Q1. What is cyber crime?

Discuss the different types

of cyber crime.
Cybercrime refers to criminal conduct committed with the aid of a computer or
other electronic equipment connected to the internet. Individuals or small groups
of people with little technical knowledge and highly organized worldwide criminal
groups with relatively talented developers and specialists can engage in cybercrime.

Cybercriminals or hackers who want to generate money, commit a majority of

cybercrimes. Individuals and organizations are both involved in cybercrime. Aside
from that, cybercriminals might utilize computers or networks to send
viruses, malware, pornographic material, and other unlawful data.

To make money, cybercriminals engage in a range of profit-driven criminal acts,

including stealing and reselling identities, gaining access to financial accounts, and
fraudulently utilizing credit cards to obtain funds.

Types of Cyber Crime

There are diversified types of cybercrime recorded across the globe, and some of
the noteworthy examples are email fraud, social media fraud, banking fraud,
ransomware attacks, cyber espionage, identity theft, clickjacking, and spyware. Let’s
explore how these crimes are carried out.

Malware

Malware is a broad term that comprised a wide range of cyberattacks such

as Trojans, viruses, and worms. Malware can simply be described as code written to
steal data or destroy things on a computer

Viruses
Viruses, like their biological namesakes, attach themselves to clean files and infect
other clean files. Viruses can spread uncontrollably, causing damage to the core
functionality as well as deleting and corrupting files. Viruses usually appear as
executable files downloaded from the internet.

Trojan

This type of malware masquerades as legitimate software that can be hacked. It

prefers to function invisibly and creates security backdoors that allow other viruses
to enter the system.

Worms

Worms use the network’s interface to infect a whole network of devices, either
locally or via the internet. Worms infect more machines with each successive
infected machine.

Phishing

Phishing frequently poses as a request for information from a reputable third

party. Phishing emails invite users to click on a link and enter their personal
information.

In recent years, phishing emails have become much more complex, making it
impossible for some users to distinguish between a real request for information
and a fraudulent one. Phishing emails are sometimes lumped in with spam, but
they are far more dangerous than a simple advertisement.
Q2.Discuss different criminal threats to IT
infrastructure. What can be preventive measures for these
threats?
Criminal Threats to IT infrastructure
(a) False Data input -The falsification of the data
input is a major threat to IT infrastructure .This
threat may arise from:
(b) Unreasonable or inconsistent data ,or
(c) Changes in the keyed in data ,or
(d) Misinterpretation of input type (e.g payment
recorded as receipt),or
(e) Unauthorised addition,deletion or modification of
data elements or whole records,or
(f) Improper use of error correction procedures.
Such threats endanger the integrity and safety of
data and normally cause direct financial loss to the
enterprise.
(b) Misuse of IT infrastructure

Misuse of IT infrastructure may be as serious as sale

of classified information to competitors or other
adversaries of the enterprise or as moderate as use
of computer hardware for personal data processing
activity. Selling information or program listing of
files and destruction or modification of information
not for gain are other examples of misuse of IT
infrastructure.
(c) Unauthorised access
Most of the abuse of IT infrastructure is possible only through
bypass of in-built access permissions. The breach of access
security system is a major threat because it not only causes
damage to IT infrastructure ,but also makes the task of
establishing responsibility for the damage impossible as the
access is normally achieved by misrepresenting the identity of
the user.
(d) Ineffective security measures :
Inadequate security measures and ineffective implementation
of these measures increase the vulnerability of the system .
Poor definition of access permissions ,inadequate or incomplete
follow up on security violations and lack of adequate control
over sensitive data can increase the threat to IT infrastructure.
(e) Operational lapses
Sometimes , the IT infrastructure is threatened by poor
handling of basic housekeeping procedures on various
elements.The stories of system failures immediately after
preventive maintenance or data loss during periodic disk check
nor relocation of data are very commonly heard .Even minor
mistakes as mislabeling of storage media and failure to erase
sensitive or redundant data can pose a serious threat to the
security of IT infrastructure.
(f) System development process:
Many threats to security emanate from the security lapses
during the software development stage. Wrong testing,
inadequate control over the changes during and after testing
and implementation of the system may expose the IT
infrastructure to serious security risks.
(g) Communication traffic jams :
The increasing traffic of data communication is exposing IT
infrastructure to greater risks of failures of control over the
communication systems. Poor identification ,verification and
authentication are matters of serious concern for both
communication experts and information system users. As the
saying goes ‘you can never be sure that the system is safe if it
is hooked on a network, the only thing that you can say with
surety is that it is unsafe’.
5 Preventive Measures for These Threats:
1. Foster a culture of cybersecurity
2. Implement cyber hygiene best practices
3. Invest in both digital and physical security
4. Promote clear communication and clarify leadership
5. Audit devices ,assets, and other network components
 Q3. What is Cyber attack ?Describe the main motives of
launching cyber attacks.

A cyber attack is any attempt to gain unauthorized access to a

computer, computing system or computer network with the intent
to cause damage. Cyber attacks aim to disable, disrupt, destroy
or control computer systems or to alter, block, delete, manipulate
or steal the data held within these systems.

Main Motives of Cyber Attacks:

1. Financial Gain
The primary motivation of a hacker is money, and getting it can be done with
a variety of methods.

They could directly gain entry to a bank or investment account; steal a

password to your financial sites and then transfer the assets over to one of
their own; swindle an employee into completing a money transfer through a
complicated spear phishing technique, or conduct a ransomware attack on
your entire organization.

2. Recognition & Achievement

Some hackers are motivated by the sense of achievement that comes with
cracking open a major system. Some may work in groups or independently,
but, on some scale, they would like to be recognized.

This also ties into the fact that cyber criminals are competitive by nature, and
they love the challenge their actions bring. In fact, they often drive one
another to complete more complicated hacks.

3. Insider Threats
Individuals who have access to critical information or systems can easily
choose to misuse that access—to the detriment of their organization.
These threats can come from internal employees, vendors, a contractor or a
partner—and are viewed as some of the greatest cyber security threats to
organizations.

However, not all insider threats are intentional, according to an Insider Threat
Report from Crowd Research Partners. Most (51%) are due to carelessness,
negligence, or compromised credentials, but the potential impact is still
present even in an unintentional scenario.

4. Political Motivation – “Hacktivism”

Some cyber criminal groups use their hacking skills to go after large
organizations. They are usually motivated by a cause of some sort, such as
highlighting human rights or alerting a large corporation to their system
vulnerabilities. Or, they may go up against groups whose ideologies do not
align with their own.

These groups can steal information and argue that they are practicing free
speech, but more often than not, these groups will employ a DDoS
(Distributed Denial of Service) attack to overload a website with too much
traffic and cause it to crash.

5. State Actors
State-sponsored actors receive funding and assistance from a nation-state.
They are specifically engaged in cyber crime to further their nation’s own
interests. Typically, they steal information, including “intellectual property,
personally identifying information, and money to fund or further espionage
and exploitation causes.”

However, some state-sponsored actors do conduct damaging cyberattacks

and claim that their cyberespionage actions are legitimate activity on behalf
of the state.

6. Corporate Espionage
This is a form of cyber attack used to gain an advantage over a competing
organization.

Conducted for commercial or financial purposes, corporate espionage

involves:

• Acquiring property like processes or techniques, locations, customer

data, pricing, sales, research, bids, or strategies
 • Theft of trade secrets, bribery, blackmail, or surveillance

Q4. Define Hacking .Describe types of hacking and also

describe hacking techniques?
Hacking is the activity of characterizing weaknesses in a knowledge processing
system and a network to take advantage of the security to comprehend access
to private knowledge or business data. Computers became obligatory in
running a decent business. It is not enough to possess isolated computers
systems. They need to be networked to facilitate communication with external
businesses. This exposes them to the surface world and hacking. System
hacking means exploitation of computers to commit fallacious acts like fraud,
privacy invasion, stealing corporate/personal knowledge, etc. Cyber-crimes
cost several organizations several bucks every year. Businesses are compelled
to defend themselves against such attacks.

Types of Hacking :
Hacking is something from which you’ve to protect yourself and solely can be
done by anticipating how a hacker might think to get into the system.
1. Phishing –
In this type of hacking, hackers intention is to steal critical information
of users like account passwords, MasterCard detail, etc. For example,
hackers can replicate an original website for users interaction and can
steal critical information from the duplicate website the hacker has
created.
2. Virus –
These are triggered by the hacker into the filters of the website once
they enter into it . The purpose is to corrupt the information or
resources on the net website.
3.

UI redress –
In this technique, the hacker creates a pretend interface and once the
 user clicks with the intent of progressing to a particular website, they
are directed to a special website.

4.

Cookie theft –
Hackers access the net website exploitation malicious codes and steal
cookies that contain tips, login passwords, etc. Get access to your
account then will do any factor besides your account.

5. Distributed Denial-of-service(DDoS) –
This hacking technique is aimed toward taking down a website so that a
user cannot access it or deliver their service. Gets the server down and
stops it from responding, which may cause a condition error constantly.
6. DNS spoofing –
This essentially uses the cache knowledge of an internet website or
domain that the user might have forgotten keeping up to date. It then
directs the data to a distinct malicious website.
7.
Social Engineering –
Social engineering is an attempt to manipulate you to share personal info,
sometimes by impersonating a trustworthy supply.

8. Missing Security Patches –

Security tools will become outdated as a result of the hacking landscape
advancement and needs frequent updates to protect against new threats.

9. Malware-Injection Devices –
Cyber-criminals will use hardware to sneak malware onto your pc. You
would have detected infected USB sticks which can allow hackers remote
access to your device when it is connected to your pc.
10. Cracking Password –
Hackers will get your credentials through a technique known as key-
logging.
 Techniques of Hacking :
1. Bait and Switch

Using Bait and Switch the hackers buy advertisement space on any website
and then create an eye-catching advertisement on the website’s page.
Whenever a user comes to visit that website, most of the time user gets
convinced to click on that advertisement due to its presentation to the user and
the time user clicks on that advertisement he gets redirected to a malicious
web page. This way hackers can install malicious code on the victim’s system
and can steal user information.

2. Virus, Trojan, and Other Spyware

The attacker uses a virus, Trojan, and other malicious code and installs them
on the victim’s computer to get unprivileged access. Virus and other Trojans
keep sending data to the hacker regularly and can also perform various tasks
on the victim’s system like sniffing your data and diverting traffic etc.

3. Cookie Theft

We use Browser to search for different websites and those websites store
cookies in your browser. This includes our search history, some account
passwords, and other useful information, When attacker gets on your
browser’s cookie session then he can authenticate himself as you on a browser
and then can conduct attacks. It’s always a best practice to periodically clear
the search history and cache of your browser to ensure protection from such
kinds of attacks.

4. Denial of Service

This hacking technique involves flooding the network with a huge amount of
data packets to bring the system down. In this manner, users are unable to use
the service due to the real-time crash of the system. Hacker uses too many
requests to lower down the system so that the system cannot respond to the
actual or original request from genuine users. Another attack called DDoS
(Distributed Denial of Service) is also used to fulfill the same purpose by using
zombies or computers to flood the intended system, The number of data
packets or requests used to fulfill the requirements of the attack increases if it
fails every time. You should always use good anti-malware software and other
security measures to make sure they are safe from these attacks.

5. Keylogger

A keylogger is simply software that is used to record key sequences and store the
strokes of keys pressed on your keyboard to a file on your computer. These log files
can contain some useful and sensitive data of the user that may be account
information and different passwords. Check your computer regularly for this type of
theft by using security tools and make sure to use a virtual keyboard while doing
transactions if you have any suspects during login. It’s always a good practice to
install good antivirus software that checks your system periodically for any virus
and other suspects on your computer. Also, make sure your windows firewall is
turned on for additional security of your system and do not respond to fraud e-mails
and offers. Try installing software from a trusted and secured software provider and
avoid doing transactions and exchange of other sensitive data using public Wi-Fi
networks.

Q5 . Explain the following :

(a) Indian IT Act
(b) Issues in cyber jurisdiction

Information Technology Act, 2000

In 1996, the United Nations Commission on International Trade Law
(UNCITRAL) adopted the model law on electronic commerce (e-
commerce) to bring uniformity in the law in different countries.

Further, the General Assembly of the United Nations recommended that

all countries must consider this model law before making changes to
their own laws. India became the 12th country to enable cyber law after
it passed the Information Technology Act, 2000.

Objectives of the Act

i. Grant legal recognition to all transactions done via electronic
exchange of data or other electronic means of communication
or e-commerce, in place of the earlier paper-based method of
communication.
ii. Give legal recognition to digital signatures for the
authentication of any information or matters requiring legal
authentication
iii. Facilitate the electronic filing of documents with Government
agencies and also departments
iv. Facilitate the electronic storage of data
v. Give legal sanction and also facilitate the electronic transfer of
funds between banks and financial institutions
vi. Grant legal recognition to bankers under the Evidence Act,
1891 and the Reserve Bank of India Act, 1934, for keeping the
books of accounts in electronic form.

(b) Issues Of The Jurisdiction In Cyberspace

The issues of jurisdiction in cyberspace arise from the challenges associated with regulating
and enforcing laws in a space that transcends geographical, physical, and political borders.
Some of the major issues are as follows:-
 • Data Jurisdiction: With the increasing storage and processing of data online,
disagreeing governments may want to regulate access to such data in a mutually
beneficial way. It often leads to debates on where data is stored, where it is being
processed, and, based on that, to whom it is subject.
• Security Jurisdiction: Cybersecurity is a significant issue with online data, especially as
almost all digital activities are susceptible to hacking and phishing. It raises privacy and
security concerns since the nature of cyberspace transcends geographical jurisdiction.
• Regulatory Jurisdiction: Regulatory jurisdiction is the authority to impose legal
regulations on activities, transactions, or entities. Since territorial boundaries do not
define online spaces, it becomes hard to establish and enforce regulatory jurisdiction
over cyberspace-based activities.
• Law Enforcement Jurisdiction: Law enforcement jurisdiction refers to the power of
the police or judicial authorities to enforce laws, arrest offenders, or initiate legal
proceedings. Due to cyberspace’s complexity and trans-border nature, it is difficult for
law enforcement authorities to enforce laws effectively.
• Physical Jurisdiction: Physical jurisdiction refers to the ability of a state to exert
control over physical spaces. As cyberspace is outside the physical realm, governments
often face problems in identifying the source of a cyber attack or tracing the physical
location of a criminal.

Q6.Explain various tools of web security?

Cyber Security Tools

Protecting our IT environment is very critical. Every organization needs to take
cybersecurity very seriously. There are numbers of hacking attacks which affecting
businesses of all sizes. Hackers, malware, viruses are some of the real security threats in
the virtual world. It is essential that every company is aware of the dangerous security
attacks and it is necessary to keep themselves secure. There are many different aspects of
the cyber defence may need to be considered. Here are six essential tools and services
that every organization needs to consider to ensure their cybersecurity is as strong as
possible. They are described below:
1. Firewalls
As we know, the firewall is the core of security tools, and it becomes one of the most
important security tools. Its job is to prevent unauthorized access to or from a private
network. It can be implemented as hardware, software, or a combination of both. The
firewalls are used to prevent unauthorized internet users from accessing private networks
connected to the Internet. All messages are entering or leaving the intranet pass through
the firewall. The firewall examines each message and blocks those messages that do not
meet the specified security criteria.

2. Antivirus Software
Antivirus software is a program which is designed to prevent, detect, and remove viruses
and other malware attacks on the individual computer, networks, and IT systems. It also
protects our computers and networks from the variety of threats and viruses such as
Trojan horses, worms, keyloggers, browser hijackers, rootkits, spyware, botnets, adware,
and ransomware. Most antivirus program comes with an auto-update feature and
enabling the system to check for new viruses and threats regularly. It provides some
additional services such as scanning emails to ensure that they are free from malicious
attachments and web links

3. PKI Services
PKI stands for Public Key Infrastructure. This tool supports the distribution and
identification of public encryption keys. It enables users and computer systems to securely
exchange data over the internet and verify the identity of the other party. We can also
exchange sensitive information without PKI, but in that case, there would be no assurance
of the authentication of the other party.

People associate PKI with SSL or TLS. It is the technology which encrypts the server
communication and is responsible for HTTPS and padlock that we can see in our browser
address bar. PKI solve many numbers of cybersecurity problems and deserves a place in
the organization security suite.

4. Managed Detection and Response Service (MDR)

Today's cybercriminals and hackers used more advanced techniques and software to
breach organization security So, there is a necessity for every businesses to be used more
powerful forms of defences of cybersecurity. MDR is an advanced security service that
provides threat hunting, threat intelligence, security monitoring, incident analysis, and
incident response. It is a service that arises from the need for organizations (who has a
lack of resources) to be more aware of risks and improve their ability to detect and
respond to threats. MDR also uses Artificial Intelligence and machine learning to
investigate, auto detect threats, and orchestrate response for faster result.

5. Penetration Testing
Penetration testing, or pen-test, is an important way to evaluate our business's security
systems and security of an IT infrastructure by safely trying to exploit vulnerabilities. These
vulnerabilities exist in operating systems, services and application, improper
configurations or risky end-user behavior. In Penetration testing, cybersecurity
professionals will use the same techniques and processes utilized by criminal hackers to
check for potential threats and areas of weakness.

6. Staff Training
Staff training is not a 'cybersecurity tool' but ultimately, having knowledgeable employees
who understand the cybersecurity which is one of the strongest forms of defence against
cyber-attacks. Today's many training tools available that can educate company's staff
about the best cybersecurity practices. Every business can organize these training tools to
educate their employee who can understand their role in cybersecurity.

Q7. What is cyber forensics? What are its applications?

Explain various phases of the cyber forensics
investigation process.
Cyber forensics is the science of collecting, inspecting, interpreting, reporting, and
presenting computer-related electronic evidence. Evidence can be found on the
hard drive or in deleted files.

It is the process of examining, acquiring, and analyzing data from a system or

device so that it can be transcribed into physical documentation and presented in
court.

During the inspection, it is critical to create a digital or soft copy of the system’s
special storage cell. The purpose of carrying out a detailed cyber forensics
investigation is to determine who is to blame for a security breach. The entire
inquiry is carried out on the software copy while ensuring that the system is not
affected.

Process Involved in Cyber Forensics

Obtaining a digital copy of the under inspection system

This method entails producing a copy of the system’s data to avoid harm from
being done to the actual system, which might lead to file confusion with the files
already present on the computer. Cloning a hard disc entails replicating the hard
drive’s files and folders. The duplicate is present on another disc by copying every
small piece of data for analysis.

Authenticating and confirming the replica

After copying the files, experts verify that the copied data is consistent and exactly
as it exists in the real system.

Determining that the copied data is forensically

acceptable

It is possible to change the format of the data while duplicating it from a device,
resulting in discrepancies in the operating systems of the investigators and the one
from which the data was copied. To avoid this, detectives ensure that the structure
stays constant and that the data is forensically acceptable and is written on the
hard disk drive in a format that is adequately used in the computer.

Recovering deleted files

Criminals think of innovative ways of deleting the scene and often remove some
data that could indicate their misconduct; it is the work of the investigators to
recover and reconstruct deleted files with state-of-the-art software.

Forensics specialists can recover files erased by the user from a computer; the files
are not permanently wiped from the computer, and forensics specialists can
recover them.

Finding the necessary data with keywords

Researchers use specific high-speed tools to get appropriate information by

employing buzzwords in the instance document.

The OS perceives vacant space in the hard disc as room for storing new files and
directories; however, temporary files and documents that were erased years ago
will be stored there until new data is entered. Forensics specialists look for these
files using this free space.

Forensics specialists utilize tools that can access and produce pertinent information
throughout all data for phrases.

Establishing a technical report

The last phase will be to produce a technical report that is relevant and easily
understood regardless of the background of the individual. The result of this report
is to state clearly the crime, possible culprits, and innocent individuals.

The technical report must be straightforward for everyone to grasp, irrespective of

their background. It should focus mostly on who the culprit is and what techniques
they used to commit the crime and how.

Application of Digital Forensics

Digital Forensics is a branch of forensic science that deals with digital evidences in
solving a crime under the regulations of law. With the wide availability and use of
various digital media and devices, and social media there are various branches of
digital forensics such as mobile forensics, network forensics, database forensics,
email forensics, etc. With increasing digital crime in each branch, digital forensics has
wide applicability.

The major applications of digital forensics are:

o Crime Detection- There are various malwares and malicious activities that
happen over digital media and networks, such as phishing, spoofing,
ransomware, etc.
o Crime Prevention- There are various cyber crimes that happen due to lack of
security or existing unknown vulnerabilities, such as zero-day vulnerability.
Hence, cyber forensics helps in finding out these vulnerabilities and avoiding
such crimes to occur.
o Crime Analysis- This is the main application of digital forensics. It involves- [2]

o Preservation- This process involves protecting the crime scene and the digital
evidence or setup from further manipulation and photographing and video
graphing the crime scene, for future reference. Also this process involves
stopping any ongoing command that may be linked to the crime.
o Identification- This process involves identifying the digital media and devices
that can serve as the potential evidence.
o Extraction- This process involves the imaging of the digital evidence, (to
maintain the authenticity of the original evidence), for further analysis.
o Documentation- This involves maintaining the chain of custody and
documenting all the evidence collected from the crime scene.

o Interpretation- This involves making of a report by the digital forensic expert

about the analysis conducted on the digital evidence using various tools such
as FTK (for imaging and mounting of evidences),Sleuth Kit and Autopsy
(analyzes disk images and recover files from them) etc. and presenting it in the
court of law. The conclusion is based on the evidence collected and
reconstructing data fragments.