This presentation is based on the lectures delivered for students of B. Voc. (Semester 2 ) Computing Skills (TISS) at HMMRA, Vile Parle, Mumbai during January – February 2019
Contents of this presentation may also be useful to other students pursuing similar courses.
2. For Whom ?
This presentation is based on the lectures delivered for
students of B. Voc. (Semester 2 ) Computing Skills (TISS) at
HMMRA, Vile Parle, Mumbai during January – February 2019
Contents of this presentation may also be useful to other
students pursuing similar courses.
--- Prof. Mukesh N Tekwani, Mumbai
mukeshtekwani@outlook.com
2
3. Cyber?
1. The term Cyberspace was first coined by William
Gibson in 1982, in his novel Neuromancer.
2. Cyber - relating to computers, information technology
and virtual reality
3
4. What is Cyber Crime?
1. Any illegal activity committed using a computer and / or
Internet
2. Cybercrime is - “unlawful acts wherein the computer is
either a tool or a target or both”.
3. Cyber crime is an extension of existing illegal activities
4
5. Causes of Cyber Crime
1. Internet makes it easy to do a cyber crime
2. ‘Crime at a distance’ - the perpetrator does not have to be
at the scene of the crime
3. The criminal can be faceless – till the crime is solved, if it is
solved!
4. Conviction rates are fairly low as technology makes the
detection process difficult
5. Low risk – high returns – low convictions => this has led to
increase in cyber crime
5
6. Basic Terminology - 1
1. Threat – An event or an action that has got the ability to
violate the security or to compromise the system
2. Exploit – a way to breach the security of a machine
through a loophole or a vulnerability
3. Vulnerability – A weakness in the design or existence of a
loop hole that could lead to undesirable or unexpected
events that could compromise the security
6
7. Basic Terminology - 2
4. Attacker – Any individual who compromises the security of
a machine in order to steal, manipulate or cause
destruction of data
5. Attack – The action that is performed by an attacker that
would harm the system or the information stored in it
6. Data Theft – Action of stealing data/information from the
victim’s machine
7
8. Types of Cyber Crimes
1. Crimes against Persons – stalking, nuisance, harassment,
defamation
2. Crimes against property – data, information, computer,
communication device, damage to source code
3. Crimes against government – cyber terrorism, cyber war
4. Social media crimes
8
9. Types of Cyber Crimes
1. Traditional crimes – fraud, cheating
2. Identity Theft
3. Banking frauds
4. Property Crimes – infiltration of computers with malicious
software – through email attachments, websites.
5. Theft of bandwidth
6. Crimes against businesses
9
10. Types of Cyber Crime
7. Misuse of Social Media Platforms, spreading of fake news
8. Defamation
9. Threats
10. Pornography
11. Hacking
12. Planting viruses
13. IPR thefts – Intellectual Property Rights
14. Ransomware
15. Tech support scams (non-existing malware, etc)
10
11. Challenges
1. New technologies
2. New threats
3. Complex networks
4. New vulnerabilities
5. Limited focus on security
6. Limited security expertise
11
12. Cyber Crime Against Individual
- Cyber stalking – use of technology to harass someone e.g.
false accusations,
- Distributing pornography
- Trafficking
- Grooming – harassment or seduction of a minor by an adult
- Spying – obtaining secrets without the permission of the
holder of information (reading another person’s email)
- Juice jacking
12
14. Cyber Crime - Hacking
- Hacking
- A person’s
computer is
broken into so that
the personal and
sensitive
information can be
stolen
14
15. Cyber Crime - Hacking
- Indian Websites hacked in recent past:
- 2016 – 33,147
- 2017 – 30,067
- 2018 – 15,779
- The Indian Computer Emergency Response Team (CERT-In)
issues alerts and advisories regarding latest cyber threats
and countermeasures.
15
16. Cyber Crime - Hacking
- Hacking
- The hacker uses a variety of software tools to get into a
computer system.
- The victim may not even be aware that his system has
been hacked
- Ethical hacking is a different concept – here organisations
may employ hacker to test their systems for weakness or
vulnerabilities
16
17. Cyber Crime - Theft
- Theft
- Violation of copyright laws
- Downloading music for commercial purpose
- Download images for commercial purpose
- Download games and movies without paying for them
- Some websites encourage software piracy and these
websites are now being shut down
- REMEMBER!!! – Downloading software, music, movies
and games without paying for it is a Theft
17
18. Cyber Crime - Stalking
- Stalking
- Online harassment
- Victim is sent numerous
messages/emails
- The stalker knows the victim
- May not be doing offline
stalking
- Remember these words –
follow, shadow, go after, be
after, trail, follow
18
19. Cyber Crime – Identity Theft
- Identity Theft
- Deliberate use of someone’s identity
- Someone steals your identity – name, address,
- Passport details
- That ’someone’ becomes you
- Then he/she can pretend to be you, and misuse your bank
accounts, credit cards, debit card and other sensitive
information
- He/she can buy things online in the victims name
- Causes financial loss and spoils the credit history 19
20. Cyber Crime – Identity Theft
- How do Attackers carry out Identity Theft?
- Phishing – fake sites are created by fraudsters who trick
victims into giving out their information
- Social Engineering – art of manipulating human emotions for
getting sensitive information
- Hacking – If victim’s computer or mobile is compromised,
hackers will get maximum information
- Personal data Theft – credit card info, checks, PAN card and
Aadhar card details.
20
21. Cyber Crime – Identity Theft
- What to do?
- Contact banks immediately
- Freeze your bank accounts
- Change your passwords
- Block credit / debit cards
- FIR at nearest police station
- Contact your mobile service provider and get a new SIM
card in your name
21
22. Cyber Crime – Identity Theft
- Frauds
- Financial frauds
- Gain control over bank accounts
- Get loans based on your identity
- Credit card frauds
- Mobile phone frauds
- Frauds pertaining to government documents
22
23. Cyber Crime – Malicious Software
- Malicious Software or Malware
- Such software is intentionally designed to cause damage
- These are software or programs that are used to disrupt a
network.
- Such software can be used to
- steal data
- Cause damage to a server
- Slow down or bring down a network
23
24. Cyber Crime – Phishing
- Phishing
- The thief (phisher) sends a deceptive email to the
recipient tricking him into providing personal account
details (username/password).
- The phisher will provide the user a link to “sign in” at an
official-looking website,
- This site looks almost identical to a real vendor’s website
with similar design but built specifically to collect personal
information.
- That information will be used against the victim later.
24
26. Cyber Crime – Vishing
- Vishing
- Vishing uses phone to extract data through voice calls
- The visher will make cold calls to the victim posing as a
representative of the victim’s bank, income tax dept., or
insurance company
- Other times these calls will be automated with voice
prompts.
- The plan is to gain access to the victim’s financial and
personal information.
26
31. Cyber Crime – Mobile Wallet Frauds
- Transfer money from one wallet to another.
- Or, attacker will purchase goods such as mobile phone,
etc. Later they sell this to others.
- Never store a large amount on money in mobile wallet
- Never store credit/debit card details in your mobile wallet.
31
32. Cyber Crime – Debit/Credit Card Frauds
- Don’t keep information about your credit/debit card in
your mobile
- Remember the CVV number on your card and remove it
from the card itself.
- Money stolen from your mobile wallets can be stored in
other stolen wallets and in that case you would become
not just a victim but even the perpetrator
- Never allow apps to read your SMS – else OTP can be read
and transferred
- Don’t use public Wi-Fi to access secure data – banks, etc
32
41. Passwords
- 123456
- password
- 123456789
- Abc123
- admin
- !@#$%^
- Godhelpme
- Donald
- qwerty123
- Use passphrases of 12 characters or
more
- Use different password for each site
- Change password frequently
- Song/phrase/….
41
42. Never Respond To These
- Free credit card offers
- Credit card offers
- Lottery schemes from ANYWHERE in the world
- ‘RBI’ lottery
- Income Tax department ‘REFUND’ notice
- ‘Loan is Ready’ emails
- ‘Friendship’ emails
- Bank ‘confirmation email’
- ‘Your email account will be blocked’ emails
- Government jobs emails – Jobs? Government? Joking??
42
43. Safe Disposal of Old Hardware
- Companies sell their old hardware – disks, servers,
without wiping sensitive data on them.
- These servers contain credit card details, health records,
source code for controlling fire-fighting equipment, street
lights, etc
43
44. Cyber Crime – Cyber Terrorism
- Cyber Terrorism
- Use of Internet-based attacks in terrorist activities
- Large scale disruption of computer networks
- Use computer viruses to disable computers
- DOS attacks (Denial of Service)
44
45. Cyber Crime Against An Entire Country
- Business Insider (India), Dec 22, 2018
- Gatwick Airport – Britain’s 2nd busiest airport, Europe’s 8th.
- Brought to a standstill for 36 hours by – a drone and 2
people.
- What they did? – illegal flying of drones near the airport
- Army had to be called in.
45
46. Cyber Crime Against An Entire Country
- What happens if hackers take an entire country offline?
- Lights off
- Power supply disrupted
- Communications
- Transport – rail, air affected
- If Temperature sensor hacked in a factory, hacker can set
up the place on fire
- Cyber terrorism becomes a means of mass destruction
- Enemy is hidden so whom to you attack?
46
47. Cyber Crime Against An Entire Country
- In December 2017, 3 men caused the largest internet outage in
history - a distributed "denial of service" attack
- blacked out the web across most of the US and large chunks of
Northern Europe for about 12 hours.
- How did they do it? They had disabled Dyn, a company that
provides Domain Name System (DNS) services - the web's
directory of addresses, basically - to much of the Internet.
47
48. Cyber Crime Against An Entire Country
In April 2018, the African country of
Mauritania was taken offline for two days
when someone cut the single undersea
cable that serves its internet.
Who did this ?
Neighbouring country Sierra Leone
48
49. Cyber Crime - Ransomware
In May 2017, Wannacry virus affected Britain’s
National Health Service
It locked up user’s computer and demanded a ransom
By December 2017, the US govt confirmed that the
North Korean government was responsible for the
attack.
49
51. What the Internet Knows About You
“Google Will Soon Know You Better Than Your Spouse Does”
– Ray Kurzwel, Director of Engineering at Google
51
52. Top Global Risks in Terms of Likelihood
Extreme Weather events1
Natural Disasters2
Cyber attacks3
Data fraud or Theft4
52
53. Cyber War
- Cyber War is defined as “ the use of computer technology to
disrupt the activities of a state or organisation”. Also called
“bloodless war”
- Estonia – 2007
- Iran – 2010 – Stuxnet virus – affected Iranian nuclear
weapons plant. This code was installed by using USB key !
- Cyberwarfare is cheap – compared to building nuclear
missiles
- It can affect all communications, bring down power grid
53
54. Case Study – Cyber Attacks of Estonia
- April 27, 2007 – Estonia hit by a massive cyber DDOS
(Distributed Denial of Service) attack
- Online services of banks, govt organisations, media houses,
police were taken down due to unprecedented levels of internet
traffic
- Huge amounts of automated online requests swamped the
servers for 2 weeks
- Result?
- ATM and banking services x
- Govt employees could not communicate on email
- Broadcasters and newspapers could not deliver news 54
55. TEST - 1
- Pick a term that describes the following:
data, cyber, vulnerability, phishing, wishing, hacking, vishing,
information, exploit, juice jacking, threat
1. Relating to Internet _________
2. Roll No : 386 __________
3. Way to breach security _________
4. Weakness in the system _________
5. Action that can violate the security of a system ________
6. Stealing data while charging a phone ___________
55
56. TEST - 2
- Classify the following crimes by writing them under appropriate
columns:
Damage to source code, stalking, cyber terrorism, defamation,
damage to data, damage to communication devices, cyber war
identity theft, grooming
Crime against Persons Crimes against
Property
Crimes against
government
56
57. TEST - 3
Describe these terms in atleast 5 sentences
- Hacking
- Phishing
- Vishing
- Cyber terrorism
- Safe passwords
57
58. TEST - 4
In your own words, explain the reasons behind cyber crime
58
59. TEST - 5
CONGRATULATIONS!!!
You have been appointed as the Chief Information Security Officer
of the multinational bank FBN Bank.
What advice will you give to your bank customers to protect their
accounts?
59
60. TEST - 6
In your words describe cyber stalking and child soliciting
60
