Cybercrime is defined as a crime involving a computer and a network. It includes illegally accessing private information, hacking, phishing, cyberstalking and various other computer-related crimes. Cybercrimes can be against individuals, organizations, or society. Common cybercrimes against individuals are cyberbullying, identity theft, and cyberstalking. Cybercrimes against organizations include hacking, denial of service attacks, and installing viruses. Cybercrimes against society encompass cyber terrorism, cyber espionage, and cyber pornography.

2. What is Cybercrime?
• Cybercrime is defined as a crime where a computer is the object of
the crime or is used as a tool to commit an offense.
• A cybercriminal may use a device to access a user’s personal
information, confidential business information, government
information, or disable a device.
• It is also a cybercrime to sell or elicit the above information online.
•

3. Categories of Cybercrime
The heads are:
• cyber crimes against individuals,
• cyber crimes against Property, and
• cyber crimes against Government(society at large).

4. • Crimes Against Individual
• These crimes include cyber harassment and stalking, distribution of
child pornography, credit card fraud, human trafficking, spoofing,
identity theft, and online libel or slander.
• 2. Crimes Against Property
• Some online crimes occur against property, such as a computer or
server. These crimes include DDOS attacks, hacking, virus
transmission, phishing attacks,,ramsomeware computer vandalism,
copyright infringement, and IPR violations.
• Crimes Against Government
• When a cybercrime is committed against the government, it is
considered an attack on that nation's sovereignty. Cybercrimes
against the government include hacking, accessing confidential
information, cyber warfare, cyber terrorism, and pirated software.

5. How Criminal Plan the Attacks
• Reconnaissance (information gathering) is the first phase and is
treated as passive attacks.
• Scanning and scrutinizing the gathered information for the validity of
the information as well as to identify the existing vulnerabilities.
• Launching an attack (gaining and maintaining the system access).

6. 1. Reconnaissance
• "Footprinting" - this is the preparation toward preattack phase, and
involves accumulating data about the target's environment and
computer architecture to find ways to intrude into that environment.
• provides a judgment about possible exploitation of those
vulnerabilities

7. 2. Passive Attacks
A passive attack involves gathering information about a target without
his/her (individual's or company's) knowledge.
• Google or Yahoo search: People search to locate information about employees.
• Surfing online community groups like Orkut/Facebook will prove useful to gain the
information about an individual.
• Organization's website may provide a personnel directory or information about key
employees, for example, contact details, E-Mail address, etc. These can be used in a
social engineering attack to reach the target.
• Blogs, newsgroups, press releases, etc. are generally used as the mediums to gain
information about the company or employees.
• Going through the job postings in particular job profiles for technical persons can
provide information about type of technology, that is, servers or infrastructure
devices a company maybe using on its network

8. 3. Active Attacks
• An active attack involves probing the network to discover individual
hosts to confirm the information (IP addresses, operating system type
and version, and services on the network) gathered in the passive
attack, phase.

9. 4. Scanning and Scrutinizing Gathered Information
• Port scanning: Identify open/close ports and services.
• Network scanning: Understand IP Addresses and related information about the computer
network systems.
• Vulnerability scanning: Understand the existing weaknesses in the system.
• The scrutinizing phase is always called "enumeration" in the hacking
world. The objective behind this step is to identify:
• The valid user accounts or groups;
• Network resources and/or shared resources
• OS and different applications that are running on the OS.

10. 5. Attack
The attack is launched using the following steps:
• Crack the password
• Exploit he password
• Execute the malicious command/applications;
• Hide the files (if required);
• Cover the tracks - delete the access logs, so that there is no trail illicit
activity.

16. Cyber crimes against individuals
Cyberbullying
• Humiliating/embarrassing content posted online about the victim of
online bullying,
• Hacking social media accounts
• Posting vulgar messages on social media
• Threatening the victim to commit any violent activity
• Child pornography or threatening someone with child pornography

17. Cyberstalking
• Browsing anyone’s internet history or online activity, and sending
obscene content online with the help of any social media, software,
application, etc. to know about that particular person is called
cyberstalking.
• In India, in the year 2020, the state of Uttar Pradesh witnessed the
highest number of cyberstalking incidents against women and
children
• Section 67 of the IT Act punishes cyber stalkers who send, cause to
send, or publish obscene posts or content on electronic media with
imprisonment of up to three years and a fine.

18. Cyber defamation
• Cyber defamation means injuring the other person’s reputation via the
internet through social media, Emails etc. There are two types of Cyber
defamation: libel and slander
• Libel: It refers to any defamatory statement which is in written form. For instance,
writing defamatory comments on posts, forwarding defamatory messages on social
media groups, etc. are a part of cyber defamation in the form of libel.
• Slander: It refers to any defamatory statement published in oral form. For instance,
uploading videos defaming someone on YouTube is a part of cyber defamation in the
form of slander.
• Section 67 of the IT Act; whoever publishes or transmits a defamatory
statement about a person shall be punished with 2 years imprisonment
and a fine up to ₹25000.

19. Phishing
• Phishing refers to the impersonation of a legitimate person and
fraudulently stealing someone’s data.
• Phishing refers to the fraudulent practice of sending emails under the
pretext of reputable companies to induce individuals to reveal
personal information, such as passwords, credit card numbers, etc.,
online.
• Section 66C of the IT Act penalises any offender committing phishing-
related activities & is punishable with imprisonment of up to three
years and a fine of up to rupees one lakh.

20. Cyber fraud
• Any person who dishonestly uses the internet to illegal deceive
people and gets personal data, communication, etc. with a motive to
make money is called a cyber fraud.
• Examples of cyber fraud include sending emails containing fake
invoices, sending fake emails from email addresses similar to the
official ones, etc.
• Section 420 of IPC is imprisonment of up to seven years with a fine.

21. Cyber theft
• Cyber theft is a type of cybercrime which involves the unauthorized
access of personal or other information of people by using the
internet.
• c yber theft is to gather confidential data like passwords, images,
phone numbers, etc. and use it as leverage to demand a lumpsum
amount of money.
• Section 66C of the IT Act. The punishment for the same is
imprisonment of up to three years and/or up to Rs 2 lakh fine.

22. Spyware
• Spyware is a type of malware or malicious software, when it is
installed it starts accessing and computing the other person’s device
without the end user’s knowledge. The primary goal of this software
is to steal credit card numbers, passwords, One-Time Passwords
(OTPs), etc.

23. Cyber crimes against organizations
• Attacks by virus
• A computer virus is a kind of malware which connects itself to another
computer program and can replicate and expand when any person attempts.
• For example, the opening of unknown attachments received from malicious
emails may lead to the automatic installation of the virus on the system in
which it is opened.
• These viruses are extremely dangerous, as they can steal or destroy
computer data, crash computer systems, etc.

24. Salami attack
• It is one of the tactics to steal money, which means the hacker steals
the money in small amounts. The damage done is so minor that it is
unnoticed.
• . In Salami slicing, the attacker uses an online database to obtain
customer information, such as bank/credit card details.

25. Web Jacking
• illegal redirection of a user’s browser from a trusted domain’s page to
a fake domain without the user’s consent.
• people visiting any well-known or reliable website can be easily
redirected to bogus websites, which in turn lead to the installation of
malware, leak of personal data, etc.
• Section 383 of IPC is imprisonment of up to three years or with a fine,
or both.

26. Denial of Service Attack
• The attackers generally attack systems in such a manner by trafficking
the targeted system until it ultimately crashes.
• DoS attacks cost millions of dollars to the corporate world,

27. Cyber crimes against society at large
• Cyber pornography
• It states that the following activities are punishable with
imprisonment of up to 3 years and a fine of up to 5 lakhs:
• Uploading pornographic content on any website, social media, etc.
where third parties may access it.
• Transmitting obscene photos to anyone through email, messaging,
social media, etc.

28. Cyber terrorism
• Hacking government-owned systems of the target country and getting
confidential information.
• Destructing and destroying government databases and backups by
incorporating viruses or malware into the systems.
• Disrupting government networks of the target nation.
• Distracting the government authorities and preventing them from
focusing on matters of priority.

29. Cyber Espionage
• espionage is “the practice of spying or using spies to obtain
information about the plans and activities especially of a foreign
government or a competing company.”
• Similarly, cyber espionage refers to the unauthorized accessing of
sensitive data or intellectual property for economic, or political
reasons. It is also called ‘cyber spying’.
• Military data
• Academic research-related data
• Intellectual property
• Politically strategic data, etc.