cyber crime & security
DESCRIPTION
Uploader : RONSON CALVIN FERNANDES Currently pursuing MCA@MIT,ManipalTRANSCRIPT
Cyber Crime 1
CYBER CRIME
Presented By : Ronson Calvin Fernandes.
Manipal Institute of Technology - Manipala
22/02/201322/02/2013
Cyber Crime
2
A quick peek into . . . .
22/02/2013
What is Cyber Crime ? What is Crime Ware ? CrimeWare - Bot’s , Trojan’s & Spywares. Online fraud – Phishing & Pharming. Kinds of Cyber Crime. Basic Prevention Tips. Cyber laws @ your disposal. References.
Cyber Crime
3
22/02/2013
Crime committed using a computer and the internet to steal a person’s identity or illegal imports or malicious programs.
Cybercrime is nothing but where the computer used
as an object or subject of crime.
Most of these crimes are not new. Criminals simply devise different ways to undertake standard criminal activities such as fraud , theft , blackmail and forgery using the new medium , often involving the Internet .
What is cyber crime?
Cyber Crime
4
Types of Cyber Crimes
22/02/2013
Cyber Crime refers to all activities done with criminal intent in cyberspace. These fall into three slots.
Those against persons.
Against Business and Non-business organizations.
Crime targeting the government.
Cyber Crime
5
22/02/2013
Cyber Crime
6
What is Crime Ware ?
22/02/2013
The software tools used in cybercrime is sometimes referred to as Crimeware.
Crimeware is software that is used in the commission of the criminal act.
Not generally regarded as a desirable software or hardware application
Cyber Crime
7
22/02/2013
Cyber Crime
8
Crimeware – Bots
22/02/2013
What's a Bot? "Bot" is actually short for robot – not the
kind found in science fiction movies. Bots are one of the most sophisticated
types of crimeware. They are similar to worms and Trojans,
performs automated tasks on behalf of their master (the cybercriminals) (i.e) co-ordinated "denial-of-service" attack.
Victim machines = “Zombies."
Cyber Crime
9
Bots (continued . .)
22/02/2013
Bots search for vulnerable, unprotected computers to infect and stay hidden till they are activated.
Bots do not work alone, but are part of a network of infected machines called a "botnet.“
A botnet is typically composed of large number victim machines that stretch across the globe.
Cyber Crime
10
How BotNet works ?
22/02/2013
Cyber Crime
11
Trojan Horses , Spyware & Crime
22/02/2013
Trojans and spyware are crimeware—two of the essential tools a cybercriminal.
Used to obtain unauthorized access and steal information from a victim as part of an attack.
The creation and distribution of these programs
is on the rise, almost 37% of unauthorised access and info stealing is through trojan’s and spywares. [2]
Cyber Crime
12
Trojan Horses
22/02/2013
A Trojan horse program presents itself as a useful computer program, while it actually causes havoc and damage to your computer.
Trojans are the first stage of an attack. Primary purpose - stay hidden while downloading
and installing a stronger threat such as a bot. Cannot spread by themselves - often delivered
to a victim through an email message. Trojan horse lurks silently on the infected
machine, downloading spyware, while the victim continues on with their normal activities.
Cyber Crime
13
Spywares
22/02/2013
Programs that covertly monitor your activity on your computer, gathering usernames, passwords, account numbers, files, and even driver's license or social security numbers.
Some spyware focuses on monitoring a person's Internet behavior; Tracks the places you visit and things you do on the web.
Spyware is similar to a Trojan horse in that users unknowingly install the product when they install something else.
Cyber Crime
14
Phishing [2]
22/02/2013
What is Phishing? Phishing is essentially an online con
game, and phishers are nothing more than tech-savvy con artists and identity thieves.
They use spam, fake Web sites, crimeware and other techniques to trick people into divulging sensitive information, such as bank and credit card account details.
For example, a flaw in the IRS Web site.
Cyber Crime
15
How phishing works ?
22/02/2013
In most cases, phishers send out a wave of spam email, sometimes up to millions of messages.
Each email contains a message that appears to come from a well-known and trusted company.
The bogus Web site urges the visitor to provide confidential information — social security numbers, account numbers, passwords, etc.
While it is impossible to know the actual success rates to all phishing attacks, it is commonly believed that about 1 to 10 percent of success. [2]
Cyber Crime
16
How Phishing works ? [3]
22/02/2013
Cyber Crime
17
How phishing works (continued . .)
22/02/2013
Over 2005, phishers became much more sophisticated.
This trend means that by simply following the link in a phishing email to a bogus Website, a user's identity could be stolen as the phisher would no longer need to get you to enter your personal information .
The Trojan or spyware placed onto your machine would capture this information the next time you visit the legitimate Web site of your bank or other online service.
Cyber Crime
18
Phishing Process
22/02/2013
Cyber Crime
19
Pharming [2]
22/02/2013
Pharming is another form of online fraud.
More difficult to detect as they are not entirely reliant upon the victim accepting a "bait" message.
Instead of relying completely on users clicking on an enticing link in fake email messages, pharming instead re-directs victims to the bogus Web site even if they type the right Web address.
Cyber Crime
20
How Pharming works ? [5]
22/02/2013
Pharmers re-direct their victims using a ploy called DNS cache poisoning.
DNS cache poisoning is an attack on the Internet Domain Naming System.
The naming system relies upon DNS servers to handle the conversion of the letter-based Web site names, into the machine-understandable digits (IP Address) that directs users to the Web site of their choice.
Cyber Crime
21
How Pharming works (continued . .)
22/02/2013
When a pharmer mounts a successful DNS cache poisoning attack, they are effectively changing the rules of how traffic flows for an entire section of the Internet!
Phishers drop a couple lines in the water and wait to see who will take the bait. Where as
Pharmers are more like cybercriminals harvesting the Internet at a scale larger than anything seen before.
Cyber Crime
22
22/02/2013
Cyber Crime
23
Kinds of Cyber Crimes
22/02/2013
E-Mail bombing : Sending huge amounts of E-mails.
Salami attacks: These attacks are used for the commission of financial crimes.
Denial of Service: This involves flooding computer resources with more requests than it can handle.
Cyber Crime
24
Kinds of Cyber Crimes (continued ..)
22/02/2013
Sale of illegal articles : This would include sale of narcotics, weapons and wildlife etc.
Cyber Pornography : This would include pornographic websites.
E-Mail spoofing : A spoofed email is one that appears to originate from one source but actually has been sent from another source.
Online gambling : There are millions of websites, all hosted on servers abroad, that offer online gambling.
Cyber Crime
25
Basic Prevention Tips
22/02/2013
Cybercrime prevention can be straight-forward - when armed with a little technical advice and common sense, many attacks can be avoided.
In general, online criminals are trying to make their money as quickly and easily as possible. The more difficult you make their job, the more likely they are to leave you alone and move on to an easier target.
Keep your computer current with the latest patches and updates. Make sure your computer is configured securely. Choose strong passwords and keep them safe. Protect your computer with security software. Protect your personal information. Online offers that look too good to be true usually are. Review bank and credit card statements regularly.
Cyber Crime
26
What To Do If You're a Victim
22/02/2013
If You're a Victim of Crimeware. Disconnect immediately. Scan your computer with an up-to-date
antivirus program Back up your critical information. Consider going back to ground-zero
Cyber Crime
27
What To Do If You're a Victim(cont..)
22/02/2013
If You're a Victim of Online Fraud.
Close affected accounts immediately File a police report. Contact government agencies Watch your credit reports closely. Look for signs of identity theft.
Cyber Crime
28
Cyber laws @ your disposal
22/02/2013
Snapshot of Important Cyberlaw Provisions in India Offence Section under IT Act
Offence Section
Tampering with Computer source documents
Sec.65
Hacking with Computer systems, Data alteration
Sec.66
Publishing obscene information Sec.67
Un-authorized access to protected system
Sec.70
Breach of Confidentiality and Privacy
Sec.72
Publishing false digital signature certificates
Sec.73
Cyber Crime
29
Cyber laws @ your disposal (cont ..)
22/02/2013
Offence Section
Threatening messages by E-mail Sec 503 IPC
Defamatory messages by E-mail Sec 499 IPC
Forgery of electronic records Sec 463 IPC
Bogus websites, cyber frauds Sec 420 IPC
Email spoofing Sec 463 IPC
Web-Jacking Sec 383 IPC
E-Mail Abuse Sec 500 IPC
Online sale of Drugs NDPS Act
Online sale of Arms Arms Act
Computer Related Crimes covered under Indian Penal Code and Special Laws .
Cyber Crime
30
References
22/02/2013
[1]. Susan W. Brenner, Cybercrime: Criminal Threats from
Cyberspace [2]. Norton , Symantec Group.
http://in.norton.com/cybercrime [3]. SEMCOM Cyberlaw Clinic.
www.cyberlawclinic.org [4]. “Cyber Crime Statistics in India”.
http://www.indiafacts.in [5]. Carnegie Cyber Academy - National Cyber Security
Awareness.
http://www.carnegiecyberacademy.com
Cyber Crime
31
22/02/2013