Professional Documents
Culture Documents
Cyber World, Cyber crime, Methods and Taxonomy of Cyber Attacks, reason behind cyber crime,
Role playing factors responsible for cyber crimec
The Cyber World
The Cyber World, or cyberspace, is more than just the Internet. It refers to an online environment where many
participants are involved in social interactions and have the ability to affect and influence each other. People
interact in cyberspace through the use of digital media. Examples of cyberspace interactions are: Create media,
share media and consume media.
The Cyber World
(History)
In 1984, Wiliam Gibson published his science fiction book – Necromancer, which describes an online world of
computers and elements of the society who use these computers. The word cyberspace first appeared in this
book.
According to him, cyberspace looked like a physical space but was actually a computer generated construction.
Also, it represented abstract data.
The book caught the imagination of many writers and in 1986, major English language dictionaries introduced
the word ‘cyberspace’. According to the New Oxford Dictionary of English, ‘CyberSpace’ is the notional
environment in which people communicate over computer networks.
The Cyber World
Characteristics of Cyberspace
When people are online, most of them engage in activities that leave a digital footprint. A digital footprint
refers to all information found online about a person; it is either posted by that person or others, intentionally
or unintentionally. This information leaves a permanent mark as it can be easily retraced, retrieved and passed
on by others. The digital footprint can be used by potential employers and universities looking for information
on their potential employees and students. The following infographic shows the characteristics of cyberspace
and its impact:
The Cyber World
Characteristics of Cyberspace
Since cyberspace is a virtual space, it has no boundaries, mass, or gravity. It simply represents the
interconnected space between computers, systems, and other networks.
It exists in the form of bits and bytes – zeroes and ones (0’s and 1’s). In fact, the entire cyberspace is a dynamic
environment of 0’s and 1’s which changes every second. These are simply electronic impulses. Also, it is an
imaginary location where the words of two parties meet in conversation.
Cyber Crime
Cybercrime is any criminal activity that involves a computer, networked device or a network. While most
cybercrimes are carried out in order to generate profit for the cybercriminals, some cybercrimes are carried out
against computers or devices directly to damage or disable them, while others use computers or networks to
spread malware, illegal information, images or other materials. Some cybercrimes do both -- i.e., target computers
to infect them with a computer virus, which is then spread to other machines and, sometimes, entire networks.
A primary effect of cybercrime is financial; cybercrime can include many different types of profit-driven criminal
activity, including ransomware attacks, email and internet fraud, and identity fraud, as well as attempts to steal
financial account, credit card or other payment card information.
Cybercriminals may also target an individual's private information, as well as corporate data for theft and resale.
As many workers settle into remote work routines due to the pandemic, cybercrimes are expected to grow in
frequency in 2021, making it especially important to protect backup data.
Cyber Crime
Defining cybercrime
The U.S. Department of Justice (DOJ) divides cybercrime into three categories:
crimes in which the computing device is the target -- for example, to gain network access;
crimes in which the computer is used as a weapon -- for example, to launch a denial-of-service (DoS) attack; and
crimes in which the computer is used as an accessory to a crime -- for example, using a computer to store illegally
obtained data.
Cyber Crime
Indian IT Act 2000:
Cybercrime in a narrow sense (computer crime):
Any illegal behavior directed by means of electronic operations that targets the security of computer systems and
the data processed by them.
1. Injection attacks
It is the attack in which some data will be injected into a web application to manipulate the application and fetch
the required information. Example- SQL Injection, code Injection, log Injection, XML Injection etc.
2. DNS Spoofing
DNS Spoofing is a type of computer security hacking. Whereby a data is introduced into a DNS resolver's cache
causing the name server to return an incorrect IP address, diverting traffic to the attacker?s computer or any other
computer. The DNS spoofing attacks can go on for a long period of time without being detected and can cause
serious security issues.
Types of Cyber Attacks: Web-based
attacks
3. Session Hijacking
It is a security attack on a user session over a protected network. Web applications create cookies to store
the state and user sessions. By stealing the cookies, an attacker can have access to all of the user data.
4. Phishing
Phishing is a type of attack which attempts to steal sensitive information like user login credentials and
credit card number. It occurs when an attacker is masquerading as a trustworthy entity in electronic
communication.
5. Brute force
It is a type of attack which uses a trial and error method. This attack generates a large number of guesses
and validates them to obtain actual data like user password and personal identification number. This
attack may be used by criminals to crack encrypted data, or by security, analysts to test an organization's
network security.
Types of Cyber Attacks: Web-based
attacks
6. Denial of Service
It is an attack which meant to make a server or network resource unavailable to the users. It accomplishes this by
flooding the target with traffic or sending it information that triggers a crash. It uses the single system and single
internet connection to attack a server. It can be classified into the following-
Volume-based attacks- Its goal is to saturate the bandwidth of the attacked site, and is measured in bit per second.
Protocol attacks- It consumes actual server resources, and is measured in a packet.
Application layer attacks- Its goal is to crash the web server and is measured in request per second.
7. Dictionary attacks
This type of attack stored the list of a commonly used password and validated them to get original password.
8. URL Interpretation
It is a type of attack where we can change the certain parts of a URL, and one can make a web server to deliver
web pages for which he is not authorized to browse.
Types of Cyber Attacks: Web-based
attacks
9. File Inclusion attacks
It is a type of attack that allows an attacker to access unauthorized or essential files which is
available on the web server or to execute malicious files on the web server by making use of the
include functionality.
2. Worm
It is a type of malware whose primary function is to replicate itself to spread to uninfected computers. It
works same as the computer virus. Worms often originate from email attachments that appear to be from
trusted senders.
3. Trojan horse
It is a malicious program that occurs unexpected changes to computer setting and unusual activity, even
when the computer should be idle. It misleads the user of its true intent. It appears to be a normal
application but when opened/executed some malicious code will run in the background.
Types of Cyber Attacks: System-based
attacks
4. Backdoors
It is a method that bypasses the normal authentication process. A developer may create a backdoor so
that an application or operating system can be accessed for troubleshooting or other purposes.
5. Bots
A bot (short for "robot") is an automated process that interacts with other network services. Some
bots program run automatically, while others only execute commands when they receive specific
input. Common examples of bots program are the crawler, chatroom bots, and malicious bots.
Cyber Attack Malware Taxonomy
Spoofing: The term spoofing means imitate something while exaggerating its characteristic features with some
personal gain or profit. Spoofing of user identity can be described as a situation in which one person or program
successfully masquerades (means pretending to be someone one is not) as another by falsifying data. Spoofing
can be done using email or SMS or WhatApp. For eg.,Constantly mailing a person claiming from bank and
requesting banking credentials. Screenshot shows hacker claiming to be from WhatsApp and sending an
attachment
2. Cyber crime against Property
Transmitting virus: A computer virus is a malware program that reproduces itself into another computer
programs, disk drive, files or booting sector of hard drive. Once this replication of so called virus is
succeeded the areas affected are termed as “infected”. Hacker generally transmit virus to target system
using email attachment as medium. When victim opens the attachment (which is infected with virus) this
virus gets replicated throughout the system and thereby slowing down your system.
Cyber Squatting: The term squatting means unlawfully occupying an uninhabited place. Cyber
Squatting is where two or more persons claim for the same Domain Name or any service available on
Internet such as facebook profile etc. The hacker claims that he/she had first registered the name before
other person or he/she is the owner for twitter handle.
For eg., the first case in India registered for cybersquatting was Yahoo Inc. v/s, Aakash Arora, in 1999
where the defendant launched a YahooIndia.com website nearly identical to the plaintiff’s popular website
Yahoo.com and also provided almost similar services. However, the court ruled in favour of Yahoo Inc.
2. Cyber crime against Property
Cyber Vandalism: Vandalism refers to action involving deliberate destruction or damage of public or private
property. Cyber vandalism means destroying or damaging the data when a network service is unavailable.
For eg., The Tribune of Pakistan had reported in November 2012 that hackers (group named as ‘eboz’ in Pakistan)
replaced Google’s Pakistan logo with a picture of two penguins walking up a bridge at sunset.
Intellectual Property Crimes: Intellectual property are intangible property that is the result of creativity such as
copyrights, trademark, patent etc. Intellectual Property Right (IPR) crime is any unlawful act by which the owner
is deprived of his/her rights completely or partially. These are the most common offence occurring in India and
includes software piracy, infringement of patents, designs, trademark, copyright, theft of source code etc.
For eg., The popular case of trademark of Bikanervala v/s New Bikanerwala filed in 2005. The plaintiff (here
Bikanervala) had filed IPR case with defendant (here New Bikanerwala) since they were running new outlet in
Delhi by using trademark registered with plaintiff. The court had allowed plaintiff’s application and the defendant
was restrained by means of an ad interim injunction.
3. Cybercrime against government
Cyber Warfare: Cyberwarfare is an Internet-based conflict that involves politically motivated attacks on information
and its related systems. It can disable official websites and networks, disrupt or even disable essential services such as
Internet connection, steal or alter classified data such as sensex details on official website, and cripple financial
systems such as blocking payment gateways.
For eg., National Security Agency (NSA) of US spying on large scale on many countries. This spying was blown up
by former NSA agent Edward Snowden.
Cyber Terrorism: Cyber Terrorism is politically motivated use of computers and information technology to cause
severe disruption or widespread fear amongst people.
For eg., the recent example of 2015 dimapur mob lynching rape accused is due to outspread of message on chatting
app called Whatsapp amount locals of Dimapur district in Nagaland.
4. Cybercrime against society at large
Online Gambling: The term gambling means involving in activities that allow chance for
money. Online gambling is one of the most lucrative businesses that is growing today in
the list of cybercrimes in India. It is also known as Internet gambling or iGambling. The
cybercrime incident such as online lottery scam (particularly those of Nigeria lottery
scam), online jobs i.e. work from remote location etc.
Cyber Trafficking: The term trafficking means dealing or involving in trade activities
that is considered to be illegal and is prohibited by cybercrime law. Cyber Trafficking
refers to unlawful activities carried out using computer and/or computer services. For eg.,
selling kidnapped child to human trafficking group using WhatsApp as medium.