UNIT-1

What is cybercrime?

Cybercrime is any criminal activity that involves a computer, networked device or a network.

While most cybercrimes are carried out in order to generate profit for the cybercriminals, some
cybercrimes are carried out against computers or devices directly to damage or disable them. Others
use computers or networks to spread malware, illegal information, images or other materials. Some
cybercrimes do both -- i.e., target computers to infect them with a computer virus, which is then spread
to other machines and, sometimes, entire networks.

A primary effect of cybercrime is financial. Cybercrime can include many different types of profit-driven
criminal activity, including ransomware attacks, email and internet fraud, and identity fraud, as well as
attempts to steal financial account, credit card or other payment card information.

Cybercriminals may target an individual's private information or corporate data for theft and resale. As
many workers settle into remote work routines due to the pandemic, cybercrimes are expected to grow
in frequency in 2021, making it especially important to protect backup data.

Defining cybercrime

The U.S. Department of Justice (DOJ) divides cybercrime into three categories:

1. crimes in which the computing device is the target -- for example, to gain network access;

2. crimes in which the computer is used as a weapon -- for example, to launch a denial-of-service
(DoS) attack; and

3. Crimes in which the computer is used as an accessory to a crime -- for example, using a
computer to store illegally obtained data.

The Council of Europe Convention on Cybercrime, to which the U.S. is a signatory, defines cybercrime as
a wide range of malicious activities, including the illegal interception of data, system interferences that
compromise network integrity and availability, and copyright infringements.

The necessity of internet connectivity has enabled an increase in the volume and pace of cybercrime
activities because the criminal no longer needs to be physically present when committing a crime. The
internet's speed, convenience, anonymity and lack of borders make computer-based variations of
financial crimes -- such as ransomware, fraud and money laundering, as well as crimes such
as stalking and bullying -- easier to carry out.

Cybercriminal activity may be carried out by individuals or groups with relatively little technical skill, Or
by highly organized global criminal groups that may include skilled developers and others with relevant
expertise. To further reduce the chances of detection and prosecution, cybercriminals often choose to
operate in countries with weak or nonexistent cybercrime laws.
How cybercrime works

Cybercrime attacks can begin wherever there is digital data, opportunity and motive. Cybercriminals
include everyone from the lone user engaged in cyber bullying to state-sponsored actors, like China's
intelligence services.

Cybercrimes generally do not occur in a vacuum; they are, in many ways, distributed in nature. That is,
cybercriminals typically rely on other actors to complete the crime. This is whether it's the creator of
malware using the dark web to sell code, the distributor of illegal pharmaceuticals
using cryptocurrency brokers to hold virtual money in escrow or state threat actors relying on
technology subcontractors to steal intellectual property (IP).

Cybercriminals use various attack vectors to carry out their cyber attacks and are constantly seeking new
methods and techniques for achieving their goals, while avoiding detection and arrest.

Cybercriminals often carry out their activities using malware and other types of software, but social
engineering is often an important component for executing most types of cybercrime. Phishing emails
are another important component to many types of cybercrime but especially so for targeted attacks,
like business email compromise (BEC), in which the attacker attempts to impersonate, via email, a
business owner in order to convince employees to pay out bogus invoices.

A list of the different types of cybercrimes

Types of cybercrime

As mentioned above, there are many different types of cybercrime. Most cybercrimes are carried out
with the expectation of financial gain by the attackers, though the ways cybercriminals aim to get paid
can vary. Some specific types of cybercrimes include the following:

 Cyber extortion: A crime involving an attack or threat of an attack coupled with a demand for
money to stop the attack. One form of cyber extortion is the ransomware attack. Here, the
attacker gains access to an organization’s systems and encrypt its documents and files --
anything of potential value -- making the data inaccessible until a ransom is paid. Usually, this is
in some form of cryptocurrency, such as bit coin.

 Crypto jacking: An attack that uses scripts to mine crypto currencies within browsers without
the user's consent. Crypto jacking attacks may involve loading cryptocurrency mining software
to the victim's system. However, many attacks depend on JavaScript code that does in-browser
mining if the user's browser has a tab or window open on the malicious site. No malware needs
to be installed as loading the affected page executes the in-browser mining code.

 Identity theft:An attack that occurs when an individual accesses a computer to glean a user's
personal information, which they then use to steal that person's identity or access their valuable
accounts, such as banking and credit cards. Cybercriminals buy and sell identity information on
darknet markets, offering financial accounts, as well as other types of accounts, like video
 streaming services, webmail, video and audio streaming, online auctions and more. Personal
health information is another frequent target for identity thieves.

 Credit card fraud: An attack that occurs when hackers infiltrate retailers' systems to get the
credit card and/or banking information of their customers. Stolen payment cards can be bought
and sold in bulk on darknet markets, where hacking groups that have stolen mass quantities of
credit cards profit by selling to lower-level cybercriminals who profit through credit card fraud
against individual accounts.

 Cyberespionage: A crime involving a cybercriminal who hacks into systems or networks to gain
access to confidential information held by a government or other organization. Attacks may be
motivated by profit or by ideology. Cyberespionage activities can include every type of cyber
attack to gather, modify or destroy data, as well as using network-connected devices, like
webcams or closed-circuit TV (CCTV) cameras, to spy on a targeted individual or groups and
monitoring communications, including emails, text messages and instant messages.

 Software piracy: An attack that involves the unlawful copying, distribution and use of software
programs with the intention of commercial or personal use. Trademark violations, copyright
infringements and patent violations are often associated with this type of cybercrime.

 Exit scam: The dark web, not surprisingly, has given rise to the digital version of an old crime
known as the exit scam. In today's form, dark web administrators divert virtual currency held in
marketplace escrow accounts to their own accounts -- essentially, criminals stealing from other
criminals.

Common examples of cybercrime

Some of the more commonly saw cybercrime attacks include distributed DoS (DDoS) attacks, which are
often used to shut down systems and networks. This type of attack uses a network's own
communications protocol against it by overwhelming its ability to respond to connection requests. DDoS
attacks are sometimes carried out simply for malicious reasons or as part of a cyber extortion scheme,
but they may also be used to distract the victim organization from some other attack or exploit carried
out at the same time.

Infecting systems and networks with malware is an example of an attack used to damage the system or
harm users. This can be done by damaging the system, software or data stored on the system.
Ransomware attacks are similar, but the malware acts by encrypting or shutting down victim
systems until a ransom is paid.

Phishing campaigns are used to infiltrate corporate networks. This can be by sending fraudulent emails
to users in an organization, enticing them to download attachments or click on links that then spread
viruses or malware to their systems and through their systems to their company's networks.

Credential attacks are when a cybercriminal aims to steal or guess user IDs and passwords for the
victim's systems or personal accounts. They can be carried out through the use of brute-force attacks by
installing keylogger software or by exploiting vulnerabilities in software or hardware that can expose the
victim's credentials.

Cybercriminals may also attempt to hijack a website to change or delete content or to access or modify
databases without authorization. For example, an attacker may use a Structured Query Language (SQL)
injection exploit to insert malicious code into a website, which can then be used to exploit vulnerabilities
in the website's database, enabling a hacker to access and tamper with records or gain unauthorized
access to sensitive information and data, such as customer passwords, credit card numbers, personally
identifiable information (PII), trade secrets and IP.

Other common examples of cybercrime include illegal gambling, the sale of illegal items -- like weapons,
drugs or counterfeit goods -- and the solicitation, production, possession or distribution of child
pornography.

Effects of cybercrime on businesses

The true cost of cybercrime is difficult to assess accurately. In 2018, McAfee released a report on the
economic impact of cybercrime that estimated the likely annual cost to the global economy was nearly
$600 billion, up from $45 billion in 2014.

While the financial losses due to cybercrime can be significant, businesses can also suffer other
disastrous consequences as a result of criminal cyber attacks, including the following:

 Damage to investor perception after a security breach can cause a drop in the value of a
company.

 In addition to potential share price drops, businesses may also face increased costs for
borrowing and greater difficulty in raising more capital as a result of a cyber attack.

 Loss of sensitive customer data can result in fines and penalties for companies that have failed
to protect their customers' data. Businesses may also be sued over the data breach.

 Damaged brand identity and loss of reputation after a cyber attack undermine customers' trust
in a company and that company's ability to keep their financial data safe. Following a cyber
attack, firms not only lose current customers, but they also lose the ability to gain new
customers.

 Businesses may also incur direct costs from a criminal cyber attack, including increased
insurance premium costs and the cost of hiring cyber security companies to do incident
response and remediation, as well as public relations (PR) and other services related to an
attack.

Effects of cybercrime on national defense

Cybercrimes may have public health and national security implications, making computer crime one of
DOJ's top priorities. In the U.S., at the federal level, the Federal Bureau of Investigation's (FBI) Cyber
Division is the agency within DOJ that is charged with combating cybercrime. The Department of
Homeland Security (DHS) sees strengthening the security and resilience of cyberspace as an important
homeland security mission. Agencies such as the U.S. Secret Service (USSS) and U.S. Immigration and
Customs Enforcement (ICE) have special divisions dedicated to combating cybercrime.

USSS's Electronic Crimes Task Force (ECTF) investigates cases that involve electronic crimes, particularly
attacks on the nation's financial and critical infrastructures. USSS also runs the National Computer
Forensics Institute (NCFI), which provides state and local law enforcement, judges and prosecutors with
training in computer forensics.

The Internet Crime Complaint Center (IC3), a partnership among the FBI, the National White Collar
Crime Center (NW3C) and the Bureau of Justice Assistance (BJA), accepts online complaints from victims
of internet crimes or interested third parties.

How to prevent cybercrime

While it may not be possible to completely eradicate cybercrime and ensure complete internet security,
businesses can reduce their exposure to it by maintaining an effective cyber security strategy using
a defense-in-depth approach to securing systems, networks and data.

Cybercrime risks can be reduced with the following steps:

 develop clear policies and procedures for the business and employees;

 create cyber security incident response plans to support these policies and procedures;

 outline the security measures that are in place about how to protect systems and corporate
data;

 use two-factor authentication (2FA) apps or physical security keys;

 activate 2FA on every online account when possible;

 verbally verify the authenticity of requests to send money by talking to a financial manager;

 create intrusion detection system (IDS) rules that flag emails with extensions similar to company
emails;

 carefully scrutinize all email requests for transfer of funds to determine if the requests are out
of the ordinary;

 continually train employees on cyber security policies and procedures and what to do in the
event of security breaches;

 keep websites, endpoint devices and systems current with all software release updates or
patches; and
  Back up data and information regularly to reduce the damage in case of a ransomware attack or
data breach.

Information security and resistance to cybercrime attacks can also be built by encrypting local hard disks
and email platforms, using a virtual private network (VPN) and using a private, secure domain name
system (DNS) server.

Cybercriminals commit cybercrimes using different tools and techniques. But, the basic process of
performing the attacks is same in general. The process or steps involved in committing the cybercrime
can be specified in 5 steps namely:

1) Reconnaissance
2) Scanning and Scrutinizing
3) Gaining Access
4) Maintaining Access and
5) covering the tracks

The simplified or condensed process consists of 3 steps namely:

1) Reconnaissance
2) Scanning and Scrutinizing and
3) Launching an Attack

Social engineering is the term used for a broad range of malicious activities accomplished through
human interactions. It uses psychological manipulation to trick users into making security mistakes or
giving away sensitive information.

Social engineering attacks happen in one or more steps. A perpetrator first investigates the intended
victim to gather necessary background information, such as potential points of entry and weak security
protocols, needed to proceed with the attack. Then, the attacker moves to gain the victim’s trust and
provide stimuli for subsequent actions that break security practices, such as revealing sensitive
information or granting access to critical resources.

Cyber Stalking, a cyber criminal uses the internet to consistently threaten somebody. This crime is often
perpetrated through email, social media, and the other online medium. Cyber Stalking can even occur in
conjunction with the additional ancient type of stalking, wherever the bad person harasses the victim
offline. There’s no unified legal approach to cyber stalking, however, several governments have moved
toward creating these practices punishable by law. Social media, blogs, image sharing sites and lots of
different ordinarily used online sharing activities offer cyber Stalkers with a wealth of data that helps
them arrange their harassment. It includes actions like false accusations, fraud, information destruction,
threats to life and manipulation through threats of exposure. It has stalkers take the assistance of e-
mails and other forms of message applications, messages announce to an online website or a discussion
cluster, typically even the social media to send unwanted messages, and harass a specific person with
unwanted attention. Cyber Stalking is typically cited as internet stalking, e-stalking or online stalking.
Types of Cyber Stalking:

 Webcam Hijacking: Internet stalkers would attempt to trick you into downloading and putting in
a malware-infected file that may grant them access to your webcam. the method is therefore
sneaky that it’s probably you wouldn’t suspect anything strange.

 Observing location check-ins on social media: In case you’re adding location check-ins to your
Face book posts, you’re making it overly simple for an internet stalker to follow you by just
looking through your social media profiles.

 Cat fishing: Cat fishing happens via social media sites, for example, Face book, when internet
stalkers make counterfeit user-profiles and approach their victims as a companion of a
companion.

 Visiting virtually via Google Maps Street View: If a stalker discovers the victim’s address, then it
is not hard to find the area, neighborhood, and surroundings by using Street View. Tech-savvy
stalkers don’t need that too.

 Installing Stalkerware: One more method which is increasing its popularity is the use of Stalker
ware. It is a kind of software or spyware which keeps track of the location, enable access to text
and browsing history, make an audio recording, etc. And an important thing is that it runs in the
background without any knowledge to the victim.

 Looking at geotags to track location: Mostly digital pictures contain geotags which is having
information like the time and location of the picture when shot in the form of metadata.
Geotags comes in the EXIF format embedded into an image and is readable with the help of
special apps. In this way, the stalker keeps an eye on the victim and gets the information about
their whereabouts.

Protective Measures:

 Develop the habit of logging out of the PC when not in use.

 Remove any future events you’re close to attending from the social networks if they’re recorded
on online approaching events and calendars.

 Set strong and distinctive passwords for your online accounts.

 Cyber Stalkers can exploit the low security of public Wi-Fi networks to snoop on your online
activity. Therefore, avoid sending personal emails or sharing your sensitive info when connected
to an unsecured public Wi-Fi.

 Make use of the privacy settings provided by the social networking sites and keep all info
restricted to the nearest of friends.
  Do a daily search on the internet to search out what information is accessible regarding you for
the public to check.

WHAT is MEANING OF CYBER CRIME AND CYBER CAFE…

 In February 2009 survey, 90% of the audience across eight cities and 3500 cafes were male and
in the age group of 15-35 years.

 52% were graduates and postgraduates.

 Almost 50% were students.

 In India, cyber cafes are known to be used for either real or false terrorist communication.

Cyber cafe holds two types of risks:

1. We do not know what programs are installed on the computer like key loggers or spyware.

2. Over the shoulder peeping can enable others to find out your passwords.

 Cyber criminals prefer cyber cafes to carry out their activities.

A recent survey conducted in one of the metropolitan cities in India reveals the following facts:

1. Pirated software is installed in all the computers.

2. Antivirus was not updated with latest patch.

3. Several cyber cafes have installed “Deep Freeze” to protect computer which helps cyber criminals.

4. Annual Maintenance Contract (AMC) was not found for servicing of the computer.

5. Pornographical websites were not blocked.

6. Cybercafe owner have very less awareness about IT security.

7. Cybercafe association or State Police do not seem to conduct periodic visits to cyber cafe.

SECURITY TIPS FOR CYBER CAFE….

 Always Logout–While checking email or logging in for chatting, always click logout/sign out.

 Stay with the computer–While surfing, don’t leave the system unattended for any period of
time.

 Clear history and temporary files–Before browsing deselect AutoComplete option. Browser ->
Tools -> Internet options -> Content tab.–Tools -> Internet Option -> General Tab -> Temporary
Internet Files -> Delete files and then Delete Cookies.
  Avoid online financial transactions–One should avoid online banking, shopping, etc.–Don’t
provide sensitive information such as credit card number or bank account details.

 Change Passwords / Virtual Keyboard–Change password after completion of transaction.

 Be alert–One have to be alert for snooping over the shoulder.

A botnet (short for “robot network”) is a network of computers infected by malware that are under the
control of a single attacking party, known as the “bot-herder.” Each individual machine under the
control of the bot-herder is known as a bot. From one central point, the attacking party can command
every computer on its botnet to simultaneously carry out a coordinated criminal action. The scale of a
botnet (many comprised of millions of bots) enables the attacker to perform large-scale actions that
were previously impossible with malware. Since botnets remain under control of a remote attacker,
infected machines can receive updates and change their behavior on the fly. As a result, bot-herders are
often able to rent access to segments of their botnet on the black market for significant financial gain.

Common Botnet Actions Include:

 Email spam– though email is seen today as an older vector for attack, spam botnets are some of
the largest in size. They are primarily used for sending out spam messages, often including
malware, in towering numbers from each bot. The Cutwail botnet for example, can send up to
74 billion messages per day. They are also used to spread bots to recruit more computers to the
botnet.

 DDoS attacks– leverage the massive scale of the botnet to overload a target network or server
with requests, rendering it inaccessible to its intended users. DDoS attacks target organizations
for personal or political motives or to extort payment in exchange for ceasing the attack.

 Financial breach– includes botnets specifically designed for the direct theft of funds from
enterprises and credit card information. Financial botnets, like the ZeuS botnet, have been
responsible for attacks involving millions of dollars stolen directly from multiple enterprises over
very short periods of time.

 Targeted intrusions– smaller botnets designed to compromise specific high-value systems of

organizations from which attackers can penetrate and intrude further into the network. These
intrusions are extremely dangerous to organizations as attackers specifically target their most
valuable assets, including financial data, research and development, intellectual property, and
customer information.

An attack vector is a pathway or method used by a hacker to illegally access a network or computer in
an attempt to exploit system vulnerabilities. Hackers use numerous attack vectors to launch attacks that
take advantage of system weaknesses, cause a data breach, or steal login credentials. Such methods
include sharing malware and viruses, malicious email attachments and web links, pop-up windows, and
instant messages that involve the attacker duping an employee or individual user.
Many security vector attacks are financially motivated, with attackers stealing money from people and
organizations or data and personally identifiable information (PII) to then hold the owner to ransom.
The types of hackers that infiltrate a network are wide-ranging. They could be disgruntled former
employees, politically motivated organized groups, hacktivists, professional hacking groups, or state-
sponsored groups.

Cyber security attacks are launched using an attack vector. This could be through malware or
a phishing attack, which aims to steal user credentials and gain unauthorized access to corporate data or
resources. Social engineering is another way to launch an attack.

The attack surface is the total network area an attacker can use to launch cyber attack vectors and
extract data or gain access to an organization’s systems. Devices and people are part of an
organization’s attack surface because their vulnerabilities, such as weak passwords or unpatched
software, can be exploited by an attacker.

There are two main types of hacker vector attacks: passive attacks and active attacks.

Passive Attack

A passive attack occurs when an attacker monitors a system for open ports or vulnerabilities to gain or
gather information about their target. Passive attacks can be difficult to detect because they do not
involve altering data or system resources. Rather than cause damage to an organization’s systems, the
attacker threatens the confidentiality of their data.

Passive attack vectors include passive reconnaissance, which sees the attacker monitor an organization’s
systems for vulnerabilities without interacting with them through tools like session capture, and active
reconnaissance, where the attacker uses methods like port scans to engage with target systems.

Active Attack

An active attack vector is one that sets out to disrupt or cause damage to an organization’s system
resources or affect their regular operations. This includes attackers launching attacks against system
vulnerabilities, such as denial-of-service (DoS) attacks, targeting users’ weak passwords, or through
malware and phishing attacks.

A common example of an active attack is a masquerade attack, in which an intruder pretends to be a

trusted user and steals login credentials to gain access privileges to system resources. Active attack
methods are often used by cyber criminals to gain the information they need to launch a wider cyber
attack against an organization.