SECURITY, PRIVACY &

ETHICS
BY Mr. Tahir Maqsood
 Define computer Crime
Cyber crime, or computer related crime, is crime that
involves a computer and a network. The computer may
have been used in the commission of a crime, or it may be
the target.
Alternatively referred to as cyber crime, e-crime, electronic
crime, or hi-tech crime. Computer crimes an act performed
by a knowledgeable computer user, sometimes referred to
as a hacker that illegally browses or steals a company's or
individual's private information. In some cases, this person
or group of individuals may be malicious and destroy or
otherwise corrupt the computer or data files.
 Computer criminals
 Convicted computer criminals are people who are caught
and convicted of computer crimes such as breaking
into computers or computer networks. Computer crime can be
broadly defined as criminal activity involving information
technology infrastructure, including illegal access
(unauthorized access), illegal interception (by technical means
of non-public transmissions of computer data to, from or
within a computer system), data interference (unauthorized
damaging, deletion, deterioration, alteration or suppression of
computer data), systems interference (interfering with the
functioning of a computer system by inputting, transmitting,
damaging, deleting, deteriorating, altering or suppressing
computer data), misuse of devices, forgery (or identity theft)
and electronic fraud
 Types of attack

• Techno-crime:
 A premeditated act against a system or systems with
the intent to copy, steal, corrupt or otherwise deface or
damage part of or the complete computer system

Techno-vandalism:
 These acts of “brainless” defacement of websites
and/or other activities, such as copying files and
publicizing their contents publicly
 Categorized in 3 groups:
• Type I: Cybercriminals- hungry for recognition
 Hobby hackers
 IT professionals
 Politically motivated hackers
 Terrorist organizations

• Type II: Cybercriminals- not interested in

recognition
 Psychological perverts
 Financially motivated hackers
 State-sponsored hacking
 Organized criminals
• Type III: cybercriminals- the insiders
 Former employees seeking revenge
 Competing companies using employees to gain
economic advantage through damage and/or
theft
 1. Cybercrime against individual:
• E-Mail spoofing and other online fraud
• Phishing
• Spamming
• Cyberdefamation
• Cyberstalking and harassment
• Computer sabotage
• Pornographic offenses

2. Cybercrime against property:

• Credit card frauds
• Intellectual property crime
• Internet time theft
 3. Cybercrime against organization:
• Unauthorized accessing of computer
• Password sniffing
• Denial-of-service attacks
• Virus
• E-Mail bombing
• Salami attack
• Logic bomb
• Trojan horse
• Data diddling
• Industrial spying
• Crimes emanating from Usenet
newsgroup
• Computer network intrusions
• Software piracy
 4. Cybercrime against society:
 Forgery
 Cyberterrorism
 Web jacking
5. Crimes emanating from Usenet
newsgroup:
 Usenet group may carry very offensive, harmful,
inaccurate or otherwise inappropriate material or
postings that have been misplaced or are
deceptive in another way
 A spoofed email is one in which e-mail
header is forged so that mail appears to
originate from one source but actually has
been sent from another source
 Spamming means sending multiple copies
of unsolicited mails or mass e-mails such
as chain letters.
 Difficult to control
 In context of “search engine spamming”,
spamming is alternation or creation of a
document with the intent to deceive an
electronic catalog or filing system
 Cognizable offense
 This occurs when defamation takes place
with the help of computers and / or the
Internet.

 E.g. someone publishes defamatory matter

about someone on a website or sends e-
mails containing defamatory information.
 The usage of the Internet hours by an
unauthorized person which is actually paid
by another person

 Comes under hacking

 When negligible amounts are removed &
accumulated in to something larger. These
attacks are used for the commission of
financial crimes.
 This kind of an attack involves altering raw
data just before it is processed by a
computer and then changing it back after
the processing is completed.
 Currency notes, revenue stamps, mark
sheets etc can be forged using computers
and high quality scanners and printers.
 Hackers gain access and control over the
website of another, even they change
the content of website for fulfilling
political objective or for money.
 “Spies” can get information about product
finances, research and development and
marketing strategies, an activity known
as Industrial spying.
 Every act committed toward breaking into
computer and/or network is hacking

 The purpose of hacking Power, publicity,

revenge, adventure, desire to access
forbidden information, destructive mindset
 Spoofing website and E-Mail security
alerts, lottery frauds, virus hoax E-Mail

 Child pornography means visual depiction

 Theft of software through the illegal
copying of genuine programs or the
counterfeiting and distribution of products
intended to pass for the original.

 Illegal copying of programs, distribution of

copies of software
 The use of the Internet to hinder the
normal functioning of a computer system
through the introduction of worms, viruses
or logical bombs is referred to as computer
sabotage
 Sending a large no. of E-Mails to the victim
to crash victim’s E-Mail account or to
make victim’s server crash
 Usenet is a popular means of sharing and
distributing information on the web with
respect to specific subjects or topic
 Following criminal use Usenet:
• Distribution/sale of pornographic material
• Distribution/sale of pirated software package
• Distribution of hacking software
• Sale of stolen credit card number
• Sale of stolen data/stolen property
 Crackers can break into computer systems
from anywhere in the world and steal
data, plant viruses, create backdoors,
insert trojan horse or change username
and passwords
 Programs that monitor and record the
name and password of network users as
they login at a site
 What is a Threat?
In computer security a threat is a possible danger that
might exploit a vulnerability to breach security and thus
cause possible harm.
A threat can be either "intentional" (i.e., intelligent; e.g.,
an individual cracker or a criminal organization) or
"accidental" (e.g., the possibility of a computer
malfunctioning, or the possibility of a natural disaster
such as an earthquake, a fire, or a tornado) or otherwise a
circumstance, capability, action, or event
 Threats and their types
There are so many types of threats but we will discus here today about
software threats.
 Malware
 Trojans
 Virus
 Firewall breech
 Computer Policy Disturbance
 Bugs and Flaws
 Adware
 Backdoors
 Email Trojans
 DDOS
 Cookies
 Keylogging
 Definitions and theory
 Virus:
Perhaps the most well known computer security threat,
a computer virus is a program written to alter the way a
computer operates, without the permission or knowledge of the
user. A virus replicates and executes itself, usually doing
damage to your computer in the process.
 Spyware:
A serious computer security threat, spyware is any
program that monitors your online activities or installs
programs without your consent for profit or to capture
personal information.
 Backdoors:
A backdoor Trojan allows someone to take control
of another user’s computer via the internet without their
permission.
A backdoor Trojan may pose as
legitimate software, just as other Trojan horse programs.
 Cookies:
Cookies are fi les on your computer that enable
websites to remember your details.
When you visit a website, it can place a fi le called
a cookie on your computer. This enables the website to
remember your details and track your visits. Cookies can
be a threat to confidentiality, but not to your data.
 DDOS (Denial-of-service attack):
A denial-of-service (DoS) attack prevents users
from accessing a computer or website. In a DoS attack, a
hacker attempts to overload or shut down a computer, so
that legitimate users can no longer access it. Typical DoS
attacks target web servers and aim to make websites
unavailable. No data is stolen or compromised, but the
interruption to the service can be costly for a company.
 Email Trojans:
Many of the most prolific viruses distribute
themselves automatically by email. Typically, email-
aware viruses depend on the user double-clicking on an
attachment.
This runs the malicious code, which will then mail
itself to other people from that computer.
 Boot Sector Malware:
When you turn on a computer, the hardware looks for
the boot sector program, which is usually on the hard disk (but
can be on a CD/DVD or FlashDrive), and runs it. This program
then loads the
rest of the operating system into memory.
Boot sector malware replaces the original boot sector
with its own, modified version (and usually hides the original
somewhere else on the hard disk). The next time you start up,
the infected boot sector is used and the malware becomes
active.
 Autorun worm:
Autorun worms are malicious programs that take
advantage of the Windows AutoRun feature. They execute
automatically when the device on which they are stored is
plugged into a computer.
 Keylogging:
Keylogging is the proces of secretly
recording keystrokes by an unauthorized third party.
Keylogging is often used by malware to steal
usernames, passwords, credit card details and other
sensitive data.
 Prevention
Identify your weaknesses. Like a fort that surrounds a castle, your protection is only as strong as
your weakest point. Review how your company and your clients access your network. Make sure
every entry point is secured with passwords and encryption.

Install anti-virus software on your computers. Many Internet service providers supply these with
your agreement. But if they don’t, invest in an anti-virus program to prevent malware attacks on
your system.

Install perimeter security solutions. There are three types of network perimeter
security:

1) Firewall – Prevents unauthorized Internet users from accessing your private network via the
Internet
2) Intrusion Detection System – Monitors and reports on threats to your network Intrusion
3) Prevention Program – Stops threats as well as reports on them
Use a spam filter. You can either install spam filtering
software on your computer or network server, buy a dedicated
appliance or outsource spam filtering to an online service
provider. The software option is typically more budget-
friendly, but online services may be more effective and more
suitable for higher volumes of emails.

Backup your important data. Identify the vital data you

need to protect - accounting information, business plans,
customer databases, vendor information, marketing
documents, etc. Then, choose from offline and online data
backup solutions to ensure the security and availability of
your critical business information. Set a backup schedule
and test your solutions regularly.
 Encrypt your files, hard drives and backup disks. By
encrypting your hardware and data, only people with a valid
password will have access. It’s a necessary step.
Set up a virtual private network (VPN). By creating a VPN, team
members working from home or on the road using Wi-Fi in public
won’t be exposing your business to security threats.

Automate security updates. By enabling auto updates, your

computer will always have the most recent form of software and
anti-virus programs installed.

Restrict total access. Don’t give all team members universal

access to every part of your network. Protect sensitive files and
databases with passwords that only your key people know.
Web and Document References

 Wikipedia
 Kaspersky Lab
 Kaspersky Security Bulletin (2013)
 Security Magazine (2013)
 Webroot
 Sophos
 Norton
 ESET NOD 32
 Securelist
 Youtube