Cyber Security

Unit 2 – Reading Material

Introduction to Cybercrime

Cybercrime refers to illegal activities that involve the use of computers, digital devices, or
networks. As information technology advances, so does the sophistication and diversity of
cybercrimes. These crimes range from unauthorized access and identity theft to large-scale
attacks on financial systems and critical infrastructure. Cybercrime can affect individuals,
businesses, and governments alike, leading to financial loss, data breaches, and damage to
reputation. Understanding cybercrime is crucial in a world increasingly dependent on digital
infrastructure.

Moreover, with the proliferation of mobile devices and Internet of Things (IoT), the attack
surface for cybercriminals has significantly expanded. Everyday devices like smart TVs,
wearable gadgets, and even home appliances can now be targeted. Therefore, a fundamental
understanding of cyber threats and defences is essential for every IT graduate.

Classification of Cybercrimes

Cybercrimes can broadly be categorized into the following types:

1. Crimes against Individuals: These include online harassment, identity theft, and
personal data breaches. Examples: cyberstalking, cyber defamation, and email
spoofing.
2. Crimes against Property: These involve attacks on computer systems or data for
financial gain or sabotage. Examples include hacking, DDoS attacks, spamming,
ransomware attacks, and malware distribution.
3. Crimes against Government or Society or organisation: These are high-impact
crimes that threaten national security, including cyberterrorism, cyberwarfare, and
hacking into defense or intelligence systems.
1. Crimes against individuals:
a) Email spoofing:
This technique is a forgery of an email header. This means that the message appears to have
been received from someone other than the genuine or actual source. These tactics are usually
used in spam campaigns or phishing because people will probably open an electronic mail or
an email when they think it has been sent by a legitimate source.
b) Phishing:
Phishing means trying to fool people into parting with their money. Phishing refers to the
receipt of unsolicited emails by customers of financial institutions requesting them to enter
their username, password or other personal information to access their account. The
criminal then has access to the customer's online bank account and the funds in that account.
The customers click on the links on the email to enter their information, so they remain
unaware that the fraud has occurred.
c) Scamming:
Spam is using electronic messaging systems to send unsolicited bulk messages
indiscriminately.
d)Cyber Defamation:
It is an act of imputing any person with the intent to lower the person in the estimation of the
right-thinking members of society generally or to cause him to be shunned or avoided or to
expose him to hatred, contempt or ridicule. For example, the mail account of Sunil was
hacked and some emails were sent from his account to some of his batch mates regarding his
affair with a girl who intended to defame him.
e) Cyber-stalking:
Cyber stalking involves following a person’s movements across the Internet by posting
messages (sometimes threatening) on the victim's bulletin boards, entering the victim's chat
rooms, and constantly bombarding the victim with emails, etc.
f) Salami Attack:
A salami attack is when small attacks add up to one major attack that can go undetected due
to the nature of this type of cybercrime. It is also known as salami slicing. For example, the
attacker uses an online database to seize the information of customers that as bank/credit
card details deducting very small amounts from every account over a period of time. The
customers remain unaware of the slicing and hence no complaint is launched, thus
preventing the hacker from detection.
g) Computer sabotage:
The use of the internet to halt the normal functioning of a computer system through the
introduction of worms, viruses, or logic bombs is called computer sabotage.
h) Malware:
Malware is any software that infects and damages a computer system without the owner's
knowledge or permission and takes control of any individual’s computer to spread a bug to
other people’s devices or social networking profiles.

2. Crimes against property:

a) Intellectual Property crimes:
Any unlawful act by which the owner is deprived completely or partially of his rights is a
crime. The most common crimes are software piracy, copyright infringement, trademark
infringement, computer source code theft, etc.

b) Cyber Squatting:
It involves two persons claiming for the same Domain Name either by claiming that they had
registered the name first. For example, two similar names i.e. www.yahoo.com and
www.yahhoo.com.
c) Cyber Vandalism:
Vandalism means damaging the property of another. Thus cyber vandalism means destroying
or damaging the data or information stored on the computer when a network service is
stopped or disrupted.
d) Hacking Computer System:
Hacking, in simple terms, means an‖ illegal intrusion into a computer system and/or network.
Hacking attacks include Famous social networking sites such as Facebook, Twitter, and
blogging platform by unauthorized access/control over the computer. Due to the hacking
activity, data and computer systems will be lost. Also, research especially indicates that those
attacks were not mainly intended for financial gain too and to diminish the reputation of a
particular person or company.
e) Altering in an unauthorized way:
This requires little technical expertise and is a common form of theft by employees altering
the data before entry, entering false data, or entering unauthorized instructions or using
unauthorized processes; Altering, destroying, suppressing, or stealing output, usually to
conceal unauthorized transactions.
f) Logic bomb:
A logic bomb is a piece of code intentionally inserted into a software system that will set off a
malicious function when specified conditions are available. For example, a programmer may
hide a piece of code that starts deleting files should they ever be terminated from the
company.
g) Trojan horse:
Trojan horses are email viruses that can duplicate themselves, stealinformation, or harm the
computer system.

3. Cyber crimes against organizations:

a) Hacking:
It means unauthorized control/access over a computer system and hacking completely
destroys the whole data and computer programs.
b) Denial of service attacks:
The criminal floods the bandwidth of the victim‘s network. The attackers typically target sites
or services hosted on high-profile web servers such as banks, credit card payment gateways,
mobile phone networks, and root name servers. Denial of service attacks is designed to
consume resources so that other users cannot use the resources and are therefore denied
service. In a Computer network environment, the key resources are CPU, memory, and
bandwidth.
 c) Password sniffing:
Password sniffers are programs that monitor and record the name and password of network
users as they login, at site.
d) Virus attack:
A computer virus is a malware program that, when executed, replicates by inserting copies of
itself (possibly modified) into other computer programs, data files, or the boot sector of the
hard drive; when this replication succeeds, the affected areas are then said to be “infected.”
e) E-mail bombing/mail bomb:
Refers to sending a large no of emails to the victim to crash the victim's E-mail account or
server crash.

Common Cybercrimes
1 Cybercrime Targeting Computers and Mobiles

 Hacking: Unauthorized access to a device or network to manipulate or steal data.

 Phishing: Trick emails or messages that lure users into revealing sensitive
information.
 Spyware and Keyloggers: Tools that record user activity and transmit it to criminals.

2 Cybercrime Against Women and Children

 Cyberstalking: Persistent, unwanted monitoring or contact via digital channels.

 Cyberbullying: Harassment or humiliation of victims, often on social media
platforms.
 Child Exploitation: Use of online platforms to distribute illegal or harmful content
involving minors.

3 Financial Frauds

 Online Banking Fraud: Gaining unauthorized access to bank accounts or using fake
credentials.
 Credit Card Fraud: Illegally using card information for transactions.
 Investment Scams: Fake websites or messages promising high returns for money.

Social Engineering Attacks

Social engineering is a psychological manipulation technique used to trick individuals into
divulging confidential information or performing actions that compromise security. These
attacks are often difficult to detect.
  Phishing and Spear Phishing: Mass emails vs. targeted attacks.
 Pretexting: Impersonating a trusted entity to collect information.
 Baiting: Offering free software or devices infected with malware.
 Quid pro quo: Offering a service in exchange for access.
 Tailgating: Physically following someone into a secure area.

Example: A scam call pretending to be from tech support asking for remote access to your
PC.

Malware and Ransomware Attacks

Malware is malicious software designed to harm, exploit, or disable computer systems.

 Types of Malware: Viruses, worms, Trojans, spyware, and adware.

(1) Virus
 Definition: A virus is a type of malware that attaches itself to a
legitimate program or file and spreads from one computer to another
when the infected program is run.

 Key Feature: Needs user action (like opening a file) to activate.

 Example: A virus in a Word document that runs harmful code when
the file is opened.

(2) Worm

 Definition: A worm is a standalone malware that can replicate and

spread to other computers without any user action.
 Key Feature: Self-replicating over networks.
 Example: The ILOVEYOU worm that spread through email
attachments.

(3) Trojan (Trojan Horse)

 Definition: A Trojan disguises itself as legitimate software to trick

users into installing it. Once activated, it can give attackers access to
the system.
 Key Feature: Hidden malicious function inside a trusted-looking
application.
 Example: A fake antivirus program that actually steals your data.

(4) Spyware

 Definition: Spyware secretly collects user data, such as keystrokes,

browsing habits, and personal information, without consent.
 Key Feature: Covert data collection.
  Example: Keyloggers that record everything you type, including
passwords.

(5) Adware

 Definition: Adware automatically delivers or displays unwanted ads, often

in the form of pop-ups or redirecting browser searches.
 Key Feature: Annoying advertisements, often bundled with free software.
 Example: A toolbar that shows pop-up ads every time you open your
browser.

 Ransomware: Encrypts data and demands ransom in cryptocurrency.

Ransomware: An Overview

Definition:
Ransomware is a type of malware that locks or encrypts your files or entire system and
demands a ransom payment (usually in cryptocurrency) to restore access.

🧠 How It Works:

1. Infection:
o Through phishing emails, malicious attachments, fake downloads, or exploit
kits.
o Sometimes spreads via remote desktop protocol (RDP) or vulnerabilities in
software.
2. Encryption:
o Once active, it encrypts files like documents, images, databases, etc., using
strong algorithms.
o You’ll see extensions like .locked, .encrypted, etc., added to filenames.
3. Ransom Demand:
o A ransom note appears (often as a pop-up or text file), demanding payment
(typically in Bitcoin) in exchange for a decryption key.
o If the ransom is unpaid, files may remain inaccessible or get deleted.
4. Payment & Consequences:
o Paying the ransom doesn’t guarantee file recovery.
o Encourages further criminal behavior and doesn’t fix system vulnerabilities.

💥 Impact of Ransomware:

 Data loss (permanent if no backup).

 Downtime for individuals or entire organizations.
 Financial loss (ransom + recovery costs).
 Reputation damage for businesses.
 Potential legal issues due to data breaches.
🔍 Examples of Famous Ransomware:

Name Description
Global attack in 2017; affected hospitals, banks, etc. Spread via a Windows
WannaCry
exploit.
Disguised as ransomware but actually a wiper. Hit Ukraine and international
Petya/NotPetya
companies.
Locky Spread via infected Word documents through email.
Ryuk Targeted high-value victims like hospitals and government entities.

Protection Against Ransomware:

1. Backup your data regularly (offline or cloud).

2. Keep software and OS updated (patch vulnerabilities).
3. Use strong antivirus and anti-malware software.
4. Avoid clicking on suspicious links or attachments.
5. Implement email filters and firewalls.
6. Educate users about phishing and cybersecurity hygiene.

Diagram: Malware Infection Cycle

Zero-Day Attacks
Zero-day attacks exploit unknown vulnerabilities in software or hardware, often before the
developer is even aware of them. Since there's no immediate patch, these attacks are
particularly dangerous.

 Detection Difficulty: Zero-day exploits are often sold on the dark web.
 Impact: Can lead to data loss, system damage, or spying.

Real-World Incident: The Stuxnet worm, a zero-day exploit, targeted Iranian nuclear
systems.

Cybercriminals' Modus Operandi

Cybercriminals employ a wide range of techniques to conduct their activities:

 Botnets: Networks of infected computers used to launch large-scale attacks.

  Dark Web Marketplaces: Platforms for buying/selling stolen data, malware, and
illegal services.
 Cryptocurrency: Allows anonymous transactions that are hard to trace.
 Social Engineering: Exploiting human psychology to breach systems.

Reporting of Cybercrimes
Prompt reporting helps in timely investigation and prevention. In India, cybercrime reporting
is facilitated through:

 National Cybercrime Reporting Portal: https://cybercrime.gov.in/

 Cyber Cells: Located in most cities; specialized in digital forensics.
 Helpline Number: 1930 (for financial frauds)

Steps to Report: Collect evidence (screenshots, emails), file a complaint online or at a police
station, and follow up.

Remedial and Mitigation Measures

Mitigation strategies help prevent or minimize the impact of cybercrimes:

 Software and System Updates: Ensure patches are applied regularly.

 Strong Authentication: Use of biometrics or two-factor authentication.
 Awareness Campaigns: Educate users about cyber hygiene.
 Firewalls and Encryption: Add extra layers of security.
 Backup and Recovery Plans: Protect critical data from ransomware.

Cybersecurity Best Practices