Cyber Security

Introduction to Cyber Security

Prof. Lavina Mistry

 Introduction to Cyber Security
Session Outline

In this session you will learn about…

» Cybercrime and origins of the world
» Cybercrime and information security
» Classifications of cybercrime
» Cybercrime and the Indian ITA – 2000
 Introduction to Cyber Security
Session Objectives

After this session you will be able to…

» Understand cybercrime and origins of the world

» Know cybercrime and information security

» Identify classifications of cybercrime

» Explain cybercrime and the Indian ITA – 2000

Let’s Watch a Video
 Cybercrime and Origins of the World

Cybercrime may be defined as

“Any unlawful act where computer or
communication device or computer network is
used to commit or facilitate the

commission of crime”
 Introduction to Cyber Security
Cybercrime and Origins of the World

Cybercrime is,
» Any illegal act where a special knowledge of computer technology is essential for its perpetration,
investigation or prosecution
» Any traditional crime that has acquired a new dimension or order of magnitude through the aid of a
computer, and abuses that have come into being because of computers
» Any financial dishonesty that takes place in a computer environment
» Any threats to the computer itself, such as theft of hardware or software, sabotage and demands for
ransom.
» The term “cybercrime” relates to a number of other terms such as:
 Introduction to Cyber Security
Cybercrime and Origins of the World

Other terms used for Cybercrime

Computer-
Internet
related E-crime
crime
crime

Computer High-tech
crime crime
 Introduction to Cyber Security
Cybercrime and Origins of the World

Two types of attacks are prevalent in cybercrime

1. Techno-crime: A premeditated act against a system or systems, with the intent to copy, steal,
prevent access, corrupt or otherwise deface or damage parts of or the complete computer
system.

2. Techno-vandalism: These acts of “brainless” defacement of websites and/or other activities,

such as copying files and publicizing their contents publicly, are usually opportunistic in
nature.
 Introduction to Cyber Security
Cybercrime and Origins of the World

Cybercrimes differ from most terrestrial crimes in four ways

a. how to commit them is easier to learn

b. they require few resources relative to the potential damage
caused
c. they can be committed in a jurisdiction without being
physically present in it
d. they are often not clearly illegal
 Cyberterrorism is defined as “any person,
group or organization who, with terrorist
intent, utilizes accesses or aids in accessing a
computer or computer network or electronic
system or electronic device by any available
means, and thereby knowingly engages in or
attempts to engage in a terrorist act commits
the offence of cyberterrorism.”
 Introduction to Cyber Security
Cyberterrorism

Planning and execution of cyberterrorism

» Cyberterrorists use computer to conduct their unlawful acts
» They use internet to gain sensitive information of companies
» Internet is one of the means by which the offenders can gain priced sensitive
information of companies, firms, individuals, banks, etc.
 Introduction to Cyber Security
Types of Cybercrime

Child Pornography/ Child sexually abusive material (CSAM) refers to material containing
sexual image in any form, of a child who is abused or sexually exploited.
CSAM Section 67 (B) of IT Act states it to be a punishable offense

A form of harassment inflicted through the use of electronic or

Cyber Bullying communication devices such as computer, mobile phone, laptop, etc.

The use of electronic communication by a person to follow a person, or

attempts to contact a person to foster personal interaction repeatedly
Cyber Stalking despite a clear indication of disinterest by such person; or monitoring of
the internet use or activities, email, etc.

Cyber Grooming is when a person builds an online relationship with a

Cyber Grooming young person and tricks or pressures him/ her into doing sexual act
 Introduction to Cyber Security
Types of Cybercrime

Online Job Fraud is an attempt to defraud people who are in need of

Online Job Fraud employment by giving them a false hope/promise of better
employment with higher wages

Online Sextortion occurs when someone threatens to distribute private

Online Sextortion and sensitive material using an electronic medium if he/she doesn’t
provide images of a sexual nature, sexual favours, or money

Vishing is an attempt where fraudsters try to seek personal information

Vishing like Customer ID, Net Banking password, ATM PIN, OTP, Card expiry
date, CVV etc. through a phone call

Sexting is an act of sending sexually explicit digital images, videos, text

Sexting messages, or emails, usually by cell phone
 Introduction to Cyber Security
Types of Cybercrime

Smishing is a type of fraud that uses mobile phone text messages to

Smishing lure victims into calling back on a fraudulent phone number, visiting
fraudulent websites or downloading malicious content via phone or web

Fraudulently getting a new SIM card against a registered mobile number

is known as SIM Swap. Using the new SIM, they get OTP and alerts
SIM Swap Scam required for making financial transactions through the victim's bank
account

Debit/Credit Card An unauthorized use of another's credit or debit card information for
Fraud the purpose of purchases or withdrawing funds from it

Impersonation and Fraudulently making use of the electronic signature, password or any
identity theft other unique identification feature of any other person
 Introduction to Cyber Security
Types of Cybercrime

It involves stealing personal information such as Customer ID, IPIN,

Phishing Credit/Debit Card number, Card expiry date, CVV number, etc. through
emails that appear to be from a legitimate source

A type of computer malware that encrypts the files, storage media on

Ransomeware communication devices like desktops, Laptops, Mobile phones etc.,
holding data/information as a hostage

A data breach is an incident in which information is accessed without

Data Breach authorization

An attack intended to change visual appearance of a website and/ or

Website make it dysfunctional. The attacker may post indecent, hostile and
Defacement obscene images, messages, videos, etc.
 Introduction to Cyber Security
Types of Cybercrime

An act of registering, trafficking in, or using a domain name with an

Cyber Squatting intent to profit from the goodwill of a trademark belonging to
someone else

Pharming is cyber-attack aiming to redirect a website's traffic to another,

Pharming bogus website

Cryptojacking Cryptojacking is the unauthorized use of computing resources to mine

cryptocurrencies
 Introduction to Cyber Security
Types of Cybercrime

A crime of selling, transporting, or illegally importing unlawful

Online Drug
controlled substances, such as heroin, cocaine, marijuana, or other
Trafficking illegal drugs using electronic means

Espionage is the act or practice of obtaining data and information without the
Espionage permission and knowledge of the owner

An attack intended for denying access to computer resource without

Denial of Services permission of the owner or a person who is in-charge of a computer or
(DoS) computer network

Distributed Denial An attack is an attempt to make an online service unavailable by

of Service (DDoS) overwhelming it with traffic from multiple sources
 Introduction to Cyber Security
Cybercrime and Information Security

Indian Information Technology Act (ITA 2008) provides a new focus on

“Information Security in India.”
» “Cybersecurity” means protecting information, equipment, devices,
computer, computer resource, communication device and information
stored therein from unauthorized access
» Where financial losses to the organization due to insider crimes are
concerned, difficulty is faced in estimating the losses because the
financial impacts may not be detected by the victimized organization
and no direct costs may be associated with the data theft
 Introduction to Cyber Security
Cybercrime and Information Security

For anyone trying to compile data on business impact of cybercrime, there are number of challenges.
» Organizations do not explicitly incorporate the cost of the vast majority of computer security incidents into
their accounting
» Difficulty in attaching a quantifiable monetary value to the corporate data and yet corporate data get
stolen/lost
» Organizations abstain from revealing facts and figures about “security incidents” including cybercrime
» Organizations perception about “insider attacks” seems to be different than that made out by security
solution vendor
» Awareness about “data privacy” too tends to be low in most organizations
 Cybercrime is defined as “an act or the
commission of an act that is forbidden, or
the omission of a duty that is commanded
by a public law and that makes the
offender liable to punishment by that
law”
 Introduction to Cyber Security
Classifications of Cybercrime

Cybercrime is classified as follows,

Cybercrime Cybercrime Cybercrime

against against against
individual property organization

Crimes
Cybercrime
emanating from
against
Usenet
Society
newsgroup
 Introduction to Cyber Security
Classifications of Cybercrime

1. Cybercrime against individual crimes that are committed by the cyber criminals
against an individual or a person. A few cyber crimes against individuals are

(i) Email spoofing: Email spoofing is a technique used in spam and

phishing attacks to trick users into thinking a message came from a
person or entity they either know or can trust

(ii) Spamming: Spamming means sending multiple copies of

unsolicited mails or mass e-mails such as chain letters
 Introduction to Cyber Security
Classifications of Cybercrime

(iii) Cyber Defamation : This occurs when defamation takes place with the help of
computers and/or the Internet. E.g. someone publishes defamatory matter about
someone on a website or sends e-mails containing defamatory information.

(iv) Harassment & Cyber stalking : Cyber Stalking Means following an individual's
activity over internet. It can be done with the help of many protocols available
such as e- mail, chat rooms, user net group
 Introduction to Cyber Security
Classifications of Cybercrime

2. Cybercrime against property

(i) Credit Card Fraud : This generally happens if someone gets to know the credit card
number or the card gets stolen

(ii) Intellectual Property crimes : These include

A. Software piracy: Illegal copying of programs, distribution of copies of software
B. Copyright infringement: Using copyrighted material without permission
C.Trademarks violations: Using trademarks and associated rights without
permission of the holder.
D.Theft of computer source code: Stealing, destroying or misusing the source code
of a computer
 Introduction to Cyber Security
Classifications of Cybercrime

(iii) Internet time theft: This happens by the usage of the Internet hours by
an unauthorized person which is actually paid by another person
 Introduction to Cyber Security
Classifications of Cybercrime

3. Cybercrime against organization

(i) Unauthorized Accessing of Computer: Accessing the
computer/network without permission from the owner. It can
be of 2 forms:
A. Changing/deleting data: Unauthorized changing of data
B. Computer voyeur: The criminal reads or
copies confidential or proprietary information, but the data is
neither deleted nor changed

(ii) Denial of Service : When Internet server is flooded with

continuous bogus requests so as to denying legitimate users to
use the server or to crash the server
 Introduction to Cyber Security
Classifications of Cybercrime

(iii) Computer contamination / Virus attack: A computer virus is a

computer program that can infect other computer programs by
modifying them in such a way as to include a (possibly evolved) copy
of it. Viruses can be file infecting or affecting boot sector of the
computer.

(iv) Email Bombing: Sending large numbers of mails to the individual

or company or mail servers thereby ultimately resulting into crashing

(v) Salami Attack: When negligible amounts are removed &

accumulated in to something larger. These attacks are used for the
commission of financial crimes
 Introduction to Cyber Security
Classifications of Cybercrime

(vi) Logic Bomb is an event dependent program. As soon as the

designated event occurs, it crashes the computer, release a virus or
any other harmful possibilities
(vii) Trojan Horse is an unauthorized program which functions from
inside what seems to be an authorized program, thereby concealing
what it is actually doing
(viii) Worms are malicious programs that make copies of
themselves again and again on the local drive, network shares, etc.
(ix) Data diddling is kind of an attack involves altering raw data just
before it is processed by a computer and then changing it back after
the processing is completed
 Introduction to Cyber Security
Classifications of Cybercrime

4. Cybercrime against Society

(i) Forgery: Currency notes, revenue stamps, mark sheets etc. can be
forged using computers and high quality scanners and printers

(ii) Cyber Terrorism: Use of computer resources to intimidate or

coerce people and carry out the activities of terrorism

(iii) Web Jacking: Hackers gain access and control over the website of
another, even they change the content of website for fulfilling
political objective or for money
 Introduction to Cyber Security
Classifications of Cybercrime

5. Crimes emanating from Usenet newsgroup

» Usenet groups may carry very offensive, harmful,

inaccurate or inappropriate material. They may
also have mislabeled or deceptive posts.
» It is expected that one uses caution and exercise
judgment when using Usenet
 Introduction to Cyber Security
Global Perspective on Cybercrimes

Cybercrime Era: Survival Mantra for the Netizens

» Netizen is someone who spends considerable time online and also has a considerable presence online
(through websites about the person, through his/her active blog contribution and/or also his/her
participation in the online chat rooms)
» For ensuring cybersafety, the motto for the “Netizen” should be “Stranger is Danger!”
» The 5P Netizen mantra for online security is:
Protection
Preservation
Prevention

Precaution Perseverance
 Introduction to Cyber Security
Summary

» Cybercrime and information security

» Classifications of cybercrime
» Cybercrime and the Indian ITA – 2000
Introduction to Cyber Security
 Introduction to Cyber Security
Reference

https://www.javatpoint.com/types-of-cyber-attacks
https://www.ques10.com/p/49005/classifications-of-cybercrime-1/
http://www.edtechnology.in/cyber-crime-and-laws/classifications-of-cybercrime/
https://www.lawyersclubindia.com/articles/classification-of-cybercrimes--1484.as
p