Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cyber crime

Cyber Crime in today's world...!!!

  • Login to see the comments

Cyber crime

  1. 1. CYBER CRIME Team Fingerprint
  2. 2. AGENDA • Evolution• Why cyber crime • Cyber threat groups• Internet • Targets• Internet in India • Types of cyber crime(24)• 1 Minute internet • Future trends• Internet users(past, present, future) • Legal aspect• Cyber news • Prevention is better then cure• Abuse stats • FINGERPRINT• Defining cyber crime • Future crime • IT & Govt.
  3. 3. Why learn about CYBER CRIME…!! Because… COMPUTERS are used EVERYWHERE..!! • Education (School/Colleges)• Electricity Supply • Travel (Airways/Railways Ticketing,• Trading Tracking and Monitoring)• Automobile Industry • Banking & Finance• Defense • Water Supply• Nuclear Plants • Govt.• Research (defense/medicine) • Industries/Businesses
  4. 4. And the future will be… Tablets Smart Power GridsNFC Smartphones …Digitalization… AND many more reasons to follow…
  5. 5. Connected to World ISP rest of the world Internet Local ISPsNetwork of Networks,consisting of Millions of Wi-FiNetworks, connected Wired DNS ServersTogether - Wirelessly or Wired Mail Servers Client
  6. 6. I n te r n e t i n I n d i a … ! !1995 VSNL introduces internet in India • launched1996 • India’s first cyber café called “Cybercafé” • First online banking site1997 • • Sify - India’s first ISP1998 • First major hacking case • Launch of Nasscom
  7. 7. 2000 IT ACT 2000 passed by the Indian Parliament • First cyber crime related arrest2001 • Indian Railways launches online ticketing • India’s first cyber crime police station2004 Baazee CEO jailed for MMS scandal • 40 million net users (4% of the world) • 200,000 cyber cafes in country (accounting for 60% of net users)2005 • 1000,000+ users do online share trading • half a million broadband connections • Rs. 570 Cr. E-commerce transactions in India • IRCTC online ticketing - 63% of E-commerce - Rs. 370 Cr.
  8. 8. 1 Minute Internet…!!!
  9. 9. Internet Users… 9,18,46,075Past…
  10. 10. • 88 m – urban • 24 m – villages • Growth - 13% • 11 m users will be added to the tally before the end of the year • 58.6 m - PCs • 14.7 m Internet connections, • 11.9 m – broadband • 75% of the Internet users 8.4% Population being school- or college- 97% Internet Traffic by PC going kids and young men.…Present… million-in-india-mobile-net-usage-still-in-infancy/
  11. 11. 2015… Internet Traffic 237 mn Internet users • 9 Times • 3 billion DVDs 1 billion – Networked Devices…Future
  12. 12. The number of Internet users is growing SO…CYBER CRIME is bound to RI SE …!!!
  13. 13. Cyber News…!!!
  14. 14. Abuse Stats… CERT-IN Monthly Report Nov. 2011CERT-IN Annual Report 2010 %3A%2F%2Fcyber-crime-
  15. 15. Victims Of Cyber Crime 30 Million Victims • China • South Africa 34,110 cr / yr. Costs India • Mexico $ 388 billions globally • Brazil • INDIA Every second, 14 Adults, 1 million / day • SingaporeTop 3 types • Malware • Virus attacks • Phishing / Scam
  16. 16. Security Incidents handled 10315Indian Website Defacements tracked 14348Open Proxy Servers tracked 2492Bot Infected Systems tracked 6893814 CERT-IN Annual Report 2010 1,000 Cr – Data Theft(Phishing) 27 attacks / hr. to 25,000 / hr.
  18. 18. Unlawful acts wherein the computer is either a TOOL , TARGET or BOTH
  19. 19. Cyber attacks have evolved:• They became more sophisticated • Power Hunger• They are often targeted • Illegitimate income sources• Towards crucial aspects • No TRACE… No FEAR to get caught• Unawareness & ignorance • Changing technology is Tempting is the inspiration • Vast Scope(car hacking)• Increasing stats adds to it • Industrial Espionage• Money Motive • Its Cool…!!
  20. 20. Cyber threat groupsBot network Spyware Foreign Insiders Phishers spammers operators authors intelligence
  21. 21. Crime against Targets Of Cyber CrimeGovernment Crimeagainstproperty Crime against persons
  22. 22. Types Of Cyber Crime• Financial Crimes • Data Diddling• Cyber Pornography • Salami Attacks• Sale Of Illegal Articles • Denial Of Service Attack• Online Gambling • Virus / Worm Attacks• Intellectual Property Crimes • Trojans And Keyloggers• Email Spoofing • Internet Time Theft• Forgery • Web Jacking• Cyber Defamation • Email Frauds• Cyber Stalking • Cyber Bullying• Web Defacement • Industrial Cyber-Sabotage• Email Bombing • E-commerce Crime• Espionage • Cybersquatting • Website Spoofing
  23. 23. FINANCIAL CRIMES• Money is the most common motive behind all crime.• Increase in the use of internet and mobile banking, It Includes: • Phishing• Online share trading, • credit card frauds dematerialization of shares and • Money laundering securities, this trend is likely to • hacking into bank servers increase • accounting scams • Salami Attacks • E-Commerce Frauds
  24. 24. FORGERY • Abdul Kareem Telgi, along with• Counterfeit currency notes, several others, was convicted in postage and revenue stamps, India on several counts of counterfeiting stamp papers and mark sheets, academic postage stamps totalling several certificates etc are made by billion rupees. criminals using sophisticated computers, printers and • Economic Offences Wing of Crime Branch, Mumbai scanners. (India), seized over 22,000 counterfeit share certificates of eight reputed companies worth Rs. 34.47 crores. These were allegedly prepared using Desk Top Publishing Systems.
  25. 25. ONLINE GAMBLING• Thousands of websites that offer online gambling. The special issue with online gambling is that it is The website permits legalised in several countries. So users to gamble on a variety of sports legally the owners of these websites such as cricket, football, tennis, golf, are safe in their home countries. motor racing, ice hockey, basketball, baseball, darts, snooker, boxing,• The legal issues arise when a person athletics, rugby, volleyball, motor residing in a foreign country like India cycling, etc. (where such websites are illegal) gambles on such a website.
  26. 26. DATA DIDDLING & SALAMI ATTACKS • Unauthorized & illegal data alteration • These changes can occur before and during data input or before output. • Data diddling cases have affected banks, payrolls, inventory records, credit records, school transcriptsThese attacks are used for committing financial crimes. Make thealteration so insignificant that in a single case it would go completelyunnoticed.For instance, a bank employee inserts a program, into the bank’s servers, thatdeducts a small amount of money (say Rs.2 a month) from the account of everycustomer. No account holder will probably notice this unauthorized debit, but thebank employee will make a sizeable amount of money every month.
  27. 27. CYBER PORNOGRAPHY • A school student from Delhi created• One of the largest businesses on the Internet today • The CEO of online auction website (a part of the eBay group) was• Pornographic websites, arrested pornographic magazines produced using computers • The CEO of a software company in Pune was (to publish and print the material) and the Internet (to arrested for sending obscene emails to a download and transmit former female employee. pornographic pictures)
  28. 28. SALE OF ILLEGAL ARTICLES• Sale of illegal articles such as narcotics drugs, weapons, wildlife etc. is being facilitated by • Police cracked down on an illegal rave the Internet. party and arrested hundreds of illegal drug users. The social networking site• Availability of the products for is believed to be one of the sale is being posted on auction modes of communication for gathering websites, bulletin boards etc. people for the illegal “drug” party.• A marketplace for the sale of unapproved drugs
  29. 29. VIRUS / WORM ATTACKSComputer viruses are small software programs that are Worms, unlike viruses do not need the host todesigned to spread from one computer to another and attach themselves to. They merely maketo interfere with computer operation. A virus might functional copies of themselves and do thiscorrupt or delete data on the victim’s computer, use the repeatedly till they eat up all the availablevictim’s e-mail program to spread itself to other space on a computer’s memory.computers Confiker worm Melissa virus ILOVEYOU virusSpread by attachments in e-mail messages orinstant messaging messages, funny images, greetingcards, or audio and video files, downloads on the Internet.They can be hidden in illicit software or other files orprograms or games
  30. 30. TROJANS AND KEYLOGGERS A Trojan, is an unauthorized program which functions from inside the computer, secretly, what seems to be an authorized program, thereby concealing what it is actually doing.young lady stayed in a smallone bedroom apartment and her Keyloggers are used to log all the strokes a victim makescomputer was located in one corner on the keyboard.of her bedroom. Unknown to her, Key-loggers are most commonly found in public computersthe Trojan would activate her web such as those in cyber cafes, hotels and microphone even whenthe Internet was switched off. Ayear later she realized thathundreds of her pictures wereposted on pornographic sitesaround the world!
  31. 31. INTELLECTUAL PROPERTY CRIMES • A computer user in China obtained the source code of • These include software piracy, a popular game - LineageII from an unprotected copyright infringement, website & then sold to several people thru a website, trademarks violations, theft of The loss in potential revenues for the South Korean computer source code etc. company was estimated at $750,000 a month. • A software professional stealing the source code of a product being developed by his employers. He started his own company and allegedly used the stolen source code to launch a new software product.
  32. 32. EMAIL BOMBINGEmail bombing refers to sending a large number of emails to the victim resulting in the victim’semail account or mail servers crashing. Email bombing is a type of denial-of-service attack. A British teenager bombed his former employer with 5 million e-mail messages to his ex-employer that caused the companys e-mail server to crash. A foreigner who had been residing in Shimla, India for almost 30 years wanted to avail of a scheme introduced by the Shimla Housing Board to buy land at lower rates. When he made an application it was rejected on the grounds that the scheme was available only for citizens of India. He decided to take his revenge. Consequently, he sent thousands of mails to the Shimla Housing Board and repeatedly kept sending e-mails till their servers crashed.
  33. 33. CYBER DEFAMATION • This occurs when defamation takes place with the help of computers and / or the Internet. • Abhishek, a teenaged student was arrested by the Thane police in India following a girl’s complaint about tarnishing her image in the social networking • e.g. Sameer publishes defamatory site Orkut. Abhishek had allegedly created a fake matter about Pooja on a website or account in the name of the girl with her mobile sends e-mails containing number posted on the profile. defamatory information to Pooja’s • Unidentified persons posted obscene photographs friends. and contact details of a Delhi school girl.
  34. 34. CYBER STALKING A 50-year-old former security guard who used • Cyber stalking refers to the use of the Internet to solicit the rape of a woman who rejected his romantic advances. the Internet, e-mail, or other He terrorized the 28-year-old victim by electronic communications devices impersonating her in various Internet chat to stalk another person rooms and online bulletin boards, where he • Stalking generally involves posted, along with her telephone number and address, messages that she fantasized harassing or threatening about being raped. behaviourThe first case in India was of Manish Kathuria,Who chatted online with theidentity of Ritu Kohli’s Identity.He used obscene language andinvited people to chat with her on phone.
  35. 35. CYBERSQUATTING "squatting", which is the act of occupying an abandoned or unoccupied space or building that the squatter does not own, rent, or otherwise have permission to use Cybersquatting (also known as domain squatting), is registering, trafficking in, or using a domain name with bad faith intent to profit from the goodwill of a trademark belonging to someone else. The cybersquatter then offers to sell the domain to the person or company who owns a trademark contained within the name at an inflated price. Cybersquatters sometimes register variants of popular trademarked names, a practice known as typosquatting
  36. 36. CYBER BULLYING • Bullying is a form of aggressive behaviour manifested by the use of force or coercion to affect others, particularly when the behaviour is habitual and involves an imbalance of power. • It can include verbal harassment, physical assault or coercion and may be directed repeatedly towards particular victims, perhaps on grounds of race, religion, gender, sexuality, or ability • Cyber-bullying is any bullying done through the use of technology. • This form of bullying can easily go undetected because of lack of parental / authoritative supervision. • Because bullies can pose as someone else, it is the most anonymous form of bullying. • Cyber bullying includes, but is not limited to, abuse using email, instant messaging, text messaging, websites, social networking sites, etc
  37. 37. WEB DEFACEMENT • Website defacement is usually the substitution of the original home page of a website with another page (usually pornographic or defamatory in nature) by a hacker. • Religious and government sites are regularly targeted by hackers in order to display political or religious beliefs. Disturbing images and offensive phrases might be displayed in the process In 2001, over 200 Indian websites Mahesh Mhatre and Anand Khare allegedly defaced the website of were hacked into and defaced. The the Mumbai Cyber Crime Cell. They had used password hackers put in words like bugz, cracking software to crack the FTP password for the police website. death symbol, Paki-king and allahhuakbar.
  38. 38. WEB JACKING How does web jacking take place? 1. The administrator of any website has a password and a username• Just as conventional hijacking, means 2. There are many ways in which a hacker may get to know a forcefully taking over control of a password, the most common being password cracking wherein a website. “cracking software” is used to guess a password.• The motive is usually the same as 3. When the password of the website is cracked the password is hijacking – ransom. changes and then the admin is contacted for the ransom.• The perpetrators have either a monetary or political purpose which they try to satiate by holding the owners of the The owner of a hobby website for children received an e-mail informing her that a group of hackers had gained control over her website to ransom. website. They demanded a ransom of 1 million dollars from her.• This occurs when someone forcefully takes control of a website (by cracking the password and later changing it). The actual owner of the website does not have any more control over what appears on that website.
  39. 39. WEBSITE SPOOFING Website spoofing is the act of creating a website, as a hoax, with the intention of misleading readers that the website has been created by Another technique is to use a cloaked URL. a different person or organisation. Normally, the spoof website will adopt the design of the target website and sometimes has a similar URL. The objective may be fraudulent, often associated with phishing or e-mail spoofing, or to criticize or make fun of the person or body whose website the spoofed site purports to representAs an example of the use of this technique to parody an organisation, in November 2006 two spoof websites, and, were produced claiming that Microsoft had bought Firefox and released Microsoft Firefox 2007.
  40. 40. DENIAL OF SERVICE ATTACK(DOS) • Denial of Service attacks (DOS attacks) involve flooding a computer with more requests than it can handle. • This causes the computer (e.g. a web server) to crash and results in authorized users being unable to access the service offered by the computer. • Another variation to a typical denial of service attack is known as a Distributed Denial of Service (DDoS) attack wherein the perpetrators are many and are geographically widespread
  41. 41. INTERNET TIME THEFTThis connotes the usage by an unauthorizedperson of the Internet hours paid for by anotherperson In May 2000, the Delhi police arrested an engineer who had misused the login name and password of a customer whose Internet connection he had set up. The case was filed under the Indian Penal Code and the Indian Telegraph Act.
  42. 42. EMAIL SPOOFING • A spoofed email is one that • A teenager made millions of dollars by appears to originate from spreading false information about certain companies whose shares he had short sold. one source but actually has This misinformation was spread by sending been sent from another spoofed emails source • Fake Mail… • In a branch of the erstwhile Global Trust Bank in India numerous customers decided to withdraw all their money and close their accounts. An investigation revealed that someone had sent out spoofed emails to many of the bank’s customers stating that the bank was in very bad shape financially and could close operations at any time. The spoofed email appeared to have originated from the bank itself.
  43. 43. EMAIL FRAUDSDear Mr. Justin Williams, Im Vikas Manjit Singh from Punjab (India). I belong to a city namedLudhiana. Mr. Williams, I am having a brother in Canada who is also named Justin Williams. He wasadopted from my parents by some Mr. William Ram of Welland. Me and my mum came over to Canadato leave Justin to his new family (William Rams Family). It happened in June 1985. So Mr. JustinWilliams, if you are the same person Im talking about. Then please give me some time so that I canlet you know the realities.Phishing• A Phishing e-mail is the one that lure the victim to read the mail and often click on the link providedwith it so that the victim can be dragged onto a legitimate looking like website that can ask for either hisbank credentials or mail account credentials in a very convincing way.• Often termed as 419 Nigerian Scams, wherein the sender is the rich bearcat of from South Africa orany lost brother who owns a lot of money and would like to give it the victim. Another form of it is to lure thevictim, saying u have won a $ 1 million lottery and would ask to deposit a sum of $ 1000 into an accountto claim it.
  44. 44. Spear PhishingCyber criminals target internet users after getting info about them and then will send an e-mailsaying that your computer has been hacked. Then they will accuse the victim of having a child porn clip andwill ask money or else will threat to inform the law enforcement agencies. Spam
  45. 45. Espionage or spying involves a government or individual obtainingESPIONAGE information that is considered secret or confidential without the permission of the holder of the information using illegal exploitation methods on the Internet, networks or individual computers through the use of cracking techniques and malicious software including Trojan horses and spyware• The Indian government is strong arming cell phone manufacturers to provide back doors into their handsets.• The Indian government is in possession of confidential internal communications from the US-China Economic and Security Review Commission (USCC)
  46. 46. INDUSTRIAL CYBER-SABOTAGECyber-industrial sabotage activities usuallyrelate to industrial secrets which have real commercial value to competitors. “Stuxnet has really been an eye-opener for our whole industry,” The use of cyber sabotage for criminal gain or industrial espionage remains unlikely, because of the massive expense involved.
  47. 47. E-COMMERCE CRIME 17 Million Online buyers • Electronic commerce, commonly known as e-commerce, refers to Rs. 31,598 cr. Turnover in 2010 the buying and selling of products or services over electronic systems such as the Internet and other computer networks. Rs. 46,520 cr. Turnover Expected • E-Commerce includes. electronic funds transfer, supply chain management, Internet marketing, online transaction processing, 80% Share of Travel Industry electronic data interchange (EDI), inventory management systems, and automated data collection systems. 47% Growth Expected Online Retail worth Rs. 7,000 cr.Credit Card frauds are the common ones, whereineither the credit card info is stolen by usingSkimmers and then later used to illegally withdrawmoney from ATMs without the knowledge of theperson or online transactions such as fund transferor online buying with the net-banking credentials.
  48. 48. WATCH OUT…!!Cyber Espionage PrivacySocial Networking Attacks Identity TheftData Theft Scams / FraudsVoIP Hactivism
  49. 49. LEGALLY SPEAKING• Information Technology Act (IT Act) 2000, came into force on 17th October, 2000• It has 94 Sections• The primary purpose of the Act is to provide legal recognition to electronic commerceand to facilitate filing of electronic records with the Government. The IT Actalso penalizes various cyber crimes and provides strict punishments
  50. 50. SECTION Unauthorized accessSection 43 • Access Piracy, Data theft • Downloads, Copies or extract Copying of sensitive info • Introduces Contaminant • Damages • Disrupts • Causes DOS • Assistance to illegal access • Changes the services availed • Destroys, Deletes, Alter or diminishes the value
  51. 51. SECTION Where a body corporate, possessing, dealing or handling any Section 43A sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining responsible security practicesCompensation for failure to and procedures and thereby causes wrongful gain to any protect data person, such body corporate shall be liable to pay damages by the way of compensation to the person so affected.
  52. 52. SECTIONSection 65 Computer Source code theftSection 66 Removal of Hacking from IT Act – AmendmentSection 66A Sending Offensive, false messages, phishing, spoof mails, spams, threatsSection 66B Buying of stolen computersSection 66C Identity theft such as, electronic signatures, passwords ID TokensSection 66D Cheating by personation by using computer
  53. 53. SECTION Violation of privacy, captures, publishes or transmits the images ofSection 66E private area of any personSection 66F Cyber TerrorismSection 67 Publishing or Transmitting of obscene material in electronic formSection 67A Publishing or Transmitting of material containing sexually explicit act in electronic formSection 67B Publishing or Transmitting of material depicting children in sexually explicit act in electronic formSection 67C Prevention and retention of information by intermediaries
  54. 54. SECTIONSection 68 Power of Controller to give directionsSection 69 Directions of Controller to a subscriber to extend facilities to decrypt information.Section 69A Publishing or Transmitting of obscene material in electronic formSection 69B Power to authorize to monitor & collect traffic data or information through any computer resource of cyber security.Section 70 Any person who secures access or attempts to secure access to a protected system is to be punishedSection 71 Misrepresentation or hiding any material fact
  55. 55. SECTIONSection 72 Penalty for breach of confidentiality and privacySection 72A Disclosure of information in breach of lawful contractSection 73 Penalty for publishing Digital Signature Certificate false in certain particulars.Section 74 Publication for fraudulent purpose of the digital signaturesSection 79 Exemption of liability of the intermediary
  56. 56. “Indian Laws are well drafted and are capable of handling all kinds of challenges as posed by cyber criminals.However, the enforcement agencies are required to be well versed with the changing technologies and Laws.” • Cyber Criminals feel safe to commit crimes from the privacy of their homes. • There are more cyber criminals than cyber cops • Need to develop laws to combat latest technologies.
  57. 57. Organised cyber crimes exist in lots of countries, and asophisticated underground economy has rapidly flourished those last years.
  58. 58. FINGERPRINT… Group of specialized professionals & Security Enthusiasts inCyber Forensics, Investigation, Cyber Laws,Ethical Hacking
  59. 59. CYBER FORENSICS• Computer Forensics is identification, preservation, extraction, interpretation and presentation of computer related evidence• Computer Forensics, also called as “Cyber Forensics”, is the application of computer investigation and analysis technique together evidence suitable for presentation in a court of law.
  60. 60. CYBER INVESTIGATION• Cyber Crime Investigation is the collection, analysis and investigation of the digital evidence and cyber trails.• The evidence can be in any digital media, like computer, mobile phones, network devices, etc.• It should be taken care what to seize and how to seize the evidence from the crime scene.
  61. 61. AND THE FUTURE WILL BE… • Cyber Terrorism • Car Hacking • Mobile Money Frauds • Net Banking / Mobile Banking Frauds • Fraudsters online, beware before you return a missed call
  62. 62. CYBER TERRORISM: The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectivesCAR HACKING:Stealing newer vehicles isn’t nearly as easy. However, tech-savvy thieves have some surprising ways of getting itdone. In fact, a growing number of vehicles today can be unlocked and started by a mobile phone or via theInternet. They can be disabled the same way. All that’s required is some system data and a password.The seamstress can also duplicate the SIM cards when one calls back on the number, after which they reprogramme a separate handset with uniqueelectronic serial number of the callers mobile phone and make calls at the expense of the them. They also access financial transaction details conductedon their mobile phones. Mobile and net banking along with mobile money is on the rise and so do the fraudsters who can steal the info from mobiles and use it. And when the next time you access your bank thru mobile, your all money is gone..!!
  63. 63. IT MAKES GOVT. RESPONSIVEThe GOVT. is seen Drastic change in recent times with the use of technology… • SLOW thereby reducing • BUREAUCRATIC • CORRUPT • Hassles Paper work • Corruption And has • Accelerated the speed of service • Scale of service
  64. 64. E-GOVT.• Income Tax • Municipalities • Land Records• Passport/VISA • Gram Panchayats • Road Transport (Rural)• Company Affairs • Property Registration • Police• Central Excise • Agriculture • Employment Exchange• Pensions • Online PAN card • E-Courts application• Online RailwayBooking • Aadhar Card
  65. 65. PREVENTIVE ACTION • More Public awareness campaigns about the cyber world • Training of police officers to effectively combat cyber crimes • More Cyber crime cells to be set up • Effective E-surveillance • Websites aid in creating awareness and encouraging reporting of cyber crime cases. • Specialized Training of forensic investigators and experts • Active coordination between police and other law enforcement agencies and authorities is required.
  66. 66. CONCLUSION • There is much less Hacking For Fun, and much more Hacking For Profit. Cybercrime has therefore become an enterprise with a thriving underground economy. • New cybercriminals don’t have to develop their own code… They can rent botnets and even purchase licensed malware that comes with its own tech support. • Effective implementation of Cyber Law. • Cyber crime is now developing and spreading faster than ever. • So welcome in the World Wild Web… And Happy Forensics..! :) HAPPY HUNTING…!!!