Chapter 1

Introduction to Cybercrime
Introduction
Internet has undeniably opened a new way of exploitation known as cybercrime involving the use of
computers, the Internet, cyberspace and the worldwide web (WWW).

Following Figure 1, based on a 2008 survey in Australia, shows the cybercrime trend.
While the worldwide scenario on cybercrime looks bleak, the situation in India is not any better.

Indian corporate and government sites have been attacked or defaced(Spoiled) more than 780 times
between February 2000 and December 2002.

A total of 3,286 Indian websites were hacked in 5 months – between January and June 2009.
Cyberspace
Cyberspace is where users mentally travel through matrices of data. Conceptually, cyberspace is the nebulous place
where humans interact over computer networks. The term cyberspace is now used to describe the internet and
other computer networks. In terms of computer science, cyberspace is a worldwide network of computer networks
that uses the TCP/IP for communication to facilitate transmission and exchange of data.
Cybersquatting
Cybersquatting is derived from “squatting” which is the act of occupying an abandoned/unoccupied space/ building
that the squatter does not own, rent or otherwise have permission to use.
Domain names that are being squatted are being paid for by the cybersquatters through the registration process.
Cybersquatters usually ask for prices far greater than those at which they purchased it. Some cybersquatters put up
derogatory of defamatory remarks about the person or company the domain is meant to represent in an effort to
encourage the subject to buy the domain from them. Cybersquatting is the act of registering a popular internet
address, company name, with intent of selling it to its rightful owner. From an individual point of view,
cybersquatting means registering , selling or using a domain name with the intent of profittingfrom goodwill of
someone else’s trademark
Cyberpunk and cyberwarfare
“cyber” and “punk” emphasize the two basic aspects of cyberpunk ”technology” and “individualism”.
Mean something like “anarchy(inserting) via machines” or “machine/computer rebel movement”.
Idea behind calling it “cyberpunk” was a invent a new term that will express the
juxtaposition(together) of punk attitudes and high technology. For the terms “hackers”,”crackers” and
others.
Cyberwarfare , means information warriors unleashing(strong force) vicious (violent) attacks against
an unsuspecting opponents computer networks, wreking havoc(making strong damage), paralyzing
nations.
Cyberterrorism
Cyberterrorism is defined as “any person, group or organization who, with terrorist intent, utilizes
accesses or aids in accessing a computer or computer network or electronic system or electronic
device by any available means, and thereby knowingly engages in or attempts to engage in a terrorist
act commits the offence of cyberterrorism.”
Cybercrime: Definition and Origins of the Word
The definitions of computer crime:
1. Any illegal act where a special knowledge of computer technology is essential for
its perpetration(doing something wrong), investigation or prosecution.
2. Any traditional crime that has acquired a new dimension or order of magnitude
through the aid of a computer, and abuses that have come into being because of
computers.
3. Any financial dishonesty that takes place in a computer environment.
4. Any threats to the computer itself, such as theft of hardware or software,
sabotage(damage) and demands for ransom(demanding sum of money).

The term “cybercrime” relates to a number of other terms such as:

• Computer-related crime
• Computer crime
• Internet crime
• E-crime
• High-tech crime
Two types of attack are prevalent in cybercrimes:
1. Techno-crime: A premeditated(plan) act against a system or systems, with the
intent to copy, steal, prevent access, corrupt or otherwise deface or damage parts of
or the complete computer system.
2. Techno-vandalism: These acts of “brainless” defacement of websites and/or other activities, such as
copying files and publicizing their contents publicly, are usually opportunistic in nature.

Cybercrimes differ from most terrestrial(existing) crimes in four ways:

(a) how to commit them is easier to learn
(b) they require few resources relative to the potential damage caused
(c) they can be committed in a jurisdiction without being physically present in it
(d) they are often not clearly illegal.

Cyberterrorism is defined as “any person, group or organization who, with terrorist intent, utilizes
accesses or aids in accessing a computer or computer network or electronic system or electronic device by
any available means, and thereby knowingly engages in or attempts to engage in a terrorist act commits
the offence of cyberterrorism.”
How cybercrimes are planned and how they actually take place
• Cyberterrorists usually use computer as a tool, target or both for their unlawful act to gain information.
• Internet is one of the means by which the offenders(criminals) can gain priced sensitive information of
companies, firms, individuals, banks and can lead to intellectual property (IP), selling illegal articles,
pornography/child pornography, etc. This is done using:
 Phishing, Spoofing, Pharming, Internet Phishing, wire transfer, etc.
 Cybercrime and Information Security

Indian Information Technology Act (ITA 2008) provides a new focus on “Information Security in India.”
 “Cybersecurity” means protecting information, equipment, devices, computer, computer
resource, communication device and information stored therein from unauthorized access, use ,
disclosure, disruption, destruction or modification.
 Where financial losses to the organization due to insider crimes are concerned, difficulty is faced in
estimating the losses because the financial impacts may not be detected by the victimized
organization and no direct costs may be associated with the data theft.
.
 For anyone trying to compile data on business impact of cybercrime, there are number of challenges.
o Organizations do not explicitly incorporate the cost of the vast majority of computer security
incidents into their accounting.
o There is always a difficulty in attaching a quantifiable monetary value to the corporate data and
yet corporate data get stolen/lost.
o Most organizations abstain(except) from revealing facts and figures about “security incidents”
including cybercrime.
o Organizations perception about “insider attacks” seems to be different than that made out by
security solution vendor.
o Awareness about “data privacy” too tends to be low in most organizations
The Botnet Menace

-Refers to group of compromised computers(zombie computers i.e., personal computers secretly under
the control of hackers) running malwares under a common command and control infrastructure
-Botnet maker can control the group remotely for illegal purposes. Most common being denial-of-
service attack(DoS attack). Adware, Spyware,E-mail Spam, Click Fraud, theft of application serial
numbers, login IDs and financial information such as credit card numbers etc
Figure 3 shows several categories of incidences – viruses, insider abuse, laptop theft and
unauthorized access to systems.

Typical network misuses are for:

 Internet radio
 streaming audio
 streaming video
 file sharing
 instant messaging
 Online gaming
 Online gambling
Who are Cybercriminals?
Cybercriminals are those who conduct activities such as evidence of child sexual abuse; credit card fraud;
cyber stalking(harass); defaming another online; gaining unauthorized access to computer systems;
ignoring copyright, software licensing and trademark protection; overriding encryption to make illegal
copies; software piracy and stealing another’s identity to perform criminal acts.
1. Type I: Cybercriminals – hungry for recognition
-Hobby hackers,
-IT professionals(social engineering is one of the biggest threat),
-Political motivated hackers, terrorist organizations
2. Type II: Cybercriminals – not interested in recognition
-Psychological perverts(distort),
-financially motivated hackers(corporate espionage(using spies),
-state-sponsored hacking(national espionage, sabotage(damage)),
-organized criminals.
3. Type III: Cybercriminals – the insiders
-disgruntled or former employees seeking revenge
-competing companies using employees to gain economic advantage through damage and/or theft
Classifications of Cybercrimes
Crime is defined as “an act or the commission of an act that is forbidden or the omission of a duty that is
commanded by a public law and that makes the offender liable to punishment by that law”
 Cybercrimes are classified as follows:
1. Cybercrime against individual
2. Cybercrime against property
3. Cybercrime against organization
4. Cybercrime against Society
5. Crimes emanating from Usenet newsgroup:
1. Cybercrime against individual
-e-mail spoofing and other frauds
-phishing
-Spamming
-Cyberdefamation
-Cyberstalking and harassment
-computer sabotage
-pornographic offences
-Password sniffing: this belongs to category of cybercrime against organization because the use of
password could be by an individual for his/her personal work or the work he/she is doing using a
computer that belongs to an organization
2. Cybercrime against property
-credit card frauds
-Intellectual Property(IP) crimes: IP crimes include software piracy, copyright infringement, trademark
violations, theft of computer source code etc
-internet time theft

3. Cybercrime against organization

-Unauthorized access of computers: Hacking is one method of doing this and hacking is a punishable
offence
-Password sniffing
-Denial-of-service attack
-Virus attack/disseminations of viruses
-E-mail bombing/mail bombs
-Salami attack / salami technique
-Logic Bomb
-Trojan Horse
-Data diddling(cheating)
4. Cybercrime against Society
-Forgery
-Cyberterrorism
-Web Jacking

5.Crimes emanating(originate) from usenet newsgroup

Usernet groups may carry very offensive, harmful, inaccurate or otherwise inappropriate material,or
in some cases, posting that have been mislabeled or are deceptive in another way
E-Mail Spoofing
• A spoofed E-Mail is one that appears to originate from one source but actually has been sent from
another source.

Spamming
• People who create electronic Spam are called spammers.
• Spam is the abuse of electronic messaging systems to send unsolicited bulk messages
indiscriminately.
• Spamming is widely detested, and has been the subject of legislation in many jurisdictions – for
example, the CAN-SPAM Act of 2003.
Search engine spamming
 Spamming is alteration or creation of a document with the intent to deceive(to believe something
that is not true) an electronic catalog or filing system.
 Some web authors use “subversive techniques” to ensure that their site appears more frequently or
higher number in returned search results.
Cyberdefamation
• “Cyberdefamation” occurs when defamation(action of damaging the good reputation) takes place with
the help of computers and/or the According to the IPC Section 499:
1. It may amount to defamation to impute(represent as being done) anything to a deceased person, if the
imputation would harm the reputation of that person if living, and is intended to be hurtful to the feelings
of his family or other near relatives.
2. It may amount to defamation to make an imputation concerning a company, association, or a collection
of persons.
3. An imputation in the form of an alternative or expressed ironically(sarcastically), may amount to
defamation.
4. No imputation is said to harm a person’s reputation unless that imputation directly or indirectly, in the
estimation of others, lowers the moral or intellectual character of that person, or lowers the character of
that person in respect of his caste or his calling, or lowers the credit of that person.
4. No imputation is said to harm a person’s reputation unless that imputation directly or indirectly, in the
estimation of others, lowers the moral or intellectual character of that person, or lowers the character of
that person in respect of his caste or of his calling, or lowers the credit of that person, or causes it to be
believed that the body of that person is in a loathsome(dislikable) state or in a state generally considered
as disgraceful.
• The law on defamation attempts to create a workable balance between two equally important human
rights
1. The right to an unimpaired(un shrink) reputation
2. The right to freedom of expression
Internet Time Theft
 Internet time theft occurs when an unauthorized person uses the Internet hours paid for by
another person.
 It comes under hacking because the person gets access to someone else’s ISP user ID and
password, either by hacking or by gaining access to it by illegal means

Salami Attack/Salami Technique

 These attacks are used for committing financial crimes.
 No account holder will probably notice this unauthorized debit, but the bank employee will
make a sizable amount every month.

Data Diddling
 A data diddling attack involves altering raw data just before it is processed by a computer
and then changing it back after the processing is completed.
 Electricity Boards in India have been victims to data diddling programs inserted when private
parties computerize their systems.
Forgery
• Forging counterfeit currency notes, postage and revenue stamps, marksheets, etc. using sophisticated computers,
printers and scanners.
Web Jacking
• Web jacking occurs when someone forcefully takes control of a website (by cracking the password and later
changing it).
Newsgroup Spam/Crimes Emanating from Usenet Newsgroup
• This is one form of spamming. The word “spam” was usually taken to mean excessive multiple posting(EMP)
• The advent of Google Groups, and its large Usenet archive, has made Usenet more attractive to spammers than
ever.
• Spamming of Usenet newsgroups actually predates E-Mail Spam.
Industrial Spying/Industrial Espionage
• “Spies” can get information about product finances, research and development and marketing strategies, an
activity known as “industrial spying.”
• “Targeted Attacks” - applies very well to organizations that are victim of focused attacks aiming at stealing
corporate data, Intellectual Property or whatever else that may yield a competitive advantage for a rival company.
• There are two distinct business models for cybercrime applied to industrial spying
 Selling Trojan-ware
 Selling Stolen Intellectual Property.
Hacking
Hackers, crackers and phrackers are some of the oft-heard terms. The original meaning of the word “hack” meaning
an elegant, witty or inspired way of doing almost anything originated at MIT.

 Hackers write or use ready-made computer programs to attack the target computer.
 They possess the desire to destruct and they get enjoyment out of such destruction.
 Some hackers hack for personal monetary gains, such as stealing credit card information, transferring money
from various bank accounts to their own account followed by withdrawal of money.

Online Frauds
Types of crimes under the category of hacking
 Spoofing(imitate) website and E-Mail security alerts
 Hoax(a plan to deceive a large group of people) emails about virus threats
 lottery frauds
 Spoofing.
Spoofing websites and E-Mail security threats
o Fraudsters create authentic looking websites that are actually nothing but a spoof.
o The purpose of these websites is to make the user enter personal information which is then used to access
business and bank accounts
o This kind of online fraud is common in banking and financial sector.
o It is strongly recommended not to input any sensitive information that might help criminals to gain access to
sensitive information, such as bank account details, even if the page appears legitimate.
Virus hoax E-Mails
o The warnings may be genuine, so there is always a dilemma whether to take them lightly or seriously.
o A wise action is to first confirm by visiting an antivirus site such as McAfee, Sophos or Symantec before taking
any action, such as forwarding them to friends and colleagues.
Lottery frauds
o Typically letters or E-Mails that inform the recipient that he/she has won a prize in a lottery.
o To get the money, the recipient has to reply, after which another mail is received asking for bank details so that
the money can be directly transferred.
 Spoofing
o A hacker logs-in to a computer illegally, using a different identity than his own.
o He creates a new identity by fooling the computer into thinking that the hacker is the genuine system
operator and then hacker then takes control of the system.

Pornographic Offenses
“child sexual abuse material” includes:
1. Any photograph that can be considered obscene and/or unsuitable for the age of child viewer;
2. film, video, picture;
3. computer-generated image or picture of sexually explicit conduct where the production of such visual
depiction involves the use of a minor engaging in sexually explicit conduct.

 As the broad-band connections get into the reach of more and more homes, larger child population will
be using the Internet and therefore greater would be the chances of falling victim to the aggression of
pedophiles.
Software Piracy
 Theft of software through the illegal copying of genuine programs or the counterfeiting and distribution
of products intended to pass for the original.
Those who buy pirated software have a lot to lose:
(a) getting untested software that may have been
copied thousands of times over
(b) the software, if pirated, may potentially contain
hard-drive-infecting viruses
(c) there is no technical support in the case of
software failure, that is, lack of technical product
support available to properly licensed users
(d) there is no warranty protection,
(e) there is no legal right to use the product, etc.
Economic impact of software piracy is grave (see Fig.
4).
Computer Sabotage
It is the use of the Internet to hinder the normal functioning of a computer system through the introduction of
worms, viruses or logic bombs. It can be used to gain economic advantage over a competitor, to promote the
illegal activities of terrorists or to steal data or programs for extortion purposes. Logic bombs are event-dependent
programs created to do something only when a certain event (known as a trigger event) occurs. Some viruses may
be termed as logic bombs.

E-Mail Bombing/Mail Bombs

 It refers to sending a large number of E-Mails to the victim to crash victim’s E-Mail account or to make victim’s
mail servers crash (in the case of a company or an E-Mail service provider).
 Computer program can be written to instruct a computer to do such tasks on a repeated basis.

Usenet Newsgroup as the Source of Cybercrimes

Usenet is a popular means of sharing and distributing information on the Web with respect to specific topic or
subjects. It is a mechanism that allows sharing information in a many-to-many manner. The newsgroups are
spread across 30,000 different topics.
Computer Network Intrusions
 Computer Networks pose a problem by way of security threat because people can get into them from anywhere.
 The cracker can bypass existing password protection by creating a program to capture logon IDs and passwords.
 The practice of “strong password” is therefore important.
Password Sniffing
 Password Sniffers are programs that monitor and record the name and password of network users as they login,
jeopardizing(putting something into loss or harm, or failure) security at a site.
 Whoever installs the Sniffer can then impersonate an authorized user and login to access restricted documents.
Credit Card Frauds
 Millions of dollars may be lost annually by consumers who have credit card and calling card numbers stolen from
online databases.
 Bulletin boards and other online services are frequent targets for hackers who want to access large databases of
credit card information.
Identity Theft
 Identity theft is a fraud involving another person’s identity for an illicit purpose.
 This occurs when a criminal uses someone else’s identity for his/her own illegal purposes.
 The cyberimpersonator can steal unlimited funds in the victim’s name without the victim even knowing about it for
months, sometimes even for years!
Cybercrime: The Legal Perspectives

Computer Crime: Criminal Justice Resource Manual (1979)

 The first comprehensive presentation of computer crime
 computer-related crime was defined in the broader meaning as: any illegal act for which knowledge of
computer technology is essential for a successful prosecution.
Cybercrime:
 outcome of “globalization.”
 Globalized information systems accommodate an increasing number of transnational offenses.
This problem can be resolved in two ways:
1. Divide information systems into segments bordered by state boundaries
2. Incorporate the legal system into an integrated entity obliterating(destroy utterly or wipe out) these
state boundaries
Cybercrimes: An Indian Perspective
India has the fourth highest number of Internet users in the world.
 there are 45 million Internet users in India
 37% - from cybercafes
 57% of users are between 18 and 35 years.
 A point to note is that the majority of off enders (who commit an illegal act) were under 30 years.
 About 46% cybercrime cases were related to incidents of cyberpornography
 In over 60% of these cases, off enders were between 18 and 30 years.
Cybercrime and the Indian ITA 2000
 The first step toward the Law relating to E-Commerce at international level to regulate an
alternative form of commerce and to give legal status in the area of E-Commerce.
 ITA 2000 was enacted after the United Nation General Assembly Resolution A/RES/51/162 in
January 30, 1997 by adopting the model law on electronic Commerce adopted by United Nations
Commission on International Trade Law
Hacking and the Indian Law(s)
 Cybercrimes are punishable under two categories: the ITA 2000 and the IPC.
 A total of 207 cases of cybercrime were registered under the IT Act in 2007 compared to 142 cases
registered in 2006.
 Under the IPC too, 339 cases were recorded in 2007 compared to 311 cases in 2006.
 Some noteworthy provisions under the ITA2000 , which is said to be undergoing key changes very
soon.
A Global Perspective on Cybercrimes
 In Australia, cybercrime has a narrow(more than one) statutory meaning as used in the Cyber Crime Act
2001, which details offenses against computer data and systems.
 However, broad meaning is given to cybercrime at an international level
 In the Council of Europe’s (CoE’s) Cyber Crime Treaty(agreement), cybercrime is used as an umbrella
term to refer to an array of criminal activity including offenses against computer data and systems,
computer-related offenses, content offenses and copyright offenses.
 Recently, there have been a number of significant developments such as
1. August 4, 2006 Announcement: The US Senate ratifies CoE Convention on Cyber Crime. The
convention targets hackers, those who are spreading destructive computer viruses, those using the
Internet for the sexual exploitation of children or the destruction of racist(discrimination against
person or people based on ethnic etc.) material, and terrorists attempting to attack infrastructure
facilities or financial institutions.
2. In August 18, 2006, there was a news article published “ISPs Wary About ‘Drastic Obligations’(more
responsible) on Web Site Blocking.” European Union(EU) officials debar suspicious websites as part of
a 6-point plat to boost joint antiterrorism activities.
3. CoE Cyber Crime Convention (1997–2001) was the first international treaty seeking to address
Internet crimes by harmonizing national laws, improving investigative techniques and increasing
cooperation among nations. More than 40 countries have ratified(giving formal consent) the
convention.
Cybercrime and the Extended Enterprise
 It is the responsibility of each user to become aware of the threats as well as the opportunities that
“connectivity” and “mobility” presents them with.
 Extended enterprise - represents the concept that a company is made up not just of its employees, its
board members and executives, but also its business partners, its suppliers and even its customers (Fig.
5).
 An extended enterprise is a “loosely coupled, self organizing network” of firms that combine their
economic output to provide “ products and services” offering to the market.
 Firms in the extended enterprise may operate independently, for example through market mechanisms
or cooperatively through agreements and contracts
 Given the promises and challenges in the extended enterprise scenario, organizations in the
international community have a special role ij sharing information on good practices , and creating
open and accessible enterprise information flow channels for exchanging of ideas in a collaborative
manner.
 International cooperation at the levels of government, industry, consumer, business and technical
groups to allow a global and coordinated approach to achieving global cybersecurity is the key
Cybercrime Era: Survival Mantra for the Netizens
Netizen
 Netizen is someone who spends considerable time online and also has a considerable presence online
(through websites about the person, through his/her active blog contribution and/or also his/her
participation in the online chat rooms).
 The 5P Netizen mantra for online security is: (a) Precaution, (b) prevention, (c) Protection, (d)
Preservation and (e) Perseverance.
 For ensuring cybersafety, the motto for the “Netizen” should be “Stranger is Danger!”
If you protect your customers data, your employees privacy and your own company, then you
are doing your job in the grander scheme of things to regulate and enforce rules on the Net
trough our community.
• CYBER CRIME
• Cybercrime is any criminal activity that involves a computer, network or
networked device
• A crime committed using a computer and the internet to steal a person Identity
• Alternative definations
• Any illegal act where a special knowledge of computer technology is essential for
its perpetration investigation or prosecution
• Any traditional crime that has acquired a new dimension or order of magnitude
through the aid of computer and abuses that have come into being used of
computers
• Any financial dishonesty that takes place in computer environment

• Any threats to the computer itself such as theft of hardware or software sabotage
and demands for random
• Cyber crime is an illegal behaviour directed by means of electronic
operations that target the security of computer systems and data
process by them
• cyber crime may sometimes be used interchangeabally to describe
crimes committed using computers such as computer related
crime ,computer crime ,Internet crime ,Hitech crime etc

• Crimes completed either on or with a computer

• Any illegal activity done through the internet or on the computer
• All criminal activities done using the medium of computers the
internet cyberspace and www
• Cyber crime refers to the act of performing a criminal act using
cyberspace as a communication vechile
• some people argue that cyber crime is not a crime as it is a crime
against software and not against a person or property
• however while the legal systems Around The World scramble to
introduce laws to combat cyber criminals
• Techno Crime- is defined as “a predetermined act against a system or
systems, with the intent to copy, steal, prevent access, corrupt or
otherwise deface or damage parts of or the complete computer system.”
• Techno-vandalism is defined as “the act of brainless defacement of
websites and/or other activities, such as copying of files and publicizing
their contents publicly, are usually opportunistic in nature.

• Cyberterrorism
• The term cybercrime is notorious as it is attached to the word terrorism or
terrorist, i.e., cyberterror-ism. Cyberterrorism is defined as “any person,
group or organization who, with terrorist intent, utilizes access or aids in
accessing a computer or computer network or electronic system or device
by any available means, and thereby knowingly engages in or attempts to
engage in a terrorist act commits the offence of cyber terrorism.
• In India and rest of the world, cyberterrorists generally use computer
as a tool, target, or both for their criminal activities to gain
unauthorized access to sensitive information which may lead to heavy
loss or damage to the owner of that information. Cyber criminals use
methods like phishing, spoofing, pharming, etc for gaining access to
the sensitive information.
• Real-world Crimes vs. Cyber Crimes
• Cybercrimes are easier to carry out when compared to real-world
crimes. Some of the differences between cybercrimes and real-world
crimes are as given below:
• Cyberspace is “a network of computer networks or devices that uses
the TCP/IP for communication to facilitate transmission and exchange
of data.”
• Cybersquatting refers to the practice of registering, trafficking, or
using a domain name with the intent of profiting from the goodwill of
someone else's trademark. This unethical practice can lead to
confusion among consumers and harm the reputation of legitimate
businesses. It is important for individuals and organizations to protect
their trademarks and intellectual property rights to prevent
cybersquatting.
• Cyberpunk is a science fiction genre in which the future world is portrayed as
one in which society is largely controlled by computers, at the expense of daily
life and social order. Literature, movies and video games of this genre point to a
fear that the world may eventually be run solely by computers, including unusual
scenarios where nonliving forms take on life-like actions and capabilities.
Rebellion against large corporations and established organizations is a key aspect
of cyberpunk. As such, main characters are often portrayed as alienated and
marginalized by society.
• Cyber warfare refers to the use of digital tactics and technologies to launch
attacks on computer systems, networks, and infrastructure with the intent of
causing disruption, damage, or espionage. These attacks can target government
agencies, military organizations, critical infrastructure, businesses, or individuals.
Cyber warfare can involve a range of tactics, including malware deployment,
denial-of-service attacks, data breaches, and information manipulation. It is a
growing concern in the realm of national security and requires constant vigilance
and preparedness to defend against potential cyber threats
CYBER CRIME and INFORMATION
SECURITY
• Cyber security means protecting information equipment devices
computer resources communication device and information stored
there in from unauthorised Axis use disclosure disruption
modification or destruction the term incorporates both physical
security of the devices as well as information Store there covers
protection from unauthorised and axis use disclosure description
modification and destruction
who are cyber criminals
• Cyber crime involves such activities as child pornography credit card
fraud cyber stacking D faming another online gaining and authorised
access to computers ignoring copyright software licensing and
Trademark protection overriding encryption to make illegal copies
software piracy and stealing and others identity to perform criminal
acts cyber criminals are those who conduct such as they can be
categorised into 3 groups that reflect their motivation
• Type 1 cyber criminals hungry for recognition
• Hobby hackers
• It professionals
• Terrorist organisations
• Politically motivated hackers

• Type 2 cyber criminals not interested in recognition

• Psychological permits
• Financially motivated hackers
• State sponsored hacking
• Organised criminals

• Type 3 cyber criminals the Insider

• Dis grantled or former employees seeking revenge

• Competing companies using employees to gain economic advantage through damage or depth
• The typical motives behind cyber crimes are to be greed , desire to
gain power or publicity ,desired For Revenge , a sense of adventure
looking for thrill to access Forbidden information ,destructive mindset
and desire to sell network security services

• Cyber caves are known to play role in committing Cyber crimes

Classification of Cyber Crimes
• 1. Cyber crime against individual

• Electronic mail spoofing and other online fraud

• Phishing
• Spamming
• Cyber defamation
• Cyber stalking and harassment
• Computer sabotage
• Pornographic offence
• Password sniffing
• 2. Cyber crime against property

• Credit card fraud

• Intellectual property crimes
• Internet time theft
• 3. Cyber crime against society
• Forgery
• Cyber terrorism
• Web jacking

• 4. Crimes and imiting from use net news groups

• 5. Cyber crime against organisation

• Unauthorised accessing of computer

• Password sniffing
• Denial of service attacks
• Virus attack/ dissemination of viruses
• Email bombing/ mail bomb
• Logic bomb
• Salami attack/ salami technique
• Trojan horse
• Data diddling
• Crimes imaginating from usenet news group
• Industrial spying/ industrial esponage
• Computer network intrusion
Cybercrime from a global perspective
• Cybercrime is a widespread issue that affects individuals, businesses,
and governments around the world.
• The number of cyber attacks has been steadily increasing over the
years, with some estimates suggesting that there are around 300,000
new malware samples being detected every day.
• Cybercrime is a growing global issue that affects individuals,
businesses, and governments.
• In 2021, cybercrime caused global damages of $6 trillion, which is
almost one-fourth of the US GDP.
• By 2026, cybercrime is predicted to cost the global economy more than $20
trillion, a 1.5 times increase compared to 2022.
• Cyber attackers are disrupting critical supply chains, at least four times
more than in 2019.
• The internet has become a soft target, making it easy for hackers to gain
access to the inner workings of many businesses.
• Cyber attacks are cross-border in nature, and the challenges related to
protecting people, businesses, and institutions against cyber attacks are
similar for organizations across the world.
• The National Cyber Security Index (NCSI) measures a country's readiness
to address cyber threats.
• Europe is the least vulnerable region with a CEI score of 0.3285, and North
America is the next least vulnerable region with a CEI score of 0.4621.
SOFTWARE TOOLS FOR CYBERCRIME
• Metasploit: Metasploit is a penetration testing framework that allows
security researchers to test vulnerabilities in systems. However, it can
also be misused by hackers to exploit vulnerabilities in systems.
• Nmap: Nmap is a network scanning tool used by network
administrators and security professionals to discover hosts and services
on a computer network. It can also be used by attackers to identify
potential targets for exploitation.
• Cain & Abel: Cain & Abel is a password recovery tool for Microsoft
Windows, but it also has capabilities for network sniffing, ARP
spoofing, and other attacks. It can be used by attackers to intercept
network traffic and recover passwords.
• Wireshark: Wireshark is a popular network protocol analyzer that
captures and displays packets on a network in real-time. While it's
primarily used for legitimate purposes like network troubleshooting, it
can also be used by attackers to sniff sensitive information such as
passwords and credit card numbers.
• SQLMap: SQLMap is an open-source penetration testing tool that
automates the process of detecting and exploiting SQL injection flaws in
database servers. It can be used by attackers to extract sensitive
information from databases.
• RAT (Remote Access Trojan) Tools: RAT tools such as DarkComet,
Poison Ivy, and njRAT are designed to provide remote access to a victim's
computer. While they can have legitimate uses such as remote
administration, they are often used by attackers for unauthorized access
and control of computers.
• Keyloggers: Keyloggers are software tools that record keystrokes on a
computer. While they can have legitimate uses such as monitoring
employee activity, they are often used by attackers to steal sensitive
information such as passwords and credit card numbers.
Case study: WannaCry ransomware attack
• Background: WannaCry exploited a vulnerability in the Windows
operating system called EternalBlue, which was allegedly developed
by the United States National Security Agency (NSA) and leaked by a
group called Shadow Brokers.
• This vulnerability allowed the ransomware to spread rapidly across
networks, infecting hundreds of thousands of computers in over 150
countries within a matter of days.
Attack Details:
• The WannaCry ransomware spread primarily through phishing emails
containing malicious attachments or links.
• Once a computer was infected, WannaCry encrypted the files on the
system and displayed a ransom note demanding payment in Bitcoin
for decryption.
• The ransomware also had worm-like capabilities, allowing it to spread
to other vulnerable computers on the same network without user
interaction.
Impact
• Disruption of Critical Systems: WannaCry infected computers in
various sectors, including healthcare, finance, telecommunications,
and government agencies. Several hospitals and healthcare facilities
were forced to suspend operations or divert patients due to the loss of
access to critical patient data.
• Financial Losses: The total financial impact of the WannaCry attack
is estimated to be in the hundreds of millions of dollars, including
ransom payments, lost productivity, and recovery costs incurred by
affected organizations.
• Global Response: The WannaCry attack prompted a coordinated
international response from governments, law enforcement agencies,
cybersecurity firms, and industry stakeholders.
• Microsoft released emergency security patches to address the
vulnerability exploited by WannaCry, and law enforcement agencies
launched investigations to identify the perpetrators.
• Attribution and Consequences: While the identity of the perpetrators
behind WannaCry remains unclear, cybersecurity experts have linked the
attack to North Korean state-sponsored hackers based on technical
analysis and circumstantial evidence.
• The attack underscored the growing threat posed by nation-state actors in
cyberspace and fueled discussions about the need for enhanced
cybersecurity measures and international cooperation.
Lessons Learned:
• Vulnerability Management: Organizations must prioritize patch
management and apply security updates promptly to mitigate the risk
of exploitation by cyber threats.
• Backup and Recovery: Regularly backing up critical data and
implementing robust disaster recovery plans are essential for
minimizing the impact of ransomware attacks and ensuring business
continuity.
• Cyber Hygiene: End-users should exercise caution when interacting
with emails, attachments, and links to prevent falling victim to
phishing attacks and malware infections.
• International Cooperation: Addressing the global threat of
cybercrime requires collaboration among governments, law
enforcement agencies, and cybersecurity professionals to share threat
intelligence, coordinate response efforts, and hold cybercriminals
accountable.
END