Cyber offenses & Cybercrime

UNIT - 2
Cyber Offenses & Cybercrime

Cyber offenses & Cybercrime: How criminal plan the attacks, Social Engg, Cyber
stalking, Cybercafé and Cybercrimes, Botnets, Attack vector, Cloud computing, Credit
Card Frauds.

Cyber Offences: How Criminals Plan Them

 Introduction:
 Cybercriminal use the World Wide Web and internet for illegal activities to store data,
contacts, account information, etc.
 The criminals take advantage of the lack of awareness about cybercrimes and cyber laws
among the people who are constantly using the IT infrastructure for official and personal
purposes.
 People who commit cybercrimes are known as “Crackers”. Some technical terms used
related to cyber rimes and cyber offences are,

 Hacker
A hacker is a person with strong interest in computers who enjoys learning and
experimenting with them. Hackers are usually very talented, smart people who understand
computers better than others.
 Brute force Hacking
It is a technique used to find passwords or encryption keys. Brute force
hacking involves trying every possible combination of letters, numbers etc. until the
code is broken.

 Cracker
A cracker is a person who breaks into computers. Crackers should not be
confused with hackers. The term cracker is usually connected to computer criminals.

 Cracking
It is the act of breaking into computers. Cracking is popular, growing subject
on the internet. Many sites are devoted to supplying crackers with programs that
allow them to crack computers.

 Cracker Tools
These are programs used to break into computers. Cracker tools are widely
distributed on the internet. They include password crackers, Trojans, worms, viruses etc.

 Phreaking
This is the notorious art of breaking into communication system. Phreaking
sites are popular among crackers and other criminals.
 War dialer
It is a program that automatically dials phone numbers looking for computers
on the other end. It catalogs numbers so that hackers can call back and try to break
it.

Prof. Satish Malayi | KLE’s SSMS BCA Athani P a g e 1 | 19

 Cyber offenses & Cybercrime

 What color is your Hat in the security world?

Hackers can be classified into different categories such as white hat, black hat, and
grey hat, based on their intent of hacking a system.
 Black Hat: Just like in the old westerns, these are the bad guys. A black hat is a
cracker. To add insult to injury, black hats may also share information about the
“break in” with other black hat crackers so they can exploit the same vulnerabilities
before the victim becomes aware and takes appropriate measures.
 White Hat: While black hats use their skill for malicious purposes, white hats are
ethical hackers. They use their knowledge and skill to thwart the black hats and
secure the integrity of computer systems or networks. If a black hat decides to
target you, it’s a great thing to have a white hat around.
 Gray Hat: A gray hat, as you would imagine, is a bit of a white hat/black hat
hybrid. Thankfully, like white hats, their mission is not to do damage to a system
or network, but to expose flaws in system security. The black hat part of the mix is
that they may very well use illegal means to gain access to the targeted system or
network, but not for the purpose of damaging or destroying data: they want to
expose the security weaknesses of a particular system and then notify the “victim”
of their success. Often this is done with the intent of then selling their services to
help correct the security failure so black hats cannot gain entry and/or access for
more devious and harmful purposes.

 Categories of Cybercrime
 Cybercrime categorized based on following:
1. The target of the crime
2. The crime occurs as a single event or a series of events
A. Crimes targeted at individuals
The goal is to exploit human weakness such as greed. These crimes include financial
frauds, Sale of nonexistent or stolen items, Child pornography, Copyright violation
and Harassment.
B. Crimes targeted at property
This includes Stealing mobile phones, laptop, PDAs, removable devices;
transmitting harmful programs that can disrupt functions of the systems or can wipe
out data from hard disk.
C. Crimes targeted at organizations
Cyber Terrorism is one of the crimes against organizations. Attacker uses computer
tools and Internet to usually terrorize the citizens of a particular country by stealing
the private information and also damage the programs and files or plant programs to
get control of network or system.
D. Single event of cybercrime
It is single event from perspective of the victim. For example, unknowingly open an
attachment that may contain virus that will infect the system.
E. Series of events
This involves attacker interacting with the victims respectively. For example,
attacker interacts with the victim on the phone and then they exploit that relationship
to commit the sexual assault.

Prof. Satish Malayi | KLE’s SSMS BCA Athani P a g e 2 | 19

 Cyber offenses & Cybercrime

 How criminals plan the attack

 Criminals use many methods and tools to locate weakness (vulnerability) of their
target. Criminals plan passive and active attacks.
 Active attacks are usually used to alter the system where as passive attacks attempt
to gain information about the target. In addition to the active and passive categories,
attacks can be categorized as either inside or outside.

 Inside attack an attack originating and/or attempted within the security perimeter of
an organization is an inside attack. It is usually attempted by an “insider” who gains
access to more resources than expected.

 Outside Attack, An outside attack is attempted by a source outside the security
perimeter. It may be attempted by an insider and/or an outsider. It is attempted
through the Internet or a remote access connection.

 Phases involved in planning cybercrime

1. Reconnaissance (information gathering) is the first phase and is treated as passive

attacks.
2. Scanning the gathered information for the validity of the information as well as to
identify the existing weakness.
3. Launching an attack.

Phase 1 Reconnaissance
 The meaning of Reconnaissance is an act of reconnoitering–explore, often with
the goal of finding something or somebody (especially to gain information about
an enemy or potential enemy). Reconnaissance phase begins with “Foot
printing”. Foot printing is the preparation toward pre attack phase.
 It involves accumulating data about the target’s environment and computer
architecture to find ways to intrude into that environment.
 The objectives of this phase is to understand the system, its networking ports and
services and any other aspects of its security.
 An attacker attempts to gather information in two phases:
1. Passive attack
2. Active attack

1. Passive Attack
A passive attack involves gathering information about a target without his/her
knowledge. Information can be gathered from:
a. Google or Yahoo Search: Use Google Earth to locate information about
employees.
b. Surfing online community groups like orkut /Facebook will prove useful to
gain the information about an individual.
c. Organization’s website may provide a personnel directory or information about key
employees.
d. Blogs, newsgroups, press releases, etc. are generally used as the mediums to
gain information about the company or employee.
e. Going through the job postings in particular job profiles for technical persons.
● Network sniffing is another means of passive attack to yield useful information
such as IP, hidden servers or networks and other available services on the system
or network.

Prof. Satish Malayi | KLE’s SSMS BCA Athani P a g e 3 | 19

 Cyber offenses & Cybercrime
 Tools used for Passive Attack
Name of Tool Brief Description

Google Earth Google Earth is a virtual map and geographical information

program it gives information about location of the employee

WHOIS Domain registration tool gives information about, domain name

search, domain name registration, available domain names, IP
address.

Domain Name To perform searches for domain names (ex: website names) using
Confirmation multiple keywords.

Nslookup (name Used on Unix and windows, gives information about DNS and IP
server lookup) address.

Dnsstuff Used to extract DNS information about IP address, mail server

extensions etc.

eMailTrackerPro Analyses email header and provides IP address of the system that sent
the mail.

Website Watcher Keep track of favorite website for an update when website undergoes
an update change, this tool automatically detect them and saves last
two version.

HTTrack This tool acts like an offline browser.

2. Active Attack
An active attack involves probing of network to discover individual hosts to confirm
the information gathered in passive attack phase. It involves the risk of detection and
is called “Rattling of door knobs” or “Active reconnaissance”. It can provide
confirmation to attacker about security measures.

 Tools used for Active Attack

Name of Tool Brief Description

Bing It is used for bandwidth ping.it is point to point bandwidth

measurement tool based on ping.

Dig Used to perform detailed queries about DNS records and zones,
extracting configuration about network or domain.

DNStracer Used to determine the data source for a given DNS server and
follow the chain of DNS server back to the authoritative sources.

DSniff Network auditing tool to capture username and password on local

subnet

Prof. Satish Malayi | KLE’s SSMS BCA Athani P a g e 4 | 19

 Cyber offenses & Cybercrime
Filesnarf Network auditing tool to capture file transfers and file sharing
traffic on local subnet.

Fping Similar to ping used to perform parallel network discovery

Httping Similar to ping but used for HTTP requests

Ping Standard network utility to send ICMP packets to a target host

Nmap This is port scanner, OS finger printer, used to rapidly scan large
networks

Arping This tool broadcasts ARP packets and receives replies similar to
ping.

Phase 2 Scanning and Scrutinizing Gathered Information

Scanning is a key step to examine intelligently while gathering information about

the target. The objectives of scanning are as follows:

a. Port Scanning: Identify open/close ports and services.

b. Network scanning: Understand IP addresses and related information about
the computer network system.
c. Vulnerability scanning: Understand the existing weaknesses in the system.

The scrutinizing (inspecting) phase is called “enumeration” (listing) in the

hackingworld. The objective behind this step is to identify:
i. The valid user accounts or groups;
ii. Network resources and/or shared resources;
iii. OS and different applications that are running on the OS.

Port Scanning:
⚫ The act of systematically scanning a computer's ports.
⚫ Since a port is a place where information goes into and out of a computer,
port scanning identifies open doors to a computer.
⚫ It is similar to a thief going through your neighborhood and checking every
door and window on each house to see which ones are open and which ones
are locked.
⚫ There is no way to stop someone from port scanning your computer while you
are on the Internet because accessing an Internet server opens a port, which
opens a door to your computer.
⚫ There are, however, software products that can stop a port scanner from doing
any damage to your system.
⚫ TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are
two of the protocols that make up the TCP/IP protocol suite which is used
universally to communicate on the Internet.
⚫ Each of these has ports 0 through 65535 available so essentially there are more
than 65,000 doors to lock.
⚫ The first 1024 TCP ports are called the Well-Known Ports and are associated
with standard services such as FTP, HTTP, SMTP or DNS.
⚫ Some of the addresses over 1023 also have commonly associated services, but
the majority of these ports are not associated with any service and are
available for a program or application
Prof. Satish Malayi | KLE’s SSMS BCA Athani P a g e 5 | 19
 Cyber offenses & Cybercrime

Phase 3 Attack (Gaining and Maintaining System Access)

The attack is launched using the following steps:
o Crack the password;
o Exploit the privileges;
o Execute the malicious command/applications;
o Hide the files(if required);
o Cover the tracks–delete the access logs, so that there is no trail illicit activity.

 Social Engineering
Definitions:
Social engineering is art of extracting sensitive information from people.
OR
Social engineering is the “technique to influence” people to obtain the
information.
 It is generally observed that people are the weak link in security and this principle
makes social engineering possible.
 A social engineer usually uses telecommunication (i.e. telephone and /or cell
phone) or Internet to get them to do something that is against the security
practices and/or policies of the organization.
 Social engineering involves gaining sensitive information or unauthorized access
privileges by building in appropriate trust relationships with insiders.
 The goal of a social engineer is to fool someone into providing valuable
information or access to that information.
 Social engineer studies the human behavior so that people will help because of
the desire to be helpful, the attitude to trust people and fear of getting in to trouble.
 An example is calling a user and pretending to someone from the service desk
working on a network issue; the attacker then proceeds to ask questions about
what the user is working on, what file shares he/her uses, what is/her password
and so on.

 Classification of Social Engineering

1. Human Based Social Engineering

2. Computer Based Social Engineering


1. Human Based Social Engineering
 Human based social engineering refers to person-to-An example is person
interaction to get information. An example is calling the help desk and trying to
find out a password. Types attacks are,

1. Impersonating an employee or valid user: Impersonation is a technique used

by social engineers to deceive people. Social engineers pretend to be an employee
or valid user and gain some advantage.

2. Posing as an important user: Attacker pretends to be an important user (ex:

CEO) who needs immediate assistance to gain access to system. The attacker
uses intimidation (scaring) so that low level employee such as help- desk workers
will help him/her to gain access to system.

3. Using a third person: An attacker pretends to have permission from an

authorized source to use a system and he gets all information.

Prof. Satish Malayi | KLE’s SSMS BCA Athani P a g e 6 | 19

 Cyber offenses & Cybercrime

4. Calling technical support: Help desk and technical support personnel are
trained to help users. Here social engineers or attackers pretends or acts as a
technical support executive and tries to get information from user over a phone
call.

5. Shoulder surfing: It is a technique of gathering information such as username

and passwords watching over a person’s shoulder while he/she logs into system.

6. Dumpster diving: It involves looking in the trash for information written on

pieces of paper or computer printouts like passwords, file names or any useful
information. It also involves searching through object residue (ex: discarded
tapes, disk or paper) to acquire sensitive data without authorization.

2. Computer Based Social Engineering
 Computer based social engineering refers to an attempt made to get the required
information by using computer software/internet. For example, sending fake
email to the user and asking him/her to re-enter a password in webpage to confirm
it. There are three methods to attack.

1. Fake Emails: The attacker sends fake E-mails to numerous users and users
believe it as a legitimate mail. This activity called as “Phishing”. It is an attempt
to attract the Internet users to reveal their personal information such as user
names, passwords and credit card details. Banks, financial institutes and payment
gateways are the common targets. Phishing is typically carried out through E-
mails or instant messaging and often directs users to enter details at a website,
usually designed by the attacker with same look and feel of the original website.

2. E-mail attachments: These are used to send malicious code to a victim’s

system, which will automatically get executed. Ex: Viruses, Worms, Trojans are
included in attachments. When user click on that attachments the code is executed
automatically.

3. Pop-up windows: These are used similar to E-mail attachments to
unintentionally install malicious software. Instead of email attachments they will
use popup windows.
 Typically many organizations have critical and valuable information. Critical
Information may include patient records in the medical and healthcare domain,
corporate financial data, electronic funds transfers, access to financial assets in
the financial domain and personal information about employees and clients.

 Compromising critical information can have serious consequences, loss of

customers, civil law cases against the organization, loss of funds, loss of trust in
the organization and collapse of organization.

 Social engineering succeeds by exploiting the trust of the victim. Hence,

continuous training and awareness sessions about such attacks are one of the
effective countermeasures. Strict policies about service desk staff never asking
for username and password over the phone.

Prof. Satish Malayi | KLE’s SSMS BCA Athani P a g e 7 | 19

 Cyber offenses & Cybercrime

 Cyberstalking
 Stalking is an “act or process of following victim silently – trying to approach
somebody or something”.
 Cyberstalking has been defined as the use of information and communications
technology of individuals to harass another individual, group of individuals or
organizations.
 Cyberstalking refers to the use of Internet and/or other electronic communications
devices to stalk another person. It involves harassing or threatening behavior that an
individual conduct repeatedly, for example, following person, visiting person at his
home or business place, making phone calls.

 Types of Stalkers
1. Online stalkers 2. Offline stalkers
1. Online stalkers:
 They aim to start the interaction with the victim directly with the help of the
internet (email/Chat Room).
 The stalker makes sure that the victim recognizes the attack attempted on
him/her.
 The stalker can make use of a third party to harass the victim
2. Offline stalkers:
 The stalker may begin the attack using traditional methods such as following
victim, watching the daily routine of the victim, etc.
 For ex. Use of community sites, newsgroups, social websites, personal
websites.
 The victim is not aware that the Internet has been used to achieve an attack
against them.

 Cases reported on Cyberstalking

 The majority of cyberstalking are men and the majority of their victims are
women.
 In many cases, the cyberstalker is ex-lover, ex-spouse, boss/subordinate, and
neighbor.
 There also have been cases about strangers who are cyberstalkers.
 How Stalking works?
 Stalking works in following ways:
1. Personal information gathering about the victim: Name, cell phone number,
email id, address of residence etc.
2. Establish a contact with victim through telephone/cell phone. Once the contact
is established, the stalker may make calls to the victim to harass.
3. Stalkers always establish a contact with victim through e-mail.
4. Some stalkers keep on sending repeated E-mails asking for various favors or
threaten victim.
5. The stalker may post the victim’s personal information as sex workers’ service
or dating service. They may invite a people to call victim on given contact
details to have sexual services. The stalker will use bad/attractive language to
invite the interested persons.
6. Whosoever comes across the information, starts calling victim and asking for
sexual services or relationship.
7. Some stalkers subscribe the E-mail account of the victim to innumerable
pornographic sites.

Prof. Satish Malayi | KLE’s SSMS BCA Athani P a g e 8 | 19

 Cyber offenses & Cybercrime
 Real Life Incident of Cyberstalking(Case study)
 The Indian police have registered first case of Cyberstalking in Delhi.
 Mrs.Joshi received almost 40 calls in 3 days mostly at odd hours from far
away as Kuwait, Cochin, Bombay. The said calls created havoc in the personal
life destroying mental peace. Mrs.Joshi decided to register a complaint with
Delhi police.
 A person was using her ID to chat over the Internet at the website
www.mirc.com for four consecutive days. This person was chatting on the
Internet, using her name and giving her telephone number to other chatters
encouraging them to call Mrs. Joshi at odd hours.
 This was the first time when a case of Cyberstalking was registered.

 Cybercafe and Cybercrimes
 In February 2009 survey, 90% of the audience across eight cities and 3500
cafes were male and in the age group of 15-35 years; 52% were graduates and
post graduates and almost 50% were students.
 In India, cybercafés are known to be used for either real or false terrorist
communication. Cybercafé hold two types of risks:
1. We do not know what programs are installed on the computer like key
loggers or spyware which may be running in background that can capture the
keystrokes to know the passwords and other confidential information.
2. Over the shoulder peeping (i.e. Shoulder surfing) can enable others to find
out your passwords. Therefore, one has to be extremely careful about
protecting his/her privacy on such systems. Cybercriminals prefer cybercafés
to carry out their activities.
 A recent survey conducted in one of the metropolitan cities in India reveals
the following facts:
1. Pirated software such as OS are installed in all the computers.

2. Antivirus was not updated with latest patch.

3. Several cybercafes has installed the software called “Deep Freeze” to

protect computer which helps cybercriminals and malware attacks. Deep
Freeze can wipe out the details of all activities carried out on the computer
when one clicks on restart button. Such practices present challenges to the
police or crime Investigators when they visit the cybercafes to pick up clues
after the Internet Service provider points to particular IP address from where
a threat mail was probably sent.

4. Annual Maintenance Contract (AMC) was not found for servicing of the
computer. Not having the AMC is a risk from cybercrime perspective because
a cybercriminal can install a malicious code on a computer and conduct
criminal activities without any interruption.

5. Porno graphical websites were not blocked.

6. Cybercafe owner have very less awareness about IT security.

7. Cybercafe association or State Police do not seem to conduct periodic visits

to cybercafe.
8. Government/ISPs/State Police do not seem to provide IT government
guidelines to cybercafe owners.

Prof. Satish Malayi | KLE’s SSMS BCA Athani P a g e 9 | 19

 Cyber offenses & Cybercrime
 Security tips for cybercafe
a. Always Logout: The accounts which require password and username and
while checking email, always click logout/sign out.
b. Stay with the computer: While surfing or browsing internet, don’t leave the
system unattended for any period of time. If want to go out log out and close
applications.
c. Clear history and temporary files: Internet explorer save pages that you
have visited in the history folder and in temporary Internet files. Your
passwords may also be stored in the browser if that option has been enabled
on the computer that you have used. After the browsing you should clear
history and temporary Internet files folders.
d. Be alert: One have to be stay alert and aware of surroundings while using
public computer. Snooping over the shoulder is an easy way of getting your
username and password.
e. Avoid online financial transactions: One should avoid online banking,
shopping, etc. Don’t provide sensitive information such as credit card number
or bank account details. If you provided in case of urgency then you have to
change it as soon as possible by using more trusted computer such as at home
and/ or office.
f. Change Passwords: Change password after completion of transaction.
Almost every bank websites provide virtual keyboard for online banking. It is
best practice.
g. Security Warnings: Follow security warning while accessing any bank
websites and should be followed while accessing financial accounts in
cybercafes.
h. Individual should take care while accessing computers in public places, like
hotels, libraries.

 Botnet
 The meaning of bot is “an automated program for doing some particular task, over a
network”. Botnet term is used for collection of software that run autonomously and
automatically. The term often associated with malicious software but can also refer to
the network of computers using distributed computing software.
 A Bot is simply a automated computer program. A cybercriminal can gain control of
system by infecting them with virus other malicious code that gives the access.
 A Botnet (also called Zombie network) is a network of computers infected with a
malicious program that allows cybercriminals to control infected machines remotely
without the user’s knowledge. Zombie networks have become source of income for
entire groups of cybercriminals.
 If someone wants to start a “business” and has no programming skills, there are plenty
of “Bot for sale”.
 How a botnet is created and used
1. A botnet operator sends out viruses or worms, infecting ordinary users' computers,
whose payload is a malicious application—the bot.

2. The bot on the infected PC logs into a particular C&C server (often an IRC server,
but, in some cases a webserver).

3. A spammer purchases the services of the botnet from the operator.

4. The spammer provides the spam messages to the operator, who instructs the
compromised machines via the IRC server, causing them to send out spam messages.

Prof. Satish Malayi | KLE’s SSMS BCA Athani P a g e 10 | 19

 Cyber offenses & Cybercrime

How botnet works

1. Stage 1 - Prepare and Expose

At this stage, the bad actor figures out the vulnerability to introduce into the user’s
device.
The vulnerability hunting takes place in the website, human behavior, and
application. By doing so, the hacker prepares a set-up to lure the target to get exposed to
malware, knowingly or unknowingly.
Most commonly, hackers figure out the vulnerabilities in websites and the software.
Additionally, malware is delivered via emails or random messages.

2. Stage 2 - Infecting the user via malware

The next action that the botnet performs is activating the malware so that the end-
user is infected and has compromised security. The process of infecting the device
usually takes place via the Trojan virus or social engineering method.
Some attackers adopt a more hostile approach and deploy drive-by-download techniques
to infect the device. Using all these methods, attackers corrupt the targeted device with
botnet malware.

3. Stage 3 - Controlling the targeted devices

The last stage of botnet working methodology is gaining control over each device.
Hackers systematize the involved infected machines in the botnet and design a
methodology to manage them remotely. In general, around thousands of devices are
controlled in the process via a huge zombie network. Once the stage is successfully
completed, the bad actor is able to gain admin-like access to the targeted devices or
computers.
The fruitful activation of the botnet allowed hackers to read or write the data stored in the
system, capture any personal information, share the data from targeted devices, keep an
eye on all the activities happening on the targeted device, and search other hidden
vulnerabilities.

Prof. Satish Malayi | KLE’s SSMS BCA Athani P a g e 11 | 19

 Cyber offenses & Cybercrime

 The following figure explains how botnets create business and how they are used for
gainful purposes.

Fig: Botnets are used for gainful purposes

 Technical Terms used in figure

Malware: It is malicious software, designed to damage a computer
system. Ex: virus and worms.
Adware: It is advertisement supported the software, which automatically
plays, displays or downloads advertisements to computer after software is
installed on it. Ex: spyware
Spam: Unsolicited or undesired Email messages.
Spamdexing: Also called search spam and Search engine spam.
DDOS: Distributed denial of service attack. Occurs when multiple
systems flood the bandwidth or resources of a targeted system.
 Points to secure the system :
1. Use antivirus and anti-Spyware software and keep it up-to-date. It is important to
remove viruses from computers.
2. Set the OS to download and install security patches automatically.
3. Use a firewall to protect the system from hacking attacks while it is connected on
the internet. Firewall is a software and hardware designed to block authorized
access while permitting authorized communications. Antivirus scans only viruses
from incoming communications but firewall blocks all incoming
communications from unauthorized sources.
4. Disconnect the internet when you are away from your computer. Because attacker
cannot get into system when system is not connected to internet.
5. Downloading the free soft wares only from websites that are known and
trustworthy.
6. Check regularly the folders in the mailbox for those messages you did not send.
(Sent items or outgoing). If mail is there in outgoing folder it is sign that your
system is infected with spyware.
7. Take an immediate action if your system is infected. Scan system fully with
updated antivirus and antispyware software.

Prof. Satish Malayi | KLE’s SSMS BCA Athani P a g e 12 | 19

 Cyber offenses & Cybercrime

 Attack Vector
 An attack vector is a path by which an attacker can gain access to a computer or to
a network server to deliver a payload.
 Attack vectors enable attackers to exploit system vulnerability.
 Attack vectors include viruses, e-mail attachments, WebPages, pop-up
windows,instant messages, and chat rooms.
 The most common malicious payloads are viruses, Trojan horses, worms and
spyware.
 Payload means the malicious activity that the attack performs.

 How attack launched?
 Attack by Email: The hostile content is either embedded in the message or linked
to the message. Sometimes attacks combine the two vectors, so that if the message
does not get you, the attachment will. Spam is almost always carrier for scams,
frauds, dirty tricks or malicious actions.

 Attachments: Malicious attachments install malicious computer code. The code
could be a virus, Trojan horse, Spyware and other kind of malware. Attachments
attempt to install their payload as soon as you open them.

 Attack by deception: social engineering and hoaxes are other forms of deception.
Deception is aimed as the user/operator as a vulnerable entry point.

 Hackers: They will use variety of hacking tools and social engineering to gain
access to computers and online accounts. They often install a Trojan horse to hijack
the computer for their own use.

 Heedless guests: (attack by webpage) Counterfeit web sites are used extract
personal information. Such websites look very much like the genuine websites they
imitate. He/she thinks that you are doing business with someone you trust.
However, he/she really gives her personal information, like address, credit card
number and expiration date. Popups in webpages may install spyware, adware
Trojans.

 Attack of worms: Many worms are delivered as Email attachments, but network
worms use holes in network protocols directly. In most cases, a firewall will block
system worms. In most cases, a firewall will block system worms. Many of these
system worms install Trojan Horses. Next they begin scanning the Internet from
the computer they have just infected, and start looking for other computers to
infect. If the worm is successful, it propagates rapidly.

 Malicious macros: MS word and MS Excel are examples for macros. These
macros used for malicious purposes.

 Viruses: These are malicious computer codes. Viruses include Email attachments,
downloaded files, worms etc.

 Foistware (Sneakware): It is software that adds hidden components to the system
on the sly. Spyware is the most common form of foistware.



Prof. Satish Malayi | KLE’s SSMS BCA Athani P a g e 13 | 19

 Cyber offenses & Cybercrime
 Cloud Computing:

Cloud computing means storing and accessing the data and programs on remote
servers that are hosted on the internet instead of the computer’s hard drive or local
server. Cloud computing is also referred to as Internet-based computing, it is a
technology where the resource is provided as a service through the Internet to the user.
The data which is stored can be files, images, documents, or any other storable
document.
Some operations which can be performed with cloud computing are –
 Storage, backup, and recovery of data
 Delivery of software on demand
 Development of new applications and services
 Streaming videos and audios

A cloud service has 3 distinct characteristics compared to traditional hosting.
1. It is sold on demand. Cloud computing provides on demand delivery of IT
resources like software, hardware over internet.
2. It is elastic in terms of usage- a user can have as much or as little of a service
as he/she wants at any given time. Cloud computing will adopt to workload
changes.
3. The services is fully managed by the provider - a user just need PC and Internet
connection.

 Advantages of cloud computing

1. Applications and data can be accessed from anywhere at any time. Data is not
stored on hard drive of user’s computer, it is stored in cloud.
2. The hardware cost is very less for one need the internet connection.
3. Organizations do not have to buy a set of software or software licenses for every
employee and organizations could pay a metered fee to a cloud computing
company.
4. Organizations do not have to rent a physical space to store servers and
databases. Cloud computing will give option to store data on cloud.
5. Organizations would be able to save money on IT support.

 Types of Services

 Infrastructure as a Service (IaaS): It is form of cloud computing that provides

infrastructures such as servers, network and storage related services. Provides
virtual servers with unique IP addresses and blocks of storage on demand. As
customers can pay for exactly the amount of service they use, this service is called
as utility computing. Ex: Amazon web services.

 Platform as a Service (PaaS): It provides runtime environment. It allows

programmers to easily create, test, run and deploy web applications. It is set of
software and development tools hosted on the provider’s servers. Developers can
create applications using the provider’s APIs. Ex: Google Apps

 Software as a Service (SaaS): It provides on demand software. The services are

hosted by cloud service provider. These applications are available to end users over
internet. The provider allows the customer only to use its applications. The
software interacts with the user through a user interface. Ex: twitter, Web based
Email.

Prof. Satish Malayi | KLE’s SSMS BCA Athani P a g e 14 | 19

 Cyber offenses & Cybercrime
 Cybercrime and Cloud Computing
 Prime area of the risk in cloud computing is protection of user data.
 Risk associated with cloud computing environment are :

Area Risk How to Remediate the Risk?

Elevated User Any data processed outside the Customer should obtain as much
access organization brings with it an information as he/she can about the
inherent level of risk. service provider.

Location of The organizations that are obtaining Organization should ensure that the
Data cloud computing services may not be service provider is committed to obey
aware about where the data is hosted local privacy requirements on behalf
and may not even know in which of the organization to store and
country it is hosted. process the data in the specific
jurisdictions.

Segregation As the data will be stored under Organization should be aware of the
of Data stored environment, encryption arrangements made by the service
mechanism should be strong enough provider about segregation of the
to segregate (separate) the data from data. The service provider should
another organization, whose data are display encryption schemes.
also stored under the sameserver.

Recovery of the Business continuity in case ofany Service provider have to provide
data disaster. complete restoration of data within
minimum time frame.

Long term In case of any major change in the Organization should ensure getting
viability cloud computing service provider, their data in case of such major event
the service provided is at the stake.

Information Due to complex IT environment and Organization should enforce the

security several customer logging in and provider to provide security violation
violations logging out of the hosts, it becomes logs at frequent intervals.
reports difficult to trace inappropriate and
illegal activity.

Prof. Satish Malayi | KLE’s SSMS BCA Athani P a g e 15 | 19

 Cyber offenses & Cybercrime

 Credit Card Frauds 

 These are new trends in cybercrime that are coming up with mobile computing:
mobile commerce (M-commerce) and mobile banking (M-banking).
 Mobile credit card transactions are now very common. Ever increasing power and
ever reducing prices of mobile hand held devices results in easy availability of
these gadgets.
 Wireless credit card processing is a relatively new service that will allow person
to process credit cards electronically, virtually anywhere. Wireless credit card
processing is a very desirable system, because it allows business to process
transactions from mobile locations quickly, efficiently and professionally. 


 Types and Techniques of Credit Card Frauds

 Traditional Techniques
The traditional credit card fraud is paper based fraud, Application fraud,
wherein a criminal uses stolen or fake documents such as utility bills and bank
statements that can build up useful Personally Identifiable Information (PII) to
open an accountin someone else’s name.

Traditional fraud can be divided into

1. Financial fraud: where an individual gives false information about his

or her financial status to acquire credit.

2. ID theft: where an individual pretends to be someone else.

 Illegal use of lost and stolen cards is another form of traditional technique.

 Stealing a credit card is either by pickpocket or from postal service before it

reaches its final destination.

 Modern Techniques

Methods of credit card fraud

 Skimming

 Skimming: It is where the information held on either the magnetic strip on

the back of the credit card or the data stored on the smart chip are copied
from one card to another.

 The stolen credit card information is used by scammers to make online

purchases, card cloning, or sell on different black markets on the web.
Victims usually don’t notice that they have fallen victim to the attack until
they notice unauthorized activity on their bank account.

 Site cloning and false merchant sites on the internet are becoming a popular
method of fraud and to direct the users to such fake sites is called phishing.

Prof. Satish Malayi | KLE’s SSMS BCA Athani P a g e 16 | 19

 Cyber offenses & Cybercrime

 Triangulation
 Triangulation: It is another method of credit card fraud.
 The criminal offers the goods with heavy discounted rates through a
website hosted by him.
 The customer registers on this website with his/her name and other
valid details like credit card number.
 The criminal orders the goods from website with the help of stolen
credit card details
 The criminal keeps on purchasing other goods with the card.

 Credit card generators

 It is another modern technique that creates valid credit card numbers and
expiry dates.
 The criminal highly rely on these generators to create valid credit cards.
These are available for download on internet.

 The above fig shows the basic flow of transactions involved in purchases done
using credit cards.
 Credit card companies give some security tips for consumers,
 Do’s
 Put your signature on the card immediately upon its receipt.
 Make the photocopy of both the sides of your card and preserve it at a safe
place.
 Change the PIN before doing any transaction.
 Always carry the details about contact number of bank.
 Keep an eye on your card during the transaction.
 Preserve all the receipts to compare with credit card invoice.
 Destroy all the receipt after reconcile.
 Report the loss of the card immediately.
 Don’ts
 Store your card number and PIN in your cell.
 Lend your cards to anyone.
 Leave cards or transaction receipt lying around.

Prof. Satish Malayi | KLE’s SSMS BCA Athani P a g e 17 | 19

 Cyber offenses & Cybercrime
 Sign a blank receipt.
 Write your card number/PIN on a card / chit.
 Give out immediately your account number over phone.

There is a system available from an Australian company “Alacrity” called closed-

loop environment for wireless (CLEW) which works in following manner.
1. Merchant sends a transaction to bank
2. The bank transmits the request to the authorized cardholder.
3. The cardholder approves or reject (password protected).
4. The bank/merchant is notified.
5. The credit card transaction is completed.

What Should You Do If You Are a Victim of Credit Card Fraud?

Suppose you have detected that you are a victim of a certain type of credit card scam.
Your next step would be to report the incident.
Here is a step-by-step guide that will help you complete the general procedure.

 Step 1: Call your credit card company and let them know about the incident
 Step 2: Meanwhile, reset your PINs and passwords
 Step 3: File a General Diary at your nearest police station
 Step 4: Keep an eye on your credit card statements
 Step 5: Monitor your e-commerce websites for any unauthorized purchase

Situations like this are very difficult, but losing your temper is not the solution. As
you have to perform a series of procedures to report the incident. Here are some things
to remember when reporting a scam.
 Take screenshots of the SMS/ email you get after reporting to the bank.
 Ask the bank to provide a complaint reference number.
 Record your conversation with the bank.
 Follow up the call with an email mentioning the reference number.
Being a victim of any kind of credit card scam is very common these days. Hence it is
necessary to keep yourself updated with the process of reporting such crimes.

Prof. Satish Malayi | KLE’s SSMS BCA Athani P a g e 18 | 19

 Cyber offenses & Cybercrime

Prof. Satish Malayi | KLE’s SSMS BCA Athani P a g e 19 | 19