Introduction to Cyber Security (22ETC15I) Module 1

Chapter 1: Cybercrime:

Cybercrime: Definition and Origins of the Word, Cybercrime and Information

Security, Who are Cybercriminals? Classifications of Cybercrimes, An Indian
Perspective, Hacking and Indian Laws., Global Perspectives

Textbook:1 Chapter 1 (1.1 to 1.5, 1.7-1.9)

1.1 Cybercrime Introduction:

• Almost everyone is aware of phenomenal growth of the internet.

• Given the unrestricted number of a free websites, the internet as undeniably
opened a new way of exploitation known as a cybercrime.
• Cybercrime is not a new phenomenon. the first recorded cybercrime took place
in the year 1820.
• It is one of the most talked about topics in the recent years.
• The situation in India is not any better, Indian corporate and government sites
have been attacked or defaced more than 780 Times between 2000 and 2009.
• ICANN-Internet Corporation for Assigned Domain Names and Numbers
• WIPO-Worlds Intellectual Property Organization-will take care of the
Intellectual Property Rights (IPR).
• IPR are Copyright, Patent, Trade mark, Trade secret.
• UDRP-Uniform Dispute Resolution Policy for Domain name dispute purpose.

1. Explain the following

• Cyber space
• Cyber squatting
• Cyber terrorism
• Cyber punk
• Cyber warfare
Cyber space

• Cyberspace is now used to describe the internet and other computer networks
• In terms of computer science cyberspace is a worldwide network of computer
networks that uses the transmission control protocol or internet protocol for
communication to facilitate transmission and exchange of data
• Common Factor in almost all definition of cyber space is the sense of place
that they convey - cyberspace is most definitely a place where you chat,
explore, research and play.

Dr. Asha K, Associate Professor, Dept. of ECE Sai Vidya Institute of Technology
Introduction to Cyber Security (22ETC15I) Module 1

Cybersquatting:

• Cybersquatting means registering selling or using a domain name with the

intent of profiting from the Goodwill of someone else trademark (TM)
• In this nature, it can be considered to be a type of cybercrime
• Cybersquatting is the practice of buying domain names that have existing
businesses names
• In other words, cybersquatting involves the preemptive registration of
trademarks by 3rd parties as domain names.
• it is done with the intent to sell those domain names to earn Profit.
• Amul is India’s one of the biggest dairy companies with a sales turnover of
over 38,550 crore Indian rupees (approximately US$5.28 billion, or
385,500,000,000 Indian Rupees) for the financial year 2019-2020.
• The company became the victim of cybersquatting when someone bought the
following domains and made phishing sites:
• Amuldistributor.com
• Amulboard.com
• Amufran.org.in
• Amuldistributorindia.com

Cyber terrorism

• It is the politically motivated attack against information, computer systems,

computer programs and data but result in violence against non-combatant
targets by sub national groups
• cyber terrorism is defined as any person group or organization who, with
Terrorist intent, utilizes accesses or aids in accessing a computer or computer
network or electronic system or electronic device by any available means, and
thereby knowingly engages in or attempts to engage in a terrorist act commits
the offence of cyber terrorism.
• Cyber Terrorism term was coined in 1977 by Barry Collin.
• He is the senior research fellow at the institute for security and intelligence in
California.
• The narrow definition of Cyber terrorism is using a computer network by a
known terrorist organization attack against information system for the
purpose of attack, creating a alarm & panic.

Cyber punk

• The two basic aspects of cyberpunk are technology and individualism

• The term cyberpunk could mean something like " anarchy via machines", or
"machines/ computer Rebel moment"
•

Dr. Asha K, Associate Professor, Dept. of ECE Sai Vidya Institute of Technology
Introduction to Cyber Security (22ETC15I) Module 1

Cyber warfare

• It is the use of computer network to disrupt the activities of a state or

organization, especially the deliberate attacking of information system for
strategic or military purpose.
• Cyber warfare for many people, means information Warriors unleashing
vicious attacks against an unsuspecting opponent computer networks and
paralyzing nations information infrastructure.
• It refers to information resources, including communication systems that
support an industry, institution or population.
• Cyber-attacks are often presented as military forces and the internet has
major implications for espionage and warfare.

Questions: Define cybercrime, discuss the origin of Cybercrime.

1.2 Cybercrime definition in the origin of the world

• "A crime is conducted in which a computer was directly or significantly
involved".
• The other definitions of Cybercrimes are
• Cybercrime or computer crime is any illegal behaviour directed by means
of electronic operations that target to security of computer system and the
data processed by them.
• Crimes completed either on or with a computer
• Any illegal activity done through the internet or on the computer
• All criminal activities done using the medium of computers, the Internet,
cyberspace and WWW.
• Any financial dishonesty that takes place in computer environment
• Any threats to the computer itself, such as theft of hardware or software,
sabotage and demands for ransom.

synonyms of Cybercrimes are

• Computer related crimes
• Computer crimes
• Internet crimes
• E-crime
• Hi tech crime
Question: Explain the two types of Attacks in Cyber security.
The two most common types of attacks are

• techno crime
• techno vandalism

Dr. Asha K, Associate Professor, Dept. of ECE Sai Vidya Institute of Technology
Introduction to Cyber Security (22ETC15I) Module 1

techno crime

• premeditated act against system or systems, with the intent to copy, Steal,
prevent access, corrupt or otherwise deface or damage parts of complete
computer system.
• The 24/7 connection to the internet makes this type of Cybercrime a real
possibility to engineer from anywhere in the world.
techno vandalism

• the acts of “brainless” defacement of websites and/or other activities, such as

copying files and publicizing their contents publicly are usually opportunistic
in nature.
• Tight internal security, allied to strong technical safeguards should prevent
the vast majority of such incidents.

Questions: Write a short note on cybercrime and information security

1.3. Cybercrime and Information Security,

• Cybersecurity means protecting information, equipment, devices, computer,

computer resources, communication devices and information stored therein
from unauthorized access, use, disclosure, disruption, modification or
destruction.
• The term incorporates both the physical security of the devices as well as the
information stored therein.
• Financial losses to the organization due to insider crimes are concerned often
some difficulty is faced in estimating the losses because the financial impacts
may not be detected by the victimized organization and no direct costs may
be associated with the data theft. The 2008 Cyber Security Intelligence (CSI)
Survey on computer crime and security supports this.

Questions: Explain the Botnet Menace with figure

Botnet Menace:
• Botnet is used to refer to a group of compromised computers (Zombie
computers, i.e., personal computers secretly under the control of hackers
running malware under a common command and control infrastructure.
• Examples of illegal process are the denial-of-service attack (DoS), adware,
spyware, email spam click fraud, theft of application serial numbers, login IDs
and financial information such as credit card numbers etc.,
• An attack against the control by infecting computers with a virus or other
malicious code.
• A problem of botnet is global in nature.

Dr. Asha K, Associate Professor, Dept. of ECE Sai Vidya Institute of Technology
Introduction to Cyber Security (22ETC15I) Module 1

• India as has an average of 374 new bought attacks per day and had more
than 38000 distinct Bot infected computers in the first half of the year 2009.
• As shown in below figure the attacker spreads the Worm/Zombie to the Pocket
PC device using 802.11, Bluetooth. The PC devices reads the E-Mail, then
Zombie will be installed and worm propagates.
• The worm/Zombie will spread to Contact list of the victim and also to the
DDoS zombies flood and Desktop DC.
• Then later attacker will take control over the entire network.

Figure: How a Zombie works

Questions: Who are cybercriminals? explain in detail the types.

1.4. Who are Cybercriminals?

Cybercriminals are those who conduct act such as child pornography; credit card
fraud, cyber stalking, defame another online; gaining unauthorised access to a
computer system; ignoring copyright, software licensing and Trademark protection;
overriding encryption to make illegal copies; software piracy and stealing another's
identity to perform criminal acts.

They can be categorised into three groups that reflect their motivation.

Dr. Asha K, Associate Professor, Dept. of ECE Sai Vidya Institute of Technology
Introduction to Cyber Security (22ETC15I) Module 1

We have three types of Cybercriminals

• Type I: Cybercriminals hungry for recognition

• Type II: Cybercriminals not interested in recognition
• Type III: Cybercriminals the insiders

Type I: Cybercriminals-Hungry for recognition

• Hobby hackers: A person who enjoys exploring the limits of what is possible
in the spirit of play full cleverness
• IT professionals: ethical hacker
• Politically motivated hackers: promote the objective of individuals groups
or Nation supporting a variety of causes such as anti-globalization transitional
conflict and protest.
• Terrorist organizations: cyber terrorism terrorist using the internet for
attacks, large scale destruction of computer networks.

Type II: Cybercriminals-not interested in recognition

• Psychological perverts: Express sexual Desire deviate from normal
behaviour
• Financially motivated hackers (corporate espionage): make money from
cyberattacks: bots for hire; fraud through phishing information theft, spam
and extortion.
• State sponsored hacking (National espionage or sabotage): Extremely
professional groups working for governments.
• Organized criminals: have the ability to worm into the network of media,
major corporations and different departments.

Type III: Cybercriminals-the insiders

• Disgruntled or former employees seeking revenge

• Competing companies using employees to gain economic advantage through
the damage for theft

Questions: Explain the classification of cybercrime in a narrow sense and broad

sense with examples.

1.5. Classifications of Cybercrimes,

The classification of Cybercrimes based on broad and narrow sense. The table
shows the classification based on the role of computer.

Dr. Asha K, Associate Professor, Dept. of ECE Sai Vidya Institute of Technology
Introduction to Cyber Security (22ETC15I) Module 1

cybercrime in cybercrime in broad sense

narrow sense
Role of computer as an Computer as a Computer as the
computer object tool environment or context

The computer or The computer or The computer or

information stored
the information information stored on the
on the computer is
stored on the computer place a non-
the subject for target
computer substantial role in the act
of the crime constitutes an of crime but does contain
important tool for evidence of the crime
committing the
crime.
Examples Hacking, Computer Fraud, Murder using computer
Computers sabotage forgery techniques,
DDoS attacks distribution of bank robbery and
(distributed denial of child pornography drugs trade.
service attacks),
virtual child
pornography.

Questions:
1. Explain the classification of cybercrime Against Individual, property,
organization, society and crimes emanating from Usenet newsgroups.
2. Discuss about the classification of cybercrime. What are the different types
of cybercrime towards an individual?

The Cybercrimes are also classified as below based on the crimes victims
number and groups or on society.

• Cybercrime against individual

• Cybercrime against property
• Cybercrime against organisation
• Cybercrime against society
• Crimes emanating from Usenet newsgroups

Cybercrime against individual

1. Electronic mail email spoofing and other online frauds

Dr. Asha K, Associate Professor, Dept. of ECE Sai Vidya Institute of Technology
Introduction to Cyber Security (22ETC15I) Module 1

2. Phishing Spear phishing and its various other forms such as vishing and
smishing
3. Spamming
4. Cyber defamation
5. Cyberstalking and harassment
6. Computers sabotage
7. Pornography offences
8. Password sniffing this also belongs to the category of Cybercrime against
organisation because the use of password could be an individual for his or
her personal work or the work here or she is doing using the computer that
belongs to an organisation.

Cybercrime against property

1. Credit card frauds

2. Intellectual property crimes basically I P crimes include software piracy
copyright infringement trademarks violations theft of computer source code
etc.,
3. Internet time theft

Cybercrime against organisation

1. Unauthorised accessing of computer - hacking is one method of doing this
and hacking is a punishable offence
2. Password sniffing
3. Denial-of-service attacks
4. Virus attacks dissemination of viruses
5. Email bombing or mail bombs
6. Salami attack or Salami technique
7. Logic bomb
8. Trojan horse
9. Data diddling
10. Crimes emanating from Usenet newsgroups
11. Industrial spying/Industrial espionage
12. Computer network instructions
13. Software piracy

Cybercrime against society

1. Forgery
2. Cyber terrorism
3. web jacking
crimes emanating from Usenet newsgroups
• By its very nature Usenet groups may carry very offensive, harmful,
inaccurate or otherwise inappropriate material, or in some cases, posting

Dr. Asha K, Associate Professor, Dept. of ECE Sai Vidya Institute of Technology
Introduction to Cyber Security (22ETC15I) Module 1

that have been mislabelled or are deceptive in another way. Therefore, it is

expected that you will use the service at your own risk with caution and
common sense.
Questions:
1. Explain the following crimes with examples
a) Email Spoofing
b) Phishing
c) Spamming
d) Cyberdefamation
e) Cyber Stalking and Harassment.
f) Computer Sabotage
g) Pornographic offenses
h) Password Sniffing
i) Identity Theft

2. Discuss the following crimes with examples

a) Hacking
b) Industrial Espionage
c) DoS attack
d) Email Bomb
e) Virus attack and dissemination of viruses
f) Salami Attack
g) Logic Bomb
h) Industrial Espionage (Trojan Horse)
i) Data Diddling
j) Crimes Emanating from Usenet Newsgroups
k) Software Piracy
l) Computer Network Intrusion
3. Explain the following crimes against property with examples
a) Online Fraud
b) Internet Time Theft
c) IP crimes
4. Explain the following crimes against Society
a) Forgery
b) Cyberterrorism
c) Web Jacking

Brief explanation to different Cybercrimes:

1.5.1. Email Spoofing:
• A Spoofed E-mail is one that appears to originate from one source but
actually has been sent from another source.

Dr. Asha K, Associate Professor, Dept. of ECE Sai Vidya Institute of Technology
Introduction to Cyber Security (22ETC15I) Module 1

• For example, Rupa has an email address [email protected]. Let us say

her boyfriend Suresh and she happens to have a showdown.
• Then Suresh, having become her enemy, spoofs her email and sends an
absence / vulgar message to all her acquaintances. Since the E-mails
appeared to have originated from Rupa her friends could take offense and
relationships could be spoiled for life.

1.5.2. Spamming
• It means sending multiple copies of unsolicited mails for mass emails such
as chain letters difficult to control
• In context of search engine spamming, it is alteration or creation of a
document with the intent to deceive an electronic catalog or filling system.

1.5.3. Cyberdefamation
• Cyberdefamation occurs when defamation takes place with the help of a
computer and/or internet.
• For example, someone publishing defamatory matter about someone's
website or send emails contain defamatory information to all friends of that
person.
• CHAPTER XXI of the Indian Penal Code (IPC) is about the defamation.
• According IPC section 499;
• 1. It may amount to defamation to impute anything to a deceased person, if
the imputation would harm the reputation of that person if living, and is
intended to be hurtful to the feelings of his family or other near relatives.
• 2. It may amount to defamation to make an invitation concerning a company
or an association of election of persons as such.
• 3. Imputation in the form of an alternative or expressed ironically the amount
to defamation.
• 4. No imputation is said to be harm a person's reputation and less that
imputation directly or indirectly in the estimation of the others Louis the
moral or intellectual character of that person, his cast
• Liable is written defamation on slander is oral defamation

1.5.4. Internet time theft:

• The usage of the internet hearts by an unauthorised person which is actually
paid by another person
• Internet time theft comes under hacking because the person get access to
someone else ISP, user ID and password through the legal measures.

Dr. Asha K, Associate Professor, Dept. of ECE Sai Vidya Institute of Technology
Introduction to Cyber Security (22ETC15I) Module 1

1.5.5. Salami attack or Salami technique

• These types of attacks occur when negligible amount received removed and
accumulated into something larger from bank accounts these attacks are
used for the commission of a financial crimes
• Example attackers withdrawing rupees to from every customer's account.

1.5.6. Data diddling

• This kind of an attack involves altering raw data just before it is processed
by a computer and then changing it back after the processing is completed.
• Example attacks done in processing electricity bill.

1.5.7. Forgery
• Currency notes, revenue stamps, marksheets, fake certificate, etc., can be
formed using computers and high-quality scanners and printers does these
types of forgery can be categorised as a cyber crime.

1.5.8. Web jacking

• web jacking occurs hackers gain access and control over the website of
another when these types of attack occurred the attacker can even change the
content of website for fulfilling political objectives for money.

1.5.9. Newsgroup spam or crimes emanating from usenet newsgroups

• this is one form of spamming here a large number of messages are posted to
various newsgroups
• these messages usually relating to a public matter can be used to create a
panic or aggression among the people.

1.5.10. Industrial spying for industrial espionage

• Spice can get information about product finances research and development
and marketing strategies and activity known as industrial spying these are
usually appointed by competing companies to get the trade secrets of other
company.
• Industrials bi may be an insider threats such as an individual who has gained
employment with the company with the purpose of spying or a disgruntled
employee who trades information for personal gain or revenge.
• Spice may also contain information through social engineering tactics for
example by treating an employee in to give privileged information.

1.5.11. Hacking
• Every act committed towards breaking into computer and or network is
hacking.

Dr. Asha K, Associate Professor, Dept. of ECE Sai Vidya Institute of Technology
Introduction to Cyber Security (22ETC15I) Module 1

• Hacking can also be defined as gaining unauthorised access to a computer

system
• The purpose of hacking can be to a time, power, publicity, Revenge, adventure,
desire to access Forbidden information and destructive mind set.

1.5.12. Online frauds

• This type of a fraud makes use of the internet and could involve hiding of
information or providing incorrect information for the purpose of tracking
victims out of money property and inheritance.
• Spoofing website and email security alerts lottery frauds virus hoax mails are
some of its examples

1.5.13. Pornography offenses

• Child Pornography means visual depictions cyber-Pornography is a simple
word defined as the act of using cyberspace to create, display, distribute,
import or publish Pornography or absence materials.
• Child Pornography is considered as an offense
• under section 67 of the information technology act 2000 makes this act
punishable with imprisonment up to three years and fine up to 5 lakhs.

1.5.14. Software piracy

• It is theft of software through the illegal copying of Genuine programs or the
counterfeiting and distribution of product intended to pass for the original
illegal copying of programs distribution of copies of software.

1.5.15. Computer sabotage

• The use of internet to find the normal functioning of a computer system
through the introduction of worm's viruses or logical bombs is referred to as
a computer sabotage
• Logic bombs are event dependent programs created to do something only
when certain event (Known as trigger event) occurs.
• Example, a certain virus becomes active only on a particular date (Chernobyl
virus and Y2K virus)
• Note: the sabotage means deliberately destroying

1.5.16. Email bombing/mail bomb

• It refers to sending a large number of emails to the victim to crash victim
E-mail account or to make victim's servers crash
• computer program can be written to instruct a computer to do such tasks on
a repeated basis.
• The terrorism has hit the Internet in the form of Email bombing.
• Here the Cybercrime repeatedly send the email to the particular persons email
ID and shut down the entire system.

Dr. Asha K, Associate Professor, Dept. of ECE Sai Vidya Institute of Technology
Introduction to Cyber Security (22ETC15I) Module 1

1.5.17. Usenet newsgroups as the source of cybercrime

Usenet is a popular means of sharing and distributing information on the web

with respect to specific subject or topic following criminals use Usenet

1. distribution or sales of pornography material

2. distribution or sale of pirated software package
3. distribution of hacking software
4. sale of stolen credit card number
5. sale of stolen data or stolen property

1.5.18. Computer Network Intrusion

• Crackers can break into computer system from anywhere in the world on
steal data, plant viruses, create back doors, insert trojan horse or change
username and passwords.
• Network Intrusion are illegal, but detection and enforcement are difficult.
• The cracker can bypass existing password protection by creating a program
to capture login ID and password.
• Here the attacker breaks into a computer network

1.5.19. Password sniffing

• Password sniffers are program that monitor and record the name and
password of a network uses as the login at a site.
• Example keyloggers these are computer programs which one installed into a
particular computer system records all the keystrokes and send it to the
attacker so the attacker can get access to user credentials.
• With the user credentials, the attacker will login and access restricted
documents.

1.5.20. Credit card frauds

• The unauthorised use of an individual credit card or card information to make
purchases or to release funds from the card holders accounts
• Example attacker gaining access to credit card details can make an online
shopping the owner of the account may be unaware of the compromise until
the information is actually used to make purchases. Millions of dollars may
be lost annually by consumers who have the credit card.
• PCI-DSS (Payment Card Industry Data Security Standard) is a set of
regulations to avoid the data theft and to combat credit card fraud.

1.5.21. Identity theft

• Identity theft is a fraud involving another person's identity or illicit purpose
this occurs when a criminal uses someone else identity for his or own illegal
purposes

Dr. Asha K, Associate Professor, Dept. of ECE Sai Vidya Institute of Technology
Introduction to Cyber Security (22ETC15I) Module 1

• Example of obtaining account details of a genuine customer and withdrawing

money from the bank account.

*********************
Important Topics:

Questions: Discuss the concept of pornography offences and child pornography

and explain the steps involved in pedophiles operations.

pornography offences:

Child pornography means, any photograph that can be considered obscene and/or
unsuitable for the age of child viewer;
film. video. picture; or
computer generated image or picture of sexually explicit conduct where the
production of such visual depiction involves the use of a minor engaging in sexually
explicit conduct.
• child pornographv is considered an offense.
• Unfortunately, child pornography is a reality of the Internet.
• The Internet is being highly used by its abusers to reach and abuse children
sexually, worldwide. In India too, the Internet has become a household
commodity in the urban areas of the nation.
• Its explosion has made the children a viable victim to the cybercrime.
• As the broad-band connections get into the reach of more and more homes.
• larger child population will be using the Internet and therefore greater would
be the chances of falling victim to the aggression of pedophiles.

• "Pedophiles" are people who physically or psychologically coerce minors to

engage in sexual activities, which the minors would not consciously consent
to.
• Operational steps taken by pedophiles
• Step 1: Pedophiles use a false identity to trap the children/teenagers (using
"false identity which in itself is another crime called "identity theft").
• Step 2: They seek children/teens in the kids' areas on the services, such as
the Teens BB, Games BB or chat areas where the children gather
• Step 3: they befriend children/teens.
• Step 4: they extract personal information from the child/teen by winning
his/her confidence.
• Step 5: Pedophiles get E-Mail address of the child/teen and start making
contacts on the victim's E-Mail address as well. Sometimes, these E-Mails
contain sexually explicit language.

Dr. Asha K, Associate Professor, Dept. of ECE Sai Vidya Institute of Technology
Introduction to Cyber Security (22ETC15I) Module 1

• Step 6: They start sending pornographic images/text to the victim including

child pornographic images in order to help child/teen shed his/her inhibitions
so that a feeling is created in the mind of the Victim that what is being fed to
him is normal and that everybody does it.
• Step 7: At the end of it, the pedophiles set up a meeting with the child/teen
out of the house and then drag him/her into the net to further sexually
assault him/her or to use him/her as a sex object.

Questions: What is the main purpose of hacking, explain hacking with examples

Hacking:
The following are the few main purpose of hacking
1.Greed;
2. power;
3. publicity
4. revenge
5. adventure
6. desire to access forbidden information;
7. destructive mindset

• Every act committed toward breaking into a computer and/or network is

hacking and it is an offense Hackers write or use ready-made computer
programs to attack the target computer.
• They possess the desire to destruct and they get enjoyment out of such
destruction.
• Some hackers hack for personal monetary gains, such as stealing credit card
information, transferring money from various bank accounts to their own
account followed by withdrawal of money.
• They extort money from some corporate giant threatening him to publish the
stolen information that is critical in nature.
• Government websites are hot on hacker's target lists and attacks on
Government websites receive wide press coverage.
• For example, according to the story posted on December 2009, the NASA site
was hacked via SQL Injection.
• Hackers, crackers and phrackers are some of the oft-heard terms.
• The original meaning of the word hack meaning an elegant, witty or inspired
way of doing almost anything originated at MIT The meaning was now changed
to become something associated with the breaking into or harming of any kind
of computer or telecommunications system.
• Some people claim that those who break into computer systems should Ideally
be called "crackers" and those targeting phones should be known as "phreaks"

Dr. Asha K, Associate Professor, Dept. of ECE Sai Vidya Institute of Technology
Introduction to Cyber Security (22ETC15I) Module 1

Questions:
1. Explain the Indian perspective of Cybercrime.
2. What are the hacking and Indian laws present on cybercrimes and discuss.
3. Explain cybercrime and the Indian ITA 2000
4. Discuss a global perspective on cyber crime
5. Write a short note on cybercrime and the extended Enterprise with diagram.

1.6.a Cybercrime Legal Perspectives

Computer related crime is defined as an illegal any illegal act for which the
knowledge of Computer technology is essential for successful prosecution.
International legal aspects of computer crimes that define it as an confesses any
illegal act for which the knowledge of Computer technology is essential for it
represents for its perpetration.
Cybercrime is the outcome of Globalization; this leads to increase in number of
offenses and introduces the threats to the future.
This can be solved by incorporating the legal system into a society.

1.6.b Cybercrime: An Indian Perspective

• India has the fourth highest number of Internet users in the world
• there are 45 million Internet users in India, 37% of all Internet accesses from
happen cybercafes and 57% of Indian Internet users are between 18 and 35
years.
• The population of educated youth is high in India.
• It is reported that compared to the year 2006, cybercrime under the
Information Technology (IT) Act recorded a whopping 50% increase in the
year 2007.
• The National Crime Record Bureau (NCRB) gives the report that, 46%, were
related to incidents of cyberpornography, followed by hacking.
• In over 60% of these cases, offenders were between 18 and 30 years, according
to the "Crime in 2007".
• The Indian Government is doing its best to control cybercrimes.
• For example, Delhi Police have now trained 100 of its officers in handling
cybercrime and placed them in its Economic Offences Wing.
• The training gave to officers about computer hardware and software,
computer networks comprising data communication networks, network
protocols, wireless networks and network security about 6 weeks.

1.7 Hacking and Indian Laws

• The ITA 2000 was framed after the United Nation General Assembly
Resolution in January 30, 1997.
• ITA adopting the Model Law on Electronic Commerce (E-Commerce) adopted
by Commission on the United Nations International Trade Law.

Dr. Asha K, Associate Professor, Dept. of ECE Sai Vidya Institute of Technology
Introduction to Cyber Security (22ETC15I) Module 1

• A total cybercrime were registered under the IT Act in 2007 compared to 142
cases registered 2006.
• Under the IPC in to, 339 cases were recorded in 2007 compared noteworthy
to 311 cases in 2006. The laws, crime details and punishment details given
in table below.

Section Ref.& Chapter of Crime Punishment

Title the Act &
Title
Sec. 43 (Penalty for CHAPTER IX Damage to computer Compensation for
damage to Penalties and system, 1 crore
computer) Adjudication
Sec. 66 (Hacking CHAPTER XI Hacking (with intent or Fine of 2 lakhs and
with computer Offences knowledge) imprisonment for
system) 3 years
Sec. 67 (Publishing CHAPTER XI Publication of obscene Fine of 1 lakh
of information Offences material in electronic imprisonment of 5
which is obscene form years and double
in electronic form Conviction on
second offence
Sec. 68 (Power of CHAPTER XI Not complying with Fine up to 7 2
controller to give Offences directions of controller. lakhs
directions) imprisonment of 3
years
Sec. 70 (Protected CHAPTER XI Attempting or securing Imprisonment up
system Offences access to computer to 10 years.
without his/her
knowledge,
Sec. 72 (Penalty for CHAPTER XI Attempting or securing Fine up to 1 lakh
breach of Offences access to computer for and
confidentiality and breaking confidentiality imprisonment up
privacy) to 2 years
Sec. 73 (Penalty for CHAPTER XI Publishing false digital Fine up to 1 lakh
publishing Digital Offences signature or
Signature imprisonment up
Certificate false in to 2 years or both
certain
particulars)
Sec. 74 CHAPTER XI Publication of Digital imprisonment up
(Publication for Offences Signatures for to 2 years and Fine
fraudulent fraudulent purpose up to 1 lakh
purpose)

Dr. Asha K, Associate Professor, Dept. of ECE Sai Vidya Institute of Technology
Introduction to Cyber Security (22ETC15I) Module 1

1.8 Global Perspectives on Cybercrime

• statute and treaty law both refer to cybercrime.
• In Australia, cybercrime has a narrow statutory meaning as used in the Cyber
Crime Act 2001, which details offenses against computer data and systems.
• In the Council of Europe's (CoE's) Cyber Crime Treaty, cybercrime is used
as an umbrella term to refer to an array of criminal activity including offenses
against computer data and system, computer-related offenses, content
offenses and copyright offenses.
• These crimes based on ICT are called as white-collar crime and economic
crime.
• International Telecommunication Union (1TU) survey conducted in 2005,
shows the taking of actions against Spam.
• E-Mail Spam legislation mention in Section 67 of the Indian ITA 2000.
• About 30 countries have enacted some form of anti-Spam legislation.
• Technical solutions were given by Internet Service Providers (ISPs) and end-
users, but significant impact found on sending hundreds of millions of
messages per day.
• Spam acts a vehicle to spread viruses and worms.
• Spam mails to try to get the financial information such as account numbers
and passwords.
• There is a rapid growth in the use of Information Communication Technology
(ICT) tools and rapid growth in crime is happening.
• 1. August 4, 2006 Announcement:
• The US Senate ratifies CoE Convention on Cyber Crime. The convention
targets hackers, those spreading destructive computer viruses
• Those using the Internet for the sexual exploitation of children or the
distribution of racist material, and terrorists attempting to attack
infrastructure facilities or financial institutions.
• The Convention is in full accord with all the US constitutional protections,
such as free speech and other civil liberties, and will require no change to the
US laws.
• In August 18, 2006, there was a news article published "ISPs Wary About
Drastic Obligations' on Web Site Blocking."
• 2. European Union (EU) officials want to debar suspicious websites as part
of a 6-point plan to boost joint antiterrorism activities.
• They want to block websites that incite terrorist action.
• Once again it is underlined that monitoring calls, Internet and E-Mail traffic
for law enforcement purposes is a task vested in the government, which must
reimburse carriers and providers for retaining the data
• 3. CoE Cyber Crime Convention (1997-2001) was the first international
treaty seeking to address Internet crimes by harmonizing national laws,
improving investigative techniques and increasing cooperation among
nations.

Dr. Asha K, Associate Professor, Dept. of ECE Sai Vidya Institute of Technology
Introduction to Cyber Security (22ETC15I) Module 1

• More than 40 countries have ratified the Convention to date

1.8.1. Cybercrime and the Extended Enterprise

• This term represents the concept that a company is made up not just of its
employees, its board member and executives, but also its business
partners, its suppliers and even its customers.

• The extended enterprise can only be successful if all of the component

groups and individuals have the information, they need in order to do
business effectively. Extended enterprise is shown in figure below.

Fig. Extended enterprise

• An extended enterprise is a "loosely coupled, self-organizing network' of firms

that combine their economic output to provide "products and services"
offerings to the market.
• Firms in the extended enterprise may operate independently, for example,
through market mechanisms or cooperatively through agreements and
contracts.
• The flow of "information" in a large scale to support instantaneous "decision-
making ability" is for the "external enterprise."
• Due to the interconnected features of information and communication
technologies, security overall can only be fully promoted when the users have
full awareness of the dangers
• Given the promises and challenges in the extended enterprise scenario,
organizations in the community international have a special role in sharing
information on good practices.
• International cooperation at the levels of government, industry, consumer,
business and technical groups to allow a global and coordinated approach to
achieving global cybersecurity is the key.

Dr. Asha K, Associate Professor, Dept. of ECE Sai Vidya Institute of Technology
Introduction to Cyber Security (22ETC15I) Module 1

Table of classification of cybercrimes:

Individual Society Organization Crime Crime
against Emanating
Society from Usenet
newsgroups

Email spoofing Credit Card Unauthorized Forgery Usenet group

and other online frauds accessing of Cyber may carry very
frauds Intellectual computer terrorism offensive,
Phishing Property password Web harmful,
Spamming crime sniffing jacking inaccurate
Cyberdefamation Internet Denial-of- material.
Cyberstalking and time theft Service (DOS) Posting that
harassment attacks have been
Computer Virus misplaced or
Sabotage E-mail are deceptive in
Pornography bombing another way
offenses Salami attack
Password sniffing Logic bomb
Trojan horse
Data diddling
Industrial
spying crimes
emanating from
Usenet
newsgroups,
computer
network
instrusions,
software piracy

Write the difference between Crime and Fraud

Cybercrime Cyberfraud
It refers process of hacking others Cyberfraud means, the users on the
computer system or computer networks Internet are misguided and cheated and
does fooling.
Hacking someone's personal account is Calling or sending emails to people and
cybercrime. This is done with the help asking them to send credit card details,
of computer. CVV, or OTP etc., using computer
Hacking Internet time theft
Spaming Credit card fraud

Dr. Asha K, Associate Professor, Dept. of ECE Sai Vidya Institute of Technology
Introduction to Cyber Security (22ETC15I) Module 1

What are the major types of Incidents occurring in the computer environment.
The following are the major incidents occurs in the computer environment
• Denial of Service attack
• Laptop theft
• Telecom fraud
• unauthorised access
• viruses
• financial fraud
• insider abuse
• sabotage
• theft or loss of information
• website defacement
• abuse of wireless network
• misuse of web application
• bots
• DoS attacks
• instant messaging abuse
• password sniffing
• theft or loss of computer customer data
o from mobile devices
o from all other sources

Explain the Spamming? What the different types. And explain the web publishing
techniques to be avoided in search engine spam.

Spamming:

People who create electronic Spam are called spammers.

Spam is the abuse of electronic messaging systems (including most broadcast
media, digital delivery systems) to send unsolicited bulk messages indiscriminately.

Dr. Asha K, Associate Professor, Dept. of ECE Sai Vidya Institute of Technology
Introduction to Cyber Security (22ETC15I) Module 1

Although the most widely recognized form of Spam is E-Mail Spam, the term is
applied to similar abuses in other media:
• Instant messaging Spam,
• Usenet newsgroup Spam,
• web search engine Spam.
• Spam in blogs,
• wiki Spam,
• online classified ads Spam,
• mobile phone messaging Spam.
• Internet forum Spam. Junk fax transmissions,
• social networking Spam, file sharing network Spam,
• video sharing sites, etc
• Spamming is difficult to control because it has economic viability advertise
have no operating cost beyond the management of their mailing lists it is
difficult to hold centres accountable for their mass mailings.
• Spammers are numerous the volume of unsolicited mail has become very high
because the barrier to entry is slow.
• spamming is in the context of search engines spamming. In this context of
spamming alteration or creation of a document with the intent to deceive and
electronic catalog or filling system.
• some web authors use subversive techniques to ensure that there are fines
penalties associated with the use old techniques.
• sites appears more frequently or penalties associated with the use of such
submersible technique
• Those who continually attempt to subvert or spam the search engine may be
permanently excluded from search index.

• Therefore, the following web publishing techniques should be avoided

1. Repeating keywords
2. use of keywords that do not relate to the content on the site
3. use of fast meta refresh:
4. redirection
5. IP Cloaking use of colored text on the same color background:
6. tiny text usage:
7. tiny text messages
8. duplication of pages with different U'RLs:
9. hidden links:
10. use of different pages that bridge to the same URL (gateway pages)

****************End**************

Dr. Asha K, Associate Professor, Dept. of ECE Sai Vidya Institute of Technology