stalkers harass their victims via email, chat rooms, web sites, discussion forums and open publishing web sites (e.g. blogs). The availability of free email / web site space and the anonymity provided by chat rooms and forums has contributed to the increase of cyber stalking incidents. Everyone has an online presence nowadays, and it’s really easy to do a Google search and get one’s name, alias, contact number and address, contributing to the menace that is cyber stalking. As the internet is increasingly becoming an integral part of our personal and professional lives, stalkers can take advantage of the ease of communications and the availability of personal information only a few mouse clicks away. In addition, the anonymous and nonconfrontational nature of internet communications further tosses away any disincentives in the way of cyber stalking. Cyber stalking is done in two primary ways:
Internet Stalking: Here the stalker harasses the victim via the internet. Unsolicited email is the most common way of threatening someone, and the stalker may even send obscene content and viruses by email. However, viruses and unsolicited telemarketing email alone do not constitute cyber stalking. But if email is sent repeatedly in an attempt to intimidate the recipient, they may be considered as stalking. Internet stalking is not limited to email; stalkers can more comprehensively use the internet to harass the victims. Any other cyber-crime that we’ve already read about, if done with an intention to threaten, harass, or slander the victim may amount to cyber stalking.
Computer Stalking: The more technologically advanced stalkers apply their computer skills to assist them with the crime. They gain unauthorised control of the victim’s computer by exploiting the working of the internet and the Windows operating system. Though this is usually done by proficient and computer savvy stalkers, instructions on how to accomplish this are easily available on the internet.
Cyber stalking has now spread its wings to social networking. With the increased use of social media such as Facebook, Twitter, Flickr and YouTube, your profile, photos, and status updates are up for the world to see. Your online presence provides enough information for you to become a potential victim of stalking without even being aware of the risk. With the “check-ins”, the “life-events”, apps which access your personal information and the need to put up just about everything that you’re doing and where you’re doing it, one doesn’t really leave anything for the stalkers to figure out for themselves. Social networking technology provides a social and collaborative platform for internet users to interact, express their thoughts and share almost everything about their lives. Though it promotes socialisation amongst people, along the way it contributes to the rise of internet violations.
Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 13
CYBER CRIME WEB JACKING: Web jacking derives its name from “hijacking”. Here, the hacker takes control of a web site fraudulently. He may change the content of the original site or even redirect the user to another fake similar looking page controlled by him. The owner of the web site has no more control and the attacker may use the web site for his own selfish interests. Cases have been reported where the attacker has asked for ransom, and even posted obscene material on the site. The web jacking method attack may be used to create a clone of the web site, and present the victim with the new link saying that the site has moved. Unlike usual phishing methods, when you hover your cursor over the link provided, the URL presented will be the original one, and not the attacker’s site. But when you click on the new link, it opens and is quickly replaced with the malicious web server. The name on the address bar will be slightly different from the original website that can trick the user into thinking it’s a legitimate site. For example, “gmail” may direct you to “gmai1”. Notice the one in place of ‘L’. It can be easily overlooked.
Obviously not gmail.com, but still enough people click Web jacking can also be done by sending a counterfeit message to the registrar controlling the domain name registration, under a false identity asking him to connect a domain name to the webjacker’s IP address, thus sending unsuspecting consumers who enter that particular domain name to a website controlled by the webjacker. The purpose of this attack is to try to harvest the credentials, usernames, passwords and account numbers of users by using a fake web page with a valid link which opens when the user is redirected to it after opening the legitimate site. Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 14
CYBER CRIME EMAIL BOMBING AND SPAMMING: Email bombing is characterised by an abuser sending huge volumes of email to a target address resulting in victim’s email account or mail servers crashing. The message is meaningless and excessively long in order to consume network resources. If multiple accounts of a mail server are targeted, it may have a denial-of-service impact. Such mail arriving frequently in your inbox can be easily detected by spam filters. Email bombing is commonly carried out using botnets (private internet connected computers whose security has been compromised by malware and under the attacker’s control) as a DDoS attack. This type of attack is more difficult to control due to multiple source addresses and the bots which are programmed to send different messages to defeat spam filters. “Spamming” is a variant of email bombing. Here unsolicited bulk messages are sent to a large number of users, indiscriminately. Opening links given in spam mails may lead you to phishing web sites hosting malware. Spam mail may also have infected files as attachments. Email spamming worsens when the recipient replies to the email causing all the original addressees to receive the reply. Spammers collect email addresses from customer lists, newsgroups, chat-rooms, web sites and viruses which harvest users’ address books, and sell them to other spammers as well. A large amount of spam is sent to invalid email addresses.
Email filters cleaning out spam mail
Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 15
CYBER CRIME Sending spam violates the acceptable use policy (AUP) of almost all internet service providers. If your system suddenly becomes sluggish (email loads slowly or doesn’t appear to be sent or received), the reason may be that your mailer is processing a large number of messages. Unfortunately, at this time, there’s no way to completely prevent email bombing and spam mails as it’s impossible to predict the origin of the next attack. However, what you can do is identify the source of the spam mails and have your router configured to block any incoming packets from that address.
SALAMI ATTACK:In such crime criminal makes insignificant changes in such a manner that such changes would go unnoticed. Criminal makes such program that deducts small amount like Rs. 2.50 per month from the account of all the customer of the Bank and deposit the same in his account. In this case no account holder will approach the bank for such small amount but criminal gains huge amount. It seems like in the modern age of technology, hackers are taking over our systems and no one is safe. The average dwell-time, or time it takes a company to detect a cyber breach, is more than 200 days. Most internet users are not dwelling on the fact that they may get hacked and many rarely change their credentials or update passwords. This leaves many people susceptible to cybercrime and it’s important to become informed. Educate yourself and others on the preventive measures you can take in order to protect yourself as an individual or as a business.
Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 16
CYBER CRIME CHAPTER 5 PRECAUTIONS TO PREVENT CYBER CRIME: It seems like in the modern age of technology, hackers are taking over our systems and no one is safe. The average dwell-time, or time it takes a company to detect a cyber breach, is more than 200 days. Most internet users are not dwelling on the fact that they may get hacked and many rarely change their credentials or update passwords. This leaves many people susceptible to cybercrime and it’s important to become informed. Educate yourself and others on the preventive measures you can take in order to protect yourself as an individual or as a business.
1. Firewalls: These are the gatekeepers to a network from the outside. Firewall should be installed at every point where the computer system comes in contact with other networks, including the Internet a separate local area network at customer’s site or telephone company switch.
2. Password protection: At minimum, each item they logon, all PC users should be required to type-in password that only they and network administrator know. PC users should avoid picking words, phrases or numbers that anyone can guess easily, such as birth dates, a child’s name or initials. Instead they should use cryptic phrases or numbers that combine uppercase and lowercase. Letters such as the “Akash66”. In addition the system should require all users to change passwords every month or so and should lockout prospective users if they fail to enter the correct password three times in a row.
3. Viruses: Viruses generally infect local area networks through workstations. So anti-virus software that works only on the server isn’t enough to prevent infection. You cannot get a virus or any system-damaging software by reading e-mail. Viruses and other system-destroying bugs can only exist in files, and e-mail is not a system file. Viruses cannot exist there. Viruses are almost always specific of the operating system involved. Meaning, viruses created to infect DOS application can do no damage to MAC systems, and vice versa. The only exception to this is the Microsoft Word “macro virus” which infects documents instead of the program.
4. Encryption: Even if intruders manage to break through a firewall, the data on a network can be made safe if it is encrypted. Many software packages and network programs – Microsoft Windows NT, Novel NetWare, and lotus notes among others- offer and – on encryption schemes that encode all the data sent on the network. In addition, companies can buy stand alone encryption packages to
Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 17
CYBER CRIME work with individual applications. Almost every encryption package is based on an approach known as public-private key. Scrambled data is encoded using a secret key unique to that transmission. Receiver’s use a combination of the sender’s public key and their own private encryption key to unlock the secret code for that message decipher it. 5. Never send your credit card number to any site which is not secured. 6. Uninstall unnecessary software.
7.Become vigilant when browsing websites. 8.Flag and report suspicious emails. 9.Never click on unfamiliar links or ads. 10.Use a VPN whenever possible.. 11.Ensure websites are safe before entering credentials. 12.Keep antivirus/application systems up to date. 13.Use strong passwords with 14+ characters.
ADVANTAGES:
It helps automate various tasks that can’t be done manually. It helps organize data and information in a better way. It has much more computing and calculating power than human. It may be the storage of important data and files.
DISADVANTAGES:
It may damage your study and social life. The way it distracts can deviate our thoughts and activities towards unproductive activities. It could cause violation of privacy.
Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 18
CYBER CRIME CONCLUSION The issue of network and Internet security has become increasingly more important as more and more business and people go on-line. To avoid the information from hackers we use the passwords secretly and we change the passwords regularly. We cannot use our names, initials as passwords that are easily traced. We should not download any executable files from unknown sources, information from any sources without checking for virus. We have to use licensed anti-virus software.
Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 19
CYBER CRIME REFERENCES: 1.Gordon, Sarah (July 25, 2006). "On the definition and classification of cybercrime" (PDF). Retrieved January 14, 2018. 2.Ammar Yassir, S. N. (2012). "Cybercrime: A threat to Network Security." International Journal of Computer Science and Network Security 3.Árpád, I. (2013). "A Greater Involvement of Education in Fight Against Cybercrime." Procedia - Social and Behavioral Sciences 4."Distributed Denial of Service Attack". csa.gov.sg. Archived from the original on 6 August 2016. Retrieved 12 November 2014. 5."Identifying Phishing Attempts". Case. Archived from the original on 13 September 2015.
Department of Electronics and Communication ENGINEERING PDA College of Engineering, Kalaburagi
Page 20
Related Documents
Cc
November 2019 54
Cc
November 2019 53
Cc
October 2019 53
Cc
November 2019 54
Cc
October 2019 74
Cc
November 2019 58More Documents from ""
Abstract.docx
May 2020 6
Abstract1.docx
December 2019 12
Cc Report.docx
December 2019 11
Medical Mirror Ppt1.pptx
December 2019 15