CYBER CRIME
Presented byGroup – 6
INTRODUCTION-Cyber Crime Any criminal activity that uses a computer either as an
instrument, target or a means for perpetuating further crimes comes within the ambit of cyber crime.
The difference between a cyber crime &conventional
crime is that there should be an involvement, at any stage, of the virtual cyber medium in cyber crime.
MAJOR EVENTS Origin-The first recorded cyber crime took place in the
year 1820 1978- 1st spam e-mail sent 1980-Rookits emerges as a malware threat 1982-The elk virus spreads via floppy disk 1983-Fbi nabs high profile computer intruder 1988-Morris worm spreads via arp net 1996-Phishing tricks spawn serties by new web based scams 1999-Large scale attacks on bank and gambling sites 2006-Criminal target penny stocks in pump and dump of ear 1820
CYBER CRIMINALS Children and adolescents between the age group of 6
–years
Organised hackers Professional hackers / crackers Discontented employees
REASONS FOR CYBER CRIME: Capacity to store data in comparatively small space Easy to access Complex Negligence Loss of evidence
MODE OF CYBER CRIME Hacking Theft of information contained in electronic form Email bombing Virus Denial of Service attack Salami attacks Data diddling Trojan attacks
HACKING Hacking is the practice of modifying computer
hardware and software to accomplish a goal outside of the creator’s original purpose. The impact of computer hacking varies from being simply invasive and annoying to illegal. Started with AT&T 1999, security software such as Symantec went mainstream.
Methods Of Hacking • • • • •
NetBIOS ICMP Ping FTP rpc.statd HTTP
Prevention Implement a firewall Install anti-virus software Keep operating systems up to date Don't run unnecessary network services Keep informed about network security
SOFTWARE CRACKING It is the process of bypassing the registration and
payment options on a software product to remove copy protection safeguards or to turn a demo version of software into a fully functional version without paying for it.
PASSWORD CRACKING
Password cracking is the process of recovering
passwords from data that has been stored in or transmitted by a computer system.
Methods Of Password Cracking Weak encryption Guessing Precomputation Salting
Prevention
ensure that attackers cannot get access even to the
encrypted password constantly shifting password
DENIAL-OF-SERVICE ATTACK
DoS Attack Is an attempt to make a computer resource
unavailable to its intended users. Common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable.
Means Of DoS Attack Attacks on wired networks require a great deal of
computing power and internet connection. Attacks on wireless networks require a high-power NIC and usually a high-gain (directional) external antenna (to increase range as well as power output).
Types Of DoS Attacks ICMP (internet control message protocol) flood Permanent denial-of-service attacks Nuke Distributed attack Reflected attack Blind denial of service
Prevention and response Surviving attacks Firewalls IPS based prevention Prevention via proactive testing
VIRAL ATTACKS A computer virus is a computer program that can
copy itself and infect a computer without the permission or knowledge of the owner. Viruses can be divided into two types based on their behavior when they are executed. ØNonresident viruses ØResident viruses
Contd… Vulnerability of operating systems to viruses
:ØThe users of Microsoft software (especially networking software such as Microsoft Outlook and Internet Explorer) are especially vulnerable to the spread of viruses. preventive measures:Øanti-virus software Øcommon methods that an anti-virus software application uses to detect viruses: - Using virus signature definitions - use a heuristic algorithm -
Contd… ØOne may also minimize the damage done by viruses by making regular backups of data Øuse different operating systems on different file systems. Virus removalØSystem Restore in Windows Me, Windows XP and Windows Vista restores the registry and critical system files to a previous checkpoint
Contd… Operating system reinstallation simply reformatting the OS partition and installing the OS from its original media, or imaging the partition with a clean backup image. BenefitsØsimple to do Øfaster than running multiple antivirus scans ØGuarantees to remove any malwar
WEBSITE DEFACEMENT Website defacement is an attack on a website that
changes the visual appearance of the site. In defacement incidents, the major goal of the hacker is to gain publicity by demonstrating the weakness of the existing security measures. Damage can range from loss of customer trust to loss of revenue.
How a hacker defaces web page? by obtaining usernames and passwords to retrieve this information, hackers use the
following: Øinformation-gathering techniques e.g. read Web pages such as 'global.asa' Ømaking use of publicly available information e.g. domain registration records Øusing 'social engineering' tactics e.g. calling an employee and posing as a system administrator. ØIf the hacker has a username, he can try to guess the password by going through a list of popular or default choices, or by using intelligent guessing.
Authenticated access to the system After the hacker is logged on to the system, he tries to
escalate his privileges, i.e., obtain system administrator privileges Both Windows NT and UNIX provide a "super user" account (administrator in NT, root in UNIX); as this account has full access rights to all system resources, it's the ultimate goal of any hacker to own it.
Contd.. Using this information, he accesses well-known Web
sites and easily locates hacks that can be exploited. When these exploits are executed on the machine, the hacker ends up gaining privileged access rights, and actually controls the machine.
Cross-site scripting It is a client-side attack method that occurs when an
attacker uses a Web-based application to send malicious code to another user of the same application. Eg.XSS attack It is automatically executed when the client’s browser opens an HTML web page. The XXS attack is generally invisible to the victim user.
COMPUTER CONTENT CRIME Pornography-
ØAn immense industry for the production and consumption of pornography has grown, with the increasing use of the VCR, the DVD, and the Internet. ØPornography may use any of a variety of media, ranging from printed literature, photos, sculpture, drawing, painting, animation, sound recording, film, video, or video game.
TECHNOLOGY Mass-distributed pornography is as old as the
printing press. Computer-generated images and manipulationsDigital manipulation requires the use of source photographs, but some pornography is produced without human actors at all.
Piracy Use of illegal software or the copyright infringement of software selling of computer facilities with illegally installed software; replication and distribution of software copies on information carriers without permission of the copyright owner; illegal distribution of software through communication networks (Internet, e-mail, etc.);
Signs of Pirated Production Absence, counterfeit or difference of polygraphic packing; reserved label; copyright and Adjacent Rights Protection sign; type of wrapping; stamping on the polygraphic wrapping; more content
Ongoing actions Antipiracy campaigns and advertisements in FM
Radios, TV, Internet etc. Initiatives taken by recording companies and manufacturer of CD, DVD companies.
File Sharing It refers to the practice of distributing or providing
access to digitally stored information, such as computer programs, multi-media (audio, video), documents, or electronic books.
Types of sharing
Sharing of digital content- songs, DVD-quality
movies, computer programs and video games through P2P networks. Very large files are to use Bit Torrent. Anonymous networking technologies have been developed to allow the exchange of data between computers and users.
Security Risks Potential security risks including the release of
personal information, bundled spyware, and viruses downloaded from the network. 2009 availability of the blueprints of helicopter Marine One. Tax returns, student loan applications and credit reports are made available online.
Computer Violence Computer violence can be created through release of
videos, photos. Spread of violence through cyber terrorism.
COMPUTER ASSISTED CRIME
Scams And Thefts
Internet Fraud Purchase Scams Counterfeit Postal Money Orders
Virtual Robberies Online Automotive Fraud Re Shippers Call Tag Scam Business Opportunity / Work-at-home Schemes Money Transfers Frauds Dating Scams
Virtual Robberies Click Fraud Internet marketing and retail fraud Internet Ticket Fraud Paypal Fraud Stock market manipulation schemes Avoiding Internet investment scams
Sexual Harassment Types Of Stalkers Simple obsessional stalkers Delusional stalkers Vengeful stalker
Sexual Harassment Motivations To Stalkers love-Obsession, Hate, Revenge, Vendettas Ego and Power Trips Internet Hate Speech
Internet Hate Speech What is it? How it operates? How to prevent it?
CYBER LAWS Information Technology Act 2000 was passed and
enforced on 17th May 2000. the preamble of this Act states that its objective is to legalise e-commerce and further amend the Indian Penal Code 1860, the Indian Evidence Act 1872, the Banker’s Book Evidence Act1891 and the Reserve Bank of India Act 1934.
Contd… The Information Technology Act deals with the
various cyber crimes in chapters IX & XI. The important sections are Ss. 43,65,66,67. The Information Technology Act 2000 was undoubtedly a welcome step at a time when there was no legislation on this specialised field.
Contd… The Act has however during its application proved to
be inadequate to a certain extent. The various loopholes in the Act areLegislation was passed in a hurry. Cyber torts. Cyber crime in the Act is neither comprehensive nor exhaustive. Ambiguity in the definitions.
Contd… Uniform law Lack of awareness Jurisdiction issues Extra territorial application Raising a cyber army Cyber savvy bench Dynamic form of cyber crime Hesitation to report offences
PREVENTION Prevention is better than cure. 5P mantra for online security: Precaution,
Prevention, Protection, Preservation and Perseverance. A netizen should keep in mind the following things:to prevent cyber stalking avoid disclosing any information pertaining to oneself.
Contd… always avoid sending any photograph online
particularly to strangers and chat friends use latest and up date anti virus software always keep back up volumes so that one may not suffer data loss in case of virus contamination
Contd… always keep a watch on the sites that children are
accessing to prevent any kind of harassment or depravation in children. never send your credit card number to any site that is not secured, to guard against frauds.
Contd… web site owners should watch traffic and check any
irregularity on the site. Putting host-based intrusion detection devices on servers may do this. Use of firewalls may be beneficial. web servers running public sites must be physically separate protected from internal corporate network.
CONCLUSION Capacity of human mind unfathomable. Make people aware of their rights and duties. Need to bring changes in Information Technology Act. Provisions of cyber law should not be made so
stringent that it may retard the growth of the industry.
Thank you!