Unit 1: Cyber Crime against Individuals and Organisations

Cyber Crime- Overview, Internal and External Attacks, Attack Vectors.

Cybercrimes against Individuals – E-mail spoofing and online frauds, Phishing and
its forms, Spamming, Cyber-defamation, Cyberstalking, Cyber Bullying and
harassment, Computer Sabotage, Pornographic offenses, Password Sniffing.
Keyloggers and Screen loggers. Cyber Crimes against Women and Children.

Cybercrime against organization – Unauthorized access of computer, Password

Sniffing, Denial-of-service (DOS) attack, Backdoors and Malwares and its types,
E-mail Bombing, Salami Attack, Software Piracy, Industrial Espionage, Intruder
attacks. Security policies violations, Crimes related to Social Media, ATM, Online
and Banking Frauds. Intellectual Property Frauds. Cyber Crimes against Women
and Children.

What is meant by Cyber Crimes?

Cybercrime refers to criminal activities that are committed using the internet or
other digital devices. With the increasing use of technology in our daily lives,
cybercrime has become a major issue that affects individuals, businesses, and
governments worldwide.

There are various types of cybercrimes, including hacking, phishing scams,

identity theft, cyberbullying, cyberstalking, malware attacks, and distributed
denial-of-service (DDoS) attacks. These activities can result in data breaches,
financial losses, reputational damage, and even physical harm.

To combat cybercrime, governments and organizations have implemented various

measures, such as cybersecurity policies, laws, and regulations, as well as
cybersecurity awareness training for employees and the public. It is also important
for individuals to take steps to protect themselves from cybercrime, such as using
strong passwords, keeping software up-to-date, and being cautious when sharing
personal information online.

Overall, cybercrime is a serious and growing threat that requires ongoing efforts
from all stakeholders to prevent and mitigate its impact.

1
What is meant by Internal and External attacks in Cyber Crimes?

Internal and external attacks are two types of cyber attacks that can be used to
compromise the security of an organization's network and data.

Internal attacks occur when someone within the organization, such as an

employee or contractor, intentionally or unintentionally exploits vulnerabilities in
the organization's systems or data. For example, an employee might use their
authorized access to steal sensitive data or introduce malware into the network.
Internal attacks can be difficult to detect because the attacker may already have
legitimate access to the organization's systems and data.

External attacks, on the other hand, are carried out by individuals or groups who
do not have authorized access to the organization's systems or data. These attacks
can take many forms, such as phishing, ransomware, DDoS attacks, and malware.
External attackers typically exploit vulnerabilities in the organization's systems or
applications to gain unauthorized access or cause damage.

Both internal and external attacks can be very damaging to an organization's

reputation and financial health. It's important for organizations to implement strong
security measures, such as firewalls, intrusion detection systems, and encryption,
to protect against both types of attacks. Additionally, employee training and
awareness can help prevent internal attacks by teaching staff about best practices
for handling sensitive data and identifying potential threats.

Examples of Internal Attacks and External Attacks in Cyber crimes.

Here are some examples of internal and external attacks in cyber crimes:

Internal attacks:

1. Insider threat: An employee with authorized access to sensitive data uses that
access to steal or misuse the data for personal gain.

2. Misconfiguration: An employee accidentally misconfigures a server or

application, leaving it vulnerable to attack or causing downtime.

3. Social engineering: An employee is tricked into divulging sensitive information,

such as login credentials or customer data, to an attacker.

2
External attacks:

1. Phishing: Attackers send emails or messages that appear to be from a legitimate

source, such as a bank or social media platform, in an attempt to trick the recipient
into providing sensitive information.

2. Ransomware: Attackers use malware to encrypt an organization's data and

demand payment in exchange for the decryption key.

3. DDoS attack: Attackers flood an organization's network with traffic, causing it

to become overwhelmed and unavailable to users.

4. Zero-day attack: Attackers exploit a previously unknown vulnerability in an

organization's software or systems to gain unauthorized access or cause damage.

It's important to note that these are just a few examples of the many types of internal
and external attacks that can occur in cyber crimes. Organizations should
implement a comprehensive security strategy to protect against a wide range of
threats.

Write a short note on Attack vectors.

An attack vector is a path or method that an attacker uses to gain unauthorized

access to a computer system or network. Attack vectors can take many forms,
including software vulnerabilities, social engineering, or physical access to a
device or network.

Software vulnerabilities are a common attack vector. Attackers can exploit

weaknesses in an organization's software or operating system to gain access to
sensitive data or cause damage to the system. For example, an attacker may use a
known vulnerability in a web application to gain access to a database of customer
information.

Social engineering is another common attack vector. Attackers use psychological

manipulation to trick individuals into divulging sensitive information or
performing actions that can compromise the security of a system or network. For
example, an attacker might pose as an IT help desk employee and ask for a user's
login credentials over the phone.

3
Physical access to a device or network can also be an attack vector. An attacker
with physical access to a computer or network can install malware, steal sensitive
data, or perform other malicious actions.

To protect against attack vectors, organizations should implement a comprehensive

security strategy that includes measures such as software patching, employee
training, access controls, and physical security measures. By understanding the
various attack vectors and taking steps to mitigate them, organizations can reduce
the risk of a successful cyber attack.

Intruders are continuously seeking out new attack vectors. The most common
attack vectors include the following:

1. Software vulnerabilities. If a network, OS, computer system or

application has an unpatched security vulnerability, an attacker can use
a threat vector, such as malware, to gain unauthorized access.
2. Compromised user credentials. Users can knowingly or inadvertently
share their user IDs and passwords. This can be done verbally, but
cyber attackers can also gain access to credentials through a brute-force
attack that tries different combinations of user IDs and passwords until

4
 an authorized set of credentials is uncovered. The hacker then uses
these credentials to hack a network, system or application.
3. Weak passwords and credentials. In brute-force attacks, cyber
attackers focus their efforts on hacking user IDs and passwords that are
weak or can be easily guessed. But hackers also steal credentials by
using programs that monitor public Wi-Fi networks for when users
input their access credentials. For example, a hacker could
install keylogging software on a user's workstation through an infected
website or email. The keylogging program logs user keyboard activity,
including the entry of the user's ID and password. Hackers can also gain
access by enticing users to open unsolicited email attachments that
contain malicious links to bogus websites that convince them to
surrender personally identifiable information (PII).
4. Malicious employees. Malicious or disgruntled employees can hack
into networks and systems using their security clearances to extract
sensitive information, such as customer lists and intellectual property
(IP) that they either demand ransom for or sell to others for nefarious
purposes.
5. Poor or missing encryption. In some cases, employees -- or IT -- may
forget to encrypt sensitive information stored on laptops and
smartphones out in the field. In other cases, encryption techniques have
known design flaws or only use limited keys to encrypt and protect
data.
6. Ransomware. Ransomware is a type of malware that locks the data on
the victim's computer, and the attacker either threatens to publish the
victim's data or block access to it unless a ransom is paid. Ransomware
can lock a user's files, often demanding a cash sum from the user in
order to unlock the files. Most ransomware is inadvertently downloaded
onto a computer or network by a user. It can come in the form of a file
that a user opens that contains a worm, which is malware that spreads
itself throughout a network, or a Trojan, which embeds malicious

5
 software code in a downloaded file that locks up the user's computer or
data and then demands payment.
7. Phishing. Phishing is the deceptive practice of sending emails in which
the attacker purports to be from a reputable company such as a bank or
other financial institution, and asking the user to click on a link or
download an attachment. in order to lure individuals into revealing
personal information, such as passwords or credit card numbers. Spear
phishing is a highly targeted attack that targets a single recipient,
seeking unauthorized access to sensitive company information.
8. Misconfigured devices. Companies can misconfigure their software
and hardware security, which leaves them vulnerable to hackers.
Vendor security presets on equipment are lax, and if IT doesn't
reconfigure this equipment before installing it on networks, security
hacks can occur. In still other cases, companies purchase equipment
and forget to fully configure security.
9. Trust relationships. In many cases, companies entrust their security to
outside system and network vendors, cloud providers and business
partners. When the systems of these third parties are breached, the
information the hackers obtain may also contain sensitive information
from the companies these providers service. Examples include when a
major credit card carrier's network is breached or when a healthcare
system is breached and sensitive data from patients is stolen.
10. Distributed denial-of-service (DDoS) attacks. DDoS attacks flood
victims with bogus emails, rendering their system or network unusable
and services unavailable to their intended recipients. These attacks
often target the web servers of finance, commerce and government
organizations and are often used to distract an organization from other
network attacks.

5 Examples of Attack Vectors in Cyber crimes

Here are some examples of attack vectors in cyber crimes:

6
Social engineering: Attackers use psychological manipulation to trick individuals
into divulging sensitive information or performing actions that can compromise
the security of a system or network. This can include posing as a trusted authority
figure, such as an IT help desk employee, to gain access to sensitive information.

4. Zero-day exploits: Attackers can exploit vulnerabilities in software or hardware

that are not yet known to the vendor. This type of attack is known as a zero-day
exploit and can be very difficult to detect and mitigate.

5. Physical access: Attackers can gain physical access to a device or network and
install malware or steal sensitive data. For example, an attacker might steal a laptop
containing sensitive data or install a keylogger on a computer in a public place.

These are just a few examples of the many attack vectors that can be used in cyber
crimes. Organizations must remain vigilant and implement a variety of security
measures to protect against these and other attack vectors.

10 Examples of Attack Vectors in Cyber crimes

10 examples of attack vectors commonly used in cyber crimes:

Malware: Malicious software, such as viruses, Trojans, and ransomware, can be

used as an attack vector. Attackers can trick users into downloading malware by
disguising it as legitimate software or by exploiting vulnerabilities in outdated
software. to gain access to a victim's computer system and steal data or disrupt
operations.

3. Social engineering: Attackers use psychological manipulation techniques to

convince victims to divulge confidential information or perform actions that are
not in their best interest.

7
5. Man-in-the-middle attacks: Attackers intercept communication between two
parties and eavesdrop on or alter the transmission, allowing them to steal data or
manipulate the communication.

6. SQL injection: Attackers use malicious code to exploit vulnerabilities in a

website's database, allowing them to access sensitive information or perform
unauthorized actions.

7. Cross-site scripting (XSS): Attackers inject malicious code into a website's

pages, allowing them to steal data or perform unauthorized actions when users
interact with the compromised pages.

8. Watering hole attacks: Attackers compromise a legitimate website that is known

to be frequented by their target audience, in an attempt to infect visitors with
malware.

9. Supply chain attacks: Attackers compromise a third-party vendor or supplier that

is trusted by the victim, in an attempt to infiltrate the victim's network or steal
sensitive data.

10. Physical attacks: Attackers gain physical access to a victim's computer system
or network, allowing them to steal data, install malware, or disrupt operations.

How to protect devices against common vector attacks

Attackers use a variety of techniques to penetrate corporate IT assets. As these
techniques continue to evolve, IT's job is to identify and implement the policies,
tools and techniques that are most effective in protecting against these attacks. The
following is a list of effective protection techniques:

•Implement effective password policies. Ensure usernames and passwords

meet proper length and strength criteria and the same credentials are not used to
access multiple applications and systems. Use two-factor authentication (2FA)
or verification methods, such as a password and a personal identification
number (PIN), to provide an added layer of protection for system access.

8
•Install security monitoring and reporting software. This includes software
that monitors, identifies, alerts and even locks down entry points to networks,
systems, workstations and edge technology once a potential attack by an
unidentified or unauthorized user or source is detected.
•Regularly audit and test IT resources for vulnerabilities. At a minimum, IT
vulnerability testing should be conducted quarterly, and an outside IT security
audit firm should test IT resources for vulnerability annually. Based upon these
findings, security policies, practices and prevention techniques should be
updated immediately.
•Keep IT security front and center. Security investments cost money, and a
chief information officer (CIO) and a chief security officer (CSO) need the chief
executive officer (CEO) and the board of directors to approve these purchases.
This requires regular briefings and education for C-level executives so they
understand the importance of securing IT and the ramifications for the company
and its reputation if IT is left unsecured.
•Train users. All new employees should be provided comprehensive training
in IT security policies and practices, and existing employees should be given
refresher training annually. IT personnel, especially in the security area, should
be current on the latest security policies and practices.
•Collaborate with human resources (HR). Social engineering vulnerability
audits should be performed with an outside security audit firm at least once
every two to three years. If there is suspicious employee activity, IT should
immediately alert HR so it can take appropriate action, whether it is meeting
with an employee, restricting an employee's access, coaching an employee or
firing an employee.
•Immediately install all updates. Whenever a hardware, firmware or software
update is issued, IT should promptly install it. If devices are used in the field, the
security updates should be provided as push notifications, where software or
firmware is automatically updated.
•Use thin clients for companies with a bring your own device (BYOD)
policy. It is preferable to house all corporate data in a secure cloud or other

9
enterprise system so users can sign in from home or from their own devices
through a virtual private network (VPN), which is restricted to a specific set of
users and is not open to the public. This eliminates sensitive data from being
stored on remote devices.
•Use strong data encryption on portable devices. Whether a portable device is
a laptop, a smartphone, a sensor or any other type of edge device, data
encryption should be used wherever sensitive data is stored. This can be done by
selecting a strong data encryption technology, such as Advanced Encryption
Standard (AES). The U.S. government uses AES, which contains 192- and 256-
bit keys for data encryption.
•Review and set all security configurations for OSes, internet browsers,
security software, network hubs and edge devices, such as sensors, smartphones
and routers. Often, systems, browsers, hubs and internet of things (IoT) devices
come with minimal default security settings, and companies forget to adjust
these settings. As a standard practice, companies should check and, if necessary,
reset security on all new IT.
•Secure physical spaces. While most data breaches and security hacks target IT,
physical access intrusions can also occur. Data centers, servers located in
different business departments and remote field offices, medical equipment,
field-based sensors and even physical file cabinets in offices are all hacking
targets. They should be secured, protected and regularly inspected.

10
Cyber crimes against individuals

Cyber crimes against individuals can take many forms and can have serious
consequences for the victim. Here are some examples:

1. Identity theft: Cyber criminals can steal personal information, such as social
security numbers, credit card numbers, or login credentials, and use it to
impersonate the victim or commit fraudulent activities.

2. Online harassment: Cyber criminals can use social media, messaging apps, or
other online platforms to harass, threaten, or bully individuals.

3. Sextortion: Cyber criminals use explicit images or videos of the victim, obtained
through hacking or social engineering, to blackmail or extort money from them.

4. Financial fraud: Cyber criminals can use phishing scams, malware, or other
techniques to gain access to the victim's bank accounts, credit cards, or other
financial information and steal money.

5. Romance scams: Cyber criminals create fake online profiles to lure victims into
romantic relationships and then use emotional manipulation to steal money or
personal information.

6. Cyberstalking: Cyber criminals can use online platforms to stalk and monitor
the victim's activities, often in an attempt to intimidate or control them.

7. Cyberbullying: Cyber criminals can use social media or other online platforms
to bully or harass individuals, often with the intent of causing emotional distress.

8. Hacking: Cyber criminals can use hacking techniques to gain access to the
victim's computer or other devices, steal personal information, or install malware.

9. Doxing: Cyber criminals can release personal information about the victim, such
as their home address or phone number, often with the intent of causing harm or
harassment.

10. Child exploitation: Cyber criminals can use online platforms to distribute or
access child pornography, groom children for sexual exploitation, or engage in
other illegal activities involving children.

Write a short note on email spoofing

11
Email spoofing is a technique used by cyber criminals to forge the sender's address
in an email message. In other words, an email appears to be from a legitimate
sender, but it is actually sent by someone else. This technique is often used in
phishing attacks, where the attacker tries to trick the recipient into providing
sensitive information, such as login credentials, by impersonating a trusted source.

Email spoofing is possible because the Simple Mail Transfer Protocol (SMTP), the
protocol used to send email messages, does not provide any mechanism to verify
the sender's identity. Instead, SMTP relies on the sender to accurately identify
themselves in the "From" field of the email header. However, this field can be
easily manipulated by the attacker, using various tools and techniques.

To protect against email spoofing, organizations and individuals can implement

various measures, such as email authentication protocols like Sender Policy
Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based
Message Authentication, Reporting, and Conformance (DMARC). These
protocols use cryptographic mechanisms to verify the authenticity of the sender's
domain and help prevent spoofing attacks. Additionally, users should be cautious
when opening emails from unknown or suspicious sources and avoid clicking on
links or downloading attachments from such emails.

Write a short note on Online frauds

Online frauds refer to any fraudulent activity that is carried out over the internet,
typically with the intention of deceiving victims and stealing their money or
personal information. Online frauds can take many forms, including:

1. Phishing scams: These scams involve sending fraudulent emails or messages

that appear to be from legitimate organizations, such as banks or e-commerce sites,
in an attempt to trick victims into revealing sensitive information, such as login
credentials or credit card numbers.

2. Online shopping fraud: These frauds involve fake online stores or sellers that
offer products at low prices and then either never deliver the products or deliver
fake or defective items.
12
3. Investment scams: These scams involve fraudulent investment opportunities that
promise high returns but are actually designed to steal victims' money.

4. Romance scams: These scams involve setting up fake online profiles to lure
victims into romantic relationships, and then using emotional manipulation to steal
money or personal information.

5. Tech support scams: These scams involve fraudsters pretending to be tech

support representatives and persuading victims to install malware on their devices
or provide remote access to their devices.

To protect themselves from online fraud, individuals should be cautious when

sharing personal information online, verify the authenticity of websites and online
stores before making purchases, use strong passwords and two-factor
authentication, and install and regularly update anti-virus and anti-malware
software. Additionally, individuals should be aware of common online fraud
tactics and stay informed about the latest threats and scams.

Write a note on Phishing and it's forms

Phishing is a type of cyber attack in which an attacker attempts to trick a victim

into giving away sensitive information, such as login credentials or credit card
numbers. The attacker typically does this by sending an email or text message that
appears to be from a legitimate source, such as a bank or social media site, but
actually contains a link to a fake login page or other malicious website.

There are several forms of phishing, including:

1. Email phishing: This is the most common form of phishing, where attackers
send emails to a large number of people, pretending to be a trustworthy entity, such
as a bank or social media site. The email usually contains a link to a fake login
page or other malicious website.
13
2. Spear phishing: This is a targeted form of phishing in which the attacker sends
a personalized email to a specific individual or group of individuals, often with
information that is specific to the victim, such as their name, job title, or company.

3. Smishing: This is a form of phishing that uses text messages instead of emails.
The attacker sends a text message that appears to be from a legitimate source, such
as a bank or credit card company, and contains a link to a fake website.

4. Vishing: This is a form of phishing that uses voice messages or phone calls to
trick victims into providing sensitive information. The attacker may pretend to be
a bank or other financial institution and ask the victim to provide their account
number or other personal information.

5. Whaling: This is a targeted form of phishing that focuses on high-level

executives or other important individuals within an organization. The attacker may
use information that they have gathered about the victim to create a convincing
email or other communication that appears to be from a trusted source.

In all forms of phishing, the attacker is attempting to gain access to sensitive

information that they can use for fraudulent purposes, such as stealing money or
identity theft. It is important to be vigilant and cautious when receiving unsolicited
emails, text messages, or phone calls, and to never provide personal or sensitive
information unless you are certain that the request is legitimate.

Write a note on Spamming

Spamming refers to the indiscriminate sending of unsolicited messages, typically

via email, text message, or social media. The messages are usually commercial in
nature, such as advertisements for products or services, and are sent to a large
number of people with the intention of promoting a product, service, or idea.
14
Spamming can be a nuisance for individuals who receive large volumes of
unwanted messages, and can also be a security risk if the messages contain
malware or links to phishing websites. In addition, spamming can be used as a tool
for malicious purposes, such as spreading propaganda or distributing scams.

There are several forms of spamming, including:

1. Email spam: This is the most common form of spamming, in which unsolicited
emails are sent to a large number of recipients. The emails may contain
advertisements, scams, or links to phishing websites.

2. Text message spam: This form of spamming involves sending unsolicited text
messages to a large number of recipients, typically with the intention of promoting
a product or service.

3. Social media spam: This form of spamming involves posting unsolicited

messages or comments on social media platforms, typically with the intention of
promoting a product or service.

4. Forum spam: This form of spamming involves posting unsolicited messages or

comments on online forums, typically with the intention of promoting a product or
service.

Spamming is often carried out by automated software programs known as

"spambots," which can send large volumes of messages very quickly. To protect
themselves from spam, individuals can use spam filters and anti-spam software,
which can detect and block unsolicited messages. It is also important to be cautious
when providing personal information online, and to never click on links or
download attachments from unknown sources.

Write a note on Cyber defamation

Cyber defamation, also known as online defamation, is the publication of false or

harmful statements about an individual or organization on the internet. Defamatory
statements are those that harm the reputation of the person or organization, and can
include false accusations, derogatory comments, and negative reviews.
15
Cyber defamation can take many forms, including:

1. Social media posts: Defamatory statements can be made on social media

platforms, such as Facebook, Twitter, and Instagram.

2. Blog posts: Bloggers can be accused of cyber defamation if they publish false
or harmful statements about an individual or organization.

3. Online reviews: Negative reviews on websites such as Yelp or Google can be

considered cyber defamation if they contain false or harmful statements.

4. Online forums: Defamatory statements can be made on online forums or

discussion boards.

Cyber defamation can have serious consequences for the victim, including damage
to their reputation, loss of business, and emotional distress. In addition, cyber
defamation can be difficult to remove once it has been posted online, and can
spread quickly through social media and other online channels.

To protect themselves from cyber defamation, individuals and organizations can

monitor their online reputation, respond quickly to negative comments and reviews,
and take legal action if necessary. In some cases, victims of cyber defamation may
be able to pursue legal action against the person or organization responsible for the
defamatory statements, and may be able to seek damages for any harm caused. It
is important to consult with a lawyer if you believe that you have been the victim
of cyber defamation.

Write a note on Cyber defamation

Cyber defamation, also known as online defamation, is a form of defamation that

occurs on the internet. Defamation is a legal term that refers to the communication
of false statements that harm a person's reputation. In the context of the internet,
this can include defamatory statements made on social media, online reviews, or
in other types of online content.
16
Cyber defamation can take many forms, including false accusations, malicious
gossip, or negative reviews that are intended to harm a person's reputation. It can
be particularly damaging because it can reach a large audience quickly and can be
difficult to remove once it has been posted online.

To be considered defamatory, a statement must be both false and harmful to a

person's reputation. In some cases, the person making the statement may have a
defense, such as if the statement is true or if it is an opinion rather than a statement
of fact.

Victims of cyber defamation may be able to take legal action against the person
who made the defamatory statement. This can involve filing a lawsuit for damages
or seeking an injunction to have the statement removed from the internet.

To prevent cyber defamation, it is important to be cautious about the statements

made online and to avoid making false or defamatory statements about others. It is
also important to be aware of the potential consequences of online behavior and to
seek legal advice if you have been the victim of cyber defamation.

Cyber defamation, also known as online defamation, is the act of making false or
derogatory statements about a person or entity through digital channels such as
social media, blogs, forums, or online reviews. These statements can harm the
reputation of the individual or organization, leading to financial, emotional, or
psychological damages.

There are several forms of cyber defamation, including:

1. Libel: Written statements that are false and damaging to a person's or entity's
reputation.

2. Slander: Spoken statements that are false and damaging to a person's or entity's
reputation.

17
3. Revenge Porn: Sharing intimate photos or videos of someone without their
consent, often with the intent of causing harm or embarrassment.

4. False reviews: Posting fake or negative reviews about a person or business with
the intent of causing harm or financial loss.

5. Cyberbullying: Repeatedly harassing or intimidating someone online, often with

the intent of causing emotional distress.

6. Trolling: Posting inflammatory or derogatory comments online with the intent

of provoking a response or causing harm.

Cyber defamation can have serious consequences, including legal action, damage
to reputation, and financial loss. It is important to be aware of the potential risks
and consequences of online statements and to always verify information before
sharing it online.

Write a short note on Cyber defamation

Cyber defamation, also known as online defamation, is the publication of false or

harmful statements about an individual or organization on the internet. Defamatory
statements are those that harm the reputation of the person or organization, and can
include false accusations, derogatory comments, and negative reviews.

Cyber defamation can take many forms, including:

1. Social media posts: Defamatory statements can be made on social media

platforms, such as Facebook, Twitter, and Instagram.

18
2. Blog posts: Bloggers can be accused of cyber defamation if they publish false
or harmful statements about an individual or organization.

3. Online reviews: Negative reviews on websites such as Yelp or Google can be

considered cyber defamation if they contain false or harmful statements.

4. Online forums: Defamatory statements can be made on online forums or

discussion boards.

Cyber defamation can have serious consequences for the victim, including damage
to their reputation, loss of business, and emotional distress. In addition, cyber
defamation can be difficult to remove once it has been posted online, and can
spread quickly through social media and other online channels.

To protect themselves from cyber defamation, individuals and organizations can

monitor their online reputation, respond quickly to negative comments and reviews,
and take legal action if necessary. In some cases, victims of cyber defamation may
be able to pursue legal action against the person or organization responsible for the
defamatory statements, and may be able to seek damages for any harm caused. It
is important to consult with a lawyer if you believe that you have been the victim
of cyber defamation.

Write a note on Cyber stalking

Cyber stalking is a form of harassment that involves the use of technology to track,
monitor, and harass an individual. This can include sending threatening or
harassing messages, posting personal information online, or using GPS tracking to
monitor the victim's location.

Cyber stalking can be carried out through a variety of channels, including email,
social media, text messages, and instant messaging platforms. The perpetrator may
also use fake online profiles to contact the victim, or may use spyware or other
malicious software to gain access to their computer or mobile device.

19
Cyber stalking can have serious consequences for the victim, including emotional
distress, anxiety, and fear for their safety. In some cases, cyber stalking can escalate
into physical stalking or violence.

To protect themselves from cyber stalking, individuals can take several steps,
including:

1. Limiting the amount of personal information they share online, including on

social media platforms.

2. Using strong passwords and two-factor authentication to secure online accounts.

3. Being cautious about accepting friend requests or messages from unknown

individuals.

4. Blocking or reporting individuals who engage in harassing or threatening

behavior online.

5. Seeking help from law enforcement and legal professionals if they believe they
are being stalked or harassed.

Cyber stalking is a serious crime, and can carry significant legal consequences for
the perpetrator. If you believe that you are being stalked or harassed online, it is
important to seek help from law enforcement or a legal professional as soon as
possible.

Write a note on Cyber bullying and Harassment

20
Cyber bullying and harassment are forms of online abuse that involve the use of
technology and the internet to intimidate, threaten, or humiliate someone. This can
take many forms, including sending abusive messages or emails, posting
derogatory comments on social media, sharing embarrassing photos or videos, or
creating fake profiles to impersonate someone.

The effects of cyber bullying and harassment can be devastating, leading to

emotional distress, anxiety, depression, and even suicide. It can also have a
negative impact on a person's reputation, relationships, and professional life.

To prevent cyber bullying and harassment, it's important to be aware of the signs
and take action when necessary. This includes reporting any abusive behavior to
the appropriate authorities or platforms, blocking or unfollowing the offender, and
seeking support from friends, family, or a mental health professional.

It's also important to educate ourselves and others about online safety and
responsible internet use. This includes being mindful of the content we share online,
avoiding engaging with trolls or abusive users, and using privacy settings to protect
our personal information.

Overall, cyber bullying and harassment are serious issues that require our attention
and action. By working together to promote a safer and more respectful online
community, we can help prevent these harmful behaviors and create a more
positive and inclusive online environment.

Write a note on Computer Sabotage

Computer sabotage refers to intentional acts of damaging, disrupting, or destroying

computer systems, networks, or data. It can be carried out by individuals or groups
with malicious intent, such as hackers, cybercriminals, or disgruntled employees.

21
There are various methods of computer sabotage, including introducing malware,
viruses, or other harmful software into a system, deleting or modifying files,
disrupting network connectivity, or stealing sensitive data. The consequences of
computer sabotage can be severe, ranging from financial losses to reputational
damage, legal liability, and even physical harm.

To protect against computer sabotage, it's important to implement effective

security measures, such as firewalls, antivirus software, and data encryption.
Regular backups of critical data can also help mitigate the impact of a potential
attack.

Additionally, educating employees about the risks of computer sabotage and

providing training on proper security protocols can help prevent insider threats and
human errors. It's also important to stay up-to-date with the latest security threats
and to regularly review and update security policies and procedures.

In the event of a suspected computer sabotage, it's important to take immediate

action to minimize the damage and prevent further harm. This may include
isolating the affected system, restoring backups, and notifying law enforcement or
security professionals.

Overall, computer sabotage is a serious threat that requires proactive measures to

prevent and mitigate. By implementing strong security measures, educating
employees, and staying vigilant against potential threats, organizations can help
protect against the damaging effects of computer sabotage.

Write a note on Pornographic offenses

Pornographic offenses refer to the creation, distribution, or possession of sexually

explicit material that is illegal or harmful. This can include child pornography,
revenge porn, or obscenity that violates community standards.

Child pornography is a particularly heinous form of pornographic offense that

involves the sexual exploitation of children. It is illegal in most countries and
carries severe penalties for those involved in its production, distribution, or
possession. In addition to being a serious crime, child pornography causes
immense harm to its victims and perpetuates a cycle of abuse.
22
Revenge porn, also known as non-consensual pornography, involves the
distribution of sexually explicit material without the consent of the individual
depicted. This can include photos or videos taken without their knowledge or
consent, or shared in violation of privacy laws. Revenge porn can have devastating
consequences for victims, including harassment, blackmail, and reputational
damage.

Obscenity that violates community standards involves sexually explicit material

that is considered offensive or harmful to a particular community. While obscenity
laws vary by jurisdiction, they generally prohibit the distribution of material that
is considered offensive or harmful to public morals.

To prevent pornographic offenses, it's important to raise awareness about the

harmful effects of sexually explicit material and to promote responsible media
consumption. This includes educating individuals about privacy laws, consent, and
online safety, as well as providing resources and support for victims of sexual
exploitation and non-consensual pornography.

Law enforcement agencies also play a critical role in preventing and prosecuting
pornographic offenses. This includes investigating and shutting down websites and
networks involved in the production and distribution of illegal material, as well as
prosecuting offenders to the full extent of the law.

Overall, pornographic offenses are a serious issue that requires a multifaceted

approach to prevention and enforcement. By working together to raise awareness,
promote responsible media consumption, and hold offenders accountable, we can
help prevent the harm caused by pornographic offenses.

Write a note on Password sniffing

Password sniffing is a type of cyber attack that involves intercepting and recording
network traffic in order to extract passwords or other sensitive information. This
can be done using various methods, including packet sniffing software or hardware
devices that are designed to capture network traffic.

Once a password is intercepted, it can be used to gain unauthorized access to

sensitive information, such as email accounts, financial accounts, or sensitive

23
corporate data. Password sniffing can be particularly dangerous in environments
where weak passwords are used or where password reuse is common.

To protect against password sniffing, it's important to use strong passwords that
are difficult to guess or crack. This includes using a combination of uppercase and
lowercase letters, numbers, and special characters. Passwords should also be
changed regularly and should not be reused across multiple accounts.

In addition to strong passwords, it's also important to use encryption technologies,

such as HTTPS or SSL, to protect sensitive data in transit. This can help prevent
password sniffing attacks by encrypting network traffic and making it more
difficult for attackers to intercept and decode.

Finally, network administrators can use various security tools and techniques to
detect and prevent password sniffing attacks. This includes implementing intrusion
detection and prevention systems, monitoring network traffic for suspicious
activity, and using strong authentication methods, such as two-factor
authentication.

Overall, password sniffing is a serious threat that requires proactive measures to

prevent and mitigate. By using strong passwords, encryption technologies, and
security tools, individuals and organizations can help protect against the harmful
effects of password sniffing attacks.

Write a note on Keyloggers

A keylogger is a type of malicious software (malware) that is designed to record

every keystroke made on a computer or other electronic device, including
passwords, credit card numbers, and other sensitive information. Keyloggers can
be installed on a computer in many ways, including through email attachments,
infected websites, or by physically accessing the computer.

Once a keylogger is installed on a computer, it can be difficult to detect and can

operate silently in the background, recording all keystrokes made by the user. The
24
information collected by a keylogger can be used for a variety of nefarious
purposes, including identity theft, financial fraud, and espionage.

Keyloggers can be prevented by using good security practices, such as keeping

anti-virus and anti-malware software up-to-date, being cautious when opening
email attachments or visiting unfamiliar websites, and avoiding the use of public
computers for sensitive activities such as online banking or shopping.

If you suspect that your computer may be infected with a keylogger, it is important
to take immediate action to remove the malware and change any passwords or other
sensitive information that may have been compromised.

Write a note on n Screen loggers

Screen loggers, also known as screen recording software or screen capture software,
are a type of software that records everything that appears on a computer screen,
including keystrokes, mouse clicks, and other activities. This type of software can
be used for a variety of purposes, including surveillance, monitoring employee
productivity, and creating training videos.

Screen loggers can be installed on a computer through a variety of methods,

including email attachments, infected websites, or by physically accessing the
computer. Once installed, screen loggers can run silently in the background,
recording all activity on the computer screen.

Screen loggers can be prevented by using good security practices, such as keeping
anti-virus and anti-malware software up-to-date, being cautious when opening
email attachments or visiting unfamiliar websites, and avoiding the use of public
computers for sensitive activities.

If you suspect that your computer may be infected with a screen logger, it is
important to take immediate action to remove the software and secure any sensitive
information that may have been recorded. This may involve changing passwords,
monitoring financial accounts for fraudulent activity, and seeking assistance from
a professional computer security expert.

Write a note on Cyber crimes against Women and Children

25
Cyber crimes against women and children are a growing concern in today's digital
age. These crimes can take many forms, including online harassment,
cyberbullying, cyberstalking, revenge porn, and child sexual abuse material
(CSAM).

Online harassment is a type of cyber crime that involves the use of technology to
intimidate, threaten, or humiliate someone. This can include sending threatening
messages, spreading false rumors, or posting embarrassing photos or videos online.
Cyberstalking is a more serious form of online harassment that involves persistent,
unwanted contact that causes fear or distress.

Cyberbullying is a type of online harassment that is targeted at children and

teenagers. It can include teasing, name-calling, spreading rumors, or posting
embarrassing photos or videos online. Cyberbullying can have serious
consequences for the victim, including depression, anxiety, and even suicide.

Revenge porn is a type of cyber crime that involves the sharing of intimate photos
or videos without the consent of the person depicted. This can have devastating
consequences for the victim, including humiliation, loss of reputation, and even
job loss.

Child sexual abuse material (CSAM) is a type of cyber crime that involves the
creation, distribution, or possession of images or videos depicting child sexual
abuse. This is a serious crime that can have lifelong consequences for the victims
and is subject to severe criminal penalties.

To prevent cyber crimes against women and children, it is important to educate

people about safe and responsible use of technology, including the risks associated
with sharing personal information online. Victims of cyber crimes should seek help
from law enforcement or other support services to ensure their safety and well-
being. Additionally, governments and technology companies must work together
to develop effective strategies for detecting and preventing cyber crimes against
women and children.

Cyber crime against organization

There are certain cyber crimes committed to threaten the international governments
or organizations. These cyber crimes are mainly committed for the purpose of
26
spreading terror among people of a particular country. The instigators or
perpetrators of such crimes can be governments of enemy nations, terrorist groups
or belligerents etc. Cyber crimes against Government include cyber attack on the
government website, military website or cyber terrorism etc. In these kinds of
cyber crime, cyber criminals hack governments or organization’s websites,
government firm, and military websites and then circulate propaganda or threats or
rumors. These cyber crimes are known as cybercrimes against Governments or
Organizations. Following are the few examples of crime against Governments or
Organizations:

Denial of Service Attack

Denial of Service Attack or DoS, is a cyber attack on computer devices or systems,

preventing the legal users or accessors of the system from accessing them. The
attackers generally attack systems in such a manner by trafficking the targeted
system until it ultimately crashes. DoS attacks cost millions of dollars to the
corporate world, as it curbs them from using their own systems and carrying out
their activities. The attack may be also used to incorporate ransomware into
corporate systems.

Cyber attackers who launch DoS in India are punishable under Section 66F of the
IT Act, which deals with cyber terrorism. As per the said Section, any person who
disrupts the authorised access to a computer resource or gets access to a computer
resource through unauthorised means or causes damage to a computer network is
liable for imprisonment which may extend for life.

Salami attack

It is one of the tactics to steal money, which means the hacker steals the money in
small amounts. The damage done is so minor that it is unnoticed. Generally, there
are two types of Salami attacks- Salami slicing and Penny shaving. In Salami
slicing, the attacker uses an online database to obtain customer information, such
27
as bank/credit card details. Over time, the attacker deducts insignificant amounts
from each account. These sums naturally add up to large sums of money taken
from the joint accounts invisibly.

Any person convicted of a Salami attack shall be punished under Section 66 IT Act
with imprisonment up to three years or a fine up to 5 lakhs or maybe both

What are software piracy and software pirates?

Software piracy is the act of illegally using, copying, modifying, distributing,

sharing, or selling computer software protected by copyright laws.
A software pirate is anyone who intentionally or unintentionally commits these
illegal acts.
You don’t have to be a hacker to become a software pirate. It’s enough to use illegal
software or copy and share legal software without the author’s consent.

Why is software piracy considered a crime?

Copyright laws have been created to make sure software developers (engineers,
programmers, graphic designers, writers) receive appropriate credit and
compensation for their work. Software piracy is illegal and considered a crime
because whenever software is used, copied, or sold illegally, these copyright
holders are robbed of their payment and recognition.
The end-user license agreement (EULA) is the most common license for software
protection. It is a legal contract between the software manufacturer (or author) and
the end-user (or customer) that defines the rules of the software use. These
contracts can have different clauses, but most of them forbid the user to share the
software with others. Typically, EULAs are signed digitally upon the installation
of the software. Otherwise, the installation cannot be completed.
Copyright infringement may result in large fines and risks to your online security.
But what specific actions fall under the umbrella term of software piracy?
Types of software piracy
These are the main types of software piracy that you should steer clear of when
purchasing and using software programs or downloading online content.
Softlifting, or end-user piracy
Softlifting, also known as end-user piracy, is the most common type of software
piracy. It happens when you purchase a piece of software and share it with people
who are not authorized to use it. This practice is common in corporate and
educational environments, where the user only pays the software vendor a
28
licensing fee for one software program or application but downloads it on multiple
computers.
Softliftin also includes benefiting from software upgrades without having a
licensed version of the old software being upgraded as well as using non-
commercial software (meant for one computer only) or academic or restricted
software without a proper license.

Counterfeiting
Software counterfeiting is the illegal copying, distribution, and/or selling of
licensed computer software. Other elements that come with the software may be
also counterfeited, for example, the license agreement, packaging, registration
information, and security features. Cybercriminals usually present counterfeit
software as authentic but sell it for a lower price than the original.

Hard-disk loading
Hard disk loading is a form of commercial software piracy in which a PC reseller
buys a legal piece of computer software, copies it, installs it on a computer’s hard
disk, and sells the computer. Having software already installed makes the business’
offer more attractive to customers, most of whom aren’t even aware that they are
also purchasing unlicensed software.
Client-server overuse
Client-server overuse occurs when a company allows the number of users of a
particular software to exceed the number of licenses the company has for the
software. This happens when the company installs the software on its local area
network instead of an individual computer, making it possible for multiple users to
use the same software at the same time.

Online piracy
Online piracy, also known as internet piracy, is the illegal sharing, selling, and
acquiring of software on the internet. Online piracy is committed on:
• Online auction sites that sell counterfeit, outdated, and pirated software.
• Peer-to-peer file sharing networks that allow users to download and
distribute copyrighted software, films, music, and games.
• Usenet, the worldwide distributed discussion system, which offers
anonymity and is known for pirated content distribution.
• Websites that allow users to exchange pirated software.
• Websites that offer to download pirated software programs for free.

29
Examples of software piracy
You don’t need to search far and wide for everyday examples of software piracy.
Here are some common ones you will probably find familiar:
• Purchasing a single user license for a piece of software and downloading it
on your own computer as well as on someone else’s computer. The same
example applies to companies that opt for softlifting to save costs.
• Downloading copyrighted films, music, games, or e-books from shady
websites for free.
• Streaming content without authorization from its legal owner.
• Buying a used PC or a hard drive with potentially unlicensed software
installed on it.
Whether you engage in software piracy knowingly or not, it is still a federal crime
that poses multiple risks.
Risks of using pirated software
Using pirated software might be cheaper than buying original software, but you
should be aware of the dangers that await a software pirate.
• As an unauthorized user, you will not receive any updates or customer
support from the software manufacturer.
• You will face an increased risk of the unlicensed software malfunctioning
or crashing.
• You will put your online security at risk because illegal and counterfeit
software might infect your device with viruses, malware, or adware.
• Visiting pirating websites is a danger in itself — they contain malicious ads,
let alone infected files.
• You may face legal consequences due to copyright violation, including
financial penalties.
Being familiar with the risks is step one, while step two is taking action to avoid
software piracy altogether.

How to protect yourself from software piracy

Take the following actions to protect yourself from taking part in software piracy
and stay safe online:
• Buy software programs only from authorized manufacturers and dealers.
• Choose wisely which websites you download from. If you are planning on
downloading software from the publisher’s website, do your research to
make sure you are visiting its official site instead of a near-identical site set
up by cybercriminals.
• Scan your files for viruses. Even if you visit only trusted websites and
download licensed software, there is always a chance you might
absentmindedly open an attachment in a random email and unleash malware
30
 that will infect your computer. NordVPN’s feature Threat Protection scans
all your files during download to prevent these mistakes.
• Always read the end-user license agreement before you share the software
with anyone else or download it on multiple devices.

What Is Industrial Espionage?

The term industrial espionage refers to the illegal and unethical theft of
business trade secrets for use by a competitor to achieve a competitive advantage.
This activity is a covert practice often done by an insider or an employee who
gains employment for the express purpose of spying and stealing information for
a competitor. Industrial espionage is conducted by companies for commercial
purposes rather than by governments for national security purposes.

Understanding Industrial Espionage

Industrial espionage describes a series of covert activities in the corporate world
such as the theft of trade secrets by the removal, copying, or recording of
confidential or valuable information in a company. The information obtained is
meant for use by a competitor. Industrial espionage may also involve bribery,
blackmail, and technological surveillance.

Also referred to as corporate spying or espionage or economic espionage,

industrial espionage is most commonly associated with technology-heavy
industries—particularly the computer, biotechnology, aerospace, chemical,
energy, and auto sectors—in which a significant amount of money is spent
on research and development (R&D).

The world's biggest practitioners of industrial espionage correspond to companies

in countries with the biggest economies. One of the reasons why corporations
engage in industrial espionage is to save time as well as huge sums of money.
After all, it can take years to bring products and services to market—and the costs
can add up.

In recent years, industrial espionage has grown with the help of the internet
Penalties for industrial espionage can be significant, as seen in 1993 when
Volkswagen stole trade secrets from General Motors which led to a $100 million
fine.

Special Considerations
Industrial espionage tends to involve inside jobs in which employees steal secrets
for financial gain or to hurt target companies. In certain—and more unlikely—
31
cases, individuals may break into a company facility to steal documents, computer
files, or pick through a company's trash for valuable information. There's a greater
chance, though, that an industrial spy will use the internet to hack into a company's
network to gain access to trade secrets on work computers and servers. It may also
be conducted by governments as they pursue economic or financial goals.

A relatively new area of industrial espionage involves denying a competitor the

use of their information, services, or facilities by way of computer malware,
spyware, or a distributed denial-of-service attack (DDoS). Such industrial
espionage tools are helpful in exploiting vulnerable systems.

Types of Industrial Espionage

Industrial espionage can be divided into two types.

1.The first and most common actively seeks to gather intelligence about a
company or organization. It may include the theft of intellectual property, such as
manufacturing processes, chemical formulas, recipes, techniques, or ideas.
2.Industrial espionage may also entail the concealment or denial of access to key
information related to pricing, bidding, planning, research, and more. Such a
practice is meant to create a competitive advantage for the party who has the
information.

32