SlideShare a Scribd company logo

cyber crime and law regarding everything in this pdf

H
hritikop1999

EVERYTHING REGARDING CYBER CRIME AND LAW

Related slideshows

ccs12-18022310494mghmgmyy3 (1).pdf
ccs12-18022310494mghmgmyy3 (1).pdfccs12-18022310494mghmgmyy3 (1).pdf
ccs12-18022310494mghmgmyy3 (1).pdf
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber security
 
1 of 80
Download to read offline
WORLDWIDE 4.2 BILLION PEOPLE USE THE INTERNET ACTIVELY ESTIMATED 7% INCREASE IN THE INTERNET USERS IN THE LAST YEAR ALONE Source: International Telecommunications Union
The number of Internet users is growing So….. CYBER CRIME is bound to RISE………..
yber rime A generic term that refers to all criminal activities done using the medium of computers, the Internet, cyber space and the worldwide web. It is very difficult to classify crimes in general into distinct groups as many crimes evolve on a daily basis. CYBER SECURITY Protecting information, equipment, devices computer, computer resource, communication device and information stored therein from unauthorized access, use, disclosure, disruption, modification or destruction.
Hacking DOS attack Virus/Worm attacks Cyber Terrorism Credit card frauds, Pornography IPR violations Categories of Cyber Crime
HISTORY OF CYBER CRIME – FROM 1820 TO PRESENT 1820 1978 Employees committed acts of sabotage to discourage a textile manufacturer from further use of the new technology which allowed the repetition of a series of steps in the weaving of special fabrics . First Spam Email sent over the Arpanet
1997 Malicious Code, Trojan, Advanced Worms 1982 First Virus installed on Apple Computer 2004 Identity Theft, Phishing
2010 Social Engineering, DoS, Ransomware 2007 DNS Attacks, Rise of Botnets, SQL attacks, Anti Spam sites 2013 Keyloggers, Phone Hijacking, Cyber Warfare, Android Hacks
2015 Child Pornography, Cyber Terrorism Present Data Breaches, IoT Attacks, Cryptojacking
Indian Penal Code (IPC) Special and Local Laws (SLL) THE IT ACT REGISTRATION OF CYBER CRIME CASES IN INDIA Cyber Crime in India
Cases Registered under the IT ACT Tampering computer source documents (Section 65 IT Act) Loss /damage to computer resource/utility (Section 66 (1) IT Act) Hacking (Section 66 (2) IT Act) Obscene publication/transmission in electronic form (Section 67 IT Act) Failure of compliance/orders of Certifying Authority (Section 68 I T Act) Failure to assist in decrypting the information intercepted by Govt Agency (Section 69 IT Act) Un-authorised access/attempt to access to protected computer system (Section 70 IT Act) Obtaining licence or Digital Signature Certificate by misrepresentation / suppression of fact (Section 71 IT Act) Publishing false Digital Signature Certificate (Section 73 IT Act) Fraud Digital Signature Certificate (Section 74 IT Act) Breach of confidentiality/privacy (Section 72 IT Act) Others
Cases Registered under the IPC  Offences by/against Public Servant (Section 167, 172, 173, 175 IPC)  False electronic evidence (Section 193 IPC)  Destruction of electronic evidence (Section 204, 477 IPC)  Forgery (Section 463, 465, 466, 468, 469, 471, 474, 476, 477A IPC)  Criminal Breach of Trust (Section 405, 406, 408, 409 IPC)  Counterfeiting Property Mark (Section 482, 183, 483, 484, 485 IPC)  Tampering (Section 489 IPC)  Counterfeiting Currency / Stamps (Section 489A to 489E IPC)
*NCRB CII report -2018
CYBER CRIMES RECORDED IN 2018 KARNATAKA The states of Andhra Pradesh (1207) and Telangana(1205) along with Rajasthan(1104) are among the other states which have recorded a high number of cyber-crime cases.
6688 3076 2751 2704 Identity Theft Distribution of Sexually Explicit Content Offences other than Ransomware under Sec 66 Cheating by Personation MOST COMMON CYBER CRIMES (INDIA - 2018)
• Cheating, Fraud, Cyber Stalking form a majority of cyber-crimes booked under IPC. • 39% of the cases booked under various section of IPC related to ‘Fraud(under section 420, 465, 468- 471)’ i.e. 3,353 cases across all the states and UTs. • Of these, a major portion are related to ATM related frauds with 1284 cases. Bihar, Maharashtra and Odisha are among the states with the highest number of ATM related frauds. ATMs Cases booked under various section of IPC related to ‘Fraud(under section 420, 465, 468-471)’ 309 1284 319 968 Credit/Debit Card Online Banking Fraud OTP
15051 S E X U A L E X P L O I T A T I O N 2030 1212 1050 C A U S I N G D I S R E P U T E E X T O R T I O N FRAUD CYBER CRIMES CASES BY MOTIVE (INDIA - 2018)
HACKING DENIAL OF SERVICE ATTACK TROJANS, WORMS & VIRUSES SOFTWARE PIRACY PORNOGRAPHY CREDIT CARD FRAUD SPAMMING PHISHING SPOOFING CYBER STALKING CYBER DEFAMATION SALAMI ATTACK DATA THEFT IDENTITY THEFT EMAIL SPOOFING TYPES OF CYBER CRIME
Variants of Cyber Crime acking A crime which entails cracking systems and gaining unauthorized access to the data stored in them. yber Squatting Act of registering a famous Domain Name and then selling it for a fortune. This is an issue that has not been tackled in IT ACT 2000.
Hacked Twitter handles of Rahul Gandhi, Vijay Mallya and the latest Barkha Dutt and Ravish Kumar for NDTV.  They had tweeted a link to a partial data dump of about 1.2 GB emails of Barkha Dutt.  The group claims it has a bypass for Twitter two-factor authentication to get access to Twitter accounts.  Also bragged about having access to servers like Apollo Hospitals, but the group was unsure about releasing data from those servers.  LEGION HACKERS
Prevention Against Hacking  Perform required software updates  Install a firewall on your computer  Change your passwords every month  Purchase or download antivirus software  Monitor network traffic  Restrict software installation  Use strong passwords  Do not share professional information on social networks
DATA THEFT Data Theft is a growing problem, primarily perpetrated by office workers with access to technology such as desktop computers and hand-held devices, capable of storing digital information such as flash drives, iPods and even digital cameras. According to Information Technology (Amendment) Act, 2008, crime of data theft under Section 43 (b) is stated as - If any person without permission of the owner or any other person, who is in charge of a computer, computer system of computer network - downloads, copies or extracts any data, computer data base or information from such computer or computer network including information or data held or stored in any removable storage medium, then it is data theft.
Anonymous India claims that Reliance Jio is sending this data to companies in the US and Singapore and has also listed a step-by-step guide for anyone to verify this themselves. My Jio and Jio Dialer apps send this information to an ad network called Mad-Me. Reliance Jio Still Sharing Your Call Information With Foreign Countries - Anonymous India
VIRUS WHAT IT IS? A computer virus is a malware program that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or the boot sector of the hard drive; when this replication succeeds, the affected areas are then said to be "infected". TYPES Resident vs Non-resident Virus Macro Viruses Boot-sector Viruses
IDENTITY THEFT Identity theft is a form of fraud or cheating of another person’s identity in which someone pretends to be someone else by assuming that person’s identity, typically in order to access resources other benefits in that person’s name. Information Technology (Amendment) Act, 2008, crime of identity theft under Section 66-C, whoever, fraudulently or dishonestly make use of the electronic signature, password or any other unique identification feature of any other person known as identity theft. Ways to steal identity: Data Breaching, Unsafe social media usage, Email hacks According to the Norton report, • Every four of 10 Indians have experienced identity theft • 61% of participants feel they are protected against identify theft, but 63% didn't know what to do after it.
Indian Banking: Biggest data security Breach • About 32 lakh ATM cards were hit by cyber attack in October 2016. • ATM cards of the customers were blocked en-masse to avert financial damage, but it raises serious concerns over safety of online banking in India. Who is Responsible In Case of a Banking Fraud? “If anybody loses money online the end users are liable for the loss not the banks, unless the user proves to the bank that the fraud was ‘not’ a result of negligence. Negligence means a user’s system had malicious programme that stole credentials or the user logged into an unsafe system. These things are extremely difficult to prove. So, ultimately it becomes a user problem. The banks do not take responsibility. ” Yash KS, Software Architect Qualys in an interview
• Phishing is just one of the many frauds on the Internet trying to fool people into parting with their money. • Phishing refers to the receipt of unsolicited emails by customers of financial institutions, requesting them to enter their username, password or other personal information to access their account for some reason. • The fraudster then has access to the customer’s online bank account and to the funds contained in that account.
Phishing involves fraudulently acquiring sensitive information (e.g. passwords, credit card details etc) by masquerading as a trusted entity.
cyber crime and law regarding everything in this pdf
FACEBOOK PHISHING
Spear phishing Phishing attempts directed at specific individuals or companies
• Use of the Internet or other electronic means to stalk someone. • Term interchangeably used with online harassment and online abuse. • Generally involves harassing or threatening behavior that an individual engages in repeatedly, such as following a person, appearing at a person’s home or place of business, making harassment phone calls, leaving written messages or objects, or vandalizing a person’s property. Cyber Stalking
Vishing is the criminal practice of using social engineering and Voice over IP (VoIP) to gain access to private personal and financial information from the public for the purpose of financial reward. The term is a combination of “Voice” and phishing. Vishing exploits the public’s trust in landline telephone services. Vishing is typically used to steal credit card numbers or other information used in identity theft schemes from individuals.
Pharming is a cyber attack intended to redirect a website's traffic to another, fake site. Pharming can be conducted either by changing the hosts file on a victim's computer or by exploitation of a vulnerability in DNS server software. DNS servers are computers responsible for resolving Internet names into their real IP addresses. Compromised DNS servers are sometimes referred to as "poisoned".
cyber crime and law regarding everything in this pdf
02 01 03 SPIM Spim is spam sent via instant messaging (IM). The IMs could include spyware, keyloggers, viruses, and links to phishing sites. KEYLOGGERS A keylogger is a form of spyware that records keystrokes as you type. The information you type is then saved to a file that the hacker can access. If you are surfing the web and visiting banking and e-commerce sites, a keylogger can potentially record your account and password information SPYWARE This is software that a hacker surreptitiously installs on your computer to collect personal information, such as which websites you visit. It can also be used to direct you to fake websites, change your settings, and take control of your computer in other ways.
Caller ID spoofing Caller ID spoofing is the practice of causing the telephone network to display a number on the recipient's caller ID display which is not that of the actual originating station. Eg. www.crazycall.net
IP SPOOFING IP spoofing refers to the creation of Internet Protocol (IP) packets with a forged source IP address. Purpose is concealing the identity of the sender or impersonating another computing system. Routers use the destination IP address to forward packets, but ignore the source IP address. The source IP address is used only by the destination machine, when it responds back to the source. Goal is to flood the victim with overwhelming amounts of traffic, and the attacker does not care about receiving responses to the attack packets.
IP SPOOFING Packets with spoofed addresses are thus suitable for such attacks. They have additional advantages for this purpose—they are more difficult to filter since each spoofed packet appears to come from a different address, and they hide the true source of the attack.
IP SPOOFING EXAMPLE A Valid Source IP
IP SPOOFING EXAMPLE A Spoofed Source IP
Software piracy is theft of software through the illegal copying of genuine programs or the counterfeiting and distribution of products intended to pass for the original. Retail revenue losses worldwide are ever increasing due to this crime. This can be done in various ways-  End user copying  Source: http://beebom.com/wp content/uploads/2012/06/software-piracy.gif  Hard disk loading Counterfeiting  Illegal downloads from the internet etc. Software piracy
crime  Internet Relay Chat (IRC) servers have chat rooms in which people from anywhere the world can come together and chat with each other.  Criminals use it for meeting coconspirators.  Hackers use it for discussing their exploits/ sharing the techniques. Pedophiles use chat rooms to allure small children.
• Skimming is the theft of credit card information used in an otherwise legitimate transaction. • The thief can procure a victim's credit card number using basic methods such as photocopying receipts or more advanced methods such as using a small electronic device (skimmer) to swipe and store hundreds of victims’ credit card numbers. • Common scenarios for skimming are restaurants or bars where the skimmer has possession of the victim's credit card out of their immediate view. SKIMMING
Alice Bob Eve I’m Bob! I’m Alice! 1. Eve assumes a man-in-the- middle position through some mechanism. For example, Eve could use router hacking etc... 2. Eve can monitor traffic between Alice and Bob without altering the packets or sequence numbers. 3. At any point, Eve can assume the identity of either Bob or Alice through the Spoofed IP address. This breaks the pseudo connection as Eve will start modifying the sequence numbers Man in the Middle Attack
Website Defacement A website defacement is an attack on a website that changes the visual appearance of the site or a webpage. Hackers break into a web server and replace the hosted website with one of their own.
Sending unwanted commercial e-mail, advertising for products, services, and Web sites. Spam can also be used as a delivery mechanism for malicious software and other cyber threats. SPAMMING How Much Does it Cost to Receive Spam? • Spam uses a large amount of bandwidth. That cost is, of course, passed along to you either as a higher Internet bill or as decreased performance at your ISP. • Second, spam requires the attention of ISPs. They must attempt to filter it, respond to customer complaints regarding spam, and otherwise devote time to spam that could be better spent improving customer service or the technical quality of their ISP. • Finally, probably the most significant cost of spam is the cost to the receiver dealing with it in terms of their time.
Posting your email address on auctions, bulletin boards, chat rooms, or advertising. Businesses might sell your email address or other personal information to a spammer (however, legitimate businesses do not do this). Spammers can use software programs to collect email addresses from web sites.
It is an attempt to make a computer resource unavailable to its intended users. Denial of Service (DoS) Attack • attempts to "flood" a network, thereby preventing legitimate network traffic • attempts to disrupt connections between two machines, thereby preventing access to a service • attempts to prevent a particular individual from accessing a service
• A network of remotely controlled systems used to coordinate attacks and distribute malware, spam, and phishing scams. • Bots (short for “robots”) are programs that are secretly installed on a targeted system allowing an unauthorized user to remotely control the compromised computer for a variety of malicious purposes. Botnets
• Ping of Death attack involved sending IP packets of a size greater than 65,535 bytes to the target computer. • IP packets of this size are illegal, but hackers can bypass this by cleverly sending the packets in fragments. When the fragments are assembled on the receiving computer, the overall packet size is too great. This will cause a buffer overflow and crash the device. PING OF DEATH
Teardrop Attack Teardrop attacks target vulnerability in the way fragmented IP packets are reassembled. In the teardrop attack, the attacker's IP puts a confusing offset value in the second or later fragment. If the receiving operating system does not have a plan for this situation, it can cause the system to crash.
Teardrop Attack
SQL Injection Attacks • Attempts to pass SQL commands (statements) through a web application for execution by the backend database. • Through SQL Injection, the hacker may input specifically crafted SQL commands with the intent of bypassing the login form barrier and seeing what lies behind it.
How to ensure Android Security? Keep your device updated! • The OEM (Original Equipment Manufacturer) of the device usually sends OTA (over-the-air) updates every month or once in two months which fixes the current security patches. Deny Permissions • In Android 6.0 and above, you have the authority to deny permission to apps. • A web app and Android app to locate lost or stolen device. Android Device Manager
500,000 Hacked Zoom Accounts Being Sold on Dark Web April 2020  Unprecedented level of growth in the past month due to coronavirus  The sudden growth has led to several privacy and security concerns surrounding Zoom  More than 500,000 Zoom accounts are being offered for sale on the dark web and hacker forums for 0.0020 cents each, and in some cases accounts are given away for free. As a result, Google, SpaceX, NASA, Standard Chartered, Siemens, all Taiwanese Government Agencies and Australian Defence Force lost trust in the app and banned the use of Zoom App.
Europe’s Largest Private Hospital Operator Fresenius Hit by Ransomware Ranked 258th on the Forbes Global 2000 • The company provides products and services for dialysis, hospitals, and inpatient and outpatient care, with nearly 40 percent of the market share for dialysis in the United States. • This is worrisome because COVID-19 causes many patients to experience kidney failure, which has led to a shortage of dialysis machines and supplies. Apparent culprit - the Snake ransomware, a relatively new strain first detailed earlier this year that is being used to shake down large businesses, holding their IT systems and data hostage in exchange for payment in a digital currency such as bitcoin.
Exposed data of 22 million users Data Breach at Unacademy May 2020 Hackers kept user records for sale at $2,000 • Usernames and hashed passwords • Date of joining, Last login date • Account status • email addresses, first and last names, and other account profile details. Compromised information included
Cybersecurity: Fighting a Threat That Causes Billions of Damage 2014 $800M 2019 $3.5B 2025 (Expected) $27B *Atlas VPN Estimations
India – Ranked #3 among top 20 Cyber Crime Victims (as per FBI Report, 2019) Phishing and similar ploys, personal data breach, romance fraud and spoofing (Most Common Internet Crimes) 27,248 Registered cases of cyber crime 2901 Victims (3rd Most Impacted Country in the World)
& C VID-19 CYBERTHREATS Prolific and opportunistic criminals are taking advantage of the COVID-19 coronavirus pandemic to launch a variety of cyberattacks. Known malware which had been relatively dormant were re-detected since the outbreak began, taking new forms or using COVID-19 to boost their social engineering tactics. These include: Malicious domains : There has been an increase of domains registered with the keywords ‘COVID’ or ‘corona’ , to take advantage of the growing number of people searching for information about COVID-19. Many of these are considered to be developed with malicious intent – as of the end of March, 2,022 malicious and 40,261 high-risk newly registered domains were discovered, according to Palo Alto Networks.
& C VID-19 CYBERTHREATS Data-harvesting malware : Data-harvesting malware such as Remote Access Trojan, info stealers, spyware and banking Trojans infiltrate systems, using COVID-19 related information as a lure to compromise networks, steal data, divert money and build botnets. Online scams and phishing : Cybercriminals are creating fake websites related to COVID- 19 to entice victims into opening malicious attachments or clicking phishing links, resulting in identity impersonation or illegal access to personal accounts. Also, Trend Micro reported that nearly one million spam messages have linked to COVID-19 since January 2020.
& C VID-19 CYBERTHREATS Vulnerability of working from home : Threat actors are exploiting vulnerabilities of systems, networks, and applications used by businesses, governments and schools to support staff who are now working remotely. As the growing number of people relying on online tools overburdens the security measures put in place prior to the virus outbreak, offenders search for more chances of exposure to steal data, make a profit or cause disruption Disruptive malware (ransomware and DDoS): Cybercriminals are deploying disruptive malware like ransomware against critical infrastructure and response institutions such as hospitals and medical centres, which are overwhelmed with the health crisis. Such ransomware or DDoS attacks do not typically aim to steal information, but prevent it from accessing critical data or disrupt the system, exacerbating an already dire situation in the physical world.
EXPECTED FUTURE DEVELOPMENTS Online scams, phishing and BEC will surge due to the economic downturn and shift in business landscape, generating new criminal activities. Threat actors will target individuals’ personal information through the spoofing and exploitation of digital content providers. Governments, businesses and schools will come to rely on online connectivity and virtual communications tools as employees continue to work from home, increasing their vulnerabilities and presenting more opportunities for cybercriminals to exploit. Criminals will take advantage of the underground market to look for ‘cybercrime-as-a-service’ given the ease of access and low cost.
cyber crime and law regarding everything in this pdf
DELHI POLICE GUIDELINES IN THE WAKE OF RAMPANT C VID-19
COMPUTER FORENSICS Branch of digital forensic science pertaining to legal evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the digital information.
Role of computer forensics professional: gather evidence to prove a suspect committed a crime or violated a company policy Investigate the suspect’s computer Preserve the evidence on a different computer Recovering the evidences Analyzing the evidences Collect evidence that can be offered in court or at a corporate inquiry Preparing a Computer Investigation
Preparing a Computer Investigation Cross-drive analysis A forensic technique that correlates information found on multiple hard drives. The process can be used to identify social networks and to perform anomaly detection. Live analysis The examination of computers from within the operating system using custom forensics or existing sysadmin tools to extract evidence. Eg.The logical hard drive volume may be imaged (known as a live acquisition) before the computer is shut down. Deleted files A common technique used in computer forensics is the recovery of deleted files. Modern forensic software have their own tools for recovering or carving out deleted data. Steganography One of the techniques used to hide data is via steganography, the process of hiding data inside of a picture or digital image. Computer forensics professionals can fight this by looking at the hash of the file and comparing it to the original image (if available.) While the image appears exactly the same, the hash changes as the data changes.
Analysis Tools ANALYSIS TOOLS Helix Encase Hashkeeper Wireshark FTK PTK Forensics
cyber crime and law regarding everything in this pdf
AGAINST CYBERCRIME & FOR CYBERSECURITY INDIAN COUNTERMEASURES LAWS, EFFORTS, POLICIES, TECHNOLOGIES
(Existing penal provisions for different cybercrimes )
Sections Relevant in IT Act, 2000 and Amendments Cyber Attacks/Crime Brief Description Cyber Stalking Stealthily following a person, 43, 66 tracking his internet chats. (Compensation and punishment of three years with fine) Intellectual Property Crime Source Code Tampering etc. 43, 65, 66 (Compensation and punishment of three years with fine) Salami Attack Deducting small amounts from an 43, 66 (Theft of data or account without coming in to (Compensation and punishment of manipulating banking account) notice, to make big amount three years) E-Mail Bombing Flooding an E-mail box with 43, 66 innumerable number of E-mails, to (Compensation and punishment of disable to notice important three years) message at times. Phishing Bank Financial Frauds in Electronic 43, 66, 66C Banking (Compensation and punishment of three years with fine) Personal Data Theft Stealing personal data 43, 43A, 72A (Compensation and punishment of three years with fine)
Identity Theft Stealing Cyberspace identity 43 information of individual (Compensation and punishment of three years with fine) Spoofing Stealing Credentials using, friendly 43, 66 and familiar GUI’s (Compensation and punishment of three years with fine) Data Theft Stealing Data Provisions under 43, 43A, 65,66 and 72 (Compensation and punishment of three years with fine) Worms Trojan Horses, Virus Different Hacking mechanisms 43, 66 etc. (Compensation and punishment of three years with fine) Sabotage of Computer Taking control of computer with 43, 66 the help of malware. (Compensation and punishment of three years with fine) DOS, DDOS Demat of Service Flooding a computer with Denial of 43, 66, 66F Service Attacks, DDOS is (Compensation (up to life Distributed DOS attack imprisonment under 66F) Web Defacing Web Pages Defacing 43, 66 (Compensation and punishment of three years with fine) Logic Bomb Attack triggers on an event 43, 66 (Compensation and punishment of three years with fine) ATM fraud/EDI Financial fraud in ATM and e- 43, 66
To strengthen the cybersecurity ecosystem in India, the Indian government has launched following initiatives: • Cyber Surakshit Bharat initiative • Cyber Swachhta Kendra • National Cyber Crime Reporting Portal • National Critical Information Infrastructure Protection Centre
cyber crime and law regarding everything in this pdf
To spread awareness, build capacity as well as enable government departments on steps that need to be taken to create a Cyber Resilient IT setup.
cyber crime and law regarding everything in this pdf
To protect critical information of our country, which has an enormous impact on national security, economic growth, or public healthcare.
cyber crime and law regarding everything in this pdf

More Related Content

Similar to cyber crime and law regarding everything in this pdf

ccs12-18022310494mghmgmyy3 (1).pdf
ccs12-18022310494mghmgmyy3 (1).pdfccs12-18022310494mghmgmyy3 (1).pdf
ccs12-18022310494mghmgmyy3 (1).pdf
KALPITKALPIT1
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
Md Nishad
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber security
jyoti_lakhani
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
infantemiliya
 
cyber crime.pptx
cyber crime.pptxcyber crime.pptx
cyber crime.pptx
OmprakashRaut
 
Cyber Crime and Security ppt by Neeraj Ahirwar
Cyber Crime and Security ppt by Neeraj AhirwarCyber Crime and Security ppt by Neeraj Ahirwar
Cyber Crime and Security ppt by Neeraj Ahirwar
Neeraj Ahirwar
 
Cyber crime and forensic
Cyber crime and forensicCyber crime and forensic
Cyber crime and forensic
SANTANU KUMAR DAS
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime ppt
Ritesh Thakur
 
cybersecurityawareness-presentation-170627121043.pdf
cybersecurityawareness-presentation-170627121043.pdfcybersecurityawareness-presentation-170627121043.pdf
cybersecurityawareness-presentation-170627121043.pdf
ssuserd25aae
 
Cyber security awareness presentation
Cyber security awareness presentationCyber security awareness presentation
Cyber security awareness presentation
Ashokkumar Gnanasekar
 
English in written
English in writtenEnglish in written
English in written
azhar manap
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Sanket Gogoi
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & Forensics
Harshita Ved
 
Chapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxChapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptx
PrinceKumar851167
 
Cyber crime & security final tapan
Cyber crime & security final tapanCyber crime & security final tapan
Cyber crime & security final tapan
Tapan Khilar
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
JamshidRaqi
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorism
Accenture
 
cyber terrorism
cyber terrorism cyber terrorism
cyber terrorism
Accenture
 
E0334035040
E0334035040E0334035040
E0334035040
theijes
 
Cyber Security Awareness at Dadar April 25, 2010
Cyber Security Awareness at Dadar April 25, 2010Cyber Security Awareness at Dadar April 25, 2010
Cyber Security Awareness at Dadar April 25, 2010
Vicky Shah
 

Similar to cyber crime and law regarding everything in this pdf (20)

ccs12-18022310494mghmgmyy3 (1).pdf
ccs12-18022310494mghmgmyy3 (1).pdfccs12-18022310494mghmgmyy3 (1).pdf
ccs12-18022310494mghmgmyy3 (1).pdf
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber security
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
cyber crime.pptx
cyber crime.pptxcyber crime.pptx
cyber crime.pptx
 
Cyber Crime and Security ppt by Neeraj Ahirwar
Cyber Crime and Security ppt by Neeraj AhirwarCyber Crime and Security ppt by Neeraj Ahirwar
Cyber Crime and Security ppt by Neeraj Ahirwar
 
Cyber crime and forensic
Cyber crime and forensicCyber crime and forensic
Cyber crime and forensic
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime ppt
 
cybersecurityawareness-presentation-170627121043.pdf
cybersecurityawareness-presentation-170627121043.pdfcybersecurityawareness-presentation-170627121043.pdf
cybersecurityawareness-presentation-170627121043.pdf
 
Cyber security awareness presentation
Cyber security awareness presentationCyber security awareness presentation
Cyber security awareness presentation
 
English in written
English in writtenEnglish in written
English in written
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & Forensics
 
Chapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxChapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptx
 
Cyber crime & security final tapan
Cyber crime & security final tapanCyber crime & security final tapan
Cyber crime & security final tapan
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorism
 
cyber terrorism
cyber terrorism cyber terrorism
cyber terrorism
 
E0334035040
E0334035040E0334035040
E0334035040
 
Cyber Security Awareness at Dadar April 25, 2010
Cyber Security Awareness at Dadar April 25, 2010Cyber Security Awareness at Dadar April 25, 2010
Cyber Security Awareness at Dadar April 25, 2010
 

Recently uploaded

Body Corporates Beware: Defamation in Sectional Title Schemes
Body Corporates Beware: Defamation in Sectional Title SchemesBody Corporates Beware: Defamation in Sectional Title Schemes
Body Corporates Beware: Defamation in Sectional Title Schemes
Ashwini Singh
 
Ethics in the Paralegal Industry and Practice
Ethics in the Paralegal Industry and PracticeEthics in the Paralegal Industry and Practice
Ethics in the Paralegal Industry and Practice
Najmul Hussain
 
Describing what happens in a law firm and criminal justice
Describing what happens in a law firm and criminal justiceDescribing what happens in a law firm and criminal justice
Describing what happens in a law firm and criminal justice
muunganiakimathi09
 
Basic Principles of Taxation Law and Provisions.
Basic Principles of Taxation Law and Provisions.Basic Principles of Taxation Law and Provisions.
Basic Principles of Taxation Law and Provisions.
VenkateshGaikwad2
 
Why Degree Certificate Attestation is Crucial for Immigration Processes.pdf
Why Degree Certificate Attestation is Crucial for Immigration Processes.pdfWhy Degree Certificate Attestation is Crucial for Immigration Processes.pdf
Why Degree Certificate Attestation is Crucial for Immigration Processes.pdf
andrewabshire123
 
Juvenile Justice and Welfare Act of 2006.pptx
Juvenile Justice and Welfare Act of 2006.pptxJuvenile Justice and Welfare Act of 2006.pptx
Juvenile Justice and Welfare Act of 2006.pptx
PearlynMae
 
Principles of legislation and Interpretation of statutes
Principles of legislation and Interpretation of statutesPrinciples of legislation and Interpretation of statutes
Principles of legislation and Interpretation of statutes
shobhna jeet
 
Bharathiya Sakshya Adhiniyam BSA 2024.pptx
Bharathiya Sakshya Adhiniyam BSA 2024.pptxBharathiya Sakshya Adhiniyam BSA 2024.pptx
Bharathiya Sakshya Adhiniyam BSA 2024.pptx
SravanKumar329296
 
PROFESSIONAL ETHICS in the world of law.pptx
PROFESSIONAL ETHICS in the world of law.pptxPROFESSIONAL ETHICS in the world of law.pptx
PROFESSIONAL ETHICS in the world of law.pptx
HumayuRehman1
 
Ending-Violence-Against-Women-and-Girls-Green-Paper.pdf
Ending-Violence-Against-Women-and-Girls-Green-Paper.pdfEnding-Violence-Against-Women-and-Girls-Green-Paper.pdf
Ending-Violence-Against-Women-and-Girls-Green-Paper.pdf
Henry Tapper
 
final Jurisprudence.pptx It is totally about lawa
final Jurisprudence.pptx It is totally about lawafinal Jurisprudence.pptx It is totally about lawa
final Jurisprudence.pptx It is totally about lawa
RamkrishnaKushwaha2
 
UILA - Red Cross Webinar Series - Criminal Law - ENG.pptx
UILA - Red Cross Webinar Series - Criminal Law - ENG.pptxUILA - Red Cross Webinar Series - Criminal Law - ENG.pptx
UILA - Red Cross Webinar Series - Criminal Law - ENG.pptx
irishredcross1
 
Union Budget 2024 presented by Nirmala Sitharaman – LIVE.pdf
Union Budget 2024 presented by Nirmala Sitharaman – LIVE.pdfUnion Budget 2024 presented by Nirmala Sitharaman – LIVE.pdf
Union Budget 2024 presented by Nirmala Sitharaman – LIVE.pdf
TheBharatWeekly
 
HISTORICAL EVOLUTION OF ADMINISTRATIVE LAW IN INDIA (1).pptx
HISTORICAL EVOLUTION OF ADMINISTRATIVE LAW IN INDIA (1).pptxHISTORICAL EVOLUTION OF ADMINISTRATIVE LAW IN INDIA (1).pptx
HISTORICAL EVOLUTION OF ADMINISTRATIVE LAW IN INDIA (1).pptx
ManishKumar332846
 
Doctrine of Election - Property Law.pptx
Doctrine of Election - Property Law.pptxDoctrine of Election - Property Law.pptx
Doctrine of Election - Property Law.pptx
RanjanSatapathy1
 
hames_ch01_lecture business law course ppt
hames_ch01_lecture business law course ppthames_ch01_lecture business law course ppt
hames_ch01_lecture business law course ppt
YonathanWilion1
 
TORT and CRIME A COMPARISON FOR LEGAL STUDIES.pptx
TORT and CRIME A COMPARISON FOR LEGAL STUDIES.pptxTORT and CRIME A COMPARISON FOR LEGAL STUDIES.pptx
TORT and CRIME A COMPARISON FOR LEGAL STUDIES.pptx
Dr. Kannan Kunnathully
 
'When The House of Justice Is Deaf, Mute, And Blind'
'When The House of Justice Is Deaf, Mute, And Blind''When The House of Justice Is Deaf, Mute, And Blind'
'When The House of Justice Is Deaf, Mute, And Blind'
Christopher Cross, M.A., C.M.A., D.S.P. (ret.)
 
FIDIC Webinar_201503181_SEKAJM_FINAL.pdf
FIDIC Webinar_201503181_SEKAJM_FINAL.pdfFIDIC Webinar_201503181_SEKAJM_FINAL.pdf
FIDIC Webinar_201503181_SEKAJM_FINAL.pdf
AhmedIbraheem33
 
The Russian Spy Embedded in the World of Embedded Finance
The Russian Spy Embedded in the World of Embedded FinanceThe Russian Spy Embedded in the World of Embedded Finance
The Russian Spy Embedded in the World of Embedded Finance
Vladislav Solodkiy
 

Recently uploaded (20)

Body Corporates Beware: Defamation in Sectional Title Schemes
Body Corporates Beware: Defamation in Sectional Title SchemesBody Corporates Beware: Defamation in Sectional Title Schemes
Body Corporates Beware: Defamation in Sectional Title Schemes
 
Ethics in the Paralegal Industry and Practice
Ethics in the Paralegal Industry and PracticeEthics in the Paralegal Industry and Practice
Ethics in the Paralegal Industry and Practice
 
Describing what happens in a law firm and criminal justice
Describing what happens in a law firm and criminal justiceDescribing what happens in a law firm and criminal justice
Describing what happens in a law firm and criminal justice
 
Basic Principles of Taxation Law and Provisions.
Basic Principles of Taxation Law and Provisions.Basic Principles of Taxation Law and Provisions.
Basic Principles of Taxation Law and Provisions.
 
Why Degree Certificate Attestation is Crucial for Immigration Processes.pdf
Why Degree Certificate Attestation is Crucial for Immigration Processes.pdfWhy Degree Certificate Attestation is Crucial for Immigration Processes.pdf
Why Degree Certificate Attestation is Crucial for Immigration Processes.pdf
 
Juvenile Justice and Welfare Act of 2006.pptx
Juvenile Justice and Welfare Act of 2006.pptxJuvenile Justice and Welfare Act of 2006.pptx
Juvenile Justice and Welfare Act of 2006.pptx
 
Principles of legislation and Interpretation of statutes
Principles of legislation and Interpretation of statutesPrinciples of legislation and Interpretation of statutes
Principles of legislation and Interpretation of statutes
 
Bharathiya Sakshya Adhiniyam BSA 2024.pptx
Bharathiya Sakshya Adhiniyam BSA 2024.pptxBharathiya Sakshya Adhiniyam BSA 2024.pptx
Bharathiya Sakshya Adhiniyam BSA 2024.pptx
 
PROFESSIONAL ETHICS in the world of law.pptx
PROFESSIONAL ETHICS in the world of law.pptxPROFESSIONAL ETHICS in the world of law.pptx
PROFESSIONAL ETHICS in the world of law.pptx
 
Ending-Violence-Against-Women-and-Girls-Green-Paper.pdf
Ending-Violence-Against-Women-and-Girls-Green-Paper.pdfEnding-Violence-Against-Women-and-Girls-Green-Paper.pdf
Ending-Violence-Against-Women-and-Girls-Green-Paper.pdf
 
final Jurisprudence.pptx It is totally about lawa
final Jurisprudence.pptx It is totally about lawafinal Jurisprudence.pptx It is totally about lawa
final Jurisprudence.pptx It is totally about lawa
 
UILA - Red Cross Webinar Series - Criminal Law - ENG.pptx
UILA - Red Cross Webinar Series - Criminal Law - ENG.pptxUILA - Red Cross Webinar Series - Criminal Law - ENG.pptx
UILA - Red Cross Webinar Series - Criminal Law - ENG.pptx
 
Union Budget 2024 presented by Nirmala Sitharaman – LIVE.pdf
Union Budget 2024 presented by Nirmala Sitharaman – LIVE.pdfUnion Budget 2024 presented by Nirmala Sitharaman – LIVE.pdf
Union Budget 2024 presented by Nirmala Sitharaman – LIVE.pdf
 
HISTORICAL EVOLUTION OF ADMINISTRATIVE LAW IN INDIA (1).pptx
HISTORICAL EVOLUTION OF ADMINISTRATIVE LAW IN INDIA (1).pptxHISTORICAL EVOLUTION OF ADMINISTRATIVE LAW IN INDIA (1).pptx
HISTORICAL EVOLUTION OF ADMINISTRATIVE LAW IN INDIA (1).pptx
 
Doctrine of Election - Property Law.pptx
Doctrine of Election - Property Law.pptxDoctrine of Election - Property Law.pptx
Doctrine of Election - Property Law.pptx
 
hames_ch01_lecture business law course ppt
hames_ch01_lecture business law course ppthames_ch01_lecture business law course ppt
hames_ch01_lecture business law course ppt
 
TORT and CRIME A COMPARISON FOR LEGAL STUDIES.pptx
TORT and CRIME A COMPARISON FOR LEGAL STUDIES.pptxTORT and CRIME A COMPARISON FOR LEGAL STUDIES.pptx
TORT and CRIME A COMPARISON FOR LEGAL STUDIES.pptx
 
'When The House of Justice Is Deaf, Mute, And Blind'
'When The House of Justice Is Deaf, Mute, And Blind''When The House of Justice Is Deaf, Mute, And Blind'
'When The House of Justice Is Deaf, Mute, And Blind'
 
FIDIC Webinar_201503181_SEKAJM_FINAL.pdf
FIDIC Webinar_201503181_SEKAJM_FINAL.pdfFIDIC Webinar_201503181_SEKAJM_FINAL.pdf
FIDIC Webinar_201503181_SEKAJM_FINAL.pdf
 
The Russian Spy Embedded in the World of Embedded Finance
The Russian Spy Embedded in the World of Embedded FinanceThe Russian Spy Embedded in the World of Embedded Finance
The Russian Spy Embedded in the World of Embedded Finance
 

cyber crime and law regarding everything in this pdf

  • 1. WORLDWIDE 4.2 BILLION PEOPLE USE THE INTERNET ACTIVELY ESTIMATED 7% INCREASE IN THE INTERNET USERS IN THE LAST YEAR ALONE Source: International Telecommunications Union
  • 2. The number of Internet users is growing So….. CYBER CRIME is bound to RISE………..
  • 3. yber rime A generic term that refers to all criminal activities done using the medium of computers, the Internet, cyber space and the worldwide web. It is very difficult to classify crimes in general into distinct groups as many crimes evolve on a daily basis. CYBER SECURITY Protecting information, equipment, devices computer, computer resource, communication device and information stored therein from unauthorized access, use, disclosure, disruption, modification or destruction.
  • 5. HISTORY OF CYBER CRIME – FROM 1820 TO PRESENT 1820 1978 Employees committed acts of sabotage to discourage a textile manufacturer from further use of the new technology which allowed the repetition of a series of steps in the weaving of special fabrics . First Spam Email sent over the Arpanet
  • 6. 1997 Malicious Code, Trojan, Advanced Worms 1982 First Virus installed on Apple Computer 2004 Identity Theft, Phishing
  • 7. 2010 Social Engineering, DoS, Ransomware 2007 DNS Attacks, Rise of Botnets, SQL attacks, Anti Spam sites 2013 Keyloggers, Phone Hijacking, Cyber Warfare, Android Hacks
  • 8. 2015 Child Pornography, Cyber Terrorism Present Data Breaches, IoT Attacks, Cryptojacking
  • 9. Indian Penal Code (IPC) Special and Local Laws (SLL) THE IT ACT REGISTRATION OF CYBER CRIME CASES IN INDIA Cyber Crime in India
  • 10. Cases Registered under the IT ACT Tampering computer source documents (Section 65 IT Act) Loss /damage to computer resource/utility (Section 66 (1) IT Act) Hacking (Section 66 (2) IT Act) Obscene publication/transmission in electronic form (Section 67 IT Act) Failure of compliance/orders of Certifying Authority (Section 68 I T Act) Failure to assist in decrypting the information intercepted by Govt Agency (Section 69 IT Act) Un-authorised access/attempt to access to protected computer system (Section 70 IT Act) Obtaining licence or Digital Signature Certificate by misrepresentation / suppression of fact (Section 71 IT Act) Publishing false Digital Signature Certificate (Section 73 IT Act) Fraud Digital Signature Certificate (Section 74 IT Act) Breach of confidentiality/privacy (Section 72 IT Act) Others
  • 11. Cases Registered under the IPC  Offences by/against Public Servant (Section 167, 172, 173, 175 IPC)  False electronic evidence (Section 193 IPC)  Destruction of electronic evidence (Section 204, 477 IPC)  Forgery (Section 463, 465, 466, 468, 469, 471, 474, 476, 477A IPC)  Criminal Breach of Trust (Section 405, 406, 408, 409 IPC)  Counterfeiting Property Mark (Section 482, 183, 483, 484, 485 IPC)  Tampering (Section 489 IPC)  Counterfeiting Currency / Stamps (Section 489A to 489E IPC)
  • 13. CYBER CRIMES RECORDED IN 2018 KARNATAKA The states of Andhra Pradesh (1207) and Telangana(1205) along with Rajasthan(1104) are among the other states which have recorded a high number of cyber-crime cases.
  • 14. 6688 3076 2751 2704 Identity Theft Distribution of Sexually Explicit Content Offences other than Ransomware under Sec 66 Cheating by Personation MOST COMMON CYBER CRIMES (INDIA - 2018)
  • 15. • Cheating, Fraud, Cyber Stalking form a majority of cyber-crimes booked under IPC. • 39% of the cases booked under various section of IPC related to ‘Fraud(under section 420, 465, 468- 471)’ i.e. 3,353 cases across all the states and UTs. • Of these, a major portion are related to ATM related frauds with 1284 cases. Bihar, Maharashtra and Odisha are among the states with the highest number of ATM related frauds. ATMs Cases booked under various section of IPC related to ‘Fraud(under section 420, 465, 468-471)’ 309 1284 319 968 Credit/Debit Card Online Banking Fraud OTP
  • 16. 15051 S E X U A L E X P L O I T A T I O N 2030 1212 1050 C A U S I N G D I S R E P U T E E X T O R T I O N FRAUD CYBER CRIMES CASES BY MOTIVE (INDIA - 2018)
  • 17. HACKING DENIAL OF SERVICE ATTACK TROJANS, WORMS & VIRUSES SOFTWARE PIRACY PORNOGRAPHY CREDIT CARD FRAUD SPAMMING PHISHING SPOOFING CYBER STALKING CYBER DEFAMATION SALAMI ATTACK DATA THEFT IDENTITY THEFT EMAIL SPOOFING TYPES OF CYBER CRIME
  • 18. Variants of Cyber Crime acking A crime which entails cracking systems and gaining unauthorized access to the data stored in them. yber Squatting Act of registering a famous Domain Name and then selling it for a fortune. This is an issue that has not been tackled in IT ACT 2000.
  • 19. Hacked Twitter handles of Rahul Gandhi, Vijay Mallya and the latest Barkha Dutt and Ravish Kumar for NDTV.  They had tweeted a link to a partial data dump of about 1.2 GB emails of Barkha Dutt.  The group claims it has a bypass for Twitter two-factor authentication to get access to Twitter accounts.  Also bragged about having access to servers like Apollo Hospitals, but the group was unsure about releasing data from those servers.  LEGION HACKERS
  • 20. Prevention Against Hacking  Perform required software updates  Install a firewall on your computer  Change your passwords every month  Purchase or download antivirus software  Monitor network traffic  Restrict software installation  Use strong passwords  Do not share professional information on social networks
  • 21. DATA THEFT Data Theft is a growing problem, primarily perpetrated by office workers with access to technology such as desktop computers and hand-held devices, capable of storing digital information such as flash drives, iPods and even digital cameras. According to Information Technology (Amendment) Act, 2008, crime of data theft under Section 43 (b) is stated as - If any person without permission of the owner or any other person, who is in charge of a computer, computer system of computer network - downloads, copies or extracts any data, computer data base or information from such computer or computer network including information or data held or stored in any removable storage medium, then it is data theft.
  • 22. Anonymous India claims that Reliance Jio is sending this data to companies in the US and Singapore and has also listed a step-by-step guide for anyone to verify this themselves. My Jio and Jio Dialer apps send this information to an ad network called Mad-Me. Reliance Jio Still Sharing Your Call Information With Foreign Countries - Anonymous India
  • 23. VIRUS WHAT IT IS? A computer virus is a malware program that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or the boot sector of the hard drive; when this replication succeeds, the affected areas are then said to be "infected". TYPES Resident vs Non-resident Virus Macro Viruses Boot-sector Viruses
  • 24. IDENTITY THEFT Identity theft is a form of fraud or cheating of another person’s identity in which someone pretends to be someone else by assuming that person’s identity, typically in order to access resources other benefits in that person’s name. Information Technology (Amendment) Act, 2008, crime of identity theft under Section 66-C, whoever, fraudulently or dishonestly make use of the electronic signature, password or any other unique identification feature of any other person known as identity theft. Ways to steal identity: Data Breaching, Unsafe social media usage, Email hacks According to the Norton report, • Every four of 10 Indians have experienced identity theft • 61% of participants feel they are protected against identify theft, but 63% didn't know what to do after it.
  • 25. Indian Banking: Biggest data security Breach • About 32 lakh ATM cards were hit by cyber attack in October 2016. • ATM cards of the customers were blocked en-masse to avert financial damage, but it raises serious concerns over safety of online banking in India. Who is Responsible In Case of a Banking Fraud? “If anybody loses money online the end users are liable for the loss not the banks, unless the user proves to the bank that the fraud was ‘not’ a result of negligence. Negligence means a user’s system had malicious programme that stole credentials or the user logged into an unsafe system. These things are extremely difficult to prove. So, ultimately it becomes a user problem. The banks do not take responsibility. ” Yash KS, Software Architect Qualys in an interview
  • 26. • Phishing is just one of the many frauds on the Internet trying to fool people into parting with their money. • Phishing refers to the receipt of unsolicited emails by customers of financial institutions, requesting them to enter their username, password or other personal information to access their account for some reason. • The fraudster then has access to the customer’s online bank account and to the funds contained in that account.
  • 27. Phishing involves fraudulently acquiring sensitive information (e.g. passwords, credit card details etc) by masquerading as a trusted entity.
  • 30. Spear phishing Phishing attempts directed at specific individuals or companies
  • 31. • Use of the Internet or other electronic means to stalk someone. • Term interchangeably used with online harassment and online abuse. • Generally involves harassing or threatening behavior that an individual engages in repeatedly, such as following a person, appearing at a person’s home or place of business, making harassment phone calls, leaving written messages or objects, or vandalizing a person’s property. Cyber Stalking
  • 32. Vishing is the criminal practice of using social engineering and Voice over IP (VoIP) to gain access to private personal and financial information from the public for the purpose of financial reward. The term is a combination of “Voice” and phishing. Vishing exploits the public’s trust in landline telephone services. Vishing is typically used to steal credit card numbers or other information used in identity theft schemes from individuals.
  • 33. Pharming is a cyber attack intended to redirect a website's traffic to another, fake site. Pharming can be conducted either by changing the hosts file on a victim's computer or by exploitation of a vulnerability in DNS server software. DNS servers are computers responsible for resolving Internet names into their real IP addresses. Compromised DNS servers are sometimes referred to as "poisoned".
  • 35. 02 01 03 SPIM Spim is spam sent via instant messaging (IM). The IMs could include spyware, keyloggers, viruses, and links to phishing sites. KEYLOGGERS A keylogger is a form of spyware that records keystrokes as you type. The information you type is then saved to a file that the hacker can access. If you are surfing the web and visiting banking and e-commerce sites, a keylogger can potentially record your account and password information SPYWARE This is software that a hacker surreptitiously installs on your computer to collect personal information, such as which websites you visit. It can also be used to direct you to fake websites, change your settings, and take control of your computer in other ways.
  • 36. Caller ID spoofing Caller ID spoofing is the practice of causing the telephone network to display a number on the recipient's caller ID display which is not that of the actual originating station. Eg. www.crazycall.net
  • 37. IP SPOOFING IP spoofing refers to the creation of Internet Protocol (IP) packets with a forged source IP address. Purpose is concealing the identity of the sender or impersonating another computing system. Routers use the destination IP address to forward packets, but ignore the source IP address. The source IP address is used only by the destination machine, when it responds back to the source. Goal is to flood the victim with overwhelming amounts of traffic, and the attacker does not care about receiving responses to the attack packets.
  • 38. IP SPOOFING Packets with spoofed addresses are thus suitable for such attacks. They have additional advantages for this purpose—they are more difficult to filter since each spoofed packet appears to come from a different address, and they hide the true source of the attack.
  • 41. Software piracy is theft of software through the illegal copying of genuine programs or the counterfeiting and distribution of products intended to pass for the original. Retail revenue losses worldwide are ever increasing due to this crime. This can be done in various ways-  End user copying  Source: http://beebom.com/wp content/uploads/2012/06/software-piracy.gif  Hard disk loading Counterfeiting  Illegal downloads from the internet etc. Software piracy
  • 42. crime  Internet Relay Chat (IRC) servers have chat rooms in which people from anywhere the world can come together and chat with each other.  Criminals use it for meeting coconspirators.  Hackers use it for discussing their exploits/ sharing the techniques. Pedophiles use chat rooms to allure small children.
  • 43. • Skimming is the theft of credit card information used in an otherwise legitimate transaction. • The thief can procure a victim's credit card number using basic methods such as photocopying receipts or more advanced methods such as using a small electronic device (skimmer) to swipe and store hundreds of victims’ credit card numbers. • Common scenarios for skimming are restaurants or bars where the skimmer has possession of the victim's credit card out of their immediate view. SKIMMING
  • 44. Alice Bob Eve I’m Bob! I’m Alice! 1. Eve assumes a man-in-the- middle position through some mechanism. For example, Eve could use router hacking etc... 2. Eve can monitor traffic between Alice and Bob without altering the packets or sequence numbers. 3. At any point, Eve can assume the identity of either Bob or Alice through the Spoofed IP address. This breaks the pseudo connection as Eve will start modifying the sequence numbers Man in the Middle Attack
  • 45. Website Defacement A website defacement is an attack on a website that changes the visual appearance of the site or a webpage. Hackers break into a web server and replace the hosted website with one of their own.
  • 46. Sending unwanted commercial e-mail, advertising for products, services, and Web sites. Spam can also be used as a delivery mechanism for malicious software and other cyber threats. SPAMMING How Much Does it Cost to Receive Spam? • Spam uses a large amount of bandwidth. That cost is, of course, passed along to you either as a higher Internet bill or as decreased performance at your ISP. • Second, spam requires the attention of ISPs. They must attempt to filter it, respond to customer complaints regarding spam, and otherwise devote time to spam that could be better spent improving customer service or the technical quality of their ISP. • Finally, probably the most significant cost of spam is the cost to the receiver dealing with it in terms of their time.
  • 47. Posting your email address on auctions, bulletin boards, chat rooms, or advertising. Businesses might sell your email address or other personal information to a spammer (however, legitimate businesses do not do this). Spammers can use software programs to collect email addresses from web sites.
  • 48. It is an attempt to make a computer resource unavailable to its intended users. Denial of Service (DoS) Attack • attempts to "flood" a network, thereby preventing legitimate network traffic • attempts to disrupt connections between two machines, thereby preventing access to a service • attempts to prevent a particular individual from accessing a service
  • 49. • A network of remotely controlled systems used to coordinate attacks and distribute malware, spam, and phishing scams. • Bots (short for “robots”) are programs that are secretly installed on a targeted system allowing an unauthorized user to remotely control the compromised computer for a variety of malicious purposes. Botnets
  • 50. • Ping of Death attack involved sending IP packets of a size greater than 65,535 bytes to the target computer. • IP packets of this size are illegal, but hackers can bypass this by cleverly sending the packets in fragments. When the fragments are assembled on the receiving computer, the overall packet size is too great. This will cause a buffer overflow and crash the device. PING OF DEATH
  • 51. Teardrop Attack Teardrop attacks target vulnerability in the way fragmented IP packets are reassembled. In the teardrop attack, the attacker's IP puts a confusing offset value in the second or later fragment. If the receiving operating system does not have a plan for this situation, it can cause the system to crash.
  • 53. SQL Injection Attacks • Attempts to pass SQL commands (statements) through a web application for execution by the backend database. • Through SQL Injection, the hacker may input specifically crafted SQL commands with the intent of bypassing the login form barrier and seeing what lies behind it.
  • 54. How to ensure Android Security? Keep your device updated! • The OEM (Original Equipment Manufacturer) of the device usually sends OTA (over-the-air) updates every month or once in two months which fixes the current security patches. Deny Permissions • In Android 6.0 and above, you have the authority to deny permission to apps. • A web app and Android app to locate lost or stolen device. Android Device Manager
  • 55. 500,000 Hacked Zoom Accounts Being Sold on Dark Web April 2020  Unprecedented level of growth in the past month due to coronavirus  The sudden growth has led to several privacy and security concerns surrounding Zoom  More than 500,000 Zoom accounts are being offered for sale on the dark web and hacker forums for 0.0020 cents each, and in some cases accounts are given away for free. As a result, Google, SpaceX, NASA, Standard Chartered, Siemens, all Taiwanese Government Agencies and Australian Defence Force lost trust in the app and banned the use of Zoom App.
  • 56. Europe’s Largest Private Hospital Operator Fresenius Hit by Ransomware Ranked 258th on the Forbes Global 2000 • The company provides products and services for dialysis, hospitals, and inpatient and outpatient care, with nearly 40 percent of the market share for dialysis in the United States. • This is worrisome because COVID-19 causes many patients to experience kidney failure, which has led to a shortage of dialysis machines and supplies. Apparent culprit - the Snake ransomware, a relatively new strain first detailed earlier this year that is being used to shake down large businesses, holding their IT systems and data hostage in exchange for payment in a digital currency such as bitcoin.
  • 57. Exposed data of 22 million users Data Breach at Unacademy May 2020 Hackers kept user records for sale at $2,000 • Usernames and hashed passwords • Date of joining, Last login date • Account status • email addresses, first and last names, and other account profile details. Compromised information included
  • 58. Cybersecurity: Fighting a Threat That Causes Billions of Damage 2014 $800M 2019 $3.5B 2025 (Expected) $27B *Atlas VPN Estimations
  • 59. India – Ranked #3 among top 20 Cyber Crime Victims (as per FBI Report, 2019) Phishing and similar ploys, personal data breach, romance fraud and spoofing (Most Common Internet Crimes) 27,248 Registered cases of cyber crime 2901 Victims (3rd Most Impacted Country in the World)
  • 60. & C VID-19 CYBERTHREATS Prolific and opportunistic criminals are taking advantage of the COVID-19 coronavirus pandemic to launch a variety of cyberattacks. Known malware which had been relatively dormant were re-detected since the outbreak began, taking new forms or using COVID-19 to boost their social engineering tactics. These include: Malicious domains : There has been an increase of domains registered with the keywords ‘COVID’ or ‘corona’ , to take advantage of the growing number of people searching for information about COVID-19. Many of these are considered to be developed with malicious intent – as of the end of March, 2,022 malicious and 40,261 high-risk newly registered domains were discovered, according to Palo Alto Networks.
  • 61. & C VID-19 CYBERTHREATS Data-harvesting malware : Data-harvesting malware such as Remote Access Trojan, info stealers, spyware and banking Trojans infiltrate systems, using COVID-19 related information as a lure to compromise networks, steal data, divert money and build botnets. Online scams and phishing : Cybercriminals are creating fake websites related to COVID- 19 to entice victims into opening malicious attachments or clicking phishing links, resulting in identity impersonation or illegal access to personal accounts. Also, Trend Micro reported that nearly one million spam messages have linked to COVID-19 since January 2020.
  • 62. & C VID-19 CYBERTHREATS Vulnerability of working from home : Threat actors are exploiting vulnerabilities of systems, networks, and applications used by businesses, governments and schools to support staff who are now working remotely. As the growing number of people relying on online tools overburdens the security measures put in place prior to the virus outbreak, offenders search for more chances of exposure to steal data, make a profit or cause disruption Disruptive malware (ransomware and DDoS): Cybercriminals are deploying disruptive malware like ransomware against critical infrastructure and response institutions such as hospitals and medical centres, which are overwhelmed with the health crisis. Such ransomware or DDoS attacks do not typically aim to steal information, but prevent it from accessing critical data or disrupt the system, exacerbating an already dire situation in the physical world.
  • 63. EXPECTED FUTURE DEVELOPMENTS Online scams, phishing and BEC will surge due to the economic downturn and shift in business landscape, generating new criminal activities. Threat actors will target individuals’ personal information through the spoofing and exploitation of digital content providers. Governments, businesses and schools will come to rely on online connectivity and virtual communications tools as employees continue to work from home, increasing their vulnerabilities and presenting more opportunities for cybercriminals to exploit. Criminals will take advantage of the underground market to look for ‘cybercrime-as-a-service’ given the ease of access and low cost.
  • 65. DELHI POLICE GUIDELINES IN THE WAKE OF RAMPANT C VID-19
  • 66. COMPUTER FORENSICS Branch of digital forensic science pertaining to legal evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the digital information.
  • 67. Role of computer forensics professional: gather evidence to prove a suspect committed a crime or violated a company policy Investigate the suspect’s computer Preserve the evidence on a different computer Recovering the evidences Analyzing the evidences Collect evidence that can be offered in court or at a corporate inquiry Preparing a Computer Investigation
  • 68. Preparing a Computer Investigation Cross-drive analysis A forensic technique that correlates information found on multiple hard drives. The process can be used to identify social networks and to perform anomaly detection. Live analysis The examination of computers from within the operating system using custom forensics or existing sysadmin tools to extract evidence. Eg.The logical hard drive volume may be imaged (known as a live acquisition) before the computer is shut down. Deleted files A common technique used in computer forensics is the recovery of deleted files. Modern forensic software have their own tools for recovering or carving out deleted data. Steganography One of the techniques used to hide data is via steganography, the process of hiding data inside of a picture or digital image. Computer forensics professionals can fight this by looking at the hash of the file and comparing it to the original image (if available.) While the image appears exactly the same, the hash changes as the data changes.
  • 71. AGAINST CYBERCRIME & FOR CYBERSECURITY INDIAN COUNTERMEASURES LAWS, EFFORTS, POLICIES, TECHNOLOGIES
  • 72. (Existing penal provisions for different cybercrimes )
  • 73. Sections Relevant in IT Act, 2000 and Amendments Cyber Attacks/Crime Brief Description Cyber Stalking Stealthily following a person, 43, 66 tracking his internet chats. (Compensation and punishment of three years with fine) Intellectual Property Crime Source Code Tampering etc. 43, 65, 66 (Compensation and punishment of three years with fine) Salami Attack Deducting small amounts from an 43, 66 (Theft of data or account without coming in to (Compensation and punishment of manipulating banking account) notice, to make big amount three years) E-Mail Bombing Flooding an E-mail box with 43, 66 innumerable number of E-mails, to (Compensation and punishment of disable to notice important three years) message at times. Phishing Bank Financial Frauds in Electronic 43, 66, 66C Banking (Compensation and punishment of three years with fine) Personal Data Theft Stealing personal data 43, 43A, 72A (Compensation and punishment of three years with fine)
  • 74. Identity Theft Stealing Cyberspace identity 43 information of individual (Compensation and punishment of three years with fine) Spoofing Stealing Credentials using, friendly 43, 66 and familiar GUI’s (Compensation and punishment of three years with fine) Data Theft Stealing Data Provisions under 43, 43A, 65,66 and 72 (Compensation and punishment of three years with fine) Worms Trojan Horses, Virus Different Hacking mechanisms 43, 66 etc. (Compensation and punishment of three years with fine) Sabotage of Computer Taking control of computer with 43, 66 the help of malware. (Compensation and punishment of three years with fine) DOS, DDOS Demat of Service Flooding a computer with Denial of 43, 66, 66F Service Attacks, DDOS is (Compensation (up to life Distributed DOS attack imprisonment under 66F) Web Defacing Web Pages Defacing 43, 66 (Compensation and punishment of three years with fine) Logic Bomb Attack triggers on an event 43, 66 (Compensation and punishment of three years with fine) ATM fraud/EDI Financial fraud in ATM and e- 43, 66
  • 75. To strengthen the cybersecurity ecosystem in India, the Indian government has launched following initiatives: • Cyber Surakshit Bharat initiative • Cyber Swachhta Kendra • National Cyber Crime Reporting Portal • National Critical Information Infrastructure Protection Centre
  • 77. To spread awareness, build capacity as well as enable government departments on steps that need to be taken to create a Cyber Resilient IT setup.
  • 79. To protect critical information of our country, which has an enormous impact on national security, economic growth, or public healthcare.