UNIT I: Introduction to Cybercrime: Introduction, Cybercrime: Definition and Origins of the Word, Cybercrime and Information Security, Cybercriminals, Classifications of Cybercrime, Cyberstalking, Cybercafe and Cybercrimes, Botnets. Attack Vector, Proliferation of Mobile and Wireless Devices, Security Challenges Posed by Mobile Devices, Attacks on Mobile/Cell Phones, Network and Computer Attacks Introduction to Cybercrime: Cybercrime refers to illegal activities that are carried out using digital devices and/or networks. These criminal activities involve the use of technology to commit fraud, identity theft, data breaches, computer viruses, scams, and other malicious acts. Here are some specific examples of cybercrim Hacking: This involves gaining unauthorized access to a computer system or network. Hackers can use this access to steal data, disrupt systems, or install malware. * Phishing: This involves tricking people into giving up their personal information, such as passwords or credit card numbers. Phishing scams often use emails or text messages that appear to be from a legitimate source, such as a bank or credit card company. «Identity theft: This is the use of someone else's personal information without their permission. Identity thieves can use this information to open new credit card accounts, take out loans, or commit other crimes. ‘* Cyberbullying: This is the use of electronic communication to bully or harass someone. Cyberbullying can take many forms, such as sending abusive messages, posting embarrassing photos or videos online, or creating fake profiles to impersonate the victim Malware: This is malicious software that can be used to harm computers or networks. Malware can include viruses, worms, Trojans, and spyware. * Child pornography: This is the production, possession, or distribution of sexually explicit material involving minors. (cybercrime is a growing problem, and its important to be aware ofthe risks. Here are some tps for staying safe online: > Be careful about what information you share online. Don't share your personal information with people you don't know or trust, > Use strong passwords and keep them safe. Don't use the same password for multiple accounts. > Be careful about the links you click on. Don't click on links in emails or text messages from people you don't know. > Keep your software up to date. This includes your operating system, web browser, and antivirus software. > Be cautious about using public Avoid using public Wi-Fi for sensitive activities, such as online banking or shopping, By following these tips, you can help protect yourself from cybercrime.Cybercrime and information security are two sides of the same coin, locked in a constant digital battle. On one hand, cybercrime encompasses the malicious activities that exploit vulnerabilities in computer systems and networks for personal gain or disruption. On the other hand, information security aims to protect these systems and networks from such attacks, safeguarding valuable data and ensuring the smooth operation of our digital world. Information security To combat cybercrime, we need a robust defense system known as information security. I's the practice of protecting information assets from unauthorized access, se, disclosure, disruption, modification, or destruction Goal: Its primary goal is to protect information systems and networks from unauthorized access, use, disclosure, disruption, modification, or destruction. This includes safeguarding sensitive data like financial records, personal information, and intellectual property. Strategies: Information security professionals employ a range of strategies to achieve this goal. They implement many strategies include: 1. Access control: Granting permission to access systems and data only to authorized individuals. 2. Eneryption: Scrambling data to make it unreadable if intercepted. 3. Firewalls: Filtering incoming and outgoing traffic to block unauthorized access. 4, Backups: Regularly copying data to ensure its recovery in case of attacks or accidents. 5. Awareness training: Educating users about cyber threats and best practices for staying safe. 6. Incident response: Having a plan to identify, contain, and recover from security incidents. Cybercriminals are individuals or organizations that engage in criminal activities using computers, computer networks, or other digital devices.. They are the perpetrators behind cybercrime, motivated by a range of factors including financial gain, political agendas, personal satisfaction, or simply the thrill ofthe challenge Cybercriminals use various techniques such as hacking, malware, phishing, and social engineering to exploit vulnerabilities in computer systems. lt can be categorized into various types based on their activities, motivations, and methods. Here are some common types of cybercriminals:1. Hackers: Hackers are individuals or groups who gain unauthorized access to computer systems or networks. They may do this to steal data, disrupt operations, or simply to prove their skils. Some hackers are motivated by financial gain, while others may have ideological or political motivations. Hackers are often categorized based on their intentions, motivations, and activities. Here are some common types of hackers: White Hat Hackers: White hat hackers, also known as ethical hackers or security researchers, are the good guys in the world of cybersecurity. It Always work with explicit permission and for the benefit of improving security. Black Hat Hackers: Black hat hackers are individuals or groups who engage in hacking for malicious purposes. They may steal sensitive information, disrupt systems, or commit other cybercrimes for personal gain, revenge, or other illicit motives. Grey Hat Hackers: Grey hat hackers fall somewhere between white hat and black hat hackers. They may hack without explicit permission but without malicious intent. Grey hat hackers often aim to bring attention to security flaws by exposing them without causing significant harm 2. Phishers: Phishers use fraudulent emails, messages, or websites to trick individuals into providing sensitive information such as passwords, credit card numbers, or other personal details. Phishing attacks often mimic legitimate communication to deceive users. 3. Malware Authors: These individuals create malicious software (malware) such as viruses, worms, Trojans, and ransomware. The goal is typically to infect and compromise the security of computer systems, steal information, or extort money from victims. 4, Scammers: Cyber scammers use various tactics to deceive individuals into providing money or sensitive information. This can include online scams, fraudulent schemes, and social engineering techniques designed to manipulate victims. 5. Identity Thieves: Identity thieves steal personal information, such as Social Security numbers, bank account details, or credit card information, to commit fraud. This can lead to financial losses and damage to the victim's reputation. Classification of Cybercrime It can be classified into various categories based on the nature of the criminal activity. Here are some common classifications of eybercrime: > Financial Crimes: Online Fraud: This includes various scams conducted online, such as phishing, identity theft, and schemes to deceive individuals or organizations for financial gain.Credit Card Fraud: Illegitimate use of credit card information for unauthorized transactions. @ Banking Trojans: Malicious software designed to steal banking credentials and conduct unauthorized financial transactions. > Cyber Attacks: Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks: Overloading a system, network, or website with traffic to make it unavailable to users @ Malware Attacks: Spreading malicious software (viruses, worms, ransomware) to compromise systems and steal data. @ SQL Injection and Cross-Site Scripting (XSS): Exploiting vulnerabilities in websites to gain unauthorized access or manipulate data. > Data Breaches: @ Unauthorized Access: Illegitimate access to computer systems, networks, or databases to steal or manipulate data. Data Theft: Stealing sensitive information, such as personal records, login credentials, or intellectual property. > Online Harassment and Cyberbullying: @ Harassment: Using digital platforms to intimidate, threaten, or torment individuals. ‘® Cyberbullying: Bullying behavior carried out using electronic means, often targeting individuals, especially on social media. > Intellectual Property Crimes: © Software Piracy: Unauthorized distribution or reproduction of software. Digital Copyright Infringement: Unauthorized use or distribution of copyrighted materials. > Online Scams: @ Phishing: Deceptive attempts to acquire sensitive information by pretending to be a trustworthy entity. @ Business Email Compromise (BEC): Manipulating employees through email to carry out fraudulent activities. > Terrorist Activities: Online Radicalization: Using the internet to spread extremist ideologies and recruit individuals for terrorist activities. © Cyber Attacks for Political or Ideological Motives: Disrupting or damaging digital infrastructure for political or ideological reasons. > Human Trafficking and Exploitation:Use of the internet to facilitate human trafficking, child exploitation, or other illicit activities, Cyberstalking is a type of cybercrime and is a form of harassment or stalking that occurs through electronic or digital means, such as social media, email, instant messaging, or online forums.that uses the internet and technology to harass or stalk a person. It can be considered an extension of cyberbullyingsome of the most common types of cyberstalking include: Pena Social Media Stalker Online Harassment and Threats Online Impersonation and Deception Financial and Data Misuse Examples of Cyber Stalking: Post rude, offensive, or suggestive comments online Send threatening, controlling, or lewd messages or emails to the target Use technology to threaten or blackmail the target Tag the target in posts excessively, even if they have nothing to do with them Comment on or like everything the target posts online Create fake accounts to follow the target on social media Message the target repeatedly Hack into or hijack the target's online accounts Attempt to extort sex or explicit photos Send unwanted gifts or items to the target, Release confidential information online Post or distribute real or fake photos of the target Bombard the target with sexually explicit photos of themselves Create fake posts designed to shame the victim Track the target's online movements by installing tracking devices Hack into the target's camera on their laptop or smart phone as a way to secretly record them, How to Prevent Cyber stalking: ‘When it comes to preventing cyber stalking, i's important that you take the necessary precautions to protect yourself online. Although it's not possible to completely prevent eyber stalking fiom occurring, there are steps you can take to increase your security and reduce the likelihood of it happening, 1. Create strong passwords, 2. Be sure to log out every time. 3. Keep track of your devices, 4, Use caution on publie wif 5. Practice online safety habitsWhat is a cybercafe? * Acybercafe, also known as an internet cafe, is a physical establishment that provides customers with access to computers and the internet for a fee. © Its typically a public space where people can browse the web, check email, play games, or use online services, printing, and scanning. «They were especially popular in the early days of the internet when home internet access was less common Cybersecurity concerns in cybercafes: © Shared computers: Multiple users accessing the same devices can lead to’ © Increased risk of malware infection from infected files or websites. © Potential for keyloggers or other spying software to capture sensitive information. © Unintentional sharing of personal data if users don't log out properly. © Unsecured networks: Public Wi-Fi networks in cybercafes often lack strong security measures, making them vulnerable to: © Man-in-the-middle attacks, where hackers intercept communication between users and websites. © Data theft, where sensitive information like passwords or credit card details can be intercepted * Insufficient security measures: Some cybercafes might not prioritize cybersecurity, having outdated software, weak passwords, or inadequate firewalls. Best practices for cybersecurity in cybercafes: Use strong passwords and two-factor authentication. Avoid sensitive activities like online banking or accessing confidential information. Be cautious about downloading files or clicking links from unknown sources. Use a VPN (Virtual Private Network) to encrypt your internet traffic. Keep software and antivirus programs updated. Log out of accounts and clear browsing history after use. Report suspicious activity to the cybercafe staff. sec eee Botnets The words "robot" and "network" together give rise to the term Botnet. Botnet refers to a network of hijacked internet-connected devices that are installed with malicious codes known as malware. Each of these infected devices is known as Bots, and a hacker/cybercriminal known as the "Bot herder’ remotely controls them. A bot is also called a zombie, and a botnet is referred to as a zombie army.Botnet El vn ‘Bot Zombie 3 \1/ Key components: No 4. Bots: Individual devices infected with malware, controlled by the bot herder. Command-and-Control Server (C&C): The central hub operated by the attacker, issuing commands to the bots, Depicted as a large central circle with arrows pointing to the bots, Bot Herder: The individual or group controlling the botnet for malicious purposes. Shown as a shadowy figure overlooking the C&C server. Malware: The software that infects devices and turns them into bots. Types of Botnet: 1. Internet Relay Chat (IRC) Botnet 2. Peer-to-Peer (P2P) Botnet 3. HyperText Transfer Protocol (HTTP) Botnet How 1 do botnets work? Infection: The first step is for the attacker to infect devices with malware. This can happen through various ways, such as © Phishing emails: Clicking on malicious links or attachments in emails can install malware on your device. Drive-by downloads: Visiting compromised websites can automatically download malware onto your device without your knowledge. © Software vulnerabilities: Exploiting outdated software or unpatched security holes can allow attackers to inject malware. Command and Control (C&C): Once infected, the bot establishes communication with the attacker's C&C server. This server acts as the brain of the botnet, issuing commands and instructions to the infected devices. Malicious Activities: Upon receiving commands, the bots perform various tasks asinstructed by the bot herder. These tasks can include: > DDoS attacks: Bombarding websites with overwhelming traffic to crash them, © Spam email campaigns: Sending millions of unsolicited emails, often for phishing or spreading malware. © Click fraud: Artificially inflating website traffic or ad revenue for financial gain. © Data theft: Stealing sensitive information like login credentials, credit card details, or personal data Cryptocurrency mining: Illegally harnessing the processing power of infected devices to mine cryptocurrency. The impact of botnets: juals, businesses, and even entire nations. They Botnets pose a significant threat to indi can cause «Financial losses: Businesses can suffer financial losses from DDoS attacks, data breaches, or fraudulent transactions. « Reputational damage: Websites and organizations can suffer reputational damage from spam campaigns or negative publicity associated with botnet attacks. * Privacy violations: individuals can have their personal information stolen, leading to identity theft, financial fraud, or even physical harm * Disruption of critical infrastructure: Botnets can be used to attack critical infrastructure, such as power grids or hospitals, causing widespread disruption and ‘even loss of life. Botnet Lifecycle Botnet Lifecycle can be understood with the help of the following diagrams. Here we have illustrated the lifecycle of Botnet in 4 stages as shown in the figure. Stagel: renner eanvemacivennainaes Cy CO Stage2:An attack vector Itis a pathway or method that attackers use to gain unauthorized access to a system or network to carry out malicious activities. Attack vectors can take many forms, including malware, viruses, email attachments, web pages, pop-ups, instant messages, and social engineering Attack vectors allow cybercriminals to exploit system vulnerabilities to gain access to sensitive information, steal login credentials, or cause a data breach..Attack vectors can be classified as passive or active attacks Here's a breakdown of key concepts: © Attackers: individuats or groups who seek to exploit vulnerabilities for malicious purposes. © Systems/Networks: Targets of attacks, including computers, servers, websites, or entire networks. Vulnerabilities: weaknesses or flaws in systems or software that can be exploited for attacks Malicious activities: Actions performed by attackers, such as stealing data, installing malware, disrupting operations, or causing financial loss. Common types of attack vectors: ¢ Phishing emails: © Attackers send deceptive emails or text messages that appear to be from legitimate sources. © These messages often contain links or attachments that, when clicked, install malware or steal sensitive information. © Malware © Malicious software that can infect devices through various means, such as phishing emails, malicious websites, or software vulnerabilities. © Once installed, malware can steal data, encrypt files for ransom, spy on user activity, or even take control of devices. © Zero-day attacks: Exploiting previously unknown vulnerabilities, often leaving victims with little time to react. * Social engineering: Manipulating users into providing sensitive information or taking actions that compromise security. © Password Attacks: © Attempts to guess or crack passwords to gain access to accounts or systems. © Common methods include brute force attacks, dictionary attacks, andsocial engineering to obtain passwords. SQL injection: Inserting malicious code into database queries to manipulate data or steal information Denial-of-service (DoS) attacks: Overwhelming systems with traffic to make them unavailable to legitimate users. Man-in-the-middle attacks: Intercepting communication between two parties to steal data or inject malware. Physical attacks: Gaining physical access to devices or systems to steal data or install malware. Protecting against attack vectors: Stay informed: Keep software and systems updated with security patches. Use strong passwords: Create unique and complex passwords for all accounts. Enable two-factor authentication: Add an extra layer of security to logins. Be cautious of emails and links: Dont cick links or open attachments from unknown sources. Install security software: Use reputable antivirus and firewall software. Educate employees: Train employees on cybersecurity best practices. Regularly back up data: Protect against data loss in case of successful attacks Proliferation of Mobile and Wireless Devices: The proliferation of mobile and wireless devices has significantly impacted the field of cybersecurity, introducing both challenges and opportunities Opportui Enhanced security solutions: The abundance of devices allows for sophisticated security measures like multi-factor authentication (MEA), leveraging biometrics or location data for added protection. Improved threat detection: Real-time data from various devices can empower systems to identify and respond to security threats faster and more effectively. Convenient security practices: Biometric logins, secure mobile wallets, and remote device management offer user-friendly ways to enhance security in daily life. Improved security tools: Mobile security apps, sandboxing techniques, and advanced malware detection systems are constantly evolving to protect devices from cyber threats. Potential for secure communication: Encryption technologies like end-to-end encryption are becoming more prevalent in messaging applications, offering greater privacy and security for online communication Challenges: © Security vulnerabil jes: Mobile operating systems and applications often containvulnerabilities that attackers exploit to gain unauthorized access and compromise data Expanded attack surface: The sheer number and diversity of devices creates a vast attack surface for cybercriminals, increasing vulnerability to malware, phishing attacks, and data breaches. Increased malware threats: New mobile-specific malware is constantly evolving, targeting vulnerabilities in applications, operating systems, and user behavior, Data privacy concerns: Tracking and collecting data from a multitude of devices raises concerns about user privacy and the potential for misuse by corporations or governments. Unsecured networks: Public Wi-Fi networks lack robust security measures, exposing users to eavesdropping and data theft risks. Potential for malware infection: Downloading apps from untrusted sources or clicking on malicious links can easily infect mobile devices with malware, compromising security and privacy. Lack of security awareness: Not all users are aware of cybersecurity best practices, leaving them vulnerable to basic attacks like weak passwords or easily accessible personal information. Physical security issues: Mobile devices are easily lost or stolen, demanding robust security measures like encryption and remote wipe capabilities. Mitigating the challenges: Investing in robust security solutions Regular updates and patching Promoting cybersecurity awareness Implementing strong data security measures Developing secure mobile applications