Cyber Security Unit-1

lOMoARcPSD|29423800
BCC 301 Cyber Security Notes Unit I
computer science (GL Bajaj Institute of Technology and Management)
Scan to open on Studocu
Studocu is not sponsored or endorsed by any college or university

Downloaded by Supriya Dubey (supriya.dubey@kiet.edu)
lOMoARcPSD|29423800
BCC301 - Cyber Security Notes (Unit I)
Table of Contents
1. Introduction to Cybercrime .................................................................................................... 2
1.1 Cybercrime- Definition .................................................................................................... 3
1.1.1 The U.S. Department of Justice (DOJ) divides cybercrime into three categories:
3
1.2 Origin of Cybercrime ....................................................................................................... 5
1.3 Information Security ........................................................................................................ 6
1.3.1 Definitions of information security...................................................................... 7
1.4 Classifications of Cybercrimes ........................................................................................ 8
1.5 Who are Cybercriminals? .............................................................................................. 14
1.6 A Global Perspective on Cybercrimes ........................................................................... 15
1.7 Cybercrime as a business ............................................................................................... 16
1.8 Cybercrime laws around the globe ................................................................................ 17
1.8.1 Famous incidents relating to cyber crimes ........................................................ 19
1.8.2 Cybercrime in India ........................................................................................... 21
1.8.3 Grounds of cybercrime in India ......................................................................... 22
1.8.4 Cybercrime cases in India .................................................................................. 23
1.8.5 Reporting a cybercrime in India ........................................................................ 24
1.8.6 Cyber Crime Complaint Online ......................................................................... 25
1.9 Cyber crime legislation and agencies ............................................................................ 27
1.10 Protection against cybercrime ...................................................................................... 30
1.11 Prevention against cybercrime ..................................................................................... 31
2. Cyber Offenses: ................................................................................................................... 33
2.1 The offences included in the I.T. Act 2000 are as follows − ......................................... 34
2.2 Compounding of Offences ............................................................................................. 42
2.3 How Criminals Plan the Attacks:................................................................................... 43
2.3.1 Reconnaissance .................................................................................................. 43
2.3.2 Passive Attacks .................................................................................................. 44
2.3.3 Active Attacks.................................................................................................... 45
2.3.4 Scanning and Scrutinizing Gathered Information ............................................. 45
2.3.5 Attack (Gaining and Maintaining the System Access) ...................................... 46
3. Cyber stalking: ..................................................................................................................... 46

lOMoARcPSD|29423800
3.1 Distinguishing cyberstalking from other acts ................................................................ 46

3.2 A number of key factors have been identified in cyberstalking: ................................... 47
4. Botnets: The Fuel for Cybercrime ....................................................................................... 48
4.1 How Botnet Works ........................................................................................................ 49
4.2 Botnets Used For ........................................................................................................... 49
4.3 Types of Botnet Attacks ................................................................................................ 50
4.4 Protecting against Botnets: ............................................................................................ 50
5. Attack Vector: ...................................................................................................................... 50
5.1 Types of Attack Vectors: ............................................................................................... 51
6. References:- ......................................................................................................................... 52
1. Introduction to Cybercrime
Figure 1.1Cybercrime(Source - https://pix4free.org/assets/library/2021-01-

21/originals/cybercrime.jpg)
The World Wide Web allows us to easily access a wide range of activities. In reality,
our use of the internet is essential for the successful completion of our daily tasks and activities.
However, accessing the internet can also lead to a number of online crimes, such as breach of
data and account hacking.
A number of cybercrime cases including phishing, identity theft, and fraud, have surged
in recent years. In the previous year alone, India saw a multifold increase in the number of
cyberattacks throughout the Country. Cybercrime infiltration is anticipated to increase further.

lOMoARcPSD|29423800
This emphasises the significance of creating more effective and deterrent legal structures, as
well as stricter legislations, to combat cybercrime. In this situation, it becomes important to
examine the country’s existing cybersecurity legislation to see if they provide adequate
protection against these crimes.
While most cybercrimes are carried out in order to generate profit for the
cybercriminals, some cybercrimes are carried out against computers or devices directly to
damage or disable them. Others use computers or networks to spread malware, illegal
information, images or other materials. Some cybercrimes do both -- i.e., target computers to
infect them with a computer virus, which is then spread to other machines and, sometimes,
entire networks.
A primary effect of cybercrime is financial. Cybercrime can include many different
types of profit-driven criminal activity, including ransomware attacks, email and internet fraud,
and identity fraud, as well as attempts to steal financial account, credit card or other payment
card information.
1.1 Cybercrime- Definition
Cybercrime is any criminal activity that involves a computer, networked device or a
network.
Cybercrime is defined as any criminal misconduct carried out through a network,
technical gadgets, or the internet. Although some cybercrimes are intended to cause harm to
the victim, the vast majority are committed for financial gain.
1.1.1 The U.S. Department of Justice (DOJ) divides cybercrime into three categories:
1. crimes in which the computing device is the target -- for example, to gain network
access;

lOMoARcPSD|29423800
2. crimes in which the computer is used as a weapon -- for example, to launch a denial-
of-service (DoS) attack; and
3. crimes in which the computer is used as an accessory to a crime -- for example, using
a computer to store illegally obtained data.
The Council of Europe Convention on Cybercrime, to which the U.S. is a signatory, defines
cybercrime as a wide range of malicious activities, including the illegal interception of data,
system interferences that compromise network integrity and availability, and copyright
infringements.
Individuals and corporations are both targets. Individuals are typically part of a bigger
assault in which the hacker tries to distribute malware across machines for-profit motive.
Business assaults, on the other hand, are usually a one-shot deal. Businesses are also far more
prone to be the subject of hacktivist demonstrations, which constitute a type of cybercrime in
their own right.
Cybercrimes generally do not occur in a vacuum; they are, in many ways, distributed
in nature. That is, cybercriminals typically rely on other actors to complete the crime. This is
whether it's the creator of malware using the dark web to sell code, the distributor of illegal
pharmaceuticals using cryptocurrency brokers to hold virtual money in escrow or state threat
actors relying on technology subcontractors to steal intellectual property (IP).

lOMoARcPSD|29423800
1.2 Origin of Cybercrime
Figure 1.2Cybercrimes Types, Origin and Analysis

Source - https://www.mapsofindia.com/ci-moi-images/my-india/2021/11/IMG-20211110-WA0014.jpg
Despite the fact that the internet is only roughly 30 years old, experts believe the 1834
hack to be the first cyberattack in history. Two crooks infiltrated the French Telegraph System
and gained access to financial markets, conducting data theft.
Some early cyberattacks, which began in the late 1800s and the early 20th century, saw
cybercriminals target telephone infrastructure. Only two years after the invention of the
telephone, adolescent guys stole into Alexander Graham Bell’s telephone firm and wreaked
havoc by misleading calls. Phone hacking, also known as phreaking, became popular in the
1960s and 1980s.
Rene Carmille, a French computer scientist, broke into the Nazi data registry in 1940
to disrupt their intentions to identify and monitor Jews.
The introduction of email in the 1980s brought with it phishing schemes and viruses
sent via attachments. Web browsers, like computer viruses, had grown prevalent by the 1990s.

lOMoARcPSD|29423800
Because of the nature of these platforms, the broad use of social media in the 2000s
only exacerbated cyber crime, particularly data theft. Malware infections and data theft have
surged rapidly over the last 10 years and show no indications of slowing down anytime soon.
With the evolution of the internet, hackers now have a plethora of novel attack vectors
at their disposal. As more and more ordinary devices — refrigerators, washing machines,
heating systems, light bulbs, and so on — go online, cybercriminals gain new weaknesses and
possibilities.
1.3 Information Security
Information security, sometimes shortened to InfoSec, is the practice of protecting
information by mitigating information risks. It is part of information risk management. It
typically involves preventing or reducing the probability of unauthorized or inappropriate
access to data or the unlawful use, disclosure, disruption, deletion, corruption, modification,
inspection, recording, or devaluation of information. It also involves actions intended to reduce
the adverse impacts of such incidents. Protected information may take any form, e.g., electronic
or physical, tangible (e.g., paperwork), or intangible (e.g., knowledge). Information security's
primary focus is the balanced protection of data confidentiality, integrity, and availability (also
known as the CIA triad) while maintaining a focus on efficient policy implementation, all
without hampering organization productivity. This is largely achieved through a structured risk
management process that involves:
 Identifying information and related assets, plus potential threats, vulnerabilities, and
impacts; Evaluating the risks
 Deciding how to address or treat the risks, i.e., to avoid, mitigate, share, or accept them

lOMoARcPSD|29423800
 Where risk mitigation is required, selecting or designing appropriate security controls
and implementing them
 Monitoring the activities and making adjustments as necessary to address any issues,
changes, or improvement opportunities
1.3.1 Definitions of information security
The protection of information and information systems from unauthorized access, use,
disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity,
and availability (Committee on National Security Systems: National Information Assurance (IA)
Glossary, CNSS Instruction No. 4009, 26 April 2010.)
Information Security is a multidisciplinary area of study and professional activity which
is concerned with the development and implementation of security mechanisms of all available
types (technical, organizational, human-oriented and legal) in order to keep information in all
its locations (within and outside the organization's perimeter) and, consequently, information
systems, where information is created, processed, stored, transmitted and destroyed, free from
threats. Threats to information and information systems may be categorized and a
corresponding security goal may be defined for each category of threats. A set of security goals,
identified as a result of a threat analysis, should be revised periodically to ensure its adequacy
and conformance with the evolving environment. The currently relevant set of security goals
may include: confidentiality, integrity, availability, privacy, authenticity & trustworthiness,
non-repudiation, accountability and auditability." (Cherdantseva Y. and Hilton J.: "Information
Security and Information Assurance. The Discussion about the Meaning, Scope and Goals".
In: Organizational, Legal, and Technological Dimensions of Information System
Administrator. Almeida F., Portela, I. (eds.). IGI Global Publishing. (2013))

lOMoARcPSD|29423800
1.4 Classifications of Cybercrimes
The following are the various types of cybercrimes:
 Theft via cyberspace: Cyber theft is a sort of cybercrime that includes an
individual infiltrating another person’s or company’s system in order to steal
wealth, private information, financial information, or proprietary information.
Identity theft and embezzlement are examples of fraudulent crimes that might
be classified as cyber theft crimes.
Figure 1.3 Cyberspace

Source: https://thediplomat.com/
 Cyberbullying: Bullying an individual online is referred to as cyberbullying.
Cyberbullying includes any threat to a person’s safety, coercion of a person to
say or do anything, and expressions of hatred or subjectivity against someone.
While children are more likely to be victims of cyberbullying, adults are not
exempt. According to a survey, 40% of polled teens said they had encountered
online harassment, while 24% of adults aged 26–35 said they had experienced
cyberbullying.

lOMoARcPSD|29423800
Figure 1.4Cyberbullying (Source:- https://kidshelpline.com.au/)
Figure 1.5Effect of Cyberbullying (Source: - https://www.verywellfamily.com/)
 Malware: Malware is a term that refers to any software program that is meant
to infiltrate or harm a device. Viruses are a type of software that falls under the
malware category. Viruses may cause a range of problems once they enter a
device. They may delete files, record your keystrokes, erase your disk drive, or
otherwise corrupt your data.

lOMoARcPSD|29423800
Figure 1.6 Types of Malware (Source:- https://academy.avast.com/)

 Phishing: Phishing happens when fraudsters act as an organisation in order to
dupe victims into disclosing important information. Scare techniques, such as
notifying the victim that their bank account or personal device is under assault,
are frequently used by cybercriminals to effectively fulfil their phishing aims.
Figure 1.7Phishing
 Cyberextortion: Cyber extortion is a type of blackmail that takes place through
the internet. In these occurrences, cybercriminals target or try to harm the person
and demand pay or a reaction in order to halt their threats.

lOMoARcPSD|29423800
Figure 1.8Cyberextortion
 Ransomware: Ransomware is a sort of cyber extortion that uses malware to
achieve its purpose. This software threatens to disclose the victim’s data or to
block the user from retrieving his/her data unless the cybercriminal gets a
predetermined sum of money.
Figure 1.9Ransomware
Source:- https://www.globalsign.com/
 Cryptojacking: When hackers utilise other people’s processing resources to
mine cryptocurrency without their permission, this is referred to as
cryptojacking. Cryptojacking varies from cyber crimes that utilise malware to
enter the device of a victim to steal data whereas the cryptojackers are not
interested in stealing a victim’s data. Cryptojackers, on the other hand, employ
the computing power of their victim’s gadget. Despite appearing to be less

lOMoARcPSD|29423800
harmful than other cybercrimes, cryptojacking should not be taken lightly
because falling prey to it can drastically delay one’s device and render it
vulnerable to further cyber assaults.
Figure 1.10Cryptojacking (Source: - https://threatcop.com/)

 Cyber spying: Cyber spying occurs when hackers target a public or private
entity’s network in order to gain access to classified data, private information,
or intellectual property. Cybercriminals may utilise the sensitive information
they discover for a variety of purposes, including blackmail, extortion, public
humiliation, and monetary gain.
 Spyware: Spyware is a software that cybercriminals employ to monitor and
record their victims’ actions and personal information. Often, a victim
unintentionally downloads spyware onto their device, giving a cybercriminal
unwitting access to their data. Cybercriminals can access a victim’s credit card
data, passwords, web cam, and microphone depending on the type of spyware
employed.
 Adware: Adware is software that you may unintentionally download and install
when installing another program. Every time someone views or clicks on an

lOMoARcPSD|29423800
advertisement window, the developers of adware programs profit financially
from their actions on people’s computers. Although some adware software is
lawful and innocuous, others are invasive due to the type and number of ads
they display. Many nations consider some adware applications to be unlawful
because they contain spyware, malware, and other dangerous software.
 Botnets: Botnets are malware-infected computer networks. Malicious hackers
infiltrate and gain control of these machines in order to do things online without
the user’s consent, allowing them to commit fraudulent crimes while remaining
undetected. They may send spam emails and conduct targeted hacks into a
company’s assets, financial records, data analyses, and other vital information.
 Dating hoodwinks: Some hackers utilise dating websites, chat rooms, and
online dating apps to pose as possible mates and attract people in order to have
access to their data.
 Hacking: Any illegal access to a computer system is generally referred to as
hacking. When a hacker gains unauthorised access to a company’s or an
individual’s computers and networks, they can obtain access to important
corporate information as well as personal and private data. Despite this, not all
hackers are crooks. Some “white hat” hackers are employed by software
businesses to identify faults and gaps in their surveillance systems. These
hackers get into a company’s network in order to uncover existing holes in their
clients’ systems and provide fixes to such issues.
 Credit card fraud - An attack that occurs when hackers infiltrate retailers'
systems to get the credit card and/or banking information of their customers.

lOMoARcPSD|29423800
Stolen payment cards can be bought and sold in bulk on darknet markets, where
hacking groups that have stolen mass quantities of credit cards profit by selling
to lower-level cybercriminals who profit through credit card fraud against
individual accounts.
 Cyberespionage: A crime involving a cybercriminal who hacks into systems
or networks to gain access to confidential information held by a government or
other organization. Attacks may be motivated by profit or by ideology.
Cyberespionage activities can include every type of cyberattack to gather,
modify or destroy data, as well as using network-connected devices, like
webcams or closed-circuit TV (CCTV) cameras, to spy on a targeted individual
or groups and monitoring communications, including emails, text messages and
instant messages.
 Software piracy: An attack that involves the unlawful copying, distribution and
use of software programs with the intention of commercial or personal use.
Trademark violations, copyright infringements and patent violations are often
associated with this type of cybercrime.
 Exit scam: The dark web, not surprisingly, has given rise to the digital version
of an old crime known as the exit scam. In today's form, dark web administrators
divert virtual currency held in marketplace escrow accounts to their own
accounts -- essentially, criminals stealing from other criminals.
1.5 Who are Cybercriminals?
Cybercriminals or “black hat” hackers may desire to go clean and abandon their
criminal activities occasionally. In these circumstances, one of the finest possibilities is to work

lOMoARcPSD|29423800
as a security analyst for the organisations they used to torture. These individuals have greater
expertise and experience with network intrusion than the majority of computer security
specialists.
Cybercriminals use various attack vectors to carry out their cyberattacks and are
constantly seeking new methods and techniques for achieving their goals, while avoiding
detection and arrest.
Cybercriminals often carry out their activities using malware and other types of
software, but social engineering is often an important component for executing most types of
cybercrime. Phishing emails are another important component to many types of cybercrime but
especially so for targeted attacks, like business email compromise (BEC), in which the attacker
attempts to impersonate, via email, a business owner in order to convince employees to pay out
bogus invoices.
1.6 A Global Perspective on Cybercrimes
The consequences of cybercrimes: The actual extent of cybercrime is hard to determine.
Because of the significant danger of data loss, the consequences of cybercrime may be
disastrous. The consequences of cybercrime may be divided into three categories:
 Individual: Individuals bear the brunt of the consequences of cyber crime. With the
gadgets, there may be difficulties such as data breaches, identity theft, or trafficking to
harmful websites, among other things. As a result, one may notice unusual purchases
on their credit cards and lose access to their financial accounts. Furthermore, fraudsters
may utilise data saved on smartphones to harass and blackmail victims.

lOMoARcPSD|29423800
 Business: Businesses may suffer from the loss of sensitive data, financial loss, or brand
harm, among other things. It can have a direct impact on the value of a firm, and the
stock value can result in a loss of reputation, clients, and so on. Companies that fail to
secure client data will face fines and penalties. Furthermore, a malicious user may
discreetly sell critical data from the firm to other businesses.
 Government: Gaining access to government information with the purpose of misusing
it, is a serious breach of data. Cybercriminals employ cutting-edge tools and technology
to obtain access to extremely sensitive government data. The primary goal of attacking
government data is to corrupt or sell national defence and security information.
1.7 Cybercrime as a business
The dark web, which is distinct from the deep web, has its own economy where
cybercrime occurs. Criminals purchase and sell adware, botnets, data lists, and other items in
order to conduct fraud and identity theft. However, there is a darker side to the dark web.
The dark web is used for a variety of purposes, including sex trafficking, the spread of
child pornography, hitmen, and much more. There’s a sector of the internet, hidden behind
many redirection and encrypted pages, that allows such heinous actions to take place. We’re
referring to it as the “cyber crime economy.”
Due to the extensive paper trail created by accessing the internet, criminals who engage
in such operations are concerned about their identity. Access to relevant portions of the dark
web is typically possible through a combination of TOR browsers (The Onion Router) and a
secure virtual private network, as well as the confidence of individuals who run in such circles.
The data, especially if it was compromised in a data breach, is almost certainly
accessible for purchase on the dark web. According to Experian, a business that provides

lOMoARcPSD|29423800
identity theft protection, someone’s social security number might be sold on the dark web for
as low as $1. Credit card numbers may be purchased for as low as $5.
In the majority of cases, your identity is used to make fraudulent transactions as
anybody could use a different identity on the internet. Securing our personal data is critical, not
just for the money in the bank account, as well as for our liberty.
1.8 Cybercrime laws around the globe
Cybercrime is a worldwide issue that necessitates a cohesive global reaction. Different
countries throughout the world have enacted several cyber laws that specify the offences and
punishments for cyber crime. Some of these are as follows:
 The United States of America: Computer fraud and abuse are prohibited under the
Computer Fraud and Abuse Act (CFAA), 18 USC 1030. These are cyber defence
legislations. It safeguards federal systems, bank computers, and Internet-connected
systems. It protects them from intrusion, threats, vandalism, spying, and being corruptly
utilised as fraud instruments. It is not a complete provision, but rather covers holes and
crevices in the protection provided by other federal criminal statutes.
o Few other cyber legislations prevalent in the US are Cybersecurity Information
Sharing Act (CISA), United States Code, and The Framework for Improving
Critical Infrastructure Cybersecurity Version 1.1.
 Canada: A complicated legal and regulatory structure governs data protection and
cybersecurity in Canada. Failure to comprehend this framework and actively mitigate
risks (or the effect of such risks when they materialise) can have major legal and
financial ramifications for a business. As a result, understanding this quickly growing

lOMoARcPSD|29423800
area of law and governance is critical for enterprises that operate in Canada (in whole
or in part) or have business partners operating in Canada.
o The Personal Information Protection and Electronic Documents Act, SC 2000 c
5 (‘PIPEDA’) along with the Criminal Code of Canada is a data privacy act that
essentially provides two key cybersecurity duties for Canadian private sector
organisations. The PIPEDA mandates organisations to report specific
cybersecurity events to the regulator and impacted persons, as well as to
implement proper security protections.
 European Union: The EU intends to create a single set of guidelines and laws covering
cybersecurity and data protection. Directives are legislative actions that establish
legally obligatory objectives for all member nations. Once enacted, each country must
enact its own laws and regulations to fulfil these objectives.
2018
o The General Data Protection Regulation (GDPR) is the most comprehensive
and unified piece of cyber law in the EU. It has a direct impact on foreign
corporations doing business in the EU and applies to all organisations dealing
with the personal data of EU residents, regardless of where the organisation is
based. The GDPR, which was established in 2018 to harmonise data protection
and privacy rules across member nations, is now in effect. It empowers member
governments to impose severe penalties on organisations that fail to comply.
o The Cybersecurity Act is another significant advancement in cybersecurity
measures that directly affect enterprises. It went into effect on June 27, 2019,
with the goal of boosting network security for vital industries.

lOMoARcPSD|29423800
 China: When China’s Cybersecurity Law went into effect in June 2017, it created the
groundwork for a defence plan against widespread cybercrime and possible nation-state
strikes. The rule places a special emphasis on “critical information infrastructure
operators,” requiring them to keep personal and essential network data within China.
However, the criteria might be imprecise and wide, and even organisations in the
financial industry may fall under the category of information infrastructure operator.
Multinational firms must keep data generated in China within the country’s boundaries,
collaborating with local cloud data centre providers or developing their own centres in
partnership with a local company.
o The Data Security Law (“DSL”) was passed by the People’s Republic of
China’s National People’s Congress Standing Committee on June 10, 2021. The
DSL’s primary goal is to safeguard and secure important data related to national
security and the public interest.
 The United Kingdom: In the United Kingdom, the Computer Misuse Act, of 2013,
criminalises all “unauthorised” access, bolstered by even broader clauses criminalising
preparatory conduct and the trafficking of technology used for unauthorised computer
access.
1.8.1 Famous incidents relating to cyber crimes
Cyber assaults and data breaches are common occurrences. If we read tech news, we
might have come across headlines indicating cybercriminals are continually developing and
implementing new cyber risks.

lOMoARcPSD|29423800
In late 2019, the Australian Cyber Security Centre issued a warning to national
businesses about the Emotet virus, a significant global cyber threat. Emotet was created to
crack simple passwords, steal information, and inject other malware onto computers. This virus
was a financial trojan with a variety of characteristics and capabilities that has been affecting
governmental bodies, public enterprises, and private groups all over the world since 2014.
Cyber security risks are not limited to technology firms; they have also invaded the
video gaming sector. An excellent example is Capcom, a Japanese video game creation
business, which had a data breach. Capcom’s plans for the next four years were disclosed online
in November 2020 when thieves stole its systems. Not only did the attack have an influence on
the company’s 2021 releases, but it also raised concerns among its consumers about the security
of their personal information.
The evidence presented above indicates that cybercrime may affect every type of
company in any industry.
Yahoo was negotiating a transaction with Verizon at the time of the announcements.
The transaction price was reduced by an estimated $350 million once the news surfaced. It’s
frightening to believe that this was one of the greatest data breaches in history, and Yahoo
delayed three years to announce anything about it.
The Blackshades RAT was a popular extortion tool about the same period, if not earlier.
A Distant Access Tool, or RAT, allows a remote computer to operate yours without requiring
a physical connection. The vast majority of RATs are used legally, such as when a computer
maker gives the assistance.

lOMoARcPSD|29423800
A hacking gang called Blackshades customised a commercially available RAT and
exploited it for extortion. Cassidy Wolf, Miss Teen USA in 2014, was one of the more well-
known instances. Jared Abrahams, a student who had previously cyber-attacked 100-150 other
women, hacked and monitored her webcam for a year.
1.8.2 Cybercrime in India

900 million
With approximately 658 million internet users as of February 2022, India has the
world’s second-largest internet population. Cybercrime in India cost Rs.1.25 lakh crore in
2019, putting India in second place among nations hit by cyber-attacks between 2016 and 2018.
Ransomware assaults are becoming more common, and many cybercriminals operate from
their homes. In other words, cybercrime in India may be described as unlawful access to a
computer system without the consent of the legitimate owner or location of criminal activity
and can range from online cracking to denial of service assaults.
Phishing, spoofing, DoS (Denial of Service) attacks, credit card fraud, online
transaction fraud, cyber defamation, child pornography, and other forms of cybercrime are
examples.
There are several vulnerabilities in devices such as mobile phones that individuals use
to access services. An examination of the attack vector in a mobile phone found that other than
the programs, there are 15 distinct points through which a hacker might gain access to it.
Bluetooth, communication modules, microchips, operating systems, CPUs, and Wi-Fi are all
examples.
Hackers have devised a number of methods for acquiring user passwords by leveraging
the inadequate IT infrastructure at employees’ residences. Indeed, the frequency of cyber

lOMoARcPSD|29423800
assaults is growing, with 7 lakh documented intrusions through August of this year—a stunning
175 percent rise over the same period last year.
So, let’s take a closer look at India’s current cybersecurity regulations and what
advances and improvements we may expect in the future.
1.8.3 Grounds of cybercrime in India
Even though it is unlawful, cybercriminals frequently select an easier approach to
generate money. They target cash-rich organisations, like banks and other financial institutions,
where large sums of money are handled on a daily basis. They hack sensitive information by
taking advantage of flaws in IT security mechanisms. The following are the reasons why IT
platforms are so vulnerable:
 Accessibility– Due to the complexity of technology, there are several ways to
breach a computer system. Hackers can obtain access codes, sophisticated voice
recorders, retina scans, and other data that can be used to circumvent security
measures.
 Complex codes– Operating systems are used to run computers, and these
operating systems are made up of millions of lines of code. Because the human
mind is flawed, errors can occur at any time and in such cases, cybercriminals
take advantage of every code error.
 Ability to store data in a relatively small space– A computer has the unique
ability to store data in a very tiny space. This makes it easier for someone to
take data from other storage devices and utilise it for personal gain.
 Carelessness– One of the hallmarks of human behaviour is negligence. As a
result, there is a chance that when securing the computer system, we may make

lOMoARcPSD|29423800
a mistake that allows cyber-criminal access and control over the computer
system.
 Evidence loss– Data relating to the crime can be readily deleted. As a result,
evidence loss has become a very widespread and evident problem that paralyses
the mechanism behind the cyber-crime investigation.
1.8.4 Cybercrime cases in India
The following are notable cybercrime incidents that have resulted in massive losses for
well-known Indian firms.
 In 2018, a cyber-attack on the Cosmos bank in Pune startled the whole banking
industry. Hackers stole Rs 94.42 crore by breaking into the bank’s ATM server
and stealing the personal information of numerous debit cardholders. Money
was stolen, and hackers from 28 nations promptly withdrew it.
 In 2018 again a massive data breach involving 1.1 billion Aadhar card users
occurred. The hacked data contained personal information such as Aadhar,
cellphone, PAN, and bank account numbers, as well as IFSC codes.
Surprisingly, unknown merchants were quickly selling Aadhar information on
WhatsApp for Rs 500 per individual. In addition, for a meagre Rs 300, one could
obtain a printout of anyone’s Aadhar card.
 Canara bank’s ATM servers were attacked in a cyber assault in mid-2018. The
crooks have over Rs 20 lakhs stashed away in several bank accounts. Skimming
devices were used by hackers to acquire information from 300 debit cards. The
imposters targeted 50 people and took money ranging from Rs 10,000 to Rs
40,000.

lOMoARcPSD|29423800
 Pegasus spyware is a type of malicious software that infiltrates a device, collects
data, and then sends it to a third-party provider without the user’s permission.
NSO Group, an Israeli cyber weaponry company, designed it. It mostly needed
links to function. When a consumer clicks on one of these links, Pegasus is
instantly installed on their phone. According to the Indian news portal The Wire,
a leaked global database of 50,000 telephone numbers alleged to have been
provided by different government clients of NSO Group includes over 300
verified Indian mobile telephone numbers, including those used by ministers,
opposition leaders, journalists, the legal community, businesses, government
employees, scientists, rights activists, and others.
1.8.5 Reporting a cybercrime in India
The initial step in reporting cybercrime in India is to register a complaint with a cybercrime
cell in a police station in the city where the crime occurred, or where the affected device is
located.
The second step is to know where to report cybercrime in India, which may be done both online
and offline by filing a complaint against the perpetrator of the cybercrime. In India, one can
file a complaint with either a cyber cell or a police station. One can go to your state’s police
station or write an email to the police, who will pass your report to the Cyber Cell, or one can
mail the complaint directly to the Cyber Cell.
The first step in learning how to report cybercrime in India is to file a complaint in
accordance with India’s cybercrime regulations. There is no online letter style for filing a
cybercrime report, however, the following papers must be provided:

lOMoARcPSD|29423800
To register a cybercrime report in the instance of hacking, the following information is
required:
1. Logs from the server.
2. If a website is vandalised, make a soft and hard duplicate of the defaced web page.
3. A soft copy of the original data and a soft copy of the compromised data are required if
data on a server or computer is compromised.
4. Details on the access control system, such as who had access and what sort of access.
5. If the victim suspects anybody, compile a list of suspects.
To register a cybercrime report in the instance of email abuse, the following actions must be
taken:
1. The problematic email’s extended headers must be removed, and both the soft and hard
copies must be saved.
2. The problematic email should not be removed from the inbox.
3. The objectionable email must be copied and stored on the computer’s hard disk.
1.8.6 Cyber Crime Complaint Online
In the past decades the advancement in technology and the number of internet users
have grown at a great pace and upto a great extent. With the increase in use of internet it is
obvious that there will be cons for excessive use as well. In lieu of the excessive use certain
crimes online are also committed and thus, for the protection of the victim it is necessary to
have provisions for registering the complaint and intimating the officials about the commission
of the crime for punishing the accused.

lOMoARcPSD|29423800
 Step 1
o One can submit a complaint about cybercrime both offline and online. Cyber
Cell India is the department that deals with online and offline cyber complaints
and thus, the first step is to report the complaint to this department. One can also
give a call on the cybercrime helpline number. You can visit here to file an
online cybercrime complaint.
 Step 2
o A written complaint has to be filed with the cybercrime cell by the victim in the
city he or she is in. But since cybercrime comes under the purview of the global
jurisdiction thus, it is implied from this that one can file a cyber complaint in
the cybercrime cell of any city irrespective of the fact that the person originates
from some other cities in India.
 Step 3
o Following information is required to be given by the victim at the time of filing
the complaint with the cyber cell-
 Name of the victim/person filing the complaint,
 His contact details,
 Address for mailing.
 The written complaint shall be addressed to the head to the department.
 Step 4
o In case of no access to the cyber cell India, one can report the matter to the local
police station by filing a First Information Report. If the complaint due to any

lOMoARcPSD|29423800
reason does not get accepted in the police station then in that case one can
approach the judicial magistrate or the commissioner.
 Step 5
o One can also file a First Information Report under the provision of the Indian
Penal Code if the offence falls under this Code. it is an obligation of every
police officer to lodge the complaint as it has been made mandatory under
section 154 of Code of Criminal Procedure.
Since most of the cyber crimes under the Indian Penal Code are classified under the
category of cognizable offences, thus, there is no requirement of any warrant for arresting the
accused because cognizable offences are those offences in which for the purpose of carrying
out the investigation or for making an arrest there is no requirement of any warrant.
The Ministry of Home Affairs is in lieu of establishing and launching a centralised
online cyber crime registration portal. The purpose is to remove the requirement of moving to
the police station for lodging any cyber crime complaint.
An online portal for registration of Cyber crime online has been launched by the Cyber
crime cell of the Delhi police. (https://mha.gov.in/division_of_mha/cyber-and-information-
security-cis-division)
1.9 Cyber crime legislation and agencies
To combat the threat posed by cybercriminals, the government created the Information
Technology Act of 2000, the primary goal of which is to provide an enabling environment for
successful internet use as well as to report cyber crime in India. The Information Technology

lOMoARcPSD|29423800
Act (IT Act), which was enacted in 2000, governs Indian cyber legislation. The main goal of
this Act is to provide eCommerce with trustworthy legal protection by making it easier to
register real-time information with the government. However, as cyber attackers became more
cunning, coupled with the human predisposition to manipulate technology, a number of
adjustments were made.
 The IT Act, which was passed by India’s Parliament, emphasises the harsh fines and
penalties that protect the e-governance, e-banking, and e-commerce sectors. The scope
of ITA has now been expanded to include all of the most recent communication devices.
 The IT Act is a comprehensive piece of legislation that addresses technology in the
areas of e-governance, e-commerce, and e-banking. In India, the cyber law also
establishes sanctions and punishment for cyber crime.
 The IT Act is the most important, as it directs all Indian legislation to strictly regulate
cyber crime:
 Section 43 – This section applies to those who destroy computer systems without the
owner’s authorization. In such instances, the owner is entitled to full recompense for
the total loss.
 Section 66 – This section applies if a person is determined to have committed any of
the acts listed in section 43 dishonestly or fraudulently. In such cases, the penalty might
be up to three years in prison or a fine of up to Rs. 5 lakh.
 Section 66B – Incorporates the penalties for obtaining stolen communication devices
or computers in a dishonest manner, which affirms a possible three-year sentence.
Depending on the severity, this sentence might also be followed by a fine of Rs. 1 lakh.

lOMoARcPSD|29423800
 Section 66C – This section looks at identity thefts including impostor digital signatures,
password hacking, and other unique identifying elements. If found guilty, a three-year
sentence could be accompanied by a fine of Rs.1 lakh.
 Section 66 D – This section was added on the spot to focus on penalising cheaters who
use computer resources to impersonate others.
 The Indian Penal Code was also updated to encompass crimes such as fraud, forgery,
theft, and other similar offences committed through the internet or through electronic
media.
 Sections 43 and 66 of the IT Act penalise a person who commits data theft, transmits a
virus into a system, hacks, destroys data, or denies an authorised person access to the
network with up to three years in jail or a fine of Rs. five lacs, or both. Simultaneously,
data theft is penalised under Sections 378 and 424 of the IPC, with maximum sentences
of three years in jail or a fine, or both, and two years in prison or a fine, or both. Denying
access to an authorised user or causing damage to a computer system is punishable
under Section 426 of the IPC by imprisonment for up to three months, a fine, or both.
 Section 65 of the IT Act makes it illegal to tamper with computer source materials.
Section 66E specifies the penalty for invasion of privacy. It states that anyone who
captures, publishes, or distributes an image of a person’s private area without his or her
consent has committed a violation of privacy and is punishable by imprisonment for up
to three years or a fine of up to two lacs, or both.
 Section 66F addresses a critical issue, cyber terrorism, and sets penalties for it. It defines
cyber terrorism as acts such as denial of access, breaching a network, or transmitting a
virus/malware with the intent of causing death or injury to any person, all with the intent

lOMoARcPSD|29423800
of undermining India’s integrity, sovereignty, unity, and security or instilling fear in
the minds of its citizens.
 The offence of deceitfully obtaining stolen computer resources or devices is dealt with
under Section 66B of the IT Act and Section 411 of the IPC.
 Section 66C of the IT Act specifies penalties for identity theft, stating that anybody who
uses another person’s identification credentials for fraud or in a dishonest manner faces
imprisonment for up to three years and a fine of up to Rs. three lacs. Cheating by
impersonating another person while utilising a computer resource is a violation of
Section 66D of the IT Act. Sections 419, 463, 465, and 468 of the IPC include similar
prohibitions for these offences. The IT Act penalises not only individuals but also
corporations, if they fail to build and implement a reasonable and attentive procedure
to secure any person’s sensitive data in their control. Such a corporation is obligated to
compensate the individual who has sustained a loss as a result of the corporation’s
carelessness.
 In addition to the measures for punishment, the IT Act authorises the Central
Government to give orders to prevent access to any material on an intermediary or
computer resource for the public if it deems it essential in the interests of the state. It
can also intercept, decode, and monitor such data.
1.10 Protection against cybercrime
In order to protect ourselves from the perils of cybercrime, the following preventative
actions can be taken:

lOMoARcPSD|29423800
 It is required to install an antivirus program. An antivirus program is designed to
safeguard users against cybercrime. Modern programs monitor the machine’s data for
harmful content and give real-time security against dangers like phishing.
 Making use of a Virtual Private Network. A VPN connection will protect your online
privacy. It’s an important tool for privacy, which protects people from identity theft.
 Unsolicited emails, text messages, and phone calls should be avoided, especially if they
utilise the crisis to coerce people into circumventing standard security safeguards.
 Change the Wi-Fi network’s default password to something more secure. Limit the
number of devices that may connect to the Wi-Fi network and only allow trustworthy
devices to connect.
 Use lengthy and complicated passwords that incorporate numbers, letters, and special
characters.
 Make sure to update all the systems and programs, as well as to install and maintain an
antivirus software up to date.
 Data backup should be a routine procedure since data may be quickly destroyed,
infected, or manipulated.
1.11 Prevention against cybercrime
To effectively combat cybercrime, multidimensional public-private alliances involving
authorities, the digital tech industry, information security groups, internet firms, and financial
institutions are required. Cyber thieves, unlike their counterparts in the physical world, do not
compete for dominance or control. Instead, they collaborate to enhance their talents and even
assist one another with new chances. As a result, traditional crime-fighting strategies cannot be

lOMoARcPSD|29423800
employed to combat cyber crime in India. Mentioned below are some steps to prevent cyber
crime:
1. Use complex passwords: Use various login details combinations for separate accounts
and avoid writing them down.
2. Keeping online profiles secret: Make sure to keep your social networking profiles
(Facebook, Twitter, YouTube, and so on) private. Make sure to double-check your
security settings. Take caution with the information you put on the internet. Once it’s
on the Internet, it’s there for good.
3. Safeguard mobile devices: Many individuals are unaware that their mobile devices are
exposed to dangerous software such as computer viruses. An individual should only
download software from reputable sites. It is also critical that your operating system is
kept up to date. Install anti-virus software and utilize a secure lock screen in addition.
Otherwise, if you misplace your phone or lay it down for a few seconds, anyone may
see all of your personal information on it. Someone may even install malicious software
that uses GPS to follow your every step.
4. Safeguarding data: Encrypt sensitive files such as financial documents and tax returns,
to protect your data.
5. Secure online identity: When it comes to protecting one’s identity online, an individual
should be vigilant. When providing personal information such as your name, address,
phone number, and/or financial information on the Internet, you must exercise extreme
caution. While making an online purchase, etc., be sure to check whether the websites
are safe. This includes turning on your privacy settings while using or visiting social
networking sites.

lOMoARcPSD|29423800
6. Safeguarding computers with security software: For basic internet security, several
types of security softwares are required. Firewall and antivirus software are key pieces
of security software. A firewall is typically the first line of defence for your computer.
It governs who can communicate, and access the computer via the internet. Assume a
firewall to be a type of ‘policeman’ who monitors all data attempting to flow to and
from the computer via the Internet, permitting transactions that it knows are secure
while preventing ‘bad’ traffic such as cyberattacks.
As people’s reliance on technology grows, cyber laws in India and throughout the world
must be constantly updated and refined. The epidemic has also driven a large portion of the
workforce into a remote working mode, heightening the need for app security. Legislators must
go above and beyond to keep ahead of the impostors and stop them in their tracks. cyber crime
can be managed, but it takes the combined efforts of governments, Internet or network
providers, intermediaries such as banks and shopping sites, and most crucially, consumers.
2. Cyber Offenses:
Cyber offences are the illegitimate actions, which are carried out in a classy manner
where either the computer is the tool or target or both.
Cyber-crime usually includes the following −
 Unauthorized access of the computers
 Data diddling
 Virus/worms attack
 Theft of computer system
 Hacking

lOMoARcPSD|29423800
 Denial of attacks
 Logic bombs
 Trojan attacks
 Internet time theft
 Web jacking
 Email bombing
 Physically damaging computer system.
2.1 The offences included in the I.T. Act 2000 are as follows −
 Tampering with the computer source documents.
 Hacking with computer system.
 Publishing of information which is obscene in electronic form.
 Power of Controller to give directions.
 Directions of Controller to a subscriber to extend facilities to decrypt information.
 Protected system.
 Penalty for misrepresentation.
 Penalty for breach of confidentiality and privacy.
 Penalty for publishing Digital Signature Certificate false in certain particulars.
 Publication for fraudulent purpose.
 Act to apply for offence or contravention committed outside India Confiscation.
 Penalties or confiscation not to interfere with other punishments.
 Power to investigate offences.

lOMoARcPSD|29423800
Offences Under The It Act 2000 Section 65. Tampering with computer source
documents
Whoever knowingly or intentionally conceals, destroys or alters or intentionally or
knowingly causes another to conceal, destroy or alter any computer source code used for a
computer, computer program, computer system or computer network, when the computer
source code is required to be kept or maintained by law for the being time in force, shall be
punishable with imprisonment up to three year, or with fine which may extend up to two lakh
rupees, or with both.
Explanation − For the purpose of this section “computer source code” means the listing of
programs, computer commands, design and layout and program analysis of computer resource
in any form.
Object − The object of the section is to protect the “intellectual property” invested in the
computer. It is an attempt to protect the computer source documents (codes) beyond what is
available under the Copyright Law
Essential ingredients of the section
 knowingly or intentionally concealing
 knowingly or intentionally destroying
 knowingly or intentionally altering
 knowingly or intentionally causing others to conceal
 knowingly or intentionally causing another to destroy
 knowingly or intentionally causing another to alter.

lOMoARcPSD|29423800
This section extends towards the Copyright Act and helps the companies to protect their
source code of their programs.
Penalties − Section 65 is tried by any magistrate. This is cognizable and non-bailable
offence.
Penalties − Imprisonment up to 3 years and / or Fine − Two lakh rupees.
Table 2.1the offence and penalties against all the mentioned sections of the I.T. Act
Bailability and
Section Offence Punishment
Congizability
Offence is
Tampering with
Imprisonment up to 3 Bailable, Cognizable
65 Computer Source
years or fine up to Rs 2 lakhs and triable by Court of
Code
JMFC.
Offence is
Computer Related Imprisonment up to 3
66 Bailable, Cognizable
Offences years or fine up to Rs 5 lakhs
and
Sending offensive Imprisonment up to 3 Offence is

66-A
messages through years and fine Bailable, Cognizable

lOMoARcPSD|29423800
Communication and triable by Court of
service, etc... JMFC
Dishonestly Offence is
Imprisonment up to 3
receiving stolen Bailable, Cognizable
66-B years and/or fine up to Rs. 1
computer resource or and triable by Court of
lakh
communication device JMFC
Offence is
Imprisonment of either
Bailable, Cognizable
66-C Identity Theft description up to 3 years
and triable by Court of
and/or fine up to Rs. 1 lakh
JMFC
Offence is
Cheating by Imprisonment of either
Bailable, Cognizable
66-D Personation by using description up to 3 years and
and triable by Court of
computer resource /or fine up to Rs. 1 lakh
JMFC
Offence is
Imprisonment up to 3
Violation of Bailable, Cognizable
66-E years and /or fine up to Rs. 2
Privacy and triable by Court of
lakh
JMFC
Offence is Non-
Imprisonment extend to Bailable, Cognizable

66-F Cyber Terrorism
imprisonment for Life and triable by Court of
Sessions

lOMoARcPSD|29423800
On first Conviction,
Publishing or imprisonment up to 3 years Offence is
transmitting obscene and/or fine up to Rs. 5 lakh Bailable, Cognizable

67
material in electronic On Subsequent Conviction and triable by Court of
form imprisonment up to 5 years JMFC
Publishing or On first Conviction
transmitting of imprisonment up to 5 years Offence is Non-
material containing and/or fine up to Rs. 10 lakh Bailable, Cognizable

67-A
sexually explicit act, On Subsequent Conviction and triable by Court of
etc... in electronic imprisonment up to 7 years JMFC
form and/or fine up to Rs. 10 lakh
On first Conviction
Publishing or imprisonment of either
transmitting of description up to 5 years Offence is Non
material depicting and/or fine up to Rs. 10 lakh Bailable, Cognizable

67-B
children in sexually On Subsequent Conviction and triable by Court of
explicit act etc., in imprisonment of either JMFC
electronic form description up to 7 years
Intermediary Imprisonment up to 3 Offence is

67-C
intentionally or years and fine Bailable, Cognizable.

lOMoARcPSD|29423800
knowingly
contravening the
directions about
Preservation and
retention of
information
Failure to comply Imprisonment up to 2 Offence is
68 with the directions years and/or fine up to Rs. 1 Bailable, Non-
given by Controller lakh Cognizable.
Failure to assist
the agency referred to
in sub section (3) in
regard interception or Imprisonment up to 7 Offence is Non-

69
monitoring or years and fine Bailable, Cognizable.
decryption of any
information through
any computer resource
Failure of the
intermediary to
Imprisonment up to 7 Offence is Non-
69-A comply with the
years and fine Bailable, Cognizable.
direction issued for
blocking for public

lOMoARcPSD|29423800
access of any
information through
Intermediary who
intentionally or
knowingly
contravenes the
provisions of sub-
Imprisonment up to 3 Offence is
69-B section (2) in regard
years and fine Bailable, Cognizable.
monitor and collect
traffic data or
information through
for cybersecurity
Any person who
secures access or
attempts to secure Imprisonment of either

Offence is Non-
70 access to the protected description up to 10 years
Bailable, Cognizable.
system in and fine
contravention of
provision of Sec. 70

lOMoARcPSD|29423800
Indian Computer
Emergency Response
Team to serve as
national agency for
incident response.
Any service provider, Imprisonment up to 1 Offence is
70-B intermediaries, data year and/or fine up to Rs. 1 Bailable, Non-
centres, etc., who fails lakh Cognizable
to prove the
information called for
or comply with the
direction issued by the
ICERT.
Misrepresentation Imprisonment up to 2 Offence is
71 to the Controller to the years and/ or fine up to Rs. 1 Bailable, Non-
Certifying Authority lakh. Cognizable.
Breach of Imprisonment up to 2 Offence is
72 Confidentiality and years and/or fine up to Rs. 1 Bailable, Non-
privacy lakh. Cognizable.
Disclosure of Imprisonment up to 3
Offence is
72-A information in breach years and/or fine up to Rs. 5
Cognizable, Bailable
of lawful contract lakh.

lOMoARcPSD|29423800
Publishing
electronic Signature
73 years and/or fine up to Rs. 1 Bailable, Non-
Certificate false in
lakh Cognizable.
certain particulars
Publication for
74 years and/or fine up to Rs. 1 Bailable, Non-
fraudulent purpose
lakh Cognizable.
2.2 Compounding of Offences
As per Section 77-A of the I. T. Act, any Court of competent jurisdiction may compound
offences, other than offences for which the punishment for life or imprisonment for a term
exceeding three years has been provided under the Act.
No offence shall be compounded if −
 The accused is, by reason of his previous conviction, is liable to either enhanced
punishment or to the punishment of different kind; OR
 Offence affects the socio economic conditions of the country; OR
 Offence has been committed against a child below the age of 18 years; OR
 Offence has been committed against a woman.
The person alleged of an offence under this Act may file an application for compounding
in the Court. The offence will then be pending for trial and the provisions of Sections 265-B
and 265-C of Cr. P.C. shall apply.

lOMoARcPSD|29423800
2.3 How Criminals Plan the Attacks:
Criminals use many methods and tools to locate the vulnerabilities of their target. The target
can be an individual and/or an organization. Criminals plan passive and active attacks. Active
attacks are usually used to alter the system, whereas passive attacks attempt to gain information
about the target. Active attacks may affect the availability, integrity and authenticity of data
whereas passive attacks lead to breaches of confidentiality.
In addition to the active and passive categories, attacks can be categorized as either inside
or outside. An attack originating and/or attempted within the security, perimeter of an
organization is an inside attack. it is usually attempted by an "insider" who gains access to more
resources. than expected. An outside attack is attempted by a source outside the security
perimeter, maybe attempted by an insider and/or an outsider, who is indirectly associated with
the organization, it is attempted through the Internet or a remote access connection.
The following phases are involved in planning cybercrime:
 Reconnaissance (information gathering) is the first phase and is treated as passive
attacks.
 Scanning and scrutinizing the gathered information for the validity of the
information as well as to identify the existing vulnerabilities.
 Launching an attack (gaining and maintaining the system access).
2.3.1 Reconnaissance
The literal meaning of "Reconnaissance" is an act of reconnoitering- explore, often with
the goal of finding something or somebody (especially to gain information about an enemy or
potential enemy).

lOMoARcPSD|29423800
In the world of "hacking," reconnaissance phase begins with "Footprinting" - this is the
preparation toward preattack phase, and involves accumulating data about the target's
environment and computer architecture to find ways to intrude into that environment.
Footprinting gives an overview about system vulnerabilities and provides a judgment about
possible exploitation of those vulnerabilities. The objective of this preparatory phase is to
understand the system, its networking ports and services, and any other aspects of its security
that are needful for launching the attack.
Thus, an attacker attempts to gather information in two phases: passive and active attacks.
2.3.2 Passive Attacks
A passive attack involves gathering information about a target without his/her (individual's
or company's) knowledge. It can be as simple as watching a building to identify what time
employees enter the building's premises. However, it is usually done using Internet searches or
by Googling (i,e., searching the required information with the help of search engine Google)
an individual or company to gain information.
Google or Yahoo search: People search to locate information about employees.
Surfing online community groups like Orkut/Facebook will prove useful to gain the
information about an individual.
Organization's website may provide a personnel directory or information about key
employees, for example, contact details, E-Mail address, etc. These can be used in a social
engineering attack to reach the target.
Blogs, newsgroups, press releases, etc. are generally used as the mediums to gain
information about the company or employees.

lOMoARcPSD|29423800
Going through the job postings in particular job profiles for technical persons can provide
information about type of technology, that is, servers or infrastructure devices a company
maybe using on its network.
2.3.3 Active Attacks
An active attack involves probing the network to discover individual hosts to confirm the
information (IP addresses, operating system type and version, and services on the network)
gathered in the passive attack, phase. It involves the risk of detection and is also called "Rattling
the doorknobs" or "Active reconnaissance."
Active reconnaissance can provide confirmation to an attacker about security measures in
place,, but the process can also increase the chance of being caught or raise suspicion.
2.3.4 Scanning and Scrutinizing Gathered Information
Scanning is a key step to examine intelligently while gathering information about the target.
The objectives of scanning are as follows:
 Port scanning: Identify open/close ports and services.
 Network scanning: Understand IP Addresses and related information about the
computer network systems.
 Vulnerability scanning: Understand the existing weaknesses in the system.
The scrutinizing phase is always called "enumeration" in the hacking world. The objective
behind this step is to identify:
 The valid user accounts or groups;
 Network resources and/or shared resources
 OS and different applications that are running on the OS.

lOMoARcPSD|29423800
2.3.5 Attack (Gaining and Maintaining the System Access)
After the scanning and enumeration, the attack is launched using the following steps:
 Crack the password
 Exploit he password
 Execute the malicious command/applications;
 Hide the files (if required);
 Cover the tracks - delete the access logs, so that there is no trail illicit activity.
3. Cyber stalking:
Cyberstalking is a technologically-based "attack" on one person who has been targeted
specifically for that attack for reasons of anger, revenge or control. Cyberstalking can take
many forms, including:
 harassment, embarrassment and humiliation of the victim
 emptying bank accounts or other economic control such as ruining the victim's credit
score
 harassing family, friends and employers to isolate the victim
 scare tactics to instill fear and more
3.1 Distinguishing cyberstalking from other acts
There is a distinction between cyber-trolling and cyber-stalking. Research has shown
that actions that can be perceived to be harmless as a one-off can be considered to be trolling,
whereas if it is part of a persistent campaign then it can be considered stalking.

lOMoARcPSD|29423800
Table 3.1Cyberstalking vs cyberbulling

TM Motive Mode Gravity Description
Cyber- Cyber-
1 Playtime In the moment and quickly regret
bantering trolling
Cyber- Cyber- In the moment but do not regret and

2 Tactical
trickery trolling continue
Go out of way to cause problems, but

Cyber- Cyber-
3 Strategic without a sustained and planned long-
bullying stalking
term campaign
Cyber- Cyber- Goes out of the way to create rich media

4 Domination
hickery stalking to target one or more specific individuals
3.2 A number of key factors have been identified in cyberstalking:
 False accusations: Many cyberstalkers try to damage the reputation of their victim and
turn other people against them. They post false information about them on websites.
They may set up their own websites, blogs or user pages for this purpose. They post
allegations about the victim to newsgroups, chat rooms, or other sites that allow public
contributions such as Wikipedia or Amazon.com.
 Attempts to gather information about the victim: Cyberstalkers may approach their
victim's friends, family and work colleagues to obtain personal information. They may
advertise for information on the Internet, or hire a private detective.

lOMoARcPSD|29423800
 Monitoring their target's online activities and attempting to trace their IP address in an
effort to gather more information about their victims.
 Encouraging others to harass the victim: Many cyberstalkers try to involve third parties
in the harassment. They may claim the victim has harmed the stalker or his/her family
in some way, or may post the victim's name and telephone number in order to encourage
others to join the pursuit.
 False victimization: The cyberstalker will claim that the victim is harassing him or her.
Bocij writes that this phenomenon has been noted in a number of well-known cases.
 Attacks on data and equipment: They may try to damage the victim's computer by
sending viruses.
 Ordering goods and services: They order items or subscribe to magazines in the victim's
name. These often involve subscriptions to pornography or ordering sex toys then
having them delivered to the victim's workplace.
 Arranging to meet: Young people face a particularly high risk of having cyberstalkers
try to set up meetings between them.
 The posting of defamatory or derogatory statements: Using web pages and message
boards to incite some response or reaction from their victim.
4. Botnets: The Fuel for Cybercrime

Botnets are networks of hijacked computer devices used to carry out various scams and
cyberattacks. The term “botnet” is formed from the word’s “robot” and “network.” Assembly
of a botnet is usually the infiltration stage of a multi-layer scheme. The bots serve as a tool to
automate mass attacks, such as data theft, server crashing, and malware distribution. Botnets
use your devices to scam other people or cause disruptions — all without your consent.

lOMoARcPSD|29423800
4.1 How Botnet Works
Basic stages of building a botnet can be simplified into a few steps:
 Prep and Expose — hacker exploits a vulnerability to expose users to malware.
 Infect — user devices are infected with malware that can take control of their device.
 Activate — hackers mobilize infected devices to carry out attacks.
Figure 4.1Working of a Botnet (https://www.simplilearn.com/ice9/free_resources_article_thumb/Botnet_2.png)

4.2 Botnets Used For
Botnet creators always have something to gain, whether for money or personal satisfaction.
 Financial theft — by extorting or directly stealing money
 Information theft — for access to sensitive or confidential accounts
 Sabotage of services — by taking services and websites offline, etc.
 Cryptocurrency scams — using users’ processing power to mine for cryptocurrency
 Selling access to other criminals — to permit further scams on unsuspecting users

lOMoARcPSD|29423800
4.3 Types of Botnet Attacks
 Distributed Denial-of-Service (DDoS) is an attack based on overloading a server with
web traffic to crash it. Zombie computers are tasked with swarming websites and other
online services, resulting in them being taken down for some time.
 Phishing schemes imitate trusted people and organizations for tricking them out of their
valuable information. Typically, this involves a large-scale spam campaign meant to
steal user account information like banking logins or email credentials.
 Brute force attacks run programs designed to breach web accounts by force. Dictionary
attacks and credential stuffing are used to exploit weak user passwords and access their
data.
4.4 Protecting against Botnets:
 Improve all user passwords for smart devices.
 Avoid buying devices with weak security.
 Update admin settings and passwords across all your devices.
 Be wary of any email attachments.
 Never click links in any message you receive.
 Install effective anti-virus software.
5. Attack Vector:

lOMoARcPSD|29423800
Figure 5.1Attack Vectors

An attack vector is a pathway or method used by a hacker to illegally access a network or
computer in an attempt to exploit system vulnerabilities. Hackers use numerous attack vectors
to launch attacks that take advantage of system weaknesses, cause a data breach, or steal login
credentials. Such methods include sharing malware and viruses, malicious email attachments
and web links, pop-up windows, and instant messages that involve the attacker duping an
employee or individual user.
An attack vector, or threat vector, is a way for attackers to enter a network or system.
Common attack vectors include social engineering attacks, credential theft, vulnerability
exploits, and insufficient protection against insider threats. A major part of information security
is closing off attack vectors whenever possible.
5.1 Types of Attack Vectors:
 Compromised Credentials
 Open ports
 Malware
 Phishing

lOMoARcPSD|29423800
 Insider Threats
 Missing or Weak Encryption
 Unpatched Applications or Servers
 Distributed Denial of Service (DDoS)
6. References:-
1. Sunit Belapure and Nina Godbole, “Cyber Security: Understanding Cyber Crimes,
Computer Forensics And Legal Perspectives”, Wiley India Pvt Ltd, ISBN: 978-81-
265-21791, Publish Date 2013.
2. Basta, Basta, Brown, Kumar, Cyber Security and Cyber Laws, 1st edition , Cengage
Learning publication
3. Dr. Surya PrakashTripathi, RitendraGoyal, Praveen Kumar Shukla, KLSI.
“Introduction to information security and cyber laws”. Dreamtech Press. ISBN:
9789351194736, 2015.
4. Cyber Security and Date Privacy by Krishan Kumar Goyal , Amit Garg , Saurabh
Singhal , HP HAMILTON LIMITED Publication, ISBN-13-978-1913936020
5. Thomas J. Mowbray, “Cybersecurity: Managing Systems, Conducting Testing
6. Investigating Intrusions”, Copyright © 2014 by John Wiley & Sons, Inc, ISBN: 978 -
1-118 -84965 -1.
7. James Graham, Ryan Olson, Rick Howard, “Cyber Security Essentials”, CRC Press,
15-Dec 2010.
8. Anti- Hacker Tool Kit (Indian Edition) by Mike Shema, McGraw-Hill Publication.
9. https://blog.ipleaders.in/cyber-crime-types-consequences-laws-protection-and-
prevention/

lOMoARcPSD|29423800
10. https://www.newcomme.com/what-is-cyber-security-and-cyber-crimes/
11. https://www.cloudwards.net/cybercrime/
12. https://www.avast.com/c-cybercrime
13. https://www.appknox.com/blog/cybersecurity-laws-in-india
14. https://okcredit.in/blog/growth-of-cyber-crime-in-india/
15. https://www.myadvo.in/blog/cyber-crime-in-india/
16. https://www.business-standard.com/article/current-affairs/in-pics-here-s-all-you-need-
to-know-about-reporting-a-cybercrime-in-india-120071300525_1.html
17. https://www.michalsons.com/focus-areas/cybercrime-law
18. https://www.tutorialsmate.com/2020/09/what-is-cybercrime.html
19. https://www.hdi.global/infocenter/insights/2019/cyber-law-china/
20. https://probono-india.in/blog-detail.php?id=218
21. https://www.techtarget.com/searchsecurity/definition/cybercrime
22. https://usa.kaspersky.com/resource-center/threats/botnet-attacks
23. https://www.cloudflare.com/en-gb/learning/security/glossary/attack-vector/

Cyber Security Unit-1

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cyber Security Unit-1

Uploaded by

Copyright:

Available Formats

lOMoARcPSD|29423800

BCC 301 Cyber Security Notes Unit I

computer science (GL Bajaj Institute of Technology and Management)

Scan to open on Studocu

Studocu is not sponsored or endorsed by any college or university

BCC301 - Cyber Security Notes (Unit I)

Downloaded by Supriya Dubey (supriya.dubey@kiet.edu)

3.1 Distinguishing cyberstalking from other acts ................................................................ 46

Figure 1.1Cybercrime(Source - https://pix4free.org/assets/library/2021-01-

data and account hacking.

cyberattacks throughout the Country. Cybercrime infiltration is anticipated to increase further.

Downloaded by Supriya Dubey (supriya.dubey@kiet.edu)

well as stricter legislations, to combat cybercrime. In this situation, it becomes important to

protection against these crimes.

A primary effect of cybercrime is financial. Cybercrime can include many different

1.1 Cybercrime- Definition

Cybercrime is any criminal activity that involves a computer, networked device or a

Cybercrime is defined as any criminal misconduct carried out through a network,

Downloaded by Supriya Dubey (supriya.dubey@kiet.edu)

of-service (DoS) attack; and

a computer to store illegally obtained data.

prone to be the subject of hacktivist demonstrations, which constitute a type of cybercrime in

their own right.

actors relying on technology subcontractors to steal intellectual property (IP).

Downloaded by Supriya Dubey (supriya.dubey@kiet.edu)

1.2 Origin of Cybercrime

Figure 1.2Cybercrimes Types, Origin and Analysis

and gained access to financial markets, conducting data theft.

1960s and 1980s.

to disrupt their intentions to identify and monitor Jews.

Downloaded by Supriya Dubey (supriya.dubey@kiet.edu)

1.3 Information Security

Information security, sometimes shortened to InfoSec, is the practice of protecting

information by mitigating information risks. It is part of information risk management. It

typically involves preventing or reducing the probability of unauthorized or inappropriate

inspection, recording, or devaluation of information. It also involves actions intended to reduce

or physical, tangible (e.g., paperwork), or intangible (e.g., knowledge). Information security's

management process that involves:

impacts; Evaluating the risks

Downloaded by Supriya Dubey (supriya.dubey@kiet.edu)

 Where risk mitigation is required, selecting or designing appropriate security controls

and implementing them

changes, or improvement opportunities

1.3.1 Definitions of information security

disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity,

Glossary, CNSS Instruction No. 4009, 26 April 2010.)

Information Security is a multidisciplinary area of study and professional activity which

threats. Threats to information and information systems may be categorized and a

may include: confidentiality, integrity, availability, privacy, authenticity & trustworthiness,

non-repudiation, accountability and auditability." (Cherdantseva Y. and Hilton J.: "Information

In: Organizational, Legal, and Technological Dimensions of Information System

Administrator. Almeida F., Portela, I. (eds.). IGI Global Publishing. (2013))

Downloaded by Supriya Dubey (supriya.dubey@kiet.edu)

1.4 Classifications of Cybercrimes

The following are the various types of cybercrimes:

 Theft via cyberspace: Cyber theft is a sort of cybercrime that includes an

individual infiltrating another person’s or company’s system in order to steal

wealth, private information, financial information, or proprietary information.

be classified as cyber theft crimes.

Figure 1.3 Cyberspace

 Cyberbullying: Bullying an individual online is referred to as cyberbullying.

Cyberbullying includes any threat to a person’s safety, coercion of a person to

say or do anything, and expressions of hatred or subjectivity against someone.

Downloaded by Supriya Dubey (supriya.dubey@kiet.edu)