Successfully reported this slideshow.
Cyber Crime & Security

CYBER CRIME & SECURITY

A Seminar Report

Submitted By

Mr. Ronson Calvin Fernandes
Register Numbe...
Cyber Crime & Security

ABSTRACT

As a coin has two sides , one which we can see directly and to see other we need
to flip...
CONTENTS
1. INTRODUCTION

04

2. OVERVIEW OF THE TOPIC

05

2.1 DEFINITION – CYBER CRIME

05

2.2 CYBER WARE

05

3. DETAI...
Cyber Crime & Security

1. INTRODUCTION

Like traditional crime, cybercrime can take many shapes and can occur nearly
anyt...
Cyber Crime & Security

2. OVERVIEW OF THE TOPIC

2.1

DEFINITION – CYBER CRIME
Crime committed using a computer and the i...
Cyber Crime & Security

3. DETAILED EXPLANATION

Cyber crime is an evil having its origin in the dependence on computers i...
Cyber Crime & Security
3.2

CRIME WARE

The software tools used in cybercrime is sometimes referred to as crime ware.
Crim...
Cyber Crime & Security
Bots sneak onto a person's computer in many ways. Bots oftentimes spread
themselves across the Inte...
Cyber Crime & Security
3.4

CRIMEWARE : TROJAN HORSE

What is a Trojan Horse?
This term "Trojan Horse" comes from a Greek ...
Cyber Crime & Security
Spyware is similar to a Trojan horse in that users unknowingly install the
product when they instal...
Cyber Crime & Security

In most cases, phishers send out a wave of spam email, sometimes up to
millions of messages. Each ...
Cyber Crime & Security

3.7 ONLINE FRAUD : PHARMING

What is Pharming?
Pharming (pronounced "farming") is another form of ...
Cyber Crime & Security

Pharming example
One of the 1st known pharming attacks was conducted in early 2005. Instead
of tak...
Cyber Crime & Security

5. BASIC PREVENTION TIPS
Cybercrime prevention can be straight-forward - when armed with a little
...
Cyber Crime & Security

5.2

Make sure your computer is configured securely

Keep in mind that a newly purchased computer ...
Cyber Crime & Security

Keep your passwords in a safe place and try not to use the same password for
every service you use...
Cyber Crime & Security

6. LAWS AGAINST CYBER CRIMES

Cyberlaw is a much newer phenomenon having emerged much after the on...
Cyber Crime & Security

7. REFERENCES
[1]

Norton , Symantec Group.
http://in.norton.com/cybercrime

[2] Cyber Crime & E-G...
Cyber Crime & Security

19
Cyber Crime & Security

20
Cyber Crime & Security

21
Cyber Crime & Security

22
Upcoming SlideShare
Loading in …5
×

Cyber crime report

3,558 views

Published on

Published in: Technology
  • Be the first to comment

Cyber crime report

  1. 1. Cyber Crime & Security CYBER CRIME & SECURITY A Seminar Report Submitted By Mr. Ronson Calvin Fernandes Register Number : 110919053 IV Semester M.C.A. Manipal Institute of Technology, Manipal DEPARTMENT OF MASTER OF COMPUTER APPLICATIONS MANIPAL INSTITUTE OF TECHNOLOGY (A Constituent Institute of Manipal University) MANIPAL - 576 104 1
  2. 2. Cyber Crime & Security ABSTRACT As a coin has two sides , one which we can see directly and to see other we need to flip the coin , our society also has got two sides. On one side there are people who use the advancement in technology for good purpose and on the opposite side there are people who misuse them. From the early civilization period there is the existence of laws to guard against crimes and criminals. And these laws were strictly maintained in order to bring law and order in the society. And in this information age , a new variety of crimes are evolving and these are known as CYBER CRIMEs. Any illegal or unlawful activities committed by an individual or group of people which is against and harmful to the society and its people or harmful to the nation can be regarded as crime. And the person or group of people , who committed such activities are regarded as Criminals. Similarly crimes committed using Computer , Internet or a Network as a subject or object of crime are generally known as Cyber Crime. And in this Information age there are plenty of laws to tackle with these kind of cyber crimes. So , the people of the society has to understand these laws and make use of these laws to a good effect. 2
  3. 3. CONTENTS 1. INTRODUCTION 04 2. OVERVIEW OF THE TOPIC 05 2.1 DEFINITION – CYBER CRIME 05 2.2 CYBER WARE 05 3. DETAILED EXPLANATION 06 3.1 TYPES OF CYBER CRIME 06 3.2 CRIMEWARE 07 3.3 BOT NET 07 3.4 TROJAN HORSE 09 3.5 SPYWARES 09 3.6 PHISHING 10 3.7 PHARMING 12 4. KINDS OF CYBER ATTACKS 13 5. BASIC PREVENTION TIPS 14 6. LAWS AGAINST CYBER CRIME 17 7. REFERENCES 18
  4. 4. Cyber Crime & Security 1. INTRODUCTION Like traditional crime, cybercrime can take many shapes and can occur nearly anytime or anyplace. Criminals committing cybercrime use a number of methods, depending on their skill-set and their goal. This should not be surprising: cybercrime is, after all, simply 'crime' with some sort of 'computer' or 'cyber' aspect. Cybercrime has surpassed illegal drug tracking as a criminal moneymaker. Every 3 seconds an identity is stolen. Without security, your unprotected PC can become infected within four minutes of connecting to the internet. The Council of Europe's Cybercrime Treaty uses the term 'cybercrime' to refer to offenses ranging from criminal activity against data to content and copyright infringement [Krone, 2005]. However, others [Zeviar-Geese, 1997-98] suggest that the definition is broader, including activities such as fraud, unauthorized access, child pornography, and cyberstalking. The United Nations Manual on the Prevention and Control of Computer Related Crime includes fraud, forgery, and unauthorized access [United Nations, 1995] in its cyber-crime definition. As you can see from these definitions, cybercrime can cover a very wide range of attacks. Understanding this wide variation in types of cybercrime is important as different types of cybercrime require different approaches to improving your computer safety. 4
  5. 5. Cyber Crime & Security 2. OVERVIEW OF THE TOPIC 2.1 DEFINITION – CYBER CRIME Crime committed using a computer and the internet to steal a person's identity or illegal imports or malicious programs. Cybercrime is nothing but where the computer used as an object or subject of crime. Most of these crimes are not new. Criminals simply devise di erent ways to undertake standard criminal activities such as fraud , theft , blackmail and forgery using the new medium , often involving the Internet . 2.2 CYBER WARE The software tools used in cybercrime is sometimes referred to as crimeware. Crimeware is software that is: used in the commission of the criminal act and not generally regarded as a desirable software or hardware application. However, it is important to remember that not all software used in the commission of a computer-based or computer-facilitated crime can be de ned as crimeware. Crimeware does, however, include programs which may be classi ed as bots, keystroke loggers, spyware, backdoors and Trojan horses. 5
  6. 6. Cyber Crime & Security 3. DETAILED EXPLANATION Cyber crime is an evil having its origin in the dependence on computers in modern life. A simple yet sturdy definition of cyber crime would be unlawful acts wherein the computer is either a tool or a target or both". Defining cyber crimes, as acts that are punishable by the information Tech-nology Act" would be unsuitable as the Indian Penal Code also covers many cyber crimes, such as e-mail spoofing, cyber defamation, etc. Cybercrime in a narrow sense (computer crime): Any illegal behavior directed by means of electronic operations that targets the security of computer systems and the data processed by them. Cybercrime in a broader sense (computer-related crime): Any illegal behavior committed by means of, or in relation to, a computer system or network, including such crimes as illegal possession [and] offering or distributing information by means of a computer system or network. 3.1 TYPES OF CYBER CRIME Cyber Crime refers to all activities done with criminal intent in cyberspace. These fall into three slots. a) Those against persons. b) Against Business and Non-business organizations. c) Crime targeting the government. 6
  7. 7. Cyber Crime & Security 3.2 CRIME WARE The software tools used in cybercrime is sometimes referred to as crime ware. Crime ware is software that is: used in the commission of the criminal act and not generally regarded as a desirable software or hardware application However, it is important to remember that not all software used in the commission of a computer-based or computer-facilitated crime can be defined as crime ware. For example, while IM client may be used in the commission of a cybercrime, the instant messaging application software itself is not considered crime ware. FTP clients may be used in the commission of crimes; however, they are not considered crime ware. Crime ware does, however, include programs which may be classified as bots, keystroke loggers, spyware, backdoors and Trojan horses. 3.3 CRIMEWARE - BOTNET What's a Bot ? "Bot" is actually short for robot - not the kind found in science fiction movies or on the production line in a manufacturing business. Bots are one of the most sophisticated types of crimeware facing the Internet today. Bots are similar to worms and Trojans, but earn their unique name by performing a wide variety of automated tasks on behalf of their master (the cybercriminals) who are often safely located somewhere far across the Internet. Tasks that bots can perform run the gamut from sending spam to blasting Web sites o the Internet as part of a coordinated "denial-of-service" attack. Since a bot infected computer does the bidding of its master, many people refer to these victim machines as "zombies." 7
  8. 8. Cyber Crime & Security Bots sneak onto a person's computer in many ways. Bots oftentimes spread themselves across the Internet by searching for vulnerable, unprotected computers to infect. When they find an exposed computer, they quickly infect the machine and then report back to their master. Their goal is then to stay hidden until they are awoken by their master to perform a task. Bots are so quiet that sometimes the victims first learn of them when their Internet Ser-vice Provider tells them that their computer has been spamming other Internet users. Sometimes a bots will even clean up the infected machine to make sure it does not get bumped o of the victim's computer by another cybercriminal's bot. Other ways in which a bots infects a machine include being downloaded by a Trojan, installed by a malicious Web site or being emailed directly to a person from an already infected machine. Bots do not work alone, but are part of a network of infected machines called a "botnet." Botnets are created by attackers repeatedly infecting victim computers using one or several of the techniques mentioned above. Each one of the zombie machines is controlled by a master computer called the command and control server. From the command and control server, the cybercriminals manage their botnet and instructs the army of zombie computers to work on their behalf. A botnet is typically composed of large number victim machines that stretch across the globe, from the Far East to the United States. Some botnets might have a few hundred or a couple thousand computers, but others have tens and even hundreds of thousands of zombies at their disposal. 8
  9. 9. Cyber Crime & Security 3.4 CRIMEWARE : TROJAN HORSE What is a Trojan Horse? This term "Trojan Horse" comes from a Greek fable, in which the Greeks presented a giant wooden horse to the Trojans as a peace offering. However, a nasty surprise awaited the Trojans as Greek soldiers sprung out of the hollow horse and captured Troy. Similarly, a Trojan horse program presents itself as a useful computer program, while it actually causes havoc and damage to your computer. Increasingly, Trojans are the 1st stage of an attack and their primary purpose is to stay hidden while downloading and installing a stronger threat such as a bot. Unlike viruses and worms, Trojan horses cannot spread by themselves. They are often delivered to a victim through an email message where it masquerades as an image or joke, or by a malicious website, which installs the Trojan horse on a computer through vulnerabilities in web browser software such as Microsoft Internet Explorer. After it is installed, the Trojan horse lurks silently on the infected machine, invisibly carrying out its misdeeds, such as downloading spyware, while the victim continues on with their normal activities. 3.5 CRIMEWARE : SPYWARE What is Spyware? Spyware is a general term used for programs that covertly monitor your activity on your computer, gathering personal information, such as usernames, passwords, account numbers, les, and even driver's license or social security numbers. Some spyware focuses on monitoring a person's Internet behavior; this type of spyware often tracks the places you visit and things you do on the web, the emails you write and receive, as well as your Instant Messaging (IM) conversations. After gathering this information, the spyware then transmits that information to another computer, usually for advertising purposes. 9
  10. 10. Cyber Crime & Security Spyware is similar to a Trojan horse in that users unknowingly install the product when they install something else. However, while this software is almost always unwelcome, it can be used in some instances for monitoring in conjunction with an investigation and in accordance with organizational policy. Spyware is installed in many ways: Most often spyware is installed unknowingly with some other software that you intentionally install. For example, if you install a "free" music or le sharing service or download a screensaver, it may also install spyware. Some Web pages will attempt to install spyware when you visit their page. A person who wants to monitor your online activities may also manually install spyware. Depending on how this is done, this might be acceptable surveillance of an individual or an unwelcome, even illegal, invasion of privacy. Trojans and spyware are crimeware , two of the essential tools a cybercriminal might use to obtain unauthorized access and steal information from a victim as part of an attack. The creation and distribution of these programs is on the risethey are now 37% of all of the thousands of malware Symantec processes on a weekly basis. Trojans and spyware are developed by professionals. Trojans and spyware are often created by professional crimeware authors who sell their software on the black market for use in online fraud and other illegal activities. 3.6 ONLINE FRAUD : PHISHING What is Phishing? Phishing is essentially an online con game, and phisher’s are nothing more than tech-savvy con artists and identity thieves. They use spam, fake Web sites, crimeware and other techniques to trick people into divulging sensitive information, such as bank and credit card account details. Once they've captured enough victims' information, they either use the stolen goods themselves to defraud the victims (e.g., by opening up new accounts using the victim's name or draining the victim's bank a/c). 10
  11. 11. Cyber Crime & Security In most cases, phishers send out a wave of spam email, sometimes up to millions of messages. Each email contains a message that appears to come from a well-known and trusted company. Usually the message includes the company's logo and name, and it often tries to evoke an emotional response to a false crisis. Couched in urgent, business-like language, the email often makes a request of the user's personal information. Sometimes the email directs the recipient to a spoofed Web site. The Web site, like the email, appears authentic and in some instances its URL has been masked so the Web address looks real. The bogus Web site urges the visitor to provide con dential information social security numbers, account numbers, passwords, etc. Since the email and corresponding Web site seem legitimate, the phisher hopes at least a fraction of recipients are fooled into submitting their data. While it is impossible to know the actual victim response rates to all phishing attacks, it is commonly believed that about 1 to 10 percent of recipients are duped with a "successful" phisher campaign having a response rate around 5 percent. To put this in perspective, spam campaigns typically have a less than 1 percent response rate. Over 2005, phishers became much more sophisticated. They began using crimeware in conjunction with their phony, hostile Web sites by leveraging common Web browser vulnerabilities to infect victim machines. This trend means that by simply following the link in a phishing email to a bogus Website, a user's identity could be stolen as the phisher would no longer need to get you to enter your personal information - the Trojan or spyware placed onto your machine would capture this information the next time you visit the legitimate Web site of your bank or other online service. Throughout the past year, this genre of crimeware has become more targeted (capturing just the information the phisher wants) and more silent, using rootkit and other aggressive stealth techniques to remain hidden on an infected system. 11
  12. 12. Cyber Crime & Security 3.7 ONLINE FRAUD : PHARMING What is Pharming? Pharming (pronounced "farming") is another form of online fraud, very similar to its cousin phishing. Pharmers rely upon the same bogus Web sites and theft of confidential information to perpetrate online scams, but are more difficult to detect in many ways because they are not reliant upon the victim accepting a "bait" message. Instead of relying completely on users clicking on an enticing link in fake email messages, pharming instead re-directs victims to the bogus Web site even if they type the right Web address of their bank or other online service into their Web browser. Pharmers re-direct their victims using one of several ploys. The first method the one that earned pharming its name - is actually an old at-tack called DNS cache poisoning. DNS cache poisoning is an attack on the Internet naming system that allows users to enter in meaningful names for Web sites (www.mybank.com) rather than a di cult to remember series of numbers (192.168.1.1). The naming system relies upon DNS servers to handle the conversion of the letter-based Web site names, which are easily recalled by people, into the machine-understandable digits that whisk users to the Web site of their choice. When a pharmer mounts a successful DNS cache poisoning attack, they are effectively changing the rules of how traffic flows for an entire section of the Internet! The potential widespread impact of pharmers routing a vast number of unsuspecting victims to a series of bogus, hostile Web sites is how these fraudsters earned their namesake. Phishers drop a couple lines in the water and wait to see who will take the bait. Pharmers are more like cybercriminals harvesting the Internet at a scale larger than anything seen before. 12
  13. 13. Cyber Crime & Security Pharming example One of the 1st known pharming attacks was conducted in early 2005. Instead of taking advantage of a software aw, the attacker appears to have duped the personnel at an Internet Service Provider into entering the transfer of location from one place to another. Once the original address was moved to the new address, the attacker had effectively "hijacked" the Web site and made the genuine site impossible to reach, embarrassing the victim company and impacting its business. A pharming attack that took place weeks after this incident had more ominous consequences. Using a software aw as their foothold, pharmers swapped out hundreds of legitimate domain names for those of hostile, bogus Web sites. There were three waves of attacks, two of which attempted to load spyware and adware onto victim machines and the third that appeared to be an attempt to drive users to a Web site selling pills that are often sold through spam email. 4. KINDS OF CYBER ATTACKS E-Mail bombing : Sending huge amounts of E-mails. Salami attacks : These attacks are used for the commission of financial crimes. Denial of Service: This involves flooding computer resources with more re-quests than it can handle. Sale of illegal articles : This would include sale of narcotics, weapons and wildlife etc. Cyber Pornography : This would include pornographic websites. E-Mail spoofing : A spoofed email is one that appears to originate from one source but actually has been sent from another source. 13
  14. 14. Cyber Crime & Security 5. BASIC PREVENTION TIPS Cybercrime prevention can be straight-forward - when armed with a little technical advice and common sense, many attacks can be avoided. In general, online criminals are trying to make their money as quickly and easily as possible. The more difficult you make their job, the more likely they are to leave you alone and move on to an easier target. The tips below provide basic information on how you can prevent online fraud. 5.1 Keep your computer current with the latest patches and updates. One of the best ways to keep attackers away from your computer is to apply patches and other software axes when they become available. By regularly updating your computer, you block attackers from being able to take advantage of software laws (vulnerabilities) that they could otherwise use to break into your system. While keeping your computer up-to-date will not protect you from all at-tacks, it makes it much more difficult for hackers to gain access to your system, blocks many basic and automated attacks completely, and might be enough to discourage a less-determined attacker to look for a more vulnerable computer elsewhere. More recent versions of Microsoft Windows and other popular software can be configured to download and apply updates automatically so that you do not have to remember to check for the latest software. Taking advantage of "autoupdate" features in your software is a great start toward keeping yourself safe online. 14
  15. 15. Cyber Crime & Security 5.2 Make sure your computer is configured securely Keep in mind that a newly purchased computer may not have the right level of security for you. When you are installing your computer at home, pay attention not just to making your new system function, but also focus on making it work securely. Configuring popular Internet applications such as your Web browser and email software is one of the most important areas to focus on. For example, settings in your Web browser such as Internet Explorer or Firefox will deter-mine what happens when you visit Web sites on the Internet-the strongest security settings will give you the most control over what happens online but may also frustrate some people with a large number of questions ("This may not be safe, are you sure you want do this?") or the inability to do what they want to do. Choosing the right level of security and privacy depends on the individual using the computer. Oftentimes security and privacy settings can be properly configured without any sort of special expertise by simply using the "Help" feature of your software or reading the vendor's Web site. If you are uncomfortable configuring it yourself consult someone you know and trust for assistance or contact the vendor directly. 5.3 Choose strong passwords and keep them safe. Passwords are a fact of life on the Internet today we use them for everything from ordering products and online banking to logging into our favorite airline Web site to see how many miles we have accumulated. The following tips can help make your online experiences secure: Selecting a password that cannot be easily guessed is the rst step toward keeping passwords secure and away from the wrong hands. Strong passwords have eight characters or more and use a combination of letters, numbers and symbols (e.g., $ % ! ?). 15
  16. 16. Cyber Crime & Security Keep your passwords in a safe place and try not to use the same password for every service you use online. Change passwords on a regular basis, at least every 90 days. This can limit the damage caused by someone who has already gained access to your account. If you notice something suspicious with one of your online accounts, one of the first steps you can take is to change your password. 5.4 Protect your computer with security software Several types of security software are necessary for basic online security. Security software essentials include firewall and antivirus programs. A firewall is usually your computer's first line of defense-it controls who and what can communicate with your computer online. You could think of a firewall as a sort of "policeman" that watches all the data attempting to ow in and out of your computer on the Internet, allowing communications that it knows are safe and blocking "bad" extra c such as attacks from ever reaching your computer. The next line of defense many times is your antivirus software, which monitors all online activities such as email messages and Web browsing and protects an individual from viruses, worms, Trojan horse and other types of malicious programs. More recent versions of antivirus programs, such as Norton antivirus , also protect from spyware and potentially unwanted programs such as adware. Having security software that gives you control over software you may not want and protects you from online threats is essential to staying safe on the Internet. Your antivirus and antispyware software should be configured to update itself, and it should do so every time you connect to the Internet. 16
  17. 17. Cyber Crime & Security 6. LAWS AGAINST CYBER CRIMES Cyberlaw is a much newer phenomenon having emerged much after the onset of Internet. Internet grew in a completely unplanned and unregulated manner. Even the inventors of Internet could not have really anticipated the scope and far reaching consequences of cyberspace. The growth rate of cyberspace has been enormous. Internet is growing rapidly and with the population of Internet doubling roughly every 100 days, Cyberspace is becoming the new preferred environment of the world. With the spontaneous and almost phenomenal growth of cyberspace, new and ticklish issues relating to various legal aspects of cyberspace began cropping up. In response to the absolutely complex and newly emerging legal issues relating to cyberspace, CYBERLAW or the law of Internet came into being. The growth of Cyberspace has resulted in the development of a new and highly specialised branch of law called CYBERLAWS- LAWS OF THE INTERNET AND THE WORLD WIDE WEB. Cyberlaw is a generic term which refers to all the legal and regulatory aspects of Internet and the World Wide Web. Anything concerned with or related to or emanating from any legal aspects or issues concerning any activity of netizens in and concerning Cyberspace comes within the ambit of Cyberlaw. Internet is growing rapidly and with the population of Internet doubling roughly every 100 days, Cyberspace is becoming the new preferred environment of the world. With the spontaneous and almost phenomenal growth of cyberspace, new and ticklish issues relating to various legal aspects of cyberspace began cropping up. Anything concerned with or related to or emanating from any legal aspects or issues concerning any activity of netizens in and concerning Cyberspace comes within the ambit of Cyberlaw. 17
  18. 18. Cyber Crime & Security 7. REFERENCES [1] Norton , Symantec Group. http://in.norton.com/cybercrime [2] Cyber Crime & E-Governance.. http://www.uniflorida.com/cybercrime [3] SEMCOM Cyberlaw Clinic. www.cyberlawclinic.org [4] Cyber Crime Statistics in India http://www.indiafacts.in [5] Carnegie Cyber Academy - National Cyber Security Awareness. http://www.carnegiecyberacademy.com 18
  19. 19. Cyber Crime & Security 19
  20. 20. Cyber Crime & Security 20
  21. 21. Cyber Crime & Security 21
  22. 22. Cyber Crime & Security 22

×