ciber crime: 2014

Sunday 26 January 2014

CYBER LAW EDUCATION

Cyber law education:

Cyber law education in India is an important part of techno legal education. Techno legal e-learning courses in India are fast gaining interest among various professionals. However, techno legal course are not easy to understand and they are really tough to teach.

There are very few institutions in the world that are providing techno legal courses and education .even lesser are those that are providing techno legal e-learning course. The importance of online cyber law education in India is evident from this gap between the demand and supply.

Cyber security and organizational implications

As organization’s increasingly link more and more of their operational process to their cyber infrastructure, effective cyber security is key to an organizations ability to protect its assets, including its reputation, intellectual property, staff and customer’s. Many companies believe that their investment in sophisticated technical solutions mean that are well protected from cyber-attacks. However this is only one part of an effective defense.

CYBER CRIME AND PUNISHMENTS

Cyber crime and punishments

Under information technology act, 2008, section 66-cand section 419 of Indian penal code, 1860 also applicable. Identity theft offence is cognizable, bail able, compoundable with permission of the court before which the prosecution of such offence is pending and tribal by any magistrate.

Law and punishment for hacking

For data theft:-

Under information technology act, 2008, section 43(b) read with section 66 is applicable and under section 379, 405, &420 of Indian penal code, 1860 also applicable. Data theft offence is cognizable, bail able, compoundable with permission of the court before which the prosecution of such offence is pending and tribal by any magistrate.

For virus spreading:-

Under information technology act, 2008, section 43(c) &43(e) read with section 66 is applicable and under section 268 of Indian penal code, 1860 also applicable. Spreading of virus offence is cognizable, bail able, compoundable.

CYBER LAW

Cyber law

Cyber law is a term used to describe the legal issues related to use of communication technology ,particularly “cyberspace”.i.e. the internet.it is less of a distinct field of law in the way that property or contract are, as it is an intersection of many legal fields ,including intellectual property, privacy, freedom of expression ,and jurisdiction. In essence, cyber law is an attempt to apply laws designed for the physical world ,to human activity on the internet. In India ,the it act ,2000 ac amended by the it act,2008 is known as the cyber law. It has a separate chapter 11 entitled “offence” in which various cyber crimes have been declared as penal offences punishable with imprisonment and fine.

Importance of cyber law

Cyber law is important because it touches almost all aspects of transition and activities on and concerning the internet,the world wide web and cyber space. Initially it may seem that cyber laws is a very technical field and that it does not have any bearing to most activities in cyberspace. But the actual truth is that noting could be future than the truth .whether we realize it or not ,every action and every reaction in cyberspace has some legal and cyber legal perspectives

Cyber law awareness program:

The basic of internet security
Basic information on Indian cyber law
Impact of technology aided crime
Indian it act on covering the legal aspects of all online activities
Types of internet polices required for an organization .

Advantages of cyber law

The it act 2000 attempts to change out dated laws and provides ways to deal wit cyber crimes .We need such laws so that people can perform purchases transaction over the net through credit card without fear of miss use .The act offers the much –needed legal framework so that information is not denied legal effect,validity or enforce ability ,solely on the ground that it is in the form of electronic records.

KEYLOGGERS

Key loggers

Key loggers capture keystrokes on a compromised system. A key logger is a hard ware device or a software program that records the real time activity of a computer user including the keyboard keys they press .it is used in IT organization to troubleshoot technical problems with computers and business networks. Key loggers can also be used by family to monitor the network usage of people without their direct knowledge. Finally, malicious individuals may use key loggers on public computers to steal passwords or credit card information.

A key logger is a type of surveillance software (considered to be either software or spyware) that has the capability to record every keystroke you make to a log file, usually encrypted. A key logger recorder can record instant messages, e-mail, and any information you type at any time using your keyboard. The log file created by the keylogger can then be sent to a specified receiver. Some key logger programs will also record any e-mail addresses you use and Web site URLs you visit.

Saturday 25 January 2014

PASSWORD CRACKING

Password cracking

In computer security, password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system .a common approach is to repeatedly try guesses for the password. The purpose of password cracking might be to help a user recover a forgotten password, to gain unauthorized access to a system, or as a preventive measure by system administrators to check for easily crack able passwords on a file by file basis, password cracking is utilized to gain access to digital evidence for which a judge has allowed access but the particular files access is restricted.

IDENTITY THEFT

Identity theft

Identity theft occurs when someone uses your personally identifying information, like your name, social security number, or credit card number, without your permission, to commit fraud or other crimes.

For identity, this information is as good as gold .skilled identity thieves may use a variety of methods such as old –fashion stealing ,skimming ,phishing, or dumpster diving to get hold of your information .once they have your personal information ,identity thieves use it in a variety of ways ,for instance credit card fraud ,bank/account fraud ,or government document fraud.

Identity fraud

Identity fraud can be described as the use of that stolen identity in criminal activity to obtain goods or services by deception.

Fraudsters can use your identity details to:

open bank accounts
obtain credit cards, loans and state benefits
order goods in your name
take over your existing accounts
take out mobile phone contracts
obtain genuine documents such as passports and driving licences in your name.

Stealing an individual’s identity details does not, on its own, constitute identity fraud. But using that identity for any of the above activities does.

The first you know of it may be when you receive bills or invoices for things you haven’t ordered, or when you receive letters from debt collectors for debts that aren’t yours.

Protect yourself against identity fraud

Don’t throw out anything with your name, address or financial details without shredding it first.
If you receive an unsolicited email or phone call from what appears to be your bank or building society asking for your security details, never reveal your full password, login details or account numbers. Be aware that a bank will never ask for your PIN or for a whole security number or password.
If you are concerned about the source of a call, ask the caller to give you a main switchboard number for you to call them back on. Alternatively, hang up and call your bank back on the legitimate phone number printed on your bank statements.
Check your statements carefully and report anything suspicious to the bank or financial service provider concerned.
Don’t leave things like bills lying around for others to look at.
If you’re expecting a bank or credit card statement and it doesn’t arrive, tell your bank or credit card company.
If you move house, ask Royal Mail to redirect your post for at least a year.
The three credit reference agencies offer a credit report checking service to alert you to any key changes on your credit file that could indicate potential fraudulent activity. • Callcredit • Equifax • Experian
It is particularly helpful to check your personal credit file 2-3 months after you have moved house.

Friday 24 January 2014

PASSWORD SNIFFING

Password Sniffing

Password sniffing is a technique for harvesting passwords that involves monitoring traffic on a network to pull out information. Software to do this automatically is available from several companies and people also can do it manually or write their own software for a specific purpose. While not always malicious in intent, it can be a security threat and there are steps that can be taken to protect a network from sniffing.

If a hacker can't guess your password, there are other ways he/she can try to get it. One way which has become very popular is called ``password sniffing''.It turns out that most networks use what's known as ``broadcast'' technology. What that means is that every message that a computer on the network transmits can be read by any other computer on that network. In practice, all the computers except the recipient of the message will notice that the message is not meant for them, and ignore it.

However, many computers can be programmed to look at every message on the network. If one does this, one can look at message which are not intended for you.Hackers have programs which do this, and then scan all the messages which traverse a network looking for passwords. If you login to a computer across a network, and some computer on the network you use has been compromised this way, you may end up giving your password to the attacker.Using this technique, hackers who've broken into computers which are on heavily used networks have collected thousands of passwords.This is a serious threat to users who login to our computers from remote sites. If you login on the console of a computer, your password never crosses a network where it can be sniffed. But if you login from some other school, or from an internet service provider, you are dependent on the security of their network.

EMAIL BOMBING

Email Bombing /Mail Bombs

This kind of activity refers to sending large numbers of mail to victim, which may be an individual or a company or even mail server, there by ultimately resulting into crashing. Email bombing is characterized by abusers repeatedly sending an email message to a particular address at a specific victim site .In many instance, the massage will be large and constructed from meaningless data in an effort to consume additional system and network resources.

E-mail "bomb" refers to the large number of email messages sent to an account with the primary aim of bringing the account down. When an email server is flooded with email messages, it is unable to receive other email messages and effectively becomes useless.An account that receives an email bomb will also experience an interruption in the transfer and processing of legitimate mail, as well.Email bombs are particularly dangerous as even if an email server is brought down to stave off the problem, the email bombardment will continue where it left off when the server is restarted.Another type of bombing occurs when a user signs someone for multiple newsletter services and other automatic email generation services that can bring a person's inbox to its knees.The only way to recover from an email bomb is probably to contact your Internet service provider for help. It may be necessary for you to disable or change your email address, at least temporarily.

Sunday 19 January 2014

SOFTWARE PIRACY

Software piracy

When someone installs and use commercial software without paying for the program ,it is called “pirating” the software .This name comes from the traditional meaning of the word “pirate ” ,which is a sea-faring criminals that steals and loots belongings from others .But far from the stereotypical sea pirates ,a software pirate can be anyone who owns a computer .Software piracy is committed by simply downloading or coping a program that a user has not paid for.

Software piracy is the unauthorized coping ,distribution of copyrighted software.This can be done by coping ,downloading ,sharing ,selling or installing multiple copies onto personal work computers.what a lot of people don't realize or don't think about is that when you purchase software,you are actually purchasing a license to use it ,not the actual software.

ONLINE FRAUD

Online fraud

Computer fraud is a serious cyber crime now a days .For example :changing input data In an illegal way or entering unauthorized data and modifying output of a computer system .other type of it-related frauds are financial information ,telecommunication fraud by the use of telecommunication system or services for dishonest or fraudulent purpose .

Criminal activity involving the perpetration of a fraud through the use of the computer or the internet can take many different forms. One common form includes “hacking,” in which a perpetrator uses sophisticated technological tools to remotely access a secure computer or internet location. A second common criminal activity involves illegally intercepting an electronic transmission not intended for the interceptor. This may result in the interception of private information such as passwords, credit card information, or other types of so-called identity theft.

Federal law defines computer fraud as the use of a computer to create a dishonest misrepresentation of fact as an attempt to induce another to do or refrain from doing something which causes loss. Criminals create fraudulent misrepresentation in a number of ways. First, they can alter computer input in an unauthorized way. Employees may embezzle company funds by altering input data. Second, criminals can alter or delete stored data. Third, sophisticated criminals can rewrite software codes and upload them into a bank’s mainframe so that the bank will provide its users’ identities to the thieves. The thieves can then use this information to make unauthorized credit card purchases.

Best Example of online fraud is:

Lottery frauds are most common online fraud that happens every day on internet. Every day Gmail, Yahoo or Hotmail like mailing portal users receive mails regarding lottery. Such mails comes with popular brand names saying that "You have won 50 Million dollars" from Coca-Cola, Yahoo, Hotmail and other big names. When you reply to those mails they ask for your bank details to transfer your lottery money. When you send them the details asked, then they ask you to give a processing fee or handling charges. To tell you the fact, such e mails are always misleading and money is never transferred and your bank details are used for other scams or frauds.

HACKING

Hacking

Hacking was clever piece of code constructed by hackers who were smart and creative programmer . In 1970’s to 1990’s ,the definition of hacking changed as many people started using computers and abused computers terminologies .By 1980’s hacking behavior included spreading viruses ,pranks ,theft ,and phone phreaking .

The difference between hackers and other criminal’s is the purpose of crime .Hackers commonly try to benefit not only themselves but also other computers user . A hacker is someone who seeks and exploits weaknesses in a computer system or computer network. Hackers may be motivated by a multitude of reasons, such as profit, protest, or challenge.

Hacking is of those type.

White hat

Black hat

Grey hat

Elite hacker

Script kiddie

Neophyte

Blue hat

Organized criminal gangs

FORGERY

Forgery

Digital forgery has become a big problem with the boom of the internet .many businesses need proof of identity to perform a service ,and with identity fraud being a larger goal for criminal’s this proof is difficult to accept as truthful .criminals have access to much more advanced technology and are willing to go to further lengths to steal peoples information .a social security number ,credit card number , or bank account number are not strong enough proof to show who someone in anymore many companies ask for copies of a social security number ,birth certificate ,or a monthly bill with your name and address on it for further verification .even going to these length’s is not enough .digital forgery is taken one step further with software to recreate and manipulating these private documents and proceed with the scan intended .

CYBER DEFAMATION

Cyber defamation

Defamation is basically causing injury to the reputation of a person or a company using false statements or actions .it can be also described as an attack on good faith name and reputation of a person or company by someone who is not in favor that person or company and thus want to float some negative message in the society or market .defamation is considered to be a crime in almost all the countries of the world including India.

When any sort of defamation is done using internet then it is called Cyber Defamation. Cyber defamation is a crime which is conducted in cyberspace mostly through the medium of Internet with an aim to defame a person or a company. With increasing use of Internet around the globe, the graph of cyber defamation is increasing like anything.

SPAMMING

Spamming

Spamming is the use of electronic messaging systems to send unsolicited bulk message ,especially advertising ,indiscriminately .while the most widely recognized form of spam is e-mail spam ,the term is applied to similar abuses In other media : instant messaging spam , UseNet newsgroup spam ,web search engine spam ,spam in blogs, wiki spam, online classified ads spam ,mobile phone massaging spam .internet forum spam ,junk fax transmission ,social networking spam ,social spam ,television advertising and file sharing spam .spam or the unsolicited sending out of junk e-mails for commercial purpose ,which is unlawful .new anti-spam laws are being passed in various countries which will hopefully limit the use of unsolicited electronic communications .

Spamming remains economically viable because advertisers have no operating costs beyond the management of their mailing lists, and it is difficult to hold senders accountable for their mass mailings.

There are two main types of spam, and they have different effects on Internet users. Cancellable Usenet spam is a single message sent to 20 or more Usenet newsgroups. (Through long experience, Usenet users have found that any message posted to so many newsgroups is often not relevant to most or all of them.) Usenet spam is aimed at "lurkers", people who read newsgroups but rarely or never post and give their address away. Usenet spam robs users of the utility of the newsgroups by overwhelming them with a barrage of advertising or other irrelevant posts. Furthermore, Usenet spam subverts the ability of system administrators and owners to manage the topics they accept on their systems.

Email spam targets individual users with direct mail messages. Email spam lists are often created by scanning Usenet postings, stealing Internet mailing lists, or searching the Web for addresses. Email spams typically cost users money out-of-pocket to receive. Many people - anyone with measured phone service - read or receive their mail while the meter is running, so to speak. Spam costs them additional money. On top of that, it costs money for ISPs and online services to transmit spam, and these costs are transmitted directly to subscribers.

Saturday 18 January 2014

Email Spoofing

Email spoofing

Email spoofing refers to the process of sending an email message from one source ,but making it appear as though the email was sent from a different source .For example ,An email originates from user@domain.com but it appears to be from email@address.com .Another method of spoofing is to make the massage appear to come from an unknown user within your domain name .

This does not mean that yours email account was compromised .It means that the sender has fooled the mail client into believing the email originated from a different address.

Email spoofing is the creation of email messages with a forged sender address - something which is simple to do because the core protocols do no authentication. Spam and phishing emails typically use such spoofing to mislead the recipient about the origin of the message.

Saturday 11 January 2014

CLASSIFICATION OF CYBER CRIME..

CLASSIFICATION OF CYBER CRIME

Computer crime is known by lots of different names, including cyber crime, e-crime etc. All of these are crimes where computers or networks are used or attacked. These electronic crimes are being used to steal identities and huge sums of money . Many traditional crimes such as theft, blackmail, forgery, emblezzlement and froad, today all conducted on internet.

As cybercrime continues to take up a disturbing publicity in the trends that mark our century, the commitment of governments, businesses and the global community to fight this pandemic is not surprising. However, combating this ill will entail identifying, defining and classifying cybercrime. Meanwhile the cybercrime phenomenon is now well known and defined; its classification has been limited at the top-level to a dichotomy of “computer-assisted” and “computer-focused” cybercrimes. This paper examines the crime theory and makes use of two primary motivation models plus four others to posit a motivational framework for cybercrime classification. The proposed model exposes a more holistic perspective on the topic, and would prove a useful tool for all the stakeholders in the battle against cybercrime.

There are some types of cyber crime :-

Email spoofing
Spamming
Cyber defamation
Forgery
Hacking
Online Fraud
Pronographic Offenses
Sofware Piracy
Email Bombing
Computer Network Intrusions
Password Sniffing
Identity Theft
Password Cracking
Key Loggers

There are also some other cyber crime,like:-

UK Audit Commission (1998) Classification

• Fraud

• Theft

• Use of unlicensed software

• Private work

• Misuse of personal data

• Hacking

• Sabotage.

• Introducing pornographic material.

• Virus.

FBI’s National Crime Squad (Fraser, 1996)

• Intrusions of the Public Switched Network (the telephone company)

• Major computer network intrusions

• Network Integrity violations

• Industrial espionage

• Pirated computer software

• Other crimes where the computer is a major factor in committing the criminal offense

Computer Security Institute (CSI) (CSI, 2001)

• Theft and proprietary information

• Sabotage of data or networks

• Telecom eavesdropping

• System penetration by outsider

• Insider abuse of net access

• Financial fraud

• Denial of Service

• Spoofing

• Virus • Unauthorized insider access

• Telecom fraud

• Active wiretapping

• Laptop theft

Friday 10 January 2014

Availability

Availability=

Availability of information refers to ensuring that authorized parties are able to access the information when needed.

Information only has value if the right people can access it at the right times. Denying access to information has become a very common attack nowadays. Almost every week you can find news about high profile websites being taken down by DDoS attacks. The primary aim of DDoS attacks is to deny users of the website access to the resources of the website. Such downtime can be very costly. Other factors that could lead to lack of availability to important information may include accidents such as power outages or natural disasters such as floods.

Availability is best ensured by rigorously maintaining all hardware, performing hardware repairs immediately when needed, providing a certain measure of redundancy and failover, providing adequate communications bandwidth and preventing the occurrence ofbottlenecks, implementing emergency backup power systems, keeping current with all necessary system upgrades, and guarding against malicious actions such as denial-of-service (DoS) attacks.

Integrity

Integrity =

Integrity involves maintaining the consistency, accuracy, and trustworthiness of data over its entire life cycle. Data must not be changed in transit, and steps must be taken to ensure that data cannot be altered by unauthorized people (for example, in a breach of confidentiality). In addition, some means must be in place to detect any changes in data that might occur as a result of non-human-caused events such as an electromagnetic pulse (EMP) or server crash. If an unexpected change occurs, a backup copy must be available to restore the affected data to its correct state.

Integrity of information refers to protecting information from being modified by unauthorized parties.

Information only has value if it is correct. Information that has been tampered with could prove costly. For example, if you were sending an online money transfer for 100 rupees , but the information was tampered in such a way that you actually sent 10,000 rupees, it could prove to be very costly for you.

CONFIDENTIALITY

CONFIDENTIALITY=

Confidentiality prevents sensitive information from reaching the wrong people, while making sure that the right people can in fact get it. A good example is an account number or routing number when banking online. Data encryption is a common method of ensuring confidentiality. User IDs and passwords constitute a standard procedure; two-factor authentication is becoming the norm and biometric verification is an option as well. In addition, users can take precautions to minimize the number of places where the information appears, and the number of times it is actually transmitted to complete a required transaction.

When we talk about confidentiality of information, we are talking about protecting the information from disclosure to unauthorized parties. Information has value, especially in today’s world. Bank account statements , personal information, credit card numbers, trade secrets, government documents. Everyone has information they wish to keep a secret. Protecting such information is a very major part of information security.

Information Security (IS)

Information Security (IS)-

Information security (IS) is designed to protect the confidentiality, integrity and availability of computer system data from those with malicious intentions. Confidentiality, integrity and availability are sometimes referred to as the CIA Triad of information security. This triad has evolved into what is commonly termed the Parkerian hexad, which includes confidentiality, possession (or control), integrity, authenticity, availability and utility.

In its most basic defintion, information security means protecting information and information systems from unauthorized access, use, disruption, or destruction. The terms information security, computer security and information assurance are frequently used interchangeably. Institutions of all sizes collect and store huge volumes of confidential information. The information may be about employees, customers, research, products or financial operations. Most of this information is collected, processed and stored on computers and transmitted across networks to other computers. If this information fell into the wrong hands, it could lead to lost business, law suits, identity theft or even bankruptcy of the business.

Information security has evolved significantly and grown even more important in recent years. From a craeer perspective, there are even more areas where a professional can work in the field. Some of the specialty areas within Information Security include network security, application and database security, security testing, information systems auditing, business continuity planning and digital forensics science, among others.

IS depands on three major terms

CONFIDENTIALITY=

Integrity =

Integrity of information refers to protecting information from being modified by unauthorized parties.

Availability=

Availability of information refers to ensuring that authorized parties are able to access the information when needed.

Monday 6 January 2014

CYBER CRIME

CYBER CRIME-

Cybercrime is defined as a crime in which a computer is the object of the crime (hacking, phishing, spamming) or is used as a tool to commit an offence (child pornography, hate crimes). Cybercriminals may use computer technology to access personal information, business trade secrets, or use the Internet for exploitive or malicious purposes. Criminals can also use computers for communication and document or data storage. Criminals who perform these illegal activities are often referred to as hackers

Generally it is defined as two type

1-crimes that target computer networks or devices directly ,example=

malware ,
denial of service attacks ,
computer viruses

2-crimes facilitated by computer networks or devices ,the primary target of which is independent of the computer network or device, example=

cyber stalking ,
fraud and identity theft ,
phishing scams