Copy

right

201

3-20

14

Tuesday, April 18, 2023THAPAR UNIVERSITY, PATIALA 1

PRESENTATION ON

CYBER SECURITY AND CYBER CRIME

PRESENTED BY:VISHAL SINGLAABHINAV SAINIAKSHAT GOYALADITYA SINGH RANA

Copy

right

201

3-20

14

Tuesday, April 18, 2023THAPAR UNIVERSITY, PATIALA 2

What is a Cyber Security?

‘Cyber security is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized’

‘A major part of Cyber Security is to fix broken software’

Copy

right

201

3-20

14

Tuesday, April 18, 2023THAPAR UNIVERSITY, PATIALA 3

What is a Cyber Crime?

‘Cyber crime encompasses any criminal act dealing with computers and networks (called hacking). Additionally, cyber crime also includes traditional crimes conducted through the Internet.’

‘A major attack vector of Cyber Crime is to exploit broken software’

If we can defeat them sitting at home……who needs to fight with tanks and guns!!!!

Copy

right

201

3-20

14

Tuesday, April 18, 2023THAPAR UNIVERSITY, PATIALA 4

Cyber threat evolution

Copy

right

201

3-20

14

Decrease in broken software = Increase in good software

Cyber Crime Cyber Security

Cybe

r Sec

urity Cyber Crim

eTwo sides of the same coin

Copy

right

201

3-20

14

• The growing number of attacks on our cyber networks has become, in President Obama’s words, “one of the most serious economic and national security threats our nation faces.”

Serious Threat

Copy

right

201

3-20

14

Who & What is At Risk?

• Economy• Defense• Transportation• Medical• Government• Telecommunications• Energy Sector• Critical Infrastructure

.

Copy

right

201

3-20

14

Fundamental Concepts of Information Assurance

• Confidentiality (privacy)• Integrity (quality, accuracy, relevance)• Availability (accessibility)

Copy

right

201

3-20

14

How Does an Attack Happen?

• Identify the target• Gather information• Plan/Prepare the attack• Attack

Copy

right

201

3-20

14

Threats

• A threat is any potential danger to information and systems

• 3 levels of cyber threats • Unstructured• Structured• Highly structured

Copy

right

201

3-20

14

Unstructured Threats

• Individual/small group with little or no organization or funding

• Easily detectable information gathering • Exploitations based upon documented flaws• Targets of opportunity • Gain control of machines• Motivated by bragging rights, thrills, access

to resources

Copy

right

201

3-20

14

Structured Threats

• Well organized, planned and funded• Specific targets and extensive information

gathering to choose avenue and means of attack• Goal-data stored on machines or machines

themselves• Exploitation may rely on insider help of

unknown flaw• Target drives attack• Organized crime/black hat hackers

Copy

right

201

3-20

14

Highly Structured Threats

• Extensive organization, funding and planning over an extended time, with goal of having an effect beyond the data or machine being attacked

• Stealthy information gathering • Multiple attacks exploiting unknown flaws or

insider help• Coordinated efforts from multiple groups• “Cyber warfare”

Copy

right

201

3-20

14

Web as Weapon

• Infrastructure run by computers• Government SCADA system• Overflow dam, disrupt oil supply• Sewage plant in Australia overflowed due to black

hat hackers• Cyber terrorism (Bin Laden and Aum Shinrikyo)• Combined attack • Cause power outage and biological attack• EMS disruption and nuclear emergency • Next war fought with code & computers

Copy

right

201

3-20

14

• The computer as a target :- using a computer to attacks other computer, e.g. Hacking, virus/worms attacks, Dos attack etc.

• The computer as a weapon :- using a computer to commit real world crime e.g. cyber terrorism, credit card fraud etc.

Categories of Cyber Crime

Copy

right

201

3-20

14

• Hacking "Hacking" is a crime, which entails cracking systems

and gaining unauthorized access to the data stored in them. Hacking had witnessed a 37 per cent increase this year.

• Cyber Squatting Cyber Squatting is the act of registering a famous

Domain Name and then selling it for a fortune. This is an issue that has not been tackled in IT ACT 2000.

Cyber Crime Variants

Copy

right

201

3-20

14

• Phishing is just one of the many frauds on the Internet, trying to fool people into parting with their money. Phishing refers to the receipt of unsolicited emails by customers of Financial Institutions, requesting them to enter their Username, Password or other personal information to access their Account for some reason.

Phishing

Copy

right

201

3-20

14

Cyber Stalking is use of the Internet or other electronic means to stalk someone. This term is used interchangeably with online harassment and online abuse. Stalking generally involves harassing or threatening behaviour that an individual engages in repeatedly, such as following a person, appearing at a person's home or place of business, making harassing phone calls, leaving written messages or objects, or vandalizing a person's property.

Cyber Stalking

Copy

right

201

3-20

14

VISHING

Vishing is the criminal practice of using social engineering and Voice over IP (VoIP)

to gain access to private personal and financial information from the public for the

purpose of financial reward. The term is a combination of “Voice" and phishing.

Vishing exploits the public's trust in landline telephone services.

Vishing is typically used to steal credit card

numbers or other information used in identity theft schemes from individuals.

Copy

right

201

3-20

14

• Use antivirus Software• Insert Firewalls• Uninstall unnecessary software• Maintain backup• Check security settings

SAFETY TIPS TO CYBER CRIME

Copy

right

201

3-20

14

India stands 11th in the ranking for Cyber Crime in the World, constituting 3% of the Global

Cyber Crime.

Copy

right

201

3-20

14

• Under The Information Technology Act, 2000

1) Hacking with computer system. 2) Without the permission of owner of

computer.

Cyber Laws in India

Copy

right

201

3-20

14

• Section – 43,

Information Technology Amendment Act, 2008

Destroys, Deletes or Alters any Information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means;

• Section – 66A, Punishment for sending offensive messages through communication services etc

• Section – 66C, Punishment for identity theft.

Copy

right

201

3-20

14

WHY CYBER SECURITY IS IMPORTANT ?

Copy

right

201

3-20

14

INTERNET UNDER SIEGE

• February 7 - 9, 2000Yahoo!, Amazon, Buy.com, CNN.com, eBay, E*Trade, ZDNet websites hit with massive DOS

• Attacks received the attention of president Clinton and Attorney General Janet Reno.

• “A 15-year-old kid could launch these attacks, it doesn’t

take a great deal of sophistication to do” – Ron Dick, Director NIPC, February 9

• U.S. Federal Bureau of Investigation (FBI) officials have estimated the attacks caused $1.7 billion in damage

Copy

right

201

3-20

14

SLAMMER WORM

• January 2003Infects 90% of vulnerable computers within 10 minutes

• Effect of the Worm- Interference with elections- Cancelled airline flights- 911 emergency systems affected in Seattle- 13,000 Bank of America ATMs failed

• Estimated ~$1 Billion in productivity loss

Copy

right

201

3-20

14

What’s really going on here ?

Copy

right

201

3-20

14

Increasing Dependence

We are increasingly dependent on the Internet:

– Communication (Email, IM, VoIP)– Commerce (business, banking, e-commerce, etc)– Control systems (public utilities, etc)– Information and entertainment– Sensitive data stored on the Internet

Copy

right

201

3-20

14

Security Not A Priority

Other design priorities often trump security:

CostSpeed

ConvenienceBackwards Compatibility

Copy

right

201

3-20

14

Cybersecurity Roadblocks

• No metrics to measure (in)security

• Internet is inherently international

• Private sector owns most of the infrastructure

Copy

right

201

3-20

14

This level of dependence makes the Internet a target for asymmetric attack

Cyber warfareCyber terrorism

Copy

right

201

3-20

14

Challenges

• People are the biggest threat to information security!!! (sharing passwords, entering passwords)

• As we know procedures are written blueprints for accomplishing a specific task; step-by-step descriptions.

• The obtainment of the procedures by an unauthorized user would constitute a threat to the integrity of the information.

Copy

right

201

3-20

14

Access vs. Security

Security Access

Balancing Security and Access

Copy

right

201

3-20

14

Access vs. Security

• Security is not an absolute. Security should be considered a balance between protection and availability.

• It is possible to have unrestricted access to a system, but this affects the integrity of the information.

• On the other hand complete security of an information system would not allow anyone access at any given time.

Copy

right

201

3-20

14

Tuesday, April 18, 2023THAPAR UNIVERSITY, PATIALA 35

Cyber Security Facts That Will Surprise You

• The federal government has suffered a nearly 680 percent increase in cyber security breaches in the past six years. (Face the Facts USA)

• Sean Henry, an assistant director of the FBI, says that so far this year, cyber criminals have stolen over $100 million from US banks. (The Congressional Cybersecurity Caucus)

• Nation-states, not hackers, are most likely to launch successful cyber terrorist attacks against classified networks and critical infrastructure. They have the necessary discipline, resources, and commitment. (CIO.com)

Copy

right

201

3-20

14

Tuesday, April 18, 2023THAPAR UNIVERSITY, PATIALA 36

• About 10% of all social media users have received a cyber-threat. More than 600,000 accounts are compromised every day on Facebook alone. (Floridatechonline.com)

• A whopping 59% of employees steal proprietary corporate data when they quit or are fired. (Ponemon Institute)

• The National Nuclear Security Administration, an arm of the Energy Department, records 10 million attempted hacks a day. (Defense News)

• 53% of U.S companies expressed little to no confidence to stopping security breaches in the next 12 months. (Rolandtech.com)

• The estimated annual cost of global cybercrime over $100 billion. (Go-gulf.com)

Copy

right

201

3-20

14

Conclusion

Technology is destructive only in the hands of people who do not realize that they are one and the same process as the universe.

Cybercrime is indeed getting the recognition it deserves. However, it is not going to restricted that easily . In fact , it is highly likely that cyber crime and its hackers will continue developing and upgrading to stay ahead of the law. So, to make us a safer we must need cyber security.

Copy

right

201

3-20

14

Tuesday, April 18, 2023THAPAR UNIVERSITY, PATIALA 38

THANK YOU