cybercrime: a seminar report
TRANSCRIPT
Cyber CrimeA Seminar Report
Submission by: Name: Arindam Sarkar
WBUT Roll: 10900511005
Abstract
The Computers have unleashed an era of enhanced productivity and creativity. Communication and connectedness has seen new heights in the last two decades. Internet has ushered a new revolution, The Online Revolution. As more and more people are shifting their day to day activities online, more and more people are targeting the easy-to-make money and information. These are the contemporary criminals, enjoying the anonymity provided by the Internet and numerous tools to gain entry into almost any system, taking advantage of human error and system vulnerabilities . These are the Cyber Criminals, the ill-motivated hackers, crackers and spammers.
In this report, an attempt has been made to see Cyber Crime in a broad Spectrum, starting from scratch. Reports & Investigations from World’s top Cyber Security firms has been incorporated.
Without delving too much into the actual means of exploitation, an attempt to visualise the entire process as whole, has been made.
Table Of ContentsS.NO. Title
Abstract
1. What is Cyber Crime?
2. Categorically..
3. Cyber Crime: The Polymorphic One
4. Is it worth all the commotion?
5. Who are the Cyber Criminals?
6. The Cybercrime Ecosystem: Resources, Motivations and Methods
7. How Cyber Criminals Attack?
8. Current Scenario
9. Indian Laws & Cyber Crime
10. Cyber Crime Prevention Tips
Bibliography
1. What is Cyber Crime?We often hear the term ‘cybercrime’ bandied about these days, as it's a bigger risk now than ever before due to the sheer number of connected people and devices. But what is it exactly?
In a nutshell, it is simply a crime that has some kind of computer or cyber (computer/computer networks from word cybernetics) aspect to it. To go into more detail is not as straightforward, as it takes shape in a variety of different formats. Cyber crime encompasses any criminal act dealing with computers and networks. Additionally, cyber crime also includes traditional crimes conducted through the Internet.
According to Interpol, Cybercrime is one of the fastest growing areas of crime. More and more criminals are exploiting the speed, convenience and anonymity that modern technologies offer in order to commit a diverse range of criminal activities.
These include attacks against computer data and systems such as Denial of Service Attacks, identity theft, the distribution of child sexual abuse images, internet auction fraud, the penetration of online financial services, as well as the deployment of viruses, Botnets, and various email scams such as phishing.
Cyber crimes are broadly categorized into three categories, namely crimes against:
1. Individual2. Property3. Government
Each category can use a variety of methods and the methods used vary from one criminal to another.
Individual: This type of cyber crime can be in the form of hacking, identity theft, cyber bullying, cyber stalking, distributing pornography, trafficking and “grooming”. Today, law enforcement agencies are taking this category of cyber crime very seriously and are joining forces internationally to reach and arrest the perpetrators.
Property: Just like in the real world where a criminal can steal and rob, even in the cyber world criminals resort to stealing and robbing. In this case, they can steal a person’s bank details and siphon off money; misuse the credit card to make numerous purchases online; run a scam to get naïve people to part with their hard earned money; use malicious software to gain access to an organization’s website or disrupt the systems of the organization. The malicious software can also damage software and hardware, just like vandals damage property in the offline world.
Government: Although not as common as the other two categories, crimes against a government are referred to as cyber terrorism. If successful, this category can wreak havoc and cause panic amongst the civilian population. In this category, criminals hack government websites, military websites or circulate propaganda. The perpetrators can be terrorist outfits or unfriendly governments of other nations.
2. Categorically ..
Cyber Crime may take many forms. The most common ones are explained below:
Hacking: This is a type of crime wherein a person’s computer is broken into so that his personal or sensitive information can be accessed. This is different from ethical hacking, which many organizations use to check their Internet security protection. In hacking, the criminal uses a variety of software to enter a person’s computer and the person may not be aware that his computer is being accessed from a remote location.
Theft: This crime occurs when a person violates copyrights and downloads music, movies, games and software. There are even peer sharing websites which encourage software piracy and many of these websites are now being targeted by the FBI. Today, the justice system is addressing this cyber crime and there are laws that prevent people from illegal downloading.
Cyber Stalking: This is a kind of online harassment wherein the victim is subjected to a barrage of online messages and emails. Typically, these stalkers know their victims and instead of resorting to offline stalking, they use the Internet to stalk. However, if they notice that cyber stalking is not having the desired effect, they begin offline stalking along with cyber stalking to make the victims’ lives more miserable.
Malicious Software: These are Internet-based software or programs that are used to disrupt a network. The software is used to gain access to a system to steal sensitive information or data or causing damage to software present in the system.
3. Cyber Crime : The Polymorphic One
Identity Theft: This has become a major problem with people using the Internet for cash transactions and banking services. In this cyber crime, a criminal accesses data about a person’s bank account, credit cards, Social Security, debit card and other sensitive information to siphon money or to buy things online in the victim’s name. It can result in major financial losses for the victim and even spoil the victim’s credit history.
Child soliciting and Abuse: This is also a type of cyber crime wherein criminals solicit minors via chat rooms for the purpose of child pornography. The FBI has been spending a lot of time monitoring chat rooms frequented by children with the hopes of reducing and preventing child abuse and soliciting.
Cyber-TerrorismCyber-terrorism is distinguished from other acts of commercial crime or incidents of hacking by its severity. Attacks against computer networks or the information stored therein which result in "violence against persons or property, or at least cause enough harm to generate fear" are to be considered cyber-terrorism attacks according to congressional testimony from Georgetown University professor Dorothy Denning. "Attacks that disrupt nonessential services or that are mainly a costly nuisance" are not classified as cyber-terrorist attacks by her definition.
DoSShort for denial-of-service attack, a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic. Many DoS attacks, such as the Ping of Death and Teardrop attacks, exploit limitations in the TCP/IP protocols.
4. Is It Worth All The Commotion?
Before we delve deeper into the World Of Cyber Crime, let’s see if its even worth the effort!In the present decade, this term has gathered a large amount of attention and hype, and people fear these shadowy group of new brand of criminals for all sort of reasons. Let’s have a look at some facts and figures
The "I love you" worm (named after the subject line of the email it came in) proved irresistible in 2000 as millions of users opened the spam message and downloaded the attached 'love letter' file and a bitter virus.This infamous worm cost companies and government agencies $15 billion to shut down their computers and remove the infection.
MyDoom's Mass InfectionEstimated damage: $38 billionThis fast-moving worm first struck in 2004 and tops McAfee's list in terms of monetary damage.Due to all the spam it sent, it slowed down global Internet access by 10 per cent and reduced access to some websites by 50 per cent, causing billions in dollars of lost productivity and online sales.
Conficker's stealthy destructionEstimated damage $9.1 billionThis 2007 worm infected millions of computers and then took its infections further than the last two worms on our list, as cybercrooks moved from notoriety to professionalism.Conficker was designed to download and install malware from sites controlled by the virus writers.
Once upon a time, “distributed denial of service attacks” were just a way for quarreling hackers to knock each other out of IRC. Then one day in February 2000, a 15-year-old Canadian named Michael “MafiaBoy” Calce experimentally programmed his botnet to hose down the highest traffic websites he could find. CNN, Yahoo, Amazon, eBay, Dell and eTrade all buckled under the deluge, leading to national headlines and an emergency meeting of security experts at the White House.
In 2003, fear came in 376 bytes. The lightning-fast Slammer worm targeted a hole in Microsoft’s SQL server, and despite striking six months after a fix was released, the malware cracked an estimated 75,000 unpatched servers in the space of hours. Bank of America and Washington Mutual ATM networks ground to a halt. Continental Airlines delayed and canceled flights when its ticketing system got gummed up. Seattle lost its emergency 911 network, and a nuclear power plant in Ohio lost a safety monitoring system.
“Operation Get Rich or Die Tryin’ ”. For nearly four years ending in 2008, 28-year-old Albert “Segvec” Gonzalez and his accomplices in America and Russia staged the biggest data thefts in history, stealing credit and debit card magstripe data for sale on the black market. Using Wi-Fi hacking and SQL injection, the gang popped companies like 7-Eleven, Dave & Buster’s, Office Max, TJX, and the credit card processor Heartland Payment Systems, which alone gave up 130 million cards.
These are just a few instances of Cyber Crimes, which caused mass losses, and troubles. Millions more are happening everyday, every second, against individuals and organisations alike by individuals and organisations alike!
$113 BN
FRAUD 38%
THEFT OR LOSS 21%
REPAIRS 24%
OTHER 17%
83% OF DIRECT FINANCIAL COSTS ARE A RESULT OF FRAUD, REPAIRS, THEFT AND LOSS
USD $298AVERAGE COST PER VICTIM
REPRESENTS A 50 PERCENT INCREASE OVER 2012
Global Price Tag Of Consumer Cyber Crime:
12 VICTIMS PER SECOND
378 MILLION VICTIMS
PER YEAR
1 MILLION + VICTIMS PER DAY
NEARLY 2.8 TIMES AS MANY BABIES BORN EACH YEAR
ENOUGH TO FILL WEMBLEY STADIUM (ENGLAND) MORE THAN 10 TIMES
The Scale Of Consumer Cyber Crime:
50% OF ONLINE ADULTSHAVE BEEN VICTIMS OF CYBERCRIME AND / OR NEGATIVE ONLINE SITUATIONS IN THE PAST YEAR (e.g., RECEIVED NUDE IMAGES FROM STRANGERS OR WERE BULLIED OR STALKED ONLINE)
5. Who are the Cyber Criminals?
When we speak about cybercrimes, such as phishing and malware attacks, we tend to lump cybercriminals into one category and operate under an assumption that they are all motivated to steal credentials that lead to some sort of financial theft. While those types of crimes do occur, it is important to distinguish between the different types of cybercriminals that comprise today’s threatscape.
Here are the basic types of cybercriminals in operation today:
Nation-states: Most notably, China, Iran, other nation-states looking to steal and infiltrate data.
Hacktivists: Activists or groups (like WikiLeaks) seeking to steal data and release it publicly. This category also includes Script kiddies, and enthusiasts messing around status quo and having fun.
Professional Cybercriminals: This group (led by technologists turned cybercriminal) does the most damage, particularly to financial institutions, retailers, e-commerce businesses, governments, etc. This group of cybercriminals actually creates more fraud, remediation and reputational damage than the other types of cybercriminals combined.
6. The Cybercrime Ecosystem: Resources, Motivations and Methods
“ Cybercriminals Today Mirror Legitimate Business Processes “- Fortinet 2013 Cybercrime Report
Long gone are the days when cybercrime was tantamount to teenage miscreants causing mischief in their parents’ basement. Today, as any commercial enterprise, cybercrime has evolved into a complex, highly organized hierarchy involving leaders, engineers, infantry, and hired money mules. Looking from the outside in, there’s little to distinguish cybercrime organizations from any other business.
Like any legitimate commercial enterprise, each player has a designated role or function to perform. And each job is necessary in order to create the desired good that turns the wheels of the machine. The mission? Like any other business, it’s profitability. Or, in some cases, retribution.
The fundamental laws of economics apply here as well. The deliverables run the range from consulting, services, and advertising to a myriad of programs that serve as the “product.” The more features and/or more complex the service offered, the higher the price.
According to the Fortinet’s 2013 cybercrime report, an interesting study on cybercriminal ecosystem, identifying the operations, the motivations, the methods, the resource used and countermeasure adoptable to mitigate the cyber threats are identified.
As demonstrated by various researchers conducted by principal security firm’s cybercrime industry operates exactly as legitimate businesses working in a global industry. What is very concerning is the capabilities of criminal organizations to quickly react to new business opportunities demonstrating a high level of motivation, very common is the habit to recruit skilled professionals or rent specialist services to arrange illegal activities.
Criminal organizations have different motivations for their operations, they could adopt a direct method of monetization earning with frauds and illegal activities such as cyber espionage or estorsions, or they can decide to monetize the providing of illegal services such as the renting of botnets or customization of malicious code.
Cybercrime has no specific Geo localization, it operates on a global scale in the cyber space exploiting different law framework adopted by various governments that make cybercrime relatively risk free compared with traditional crimes.
In too many countries cyber laws are very poor, the level of enforcement is low exactly such as monitoring of criminal ecosystem, this advantages the growth cybercriminals organizations.
Cybercrime often goes unpunished ,it is very profitable and contrary to what we can think the providing of criminal services in the model dubbed Crime-as-a-Service allows also to ordinary crime without technological background to become part of “cybercriminal business”.
Being a cybercriminal allows to gain handsome profits especially in countries where per capita income is extremely low. Cybercrime pays, it’s very common to find advertising looking to recruit cyber specialists (e.g. botmaster, malware engineers) promising amount of money between $2,000 and $5,000 a month.
This amount of money is very attractive if we consider the monthly earns for these categories of professionals located in Eastern Europe, especially in countries such as Russia and Moldova.
All these forms of Cyber Crime are due to one or more kind of Attacks by the Cyber Criminals or the Hacktivist in question
Classes of attack might include passive monitoring of communications, active network attacks, close-in attacks, exploitation by insiders, and attacks through the service provider. Information systems and networks offer attractive targets and should be resistant to attack from the full range of threat agents, from hackers to nation-states. A system must be able to limit damage and recover rapidly when attacks occur.
There are five types of attacks, which are most common:Passive AttackA passive attack monitors unencrypted traffic and looks for clear-text passwords and sensitive information that can be used in other types of attacks. Passive attacks include traffic analysis, monitoring of unprotected communications, decrypting weakly encrypted traffic, and capturing authentication information such as passwords. Passive interception of network operations enables adversaries to see upcoming actions. Passive attacks result in the disclosure of information or data files to an attacker without the consent or knowledge of the user.
Active AttackIn an active attack, the attacker tries to bypass or break into secured systems. This can be done through stealth, viruses, worms, or Trojan horses. Active attacks include attempts to circumvent or break protection features, to introduce malicious code, and to steal or modify information.
7. How Cyber Criminals Attack?
These attacks are mounted against a network backbone, exploit information in transit, electronically penetrate an enclave, or attack an authorized remote user during an attempt to connect to an enclave. Active attacks result in the disclosure or dissemination of data files, DoS, or modification of data.
Distributed AttackA distributed attack requires that the adversary introduce code, such as a Trojan horse or back-door program, to a “trusted” component or software that will later be distributed to many other companies and users Distribution attacks focus on the malicious modification of hardware or software at the factory or during distribution. These attacks introduce malicious code such as a back door to a product to gain unauthorized access to information or to a system function at a later date.
Insider AttackAn insider attack involves someone from the inside, such as a disgruntled employee, attacking the network Insider attacks can be malicious or no malicious. Malicious insiders intentionally eavesdrop, steal, or damage information; use information in a fraudulent manner; or deny access to other authorized users. No malicious attacks typically result from carelessness, lack of knowledge, or intentional circumvention of security for such reasons as performing a task.
Close-in AttackA close-in attack involves someone attempting to get physically close to network components, data, and systems in order to learn more about a network Close-in attacks consist of regular individuals attaining close physical proximity to networks, systems, or facilities for the purpose of modifying, gathering, or denying access to information.
Close physical proximity is achieved through surreptitious entry into the network, open access, or both. One popular form of close in attack is social engineering in a social engineering attack, the attacker compromises the network or system through social interaction with a person, through an e-mail message or phone. Various tricks can be used by the individual to revealing information about the security of company. The information that the victim reveals to the hacker would most likely be used in a subsequent attack to gain unauthorized access to a system or network.
Phishing AttackIn phishing attack the hacker creates a fake web site that looks exactly like a popular site such as the SBI bank or paypal. The phishing part of the attack is that the hacker then sends an e-mail message trying to trick the user into clicking a link that leads to the fake site. When the user attempts to log on with their account information, the hacker records the username and password and then tries that information on the real site.
Hijack attackHijack attack In a hijack attack, a hacker takes over a session between you and another individual and disconnects the other individual from the communication. You still believe that you are talking to the original party and may send private information to the hacker by accident.
Password attackAn attacker tries to crack the passwords stored in a network account database or a password-protected file. There are three major types of password attacks: a dictionary attack, a brute-force attack, and a hybrid attack. A dictionary attack uses a word list file, which is a list of potential passwords. A brute-force attack is when the attacker tries every possible combination of characters.
Spoof attackSpoof attack In a spoof attack, the hacker modifies the source address of the packets he or she is sending so that they appear to be coming from someone else. This may be an attempt to bypass your firewall rules.
Buffer overflowBuffer overflow A buffer overflow attack is when the attacker sends more data to an application than is expected. A buffer overflow attack usually results in the attacker gaining administrative access to the system in a Command prompt or shell.
8. Current ScenarioRecent studies published on the evolution of principal cyber threats in the security landscape. They present concerning scenarios, characterized by the constant growth of cyber criminal activities.
Even though the level of awareness of cyber threats has increased, and law enforcement acts globally to combat them, illegal profits have reached amazing figures. The impact to society has become unsustainable, considering the global economic crisis.
It’s necessary to work together to avoid the costs the global community suffers, which we can no longer sustain. The risk of business collapse is concrete, due to the high cost for enterprises in mitigating counter measures, and the damage caused by countless attacks.
Principal security firms which observe and analyze the incidents occurred to their clients have provided estimates of the annual loss suffered by enterprises. Dozens of billion dollars tare eroding their profits. If we extend the effects of cybercrime to government circles, public industry and the entire population, it’s easy to assume that the amount of damage reaches several hundred billion dollars.
In many cases, that estimate can be misleading. That’s because there were still too many companies that fail to quantify the losses related to cybercrime. In some cases, they totally ignore that they’re victims of attacks. The majority of estimates relied on a survey, and loss estimates are based on raw assumptions about the magnitude and effect of cyber attacks to provide an economic evaluation.
Cyber criminal activities are increasing by incidence in a scenario made worse by the economic crisis. We also face tightened spending by the private sector, and reduced financial liquidity.
Nearly 80% of cybercrime acts are estimated to originate in some form of organized activity. The diffusion of the model of fraud-as-service and the diversification of the offerings of the underground market is also attracting new actors with modest skills. Cybercrime is becoming a business opportunity open to everybody driven by profit and personal gain.
According to experts at RSA security, cybercrime continues to improve its techniques and the way it organizes and targets victims. The RSA Anti-Fraud Command Center (AFCC) has developed the following list of the top cybercrime trends it expects to see evolve:
1. As the world goes mobile, cybercrime will follow2. The privatization of banking, trojans and other malware3. Hacktivism and the ever-targeted enterprise4. Account takeover and increased use of manually-assisted cyber attacks5. Cybercriminals will leverage Big Data principles to increase the effectiveness of attacks
Cybercrime activities are globally diffused, financially-driven acts. Such computer-related fraud is prevalent, and makes up around one third of acts around the world.
Another conspicuous portion of cybercrime acts are represented by computer content, including child pornography, content related to terrorism offenses, and piracy. Another significant portion of crime relates to acts against confidentiality, integrity and accessibility of computer systems.
That includes illegal access to a computer system, which accounts for another one third of all acts.
It’s clear that cyber crime is influenced by national laws and by the pressure and efficiency of local law enforcement.
8.1. Cyber Crime Statistics
Key findings include:
The average annualized cost of cybercrime incurred per organization was $11.56 million, with a range of $1.3 million to $58 million. This is an increase of 26 percent, or $2.6 million, over the average cost reported in 2012.Organizations in defense, financial services and energy and utilities suffered the highest cybercrime costs.Data theft caused major costs, 43 percent of the total external costs, business disruption or lost productivity accounts for 36% of external costs. While the data theft decreased by 2% in the last year,business disruption increased by 18%.Organizations experienced an average of 122 successful attacks per week, up from 102 attacks per week in 2012.The average time to resolve a cyber attack was 32 days, with an average cost incurred during this period of $1,035,769, or $32,469 per day—a 55 percent increase over last year’s estimated average cost of $591,780 for a 24-day period.Denial-of-service, web-based attacks and insiders account for more than 55% of overall annual cybercrime costs per organization.Smaller organizations incur a significantly higher per-capita cost than larger organizations.Recovery and detection are the most costly internal activities.
A study, titled The 2013 Cost of Cyber Crime Study, conducted by Ponemon Institute, provides an estimation of the economic impact of cybercrime. It’s sponsored by HP for the fourth consecutive year. It reveals that the cost of cybercrime in 2013 escalated 78 percent, while the time necessary to resolve problems has increased by nearly 130 percent in four years. Meanwhile, the average cost to resolve a single attack totalled more than $1 million.
Symantec experts have also analyzed the incidence of cybercrime in different countries around the world.
The 2013 Norton Report states that the lack of efficient authentication mechanisms and defense mechanisms is the primary cause of incidents for mobile users. Almost half don’t use basic precautions and a third were victims of illegal activities last year.
1
38USA
BN
3MEXICO
BN
8BRAZIL
BN
13 EUROPE
BN
1RUSSIA
BN
37CHINA
BN
4INDIA
BN 1JAPAN
BN
AUSTRALIA
BN
THE GLOBAL PRICE TAG OF CONSUMER CYBERCRIME
0.3SOUTH AFRICA
BN
What’s very concerning is that, given the awareness level of users regarding cyber threats, only a small portion of mobile users (26%) have installed security software and 57% aren’t aware of existence of security solutions for mobile environments. These numbers explain why mobile technology is so attractive for cyber crime. In the majority of cases, the systems are totally exposed to cyber threats due to bad habits and risky behavior.
Great interest is dedicated to cloud computing, and in particular to cloud storage solutions that make it easy to archive and share files. 24% of users use the same cloud storage account for personal and work activities. 18% share their collection of documents with their friends. Once again, bad habits facillitate cyber crime. Cloud services bundle a multitude of data services in one place, so they’re attractive targets for hackers.
A study on 234 benchmarked Organizations Revealed the following proportions of cyber crime Activity:
9. Indian Laws & Cyber Crime:The Indian Law has not given any definition to the term ‘cyber crime’. In fact, the Indian Penal Code does not use the term ‘cyber crime’ at any point even after its amendment by the InformationTechnology (amendment) Act 2008, the Indian Cyber law. But “Cyber Security” is defined under Section (2) (b) means protecting information, equipment, devices computer, computer resource, communication device and information stored therein from unauthorized access.
In essence, cyber law is an attempt to apply laws designed forthe physical world, to human activity on the Internet. In India, The IT Act, 2000 as amended by The IT (Amendment) Act, 2008 is known as the Cyber law. It has a separate chapter XI entitled “Offences” in which various cyber crimes have been declared as penal offences punishable with imprisonment and fine.
Let us look into some common cyber-crime scenarios which can attract prosecution as per the penalties and offences prescribed in IT Act 2000 (amended via 2008) Act. a. Harassment via fake public profile on social networking site A fake profile of a person is created on a social networking site with the correct address, residential information or contact details but he/she is labelled as ‘prostitute’ or a person of ‘loose character’. This leads to harassment of the victim. Provisions Applicable:- Sections 66A, 67 of IT Act and Section 509 of the Indian Penal Code. b. Online Hate Community Online hate community is created inciting a religious group to act or pass objectionable remarks against a country, national figures etc. Provisions Applicable: Section 66A of IT Act and 153A & 153B of the Indian Penal Code.
c. Email Account Hacking If victim’s email account is hacked and obscene emails are sent to people in victim’s address book. Provisions Applicable:- Sections 43, 66, 66A, 66C, 67, 67A and 67B of IT Act. d. Credit Card Fraud Unsuspecting victims would use infected computers to make online transactions. Provisions Applicable:- Sections 43, 66, 66C, 66D of IT Act and section 420 of the IPC. e. Web Defacement The homepage of a website is replaced with a pornographic or defamatory page. Government sites generally face the wrath of hackers on symbolic days. Provisions Applicable:- Sections 43 and 66 of IT Act and Sections 66F, 67 and 70 of IT Act also apply in some cases. f. Introducing Viruses, Worms, Backdoors, Rootkits, Trojans, Bugs All of the above are some sort of malicious programs which are used to destroy or gain access to some electronic information. Provisions Applicable:- Sections 43, 66, 66A of IT Act and Section 426 of Indian Penal Code. g. Cyber Terrorism Many terrorists are use virtual(GDrive, FTP sites) and physical storage media(USB’s, hard drives) for hiding information and records of their illicit business. IT Act 2000: Penalties, Offences with Case Studies Confidential Network Intelligence (India) Pvt. Ltd. Page 14 of 24 Provisions Applicable: Conventional terrorism laws may apply along with Section 69 of IT Act.
h. Online sale of illegal Articles Where sale of narcotics, drugs weapons and wildlife is facilitated by the Internet Provisions Applicable:- Generally conventional laws apply in these cases. j. Phishing and Email Scams Phishing involves fraudulently acquiring sensitive information through masquerading a site as a trusted entity.Provisions Applicable:- Section 66, 66A and 66D of IT Act and Section 420 of IPC k. Theft of Confidential Information Many business organizations store their confidential information in computer systems. This information is targeted by rivals, criminals and disgruntled employees. Provisions Applicable:- Sections 43, 66, 66B of IT Act and Section 426 of Indian Penal Code. l. Source Code Theft A Source code generally is the most coveted and important "crown jewel" asset of a company. Provisions applicable:- Sections 43, 66, 66B of IT Act and Section 63 of Copyright Act. m. Tax Evasion and Money Laundering Money launderers and people doing illegal business activities hide their information in virtual as well as physical activities. Provisions Applicable: Income Tax Act and Prevention of Money Laundering Act. IT Act may apply case-wise. n. Online Share Trading Fraud It has become mandatory for investors to have their demat accounts linked with their online banking accounts which are generally accessed unauthorized, thereby leading to share trading frauds. Provisions Applicable: Sections 43, 66, 66C, 66D of IT Act and Section 420 of IPC
10. Cyber Crime Prevention Tips
Use Strong PasswordsUse different user ID / password combinations for different accounts and avoid writing them down. Make the passwords more complicated by combining letters, numbers, special characters (minimum 10 characters in total) and change them on a regular basis.
Secure your computer:Activate your firewallFirewalls are the first line of cyber defense; they block connections to unknown or bogus sites and will keep out some types of viruses and hackers.Use anti-virus/malware softwarePrevent viruses from infecting your computer by installing and regularly updating anti-virus software.Block spyware attacksPrevent spyware from infiltrating your computer by installing and updating anti-spyware software.Secure your Mobile DevicesBe aware that your mobile device is vulnerable to viruses and hackers. Download applications from trusted sources.
Install the latest operating system updatesKeep your applications and operating system (e.g. Windows, Mac, Linux) current with the latest system updates. Turn on automatic updates to prevent potential attacks on older software.Protect your DataUse encryption for your most sensitive files such as tax returns or financial records, make regular back-ups of all your important data, and store it in another location.
Secure your wireless networkWi-Fi (wireless) networks at home are vulnerable to intrusion if they are not properly secured. Review and modify default settings. Public Wi-Fi, a.k.a. “Hot Spots”, are also vulnerable. Use VPNs like vemeo. Avoid conducting financial or corporate transactions on these networks.
Protect your e-identityBe cautious when giving out personal information such as your name, address, phone number or financial information on the Internet. Make sure that websites are secure (e.g. when making online purchases) or that you’ve enabled privacy settings (e.g. when accessing/using social networking sites).
Avoid being scammedAlways think before you click on a link or file of unknown origin. Don’t feel pressured by any emails. Check the source of the message. When in doubt, verify the source. Never reply to emails that ask you to verify your information or confirm your user ID or password.
Review bank and credit card statements regularly.The impact of identity theft and online crimes can be greatly reduced if you can catch it shortly after your data is stolen or when the first use of your information is attempted. One of the easiest ways to get the tip-off that something has gone wrong is by reviewing the monthly statements provided by your bank and credit card companies for anything out of the ordinary.
In an organisation, Education and awareness across the staff will go a long way to protect against many types of cybercrime.
Bibliography
In writing this report, I’ve found following resources highly useful.
1. 2013 Cost of Cyber Crime Study: Global Report by
Ponemon Institute© Research Report.
2. Fortinet 2013 Cyber Crime Report
3. 2013 Norton Cyber Security Report
4. Forbes: How to prevent cyber crime
5. Cisco - CCNA Study Guide 640 - 802 - Network Security access lists standards and extended
6. Articles on Cross Domains Solution Website
7. Other websites: wired.in, webopedia.com , wikipedia.com and numerous other resourceful sites.