Abstract image of a woman sitting on books and studying on a laptop

Cyber Security Concepts, layers of security,

Download as PPTX, PDF
Srinivas Kanakala, profile picture
Srinivas Kanakala

The document explores the multifaceted aspects of cybercrime, including definitions, classifications, and the implications of cyber security in organizational contexts. It discusses various cyber offenses, the evolution of cybercriminal activities, tools and methods used for cybercrime, and the legal frameworks surrounding these issues, particularly in India. Additionally, it examines the psychological and operational motivations of cybercriminals and provides insights into the security challenges posed by modern technology.

Education
1 of 107
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
Most read
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
Cyber Security Concepts, layers of security,
CYBER SECURITY
UNIT- I: Introduction to Cybercrime: Introduction, Cybercrime and Information Security, Cybercriminals, Classifications of Cybercrimes and Cybercrime: The legal Perspectives and Indian Perspective, Cybercrime and the Indian ITA 2000, A Global Perspective on Cybercrimes.
UNIT– II : Cyber Offenses: Introduction, How Criminals plan the Attacks, Social Engineering, Cyber stalking, Cyber cafe and Cybercrimes Botnets: The Fuel for Cybercrime, Attack Vector, Cloud Computing.
UNIT– III: Cybercrime: Mobile and Wireless Devices: Introduction, Proliferation of Mobile and Wireless Devices, Trends in Mobility, Credit card Frauds in Mobile and Wireless Computing Era, Security Challenges Posed by Mobile Devices, Registry Settings for Mobile Devices, Authentication service Security, Attacks on Mobile/Cell Phones Mobile Devices: Security Implications for Organizations, Organizational Measures for Handling Mobile, Organizational Security Policies and Measures in Mobile Computing Era, Laptops.
UNIT- IV: Tools and Methods Used in Cybercrime: Introduction, Proxy Servers and Anonymizers, Phishing, Password Cracking, Key loggers and Spywares, Virus and Worms, Trojan Horse and Backdoors, Steganography, DoS and DDoS attacks, SQL Injection, Buffer Overflow.
UNIT- V: Cyber Security: Organizational Implications Introduction, Cost of Cybercrimes and IPR issues, Web threats for Organizations, Security and Privacy Implications Social media marketing: Security Risks and Perils for Organizations, Social Computing and the associated challenges for Organizations.
Text Books: 1. Cyber Security: Understanding Cyber Crimes, Computer Forensics and Legal Perspectives, Nina Godbole and Sunil Belapure, WileyINDI
INTRODUCTION TO CYBER CRIME  Rapid Growth Of Internet.  Crime Increased.  Email.  Inject Virus Into System.  Mobile, Laptops.  Cloud.
INTRODUCTION….  Key Logger Software.  ATM Scan.  Amazon offers duplicate websites.  Fraud websites for applying govt jobs.  Bahubali cinema booking.  IF NO INTERNET NO CYBER CRIME
Cyber Security Cyber  Computer System(hardware)  Programs or data  Network(wireless or wired) Security  System security  Security for Programs or data  Network security
Cyber Security Cyber Security is a process to protect the network and devices from damages and unauthorized attacks Why Cyber security ?  Confidentiality  Integrity  Availability
Confidentiality The purpose of ‘Confidentiality’ is to ensure the protection of data by preventing the unauthorized disclosure of information A B C
Integrity Integrity refers to the accuracy and completeness of data. Security controls focused on integrity are designed to prevent data from being modified or misused by an unauthorized party. SYSTEM A------------HELLO---------------SYSTEM B Unauthorized user HE123LLO23
Availability Availability refers to information being accessible to authorized personnel as and when it is needed.
UNIT-1 LEARNING OBJECTIVES Learn what is cyber crime Types of cyber crime Difference between cyber crime and cyber fraud Types of cyber criminals Legal perspectives of cyber crime
UNIT-1 LEARNING OBJECTIVES Learn what is cyber crime Types of cyber crime Difference between cyber crime and cyber fraud Types of cyber criminals Legal perspectives of cyber crime
1.1 INRODUCTION The internet in India is growing rapidly. It has given rise to new opportunities in every field we can think of be it entertainment, business, sports or education. There’re two sides to a coin. Internet also has it’s own disadvantages is Cyber crime- illegal activity committed on the internet.
1.2 DEFINING CYBER CRIME  Crime committed using a computer and the internet to steal data or information.  Illegal imports.  Malicious programs.
Cybercrim e  Cybercrime is not a new phenomena  The first recorded cybercrime took place in the year 1820.  In 1820, Joseph Marie Jacquard, a textile manufacturer in France, produced the loom. This device allowed the repetition of a series of steps in the weaving of special fabrics. This resulted in a fear amongst Jacquard's employees that their traditional employment and livelihood were being threatened. They committed acts of sabotage to discourage Jacquard from further use of the new technology. This is the first recorded cyber crime!
Alternative definitions for cybercrime  Any illegal act where a special knowledge of computer technology is essential for its perpetration, investigation or prosecution  Any traditional crime that has acquired a new dimension or order of magnitude through the aid of a computer, and abuses that have come into being because of computers  Any financial dishonesty that takes place in a computer environment.  Any threats to the computer itself, such as theft of hardware or software, sabotage and demands for ransom
Origin of Cyber Crime 1820 first cyber crime 780 cyber crimes in India during Feb 2000 to Dec 2002 3286 cyber crimes in 2009 (in 3Months)
Another definition  “Cybercrime (computer crime) is any illegal behavior, directed by means of electronic operations, that target the security of computer systems and the data processed by them”.  Hence cybercrime can sometimes computer-related crime, computer be called as crime, E- crime, Internet crime, High- techcrime….
Cybercrime specifically can be defined in number of ways…  A crime committed using a computer and the internet to steal a person’s identity(identity theft) or sell contraband or stalk victims or disrupt operations with malevolentprograms.  Crimes completed either on or with a computer  Any illegal activity through the Internet or on the computer.  All criminal activities done using the medium of computers, the Internet, cyberspace and the WWW.
Further  Cybercrime refers to the act of performing a criminal act using cyberspace as communication vehicle.  Two types of attacks are common  1. TECHNO-CRIME  2. TECHNO-VANDALISM
Techno- crime: Active attack. It is a premeditated act against a system, with the intent to copy, steal, prevent access, corrupt or otherwise deface or damage parts of computer system.
Techno – vandalism: Passive attack These are brainless defacement of websites and other activities, such as copying files and publicizing their contents publicity. Tight internet security, strong technical safeguards, should prevent these incidents
Cyber Security Concepts, layers of security,
1.3 Cybercrime and information security  Lack of information securitygive rise to cybercrime  Cybersecurity: means protecting information, equipment, devices, computer, computer resource, communication device and information stored therein from unauthorized access, use, disclosure, disruption, modification ordestruction.
Challenges for securing data in business perspective  Cybercrime occupy an important space in information security due to their impact.  Most organizations do not incorporate the cost of the vast majority of computer security incidents into their accounting  The difficulty in attaching a quantifiable monetary value to the corporate data and yet corporate data get stolen/lost  Financial loses may not be detected by the victimized organization in case of Insider attacks : such as leaking customerdata
Cybercrime trends over years
Definitions 1. CYBER SPACE Cyber space is a nebulous place where humans interact over computer network. Cyber space is a world wide network of computer networks that uses Transmission Control Protocol/Internet Protocol(TCP/IP) for communication to facilitate transmission and exchange of data. It is a place where you can chat,explore,research and play.
2. Cyber squatting Squatting is the act of occupying an un occupied space that the squatter does not own, rent or have permission to use. Domain names are being paid for by the cyber squatters through registration process. It is an act of registering a popular internet address, usually a company name EX: amazon.nice.com
3.Cyberpunk and Cyberwarfare Cyberpunk is anarchy (disorder) via machines or machine/computer rebel movement. Cyber warfare means information warriors unleashing vicious attacks against an unsuspecting opponents computer networks, wreaking havoc(creating great damage) and paralyzing nations.
4. Cyberterrorism The premeditated use of disruptive activities, or threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political, or similar objectives to intimate any person in furtherance of such objectives.
1.4 Who are Cybercriminals?  Are those who conduct acts such as:  Child pornography  Credit card fraud  Cyberstalking  Defaming another online  Gaining unauthorized access to computer systems  Ignoring copyrights  Software licensing and trademark protection  Overriding encryption to make illegal copies  Software piracy  Stealing another’s identity to perform criminal acts
Categorization of Cybercriminals  Type 1:Cybercriminals- hungry for recognition  Hobby hackers  A person who enjoys exploring the limits of what is possible, in a spirit of playful cleverness. May modify hardware/ software  IT professional(social engineering):  Ethical hacker  Politically motivated hackers :  promotes the objectives of individuals, groups or nations supporting a variety of causes such as : Anti globalization, transnational conflicts and protest  Terrorist organizations  Cyberterrorism  Use the internetattacks in terroristactivity  Large scale disruption of computer networks , personal computers attached to internetvia viruses
Type 2: Cybercriminals- not interested in recognition  Psychological perverts  Financially motivated hackers  Make money from cyber attacks  Bots-for-hire : fraud through phishing, information theft, spam and extortion  State-sponsored hacking  Hacktivists  Extremely professional groups working for governments  Have ability to worm into the networks of the media, major corporations, defense departments
Type 3: Cybercriminals- the insiders  Disgruntled or former employees seeking revenge  Competing companies using employees to gain economic advantage through damage and/ or theft.
Motives behind cybercrime  Greed  Desire to gain power  Publicity  Desire for revenge  A sense of adventure  Looking for thrill to access forbidden information  Destructive mindset  Desire to sell network security services
1.5 Classification of cybercrimes 1. Cybercrime against an individual 2. Cybercrime against property 3. Cybercrime against organization 4. Cybercrime against Society 5. Crimes emanating from Usenet newsgroup
1. Cybercrime against an individual  Electronic mail spoofing and other online frauds  Phishing, spear phishing  spamming  Cyberdefamation  Cyberstalking and harassment  Computer sabotage  Passwordsniffing
2.Cybercrime against property  Creditcard frauds  Intellectual property( IP) crimes: software piracy, copy right infringement.  Internet time theft: Unauthorized person using internet
3.Cybercrime against organization  Unauthorized accessing of computer  Password sniffing  Denial-of-service attacks  Virus attack/dissemination of viruses  E-Mail bombing/mail bombs  Salami attack/ Salami technique  Logic bomb  Trojan Horse  Data diddling  Industrial spying/ industrial espionage  Computer network intrusions  Software piracy
4.Cybercrime against Society  Forgery  Cyberterrorism  Web jacking
5. Usenet groups  In 1979 it was developed by two graduate students from Duke University in North Carolina (UNC) as a network that allowed users to exchange quantities of information too large for mailboxes  Usenet was designed to facilitate textual exchanges between scholars.  Slowly, the network structure adapted to allow the exchange of larger files such as videos or images.
Cont…  A News group is an online discussion forum, can also be used to post and read data.  Examples:  Alt. politics  Talk. religion  Sci. physics  Comp. software. testing  Alt. multimedia. comedy
Cont…. Crimes emanating from Usenet news group  Usenet groups may carry very offensive, harmful, inaccurate material  Postings that have been mislabeled or are deceptive in another way  Hence service at your own risk
1.5.1 E-Mail Spoofing  E-mail spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source.  To send spoofed e-mail, senders insert commands in headers that will alter message information.  It is possible to send a message that appears to be from anyone, anywhere, saying whatever the sender wants it to say.  Thus, someone could send spoofed e-mail that appears to be fromyou with a message that you didn't write.
E-Mail Spoofing  Although most spoofed e-mail falls into the "nuisance" category and requires little action other than deletion, the more malicious varieties can cause serious problems and security risks.  For example, spoofed e-mail may purport to be from someone in a position of authority, asking for sensitive data, such as passwords, credit card numbers, or other personal information -- any of which can be used for a variety of criminal purposes.  The Bank of America, eBay, and Wells Fargo are among the companies recently spoofed in mass spam mailings.  One type of e-mail spoofing, self-sending spam, involves messages that appear to be both to and from the recipient.
1.5.2 Spamming  People who create electronic spam : spammers  Spam is abuse of electronic messaging systems to send unsolicited bulk messages indiscriminately  Spamming may be  E-Mail Spam  Instant messaging spam  Usenet group spam  Web search engine spam  Spam in blogs, wiki spam  Online classified ads spam  Mobile phone messaging spam  Internet forum spam  Junk fax spam  Social networking spam ……..
Spamming  Spamming is difficult to control  Advertisers have no operating costs beyond the managementof their mailing lists  It is difficult to hold senders accountable for their mass mailings  Spammers are numerous
Search engine spamming  Some web authors use “subversive techniques” to ensure that their site appears more frequentlyor higher number in returned search results.  Remedy: permanently exclude from the search index
Avoid the following web publishing techniques:  Repeating keywords  Use of keywords that do not relate to the content on the site  Use of fast meta refresh  change to the new page in few seconds.  Redirection  IP cloaking:  Including related links, information, and terms.  Use of colored text on the same color background  Tiny text usage  Duplication of pages with different URLs  Hidden links
Cyber defamation  The tort of cyber defamation is considered to be the act of defaming, insulting, offending or otherwise causing harm through false statements pertaining to an individual in cyberspace.  Example: someone publishes defamatory matter about someone on a website or sends an E-mail containing defamatory information to all friends of that person.
It may amount to defamation when-  Imputation to a deceased person would harm the reputation of that person, and is intended to be hurtful to the feelings of his family or other near relatives  An imputation is made concerning a company or an association or collection of people as such.  An imputation in the form of an alternative or expressed ironically  An imputation that directly or indirectly, in the estimation of others, lowers the moral or intellectual character of that person, or lowers the character of that person in respect of his caste or of his calling, or lowers the credit of that person.
Types of defamation  Libel : written defamation  Slander: oral defamation  The plaintiff must have to show that the defamatory statements were unlawful and would indeed injure the person’s or organization’s reputation.  When failed to prove, the person who made the allegations may still be held responsible for defamation.
Cyber defamation cases  In first case of cyber defamation in India (14 dec 2009),  The employee of a corporate defamed its reputation was sending derogatory and defamatory emails against the company and its managing director  In this case the Court(delhi court) had restrained the defendant from sending derogatory, defamatory, obscene, vulgar, humiliating and abusive emails.  The courtpassed as important ex-parte injunction.  In another case, accused posted obscene, defamatory and annoying message about a divorcee woman and also sent emails to the victim.  The offender was traced and was held guilty of offences under section 469, 509 IPC and 67 of IT Act, 2000.  Other defamation cases:  A malicious customer review by a competitor could destroy a small business.  A false accusation of adultery on a social networking site could destroy a marriage.  An allegation that someone is a “crook” could be read by a potential employer or business partner
1.5.4 Internet Time Theft  Occurs when an unauthorized person uses the Internet hours paid for by another person  Comes under hacking  The person get access to someone else’s ISP user ID and password, either by hacking or by gaining access to it by illegal means  And uses the internet without the other person’s knowledge  This theft can be identified when Internet time is recharged often, despite infrequent usage.  This comes under “identity theft”
1.5.5 Salami attack/ salami technique  Are used for committing financial crimes.  The alterations made are so insignificant that in a single case it would go completely unnoticed.  Example: a bank employee inserts a program, into the bank’s serve, that deduces a small amount from the account of every customer every month,  The unauthorized debit goes unnoticed by the customers, but the employee will make a sizable amount every month.
1.5.5 Salami attack:  Small “shavings” for Big gains!  The petrol pump fraud
1.5.6 Data diddling  Data diddling involves changing data input in a computer.  In other words, information is changed from the way it should be entered by a person typing in the data.  Usually, a virus that changes data or a programmer of the database or application has pre-programmed it to be changed.  For example, a person entering accounting may change data to show their account, or that or a friend or family member, is paid in full. By changing or failing to enter the information, they are able to steal from the company.
 To deal with this type of crime, a company must implement policies and internal controls.  This may include performing regular audits, using software with built-in features to combat such problems, and supervising employees.
Real life example: Doodle me Diddle  Electricity board in India have been victims to data diddling programs inserted when private parties computerized their systems.
1.5.7 Forgery  The act of forging something, especially the unlawful act of counterfeiting a document or object for the purposes of fraud or deception.  Something that has been forged, especially a document that has been copied or remade to look like the original.  Counterfeit currency notes, postage, revenue stamps, marksheets, etc., can be forged using sophisticated computers, printers and scanners.
Real life case:  Abdul Karim Telgi, the mastermind of the multi-crore counterfeiting, printed fake stamp papers worth thousands of crores of rupees using printing machines purchased illegally with the help of some conniving officials of the Central Govt.’s Security Printing Press (India Security Press) located in Nasik. These fake stamp papers penetrated in more than 12 states through a widespread network of vendors who sold the counterfeits without any fear and earned hefty commissions.
1.5.8 Web jacking  This term is derived from the term hi jacking.  In these kinds of offences the hacker gains access and control over the web site of another.  He may even change the information on the site.  The first stage of this crime involves “password sniffing”.  The actual owner of the website does not have any more control over what appears on that website  This may be done for fulfilling political objectives or for money
Real life examples  Recently the site of MIT (Ministry of Information Technology) was hacked by the Pakistani hackers and some obscene matter was placed therein.  Further the site of Bombay crime branch was also web jacked.  Another case of web jacking is that of the ‘gold fish’ case. In this case the site was hacked and the information pertaining to gold fish was changed.
1.5.10 Industrial spying/ Industrial Espionag  Industrial espionage is the covert and sometimes illegal practice of investigating competitors to gain a business advantage.  The target of investigation might be a trade secret such as a proprietary product specification or formula, or information about business plans.  In many cases, industrial spies are simply seeking any data that their organizationcan exploit to its advantage. Spies can get information about product finances, research and development and marketing strategies, an activity known as industrial spying.
Real life case  An Israeli Trojan horse story:  A software engineer in London created a Trojan Horse program specifically designed to extract critical data gathered from machines infected by his program.  Made a business in Israel which would use for spying the industries by planning it into competitors networks.
1.5.11 Hacking Every act committed toward breaking into a computer and/ or network is hacking. Purpose  Greed  Power  Publicity  Revenge  Adventure  Desire to access forbidden information  Destructive mindset
Cont,….  Hackers write or use ready made computer program to attack the target computer.  Desire to destruct and get enjoyment out of such destruction  Some hackers hack for stealing credit card information, transferring money to their desrired accounts.  Dec 2009 NASA site was hacked via SQL injection
HACKERS, CRACKERS &PHRACKERS  HACK: An elegant, with or inspired way of doing almost anything originated at MIT.  while hacking truly applies only to activities having good intentions. CRACKERS: Breaking into or harming into any kind of computer or tele communication system. PHRACKERS: Those targeting phones
1.5.12 Online frauds  Fraud that is committed using the internet is “online fraud.” fraud can involve financial fraud and identity theft. Online  Online fraud comes in many forms.  viruses that attack computers with the goal of retrieving personal information, to email schemes that lure victims into wiring money to fraudulent sources,  “phishing” emails that purport to be from official entities (such as banks or the Internal Revenue Service) that solicit personal information from victims to be used to commitidentity theft,  To fraud on online auction sites (such as Ebay) where perpetrators sell fictionalgoods.  E-Mail spoofing to make the user to enter the personal information : financial fraud  Illegal intrusion: log-in to a computer illegally by having previously obtained actual password. Creates a new identity fooling the computer that the hacker is the genuine operator. Hacker commits innumerable number of frauds.
Nadya Suleman’s Website Hacked, feb 2009
The story..  LOS ANGELES, CA – Octuplet mom Nadya Suleman launched a website to solicit donations for her family, but it was immediately hacked by a group of vigilante mothers!  The website originally featured photos of all eight octuplets, a thank you note from Suleman, images of children’s toys and a large donation button for viewers to send money through. Suleman also provided an address where people can send items such as diapers and formula.  Suleman was perhaps not prepared for the backlash she was to receive, as the site was hacked and brought down within hours. The original homepage was left up but defaced, as seen in the screenshot.
1.5.13 Pornographic offenses: Child pornography  Means any visual depiction, including but not limited to the following: 1. Any photograph that ca be considered obscene and/ or unsuitable for the age of child viewer. 2. Film ,video, picture; 3. Obscene Computergenerated image or picture
How do they Operate 1. Pedophiles use false identity to trap the children/teenagers 2. Pedophiles contact children/teens in various chat rooms which are used by children/teen to interact with other children/teen. 3. Befriend the child/teen. 4. Extract personal information from the child/teen by winning his confidence. 5. Gets the e-mail address of the child/teen and starts making contacts on the victims e-mail address as well. 6. Starts sending pornographic images/text to the victim including child pornographic images in order to help child/teen shed his inhibitions so that a feeling is created in the mind of the victim that what is being fed to him is normal and that everybody does it. 7. Extract personal information from child/teen 8. At the end of it, the pedophile set up a meeting with the child/teen out of the house and then drag him into the net to
1.5.14 Software piracy  Theft of software through the illegal copying of genuine programs or the counterfeiting and pass for the distribution of products intended to original.  End-user copying: Friends loaning disks to each other, organizations under-reporting number of software installations not tracking software licenses.  Hard disk loading with illicit means: hard disk vendors load pirated software.  Counterfeiting: Large scale duplication and distribution of illegally copied software  Illegal downloads from internet: by intrusion, by cracking
Buying Pirated software have a lot to lose:  Getting untested software that may have been copied thousands of times.  Potentiallycontain hard-wareinfecting viruses  No technical support in case of software failure  No warranty protection  No legal right to use the product
1.5.15 Computer sabotage  The use of internet to hinder the normal functioning of a computer system through worms, viruses, or logical bombs. Is referred to as computer sabotage.  Logic bombs are event dependent programs to do something only when a certain event (trigger) occurs.  Chernobyl virus  The Chernobyl virus is a computer virus with a potentially devastating payload that destroys all computer data when an infected file is executed.,  Y2K virus Y2K bug, also called Year 2000 bug or Millennium Bug, a problem in the coding of computerized systems that was projected to create havoc in computersand computer networks around the world at the beginning of the year 2000
1.5.16 E-mail bombing/mail bombs  In Internet usage, an email bomb is a form of net abuse consisting of sending huge volumes of email to an address in an attempt to overflow the mailbox or overwhelm the server where the email address is hosted in a denial-of-service attack.  Construct a computer to repeatedly send E-mail to a specified person’s E-mail address.  Can overwhelm the recipient’s personal account and potentiallyshut down the entiresystem.
1.5.17 Computer network intrusions  An intrusion to computer network from any where in the world and steal data, plant viruses, create backdoors, insert trojan horse or change passwords and user names.  An intrusion detection system (IDS) inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system.  The practice of strong password
1.5.18 Password sniffing  Password sniffers are programs that monitor and record the name and password of network users as they login, jeopardizing security at a site.  Through sniffers installed, anyone can impersonatean authorized user and login to access restricted documents.
1.5.18 Credit card frauds  Credit card fraud is a wide-ranging term for theft and fraud committed using or involving a payment card, such as a credit card or debit card, as a fraudulent source of funds in a transaction.  The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account.  Creditcard fraud is also an adjunct to identity theft.  Bulletin boards and other online services are frequent targets for hackers who want to access
1.5. 19 Identity theft  Identity theft is a fraud involving another person’s identity for an illicit purpose.  The criminal uses someone else’s identity for his/ her own illegal purposes.  Phishing and identity theft are related offenses  Examples:  Fraudulently obtaining credit  Stealing money from victim’s bank account  Using victim’s credit card number  Establishing accounts with utility companies  Renting an apartment  Filing bankruptcy using the victim’s name
Real life cases  Dr. Gerald Barnes Gerald Barnbaum lost his pharmacist license after committing Medicaid fraud. He stole the identity of Dr. Gerald Barnes and practiced medicine under his name. A type 1 diabetic died under his care. “Dr. Barnes” even worked as a staff physician for a center that gave exams to FBI agents. He’s currently serving hard time.  Andrea Harris-Frazier Margot Somerville lost her walleton a trolley. Two years later she was arrested. Andrea Harris-Frazier had defrauded several banks—using Somerville’s identity—out of tens of thousands of dollars. The real crook was caught.  Abraham Abdallah A busboy named Abraham Abdallah got into the bank accounts of Steven Spielberg and other famous people after tricking his victims via computer, getting sufficient data to fake being their financial advisors—then calling their
1.6 Cybercrime: the legal perspective  Cybercrime possess a mammoth challenge  Computercrime: Criminal Justice Resource Manual(1979)  Any illegal act for which knowledge of computer technology is essential for a successful prosecution.  International legal aspects of computercrimes were studied in 1983  Encompasses any illegal act for which the knowledge of computer technology is essential for its prepetration
Cybercrime: the legal perspective  The network context of cyber crime make it one of the most globalized offenses of the present and most modernized threatsof the future.  Solution:  Divide information system into segments bordered by state boundaries.  Or incorporate the legal system into an integrated entity obliterating these state boundaries.
1.7 Cybercrimes: An Indian Perspective  India has the fourth highest number of internet users in the world.  45 million internet users in India  37% - in cybercafes  57% are between 18 and 35 years  The Information Technology (IT) Act, 2000, specifies the acts which are punishable. Since the primary objective of this Act is to create an enabling environment for commercial use of I.T.
Cybercrimes: An Indian Perspective  CasesofvariouscategoriesunderITA2000  217 cases were registered under IT Act during the year 2007 as compared to 142 cases during the previous year (2006)  Thereby reporting an increase of 52.8% in 2007 over 2006.  22.3% cases (49out of 217 cases) were reported from Maharashtra followed by Karnataka (40), Kerala (38) and Andhra Pradesh and Rajasthan (16 each).
Cont…..  India is a youth country according to population age distribution. This is great advantage to develop professional skills.  Crime head-wise and age-group-wise profile of the offenders arrested under ITA 2000 revealed that 55.8% (86 out of 154) of the offenders were arrested under “Obscene publication/transmission in electronic form” of which 70.9% (61 out of 86) were in the age group 18–30 years  50% (24 out of 48) of the total persons arrested for “Hacking with Computer Systems” were in the age group of 18–30 years
Incidence of Cyber Crimes in Cities  17 out of 35 mega cities did not report any case of Cyber Crime i.e, neither under the IT Act nor under IPC Sections) during the year 2007.  17 mega cities have reported 118 cases under IT Act and 7 megacities reported 180 cases undervarious section of IPC.  There was an increase of 32.6% (from 89 cases in 2006 to 118 cases in 2007) in cases under IT Act as compared to previous year (2006),  and an increase of 26.8% (from 142 cases in 2006 to 180 cases in 2007) of cases registered under various section of IPC  Bengaluru (40), Pune (14) and Delhi (10) cities have reported high incidence of cases (64 out of 118 cases) registered under IT Act, accounting for more than half of the cases (54.2%) reported under the Act.
Cybercrimes: An Indian Perspective
1.8 Cyber Crime and India ITA 2000 In India, ITA 2000 was put into practice after the united Nation General Assembly Resolution A/RES/51/162 in January 30,1997 by adopting Model Law on Electronic Commerce adopted by United Nations Commission on International Trade Law. >This was the first step towards law related to Ecommerce
1.8.1 Hacking and the Indian Law Cybercrimes are punishable under two categories:  ITA 2000 and IPC  Total 207 cases were registered under IT Act in 2007 and 142 registered in 2006  Under IPC 399 cases were recorded in 2007 and 311 in 2006.
Cyber Security Concepts, layers of security,
Cyber Security Concepts, layers of security,
1.8.1 Cont …. Hacking and the ITA 2008  The number of Offenses to be monitored has increased. According to cyberlaw experts, “Any criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further crimes comes within the ambit of cybercrime.”  Cases of Spam, hacking, cyberstalking and E-Mail fraud are rampant and, although cybercrimes cells have been set up in major cities, the problem is that most cases remain unreported due to a lack of awareness.
 In the original ITA 2000, the following is stated under CHAPTER XI (Offences): 1. Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its valueorutilityoraffectsitinjuriouslybyanymeans,commits hack. 2. Whoever commits hacking shall be punished with imprisonment up to 3 years, or with fi ne which may extend up to ` 2 lakhs (` 200,000), or with both.
 Existing Sections 66 and 67 (in the original ITA 2000) on hacking and obscene material have been updated by dividing them into more crime-specific subsections, thereby making cybercrimes punishable.  In Section 66, hacking as a term has been removed.  This section has now been expanded to include Sections  66A (offensive messages),  66B(Receiving a Stolen Computer)  66C (identity theft)  6666D (impersonation)  66F (cyberterrorism).
1.9 A Global Perspective on Cybercrimes  In Australia, cybercrime has a narrow statutory meaning as used in the Cyber Crime Act 2001, which details offenses against computer data and systems.  In the Council of Europe’s (CoE’s) Cyber Crime Treaty, cybercrime is used as an umbrella term to refer to an array of criminal activity including  offenses against computer data and systems,  computer-related offenses,  content offenses and copyright offenses
Cont…  The growing phenomenon is the use of Spam to support fraudulent and criminal activities – including attempts to capture financial information (e.g., account numbers and passwords) by masquerading messages as originating from trusted companies (“brand-spoofing” or “Phishing”) – and as a vehicle to spread viruses and worms.  On mobile networks, a peculiar problem is that of sending of bulk unsolicited text messages aimed at generating traffic to premium-rate numbers. As there are no national “boundaries” to such crimes under cybercrime realm, it requires international cooperation between those who seek to enforce anti-Spam laws.  Thus, one can see that there is a lot to do toward building confidence and security in the use of ICTs and moving toward international cooperation agenda.
Cont…  The linkage of cybersecurity and critical infrastructure protection has become a big issue as a number of countries have began assessment of threats, vulnerabilities and started exploring mechanisms to redress them. Recently, there have been a number of significant developments such as  August 4, 2006 Announcement: The US Senate ratifies CoE Convention on Cyber Crime. The convention targets hackers, those spreading destructive computer viruses those using the Internet for the distribution of racist material, and terrorists attempting to attack infrastructure facilities or financial institutions.  In August 18, 2006, there was a news article published “ISPs Wary About ‘Drastic Obligations’ on Web Site Blocking.” European Union (EU) officials want to debar suspicious websites as part of a 6-point plan to boost joint antiterrorism activities. They want to block websites that incite terrorist action. Once again it is underlined
Cont…  In August 18, 2006, there was a news article published “ISPs Wary About ‘Drastic Obligations’ on Web Site Blocking.” European Union (EU) officials want to debar suspicious websites as part of a 6-point plan to boost joint antiterrorism activities. They want to block websites that incite terrorist action.  CoE Cyber Crime Convention (1997–2001) was the first international treaty seeking to address Internet crimes by harmonizing national laws, improving investigative techniques and increasing cooperation among nations.[19] More than 40 countries have ratified the Convention to date.
1.9.1 Cybercrime and the Extended Enterprise  An average user is not adequately educated to understand the threats and how to protect oneself.  Actually, it is the responsibility of each user to become aware of the threats as well as the opportunities that “connectivity” and “mobility” presents them with.  In this context, it is important to understand the concept of “extended enterprise.”
Cont…

More Related Content

PPT
Cyber Crime.ppt
TanviModi14
 
PPTX
cyber security and its importance .pptx
bhaskarnayak18
 
PPTX
cybersecurity subject chapter 1 lec 1-5.pptx
nicedeb699
 
PPTX
Cyber Secuirty Fully explained Lecture Notes
VivekanandaGN1
 
PPTX
Cyber security for engg students and diploma
DrPraveenKumar37
 
PPTX
lecture notes Cyber-Crime and software Ergonomic
MbiedaNgomegniFrankG1
 
PPTX
CLE-Cyber crimes.pptx
VipinRawat52
 
PDF
Cyber Security U-1 ONE SHOT (NEW) Notes_c7ff765d-5cc7-4213-b668-842b59eb9ee5.pdf
ujjawaltiwari606
 
Cyber Crime.ppt
TanviModi14
 
cyber security and its importance .pptx
bhaskarnayak18
 
cybersecurity subject chapter 1 lec 1-5.pptx
nicedeb699
 
Cyber Secuirty Fully explained Lecture Notes
VivekanandaGN1
 
Cyber security for engg students and diploma
DrPraveenKumar37
 
lecture notes Cyber-Crime and software Ergonomic
MbiedaNgomegniFrankG1
 
CLE-Cyber crimes.pptx
VipinRawat52
 
Cyber Security U-1 ONE SHOT (NEW) Notes_c7ff765d-5cc7-4213-b668-842b59eb9ee5.pdf
ujjawaltiwari606
 

Similar to Cyber Security Concepts, layers of security, (20)

PDF
Cyber Crime
Shreyash Patel
 
PPTX
introductiontocybercrimvvvvv63702-lva1-app6892.pptx
bbasummerinternship2
 
PPTX
Cyber crime perspective, definition types, various forms of cyber crime
VanithaM33
 
PPTX
Cyber crimes and its security
Ashwini Awatare
 
PPTX
Cyber crimes and its security
Ashwini Awatare
 
PDF
Cyber Crime and Security ppt by Neeraj Ahirwar
Neeraj Ahirwar
 
DOCX
Research paper on cyber security.
Hussain777
 
PPTX
cs computer notes of studies in education
srinivasgosula
 
PPTX
Cyber Crime
aritraranjan
 
PPT
unit 1. introduction to cyber crime.ppt
Dimple Relekar
 
PPTX
Cyber crime
Muhammad Zeeshan Muzaffar
 
PPTX
Cyber crime & security
aravindanvaithilinga
 
PPTX
Cyber crime ppt
Gracy Joseph
 
PDF
cybercrimeandsecurityppt-140210064917-phpapp02.pdf
gtxgeforce67
 
PPTX
UNIT 1.pptx
ThanmayiK22266716101
 
PPTX
First Lecture- Cyber Security-Bangladesh.pptx
CUInnovationTeam
 
PDF
M1-01-CybercrimeIntroduction.pdf
Shylesh BC
 
PPSX
Unit 1
Jigarthacker
 
PPT
CS 1.ppt
JAYANTHKUMARTM
 
PPTX
Cybercrimes
Shareb Ismaeel
 
Cyber Crime
Shreyash Patel
 
introductiontocybercrimvvvvv63702-lva1-app6892.pptx
bbasummerinternship2
 
Cyber crime perspective, definition types, various forms of cyber crime
VanithaM33
 
Cyber crimes and its security
Ashwini Awatare
 
Cyber crimes and its security
Ashwini Awatare
 
Cyber Crime and Security ppt by Neeraj Ahirwar
Neeraj Ahirwar
 
Research paper on cyber security.
Hussain777
 
cs computer notes of studies in education
srinivasgosula
 
Cyber Crime
aritraranjan
 
unit 1. introduction to cyber crime.ppt
Dimple Relekar
 
Cyber crime
Muhammad Zeeshan Muzaffar
 
Cyber crime & security
aravindanvaithilinga
 
Cyber crime ppt
Gracy Joseph
 
cybercrimeandsecurityppt-140210064917-phpapp02.pdf
gtxgeforce67
 
UNIT 1.pptx
ThanmayiK22266716101
 
First Lecture- Cyber Security-Bangladesh.pptx
CUInnovationTeam
 
M1-01-CybercrimeIntroduction.pdf
Shylesh BC
 
Unit 1
Jigarthacker
 
CS 1.ppt
JAYANTHKUMARTM
 
Cybercrimes
Shareb Ismaeel
 
Ad

More from Srinivas Kanakala (20)

PPTX
EXERCISE 2: Importance of visualizations Principles of communicating data, Pr...
Srinivas Kanakala
 
PPTX
cyber security unit introduction to privacy
Srinivas Kanakala
 
PPTX
620054032-20220209112111-PPT06-Probabilistic-Reasoning.pptx
Srinivas Kanakala
 
PPT
IPR Unit 3 Copyrights and Geographical indications -.ppt
Srinivas Kanakala
 
PPTX
Forensics Analysis of Email cyber forensics
Srinivas Kanakala
 
PPTX
cyber forensics, of email analysis using
Srinivas Kanakala
 
DOCX
list of Scopus journals to publish papers
Srinivas Kanakala
 
DOCX
international conferences names and link
Srinivas Kanakala
 
PPTX
introduction to cyber forensics, digital
Srinivas Kanakala
 
PPTX
Cyberspace and the Law & Cyber Forensics
Srinivas Kanakala
 
PPTX
UNIT 1 INTELLIGENT AGENTS ARTIFICIAL INTELIGENCE
Srinivas Kanakala
 
PPTX
FOUNDATIONS OF ARTIFICIAL INTELIGENCE BASICS
Srinivas Kanakala
 
PPTX
MALWARE ANALYSIS USING DEEP LEARNING PRE
Srinivas Kanakala
 
PPTX
System Logs Anomaly Detection Using Deep Learning
Srinivas Kanakala
 
PDF
RM IPR R22 SYLLABUS REESEARCH METHODOLOGY HELPS FOR WRITING ARTICILES
Srinivas Kanakala
 
PDF
Computer Network Security and Cyber Ethics ( PDFDrive ).pdf
Srinivas Kanakala
 
PDF
Cyber Crime Investigations ( PDFDrive ).pdf
Srinivas Kanakala
 
PPTX
Software Estimation: Components of Software Estimations, Estimation methods...
Srinivas Kanakala
 
PPTX
FLOWCHARTS.pptx
Srinivas Kanakala
 
PPTX
Minor project ppt (1).pptx
Srinivas Kanakala
 
EXERCISE 2: Importance of visualizations Principles of communicating data, Pr...
Srinivas Kanakala
 
cyber security unit introduction to privacy
Srinivas Kanakala
 
620054032-20220209112111-PPT06-Probabilistic-Reasoning.pptx
Srinivas Kanakala
 
IPR Unit 3 Copyrights and Geographical indications -.ppt
Srinivas Kanakala
 
Forensics Analysis of Email cyber forensics
Srinivas Kanakala
 
cyber forensics, of email analysis using
Srinivas Kanakala
 
list of Scopus journals to publish papers
Srinivas Kanakala
 
international conferences names and link
Srinivas Kanakala
 
introduction to cyber forensics, digital
Srinivas Kanakala
 
Cyberspace and the Law & Cyber Forensics
Srinivas Kanakala
 
UNIT 1 INTELLIGENT AGENTS ARTIFICIAL INTELIGENCE
Srinivas Kanakala
 
FOUNDATIONS OF ARTIFICIAL INTELIGENCE BASICS
Srinivas Kanakala
 
MALWARE ANALYSIS USING DEEP LEARNING PRE
Srinivas Kanakala
 
System Logs Anomaly Detection Using Deep Learning
Srinivas Kanakala
 
RM IPR R22 SYLLABUS REESEARCH METHODOLOGY HELPS FOR WRITING ARTICILES
Srinivas Kanakala
 
Computer Network Security and Cyber Ethics ( PDFDrive ).pdf
Srinivas Kanakala
 
Cyber Crime Investigations ( PDFDrive ).pdf
Srinivas Kanakala
 
Software Estimation: Components of Software Estimations, Estimation methods...
Srinivas Kanakala
 
FLOWCHARTS.pptx
Srinivas Kanakala
 
Minor project ppt (1).pptx
Srinivas Kanakala
 
Ad

Recently uploaded (20)

PDF
GIÁO ÁN TIẾNG ANH 7 GLOBAL SUCCESS (CẢ NĂM) THEO CÔNG VĂN 5512 (2 CỘT) NĂM HỌ...
Nguyen Thanh Tu Collection
 
PDF
faiz-khans about Radiotherapy Physics-02.pdf
FrancisKazoba
 
PPTX
ACFE CERTIFICATION TRAINING ON LAW.pptx
Godwin Emmanuel Oyedokun MBA MSc PhD FCA FCTI FCNA CFE FFAR
 
PDF
WHAT NURSES SAY_ COMMUNICATION BEHAVIORS ASSOCIATED WITH THE COMP.pdf
shaheraharby
 
PPTX
Key-Features-of-the-SHS-Program-v4-Slides (3) PPT2.pptx
abdurakibtingsonjali
 
PDF
BSc-Zoology-02Sem-DrVijay-Comparative anatomy of vertebrates.pdf
ps6013234
 
PDF
Compact First Student's Book Cambridge Official
TunHng48
 
PPTX
Neurological complocations of systemic disease
BisratAlex2
 
PPTX
principlesofmanagementsem1slides-131211060335-phpapp01 (1).ppt
Jeyasunitha
 
PDF
Laparoscopic Imaging Systems at World Laparoscopy Hospital
mohitsuren827
 
PPSX
namma_kalvi_12th_botany_chapter_9_ppt.ppsx
gomathiNATHAN5
 
PDF
anganwadi services for the b.sc nursing and GNM
shaila55
 
PDF
African Communication Research: A review
AgathaMashindano1
 
PPTX
MMW-CHAPTER-1-final.pptx major Elementary Education
kimberlydespair4
 
DOCX
THEORY AND PRACTICE ASSIGNMENT SEMESTER MAY 2025.docx
muhammadsyahir916
 
PPTX
Diploma pharmaceutics notes..helps diploma students
zonuntluangimph
 
PDF
Physical pharmaceutics two in b pharmacy
abinayasuresh1312
 
PDF
GSA-Past-Papers-2010-2024-2.pdf CSS examination
AsraAli6
 
PDF
LATAM’s Top EdTech Innovators Transforming Learning in 2025.pdf
educationexcellencem
 
PDF
Chevening Scholarship Application and Interview Preparation Guide
Leneka Rhoden
 
GIÁO ÁN TIẾNG ANH 7 GLOBAL SUCCESS (CẢ NĂM) THEO CÔNG VĂN 5512 (2 CỘT) NĂM HỌ...
Nguyen Thanh Tu Collection
 
faiz-khans about Radiotherapy Physics-02.pdf
FrancisKazoba
 
ACFE CERTIFICATION TRAINING ON LAW.pptx
Godwin Emmanuel Oyedokun MBA MSc PhD FCA FCTI FCNA CFE FFAR
 
WHAT NURSES SAY_ COMMUNICATION BEHAVIORS ASSOCIATED WITH THE COMP.pdf
shaheraharby
 
Key-Features-of-the-SHS-Program-v4-Slides (3) PPT2.pptx
abdurakibtingsonjali
 
BSc-Zoology-02Sem-DrVijay-Comparative anatomy of vertebrates.pdf
ps6013234
 
Compact First Student's Book Cambridge Official
TunHng48
 
Neurological complocations of systemic disease
BisratAlex2
 
principlesofmanagementsem1slides-131211060335-phpapp01 (1).ppt
Jeyasunitha
 
Laparoscopic Imaging Systems at World Laparoscopy Hospital
mohitsuren827
 
namma_kalvi_12th_botany_chapter_9_ppt.ppsx
gomathiNATHAN5
 
anganwadi services for the b.sc nursing and GNM
shaila55
 
African Communication Research: A review
AgathaMashindano1
 
MMW-CHAPTER-1-final.pptx major Elementary Education
kimberlydespair4
 
THEORY AND PRACTICE ASSIGNMENT SEMESTER MAY 2025.docx
muhammadsyahir916
 
Diploma pharmaceutics notes..helps diploma students
zonuntluangimph
 
Physical pharmaceutics two in b pharmacy
abinayasuresh1312
 
GSA-Past-Papers-2010-2024-2.pdf CSS examination
AsraAli6
 
LATAM’s Top EdTech Innovators Transforming Learning in 2025.pdf
educationexcellencem
 
Chevening Scholarship Application and Interview Preparation Guide
Leneka Rhoden
 

Cyber Security Concepts, layers of security,

  • 3. UNIT- I: Introduction to Cybercrime: Introduction, Cybercrime and Information Security, Cybercriminals, Classifications of Cybercrimes and Cybercrime: The legal Perspectives and Indian Perspective, Cybercrime and the Indian ITA 2000, A Global Perspective on Cybercrimes.
  • 4. UNIT– II : Cyber Offenses: Introduction, How Criminals plan the Attacks, Social Engineering, Cyber stalking, Cyber cafe and Cybercrimes Botnets: The Fuel for Cybercrime, Attack Vector, Cloud Computing.
  • 5. UNIT– III: Cybercrime: Mobile and Wireless Devices: Introduction, Proliferation of Mobile and Wireless Devices, Trends in Mobility, Credit card Frauds in Mobile and Wireless Computing Era, Security Challenges Posed by Mobile Devices, Registry Settings for Mobile Devices, Authentication service Security, Attacks on Mobile/Cell Phones Mobile Devices: Security Implications for Organizations, Organizational Measures for Handling Mobile, Organizational Security Policies and Measures in Mobile Computing Era, Laptops.
  • 6. UNIT- IV: Tools and Methods Used in Cybercrime: Introduction, Proxy Servers and Anonymizers, Phishing, Password Cracking, Key loggers and Spywares, Virus and Worms, Trojan Horse and Backdoors, Steganography, DoS and DDoS attacks, SQL Injection, Buffer Overflow.
  • 7. UNIT- V: Cyber Security: Organizational Implications Introduction, Cost of Cybercrimes and IPR issues, Web threats for Organizations, Security and Privacy Implications Social media marketing: Security Risks and Perils for Organizations, Social Computing and the associated challenges for Organizations.
  • 8. Text Books: 1. Cyber Security: Understanding Cyber Crimes, Computer Forensics and Legal Perspectives, Nina Godbole and Sunil Belapure, WileyINDI
  • 9. INTRODUCTION TO CYBER CRIME  Rapid Growth Of Internet.  Crime Increased.  Email.  Inject Virus Into System.  Mobile, Laptops.  Cloud.
  • 10. INTRODUCTION….  Key Logger Software.  ATM Scan.  Amazon offers duplicate websites.  Fraud websites for applying govt jobs.  Bahubali cinema booking.  IF NO INTERNET NO CYBER CRIME
  • 11. Cyber Security Cyber  Computer System(hardware)  Programs or data  Network(wireless or wired) Security  System security  Security for Programs or data  Network security
  • 12. Cyber Security Cyber Security is a process to protect the network and devices from damages and unauthorized attacks Why Cyber security ?  Confidentiality  Integrity  Availability
  • 13. Confidentiality The purpose of ‘Confidentiality’ is to ensure the protection of data by preventing the unauthorized disclosure of information A B C
  • 14. Integrity Integrity refers to the accuracy and completeness of data. Security controls focused on integrity are designed to prevent data from being modified or misused by an unauthorized party. SYSTEM A------------HELLO---------------SYSTEM B Unauthorized user HE123LLO23
  • 15. Availability Availability refers to information being accessible to authorized personnel as and when it is needed.
  • 16. UNIT-1 LEARNING OBJECTIVES Learn what is cyber crime Types of cyber crime Difference between cyber crime and cyber fraud Types of cyber criminals Legal perspectives of cyber crime
  • 17. UNIT-1 LEARNING OBJECTIVES Learn what is cyber crime Types of cyber crime Difference between cyber crime and cyber fraud Types of cyber criminals Legal perspectives of cyber crime
  • 18. 1.1 INRODUCTION The internet in India is growing rapidly. It has given rise to new opportunities in every field we can think of be it entertainment, business, sports or education. There’re two sides to a coin. Internet also has it’s own disadvantages is Cyber crime- illegal activity committed on the internet.
  • 19. 1.2 DEFINING CYBER CRIME  Crime committed using a computer and the internet to steal data or information.  Illegal imports.  Malicious programs.
  • 20. Cybercrim e  Cybercrime is not a new phenomena  The first recorded cybercrime took place in the year 1820.  In 1820, Joseph Marie Jacquard, a textile manufacturer in France, produced the loom. This device allowed the repetition of a series of steps in the weaving of special fabrics. This resulted in a fear amongst Jacquard's employees that their traditional employment and livelihood were being threatened. They committed acts of sabotage to discourage Jacquard from further use of the new technology. This is the first recorded cyber crime!
  • 21. Alternative definitions for cybercrime  Any illegal act where a special knowledge of computer technology is essential for its perpetration, investigation or prosecution  Any traditional crime that has acquired a new dimension or order of magnitude through the aid of a computer, and abuses that have come into being because of computers  Any financial dishonesty that takes place in a computer environment.  Any threats to the computer itself, such as theft of hardware or software, sabotage and demands for ransom
  • 22. Origin of Cyber Crime 1820 first cyber crime 780 cyber crimes in India during Feb 2000 to Dec 2002 3286 cyber crimes in 2009 (in 3Months)
  • 23. Another definition  “Cybercrime (computer crime) is any illegal behavior, directed by means of electronic operations, that target the security of computer systems and the data processed by them”.  Hence cybercrime can sometimes computer-related crime, computer be called as crime, E- crime, Internet crime, High- techcrime….
  • 24. Cybercrime specifically can be defined in number of ways…  A crime committed using a computer and the internet to steal a person’s identity(identity theft) or sell contraband or stalk victims or disrupt operations with malevolentprograms.  Crimes completed either on or with a computer  Any illegal activity through the Internet or on the computer.  All criminal activities done using the medium of computers, the Internet, cyberspace and the WWW.
  • 25. Further  Cybercrime refers to the act of performing a criminal act using cyberspace as communication vehicle.  Two types of attacks are common  1. TECHNO-CRIME  2. TECHNO-VANDALISM
  • 26. Techno- crime: Active attack. It is a premeditated act against a system, with the intent to copy, steal, prevent access, corrupt or otherwise deface or damage parts of computer system.
  • 27. Techno – vandalism: Passive attack These are brainless defacement of websites and other activities, such as copying files and publicizing their contents publicity. Tight internet security, strong technical safeguards, should prevent these incidents
  • 29. 1.3 Cybercrime and information security  Lack of information securitygive rise to cybercrime  Cybersecurity: means protecting information, equipment, devices, computer, computer resource, communication device and information stored therein from unauthorized access, use, disclosure, disruption, modification ordestruction.
  • 30. Challenges for securing data in business perspective  Cybercrime occupy an important space in information security due to their impact.  Most organizations do not incorporate the cost of the vast majority of computer security incidents into their accounting  The difficulty in attaching a quantifiable monetary value to the corporate data and yet corporate data get stolen/lost  Financial loses may not be detected by the victimized organization in case of Insider attacks : such as leaking customerdata
  • 32. Definitions 1. CYBER SPACE Cyber space is a nebulous place where humans interact over computer network. Cyber space is a world wide network of computer networks that uses Transmission Control Protocol/Internet Protocol(TCP/IP) for communication to facilitate transmission and exchange of data. It is a place where you can chat,explore,research and play.
  • 33. 2. Cyber squatting Squatting is the act of occupying an un occupied space that the squatter does not own, rent or have permission to use. Domain names are being paid for by the cyber squatters through registration process. It is an act of registering a popular internet address, usually a company name EX: amazon.nice.com
  • 34. 3.Cyberpunk and Cyberwarfare Cyberpunk is anarchy (disorder) via machines or machine/computer rebel movement. Cyber warfare means information warriors unleashing vicious attacks against an unsuspecting opponents computer networks, wreaking havoc(creating great damage) and paralyzing nations.
  • 35. 4. Cyberterrorism The premeditated use of disruptive activities, or threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political, or similar objectives to intimate any person in furtherance of such objectives.
  • 36. 1.4 Who are Cybercriminals?  Are those who conduct acts such as:  Child pornography  Credit card fraud  Cyberstalking  Defaming another online  Gaining unauthorized access to computer systems  Ignoring copyrights  Software licensing and trademark protection  Overriding encryption to make illegal copies  Software piracy  Stealing another’s identity to perform criminal acts
  • 37. Categorization of Cybercriminals  Type 1:Cybercriminals- hungry for recognition  Hobby hackers  A person who enjoys exploring the limits of what is possible, in a spirit of playful cleverness. May modify hardware/ software  IT professional(social engineering):  Ethical hacker  Politically motivated hackers :  promotes the objectives of individuals, groups or nations supporting a variety of causes such as : Anti globalization, transnational conflicts and protest  Terrorist organizations  Cyberterrorism  Use the internetattacks in terroristactivity  Large scale disruption of computer networks , personal computers attached to internetvia viruses
  • 38. Type 2: Cybercriminals- not interested in recognition  Psychological perverts  Financially motivated hackers  Make money from cyber attacks  Bots-for-hire : fraud through phishing, information theft, spam and extortion  State-sponsored hacking  Hacktivists  Extremely professional groups working for governments  Have ability to worm into the networks of the media, major corporations, defense departments
  • 39. Type 3: Cybercriminals- the insiders  Disgruntled or former employees seeking revenge  Competing companies using employees to gain economic advantage through damage and/ or theft.
  • 40. Motives behind cybercrime  Greed  Desire to gain power  Publicity  Desire for revenge  A sense of adventure  Looking for thrill to access forbidden information  Destructive mindset  Desire to sell network security services
  • 41. 1.5 Classification of cybercrimes 1. Cybercrime against an individual 2. Cybercrime against property 3. Cybercrime against organization 4. Cybercrime against Society 5. Crimes emanating from Usenet newsgroup
  • 42. 1. Cybercrime against an individual  Electronic mail spoofing and other online frauds  Phishing, spear phishing  spamming  Cyberdefamation  Cyberstalking and harassment  Computer sabotage  Passwordsniffing
  • 43. 2.Cybercrime against property  Creditcard frauds  Intellectual property( IP) crimes: software piracy, copy right infringement.  Internet time theft: Unauthorized person using internet
  • 44. 3.Cybercrime against organization  Unauthorized accessing of computer  Password sniffing  Denial-of-service attacks  Virus attack/dissemination of viruses  E-Mail bombing/mail bombs  Salami attack/ Salami technique  Logic bomb  Trojan Horse  Data diddling  Industrial spying/ industrial espionage  Computer network intrusions  Software piracy
  • 45. 4.Cybercrime against Society  Forgery  Cyberterrorism  Web jacking
  • 46. 5. Usenet groups  In 1979 it was developed by two graduate students from Duke University in North Carolina (UNC) as a network that allowed users to exchange quantities of information too large for mailboxes  Usenet was designed to facilitate textual exchanges between scholars.  Slowly, the network structure adapted to allow the exchange of larger files such as videos or images.
  • 47. Cont…  A News group is an online discussion forum, can also be used to post and read data.  Examples:  Alt. politics  Talk. religion  Sci. physics  Comp. software. testing  Alt. multimedia. comedy
  • 48. Cont…. Crimes emanating from Usenet news group  Usenet groups may carry very offensive, harmful, inaccurate material  Postings that have been mislabeled or are deceptive in another way  Hence service at your own risk
  • 49. 1.5.1 E-Mail Spoofing  E-mail spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source.  To send spoofed e-mail, senders insert commands in headers that will alter message information.  It is possible to send a message that appears to be from anyone, anywhere, saying whatever the sender wants it to say.  Thus, someone could send spoofed e-mail that appears to be fromyou with a message that you didn't write.
  • 50. E-Mail Spoofing  Although most spoofed e-mail falls into the "nuisance" category and requires little action other than deletion, the more malicious varieties can cause serious problems and security risks.  For example, spoofed e-mail may purport to be from someone in a position of authority, asking for sensitive data, such as passwords, credit card numbers, or other personal information -- any of which can be used for a variety of criminal purposes.  The Bank of America, eBay, and Wells Fargo are among the companies recently spoofed in mass spam mailings.  One type of e-mail spoofing, self-sending spam, involves messages that appear to be both to and from the recipient.
  • 51. 1.5.2 Spamming  People who create electronic spam : spammers  Spam is abuse of electronic messaging systems to send unsolicited bulk messages indiscriminately  Spamming may be  E-Mail Spam  Instant messaging spam  Usenet group spam  Web search engine spam  Spam in blogs, wiki spam  Online classified ads spam  Mobile phone messaging spam  Internet forum spam  Junk fax spam  Social networking spam ……..
  • 52. Spamming  Spamming is difficult to control  Advertisers have no operating costs beyond the managementof their mailing lists  It is difficult to hold senders accountable for their mass mailings  Spammers are numerous
  • 53. Search engine spamming  Some web authors use “subversive techniques” to ensure that their site appears more frequentlyor higher number in returned search results.  Remedy: permanently exclude from the search index
  • 54. Avoid the following web publishing techniques:  Repeating keywords  Use of keywords that do not relate to the content on the site  Use of fast meta refresh  change to the new page in few seconds.  Redirection  IP cloaking:  Including related links, information, and terms.  Use of colored text on the same color background  Tiny text usage  Duplication of pages with different URLs  Hidden links
  • 55. Cyber defamation  The tort of cyber defamation is considered to be the act of defaming, insulting, offending or otherwise causing harm through false statements pertaining to an individual in cyberspace.  Example: someone publishes defamatory matter about someone on a website or sends an E-mail containing defamatory information to all friends of that person.
  • 56. It may amount to defamation when-  Imputation to a deceased person would harm the reputation of that person, and is intended to be hurtful to the feelings of his family or other near relatives  An imputation is made concerning a company or an association or collection of people as such.  An imputation in the form of an alternative or expressed ironically  An imputation that directly or indirectly, in the estimation of others, lowers the moral or intellectual character of that person, or lowers the character of that person in respect of his caste or of his calling, or lowers the credit of that person.
  • 57. Types of defamation  Libel : written defamation  Slander: oral defamation  The plaintiff must have to show that the defamatory statements were unlawful and would indeed injure the person’s or organization’s reputation.  When failed to prove, the person who made the allegations may still be held responsible for defamation.
  • 58. Cyber defamation cases  In first case of cyber defamation in India (14 dec 2009),  The employee of a corporate defamed its reputation was sending derogatory and defamatory emails against the company and its managing director  In this case the Court(delhi court) had restrained the defendant from sending derogatory, defamatory, obscene, vulgar, humiliating and abusive emails.  The courtpassed as important ex-parte injunction.  In another case, accused posted obscene, defamatory and annoying message about a divorcee woman and also sent emails to the victim.  The offender was traced and was held guilty of offences under section 469, 509 IPC and 67 of IT Act, 2000.  Other defamation cases:  A malicious customer review by a competitor could destroy a small business.  A false accusation of adultery on a social networking site could destroy a marriage.  An allegation that someone is a “crook” could be read by a potential employer or business partner
  • 59. 1.5.4 Internet Time Theft  Occurs when an unauthorized person uses the Internet hours paid for by another person  Comes under hacking  The person get access to someone else’s ISP user ID and password, either by hacking or by gaining access to it by illegal means  And uses the internet without the other person’s knowledge  This theft can be identified when Internet time is recharged often, despite infrequent usage.  This comes under “identity theft”
  • 60. 1.5.5 Salami attack/ salami technique  Are used for committing financial crimes.  The alterations made are so insignificant that in a single case it would go completely unnoticed.  Example: a bank employee inserts a program, into the bank’s serve, that deduces a small amount from the account of every customer every month,  The unauthorized debit goes unnoticed by the customers, but the employee will make a sizable amount every month.
  • 61. 1.5.5 Salami attack:  Small “shavings” for Big gains!  The petrol pump fraud
  • 62. 1.5.6 Data diddling  Data diddling involves changing data input in a computer.  In other words, information is changed from the way it should be entered by a person typing in the data.  Usually, a virus that changes data or a programmer of the database or application has pre-programmed it to be changed.  For example, a person entering accounting may change data to show their account, or that or a friend or family member, is paid in full. By changing or failing to enter the information, they are able to steal from the company.
  • 63.  To deal with this type of crime, a company must implement policies and internal controls.  This may include performing regular audits, using software with built-in features to combat such problems, and supervising employees.
  • 64. Real life example: Doodle me Diddle  Electricity board in India have been victims to data diddling programs inserted when private parties computerized their systems.
  • 65. 1.5.7 Forgery  The act of forging something, especially the unlawful act of counterfeiting a document or object for the purposes of fraud or deception.  Something that has been forged, especially a document that has been copied or remade to look like the original.  Counterfeit currency notes, postage, revenue stamps, marksheets, etc., can be forged using sophisticated computers, printers and scanners.
  • 66. Real life case:  Abdul Karim Telgi, the mastermind of the multi-crore counterfeiting, printed fake stamp papers worth thousands of crores of rupees using printing machines purchased illegally with the help of some conniving officials of the Central Govt.’s Security Printing Press (India Security Press) located in Nasik. These fake stamp papers penetrated in more than 12 states through a widespread network of vendors who sold the counterfeits without any fear and earned hefty commissions.
  • 67. 1.5.8 Web jacking  This term is derived from the term hi jacking.  In these kinds of offences the hacker gains access and control over the web site of another.  He may even change the information on the site.  The first stage of this crime involves “password sniffing”.  The actual owner of the website does not have any more control over what appears on that website  This may be done for fulfilling political objectives or for money
  • 68. Real life examples  Recently the site of MIT (Ministry of Information Technology) was hacked by the Pakistani hackers and some obscene matter was placed therein.  Further the site of Bombay crime branch was also web jacked.  Another case of web jacking is that of the ‘gold fish’ case. In this case the site was hacked and the information pertaining to gold fish was changed.
  • 69. 1.5.10 Industrial spying/ Industrial Espionag  Industrial espionage is the covert and sometimes illegal practice of investigating competitors to gain a business advantage.  The target of investigation might be a trade secret such as a proprietary product specification or formula, or information about business plans.  In many cases, industrial spies are simply seeking any data that their organizationcan exploit to its advantage. Spies can get information about product finances, research and development and marketing strategies, an activity known as industrial spying.
  • 70. Real life case  An Israeli Trojan horse story:  A software engineer in London created a Trojan Horse program specifically designed to extract critical data gathered from machines infected by his program.  Made a business in Israel which would use for spying the industries by planning it into competitors networks.
  • 71. 1.5.11 Hacking Every act committed toward breaking into a computer and/ or network is hacking. Purpose  Greed  Power  Publicity  Revenge  Adventure  Desire to access forbidden information  Destructive mindset
  • 72. Cont,….  Hackers write or use ready made computer program to attack the target computer.  Desire to destruct and get enjoyment out of such destruction  Some hackers hack for stealing credit card information, transferring money to their desrired accounts.  Dec 2009 NASA site was hacked via SQL injection
  • 73. HACKERS, CRACKERS &PHRACKERS  HACK: An elegant, with or inspired way of doing almost anything originated at MIT.  while hacking truly applies only to activities having good intentions. CRACKERS: Breaking into or harming into any kind of computer or tele communication system. PHRACKERS: Those targeting phones
  • 74. 1.5.12 Online frauds  Fraud that is committed using the internet is “online fraud.” fraud can involve financial fraud and identity theft. Online  Online fraud comes in many forms.  viruses that attack computers with the goal of retrieving personal information, to email schemes that lure victims into wiring money to fraudulent sources,  “phishing” emails that purport to be from official entities (such as banks or the Internal Revenue Service) that solicit personal information from victims to be used to commitidentity theft,  To fraud on online auction sites (such as Ebay) where perpetrators sell fictionalgoods.  E-Mail spoofing to make the user to enter the personal information : financial fraud  Illegal intrusion: log-in to a computer illegally by having previously obtained actual password. Creates a new identity fooling the computer that the hacker is the genuine operator. Hacker commits innumerable number of frauds.
  • 76. The story..  LOS ANGELES, CA – Octuplet mom Nadya Suleman launched a website to solicit donations for her family, but it was immediately hacked by a group of vigilante mothers!  The website originally featured photos of all eight octuplets, a thank you note from Suleman, images of children’s toys and a large donation button for viewers to send money through. Suleman also provided an address where people can send items such as diapers and formula.  Suleman was perhaps not prepared for the backlash she was to receive, as the site was hacked and brought down within hours. The original homepage was left up but defaced, as seen in the screenshot.
  • 77. 1.5.13 Pornographic offenses: Child pornography  Means any visual depiction, including but not limited to the following: 1. Any photograph that ca be considered obscene and/ or unsuitable for the age of child viewer. 2. Film ,video, picture; 3. Obscene Computergenerated image or picture
  • 78. How do they Operate 1. Pedophiles use false identity to trap the children/teenagers 2. Pedophiles contact children/teens in various chat rooms which are used by children/teen to interact with other children/teen. 3. Befriend the child/teen. 4. Extract personal information from the child/teen by winning his confidence. 5. Gets the e-mail address of the child/teen and starts making contacts on the victims e-mail address as well. 6. Starts sending pornographic images/text to the victim including child pornographic images in order to help child/teen shed his inhibitions so that a feeling is created in the mind of the victim that what is being fed to him is normal and that everybody does it. 7. Extract personal information from child/teen 8. At the end of it, the pedophile set up a meeting with the child/teen out of the house and then drag him into the net to
  • 79. 1.5.14 Software piracy  Theft of software through the illegal copying of genuine programs or the counterfeiting and pass for the distribution of products intended to original.  End-user copying: Friends loaning disks to each other, organizations under-reporting number of software installations not tracking software licenses.  Hard disk loading with illicit means: hard disk vendors load pirated software.  Counterfeiting: Large scale duplication and distribution of illegally copied software  Illegal downloads from internet: by intrusion, by cracking
  • 80. Buying Pirated software have a lot to lose:  Getting untested software that may have been copied thousands of times.  Potentiallycontain hard-wareinfecting viruses  No technical support in case of software failure  No warranty protection  No legal right to use the product
  • 81. 1.5.15 Computer sabotage  The use of internet to hinder the normal functioning of a computer system through worms, viruses, or logical bombs. Is referred to as computer sabotage.  Logic bombs are event dependent programs to do something only when a certain event (trigger) occurs.  Chernobyl virus  The Chernobyl virus is a computer virus with a potentially devastating payload that destroys all computer data when an infected file is executed.,  Y2K virus Y2K bug, also called Year 2000 bug or Millennium Bug, a problem in the coding of computerized systems that was projected to create havoc in computersand computer networks around the world at the beginning of the year 2000
  • 82. 1.5.16 E-mail bombing/mail bombs  In Internet usage, an email bomb is a form of net abuse consisting of sending huge volumes of email to an address in an attempt to overflow the mailbox or overwhelm the server where the email address is hosted in a denial-of-service attack.  Construct a computer to repeatedly send E-mail to a specified person’s E-mail address.  Can overwhelm the recipient’s personal account and potentiallyshut down the entiresystem.
  • 83. 1.5.17 Computer network intrusions  An intrusion to computer network from any where in the world and steal data, plant viruses, create backdoors, insert trojan horse or change passwords and user names.  An intrusion detection system (IDS) inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system.  The practice of strong password
  • 84. 1.5.18 Password sniffing  Password sniffers are programs that monitor and record the name and password of network users as they login, jeopardizing security at a site.  Through sniffers installed, anyone can impersonatean authorized user and login to access restricted documents.
  • 85. 1.5.18 Credit card frauds  Credit card fraud is a wide-ranging term for theft and fraud committed using or involving a payment card, such as a credit card or debit card, as a fraudulent source of funds in a transaction.  The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account.  Creditcard fraud is also an adjunct to identity theft.  Bulletin boards and other online services are frequent targets for hackers who want to access
  • 86. 1.5. 19 Identity theft  Identity theft is a fraud involving another person’s identity for an illicit purpose.  The criminal uses someone else’s identity for his/ her own illegal purposes.  Phishing and identity theft are related offenses  Examples:  Fraudulently obtaining credit  Stealing money from victim’s bank account  Using victim’s credit card number  Establishing accounts with utility companies  Renting an apartment  Filing bankruptcy using the victim’s name
  • 87. Real life cases  Dr. Gerald Barnes Gerald Barnbaum lost his pharmacist license after committing Medicaid fraud. He stole the identity of Dr. Gerald Barnes and practiced medicine under his name. A type 1 diabetic died under his care. “Dr. Barnes” even worked as a staff physician for a center that gave exams to FBI agents. He’s currently serving hard time.  Andrea Harris-Frazier Margot Somerville lost her walleton a trolley. Two years later she was arrested. Andrea Harris-Frazier had defrauded several banks—using Somerville’s identity—out of tens of thousands of dollars. The real crook was caught.  Abraham Abdallah A busboy named Abraham Abdallah got into the bank accounts of Steven Spielberg and other famous people after tricking his victims via computer, getting sufficient data to fake being their financial advisors—then calling their
  • 88. 1.6 Cybercrime: the legal perspective  Cybercrime possess a mammoth challenge  Computercrime: Criminal Justice Resource Manual(1979)  Any illegal act for which knowledge of computer technology is essential for a successful prosecution.  International legal aspects of computercrimes were studied in 1983  Encompasses any illegal act for which the knowledge of computer technology is essential for its prepetration
  • 89. Cybercrime: the legal perspective  The network context of cyber crime make it one of the most globalized offenses of the present and most modernized threatsof the future.  Solution:  Divide information system into segments bordered by state boundaries.  Or incorporate the legal system into an integrated entity obliterating these state boundaries.
  • 90. 1.7 Cybercrimes: An Indian Perspective  India has the fourth highest number of internet users in the world.  45 million internet users in India  37% - in cybercafes  57% are between 18 and 35 years  The Information Technology (IT) Act, 2000, specifies the acts which are punishable. Since the primary objective of this Act is to create an enabling environment for commercial use of I.T.
  • 91. Cybercrimes: An Indian Perspective  CasesofvariouscategoriesunderITA2000  217 cases were registered under IT Act during the year 2007 as compared to 142 cases during the previous year (2006)  Thereby reporting an increase of 52.8% in 2007 over 2006.  22.3% cases (49out of 217 cases) were reported from Maharashtra followed by Karnataka (40), Kerala (38) and Andhra Pradesh and Rajasthan (16 each).
  • 92. Cont…..  India is a youth country according to population age distribution. This is great advantage to develop professional skills.  Crime head-wise and age-group-wise profile of the offenders arrested under ITA 2000 revealed that 55.8% (86 out of 154) of the offenders were arrested under “Obscene publication/transmission in electronic form” of which 70.9% (61 out of 86) were in the age group 18–30 years  50% (24 out of 48) of the total persons arrested for “Hacking with Computer Systems” were in the age group of 18–30 years
  • 93. Incidence of Cyber Crimes in Cities  17 out of 35 mega cities did not report any case of Cyber Crime i.e, neither under the IT Act nor under IPC Sections) during the year 2007.  17 mega cities have reported 118 cases under IT Act and 7 megacities reported 180 cases undervarious section of IPC.  There was an increase of 32.6% (from 89 cases in 2006 to 118 cases in 2007) in cases under IT Act as compared to previous year (2006),  and an increase of 26.8% (from 142 cases in 2006 to 180 cases in 2007) of cases registered under various section of IPC  Bengaluru (40), Pune (14) and Delhi (10) cities have reported high incidence of cases (64 out of 118 cases) registered under IT Act, accounting for more than half of the cases (54.2%) reported under the Act.
  • 94. Cybercrimes: An Indian Perspective
  • 95. 1.8 Cyber Crime and India ITA 2000 In India, ITA 2000 was put into practice after the united Nation General Assembly Resolution A/RES/51/162 in January 30,1997 by adopting Model Law on Electronic Commerce adopted by United Nations Commission on International Trade Law. >This was the first step towards law related to Ecommerce
  • 96. 1.8.1 Hacking and the Indian Law Cybercrimes are punishable under two categories:  ITA 2000 and IPC  Total 207 cases were registered under IT Act in 2007 and 142 registered in 2006  Under IPC 399 cases were recorded in 2007 and 311 in 2006.
  • 99. 1.8.1 Cont …. Hacking and the ITA 2008  The number of Offenses to be monitored has increased. According to cyberlaw experts, “Any criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further crimes comes within the ambit of cybercrime.”  Cases of Spam, hacking, cyberstalking and E-Mail fraud are rampant and, although cybercrimes cells have been set up in major cities, the problem is that most cases remain unreported due to a lack of awareness.
  • 100.  In the original ITA 2000, the following is stated under CHAPTER XI (Offences): 1. Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its valueorutilityoraffectsitinjuriouslybyanymeans,commits hack. 2. Whoever commits hacking shall be punished with imprisonment up to 3 years, or with fi ne which may extend up to ` 2 lakhs (` 200,000), or with both.
  • 101.  Existing Sections 66 and 67 (in the original ITA 2000) on hacking and obscene material have been updated by dividing them into more crime-specific subsections, thereby making cybercrimes punishable.  In Section 66, hacking as a term has been removed.  This section has now been expanded to include Sections  66A (offensive messages),  66B(Receiving a Stolen Computer)  66C (identity theft)  6666D (impersonation)  66F (cyberterrorism).
  • 102. 1.9 A Global Perspective on Cybercrimes  In Australia, cybercrime has a narrow statutory meaning as used in the Cyber Crime Act 2001, which details offenses against computer data and systems.  In the Council of Europe’s (CoE’s) Cyber Crime Treaty, cybercrime is used as an umbrella term to refer to an array of criminal activity including  offenses against computer data and systems,  computer-related offenses,  content offenses and copyright offenses
  • 103. Cont…  The growing phenomenon is the use of Spam to support fraudulent and criminal activities – including attempts to capture financial information (e.g., account numbers and passwords) by masquerading messages as originating from trusted companies (“brand-spoofing” or “Phishing”) – and as a vehicle to spread viruses and worms.  On mobile networks, a peculiar problem is that of sending of bulk unsolicited text messages aimed at generating traffic to premium-rate numbers. As there are no national “boundaries” to such crimes under cybercrime realm, it requires international cooperation between those who seek to enforce anti-Spam laws.  Thus, one can see that there is a lot to do toward building confidence and security in the use of ICTs and moving toward international cooperation agenda.
  • 104. Cont…  The linkage of cybersecurity and critical infrastructure protection has become a big issue as a number of countries have began assessment of threats, vulnerabilities and started exploring mechanisms to redress them. Recently, there have been a number of significant developments such as  August 4, 2006 Announcement: The US Senate ratifies CoE Convention on Cyber Crime. The convention targets hackers, those spreading destructive computer viruses those using the Internet for the distribution of racist material, and terrorists attempting to attack infrastructure facilities or financial institutions.  In August 18, 2006, there was a news article published “ISPs Wary About ‘Drastic Obligations’ on Web Site Blocking.” European Union (EU) officials want to debar suspicious websites as part of a 6-point plan to boost joint antiterrorism activities. They want to block websites that incite terrorist action. Once again it is underlined
  • 105. Cont…  In August 18, 2006, there was a news article published “ISPs Wary About ‘Drastic Obligations’ on Web Site Blocking.” European Union (EU) officials want to debar suspicious websites as part of a 6-point plan to boost joint antiterrorism activities. They want to block websites that incite terrorist action.  CoE Cyber Crime Convention (1997–2001) was the first international treaty seeking to address Internet crimes by harmonizing national laws, improving investigative techniques and increasing cooperation among nations.[19] More than 40 countries have ratified the Convention to date.
  • 106. 1.9.1 Cybercrime and the Extended Enterprise  An average user is not adequately educated to understand the threats and how to protect oneself.  Actually, it is the responsibility of each user to become aware of the threats as well as the opportunities that “connectivity” and “mobility” presents them with.  In this context, it is important to understand the concept of “extended enterprise.”