Professional Documents
Culture Documents
3. Logic bombs: A logic bomb, also known as “slag code”, is a malicious piece
of code which is intentionally inserted into software to execute a malicious task
when triggered by a specific event. It’s not a virus, although it usually behaves in a
similar manner
4. Denial-of-Service attack: A Denial-of-Service (DoS) attack is an explicit
attempt by attackers to deny service to intended users of that service. It involves
flooding a computer resource with more requests than it can handle consuming its
available bandwidth which results in server overload. This causes the resource (e.g. a
web server) to crash or slow down significantly so that no one can access it.
8. Cyber stalking: Cyber stalking is a new form of internet crime in our society
when a person is pursued or followed online. A cyber stalker doesn’t physically follow
his victim; he does it virtually by following his online activity to harvest information
about the stalkee and harass him or her and make threats using verbal intimidation.
It’s an invasion of one’s online privacy.
11. Salami slicing attack: A “salami slicing attack” or “salami fraud” is a technique
by which cyber-criminals steal money or resources a bit at a time so that there’s no
noticeable difference in overall size. The perpetrator gets away with these little pieces
from a large number of resources and thus accumulates a considerable amount over
a period of time.
12. Software Piracy: Thanks to the internet and torrents, you can find almost any
movie, software or song from any origin for free. Internet piracy is an integral part of
our lives which knowingly or unknowingly we all contribute to. This way, the profits of
the resource developers are being cut down. It’s not just about using someone else’s
intellectual property illegally but also passing it on to your friends further reducing the
revenue they deserve.
INTRODUCTION TO CYBER CRIME
INVESTIGATION:
Data retrieval:
Internet based:
If the case is internet based, finding the internet protocol (IP) addresses is
your first step in the investigation. An IP address consists of numbers and
letter, and that series is attached to any data moving through the internet. In
order to retrieve an IP address from some Internet Service Providers (ISP)
you will need to subpoena, warrant, or court order the company for
information.
What an IP address contains:
•who owns and operates the network address,
•associated domain name/ computer name,
•geolocation,
•email addresses, and
•local service provider identifier.
Device based:
A copy of the original data is needed prior to investigating its contents. Having a
copy of the original data prevents the contamination of the evidence. Cell phone and
other wireless devices should be examined in an isolated environment where it
cannot connect to networks, internet, or other systems.
Data Investigation:
In order to begin investigating the data you will need to install a lock on the copy
made of the data. This lock will allow you to manipulate the data and view it without
making permanent changes. Once you have identified the make and model of the
device in hand, select an extraction software that will be best suited to analyze the
data or permit the investigator to view as much data as possible.
The software system will also assist your investigation in
providing information such as: Time stamps, Images, Text documents, GPS
locations, and Other encrypted data.
TIPS TO PROTECT YOURSELF FROM CYBER CRIME:
Your net-savvy friend may tell you that he doesn't have anti-virus on his computer
because it slows things down. But look at it this way, one wrong click and he may
have to make the entire college project from scratch.
If in doubt, block:
A hacker who has cracked your main email password has the keys to your [virtual]
kingdom. Passwords from the other sites you visit can be reset via your main email
account. A criminal can trawl through your emails and find a treasure trove of
personal data: from banking to passport details etc. A separate account for your bank
and other financial accounts and one for social networks is a good idea. If one
account is hacked, you won't find everything compromised.
Ignore pop-ups:
Pop-ups can contain malicious software which can trick a user into verifying
something. "[But if and when you do], a download will be performed in the
background, which will install malware. This is known as a drive-by download.
Always ignore pop-ups offering things like site surveys on ecommerce sites, as they
are sometimes where the malcode is.
Make no mistake, your shiny new Mac-Book Air can be attacked too. It's true that
Macs used to be less of a target, simply because criminals used to go after the
largest number of users - hat is Windows - but this is changing. Determined
attackers are able to find new ways to exploit users on almost any platform.
Two-step verification:
If your email or cloud service offers it - Gmail, Dropbox, Apple and Facebook do -
take the trouble to set this up. In addition to entering your password, you are also
asked to enter a verification code sent via SMS to your phone. So a hacker might
crack your password, but without the unique and temporary verification code should
not be able to access your account. Keying in a password or code 40-plus times a
day might seem like a hassle but it is your first line of defence
Only shop online on secure sites:
Before entering your card details, always ensure that the locked padlock or unbroken
key symbol is showing in your browser. Additionally, the beginning of the online
retailer's internet address will change from "http" to "https" to indicate a connection is
secure. Be wary of sites that change back to http once you've logged on.
The golden rule: Hackers infect PCs with malware by luring users to click on a link or
open an attachment. Social media has helped criminals profile individuals. They can
see what you're interested in or what you [post] about and send you crafted
messages, inviting you to click on something. Don't.
Keeping a common password for all online accounts is a lot like having the same key
for all locks. Only difference being that it is a lot easier to get hold of the online key.
Also never reuse your main email password. But most online users own accounts in
over a dozen sites. So either try and use clever variations or start doing some really
heavy memory-enhancement exercise.
Don't store your card details on websites:
Err on the side of caution when asked if you want to store your credit card details for
future use. Mass data security breaches (where credit card details are stolen en
masse) aren't common, but why take the risk? The extra 90 seconds it takes to key
in your details each time is a small price to pay.
Keeping a common password for all online accounts is a lot like having the same key
for all locks. Only difference being that it is a lot easier to get hold of the online key.
Also never reuse your main email password. But most online users own accounts in
over a dozen sites. So either try and use clever variations or start doing some really
heavy memory-enhancement exercise.
Err on the side of caution when asked if you want to store your credit card details for
future use. Mass data security breaches (where credit card details are stolen en
masse) aren't common, but why take the risk? The extra 90 seconds it takes to key
in your details each time is a small price to pay.
Information Technology Act, 2000
•Digital signature has been replaced with electronic signature to make it a more
technology neutral act.
•It elaborates on offenses, penalties, and breaches.
•It outlines the Justice Dispensation Systems for cyber-crimes.
•It defines in a new section that cyber café is any facility from where the access to
the internet is offered by any person in the ordinary course of business to the
members of the public.
•It provides for the constitution of the Cyber Regulations Advisory Committee.
•It is based on The Indian Penal Code, 1860, The Indian Evidence Act, 1872, The
Bankers' Books Evidence Act, 1891, The Reserve Bank of India Act, 1934, etc.
•It adds a provision to Section 81, which states that the provisions of the Act shall
have overriding effect. The provision states that nothing contained in the Act shall
restrict any person from exercising any right conferred under the Copyright Act,
1957.
Scheme of I.T Act
As per the sub clause (4) of Section 1, nothing in this Act shall apply to documents
or transactions specified in First Schedule. Following are the documents or
transactions to which the Act shall not apply −
The I.T. Act has brought amendment in four statutes vide section 91-94. These
changes have been provided in schedule 1-4.
•The first schedule contains the amendments in the Penal Code. It has widened the
scope of the term "document" to bring within its ambit electronic documents.
•The second schedule deals with amendments to the India Evidence Act. It pertains
to the inclusion of electronic document in the definition of evidence.
•The third schedule amends the Banker's Books Evidence Act. This amendment
brings about change in the definition of "Banker's-book". It includes printouts of
data stored in a floppy, disc, tape or any other form of electromagnetic data storage
device. Similar change has been brought about in the expression "Certified-copy"
to include such printouts within its purview.
•The fourth schedule amends the Reserve Bank of India Act. It pertains to the
regulation of fund transfer through electronic means between the banks or between
the banks and other financial institution.
Intermediary Liability
Intermediary, dealing with any specific electronic records, is a person who on behalf
of another person accepts, stores or transmits that record or provides any service
with respect to that record.