Cyber Security

Unit 1
2 mark question

1. Define cyber crime?

“Cybercrime (computer crime) is any illegal behaviour, directed by means of electronic
operations that target the security of computer systems and the data processed by them”.
Hence cybercrime can sometimes be called as computer-related crime, computer crime,
E-crime, Internet crime, High-tech crime.

2. Mention the first recorded cyber crime?

The first recorded cybercrime took place in the year 1820.
In 1820, Joseph Marie Jacquard, a textile manufacturer in France produced the loom. This device
allowed the repetition of a series of steps in the weaving of special fabrics. This resulted in a fear
amongst Jacquard's employees that their traditional employment and livelihood were being
threatened.

3. Define active attack?

Active attacks: An Active attack attempts to alter system resources or effect their operations.
Active attack involves some modification of the data stream or creation of false statement.

4. Define passive attack?

Passive attacks: A Passive attack attempts to learn or make use of information from the system
but does not affect system resources.

5. Define cyber security?

Cybersecurity: means protecting information, equipment, devices, computer, computer
resource, communication device and information stored therein from unauthorized access, use,
disclosure, disruption, modification or destruction.

6. Define Email Spoofing?

E-mail spoofing is the forgery of an e-mail header so that the message appears to have
originated from someone or somewhere other than the actual source. To send spoofed e-mail,
senders insert commands in headers that will alter message information.

7. Define spamming?
People who create electronic spam: spammers
Spam is abuse of electronic messaging systems to send unsolicited bulk messages
indiscriminately. Spamming is difficult to control.

8. Define cyber defamation with an example?

The tort of cyber defamation is considered to be the act of defaming, insulting, offending or
otherwise causing harm through false statements pertaining to an individual
in cyberspace.
Cyber Security
Unit 1
9. Define identity theft?
Occurs when an unauthorized person uses the Internet hours paid for by another person. The
person get access to someone else’s ISP user ID and password, either by hacking or by gaining
access to it by illegal means. And uses the internet without the other person’s knowledge.

10. Define data diddling with an example?

Data diddling involves changing data input in a computer. In other words, information is
changed from the way it should be entered by a person typing in the data. Usually, a virus that
changes data or a programmer of the database or application has pre-programmed it to be
changed.

11. What is web jacking?

This term is derived from the term hi jacking. In these kinds of offences the hacker gains access
and control over the web site of another. He may even change the information on the site.

12. Define Industrial spying/ Industrial Espionage?

Industrial espionage is the covert and sometimes illegal practice of investigating competitors to
gain a business advantage.

13. Define hacking?

Every act committed toward breaking into a computer and/ or network is hacking. Hacking is
any technical effort to manipulate the normal behavior of network connections and connected
systems.

14. What is online fraud?

Fraud that is committed using the internet is “online fraud.” Online fraud can involve financial
fraud and identity theft.

15. Define software piracy?

Theft of software through the illegal copying of genuine programs or the counterfeiting and
distribution of products intended to pass for the original.

16. What is computer sabotage?

Computer sabotage involves deliberate attacks intended to disable computers or networks for
the purpose of disrupting commerce, education and recreation for personal gain, committing
espionage, or facilitating criminal conspiracies.

17. Define E-mail bombing/mail bombs?

In Internet usage, an email bomb is a form of net abuse consisting of sending huge volumes of
email to an address in an attempt to overflow the mailbox or overwhelm the server where the
email address is hosted in a denial-of-service attack.
Cyber Security
Unit 1

18. Define password sniffing?

Password sniffers are programs that monitor and record the name and password of network
users as they login, jeopardizing security at a site through sniffers installed, anyone can
impersonate an authorized user and login to access restricted documents.

5 mark Questions:

1. Explain the categorization of cybercriminals?

Type 1: Cybercriminals- hungry for recognition
 Hobby hackers: A person who enjoys exploring the limits of what is possible, in a spirit
of playful cleverness. May modify hardware/ software.
 IT professional (social engineering): Ethical hacker.
 Politically motivated hackers: promotes the objectives of individuals, groups or nations
supporting a variety of causes such as : Anti globalization, transnational conflicts and
protest
 Terrorist organizations: Cyberterrorism ,Use the internet attacks in terrorist activity
Large scale disruption of computer networks, personal computers attached to internet
via viruses.

Type 2: Cybercriminals- Not Interested In Recognition

 Psychological perverts: Express desires, deviate from normal behavior.

 Financially motivated hackers: Make money from cyber attacks.
Bots-for-hire: fraud through phishing, information theft, spam and extortion.
 State-sponsored hacking: Hacktivists.
Extremely professional groups working for governments.
Have ability to worm into the networks of the media, major corporations, defense
departments.

Type 3: Cybercriminals- The Insider

Disgruntled or former employees seeking revenge

Competing companies using employees to gain economic advantage through damage
and/ or theft.
2. Explain a criminal activity on Oracle USENET Newsgroups?
 Usenet groups may carry very offensive, harmful, inaccurate material.
 Postings that have been mislabeled or are deceptive in another way.
 This interesting Search Oracle article on Oracle security bloopers, we see the risks with
engaging the unsavory inhabitants of the Oracle USENET newsgroup, a forum laced with
profanity, pornography and, according to this note, criminal Oracle hackers.
Cyber Security
Unit 1
 “I subscribe to several Usenet groups so I can keep my skills current. Well, a few years
ago a DBA needed some assistance and posted a question in which he shared his
tnsnames.ora file and wondered why he could not connect to SQL*Plus with the
following syntax: sqlplus system/SecurePswd@prod
 Almost immediately several people connected to this person’s production system and
was able to fish around the system. Numerous people emailed the DBA back and pointed
out that he just broadcasted to the world his production connection string and password.

3. Explain the steps to avoid the web publishing techniques?

 Repeating keywords
 Use of keywords that do not relate to the content on the site.
 Use of fast meta refresh: change to the new page in few seconds.
 Redirection
 IP cloaking: including related links, information, and terms.
 Use of colored text on the same color background
 Tiny text usage
 Duplication of pages with different URLs
 Hidden links
4. Explain the different types of defamation
 The tort of cyber defamation is considered to be the act of defaming, insulting,
offending or otherwise causing harm through false statements pertaining to an
individual in cyberspace.
 Example: someone publishes defamatory matter about someone on a website or sends
an E-mail containing defamatory information to all friends of that person.
 An imputation is made concerning a company or an association or collection of people
as such.
 TYPES OF DEFAMATION:
Libel : written defamation
Slander: oral defamation
 The plaintiff must have to show that the defamatory statements were unlawful
and would indeed injure the person’s or organization’s reputation.
 When failed to prove, the person who made the allegations may still be held
responsible for defamation.

5. Explain salami attack/salami technique with an example?

 Salami attack/salami techniques are used for committing financial crimes.
 The alterations made are so insignificant that in a single case it would go completely
unnoticed.
 Example: a bank employee inserts a program, into the bank’s serve, that deduces a
small amount from the account of every customer every month
Cyber Security
Unit 1
 The unauthorized debit goes unnoticed by the customers, but the employee will make a
sizable amount every month.
 SALAMI ATTACK: REAL LIFE EXAMPLES: Small “shavings” for Big gains. The petrol pump
fraud.
 To deal with this type of crime, a company must implement policies and internal
controls.
 This may include performing regular audits, using software with built-in features to
combat such problems, and supervising employees.
6. Explain forgery with an example?
 The act of forging something, especially the unlawful act of counterfeiting a document
or object for the purposes of fraud or deception.
 Something that has been forged, especially a document that has been copied or remade
to look like the original.
 Counterfeit currency notes, postage, revenue stamps, mark sheets, etc., can be forged
using sophisticated computers, printers and scanners.
 REAL LIFE CASE: Stamp Paper Scam – a racket that flourished on loopholes in the
system.
 Abdul Karim Telgi, the mastermind of the multi-crore counterfeiting, printed fake stamp
papers worth thousands of crores of rupees using printing machines purchased illegally
with the help of some conniving officials of the Central Govt.’s Security Printing Press
(India Security Press) located in Nasik. These fake stamp papers penetrated in more than
12 states through a widespread network of vendors who sold the counterfeits without
any fear and earned hefty commissions. Amount swindled Rs. 172 crores
 Telgi is in jail serving his 13 plus 10 years term.

7. Write the difference between Hacking and Cracking?

 Malicious attacks on computer networks are officially known as cracking.
 While hacking truly applies only to activities having good intentions.
 A hacker is a person with a strong interest in computers who enjoys learning and
experimenting with them.
 A cracker is a person who breaks into computers. Crackers should not be confused with
hackers. The term cracker is usually connected to computer criminals.
 Brute force hacking: It is a technique used to find passwords or encryption keys. Brute
force hacking involves trying every possible combination of letters, numbers, etc until
the code is broken.
 Cracking: It is the act of breaking into computers. Cracking is popular, growing subject
on the internet. Many sites are devoted to supplying crackers with programs that allow
them to crack computers.

8. Explain the different types of modern hackers?

THERE ARE 3 TYPES OF MODERN HACKERS
Cyber Security
Unit 1
 Black Hats: Criminal Hackers.
 Possess desire to destruction.
 Hack for personal monetary gains: Stealing credit card information, transferring money
from various bank accounts to their own account, extort money from corporate giant by
threatening.
 Dark side hacker, Such a person is malicious or criminal hacker.
 White Hats: Ethical Hackers.
 Network Security Specialist.
 While black hats use their skill for malicious purposes, white hats are ethical hackers.
 They use their knowledge and skill to prevent the black hats and secure the integrity of
computer systems or networks. If a black hat decides to target you, it’s a great thing to
have a white hat around.
 Gray Hat – A gray hat, as you would imagine, is a bit of a white hat/black hat hybrid.
 Thankfully, like white hats, their mission is not to do damage to a system or network,
but to expose flaws in system security.
 The black hat part of the mix is that they may very well use illegal means to gain access
to the targeted system or network, but not for the purpose of damaging or destroying
data.
 Often this is done with the intent of then selling their services to help correct the
security failure so black hats cannot gain entry and/or access for more devious and
harmful purposes.
9. What is pornographic offenses and explain how do they Operate?
 PORNOGRAPHIC OFFENSES:
 Any photograph that ca be considered obscene and/ or unsuitable for the age of child
viewer.
 Obscene Computer generated image or picture.
 HOW DO THEY OPERATE
 Pedophiles use false identity to trap the children/teenagers.
 Pedophiles contact children/teens in various chat rooms which are used by
children/teen to interact with other children/teen.
 Befriend the child/teen.
 Extract personal information from the child/teen by winning his confidence.
 Gets the e-mail address of the child/teen and starts making contacts on the victims e-
mail address as well.
 Starts sending pornographic images/text to the victim including child pornographic
images in order to help child/teen shed his inhibitions so that a feeling is created in the
mind of the victim that what is being fed to him are normal and that everybody does it.
 Extract personal information from child/teen
 At the end of it, the pedophile set up a meeting with the child/teen out of the house and
then drags him into the net to further sexually assault him or to use him as a sex object.
Cyber Security
Unit 1
10 mark question

1. Explain the classification of cybercrimes?

There are 5 classifications of cybercrimes.
1. CYBERCRIME AGAINST AN INDIVIDUAL
 Electronic mail spoofing and other online frauds
 Phishing, spear phishing
 spamming
 Cyber defamation
 Cyberstalking and harassment
 Computer sabotage
 Pornographic offenses
 Passwordsniffing
2. CYBERCRIME AGAINST PROPERTY
 Credit card frauds
 Intellectual property( IP) crimes
 Internet time theft
3. CYBERCRIME AGAINST ORGANIZATION
 Unauthorized accessing of computer
 Password sniffing
 Denial-of-service attacks
 Virus attack/dissemination of viruses
 E-Mail bombing/mail bombs
 Salami attack/ Salami technique
 Logic bomb
 Trojan Horse
 Data diddling
 Industrial spying/ industrial espionage
 Computer network intrusions
 Software piracy
4. CYBERCRIME AGAINST SOCIETY
 Forgery
 Cyberterrorism
 Web jacking
5. CRIMES EMANATING FROM USENET NEWSGROUP
 Usenet groups may carry very offensive, harmful, inaccurate material.
 Postings that have been mislabeled or are deceptive in another way.
 Usenet was designed to facilitate textual exchanges between scholars.
 Slowly, the network structure adapted to allow the exchange of larger files such as
videos or images.
Cyber Security
Unit 1
 Usenet newsgroups constitute one o the largest source of child pornography
available in cyberspace
 This source useful for observing other types of criminal or particular activities:
online interaction between pedophiles, adult pornographers and writers of
pornographic stories.

2. Explain Identity theft with examples?

 Identity theft is a fraud involving another person’s identity for an illicit purpose.
 The criminal uses someone else’s identity for his/ her own illegal purposes.
 Phishing and identity theft are related offenses.
 Examples:
1. Fraudulently obtaining credit
2. Stealing money from victim’s bank account
3. Using victim’s credit card number
4. Establishing accounts with utility companies
5. Renting an apartment
6. Filing bankruptcy using the victim’s name
 REAL LIFE CASES:
1. Dr. Gerald Barnes: Gerald Barnbaum lost his pharmacist license after
committing Medicaid fraud. He stole the identity of Dr. Gerald Barnes and
practiced medicine under his name. A type 1 diabetic died under his care. “Dr.
Barnes” even worked as a staff physician for a center that gave exams to FBI
agents. He’s currently serving hard time.
2. Andrea Harris-Frazier: Margot Somerville lost her wallet on a trolley. Two years
later she was arrested. Andrea Harris-Frazier had defrauded several banks—
using Somerville’s identity—out of tens of thousands of dollars. The real crook
was caught.
3. Abraham Abdallah: A busboy named Abraham Abdallah got into the bank
accounts of Steven Spielberg and other famous people after tricking his victims
via computer, getting sufficient data to fake being their financial advisors—then
calling their banks…and you know the rest.
Cyber Security
Unit 1