Unit 1: Introduction to Cyber Crime and Cyber Security

Introduction to Cyber Security

  • Definition of Cyber Security: It is the practice of protecting systems, networks, and programs from digital attacks.

  • Internet-Connected Systems: It is specifically the protection of internet-connected systems, including hardware, software, and data, from cyber attacks.

  • Objective of Cyberattacks: These attacks are usually aimed at accessing, changing, or destroying sensitive information.

  • Need for Cyber Security:     * To protect private data.     * To protect intellectual data.     * To protect banking and financial data.     * National Security.     * To protect sensitive data.

Introduction to Cybercrime

  • Standard Definition: Cybercrime is defined as "unlawful acts wherein the computer is either a tool or target or both."

  • Alternative Definitions:     * Any criminal activity conducted using digital technology.     * Criminal activity that either targets or uses a computer, a computer network, or a networked device.     * Illegal activity involving computers, the internet, or network devices.     * Any financial dishonesty that takes place in a computer environment.

  • Related Terms: The term "cybercrime" relates to several other terms including Computer-related crime, Computer crime, Internet crime, E-crime, and High-tech crime.

  • The Perspective on Cybercrime: Some argue it is not a crime because it is against software rather than physical property or a person; however, global legal systems are actively introducing laws to combat it.

Origins of the Word "Cybercrime"

  • Etymology: The term is a combination of "cyber" (pertaining to cybernetics/technology) and "crime" (illegal activities).

  • Cybernetics:     * Coined in 19481948 by Norbert Wiener.     * Derived from the Greek word "Kubernetes," meaning "steersman" or "governor."     * It pertains to the science of control and communication in animals, humans, and machines.

  • Evolution of "Cyber": By the 1980s1980s, the term was popularized in science fiction literature, specifically the work of William Gibson, becoming a prefix for computer technology and virtual reality.

  • Crime: Originates from the Latin word "crimen," meaning "accusation" or "charge." The compound term appeared in the late 20th20th century as digital technology advanced.

Types and Classifications of Cybercrime

  • Prevalent Attack Types:     1. Techno-crime: Focused on financial gain, information theft, or harming entities. It is a premeditated act against a system to copy, steal, prevent access, corrupt, or deface parts of a computer system. Example: Hacking a bank's computer to steal money from accounts.     2. Techno-vandalism: Using technology to intentionally cause damage or disrupt systems without a financial motive. Example: Spreading a virus to crash websites just for fun or trouble.

  • Categorization by Target:     * Against Individual: Targets personal information, reputation, and safety (e.g., email spoofing, cyber defamation).     * Against Property: Targets financial assets, intellectual property, and data (e.g., credit card fraud, IP crimes).     * Against Organization: Targets digital assets and systems to cause financial loss or operational disruption (e.g., email bombing, Salami attacks).     * Against Society: Impacts the broader public or specific groups (e.g., cyberterrorism, distributing illegal materials).

Specific Cybercrimes against Individuals

  • E-Mail Spoofing: An email that appears to originate from one source but was actually sent from another.

  • Spamming: The abuse of electronic messaging systems to send unrequested bulk messages. Creators of these messages are called "spammers."

  • Cyber Defamation: Defamation occurring via computers or the internet. Example: Publishing defamatory material on a website or emailing it to a victim's friend group.

  • Cyber stalking: Repeatedly harassing, intimidating, or threatening an individual using the internet to cause fear or distress. Behaviors include monitoring online activities and spreading false information.

Specific Cybercrimes against Property

  • Credit Card Frauds: Fraud committed using payment cards (credit or debit) to obtain goods/services or move funds to a criminal-controlled account.

  • Intellectual Property (IP) Crimes: Cyber theft of IP including copyrights, software piracy, trade secrets, and patents via the internet.

  • Internet Time Theft: When an unauthorized person uses the internet hours paid for by another person.

Specific Cybercrimes against Organizations

  • E-Mail Bombing (Mail Bombs): Sending a massive number of emails to a victim or server to cause it to crash.

  • Salami Attack (Salami Technique): Financial crimes where alterations are so small they go unnoticed. Example: A bank employee program that deducts Rs. 2/2/- (or a few cents) from every customer's account monthly. While the individual loss is unnoticeable, the collective total is sizable.

  • Logic Bomb: Malicious code inserted into software that is triggered only when specific conditions are met.

  • Trojan Horse: Malware that appears to perform a desirable function but facilitates unauthorized access to the computer system.

  • Data Diddling (Data Cheating): Altering raw data just before it is processed by a computer and changing it back after processing is complete.

Specific Cybercrimes against Society

  • Forgery: Using sophisticated computers, scanners, and printers to forge currency notes, stamps, or marksheets.

  • Cyberterrorism: Individuals or groups who access or aid in accessing computer networks with terrorist intent.

  • Web Jacking: Forcefully taking control of a website by cracking and changing the password. It begins with "password sniffing" and results in the owner losing control of the site content.

Information Security (InfoSec)

  • Definition: The processes and methodologies involved in protecting information and systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

  • The CIA Triad:     1. Confidentiality: Ensuring information is accessible only to authorized users. Techniques: Encryption, access controls, authentication.     2. Integrity: Ensuring accuracy and completeness of information. Measures: Checksums, hashing, digital signatures.     3. Availability: Ensuring authorized users have access to assets when required. Strategies: Redundant systems, regular maintenance, DoS protection.

Types of Information Security

  • Network Security: Protects usability and integrity of networks and data (e.g., DDoS protection).

  • Application Security: Features code reviews and secure coding to keep software free of threats.

  • Endpoint Security: Securing user devices (smartphones, tablets) via antivirus and IDS.

  • Data Security: Protects data in storage and transit via encryption and masking.

  • Identity and Access Management (IAM): Policies ensuring only authorized users access resources.

  • Cloud Security: Securing data and services hosted in the cloud.

  • Information Security Governance: Policies and procedures for risk management and incident response.

  • Cryptography: Transforming information into unreadable formats accessible only via a decryption key.

  • Physical Security: Protecting hardware from theft, natural disasters, or vandalism.

  • Incident Response: The organization's approach to prepare for, detect, and recover from security incidents.

Comprehensive Cybercriminal Classifications

  • Definition: Individuals or groups using computers to exploit weaknesses for profit, personal grudges, or political reasons.

  • Major Categories:     1. Hungry for Recognition:         * Hobby Hackers: Engage for fun and intellectual challenge without malicious intent.         * IT Professionals: Skilled individuals hacking to show off abilities or improve job prospects.         * Politically Motivated Hackers (Hacktivists): Attack to promote political/social causes and draw attention.         * Terrorist Organizations: Use hacking for extremist agendas and spreading fear.     2. Not Interested in Recognition:         * Psychological Perverts: Engage in deviant activities like cyberstalking for personal gratification.         * Motivated Hackers: Primarily driven by financial gain (e.g., identity thieves).         * State-Sponsored Hackers: Secretive entities conducting cyber warfare for national interests.         * Organized Criminals: Large-scale operations for profit (e.g., ransomware groups).     3. Insiders:         * Disgruntled/Dissatisfied Employees: Current/former staff seeking revenge via data leaks.         * Competitor Spies: Individuals gathering internal company information to help a rival.

Global Perspective on Cybercrime

  • Economic Impact: Costs the global economy billions of dollars annually in loss and recovery.

  • Organized Nature: Increased use of the dark web and state support for criminal groups.

  • Anonymity: The difficulty in identifying attackers due to internet anonymity is a primary challenge.

  • Future Trends: AI and the Internet of Things (IoT) present emerging security challenges.

Netizens: Survival Mantra for the Cyber Era

  • Definition: Netizen = Net + Citizen (a citizen of the internet involved in online communities).

  • The 5P Mantra:     1. Precaution: Be cautious with unknown links; verify sources; stay informed on scams.     2. Prevention: Use strong, unique passwords; perform regular software updates; avoid public Wi-Fi.     3. Protection: Use antivirus software and firewalls.     4. Preservation: Perform regular data backups to external/cloud drives; secure storage; use data encryption.     5. Perseverance: Continuous learning; maintain vigilance/regular reviews; adaptability to new threats.

Cyber Offense and Attack Planning

  • Cyber Offense vs. Cybercrime: Offense is a broader term for any digital malicious activity, even if not legally classified as a crime. Example: Doxing (publicly revealing private information like phone numbers or home addresses to cause harm).

  • The Cyber Kill Chain (Attack Lifecycle):     1. Reconnaissance (Survey): Gathering info via social media or scanning (Active/Passive).     2. Weaponization (Preparation): Creating a tool (e.g., malware-laden fake email).     3. Delivery: Sending the weapon (e.g., via email, USB, or website).     4. Exploitation (Break-in): Triggering a vulnerability (e.g., user clicks a link).     5. Installation: Installing malware to create a backdoor for remote access.     6. Command and Control (Control): Establishing a communication channel between the system and the attacker's server.     7. Actions on Objectives: Stealing data or disrupting operations.

Social Engineering

  • Definition: Psychological manipulation to trick users into making security mistakes.

  • Human-Based Social Engineering:     * Impersonation: Pretending to be IT support or an authority figure.     * Tailgating: Following an authorized person into a physical restricted area.     * Shoulder Surfing: Observing a victim entering a PIN or password.     * Quid Pro Quo: Offering a service (like free software) in exchange for access.

  • Computer-Based Social Engineering:     * Phishing: Fake emails appearing legitimate.     * Spear Phishing: Targeted phishing customized for a specific individual.     * Smishing: Phishing via SMS.     * Vishing: Phishing via phone calls (voice).     * Baiting: Trapping a target with appealing offers (free downloads).

The Role of Cybercafes

  • Working: Customers pay for time increments (hour/half-hour) to use high-performance computers and internet.

  • Criminal Risks:     * Anonymity: Temporary presence makes records difficult to maintain.     * Launch Point: Used for phishing, IP theft, and cryptocurrency laundering.     * Botnet Command: Serving as centers to control networks of "zombie" computers.

  • Preventive Measures for Users:     * Always logout explicitly.     * Do not leave the system unattended.     * Clear history/temporary files.     * Avoid online financial transactions.     * Use virtual keyboards provided by banks.

Botnets and Attack Vectors

  • Botnet: A network of "bots" or "zombies" (infected computers) managed by a "botmaster" or "bot herder."     * Fuel for Crime: Used for scale, anonymity, and monetization (spam campaigns, click fraud, and crypto-jacking).

  • Attack Vector: The specific path/method (e.g., phishing, unpatched software) used to gain access.

  • Attack Surface: The total sum of all possible entry points (open ports, user accounts) in a system.

Questions & Discussion

  • Brief Questions:     * Define Cyber Crime.     * What is Bot net?     * Why mobile needs security?     * Define Authentication and Authorization.     * What is virus and worms?     * Explain digital evidence?     * Why cyber security is needed?

  • Detailed Questions:     * Explain the origin of the term 'cybercrime' and state few Cyber Crimes.     * What are the security challenges faced by wireless devices?     * Explain 77 tools used in Cyber Crime.     * Explain Digital forensics lifecycle.     * What is the need for an Information Security policy?     * What is Identity Theft and how is it handled?     * What is steganography? Explain in detail.     * What are privacy threats and challenges faced?