Date post: | 08-May-2015 |
Category: |
Education |
Upload: | indhuchezhian |
View: | 3,322 times |
Download: | 3 times |
BYINDHURANI CII M.E SE
CYBER CRIME AND SECURITY
CONTENTS
What is cyber crime?
History
Classification of cyber crime
Types of cyber crime
Cyber Security
Cyber Security standards
Cyber Law
WHAT IS CYBER CRIME?
Cyber crime refers to any crime that involves a computer/mobile and a network. The computer may have been used in the commission of a crime, or it may be the target.
Cyber hackers apply all sorts of techniques (hacking, use of malware for intercepting data, etc.) in stealing personal or financial data from their victims, generally from their computers.
HISTORY
The first spam email took place in 1978 when it was sent out over the ARPANET (Advanced Research Projects Agency Network).
The first virus was installed on an Apple computer by a high school student, Rich Skrenta in the year 1982.
Cyber Crime refers to all activities done with criminal intent in cyberspace. These fall into three slots.
Cyberspace is the electronic medium of computer networks in which online communication takes place.
Those against persons.
Against Business and Non-business organizations.
Crime targeting the government.
CLASSIFICATION OF CYBER CRIME
Computer as a tool
Computer as a target
Computer as an instrumentality
Crime associated with prevalence of computers
COMPUTER AS A TOOL
When the individual is the main target of the crime the computer can be considered as a tool rather than target.
These crimes are not done by technical experts.
Eg: Spam, cyber stalking , cyber theft etc.
COMPUTER AS A TARGET
These crimes are committed by a selected group of people with technical knowledge.
Destruction of information in the computer by spreading virus.
Eg : Defacement, cyber terrorism etc.
COMPUTER AS AN INSTRUMENTALITY
The crime is committed by manipulating the contents of computer systems.
With the advent of computer the criminal have started using the technology as an aid for its perpetuation.
Eg: Drug trafficking, money laundering etc.
CRIME ASSOCIATED WITH PREVALENCE OF COMPUTERS
Copyright violation
Material copied from sources that are not public domain or compatibly licensed without the permission of copyright holder.
Copyright violation causes legal issues.
TYPES OF CYBER CRIME
Financial crimes
Sale of illegal articles
Online gambling
Intellectual Property crimes
Theft of information contained in electronic form
Email bombing
Key loggers
CONTD.
Cyber Defamation
Cyber stalking
Data Diddling
Salami attacks
Email spoofing
Phishing
Click jacking
CONTD.
Hacking
Denial of Service attack
Virus/worm attacks
Logic bombs
Trojan attacks
Internet time theft
Web jacking
Financial crime includes credit card frauds, money laundering, Forgery etc
Money laundering is the process by which large amount of illegally obtained money is given the appearance of having originated from a legitimate source
Sale of illegal articles includes selling of narcotic drugs, weapons, wildlife etc to terrorists.
Email bombing refers to sending a large amount of e-mails to the victim resulting in crashing of victims e-mail account or mail servers.
Data diddling is a kind of an attack which involves altering of raw data just before it is processed by a computer and then changing it back after the processing is completed.
Intellectual Property Crimes includes software piracy, copyright infringement, trademarks violations etc.
Theft of information contained in electronic from-This includes information stored in computer hard disks, removable storage media etc.
Web defacement is usually the substitution of the original home page of a website with another page (usually pornographic or defamatory in nature) by a hacker.
Cyber Defamation occurs when defamation takes place with the help of computers and or the Internet e.g. e-mail containing defamatory information about that person.
What is defamation?
Defamation is the act of harming the reputation of person by making a false statement to another.
Cyber Stalking refers to the use of the Internet, e-mail, or other electronic communications devices to stalk another person.
Stalking generally involves harassing or threatening behavior that an individual engages in repeatedly, such as following a person, appearing at a person's home or place of business, making harassing phone calls, leaving written messages or objects, or vandalizing a person's property.
Denial of Service involves flooding computer resources with more requests than it can handle. This causes the resources to crash thereby denying authorized users the service offered by the resources.
Virus/worm are programs that attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network. They usually affect the data on a computer, either by altering or deleting it. Worms, unlike viruses don not need the host to attach themselves to.
Trojan Horse-A Trojan as this program is aptly called, is an unauthorized program which functions from inside what seems to be an authorized program, thereby concealing what it is actually doing.
Internet Time Theft-This connotes the usage by unauthorized persons of the Internet hours paid for by another person.
Web jacking-This occurs when someone forcefully takes control of a website (by cracking the password ). The actual owner of the website does not have any more control over what appears on that website.
Logic bombs are dependent programs. This implies that these programs are created to do something only when a certain event occurs, e.g. some viruses may be termed logic bombs because they lie dormant all through the year and become active only on a particular date.
E-Mail spoofing-A spoofed email is one that appears to originate from one source but actually has been sent from another source. This can also be termed as E-Mail forging.
Salami attacks are used for the commission of financial crimes. The key here is to make the alteration so insignificant that in a single case it would go completely unnoticed e.g. A bank employee inserts a program into bank’s servers, that deducts a small amount from the account of every customer.
Clickjacking is a form of cyber attack where the hacker uses an invisible layer over the embedded web content (this could be an image, video or button) to intercept and ‘hijack’ you to a mirror website and mine information from you.
Cyber terrorism is the premeditated use of disruptive activities, or the threat thereof, in cyber space, with the intention to further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives.
Eg: A simple propaganda in the Internet/SMS, that there will be bomb attacks during the holidays
Mobile pickpocketing (SMS/call fraud), or the ability to charge a phone bill via SMS billing and phone calls. Malware uses these mechanisms to steal directly from user accounts.
Keyloggers are regularly used in computers to log all the strokes a victim makes on the keyboard.
Eg: If a key logger is installed on a computer which is regularly used for online banking and other financial transactions then their passwords can be taken without the knowledge of the user
CYBER SECURITY
It is not possible to eliminate cyber crime from the cyber space. It is quite possible to check them.
Awareness is the first step in protecting yourself.
Invest in Anti-virus, Firewall, and SPAM blocking software for your PC.
Change passwords on a regular basis
Use complex passwords (include numbers and special characters)
CONTD.
Do not automatically check boxes before reading the contents of any agreement of the software.
Avoiding use of unauthorized software.
Avoid opening of unknown emails.
Use internet filtering software.
Data Level Security Using encrypting softwares
Disable remote connectivity (such as Bluetooth)
CYBER SECURITY STANDARDS
Cyber security standards are security standards which enable organizations to practice safe security techniques to minimize the number of successful cyber security attacks.
It provides general outlines as well as specific techniques for implementing cyber security.
Some of the standards are ISO 27002,NERC, NIST,ISO 15408,RFC 2196,ISA-99.
LEGAL ACTS
• The Computer Fraud and Abuse Act
• The Digital Millennium Copyright Act
• The Electronic Communications Privacy Act
• The Stored Communications Act
• Identity Theft and Aggravated Identity Theft
• Identity Theft and Assumption Deterrence Act
• Gramm-Leach-Bliley Act
• Internet Spyware Prevention Act
CONTD.
Stored Communications Act which is passed in 1986 is focused on protecting the confidentiality, integrity and availability of electronic communications that are currently in some form of electronic storage
Digital Millennium Copyright Act which is passed in 1998 is a United States copyright law that criminalizes the production and dissemination of technology, devices
Electronic Communications Privacy Act of 1986 extends the government restrictions on wiretaps from telephones.
CONTD.
Internet Spyware Prevention Act (I-SPY) prohibits the implementation and use of spyware.
Gramm-Leach-Bliley Act (GLBA) requires financial institutions and credit agencies increase the security of systems that contain their customers’ personal information.
Identity Theft and Aggravated Identity Theft defines the conditions under which an individual has violated identity theft laws.
CYBER LAW
Cyberlaw is a generic term which refers to all the legal and regulatory aspects of Internet and the World Wide Web. Anything concerned with or related to or emanating from any legal aspects or issues concerning any activity of netizens in and concerning Cyberspace comes within the ambit of Cyberlaw.
SNAPSHOT OF IMPORTANT CYBERLAW PROVISIONS IN INDIA
Offence Section under act
Tampering with Computer source documents
Sec.65
Hacking with Computer systems, Data alteration
Sec.66
Publishing obscene information Sec.67
Un-authorized access to protected system
Sec.70
Breach of Confidentiality and Privacy
Sec.72
Publishing false digital signature certificates
Sec.73
CONTD.
Offence Section under act
Sending threatening messages by email
Sec 503 IPC
Sending defamatory messages by email
Sec 499 IPC
Forgery of electronic records Sec 463 IPC
Bogus websites, cyber frauds Sec 420 IPC
Email spoofing Sec 463 IPC
Web-Jacking Sec 383 IPC
E-Mail Abuse Sec 500 IPC
Online sale of Drugs NDPS Act
Online sale of Arms Arms Act
Though we have so many methods to protect from cyber crime, only awareness will help us to get rid of this problem.
In case of emergency to complaint about cyber crime contact the following email ids and phone numbers.
[email protected] ,[email protected] , [email protected] , [email protected]
0422-23452350, 98414-94329,22201026 ,22943050 .
REFERENCES
http://en.wikipedia.org/wiki/Computer crime
http://en.wikipedia.org/wiki/Computer security
http://en.wikipedia.org/wiki/Computer crime
http://en.wikipedia.org/wiki/Cyber Security And Identity Theft
http://en.wikipedia.org/wiki/Cyber security standards
http://en.wikipedia.org/wiki/Cyber Security Tips
http://en.wikipedia.org/wiki/ Cybercrime and countermeasures
Evolution_of_Cyber_Crime.pdf
QUERIES??!
THANK YOU