Your SlideShare is downloading. ×
Cyber Security Awareness at Dadar April 25, 2010
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Cyber Security Awareness at Dadar April 25, 2010

2,623
views

Published on

This presentation was made for community people to be aware of latest threats and trends and prevent themselves from the misuse of Technology.

This presentation was made for community people to be aware of latest threats and trends and prevent themselves from the misuse of Technology.

Published in: Education

0 Comments
6 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,623
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
3
Comments
0
Likes
6
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Cyber Security & Law Vicky Shah
  • 2. Have you involve yourself? In Signing on with someone else’s screen name to gather information? In Sending an e-mail or online greeting card from someone’s account? In Impersonating someone over Instant Message or chat rooms or online? In teasing or frightening someone over Instant Message or chat or online? In forwarding a Message or chat or online conversation or e-mail without the permission of the other person? In posting pictures or information about someone on a Web site without their consent? In sending rude or scary things to someone, even if you were just joking?
  • 3. Is this Reality? • Computers and internet changed our lives so much that now if we don't have access to e-mail for a day or two, we feel uncomfortable. • Computer and Information security has become a crucial legal and a technical issue. • Is the internet taking over our lives? • We are on the Net 24x7, whether it’s our PCs, Laptops or Mobiles. • Have we started relating more to virtual world than real world?
  • 4. What we do Online? Email: Love it for speed and hate it for SPAM. Chat: Instant Messaging and real time communication Google Maharaja: GOD of Search Social Networking: Facebook, Orkut and Twitter have become our clone Reading Blogs: Research, Education, etc.. You Tube: Free Videos Downloading: Changed the definition of Free Food.
  • 5. Cyber Crime Challenges - Global Perpetrator Easy to learn techniques and acquire tools Small investments that cause massive economic damage No need for physical contact with the victims When done subtly it leaves few or no traces Easy for players to hide – Anonymity Service Providers Many network operators are involved Many countries may be involved – No boundary Different policy of different companies Inadequate cyberspace legislation No common law for the entire world No effective regulatory body for content
  • 6. India – Growing Challenges • Exponential growth of Internet use • Interconnected business and government • E-governance growth has implications for Information Security, Privacy and Cyber Security – Income Tax, Excise, Customs, Sales tax networks connected – Smart cards, UID being issued – Land records computerized – Police networks – Defense is no longer arms & ammunition but GPS & networks
  • 7. Cyber Incidents (Wireless) • September 13, 2008: Indian Mujahideen militants used unsecured WiFi system of a company in Chembur • August 2008: A stray terror e-mail was traced to the Khalsa College, Matunga, Mumbai. • July 2008: E-mails were sent before and after the Ahmedabad blasts. One was traced to Navi Mumbai and the other to an IP address in Vadodara. • May 2008: A terror e-mail was sent before the Jaipur Incidents blasts from a cyber cafe in Ghaziabad. • November 2007: Serial blasts in Lucknow, Varanasi, and Faizabad courts in UP. The terror e-mail was sent by Indian Mujahideen (IM) from a cyber café in Laxmi Nagar, Delhi. (Newspapers and Internet)
  • 8. Mumbai Terror Attack 26/11 • Use of technology by the attackers Terrorists are using – Global Positioning Satellite sophisticated technology devices. systems – Blackberry It is complicated and difficult to develop – CDs with high resolution and coordinate satellite images necessary security measures to counter – Multiple cell phones with such threats switchable SIM cards – Satellite phones
  • 9. Source: March 21, 2020 Times of India
  • 10. Source: April 20, 2010 HT Cafe
  • 11. Lack of Cyber Knowledge Hampers a parent’s ability to raise their children appropriate amount of teaching and ethical foundation. Creates a greater differences in families Culture of Security and Respectability in Question Raises children with no cyber ethical guidance: bad for business and society as a whole.
  • 12. Cyber Security & Computer Related Offense
  • 13. What is Cyber Security? • Security deals with three primary issues, called the CIA triad. – Confidentiality • Assurance that only authorized user may access a resource – Integrity • Assurance that resource has not been modified – Availability • Assurance that authorized user may access a resource when requested • Cyber Security is concerned with the risk of malpractices in the cyberspace which involves the people, process and technology.
  • 14. Cyber Crime/Computer Related Offense Crimes performed or resorted to by abuse of electronic media or otherwise, with the purpose of influencing the functioning of computer or computer system In simple words, Cyber/Computer Crime is any crime where: Computer is a target Computer is a tool of crime Computer is incidental to crime.
  • 15. Computer Related Offense Common types of Crimes may be broadly classified in the following groups: 1)Against Individual 2)Against Organization 3)Against Society
  • 16. Crime Against Individual Against Person: i. Harassment Through e-mails ii. Cyber-Stalking iii. Dissemination of obscene material on the Internet iv. Defamation v. Hacking/Cracking vi. Indecent Exposure Against property of an individual: i. Computer vandalism (damage) ii. Transmitting virus iii. Internet Intrusion iv. Unauthorized control over computer system v. Hacking /Cracking
  • 17. Crime Against Organization Against Government, Private Firm, Company, Group of Individuals: i. Hacking & Cracking ii. Possession of unauthorized Information iii. Cyber terrorism against the government organization iv. Identity Theft/Impersonation v. Distribution of pirated software, etc…
  • 18. Crime Against Society At large, i. Pornography (specially child pornography) ii. Polluting the youth through Indecent Exposure iii. Trafficking iv. Hate Speech, Anti Communities, v. Discrimination and Derogatory remarks on Religion/Caste on online platform
  • 19. Email Crimes • Spamming and Unsolicited Mail • Blackmailing/Defamatory Mail • Extortion/Threatening/Obscene/Abusive Mail • Transmission of Malwares (Virus/Worm/Trojan) • Advance Fee Schemes – Lottery Schemes – Nigerian Scams – Job Opportunities, Mule • Phishing Scams, Identity Theft
  • 20. Cyber Incidents Mobile Phone based Forgery, illegal interception & ID Theft Payment card fraud & e-funds transfer fraud On-line Gaming/Betting Theft of Internet & Telephone services IP offences: illegal software; copyright breaches etc. Misuse of Technology: Mobile and Wi-Fi Commercial/Corporate Espionage On-line Securities Fraud Extortion & Criminal conspiracy
  • 21. Hacking in simple terms means illegal intrusion into a computer system without the permission of the computer owner/user. Hacking is committed for Personal gains Improve technical skills Get famous Revenge Denial of Service (DoS) is an act by the criminal, who floods the bandwidth of the victim’s network depriving him of the services he is entitled to access or provide. Virus Dissemination It is surprising that Pornography is the first consistently successful e-commerce product and the marketing tactics and the curiosity encourage customers to access porn Websites.
  • 22. Contd. Credit Card Fraud Net Extortion This is where the information is stolen and then threatening or black mailing is done for keeping the information secret. E.g.: Copying the company’s confidential data in order to extort said company for huge amount. Phishing It is technique of pulling out confidential information from the bank or financial institutional account holders by deceptive means. You get a genuine looking website similar to the original and the data instead of going to the original server goes to the person who phises the web page. Spoofing: Getting one computer on a network to pretend to have the identity of another computer, usually one with special Access privileges , so as to obtain access to the other computers on the network
  • 23. Software Piracy: Theft of software through the illegal copying of genuine programs or the counterfeiting and distribution of products intended to pass for the original is termed as termed as software piracy. Common ways in which its done: Click Wrap (Downloads) Shrink Wrap (on CD’s) Examples of software piracy: End user copying - Friends loaning disks to each other, or organizations underreporting the number of software installations they have made. Hard disk loading – Hard disk vendors loads pirated software Counterfeiting - large-scale duplication and distribution of illegally copied software. Illegal downloads from the Internet - By intrusion, cracking serial numbers etc.
  • 24. A consumer of pirated software has a lot to lose… He gets untested software that may have been copied thousands of times over, potentially containing hard drive- infecting viruses No technical support in case of software failure No warranty protection No legal right to use the product
  • 25. Resourse: Cybercrime Scenario, Investigation Lifecycle, Cybercrime Analysis Categories: North Virginia Technology Council, aV. Lillard Cyber Crime Investigation Lifecycle Incident Expert Witness Awareness / Testimony Preliminary Analysis Consultation Prevention Technologies Improved Processes Image New Security Policies Acquisition/ Improved Configurations Recovery Preliminary/ Containment Detailed Final Report Analysis Presentation
  • 26. Resourse: Cybercrime Scenario, Investigation Lifecycle, Cybercrime Analysis Categories: North Virginia Technology Council, Terrence V. Lillard Cyber Crime Analysis Categories Cybercrime Scene Cybercrime Investigation Lifecycle Cyber Offender Characteristics Cybercrime Offender Signatures Cybercrime Motivations Cybercrime Reconstruction Deductive Analysis Cyber-Victimology Cybercrime Scene Characteristics Cybercrime Modus Operandi Cyber-Geographical Mapping Equivocal Forensics Digital Evidence Analysis
  • 27. Profile of People Involved Insider - Disgruntled employees and ex-employees, spouses, lovers Crackers - Crack into networks with malicious intent, Setting traps, etc… Virus Writer - Pose serious threats to networks and systems worldwide Foreign Intelligence - Use cyber tools as part of their services, For espionage activities, Can pose the biggest threat to the security of another country Terrorists - Use to formulate plans, to raise funds, propaganda Script Kiddies - Use tools available on the net
  • 28. Case Study
  • 29. © DSCI
  • 30. Landmark Case - MMS CEO of Bazee.com was arrested in December 2004 because a CD with objectionable material was being sold on the website. The CD was also being sold in the markets in Delhi. The Mumbai city police and the Delhi Police got into action. The CEO was later released on bail. THIS OPENED UP THE QUESTION AS TO WHAT KIND OF DISTINCTION DO WE DRAW BETWEEN INTERNET SERVICE PROVIDER AND CONTENT PROVIDER. RESULTED IN AMENDMENTS OF IT ACT 2000. The burden rests on the accused that he was the Service Provider and not the Content Provider. It also raises a lot of issues regarding how the police should handle the cyber crime cases and a lot of education is required.
  • 31. Source Working of Money Mule
  • 32. Source Tips to Avoid Money Mule Everyone needs to be Alert and take steps to protect themselves. To help minimize your chances of being a victim follow these common sense precautions: Be cautious about any unsolicited offers or opportunities offering you the chance to make some easy money. Be especially wary of offers from people or companies overseas as it will be harder for you to find out if they really are who they say they are. Take steps to verify any company which makes you a job offer and check their contact details (address, phone number, email address and website) are correct and whether they are registered in the Country. Never give your bank details to anyone unless you know and trust them.
  • 33. Source Contd… Other signs that could indicate you are being targeted by a money mule scam: Money mule fraudster can take a variety of different forms and they may even copy a genuine company's website and have a similar web address to add authenticity to the scam. These fraudster will normally state that they are an overseas company seeking ‘UK representatives’ or ‘agents’ to act on their behalf for a period of time, sometimes to avoid high charges for making payments, or local taxes. The nature of the work that the company will claim to be involved in can vary, but the specifics of the job being advertised invariably means using your bank account to move funds.
  • 34. Source Contd… The fraudster may be having poor written English with grammatical and spelling mistakes and they may urge you not to inform the bank or the police about the reason for making the payments. The fraudster may seek people with accounts at certain banks. If you have already disclosed your bank account details or received funds into your account – and you think it could be a money mule scam - you should contact your bank immediately.
  • 35. PLEASE If a stranger came up to you on the street would You give him/her your Name, You give him/her your Date of Birth, You give him/her your Likes/Dislikes, You give him/her your Email Id, You give him/her your Contact Number ? You give him/her your Photograph? NO ! NO ! NO ! NO! NO! THEN WHY DO YOU PUBLISH THE SAME ON SOCIAL NETWORKING WEBSITES?????
  • 36. How you should handle and approach? Don’t Panic Call in your incident response team. Contain the problem and avoid the “quick fix.” Take good notes of the entire situation. Have your backup facilities ready. Get rid of the problem. Use trusted, uncompromised communications. Know what to say, to whom and when. Know when to involve Crime Investigator.
  • 37. GUIDELINE & TIPS
  • 38. Home Computer Security Your home computer is a popular target for Intruders They look for credit card numbers, bank account information, OR Use your computer to attack other computers on the INTERNET Why intruders attack home computers ? Not very secure Easy to break into
  • 39. How do they attack your computer? They send you E-mail with a virus They take advantage of a flaw or weakness in one of your computer’s programs – a vulnerability to gain access. They often install new programs that let them continue to use your computer (Backdoor). Trojan Horse are such programs which are used as the backdoor. Such a program which lets the intruder control everything that is on your machine remotely.
  • 40. How can you minimize the risk? Use an anti-virus program (NOD 32, ESET, Kaspersky, etc…) You can add a firewall (Zone Alarm, BlackICE) Periodically download patches, and Use File encryption - to improve the level of security on your home computer
  • 41. Antivirus Programs ESET – NOD 32 Kapsersky Norton Antivirus. McAfee Antivirus. Panda Antivirus. AVG Antivirus. Avast Antivirus. Trend Micro PC-Cillin Antivirus. Microsoft AntiSpyware. Spyware Snooper.
  • 42. Use Anti-Virus programs Viruses can reach your computer in many ways, through - Floppy Disks CD-ROMs E-mails Web sites Downloaded files Check each of the above for viruses. When you insert a floppy disk into the drive, check it for viruses. When you receive email, check it for viruses When you download a file from the Internet, check it for viruses before using it.
  • 43. Handle E-mail attachments carefully You probably receive lots of e-mails each day, much of it unsolicited. Some of these e-mails tell you of a contest that you may have won or the details of a product that you might like. The sender is trying to encourage you to open the letter, read its contents Many of us open letters to learn what we’ve won or what fantastic deal awaits us. If such an e-mail is from a malicious virus writes, it may come as an attachment and he will provoke you to open the attachment. Once you open the attachment, the virus intrudes your computer without your knowledge.
  • 44. Make Backups of Important Files and Folders What happens to your important files and records on your computer if your computer malfunctions or is destroyed by a successful attacker? You should back up an important file and data every time it changes. Take back up on any reliable storage media such as a CD-ROM. Preserve it carefully.
  • 45. Recommendations • Awareness is important and any incident should be reported at once • Users must try and save any electronic information trail on their computers • Avoid giving out unnecessary information about yourself • Use the licensed, latest & updated anti-virus software, operating systems, web browsers and email programs • Check out the site you are doing business with thoroughly • Send credit card information only to secure sites • Protect your Website and Maintain Backups
  • 46. Summary • 99% of the problem lies between the keyboard and chair i.e. the user • Every one a target; Every system a challenge • Cyber Security is not just a technical problem – everyone has a role to play in it • You cannot “fix” security – you can only manage it • AWARENESS OF THE THREAT IS ITSELF A KEY CONTROL
  • 47. Questions Thank You! Vicky Shah vicky@cybercrimes.in Discussion Forum: www.cybercrimes.in/SMF +91-98201-05011 “Human Behaviour is the Biggest Risk in Security – Vicky Shah” “Cyber Space: Safe to Use; Unsafe to Misuse – NASSCOM”
  • 48. Disclaimer This presentation is prepared for knowledge sharing and awareness for end users on April 25, 2010. You can use the information provided here with proper credits. I have tried not to hide original credits as far as possible, nor am I using this presentation for any personal financial gain. Information available in this presentation is not enforceable by law; however these are my view about the topic which I feel should be shared. Any errors, omissions, misstatements, and misunderstandings set forth in the presentation are sincerely apologized. Relying on the contents will be sole responsibility of the users. - Vicky Shah -

×