UNIT I INTRODUCTION

Cyber Security –History of Internet–Impact of Internet–CIA Triad; Reason for Cyber

Crime –Need for Cyber Security–History of Cyber Crime; Cyber criminals –Classification of
Cyber crimes–A Global Perspective on Cyber Crimes; Cyber Laws – The Indian IT Act –
Cybercrime and Punishment.

1.1 Cyber Security

Cyber security is the preservation through policy technology and education of the
Availability, confidenality and integrity of information and its underlying infrastructure so as to
enhance the security of person of both online and offline.
"Cyber security is primarily about people, processes, and technologies working together to
encompass the full range of threat reduction, vulnerability reduction, deterrence, international
engagement, incident response, resiliency, and recovery policies and activities, including
Computer network operations, information assurance, law enforcement ,etc."
OR
Cyber security is the body of technologies, processes, and practices designed to protect
networks, computers, programs and data from attack, damage or unauthorized access.
• The term cyber security refers to techniques and practices designed to protect digital data.
• The data that is stored, transmitted or used on an information system.
OR
Cyber security is the protection of Internet-connected systems, including hardware,
software, and data from cyber attacks. It is made up of two words one is cyber and other
is security.
• Cyber is related to the technology which contains systems, network and
programs or data.
• Whereas security related to the protection which includes systems security, network
security and application and information security.
1.1.1 Importance of Cyber Security:
• Cyber attacks can be extremely expensive for businesses to endure.
• In addition to financial damage suffered by the business, a data breach can also inflict
untold reputational damage.
• Cyber-attacks these days are becoming progressively destructive. Cybercriminals are using
more sophisticated ways to initiate cyber attacks.
• Regulations such as GDPR are forcing organizations into taking better
care of the personal data they hold.
Because of the above reasons, cyber security has become an important part of the business
and the focus now is on developing appropriate response plans that minimize the damage in
the event of a cyber attack. But, an organization or an individual can develop a proper
response plan only when he has a good grip on cyber security fundamentals.
1.2 History of Internet:
The Internet started in the1960s as away for government researchers to share
information. Computers in the '60s were large and immobile and in order to make use of
information stored in any one computer, one had to either travel to the site of the computer or
have magnetic computer tapes sent through the conventional postal system.
Another catalyst in the formation of the Internet was the heating up of the Cold War.
The Soviet Union's launch of the Sputniks at ellites purred the U.S. Defense Department to
consider ways information could still be disseminated even after a nuclear attack. This
eventually led to the formation of the ARPANET (Advanced Research Projects Agency
Network), the network that ultimately evolved into what we now know as the Internet.
ARPANET was a great success but membership was limited to certain academic and
research organizations who had contracts with the Defense Department. In response to this,
other networks were created to provide information sharing.
January 1, 1983 is considered the official birthday of the Internet. Prior to this, the
various computer networks did not have a standard way to communicate with each other. A
new communications protocol was established called Transfer Control Protocol/Internetwork
Protocol (TCP/IP). This allowed different kinds of computers on different networks to "talk" to
each other. ARPANET and the Defense Data Network officially changed to the TCP/IP
standard on January 1, 1983, hence the birth of the Internet. All networks could now be
connected by a universal language. This allowed different kinds of computers on different
networks to "talk" to each other. ARPANET and the Defense Data Network officially changed
to the TCP/IP standard on January 1, 1983, hence the birth of the Internet. All networks
could now be connected by a universal language.

Model of Univac I computer, c.1954

The image above is a scale model of the UNIVAC I (the name stood for Universal
Automatic Computer) which was delivered to the Census Bureau in 1951. It weighed some
16,000 pounds, used 5,000 vacuum tubes, and could perform about 1,000 calculations per
second. It was the first American commercial computer, as well as the first computer
designed for business use. (Business computers like the UNIVAC processed data more
slowly than the IAS-type machines, but were designed for fast input and output.) The first few
sales were to government agencies, the A.C. Nielsen Company, and the Prudential
Insurance Company. The first UNIVAC for business applications was installed at the General
Electric Appliance Division, to do payroll, in1954. By1957 Remington-Rand (which had
purchased the Eckert-Mauchly Computer Corporation in 1950) had sold forty-six machines.
Impact of Internet:
Positive Impact of Internet:
 Learning Communication Social Networks
 Health Care Business Entertainment
 Jobs and Employment
Negative Impact of Internet:
 Internet Addiction Information Overload
 Harmful effects on Social Relationships
 Harmful effects on Knowledge and belief
 Cyber Crimes
 Loss of Privacy
1.3 CIA TRIAD:
We use a control or counter measure as protection. That is, a control is an action,
device, procedure, or technique that removes or reduces vulnerability.
These characteristics are both basic security properties and the objects of security
threats. We can define these three properties as follows.
• Availability: the ability of a system to ensure that an asset can be used by any authorized
parties
• Integrity: the ability of a system to ensure that an asset is modified only by authorized parties
• Confidentiality: the ability of a system to ensure that an asset is viewed only by authorized
parties adds properties that are desirable, particularly in communication networks:
• Authentication: the ability of a system to confirm the identity of a sender
• Non repudiation or Accountability: the ability of a system to confirm that a sender cannot
convincingly deny having sent something
C-I-A triad: Confidentiality, Integrity, Availability
Confidentiality: The definition of confidentiality is straightforward: Only authorized people or
systems can access protected data.
Confidentiality is about preventing the disclosure of data to unauthorized parties. It also
means trying to keep the identity of authorized parties involved in sharing and holding data
private and anonymous.
Often confidentiality is compromised by cracking poorly encrypted data, Man-in-the-
middle (MITM) attacks, disclosing sensitive data.
Standard measures to establish confidentiality include:
• Data encryption
• Two-factor authentication
• Biometric verification
• Security tokens
Properties that could mean a failure of data
Confidentiality:
• An unauthorized person accesses a data item.
• An unauthorized process or program accesses a data item.
• A person authorized to access certain data accesses other data not authorized (which
is a specialized version of “an unauthorized person accesses a data item”).
• An unauthorized person accesses an approximate data value (for example, not
knowing someone’s exact salary but knowing that the salary falls in a particular
range or exceeds a particular amount).
• An unauthorized person learns the existence of a piece of data (for example,
knowing that a company is developing a certain new product or that talks are
underway about the merger of two companies).
Integrity:
Integrity refers to protecting information from being modified by unauthorized parties.Three
particular aspects of integrity are
• Authorized actions
• Separation and protection of resources
• Error detection and correction.
Integrity can be enforced in much the same way as can confidentiality: by rigorous control of
who or what can access which resources in what ways.
Standard measures to guarantee integrity include:
• Cryptographic check sums
• Using file permissions
• Uninterrupted power supplies
• Data backups
If we say that we have preserved the integrity of an item, we may mean that the item is
• precise
• accurate
• unmodified
• modified only inacceptable ways
• modified only by authorized people
• modified only by authorized processes
• consistent
• internally consistent
• meaningful and usable
Availability
Availability is making sure that authorized parties are able to access the information when
needed. Availability applies both to data and to services (that is, to information and to information
processing), and it is similarly complex. As with the notion of confidentiality, different people
expect availability to mean different things. For example, an object or service is thought to be
available if the following are true:
• It is present in a usable form.
• It has enough capacity to meet the service’s needs.
• It is making clear progress, and, if in wait mode, it has a bounded waiting time.
• The service is completed in an acceptable period of time.
We can construct an overall description of availability by combining these goals. Following are
some criteria to define availability.
• There is a timely response to our request.
• Resources are allocated fairly so that some requesters are not
favored over others.
• Concurrency is controlled; that is, simultaneous access, deadlock
management, and exclusive access are supported as required.
• The service or system involved follows a philosophy of fault tolerance,
Where by hardware or software faults lead to graceful cessation of service or to work-around
rather than to crashes and abrupt loss of information. (Cessation does mean end; whether it
is graceful or not, ultimately the system is unavailable. However, with fair warning of the
system’s stopping, the user may be able to move to another system and continue work.)
• The service or system can be used easily and in the way it was intended to be used. (This
is a characteristic of usability, but an unusable system may also cause an availability failure.)
Standard measures to guarantee availability include:
• Backing up data to external drives
• Implementing firewalls
• Having backup power supplies
• Data redundancy
A person or system can do three basic things with a data item: view it, modify it, or use it.
Thus, viewing (confidentiality), modifying (integrity), and using (availability) are the basic
modes of access that computer security seeks to preserve.
Computer security seeks to prevent unauthorized viewing (confidentiality) or modification
(integrity) of data while preserving access (availability).
Harm:
TheC-I-Atriadcanbeviewedfromadifferentperspective:thenatureoftheharmcausedtoassets.
Harm can also be characterized by four acts: interception, interruption, modification, and
fabrication.
Reason for Cyber Crime:
Personal motives: Some cyber criminals engage in cyber crime to harass, defame or harm
individuals or organizations. Opportunism: Some cyber criminals engage in cyber crime
simply because they can, taking advantage of security vulnerabilities in technology or in
people to steal information or resources.
The purpose of cyber attacks can be:
Illegal or Unauthorized access to data:
Through unauthorized access, hackers attempt to either delete or modify the data.
Extortion:
In exchange for money or ransom, hackers threaten the victim by illegally gaining access to their
sensitive and private data.
Hurt the Competition’s Business:
Hackers steal trade secrets or other valuable information, such as Intellectual Properties that
has significant value on the black market, to hurt a competitor’s business. Once these trade
secrets are public, the company could lose its proprietary advantage, in turn affecting its
profitability.
Disrupt Business activity:
Hackers of ten aims to disrupt the day-to-day operations of an organization.
Damage reputation:
Breaches lead to a loss of trust among an organization’s customer base.
Need for Cyber Security
Cyber security is the practice of securing computer systems and networks against
unauthorized access or being otherwise damaged or made inaccessible by mitigating
information risks and vulnerabilities. Information risks include unauthorized access,
interception, use, disclosure, or data destruction.
Cybercrime can potentially seriously disrupt and damage your business. As well as
commercial losses and compromised reputation, attacks can expose your business to:
Regulatory action or negligence claims inability to meet contractual obligations loss of trust
among customers and suppliers
The significance of cyber security in today’s digital age cannot be understated. A single
security breach has severe consequences in today’s interconnected world, resulting in heavy
financial losses and data loss, as well as hurting its reputation.
For instance, in 2017 Equifax breach exposed the personal identification information of over
145 million people. In 2018,the breach at Marriott leaked the personal information of over 500
million people.
As our dependence on IT and technology grows, so do the volume and sophistication of
cyber attacks. Cyber security helps to secure systems and networks against these
threats.

Cyber Crime: Cyber crime or a computer-oriented crime is a crime that includes a computer and
a network. The computer may have been used in the execution of a crime or it may be the target.
Cyber crime is the use of a computer as a weapon for committing crimes such as committing
fraud, identity theft, or breaching privacy. Cybercrime, especially through the Internet, has grown
in importance as the computer has become central to every field like commerce, entertainment,
and government. Cybercrime may endanger a person or a nation’s security and financial health.
Cyber crime encloses a wide range of activities, but these can generally be divided into
two categories:
Crimes that aim at computer networks or devices. These types of crimes involve different
threats (like virus, bugs etc.) and denial-of-service (DoS) attacks.
Crimes that use computer networks to commit other criminal activities. These types of
crimes include cyber stalking, financial fraud or identity theft.
Classification of Cyber Crime:
Cyber crime against individual
• Electronic mail spoofing and other fraud
• Phishing
• Spamming
• Cyber defamation
• Cyber stalking
• Computer Sabotage
• Pornographic Offenses
• Password Sniffing Cyber crime against property
• Credit card frauds
• Intellectual Property Crimes
• Internet time theft
Cybercrime against organization
• Unauthorized accessing of computer
• Password sniffing
• Denial of service attacks
• Virus attack/Dissemination of viruses
• Email Bombing
 • Salami Attack
• Logic Bomb
• Trojan Horse
• Data Didding
• Crimes emanating from use net newsgroup
• Industrial spying/espionage
• Computer Network Intrusions
• Software Privacy
Cyber Crime against society
• Forgery
• Cyber Terrorism
• Web Jacking
Crime emanating from use net newsgroup
Cyber Terrorism
Cyber terrorism is the use of the computer and internet to perform violent acts that result in
loss of life. This may include different type of activities either by software or hardware for
threatening life of citizens.
In general, Cyber terrorism can be defined as an act of terrorism committed through the
use of cyberspace or computer resources.
Cyber Extortion
Cyber extortion occurs when a website, e-mail server or computer system is subjected to
or threatened with repeated denial of service or other attacks by malicious hackers. These
hackers demand huge money in return for assurance to stop the attacks and to offer
protection.
Cyber Warfare
Cyber warfare is the use or targeting in a battle space or warfare context of computers,
online control systems and networks. It involves both offensive and defensive operations
concerning to the threat of cyber attacks, espionage and sabotage.
Internet Fraud
Internet fraud is a type of fraud or deceit which makes use of the Internet and could include
hiding of information or providing incorrect information for the purpose of deceiving victims
form one y or property. Internet fraud is not considered a single, distinctive crime but covers
arrange of illegal and illicit actions that are committed in cyberspace.
Cyber Stalking
This is a kind of online harassment wherein the victim is subjected to a barrage of online
messages and emails. In this case, these stalkers know their victims and instead of offline
stalking, they use the Internet to stalk. However, if they notice that cyber stalking is not
having the desired effect, they begin offline stalking along with cyber stalking to make the
victims’ lives more miserable.

Challenges of Cyber Crime:

People are unaware of their cyber rights-
The Cyber crimes usually happen with illiterate people around the world who are unaware
about their cyber rights implemented by the government of that particular country.
Anonymity-Anonymity-
Those who Commit cybercrime are anonymous for us so we cannot do anything to that person.
Less numbers of case registered
Every country in the world faces the challenge of cyber crime and the rate of cyber crime is
increasingdaybydaybecausethepeoplewhoevendon’tregisteracaseofcybercrimeandthisis
major challenge for us as well as for authorities as well.
Mostly committed by well educated people
Committing a cyber crime is not a cup of tea for every individual. The person who
commits cyber crime is a very technical person so he knows how to commit the crime and
not get caught by the authorities.
No harsh punishment:
In Cyber crime there is no harsh punishment in every cases. But there is harsh punishment
in some cases like when somebody commits cyber terrorism in that case there is harsh
punishment for that individual. But in other cases there is no harsh punishments this
factorals gives encouragement to that person who commits cyber crime.
Prevention of Cyber Crime:
Below are some points by means of which we can prevent cyber crime:
Use strong password:
Maintain different password and username combinations for each account and resist the
temptation to write them down. Weak passwords can be easily cracked using certain
attacking methods like Brute force attack, Rainbow table attack etc, So make them
complex. That means combination of letters, numbers and special characters.
Use trusted antivirus in devices:
Always use trust worthy and highly advanced antivirus software in mobile and personal
computers. This leads to the prevention of different virus attack on devices.
Keep social media private:
Always keep your social media accounts data privacy only to your friends. Also make sure
only to make friends who are known to you.
Keep your device software updated:
Whenever you get the updates of the system software update it at the same time because
sometimes the previous version can be easily attacked.

Use secure network:

Public Wi-Fi are vulnerable. Avoid conducting financial or corporate transactions on these
networks.
Never open attachments in spame mails:
A computer gets infected by malware attacks and other forms of cyber crime is via
email attachments in spam emails. Never open an attachment from a sender you do not
know.
Software should be updated:
Operating system should be updated regularly when it comes to internet security. This
can become a potential threat when cybercriminals exploit flaws in the system

A Global Perspective on Cyber Crimes

Increasing Frequency and Complexity:
Cyber criminals continuously evolve their tactics, techniques, and procedures to exploit
vulnerabilities in systems and networks, making cyber attacks more sophisticated and
challenging to combat.
Cross-Border Nature:
This cross-border nature poses challenges for law enforcement and regulatory agencies
in terms of jurisdiction, coordination, and collaboration ininvestigatingand prosecuting
cyber criminals.
ImpactonIndividualsandOrganisations:
Cybercrimescanhavesignificanteconomic,social,
andgeopoliticalconsequencesforindividuals,businesses,governments,andsocietyasawhole
.
EmergingTrendsandTechnologies:Rapidtechnologicaladvancements,suchastheInternetof
Things (IoT), artificial intelligence (AI), blockchain, and quantum computing, present both
opportunities and challenges in the fight against cyber crimes.
Regulatory and Policy Landscape: Governments around the world are enacting laws,
regulations,
andinternationalagreementstocombatcybercrimes,protectcriticalinfrastructure,safeguarddata
privacy, and promote cybersecurity best practices.

191CSE046JCyberSecurity
191CSE046JCyberSecurity
CyberLaws:
Cyber law, also known as internet law or digital law, signifies the legal regulations and
frameworksgoverningdigitalactivities.Itcoversalargerangeofissues,includingonline
communication, e-commerce, digital privacy, and the prevention and prosecution of
cybercrimes.
TypesofCyberLa
w Privacy Laws:
Privacylawsfocusonprotectingindividuals'personalinformationfromunauthorizedaccess
and use. They establish guidelines for the responsible handling of personal data by
organizations, ensuring individuals' privacy rights are upheld.
CybercrimeLaws:
Cybercrime laws define and penalize various cybercrimes, ensuring legal consequences
for offenders.Theselawsplayacrucialroleindeterringindividualsfromengaginginillegalonline
activities and provide a legal framework for prosecuting cybercriminals.
IntellectualPropertyLaws:
Intellectual property laws in the digital domain protect patents, copyrights, and
trademarks
fromunauthorizeduse.Theyprovidealegalfoundationforcreatorsandinnovatorstoprotect
their digital assets.
E-commerceLaws:
E-commerce laws regulate online business transactions, defining rules for contracts,
transactions,andconsumerprotection.Theselawscontributetotheestablishmentofasecure
and fair online marketplace.
CyberDefamationLaws:
Cyber defamation laws address libel and slander in the digital space. They provide legal
remediesforindividualsorentitieswhosereputationsmaybetarnishedbyfalseordamaging
information circulated online.
CybersecurityLaws:
Cybersecurity laws establish standards for securing digital systems and data. These laws
mandateorganizationstoimplementmeasurestoprotectagainstcyberthreats,contributingto
the overall resilience of digital infrastructure.
SocialMediaLaws:
Social media laws address legal issues related to social media platforms, including user
rights
andcontentregulations.Theselawsaimtostrikeabalancebetweenfreedomofexpressionand
the prevention of online abuse or misinformation.
CyberContractsandE-signatureLaws:
Governing the validity and enforceability of contracts formed online, cyber contracts and
e- signaturelawsprovidelegalcertaintyforelectronictransactions.Theyfacilitatethegrowthof
online commerce by ensuring the legal recognition of digital agreements.
InternationalCyberLaws:
Withtheincreasingprevalenceofcross-bordercybercrimes,internationalcyberlawsaddress
the need for cooperation between nations. These laws facilitate collaboration in
investigating
andprosecutingcybercriminalsoperatingacrossborders.
DataBreachNotificationLaws:
Mandatingorganizationstoinformindividualsandauthoritiesintheeventofadatabreachof data
breachnotificationlaws enhancestransparencyand accountability.Theyensureprompt
action in response to security incidents, minimizing the potential impact on individuals and
businesses.
Advantages of Cyber Law
ProtectionAgainstCybercrimes
:
Cyberlawsactasadeterrentbyofferinglegalrecourseandprescribingpenaltiesforvarious
cybercrimes.Thisproactiveapproachhelpscurbillegalonlineactivitiesandprovidesasafer
digital environment for individuals and businesses alike.
DataPrivacy:
Safeguardingindividuals'digitalinformationisaparamountconcernaddressedbycyberlaws.
These regulations ensure that organizations handle personal data responsibly,
establishing a foundation of trust in digital transactions and interactions.
E-commerceRegulation:
The legal framework provided by cyber laws is crucial for the regulation of e-commerce.
It definesrulesforonlinetransactions,contracts,andconsumerprotection,therebyfosteringa
fair and secure online marketplace.
IntellectualPropertyProtection:
Cyberlawsplayapivotalroleinprotectingintellectualpropertyrightsinthevastdigital
domain. These laws prevent the unauthorized use and distribution of digital content,
encouraging innovation and creativity by safeguarding the fruits of intellectual labor.
TheIndianITAct
ThelawappliestothewholeofIndia.IfacrimeinvolvesacomputerornetworklocatedinIndia,
persons of other nationalities can also be indicted under the law. The Act provides a legal
framework for electronic governance by giving recognition to electronic records and digital
signatures.
The Information Technology Act, 2000 also Known as an IT Act is an act proposed by the
Indian Parliament reported on 17th October 2000. This Information Technology Act is
based on the United Nations Model law on Electronic Commerce 1996 (UNCITRAL
Model) which was suggested by the General Assembly of United Nations by a resolution
dated on 30th January, 1997. It is the most important law in India dealing with Cybercrime
and E-Commerce.
The main objective of this act is to carry lawful and trustworthy electronic, digital and
online transactions and alleviate or reduce cybercrimes. The IT Act has 13 chapters and
94 sections. The last four sections that starts from ‘section 91 – section 94’, deals with the
revisions to the Indian Penal Code 1860.
TheITAct,2000hastwoschedule
s: First Schedule –
DealswithdocumentstowhichtheActshallnotapply.
Second Schedule –
Dealswithelectronicsignatureorelectronicauthenticationmethod.
CybercrimeandPunishment:

TheoffencesandthepunishmentsinITAct2000:
TheoffencesandthepunishmentsthatfallsundertheITAct,2000areasfollows:-
• Tamperingwiththecomputersourcedocuments.
• DirectionsofControllertoasubscribertoextendfacilitiestodecryptinformation.
• Publishingofinformationwhichisobsceneinelectronicform.
• Penaltyforbreachofconfidentialityandprivacy.
• Hackingformaliciouspurposes.
• PenaltyforpublishingDigitalSignatureCertificatefalseincertainparticulars.
• Penaltyformisrepresentation.
• Confiscation.
• Powertoinvestigateoffences.
• ProtectedSystem.
• Penaltiesforconfiscationnottointerferewithotherpunishments.
• ActtoapplyforoffenceorcontraventioncommittedoutsideIndia.
• Publicationforfraudpurposes.
• PowerofControllertogivedirections.
SectionsandPunishmentsunderInformationTechnologyAct,2000

Section Punishment
Section43 ThissectionofITAct,2000statesthatanyactofdestroying,
altering or stealing computer system/network or deleting
data with malicious intentions without authorization from
ownerofthecomputerisliableforthepaymenttobemade
toownerascompensationfordamages.
Section43A This section of IT Act, 2000 states that any corporate
body dealing with sensitive information that fails to
implement reasonable security practices causing loss of
other person
willalsoliableasconvictforcompensationtotheaffected
party
Section66 HackingofaComputerSystemwithmaliciousintentions
 likefraudwillbepunishedwith3yearsimprisonmentor
thefineofRs.5,00,000or both.
Section66B,C,D Fraud or dishonesty using or transmitting information or
identity theft is punishable with 3 years imprisonment
orRs. 1,00,000 fine or both.
Section66E This Section is for Violation of privacy by transmitting
image of private area is punishable with 3
years
imprisonmentor2,00,000fineorboth.
Section66F ThisSectionisonCyberTerrorismaffectingunity,integrity,
security,sovereigntyofIndiathroughdigitalmediumis liable for
life imprisonment.
Section67 This section states publishing obscene information or
pornographyortransmissionofobscenecontentinpublicis
liableforimprisonmentupto5yearsorfineofRs.
10,00,000orboth