Cyber Crimes & Countering Procedures

8/2/2019 Cyber Crimes & Countering Procedures

1/24

Proprietary and Confidential. 2012 CYCOPS. All Rights Reserved.

Cyber crimes & Countering ProceduresPresented by Krishna Chaitanya Suraparaju


2/24


Why learn about Cyber Crimes?

Because

Everybody is using Computers

New generation is growing up with computers

From teenagers to adults

From White collar criminals to terrorist organizations

Conventional crimes like Forgery, extortion,

kidnapping etc. are being committed with the help

of computers

MOST IMPORTANT-Monetary transactions are

moving on to the INTERNET

2


3/24


Infrastructure Protection:

A New Threat Paradigm

Cyberspace: theInfrastructure

behind Critical

Infrastructure

The New Threat: Anyone with a Computer

ManufacturingFood & AgricultureChemicals and Hazardous MaterialsDefense IndustryPublic Health


4/24


High

Low

1980 1985 1990 1995 2000

password guessing

self-replicating code

password cracking

exploiting known vulnerabilities

disabling audits

back doors

hijackingsessions

sweepers

sniffers

packet spoofing

GUI

automated probes/scans

DoS

www attacks

Tools

Attackers

Intruder

Knowledge

Attack Sophistication

stealth / advanced

scanning techniques

burglaries

network mgmt. diagnostics

Attack Sophistication vs.

Intruder Technical Knowledge

2010 2020

Hacktivism

Imminent Attacks


5/24


What is Cyber Crime?

Computer crime or cybercrime or Hitechcrime is a form of crime where the Internet

or computers are used as a medium to

commit crime.

5

Computer

is tool of the crime

Computer is targetof the crime

Computer is incidental to crime


6/24


Types of Cyber Crimes

Cyber Crime refers to all activities done withcriminal intent in cyberspace. These fall into

three categories:

Crimes againstGovernmentAgainstBusiness and Non-business organizations

AgainstIndividuals

6


7/24


International Cyber Crime

International cyber crime is broken downinto 6 legal areas:

1. Computer Fraud (Nigerian scam, lottery scams)

2. Computer Forgery(Email theft, ID theft, Credit card frauds)

3. Damage to Computer data or Computer

Program (Virus, Worms, ransom ware)

4. Computer Sabotage (Firmware attacks)5. UnauthorizedAccess (Hacking)

6. Unauthorized Interception (Sniffing)


8/24


9/24


Cyber Pornography

This would include

pornographic websites;

pornographic magazinesproduced using computer

and the Internet (to down

load and transmit

pornographic pictures,

photos, writings etc.)

9


10/24


Sale of illegal articles

This would include sale of

narcotics, weapons and

wildlife etc., by postinginformation on websites,

bulletin boards or simply

by using e-mail

communications.

10


11/24


Online gambling

There are millions of

websites, all hosted on

servers abroad, that offeronline gambling. In fact, it

is believed that many of

these websites are actually

fronts for money

laundering

11


12/24


Financial Claims & Intellectual

Property Crimes

Financial Claims: This

would include cheating,

credit card frauds, moneylaundering etc.

Intellectual Property

Crimes: These include

software piracy, copyrightinfringement, trademarks

violations etc.

12


13/24


Cyber Defamation

This occurs when

defamation takes place

with the help of computersand or the Internet e.g.

some one published

defamatory matter about

someone on a websites or

sends e-mail containing

defamatory information to

all of thatpersons friends.

13


14/24


Cyber Stalking

Cyber stalking involves

following a persons

movements across theInternet by posting

messages on the bulletin

boards frequented by the

victim , entering the chat-

rooms frequented by the

victim .

14


15/24


Unauthorized access to computer

system or network

This activity is commonly

referred to as hacking.

The Indian Law hashowever given a different

connotation to the term

hacking.

15


16/24


Other attacks:

Theft of in formation contained in electronicfrom: This includes information stored in computerhard disks, removable storage media etc.

E-Mail bombing: Email bombing refers to sendinga large amount of e-mails to the victim resulting inthe victims e-mail account or mail servers.

Data diddling: This kind of an attack involvesaltering the raw data just before it is processed by acomputer and then changing it back after theprocessing is completed.

16


17/24


Other attacks:

Salami attacks: Those attacks are used for thecommission of financial crimes. The key here is tomake the alteration so insignificant that in a singlecase it would go completely unnoticed e.g. A bank

employee inserts a program into banks servers,that deducts a small amount from the account ofevery customer.

Denial of Service: This involves flooding computerresources with more requests than it can handle.

This causes the resources to crash thereby denyingauthorized users the service offered by theresources.

17


18/24


Other attacks:

Virus/worm: Viruses are programs that attachthem selves to a computer or a file and thencirculate them selves to other files and to othercomputers on a network. They usually affect the

data on a computer, either by altering or deleting it.Worms, unlike viruses don not need the host toattach them selves to.

Logic bombs: These are dependent programs.This implies that these programs are created to do

some thing only when a certain event occurs, e.g.some viruses may be termed logic bombs becausethey lie dormant all through the year and becomeactive only on a particular date.

18


19/24


Other attacks:

Trojan Horse: A Trojan as this program isaptly called, is an unauthorized program whichfunctions from inside what seem s to be anauthorized program , thereby concealing what

it is actually doing.Internet Time Theft: This connotes the usage

by unauthorized persons of the Internet hourspaid for by another person.

Physically damaging a computer system:This crime is committed by physicallydamaging a computer or its peripherals.

19


20/24


Cyber Law

India has enacted the first I.T. Act, 2000.Offence categorization table is as follows:

20

Offence Section under IT Act

Tampering with Computer source documents Sec.65

Hacking with Computer systems, Data alteration Sec.66

Publishing obscene information Sec.67

Un-authorised access to protected system Sec.70

Breach of Confidentiality and Privacy Sec.72

Publishing false digital signature certificates Sec.73


21/24


Cyber Law

Computer Related Crimes Covered underIPC and Special Laws

21

Offence Section

Sending threatening messages by email Sec. 503 IPC

Sending defamatory messages by email Sec. 499 IPC

Forgery of electronic records Sec. 463 IPC

Bogus websites, cyber frauds Sec. 420 IPC

Email spoofing Sec. 463 IPC

Web-Jacking Sec. 383 IPCE-Mail Abuse Sec. 500 IPC

Online sale of Drugs NDPS Act

Online sale of Arms Arms Act


22/24


Potential Cyber Attacks

Unauthorized Intrusions

Website Defacements

Domain Name Server

Attacks Distributed Denial of

Service (DDoS) Attacks

Computer Worms

Routing Operations

Critical Infrastructures

Compound Attacks

l f k


23/24


Potential Sources of Attacks

1. Thrill Seekers

2. Disgruntled Employees

3. Organized Crime

4. Terrorist Sympathizers

and Anti-U.S. Hackers

5. Terrorist Groups

6. Nation-States


24/24

Proprietary and Confidential. 2012 CYCOPS All Ri ht R d

Questions?

24GoSecure Inc.

Cyber Crimes & Countering Procedures

Documents

Transcript of Cyber Crimes & Countering Procedures