BHARATI VIDYAPEETH’S JAWAHARLAL NEHRU INSTITUTE OF TECHNOLOGY, PUNE 43 ACADEMIC YEAR 2023 - 24 COURSE: NETWORK AND INFORMATION SECURITY (NIS) COURSE CODE: 22620 MICRO-PROJECT ON: CASE STUDY ON CYBER SECURITY GUIDE NAME: MISS. S. S. NAIK MICRO PROJECT BY: JYOTI VAGGU (TYCM - A) (11) Signature of Student Signature of GuideACKNOWLEDGEM I WOULD LIKE TO EXPRESS MY SINCERE APPREC: TION TO RESPECTED MISS S. S. NAIK MADAM FOR HER GUIDANCE AND SUPPORT DURING MICRO PROJECT ON NETWORK AND INFORMATION SECURITY (NIS). YOUR ENCOURAGEMENT AND INSIGTES HAVE BEEN VALUABLE TO ME.INTRODUCTION Cybercrime is the use of a computer as an instrument to further illegal ends, such as committing fraud, stealing identities, or violating privacy. It can involve a wide range of activities, including hacking, identity theft, online fraud, cyberbullying, cyberterrorism, and more. Cybercrime is a global concern due to its non local nature, making it challenging for law enforcement to investigate. The Council of Europe Convention on Cybercrime, signed in 2001, is an international treaty aimed at combating cybercrime. Cybercrime can be classified into various types, such as hacking, identity theft, online fraud, cyberbullying, cyberterrorism, and more. Each type of cybercrime involves different methods, motives, and legal implications, making itchallenging to create a comprehensive definition that covers them all HACK THIEF SPY FRAUD INFORMATION HACKING ean i uae [oe)p)a COMMUNICATION PC x ° E 4 8 y fa] g fia] SNe a eS iste} PSS U0 5B) PHISHING DIGITAL DANGERTYPES OF CYBER CRIME Cyber Terrorism: Involves using computers and the internet to perform violent acts that threaten the lives of citizens. It can be defined as an act of terrorism committed through cyberspace or computer resources. Cyber Extortion: Occurs when websites, email servers, or computer systems are subjected to or threatened with repeated denial of service attacks by hackers who demand significant sums of money for protection. Cyber Warfare: Involves using computers, online control systems, and networks in a battle space context for offensive and defensive operations related to cyber attacks, espionage, and sabotage. Internet Fraud: Involves d it or fraud using the internet, which could include hiding information or providing false information to deceive victims for financial gain.Cyber Stalking: Online harassment where victims are bombarded with online messages and emails. Cyber stalkers use the internet to harass victims, and if unsuccessful, may resort to offline stalking in conjunction with cyber stalking. sou —FOLWER = VIRUS TROJAN CLOUD oos © BRUTEFORCE LOGINCYBER LAWS SECTION 65 - Tampering with Computer Source Documents: A person who intentionally conceals, destroys or alters any computer source code (such as programmes, computer commands, design and layout), when it is required to be maintained by law commits an offence and can be punished with 3 years’ imprisonment or a fine of 2 Lakhs INR or both SECTION 66 - Using Password of another person: Ifa person fraudulently uses the password, digital signature or other unique identification of another person, he/she can face imprisonment up to 3 years or/and a fine of 1 Lakh INR.SECTION 66D - Cheating using Computer Resources: If a person cheats someone using a computer resource or a communication device, he/she could face imprisonment up to 3 years or/and fine up to | Lakh INR SECTION 66E - Publishing Private Images of others: Ifa person captures, transmits or publishes images of a person’s private parts without his/her consent or knowledge, the person is entitled to imprisonment up to 3 years of fine up to 2 Lakhs INR or both SECTION 66F - Acts of Cyber Terrorism A person can face life imprisonment if he/she denies an authorized person the access to the computer resource or attempts to penetrate/access a computer resource without authorization, with an aim to threaten the unity, integrity, security or sovereignty of the nation. This is a non- bailable offence.SECTION 67 - Publishing child Porn or predating children online Ifa person captures, publishes or transmits images of a child in a sexually explicit act or induces anyone under the age of 18 into a sexual act, then the person can face imprisonment up to 7 years or fine up to 10 lakhs INR or both SECTION 69 - Government’s Power to block websites If the government feel it necessary in the interest of sovereignty and integrity of India, it can intercept, monitor or decrypt any information generated, transmitted, received or stored in any computer resource. The power is subject to compliance of procedure. Under section 69A, the central government can also block any information from public access.SECTION 434 - Data protection at Corporate level If a body corporate is negligent in implementing reasonable security practices which causes wrongful loss or gain to any person, such body corporate shall be liable to pay damages to the affection person. IT ACT 2000: The Information Technology Act, 2000 is an Act of the Indian Parliament that was notified on October 17, 2000. It aims to provide legal recognition for transactions carried out by electronic means and to facilitate electronic filing of documents with the government agencies. The Act also provides for the establishment of a Controller of Certifying Authorities to regulate the issuance of digital signatures. The Act has been amended several times since its enactment, most notably in 2008 with the introduction of the Information Technology (Amendment) Act, 2008. This amendment expanded the scope of the Act to include new offenses related to cyber terrorism, data protection, and electronic signatures. The Information Technology Act, 2000 is an important piece of legislation that has helped to promote the growth of the IT industry in India and has provided a legal framework for electronic _ transactions and communicationsIT ACT 2008: The Information Technology (Amendment) Act, 2008, commonly referred to as the IT Act 2008, is an amendment to the Information Technology Act, 2000 (IT Act 2000) in India. It was enacted to address emerging iss in the field of information technology and electronic commerce. The IT Act 2008 introduced several new provisions and amendments to the original Act, including: 1.Cyber Terrorism: The IT Act 2008 introduced new provisions related to cyber terrorism, including the definition of cyber terrorism and the penalties for committing cyber terrorism-related offenses. 2.Data Protection: The IT Act 2008 introduced new provisions related to data protection and_ privacy, including the requirement for companies to implement reasonable security practices and procedures to protect sensitive personal data. It also introduced new penalties for offenses related to data theft, hacking, and cyber terrorism. 3.Electronic Signatures: The IT Act 2008 introduced new provisions related to electronic signatures, including the recognition of electronic signatures as legally valid and the establishment of the Controller of Certifying Authorities (CCA) to regulate the issuance of digital signatures.4.Intermediary Liability: The IT Act 2008 introduced the concept of "intermediaries" and provided legal immunity to intermediaries for third-party content hosted on their platforms, subject to certain conditions. 5.Offenses and Penalties: The IT Act 2008 introduced new offen: and penalties related to electronic transactions, including the transmission of offensive or menacing messages through electronic communication. Overall, the IT Act 2008 was a significant amendment to the original IT Act 2000 and played a crucial role in shaping India's legal framework for electronic transactions and communications.CASE STUDY Mumbai businessman, loses over 3 crores in online fraud A garment unit owner has been arrested after a 73-year- old businessman from Mumbai fell prey to an online investment fraud and ended up losing 2 3.61 crore, police said on Wednesday. The Cyber Police have so far frozen an amount of 2 2.20 crore and 330 bank accounts, an official said. The alleged transactions took place between May 20 and October 7 last year after the businessman was contacted by three persons, including two women, online who lured him into investing in a scheme by promising hefty returns, the official said. "They also created a WhatsApp group, made an online agreement with the businessman, and sent it to his email ID. The agreement mentioning the returns on the investments was shared in the group to gain the trust of the businessman," he said. The victim invested & 3.61 crore. As he didn't get any returns on his. investment, he approached the West Region Cyber PoliceStation in Bandra Kurla Complex (BKC) and lodged a complaint. The name of the garment unit owner,Ketab Ali Kabil Biswas, came to the fore during the investigation and he was arrested on charges of cheating and forgery under the Indian Penal Code and the Information Technology Act on Monday. "During the investigation, the cyber police froze % 2.20 crore which had been diverted into two bank accounts. Prima facie, as many as 330 bank accounts used by fraudsters have also been frozen," the official added.ANALYSIS AND SOLUTION OF CASE STUDY Analysis of the Case Study: Incident: A 73-year-old businessman from Mumbai fell victim to an online investment fraud, losing 23.61 crore. The fraudsters lured him into investing by promising high returns. Arrest: The garment unit owner, Ketab Ali Kabil Biswas, was arrested on charges of cheating and forgery under the Indian Penal Code and the Information Technology Act after investigations by the Cyber Police. Recovery: The Cyber Police froze %2.20 crore diverted into two bank accounts and froze 330 bank accounts used by the fraudsters.Solutions: Awareness: Educate individuals about common online scams and the importance of verifying investment opportunities before committing funds. Vigilance: Encourage individuals to be cautious when approached for investments online and to conduct thorough due diligence before transferring money. Reporting: Prompt reporting of suspicious activities to cybercrime authorities like the Cyber Police can help prevent further financial losses and apprehend fraudsters. Legal Action: Strict enforcement of laws related to cybercrimes is essential to deter fraudulent activities and hold perpetrators accountable for their actions.Preventive Measures of Cyber Crime: Keep Security Software Updated: Ensure your security software is current and regularly updated to protect against viruses, malware, and other online threats Secure Your Devices: Activate firewalls, use anti- virus/malware software, and install anti-spyware software to prevent unauthorized access and infections on your devices Use Strong Passwords: Create complex passwords with a combination of letters, numbers, and special characters. Avoid using the same password for multiple accounts and change them regularly Protect Your Data: Encrypt sensitive files, make regular backups, and store them in a secure location to prevent data loss in case of cyber attacks Secure Your Network: Secure your wireless network, review default settings, and avoid conducting sensitivetransactions on public Wi-Fi networks to prevent unauthorized access Be Cautious Online: Avoid sharing personal information online, be mindful of what you post on social media, and verify the authenticity of emails or messages before clicking on links or providing information Stay Informed: lay updated on the latest cyber threats, educate yourself on common online scams, and report any suspicious activities to the relevant authorities for prompt actionREFRENCES Digest_202403011834588558366.pdf Cyber Crime Portal https://www.bing.com/ck/a?!& &p=2c9642126399cf40J mltdHM9MTewOTIIMTIWMCZpZ3 VpZD0xNTMwND EzOS0SNmlyLTY INZUtM2JjOS01Mjk20TewMDY0M GlmaW5zaWQONTMWMQ&pin=3&ver=2&hsh=3& feli d=15304139-96b2-6575-3bc9- 52969700640b&psq=CYBER+CRIME+TYPES&u=ala HROcHMG6Ly93d3cuZ2Vla3Nmb3JnZW VreySvemevY3 1iZXItY3JpbWUvéentb=1THANK YOU !