CYBER LAW & SECURITY POLICY

1. Difference between hacker, cracker & phreaker.

Ans:- Hackers refer to the computer world’s outlaws. A hacker is a person intensely interested in
the arcane and recondite workings of any computer operating system. Most often, hackers are
programmers. As such, hackers obtain advanced knowledge of operating systems and programming
languages. They may know of holes within systems and the reasons for such holes. Hackers
constantly seek further knowledge, freely share what they have discovered, and never, ever
intentionally damage data. White hat is a term often used to describe ethical hackers that stay
entirely within the law. They never access a system or network illegally, and they work tirelessly to
expose holes in systems with the ultimate goal of fixing flaws and improving security. Upon finding a
flaw, a white hat will usually notify the software vendor and give the company a chance to patch the
flaw before making the bug public knowledge.

A cracker is a person who breaks into or otherwise violates the system integrity of remote
machines, with malicious intent. Crackers, having gained unauthorized access, destroy vital data,
deny legitimate users service, or basically cause problems for their targets. Crackers can easily be
identified because their actions are malicious. a black hat or cracker breaks into systems illegality for
personal gain, vandalism, or bragging rights. A cracker doesn’t need to be particularly
knowledgeable or skillful; in fact, most of them aren’t. Few crackers are skilled enough to create their
own software tools, so most rely on automated programs that they download from disreputable Web
sites.Because crackers know they are breaking the law, they do everything they can to cover their
tracks. Fortunately, security professionals catch quite a few of them because the majority of crackers
lack real skill.

Phreaker, person who hacks into a telecommunications system; a person whomakes fraudulent use 
of a telephone or computer system by electronicmeans. A phreak is a hacker who specializes in
phone systems. These days, however, phreaking is more of a cracker activity. At one time, phreaks
were enthusiastic about telephone networks and simply wanted to understand how they worked and
explore them. Ethical phreaks didn’t steal services or cause damage; they just used their technical
skill to play with the system. Phone systems have changed and are less susceptible to technological
hacks. As a result, modern phreaks intent on cracking the telecommunications systems often rely on
criminal acts such as stealing phone cards and cloning cell phones.

2. 3 p’s of cyber crime

Ans:- Practice:
Don't trust email attachments these may contain malicious software that can harm your computer.
Make sure you look for signs a website is safe. There is software available to notify you when a
website isn't safe.
 Patches:
New vulnerabilities are often found in software. Software vendors try to stay ahead of attackers by
offering updates. It's a good idea to apply those updates instead of ignoring them.

Passwords:
They are the first line of defense to protect you online. A good password doesn't have to be hard to
remember there is a way you can create an easy to remember password that can keep you safe.

3. Virus hoax.
Ans:- A computer virus hoax is a message warning the recipients of a non-existent computer
virus threat. The message is usually a chain e-mail that tells the recipients to forward it to everyone they
know. Virus hoaxes are usually harmless and accomplish nothing more than annoying people who
identify it as a hoax and waste the time of people who forward the message. Nevertheless, a number of
hoaxes have warned users that vital system files are viruses and encourage the user to delete the file,
possibly damaging the system. Examples of this type include the jdbgmgr.exe virus hoax.

Some consider virus hoaxes and other chain e-mails to be a computer worm in and of themselves. They
replicate by social engineering—exploiting users' concern, ignorance, and disinclination to investigate
before acting.

Hoaxes are distinct from computer pranks, which are harmless programs that perform unwanted and
annoying actions on a computer, such as randomly moving the mouse, turning the screen display upside
down, etc.

4. War Dialing
Ans:- War dialing or wardialing is a technique of using a modem to automatically scan a list
of telephone numbers, usually dialing every number in a local area code to search for computers, Bulletin
board systems and fax machines. Hackers use the resulting lists for various purposes: hobbyists for
exploration, and crackers - malicious hackers who specialize in computer security - for guessing user
accounts (by capturing voicemail greetings), or locating modems that might provide an entry-point into
computer or other electronic systems. It may also be used by security personnel, for example, to detect
unauthorized devices, such as modems or faxes, on a company's telephone network.

5. Cyber bullying
Ans:- Cyberbullying is the use of information technology to repeatedly harm or harass other people in a
deliberate manner.
With the increase in use of these technologies, cyberbullying has become increasingly common,
especially among teenagers.Awareness has also risen, due in part to high-profile cases like the suicide
of Tyler Clementi.
 Cyberbullying is defined in legal glossaries as

 actions that use information and communication technologies to support deliberate, repeated, and hostile
behavior by an individual or group, that is intended to harm another or others.
 use of communication technologies for the intention of harming another person
 use of internet service and mobile technologies such as web pages and discussion groups as well as
instant messaging or SMS text messaging with the intention of harming another person.

A cyberbully may be a person whom the target knows or an online stranger. A cyber bully may be
anonymous and may solicit involvement of other people online who do not even know the target. This is
known as a "digital pile-on.

 Cyberbullying involves repeated behavior with intent to harm.

 Cyberbullying is perpetrated through harassment, cyberstalking, denigration (sending or posting cruel
rumors and falsehoods to damage reputation and friendships),impersonation, and exclusion (intentionally
and cruelly excluding someone from an online group)

6. Cyber bullying vs cyber stalking

Ans:- The practice of cyber bullying is not limited to children and, while the behavior is identified by the
same definition when practiced by adults, the distinction in age groups sometimes refers to the abuse
as cyber stalking or cyber harassment when perpetrated by adults toward adults. Common tactics used
by cyberstalkers are performed in public forums, social media or online information sites and are
intended to threaten a victim's earnings, employment, reputation, or safety. Behaviors may include
encouraging others to harass the victim and trying to affect a victim's online participation. Many
cyberstalkers try to damage the reputation of their victim and turn other people against them.

Cyber stalking may include false accusations, monitoring, making threats, identity theft, damage to data
or equipment, the solicitation of minors for sex, or gathering information in order to harass.  A repeated
pattern of such actions and harassment against a target by an adult constitutes cyber stalking. Cyber
stalking often features linked patterns of online and offline behavior. There are consequences of law in
offline stalking and online stalking, and cyber stalkers can be put in jail. Cyber stalking is a form of
cyberbullying.

7. Ping of Death
Ans:- A ping of death is a type of attack on a computer that involves sending a malformed or
otherwise malicious ping to a computer. Ping of Death (a.k.a. PoD) is a type of Denial of
Service (DoS) attack in which an attacker attempts to crash, destabilize, or freeze the targeted
computer or service by sending malformed or oversized packets using a simple ping command.
 While PoD attacks exploit legacy weaknesses which may have been patched in target systems.
However, in an unpatched systems, the attack is still relevant and dangerous. Recently, a new type
of PoD attack has become popular. This attack, commonly known as a Ping flood, the targeted
system is hit with ICMP packets sent rapidly via ping without waiting for replies.

A correctly formed ping message is typically 56 bytes in size, or 84 bytes when the Internet
Protocol [IP] header is considered. Historically, many computer systems could not properly handle a
ping packet larger than the maximum IPv4 packet size of 65535bytes. Larger packets
could crash the target computer.

Generally, sending a 65,536-byte ping packet violates the Internet Protocol as documented in RFC

791, but a packet of such a size can be sent if it is fragmented; when the target computer
reassembles the packet, a buffer overflow can occur, which often causes a system crash.

Later a different kind of ping attack became widespread—ping flooding simply floods the victim with
so much ping traffic that normal traffic fails to reach the system, a basicdenial-of-service attack.

8. Virus detail
Ans:- A computer virus is a malware program that, when executed, replicates by inserting copies of
itself (possibly modified) into othercomputer programs, data files, or the boot sector of the hard drive;
when this replication succeeds, the affected areas are then said to be "infected". [1][2][3][4] Viruses often
perform some type of harmful activity on infected hosts, such as stealing hard disk space or CPU time,
accessing private information, corrupting data, displaying political or humorous messages on the user's
screen, spamming their contacts, or logging their keystrokes. A computer virus is a computer program
that can infect other computer programs by modifying them in such a way as to include a (possibly
evolved) copy of it. Note that a program does not have to perform outright damage (such as deleting or
corrupting files) in order to be called a "virus".

Stealth virus

A stealth virus is one that hides the modifications it has made in the file or boot record, usually by
monitoring the system functions used by programs to read files or physical blocks from storage media,
and forging the results of such system functions so that programs which try to read these areas see the
original uninfected form of the file instead of the actual infected form. Thus the viral modifications go
undetected by anti-viral programs. However, in order to do this, the virus must be resident in memory
when the anti-viral program is executed.

The very first DOS virus, Brain, a boot-sector infector, monitors physical disk I/O and redirects any
attempt to read a Brain-infected boot sector to the disk area where the original boot sector is stored. The
next viruses to use this technique were the file infectors Number of the Beast and Frodo. Examples:
Frodo, Joshi, Whale

 Resident Viruses
This type of virus is a permanent which dwells in the RAM memory. From there it can overcome and
interrupt all of the operations executed by the system: corrupting files and programs that are opened,
closed, copied, renamed etc.

Examples include: Randex, CMJ, Meve, and MrKlunky.

2. Multipartite Viruses
Multipartite viruses are distributed through infected media and usually hide in the memory.
Gradually, the virus moves to the boot sector of the hard drive and infects executable files on the
hard drive and later across the computer system. Examples: Invader, Flip, and Tequila

3. Direct Action Viruses

The main purpose of this virus is to replicate and take action when it is executed. When a specific
condition is met, the virus will go into action and infect files in the directory or folder that it is in and in
directories that are specified in the AUTOEXEC.BAT file PATH. This batch file is always located in
the root directory of the hard disk and carries out certain operations when the computer is booted.
Examples: Vienna virus

4. Overwrite Viruses

Virus of this kind is characterized by the fact that it deletes the information contained in the files that
it infects, rendering them partially or totally useless once they have been infected.

The only way to clean a file infected by an overwrite virus is to delete the file completely, thus losing
the original content.

Examples of this virus include: Way, Trj.Reboot, Trivial.88.D.

5. Boot Virus

This type of virus affects the boot sector of a floppy or hard disk. This is a crucial part of a disk, in
which information on the disk itself is stored together with a program that makes it possible to boot
(start) the computer from the disk.

The best way of avoiding boot viruses is to ensure that floppy disks are write-protected and
never start your computer with an unknown floppy disk in the disk drive.

Examples of boot viruses include: Polyboot.B, AntiEXE.

6. Macro Virus

Macro viruses infect files that are created using certain applications or programs that contain
macros. These mini-programs make it possible to automate series of operations so that they are
performed as a single action, thereby saving the user from having to carry them out one by one.

Examples of macro viruses: Relax, Melissa.A, Bablas, O97M/Y2K.

7. Directory Virus

Directory viruses change the paths that indicate the location of a file. By executing a program (file
with the extension .EXE or .COM) which has been infected by a virus, you are unknowingly running
the virus program, while the original file and program have been previously moved by the virus.

Once infected it becomes impossible to locate the original files. Examples: Dir-2 virus

8. Polymorphic Virus

Polymorphic viruses encrypt or encode themselves in a different way (using different algorithms and
encryption keys) every time they infect a system.

This makes it impossible for anti-viruses to find them using string or signature searches (because
they are different in each encryption) and also enables them to create a large number of copies of
themselves.

Examples include: Elkern, Marburg, Satan Bug, and Tuareg.

FAT Virus

The file allocation table or FAT is the part of a disk used to connect information and is a vital part of
the normal functioning of the computer. 

This type of virus attack can be especially dangerous, by preventing access to certain sections of the
disk where important files are stored. Damage caused can result in information losses from
individual files or even entire directories. Examples: Link Virus

Characteristics of Computer Viruses:

1. Cannot exist in a viable form, apart from another (usually legitimate) program.
2. Propagates when the host program is executed.
3. Has an incubation period, during which no damage is done.
4. After incubation period, begins to manifest its behavior.
5. Can be Polymorphic: Some viruses have the ability to modify your code, which means that a virus
may have multiple similar variations, making them difficult to detect.
6. The virus can bring other viruses: A virus can lead to another virus making it much more lethal
and help each other to hide or even assist you to infect a particular section of the computer.
7. Can be furtive: stealthy viruses (stealth) first attach themselves to files on the computer and then
attack the computer, this causes the virus to spread more quickly. 

A few kinds of virus-caused behavior:

1. Formats hard drive, destroying all data ("Dark Avenger").

2. Causes random change in typed characters ("Teatime" virus).
3. Presents a political or (false) advertising message every few times ("Stoned" virus: Legalize
Marijuana).
4. Causes computer to act as though a monitor or disk drive is going bad ("Jerusalem-B"
virus).

Where viruses can hide:

1. In the "boot" sector of any floppy disk. This is a small program which runs whenever the
computer is "booted" from the diskette, whether or not the diskette is "bootable." (This is
the tiny program which puts the message "Non-system disk or disk error" on the screen if
the disk is not bootable!)
2. Attached to any program: shareware, commercial or public domain.
3. Embedded in the hidden system files IO.SYS and MSDOS.SYS on the boot disk or drive.
4. Same as #2, but pay SPECIAL ATTENTION to the file COMMAND.COM on the boot
disk or drive.
 5. The "partition table" on a hard drive. (This DOES contain executable information, since it is
attached to the "Master Boot Record" which is consulted at boot-up to determine whether to
boot DOS, OS/2, UNIX, etc.)

How viruses are spread:

1. Trading, copying or pirating software on diskettes without knowing the source.

2. Software salesmen giving demos on your computer from their diskettes.
3. Computer repair personnel using diagnostic disks.
4. Computer user groups and bulletin boards (BBS's). NOTE: #2 & #3 account for over 80%
of all infections at business sites! #1 accounts for nearly all others, #4 LESS THAN 5%.

Different stages of virus

During it lifetime, a virus goes through four phases:

1) Dormant Phase
Here, the virus remains idle and gets activated based on a certain action or event(for example, a
user pressing a key or on a certain date and time etc)
2)Propagation Phase
The virus starts propagating, that is multiplying itself. A piece of code copies itself and each copy
starts copying more copies of self, thus propagating.

3)Triggering Phase
A Dormant virus moves into this phase when it gets activated, that is, the event it was waiting
for gets initialised.

4)Execution Phase
This is the actual work of the virus. It can be destructive(deleting files on disk) or
harmless(popping messages on screen).

Computer virus vs computer worms

Virus worms

How does it infect a
computer system?
How can it spread?
It inserts itself into a file or executable
program.
It has to rely on users transferring
infected files/programs to other
computer systems.
It exploits a weakness in an
application or operating system by
replicating itself.
It can use a network to replicate
itself to other computer systems
without user intervention.

Does it infect files? Yes, it deletes or modifies files. Usually not. Worms usually only
Sometimes a virus also changes the monopolize the CPU and memory.
location of files.

virus is slower than worm. worm is faster than virus. E.g.The

whose speed is more? code red worm affected 3 lack PCs
in just 14 Hrs.
 Definition
The virus is the program code that
attaches itself to application program
and when application program run it
runs along with it.
The worm is code that replicate
itself in order to consume
resources to bring it down.

Threat vs Attack
A threat is a category of objects, persons, or other entities that represents a constant danger to
an asset”.
“An attack is an act or event that exploits vulnerability”.
Main difference between threat and attack is a threat can be either intentional or unintentional
where as an attack is intentional. Threat is a circumstance that has potential to cause loss or
damage whereas attack is attempted to cause damage. Threat to the information system doesn’t
mean information was altered or damaged but attack on the information system means there
might be chance to alter, damage, or obtain information when attack was successful.

9.Phishing, smishing, vishing.

Ans:- Phishing is the illegal attempt to acquire sensitive information such as usernames, passwords,
and credit card details (and sometimes, indirectly, money), often for malicious reasons, by
masquerading as a trustworthy entity in an electronic communication. Phishing is a continual threat
that keeps growing to this day. The risk grows even larger in social media such as Facebook,
Twitter, Myspace etc. Hackers commonly use these sites to attack persons using these media sites
in their workplace, homes, or public in order to take personal and security information that can affect
the user and the company (if in a workplace environment). Phishing is used to portray trust in the
user since the user may not be able to tell that the site being visited or program being used is not
real, and when this occurs is when the hacker has the chance to access the personal information
such as passwords, usernames, security codes, and credit card numbers among other things. List of
phishing type
Phishing
An attempt to acquire information such as usernames, passwords, and credit card details by
masquerading as a trustworthy entity in an electronic communication. In October 2013, emails
purporting to be from American Express were sent to an unknown number of recipients. A
simple DNS change could have been made to thwart this spoofed email, but American Express
failed to make any changes.[41]
Spear phishing
Phishing attempts directed at specific individuals or companies have been termed spear phishing.
[42]
 Attackers may gather personal information about their target to increase their probability of
success. This technique is, by far, the most successful on the internet today, accounting for 91% of
attacks.[43]
Clone phishing
A type of phishing attack whereby a legitimate, and previously delivered, email containing an
attachment or link has had its content and recipient address(es) taken and used to create an almost
identical or cloned email. The attachment or link within the email is replaced with a malicious version
and then sent from an email address spoofed to appear to come from the original sender. It may
claim to be a resend of the original or an updated version to the original. This technique could be
used to pivot (indirectly) from a previously infected machine and gain a foothold on another machine,
by exploiting the social trust associated with the inferred connection due to both parties receiving the
original email.
Whaling
Several recent phishing attacks have been directed specifically at senior executives and other high
profile targets within businesses, and the term whaling has been coined for these kinds of attacks.
[44]
 In the case of whaling, the masquerading web page/email will take a more serious executive-level
form. The content will be crafted to target an upper manager and the person's role in the company.
The content of a whaling attack email is often written as a legal subpoena, customer complaint, or
executive issue. Whaling scam emails are designed to masquerade as a critical business email, sent
from a legitimate business authority. The content is meant to be tailored for upper management, and
usually involves some kind of falsified company-wide concern. Whaling phishermen have also forged
official-looking FBI subpoena emails, and claimed that the manager needs to click a link and install
special software to view the subpoena. [45]
Rogue WiFi (MitM)
Attackers set up or compromise free Wifi access-points, and configure them to run man-in-the-
middle (MitM) attacks, often with tools like sslstrip, to compromise all access point users.

In computing, SMS phishing is a form of criminal activity using social

engineering techniques. Phishing is the act of attempting to acquire personal information such as
passwords and credit card details by masquerading as a trustworthy entity in an electronic
communication. SMS (Short Message Service) is the technology used for text messages on cell phones.

SMS phishing uses cell phone text messages to deliver the bait to induce people to divulge their personal
information. The hook (the method used to actually capture people's information) in the text message
may be a website URL, but it has become more common to see a telephone number that connects to an
automated voice response system. The SMS phishing message usually contains something that
demands the target's immediate attention. Examples include "We confirm that you have signed up for our
dating service. 

Voice phishing is the criminal practice of using social engineering over the telephone system to gain
access to private personal and financial information from the public for the purpose of financial reward.
Sometimes referred to as 'vishing',[1] the word is a combination of "voice" and phishing. Voice phishing
exploits the public's trust in landline telephone services, which have traditionally terminated in physical
locations known to the telephone company, and associated with a bill-payer. Voice phishing is typically
used to steal credit card numbers or other information used in identity theft schemes from individuals.

Some fraudsters use features facilitated by Voice over IP (VoIP). Features such as caller ID spoofing (to
display a number of their choosing on the recipients phone line), and automated systems (IVR).
Voice phishing is difficult for legal authorities to monitor or trace. To protect themselves, consumers are
advised to be highly suspicious when receiving messages directing them to call and provide credit card
or bank numbers — vishers can in some circumstances intercept calls that consumers make when trying
to confirm such messages.

10.Trozan horse
Ans:- A Trojan horse, or Trojan, in computing is generally a non-self-replicating type
of malware program containing malicious code that, when executed, carries out actions determined by
the nature of the Trojan, typically causing loss or theft of data, and possible system harm. A Trojan may
give a hacker remote access to a targeted computer system. Operations that could be performed by a
hacker, or be caused unintentionally by program operation, on a targeted computer system include:

 Crashing the computer, e.g. with "blue screen of death" (BSOD)

 Data corruption
 Formatting disks, destroying all contents
 Use of the machine as part of a botnet (e.g. to perform automated spamming or to distribute Denial-
of-service attacks)
 Electronic money theft
 Infects entire Network banking information and other connected devices
 Data theft, including confidential files, sometimes for industrial espionage, and information with
financial implications such as passwords and payment card information
 Modification or deletion of files
 Downloading or uploading of files for various purposes
 Downloading and installing software, including third-party malware and ransomware
 Keystroke logging
 Watching the user's screen
 Viewing the user's webcam
 Controlling the computer system remotely
 Encrypting files; a ransom payment may be demanded for decryption, as with
the CryptoLocker ransomware
 System registry modification
 Using computer resources for mining cryptocurrencies [8]
 Using the infected computer as proxy for illegal activities and/or attacks on other computers.

Trojan horses in this way may require interaction with a malicious controller (not necessarily distributing
the Trojan horse) to fulfill their purpose. It is possible for those involved with Trojans to scan computers
on a network to locate any with a Trojan horse installed, which the hacker can then control. [
Notable Trojan horses

 Netbus Advance System Care(by Carl-Fredrik Neikter)

 Subseven or Sub7(by Mobman)
 Back Orifice (Sir Dystic)
 Beast
 Zeus
 Flashback Trojan (Trojan BackDoor.Flashback)
 ZeroAccess

Logic Bombs
Logic bombs are small programs or sections of a program triggered by some event such as a certain
date or time, a certain percentage of disk space filled, the removal of a file, and so on. For example, a
programmer could establish a logic bomb to delete critical sections of code if she is terminated from the
company. Logic bombs are most commonly installed by insiders with access to the system.

Trojan Horses
Trojan horses (often just called Trojans) are programs that must be installed or executed by a user to be
effective. Often, these are disguised as helpful or entertaining programs which can include operating
system patches, Linux packages, or games. Once executed, however, Trojans perform actions the user
did not intend such as opening certain ports for later intruder access, replacing certain files with other
malicious files, and so on.1 

Trap doors
Trap doors, also referred to as backdoors, are bits of code embedded in programs by the
programmer(s) to quickly gain access at a later time, often during the testing or debugging phase. If an
unscrupulous programmer purposely leaves this code in or simply forgets to remove it, a potential
security hole is introduced. Hackers often plant a backdoor on previously compromised systems to gain
later access. Trap doors can be almost impossible to remove in a reliable manner. Often, reformatting the
system is the only sure way.

11. Cyber crime & types

Ans:- Computer crime, or cybercrime, is any crime that involves a computer and a
network. The computer may have been used in the commission of a crime, or it may be
the target. Netcrime is criminal exploitation of the Internet.

There are many types of cyber crimes and the most common ones are explained below:
Hacking: This is a type of crime wherein a person’s computer is broken into so that his personal or
sensitive information can be accessed. In the United States, hacking is classified as a felony and
punishable as such. This is different from ethical hacking, which many organizations use to check their
Internet security protection. In hacking, the criminal uses a variety of software to enter a person’s
computer and the person may not be aware that his computer is being accessed from a remote location.
Theft: This crime occurs when a person violates copyrights and downloads music, movies, games and
software. There are even peer sharing websites which encourage software piracy and many of these
websites are now being targeted by the FBI. Today, the justice system is addressing this cyber crime and
there are laws that prevent people from illegal downloading.
Cyber Stalking: This is a kind of online harassment wherein the victim is subjected to a barrage of online
messages and emails. Typically, these stalkers know their victims and instead of resorting to offline
stalking, they use the Internet to stalk. However, if they notice that cyber stalking is not having the
desired effect, they begin offline stalking along with cyber stalking to make the victims’ lives more
miserable.
Identity Theft: This has become a major problem with people using the Internet for cash transactions
and banking services. In this cyber crime, a criminal accesses data about a person’s bank account, credit
cards, Social Security, debit card and other sensitive information to siphon money or to buy things online
in the victim’s name. It can result in major financial losses for the victim and even spoil the victim’s credit
history.
Malicious Software: These are Internet-based software or programs that are used to disrupt a network.
The software is used to gain access to a system to steal sensitive information or data or causing damage
to software present in the system.
Child soliciting and Abuse: This is also a type of cyber crime wherein criminals solicit minors via chat
rooms for the purpose of child pornography. The FBI has been spending a lot of time monitoring chat
rooms frequented by children with the hopes of reducing and preventing child abuse and soliciting.

11. IT act 2000

Ans:- Cyber laws are contained in the IT Act, 2000.

This Act aims to provide the legal infrastructure for e-commerce in India. And the cyber laws have a major
impact for e-businesses and the new economy in India. So, it is important to understand what are the various
perspectives of the IT Act, 2000 and what it offers.

The Information Technology Act, 2000 also aims to provide for the legal framework so that legal sanctity is
accorded to all electronic records and other activities carried out by electronic means. The Act states that
unless otherwise agreed, an acceptance of contract may be expressed by electronic means of communication
and the same shall have legal validity and enforceability.

The IT Act 2000 attempts to change outdated laws and provides ways to deal with cyber crimes. We need
such laws so that people can perform purchase transactions over the Net through credit cards without fear of
misuse. The Act offers the much-needed legal framework so that information is not denied legal effect, validity
or enforceability, solely on the ground that it is in the form of electronic records.

In view of the growth in transactions and communications carried out through electronic records, the Act
seeks to empower government departments to accept filing, creating and retention of official documents in the
digital format. The Act has also proposed a legal framework for the authentication and origin of electronic
records / communications through digital signature.

From the perspective of e-commerce in India, the IT Act 2000 and its provisions contain many positive
aspects. Firstly, the implications of these provisions for the e-businesses would be that email would now be a
valid and legal form of communication in our country that can be duly produced and approved in a court of
law.

Companies shall now be able to carry out electronic commerce using the legal infrastructure provided by the
Act.

Digital signatures have been given legal validity and sanction in the Act.

The Act throws open the doors for the entry of corporate companies in the business of being Certifying
Authorities for issuing Digital Signatures Certificates.

The Act now allows Government to issue notification on the web thus heralding e-governance.

12. Cyber Squatting

Ans:- Cyber Squatting is registering, trafficking in, or using an Internet domain name with bad
faith intent to profit from the goodwill of a trademark belonging to someone else. The cyber squatter then
offers to sell the domain to the person or company who owns a trademark contained within the name at
an inflated price.

The term is derived from "squatting", which is the act of occupying an abandoned or unoccupied space or
building that the squatter does not own, rent, or otherwise have permission to use. Cybersquatting,
however, is a bit different in that the domain names that are being "squatted" are (sometimes but not
always) being paid for through the registration process by the cybersquatters. Cybersquatters usually ask
for prices far greater than that at which they purchased it. Some cybersquatters put up derogatory
remarks about the person or company the domain is meant to represent in an effort to encourage the
subject to buy the domain from them. Others post paid links via advertising networks to the actual site
that the user likely wanted, thus monetizing their squatting.

13. Legal aspects of hacking

Ans:- Hackers' ability to slip in and out ofcomputers undetected, stealing classified information when it
amuses them, is enough to give a government official a nightmare. Secret information, or intelligence, is
incredibly important. Many government agents won't take the time to differentiate between a curious hacker
who wants to test his skills on an advanced security system and a spy.
Computer Misuse Act

Under the Computer Misuse Act it is an offence to hack into somebody else’s computer or send them a form
of virus that allows them to obtain information from somebody else’s computer.
The reasoning for the introduction of this Act was the fear that individuals, in particular private investigators,
might be able to obtain information about other individuals without their knowledge or consent.

Targets of computer hacking

A common target for computer hackers is the intellectual property of a particular individual or company.
Intellectual property is a form of original creation which has the protection of a patent or copyright. But if
another individual or company can claim to have come up with the product without copying the original they
may well be able to sell it legally.

Cyber attacks

An increasing concern to all governments around the word is the role of what is known as cyber attacks.
Cyber attacks occur when an individual or group of individuals hack into the computer system of a company,
association or even government department and attempts to paralyse the system.

The motivation for carrying out a cyber attack can be vast; groups can range from those seeking information
to sell on, to interest groups looking to bring down whole companies, and even terrorist groups looking to
paralyse government departments.

14. Pharming
Ans:- Pharming is a cyber attack intended to redirect a website's traffic to another, fake site. Pharming can be
conducted either by changing the hosts file on a victim's computer or by exploitation of a vulnerability in DNS
server software. DNS servers are computers responsible for resolving Internet names into their real IP
addresses. Compromised DNS servers are sometimes referred to as "poisoned". Pharming requires
unprotected access to target a computer, such as altering a customer's home computer, rather than a
corporate business server.

The term "pharming" is a neologism based on the words "farming" and "phishing". Phishing is a type of social-
engineering attack to obtain access credentials, such as user names and passwords. In recent years, both
pharming and phishing have been used to gain information for online identity theft. Pharming has become of
major concern to businesses hosting ecommerce and online banking websites. Sophisticated measures
known as anti-pharming are required to protect against this serious threat. Antivirus software and spyware
removal software cannot protect against pharming.

15. Cryptography vs stegonography

Ans:- Cryptography is the study of hiding information and it is used when communicating over an untrusted
medium such as internet, where information needs to be protected from other third parties. Modern
cryptography focuses on developing cryptographic algorithms that are hard to break by an adversary due to
the computational hardness therefore could not be broken by a practical means. In the modern cryptography,
there are three types of cryptographic algorithms used called Symmetric key cryptography, Public-key
cryptography and hash functions. Symmetric key cryptography involves encryption methods where both the
sender and the receiver share the same key used to encrypt the data. In Public-key cryptography, two
different but mathematically related keys are used. Hash functions does not use a key, instead they compute
a fixed length hash value from the data. It is impossible to recover the length or the original plain text from this
hash value.

Steganography deals with composing hidden messages so that only the sender and the receiver know that
the message even exists. Since nobody except the sender and the receiver knows the existence of the
message, it does not attract unwanted attention. Steganography was used even in ancient times and these
ancient methods are called Physical Steganography. Some examples for these methods are messages
hidden in messages body, messages written in secret inks, messages written on envelopes in areas covered
by stamps, etc. Modern Steganography methods are called Digital Steganography. These modern methods
include hiding messages within noisy images, embedding a message within random data, embedding pictures
with the message within video files, etc. Furthermore, Network Steganography is used in telecommunication
networks. This includes techniques like Steganophony (hiding a message in Voice-over-IP conversations) and
WLAN Steganography (methods for transmitting Steganograms in Wireless Local Area Networks).

What is the difference between Cryptography and Steganography?

Cryptography is the study of hiding information, while Steganography deals with composing hidden messages
so that only the sender and the receiver know that the message even exists. In Steganography, only the
sender and the receiver know the existence of the message, whereas in cryptography the existence of the
encrypted message is visible to the world. Due to this, Steganography removes the unwanted attention
coming to the hidden message. Cryptographic methods try to protect the content of a message, while
Steganography uses methods that would hide both the message as well as the content. By combining
Steganography and Cryptography one can achieve better security.

16. Cramming, Flamming, Smurffing, Spamming, cracking

Ans:- Cramming is a form of fraud in which small charges are added to a bill by a third party without the
subscriber's consent or disclosure. These may be disguised as a tax or some other common fee, and
may be several dollars or even just a few cents. The crammer's intent is that the subscriber will overlook
and ultimately pay these small charges.
Phone cramming is the practice of placing unauthorized charges on a telecommunication
subscriber's home or mobile telephone bill.

Web cramming involves billing consumers for a web page they did not even know they had.This is
most often accomplished when criminals develop new web pages for small businesses and non-profit
groups for little or no expense.

Fighting cramming

Phone companies like Verizon respond by removing cramming charges from a consumer's bill upon
request, and will cease business with the company that crams. [11] Verizon, at the customer's request, will
put a Cramming Block on the customer's account, that prevents third parties from adding charges.

Flaming is a hostile and insulting interaction between Internet users, often involving the use of profanity.

Flaming usually occurs in the social context of an Internet forum, Internet Relay Chat (IRC), Usenet,
by e-mail, game servers such as Xbox Live or PlayStation Network, and onvideo-sharing websites such
as YouTube. It is frequently the result of the discussion of heated real-world issues such
as politics, religion, and philosophy, or of issues that polarize sub-populations, but can also be provoked
by seemingly trivial differences.

Deliberate flaming, as opposed to flaming as a result of emotional discussions, is carried out by

individuals known as flamers, who are specifically motivated to incite flaming. These users specialize in
flaming and target specific aspects of a controversial conversation.

Spamming:- Spam is the term used for unsolicited, impersonal bulk electronic messages. Although email
spam is the most common form of spamming, others exist, like mobile phone messaging spam and instant
messaging spam.
Spam involves sending nearly identical messages to thousands (or millions) of recipients. Spammers use
software robots, called spambots (also Web crawlers or Web spiders) in order to get valid email addresses
from company Web sites, blogs and newsgroups. Common subjects of spam messages are pornographic or
other sexually related Web sites, various financial services or get-rich-quick schemes and health products.
Spam messages normally have a fake origin address, which is randomly generated, in order to keep the
author of the message from being easily discovered.

The term “cracking” means trying to get into computer systems in order to steal, corrupt, or illegitimately view
data. The popular press refers to such activities as hacking, but hackers see themselves as expert, elite
programmers and maintain that such illegitimate activity should be called “cracking.”

A keylogger is a tool that captures and records a user’s keystrokes. It can record instant messages, email,
passwords and any other information you type at any time using your keyboard. Keyloggers can be hardware
or software.
One common example of keylogging hardware is a small, battery-sized device that connects between the
keyboard and the computer. Since the device resembles an ordinary keyboard plug, it is relatively easy for
someone who wants to monitor a user’s behavior to physically hide such a device in plain sight.

Smurfinf refers to the use of smurf programs to us internet protocol and internet control message protocol
to send a request using a packet internet gopher to an internet host to test its response.

17. Types of cyber attack

Ans:- Computer Intrusion

Computer intrusion is any malicious activity that harms a computer, or causes a computer or a computer
network to work in an unexpected manner. These attacks involves spreading of virus, denial of services or
exploitation of the operating system or a software feature.
Social Engineering

The term “social Engineering” means to fool a user by sending him an email or calling him to provide
confidential data like passwords etc.

Masquerading

In this type of attack a system is fooled into giving access by sending a TCP Packet that has a forged source
address which makes the packet appears to come from a trusted host.

Denial of Service (DOS Attack)

This type of attack intent is to make resources or service unavailable to its intended users. Such DOS attacks
are carried out on websites to stop them from functioning.

Smurf Attack

This attack generates large amount of traffic on a victims network, which causes the network to crash. Smurf
Attack is a type of DOS attack.

Fraggle Attach

It is a type of DOS attach where the attacker sends a large amount of UDP echo traffic to IP broadcast
addresses.

Email Bombing

Email bombing means sending thousands of email to a victim causing the victim’s mail account or mail server
to crash.

Logic Bomb

A logic Bomb is an event driver attack. This type of attack activates only if certain even occurs.

Salami Attack

This type of attack is carried out for financial gains. In Salami Attack, the key is to make changes so small that
in a single case it can go unnoticed. For instance, a bank employee deducts 2 Dollars from every single
customer or transaction. The customer is unlikely to notice the change but the employee gets a fortune.

18.Clickjacking 

Ans:- Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious

technique of tricking a Web user into clicking on something different from what the user perceives they
are clicking on, thus potentially revealing confidential information or taking control of their computer while
clicking on seemingly innocuous web pages.[1][2][3][4] It is a browser security issue that is
a vulnerability across a variety of browsers and platforms. A clickjack takes the form of
embedded code or a script that can execute without the user's knowledge, such as clicking on
a button that appears to perform another function. Clickjacking is possible because seemingly harmless
features of HTML web pages can be employed to perform unexpected actions.
19. Cyber warfare
Ans:- Cyberwarfare is politically motivated hacking to conduct sabotage and espionage.
It is a form of information warfare sometimes seen as analogous to conventional warfare
Cyberwarfare is Internet-based conflict involving politically motivated attacks on information and information
systems. Cyberwarfare attacks can disable official websites and networks, disrupt or disable essential
services, steal or alter classified data, and criple financial systems -- among many other possibilities.

20. Malvertisime
Ans:- Malvertising (from "malicious advertising") is the use of online advertising to spread malware.
Malvertising involves injecting malicious or malware-laden advertisements into legitimate online advertising
networks and webpages. Online advertisements provide a solid platform for spreading malware because
significant effort is put into them in order to attract users and sell or advertise the product. Because
advertising content can be inserted into high-profile and reputable websites, malvertising provides malefactors
an opportunity to push their attacks to web users who might not otherwise see the ads, due to firewalls, more
safety precautions, or the like. Malvertising is "attractive to attackers because they 'can be easily spread
across a large number of legitimate websites without directly compromising those websites'." 

Malvertising is a fairly new concept for spreading malware and is even harder to combat because it can work
its way into a webpage and spread through a system unknowingly

21. Piggybacking, data diddling, supper zapping, dumpster diving, evaes

dropping, malicious software, spoofing attack evil twin, cyber espionage, DDOS
Ans:- Piggybacking on Internet access is the practice of establishing a wireless Internet connection by
using another subscriber's wireless Internet access service without the subscriber's explicit permission or
knowledge. It is a legally and ethically controversial practice, with laws that vary by jurisdiction around the
world. While completely outlawed or regulated in some places, it is permitted in others. The process of
sending data along with the acknowledgment is called piggybacking. Piggybacking is distinct
from wardriving, which involves only the logging or mapping of the existence of access points.

Data diddling is the changing of data before or during entry into the computer system. diddling.
Examples include forging or counterfeiting documents used for data entry and exchanging valid disks and
tapes with modified replacements.

Super zapping is a technique made possible by a special program available on most computer systems- a
program that bypasses all system controls when the computer crashes and cannot be restarted with normal
recovery procedures.

This program, in effect, is a “master key” that can provide access to any part of the system. The super zap
program is a highly privileged “disaster aid” that very few computer system professionals are authorized to
use. In the wrong hands, it can be used to perform almost any unauthorized task.
Dumpster diving is looking for treasure in someone else's trash. (A dumpster is a large trash container.) In
the world of information technology, dumpster diving is a technique used to retrieve information that could be
used to carry out an attack on a computer network. Dumpster diving isn't limited to searching through the
trash for obvious treasures like access codes or passwords written down on sticky notes. Seemingly innocent
information like a phone list, calendar, or organizational chart can be used to assist an attacker using social
engineering techniques to gain access to the network. To prevent dumpster divers from learning anything
valuable from your trash, experts recommend that your company establish a disposal policy where all paper,
including print-outs, is shredded in a cross-cut shredder before being recycled, all storage media is erased,
and all staff is educated about the danger of untracked trash.

Eavesdropping is the act of surreptitiously listening to a private conversation, typically between hosts on
a network. For instance, programs such as Carnivore and NarusInsight have been used by
the FBI and NSA to eavesdrop on the systems of internet service providers. Even machines that operate
as a closed system (i.e., with no contact to the outside world) can be eavesdropped upon via monitoring
the faint electro-magnetic transmissions generated by the hardware; TEMPEST is a specification by the
NSA referring to these attacks.

Malware, short for malicious software, is any software used to disrupt computer operation, gather
sensitive information, or gain access to private computer systems. [1] Malware is defined by its malicious
intent, acting against the requirements of the computer user, and does not include software that causes
unintentional harm due to some deficiency. The term badware is sometimes used, and applied to both
true (malicious) malware and unintentionally harmful software. Malware may be stealthy, intended to
steal information or spy on computer users for an extended period without their knowledge.

In the context of network security, a spoofing attack is a situation in which one person or program
successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.

Evil Twin, the latest security threat to web users, according to wireless internet and cyber crime, hotspots
present a hidden danger for web usersusers think they’ve logged on to a wireless hotspot connection when, in
fact, they’ve been tricked to connect to the attacker’s unauthorised base station. The latter jams the connection to a
legitimate base station by sending a stronger signal within close proximity to the wireless client – thereby turning
itself into an ‘Evil Twin’, Once the user is connected to the ‘Evil Twin’, the cyber criminal can intercept data being
transmitted, such as bank details or personal information. “Cyber criminals don’t have to be that clever to carry out
such an attack. “Because wireless networks are based on radio signals, they can be easily detected by
unauthorised users tuning into the same frequency."

cyber espionage, is the act or practice of obtaining secrets without the permission of the holder of the
information (personal, sensitive, proprietary or of classified nature), from individuals, competitors, rivals,
groups, governments and enemies for personal, economic, political or military advantage using methods
on the Internet, networks or individual computers through the use of cracking techniques and malicious
software including Trojan horses and spyware. It may wholly be perpetrated online from computer desks
of professionals on bases in far away countries or may involve infiltration at home by computer trained
conventional spies and moles or in other cases may be the criminal handiwork of amateur malicious
hackers and software programmers.
Distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource
unavailable to its intended users. DDOS are a special kind of hacking. A criminal salts an array of
computers with computer programs that can be triggered by an external computer user. These
programs are known as Trojan horses since they enter the unknowing users’ computers as
something benign, such as a photo or document attached to an e-mail. At a predesignated time, this
Trojan horse program begins to send messages to a predetermined site. If enough computers have
been compromised, it is likely that the selected site can be tied up so effectively that little if any
legitimate traffic can reach it. One important insight offered by these events has been that much
software is insecure, making it easy for even an unskilled hacker to compromise a vast number of
machines. Although software companies regularly offer patches to fix software vulnerabilities, not all
users implement the updates, and their computers remain vulnerable to criminals wanting to launch
DoS attacks.