Defining cyber crimes, as “acts that are punishable by the Information Technology Act” would be unsuitable as the Indian Penal Code also covers many cyber crimes, such as email spoofing and cyber defamation, sending threatening emails etc. A simple yet sturdy definition of cyber crime would be “unlawful acts wherein the computer is either a tool or a target or both”.
MODE AND MANNER OF COMMITING CYBER CRIME:
- Unauthorized access to computer systems or networks / Hacking-
This kind of offence is normally referred as hacking in the generic sense. However the framers of the information technology act 2000 have no where used this term so to avoid any confusion we would not interchangeably use the word hacking for ‘unauthorized access’ as the latter has wide connotation.
- Theft of information contained in electronic form-
This includes information stored in computer hard disks, removable storage media etc. Theft may be either by appropriating the data physically or by tampering them through the virtual medium.
- Email bombing-
This kind of activity refers to sending large numbers of mail to the victim, which may be an individual or a company or even mail servers there by ultimately resulting into crashing.
- Data diddling-
This kind of an attack involves altering raw data just before a computer processes it and then changing it back after the processing is completed. The electricity board faced similar problem of data diddling while the department was being computerised.
- Salami attacks-
This kind of crime is normally prevalent in the financial institutions or for the purpose of committing financial crimes. An important feature of this type of offence is that the alteration is so small that it would normally go unnoticed. E.g. the Ziegler case wherein a logic bomb was introduced in the bank’s system, which deducted 10 cents from every account and deposited it in a particular account.
- Denial of Service attack-
The computer of the victim is flooded with more requests than it can handle which cause it to crash. Distributed Denial of Service (DDoS) attack is also a type of denial of service attack, in which the offenders are wide in number and widespread. E.g. Amazon, Yahoo.
- Virus / worm attacks-
Viruses are programs that attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network. They usually affect the data on a computer, either by altering or deleting it. Worms, unlike viruses do not need the host to attach themselves to. They merely make functional copies of themselves and do this repeatedly till they eat up all the available space on a computer’s memory. E.g. love bug virus, which affected at least 5 % of the computers of the globe. The losses were accounted to be $ 10 million. The world’s most famous worm was the Internet worm let loose on the Internet by Robert Morris sometime in 1988. Almost brought development of Internet to a complete halt.
- Logic bombs-
These are event dependent programs. This implies that these programs are created to do something only when a certain event (known as a trigger event) occurs. E.g. even some viruses may be termed logic bombs because they lie dormant all through the year and become active only on a particular date (like the Chernobylvirus).
- Trojan attacks-
This term has its origin in the word ‘Trojan horse’. In software field this means an unauthorized programme, which passively gains control over another’s system by representing itself as an authorised programme. The most common form of installing a Trojan is through e-mail. E.g. a Trojan was installed in the computer of a lady film director in theU.S.while chatting. The cyber criminal through the web cam installed in the computer obtained her nude photographs. He further harassed this lady.
- Internet time thefts-
Normally in these kinds of thefts the Internet surfing hours of the victim are used up by another person. This is done by gaining access to the login ID and the password. E.g. Colonel Bajwa’s case- the Internet hours were used up by any other person. This was perhaps one of the first reported cases related to cyber crime inIndia. However this case made the police infamous as to their lack of understanding of the nature of cyber crime.
- Web jacking-
This term is derived from the term hi jacking. In these kinds of offences the hacker gains access and control over the web site of another. He may even mutilate or change the information on the site. This may be done for fulfilling political objectives or for money. E.g. recently the site of MIT (Ministry of Information Technology) was hackedd by the Pakistani hackers and some obscene matter was placed therein. Further the site of Bombay crime branch was also web jacked. Another case of web jacking is that of the ‘gold fish’ case. In this case the site was hacked and the information pertaining to gold fish was changed. Further a ransom of US $ 1 million was demanded as ransom. Thus web jacking is a process where by control over the site of another is made backed by some consideration for it.
- A spoofed email is one that appears to originate from one source but actually has been sent from another source. E.g. Pooja has an e-mail address firstname.lastname@example.org. Her enemy, Sameer poofs her e-mail and sends obscene messages to all her acquaintances. Since the e-mails appear to have originated from Pooja, her friends could take offence and relationships could be spoiled for life.
- Email spoofing can also cause monetary damage. In an American case, a teenager made millions of dollars by spreading false information about certain companies whose shares he had short sold. This misinformation was spread by sending spoofed emails, purportedly from news agencies like Reuters, to share brokers and investors who were informed that the companies were doing very badly. Even after the truth came out the values of the shares did not go back to the earlier levels and thousands of investors lost a lot of money.
How Spoofing Works?
In its simplest (and most easily detected) form, e-mail spoofing involves simply setting the display name or “from” field of outgoing messages to show a name or address other than the actual one from which the message is sent. Most POP e-mail clients allow you to change the text displayed in this field to whatever you want. For example, when you set up a mail account in Outlook Express, you are asked to enter a display name, which can be anything you want, as shown in Figure 1.
Fig 1: Setting the display name in your e-mail client
The name you set will be displayed in the recipient’s mail program as the person from whom the mail was sent. Likewise, you can type anything you like in the field on the following page that asks for your e-mail address. These fields are separate from the field where you enter your account name assigned to you by your ISP. Figure 2 shows what the recipient sees in the “From” field of an e-mail client such as Outlook.
Fig 2: The recipient sees whatever information you entered
When this simplistic method is used, you can tell where the mail originated (for example, that it did not come from thewhitehouse.com) by checking the actual mail headers. Many e-mail clients don’t show these by default. In Outlook, open the message and then click View | Options to see the headers, as shown in Figure 3.
Fig 3: Viewing the e-mail headers
In this example, you can see that the message actually originated from a computer named XDREAM and was sent from the mail.augustmail.com SMTP server.
Unfortunately, even the headers don’t always tell you the truth about where the message came from. Spammers and other spoofers often use open relays to send their bogus or malicious messages. An open relay is an SMTP server that is not correctly configured and so allows third-parties to send e-mail through it that is not sent from nor to a local user. In that case, the “Received from” field in the header only points you to the SMTP server that was victimized.
What Can You Do?
Unfortunately, there is not much that you can do to prevent spoofed e-mails from being sent to you. Companies such as Microsoft are examining the issue, but solutions are still a long way away. What you can do is understand how fragile the sender’s “identity” really is, and be vigilant.
You can also look at the “headers” information to see where the spoofed e-mail actually originated from. Depending on the circumstances you can then send an alert to the person you assume sent it.
If it appears that your own e-mail address has been spoofed, there are some steps you can take. If you receive an e-mail or phone call accusing you of distributing a virus, first determine that your computer is not infected by using your anti-virus. If you are clean, you may consider replying to the person and politely letting them know that your address was spoofed. Keep in mind that many virus alert messages are often generated by a program. Replying to such a message will be a waste of time.
What is phishing?
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include user training, public awareness, and technical security measures.
The use of information technology by terrorist groups and individuals to further their agenda. This can include use of information technology to organize and execute attacks against networks, computer systems and telecommunications infrastructures, or for exchanging information or making threats electronically. Examples are hacking into computer systems, introducing viruses to vulnerable networks, web site defacing, denial-of-service attacks, or terroristic threats made via electronic communication.
Cyber-terrorism is the leveraging of a target’s computers and information technology, particularly via the Internet, to cause physical, real-world harm or severe disruption of infrastructure.
Effects of Cyber terrorism
1) It can weaken countries’ economy greatly, thereby stripping their of its resources and making it more vulnerable to military attack.
2) Cyberterror can also affect internet-based businesses. Like brick and mortar retailers and service providers, most websites that produce income (whether by advertising, monetary exchange for goods or paid services) could stand to lose money in the event of downtime created by cyber criminals.
3) As internet-businesses have increasing economic importance to countries, what is normally cybercrime becomes more political and therefore “terror” related.
ANALYSIS OF THE STATUTORY PROVISONS:
The Information Technology Act 2000 was undoubtedly a welcome step at a time when there was no legislation on this specialised field. The Act has however during its application has proved to be inadequate to a certain extent. The various loopholes in the Act are-
1. The hurry in which the legislation was passed, without sufficient public debate, did not really serve the desired purpose .
2. “Cyberlaws, in their very preamble and aim, state that they are targeted at aiding e-commerce, and are not meant to regulate cybercrime”(6) –
4.Cyber crime in the Act is neither comprehensive nor exhaustive-
5.Ambiguity in the definitions-
6. Uniform law-
7.Lack of awareness-
8. Jurisdiction issues-
9. Extra territorial application-
10. Raising a cyber army-
11. Cyber savvy bench-
12. Dynamic form of cyber crime-
13. Hesitation to report offences-
PREVENTION OF CYBER CRIME:
Prevention is always better than cure. It is always better to take certain precaution while operating the net. One should make them his part of cyber life. A person surfing on net should keep in mind the following things-
1. To prevent cyber stalking avoid disclosing any information pertaining to oneself. This is as good as disclosing your identity to strangers in public place.
2. Always avoid sending any photograph online particularly to strangers and chat friends as there have been incidents of misuse of the photographs.
3. Always use latest and up date anti virus software to guard against virus attacks.
4. Always keep back up volumes so that one may not suffer data loss in case of virus contamination
5. Never send your credit card number to any site that is not secured, to guard against frauds.
6. Always keep a watch on the sites that your children are accessing to prevent any kind of harassment or depravation in children.
7. It is better to use a security programme that gives control over the cookies and send information back to the site as leaving the cookies unguarded might prove fatal.
8. Web site owners should watch traffic and check any irregularity on the site. Putting host-based intrusion detection devices on servers may do this.
9. Use of firewalls may be beneficial.
10. Web servers running public sites must be physically separate protected from internal corporate network.
This would include pornographic websites; pornographic magazines produced using computers (to publish and print the material) and the Internet (to download and transmit pornographic pictures, photos, writings etc). Recent Indian incidents revolving around cyber pornography include the Air Force Balbharati School case. A student of the Air Force Balbharati School, Delhi, was teased by all his classmates for having a pockmarked face. Tired of the cruel jokes, he decided to get back at his
tormentors. He scanned photographs of his classmates and teachers, morphed them with nude photographs and put them up on a website that he uploaded on to a free web hosting service. It was only after the father of one of the class girls featured on the website objected and lodged a complaint with the police that any action was taken.
Child pornography refers to images or films (also known as child abuse images and, in some cases, writings depicting sexually explicit activities involving a child. Abuse of the child occurs during the sexual acts which are recorded in the production of child pornography, and several professors of psychology state that memories of the abuse are maintained as long as visual records exist, are accessed, and are “exploited perversely”.
Counterfeit currency notes, postage and revenue stamps, mark sheets etc can be forged using sophisticated computers, printers and scanners. Outside many colleges across India, one finds touts soliciting the sale of fake mark sheets or even certificates. These are made using computers, and high quality scanners and printers. In fact, this has becoming a booming business involving thousands of Rupees being given to student gangs in exchange for these bogus but authentic looking certificates.
- Defamation can be understood as the intentional infringement of another person’s right to his good name.
- Cyber Defamation occurs when defamation takes place with the help of computers and / or the Internet. E.g. someone publishes defamatory matter about someone on a website or sends e-mails containing defamatory information to all of that person’s friends. Information posted to a bulletin board can be accessed by anyone.
- Cyber defamation is also called as Cyber smearing.
Cyber stalking involves following a persons movements across the Internet by posting messages (sometimes threatening) on the bulletin boards frequented by the victim, entering the chat-rooms frequented by the victim, constantly bombarding the victim with emails etc.
In general, the harasser intends to cause emotional distress and has no legitimate purpose to his communications.
Data diddling involves changing data prior or during input into a computer.
In other words, information is changed from the way it should be entered by a person typing in the data, a virus that changes data, the programmer of the database or application, or anyone else involved in the process of having information stored in a computer file.
It also include automatic changing the financial information for some time before processing and then restoring original information.
Theft of Internet Hours:-
Unauthorized use of Internet hours paid for by another person.
By gaining access to an organisation’s telephone switchboard (PBX) individuals or criminal organizations can obtain access to dial-in/dial-out circuits and then make their own calls or sell call time to third parties.
Additional forms of service theft include capturing ‘calling card’ details and on-selling calls charged to the calling card account, and counterfeiting or illicit reprogramming of stored value telephone cards.
Breach of Privacy and Confidentiality
Privacy refers to the right of an individual/s to determine when, how and to what extent his or her personal data will be shared with others.
Breach of privacy means unauthorized use or distribution or disclosure of personal information like medical records, sexual preferences, financial status etc.
- It means non disclosure of information to unauthorized or unwanted persons.
- In addition to Personal information some other type of information which useful for business and leakage of such information to other persons may cause damage to business or person, such information should be protected.
- Generally for protecting secrecy of such information, parties while sharing information forms an agreement about he procedure of handling of information and to not to disclose such information to third parties or use it in such a way that it will be disclosed to third parties.
- Many times party or their employees leak such valuable information for monitory gains and causes breach of contract of confidentiality.
- Special techniques such as Social Engineering are commonly used to obtain confidential information.
Social engineering is commonly understood to mean the art of manipulating people into performing actions or divulging confidential information. While it is similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victims.
“Social engineering” as an act of psychological manipulation was popularized by hacker-turned-consultant Kevin Mitnick. The term had previously been associated with the social sciences, but its usage has caught on among computer professionals.
Software piracy refers to the unauthorized duplication and use of computer software. Software developers work hard to develop solid software programs. If those applications are pirated and stolen, the software developers will often be unable to generate the revenue required to continue supporting and expanding those applications. The effects of software piracy impact the entire global economy. The reduced revenues often divert funding from product development, and result in less research and less investment in marketing.
Software is intellectual property, and is protected by copyright laws in most countries. Most software licenses grant users the permission to use the software, but the license holder does not “own” the software — they simply own a license to “use” the software. Pirating software, circumventing the copy protection, and not properly licensing the software is illegal in most of the world. And in most countries, it is illegal to violate or circumvent software copyrights. Unfortunately, due to the global nature of the Internet, it is often difficult to enforce those copyright laws. If the pirate or offender is located in a country that does not respect copyright laws, it can be difficult to enforce penalties against software pirates.
What is IP spoofing?
A technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host. To engage in IP spoofing, a hacker must first use a variety of techniques to find an IP address of a trusted host and then modify the packet headers so that it appears that the packets are coming from that host.
Newer routers and firewall arrangements can offer protection against IP spoofing.
A particularly nasty kind of personnel breach we’ve seen lately is harassment on the Internet. Sending threatening email messages and slandering people on bulletin board systems and newsgroups is all too common.
Personally threatening remarks can as easily be sent by letter or posted on a wall, as they can be sent over the Internet. But the electronic audience is a much larger one, and such messages, sent out from an organization’s network domain, may damage the reputation of the organization as well as that of the particular perpetrator.
Data diddling, sometimes called false data entry, involves modifying data before or after it is entered into the computer.
Password sniffers are able to monitor all traffic on areas of a network. Crackers have installed them on networks used by systems that they especially want to penetrate, like telephone systems and network providers. Password sniffers are programs that simply collect the first 128 or more bytes of each network connection on the network that’s being monitored. When a user types in a user name and a password–as required when using certain common Internet services like FTP (which is used to transfer files from one machine to another) or Telnet (which lets the user log in remotely to another machine)–the sniffer collects that information. Additional programs sift through the collected information, pull out the important pieces (e.g., the user names and passwords), and cover up the existence of the sniffers in an automated way.
A technique often used by novice crackers, called scanning or war dialing, also is one that ought to be prevented by good operations security.
With scanning, a program known as a war dialer or demon dialer processes a series of sequentially changing information, such as a list of telephone numbers, passwords, or telephone calling card numbers. It tries each one in turn to see which ones succeed in getting a positive response.
What are the types of Software Attacks? Explain in Detail.
There are also attacks that subvert software.
1. Trap Doors
One classic software attack is the trap door or back door. A trap door is a quick way into a program; it allows program developers to bypass all of the security built into the program now or in the future.
To a programmer, trap doors make sense. If a programmer needs to modify the program sometime in the future, he can use the trap door instead of having to go through all of the normal, customer-directed protocols just to make the change. Trap doors of course should be closed or eliminated in the final version of the program after all testing is complete, but, intentionally or unintentionally, some are left in place. Other trap doors may be introduced by error and only later discovered by crackers who are roaming around, looking for a way into system programs and files. Typical trap doors use such system features as debugging tools, program exits that transfer control to privileged areas of memory, undocumented application calls and parameters, and many others.
Trap doors make obvious sense to expert computer criminals as well, whether they are malicious programmers or crackers. Trap doors are a nifty way to get into a system or to gain access to privileged information or to introduce viruses or other unauthorized programs into the system.
2. Session Hijacking
Session hijacking is a relatively new type of attack in the communications category. Some types of hijacking have been around a long time. In the simplest type, an unauthorized user gets up from his terminal to go get a cup of coffee. Someone lurking nearby–probably a coworker who isn’t authorized to use this particular system–sits down to read or change files that he wouldn’t ordinarily be able to access.
Some systems don’t disconnect immediately when a session is terminated. Instead, they allow a user to re-access the interrupted program for a short period. A cracker with a good knowledge of telephone and telecommunications operations can take advantage of this fact to reconnect to the terminated session.
Sometimes, an attacker will connect a covert computer terminal to a line between the authorized terminal and the computer. The criminal waits until the authorized terminal is on line but not in use, and then switches control to the covert terminal. The computer thinks it is still connected to the authorized user, and the criminal has access to the same files and data as the authorized user. Other types of hijacking occur when an authorized user doesn’t log out properly so the computer still expects a terminal to be connected. Call forwarding from an authorized number to an unauthorized number is another method of getting access.
Technically sophisticated tunneling attacks fall into this category as well. Tunneling uses one data transfer method to carry data for another method. Tunneling is an often legitimate way to transfer data over incompatible networks, but it is illegitimate when it is used to carry unauthorized data in legitimate data packets.
4. Timing Attacks
Timing attacks are another technically complex way to get unauthorized access to software or data. These include the abuse of race conditions and asynchronous attacks. In race conditions, there is a race between two processes operating on a system; the outcome depends on who wins the race. Although such conditions may sound theoretical, they can be abused in very real ways by attackers who know what they’re doing. On certain types of UNIX systems, for example, attackers could exploit a problem with files known as setuid shell files to gain superuser privileges. They did this by establishing links to a setuid shell file, then deleting the links quickly and pointing them at some other file of their own. If the operation is done quickly enough, the system can be made to run the attacker’s file, not the real file.
Asynchronous attacks are another way of taking advantage of dynamic system activity to get access. Computer systems are often called upon to do many things at the same time. They may, for example, be asked by different users to analyze data using an application program that can work with only one set of data at a time. Or they may be told to print data by more users than they can handle at once. In these cases, the operating system simply places user requests into a queue, then satisfies them according to a predetermined set of criteria; for example, certain users may always take precedence, or certain types of tasks may come before others. “Asynchronous” means that the computer doesn’t simply satisfy requests in the order in which they were performed, but according to some other scheme.
A skilled programmer can figure out how to penetrate the queue and modify the data that is waiting to be processed or printed. He might use his knowledge of the criteria to place his request in front of others waiting in the queue. He might change a queue entry to replace someone else’s name or data with his own, or to subvert that user’s data by replacing it. Or he could disrupt the entire system by changing commands so that data is lost, programs crash, or information from different programs is mixed as the data is analyzed or printed.
5. Trojan Horses
Trojan horses, viruses, worms, and their kin are all attacks on the integrity of the data that is stored in systems and communicated across networks. Because there should be procedures in place for preventing and detecting these menaces, they overlap with the operations security category as well.
In the computer world, Trojan horses are still used to sneak in where they’re not expected. A Trojan horse is a method for inserting instructions in a program so that program performs an unauthorized function while apparently performing a useful one. Trojan horses are a common technique for planting other problems in computers, including viruses, worms, logic bombs, and salami attacks (more about these later). Trojan horses are a commonly used method for committing computer-based fraud and are very hard to detect.
6. Viruses and Worms
People often confuse viruses and worms, so we try to differentiate them in this section. Indeed, they have many similarities, and both can be introduced into systems via Trojan horses.
The easiest way to think of a computer virus is in terms of a biological virus. A biological virus is not strictly alive in its own right, at least in the sense that lay people usually view life. It needs a living host in order to operate. Viruses infect healthy living cells and cause them to replicate the virus. In this way, the virus spreads to other cells. Without the living cell, a virus cannot replicate.
In a computer, a virus is a program which modifies other programs so they replicate the virus. In other words, the healthy living cell becomes the original program, and the virus affects the way the program operates. How? It inserts a copy of itself in the code. Thus, when the program runs, it makes a copy of the virus. This happens only on a single system. (Viruses don’t infect networks in the way worms do, as we’ll explain below.) However, if a virus infects a program which is copied to a disk and transferred to another computer, it could also infect programs on that computer. This is how a computer virus spreads.
The spread of a virus is simple and predictable–and it can be prevented. Viruses are mainly a problem with PCs and Macintoshes. Virus infection is fortunately hard to accomplish on UNIX systems and mainframes.
Unlike a virus, a worm is a standalone program in its own right. It exists independently of any other programs. To run, it does not need other programs. A worm simply replicates itself on one computer and tries to infect other computers that may be attached to the same network.
NOTE: An important distinction between worms and viruses: A worm operates over a network, but in order to infect a machine, a virus must be physically copied.
Some viruses and worms are nondestructive (comparatively speaking), while others are extremely malevolent. Many common PC viruses, such as Michaelangelo, cause machine crashes or data loss as a result of bugs or other unexpected interactions with existing code. The Christmas Tree worm program which attacked IBM systems started out as nondestructive. But, as it spread itself to other computers, it became destructive when it proliferated into the system to such a degree that no other work could be done and the entire network had to be shut down to purge the infection.
The best ways to prevent viruses and worms from invading a system are:
a) Be vigilant about introducing new and untrusted software into a system.
b) Use virus scanning software to check for viruses.
c) Do frequent and careful backups.
d) Employees who bring software to the office from their home machines (usually free software they have downloaded from bulletin board systems) are the greatest threat.
The Trojan horse is also a technique for creating an automated form of computer abuse called the salami attack, which works on financial data. This technique causes small amounts of assets to be removed from a larger pool. The stolen assets are removed one slice at a time (hence the name salami). Usually, the amount stolen each time is so small that the victim of the salami fraud never even notices.
A clever thief can use a Trojan horse to hide a salami program that puts all of the rounded off values into his account. A tiny percentage of pennies may not sound like much until you add up thousands of accounts, month after month. Criminals using this scheme have been able to steal many thousands of dollars. They are sometimes discovered by a bank audit. More often, they are detected only when they use their new-found gains to entertain a life style that is not supported by their legitimate income.
8. Logic Bombs
Logic bombs may also find their way into computer systems by way of Trojan horses. A typical logic bomb tells the computer to execute a set of instructions at a certain date and time or under certain specified conditions. The instructions may tell the computer to display “I gotcha” on the screen, or it may tell the entire system to start erasing itself. Logic bombs often work in tandem with viruses. Whereas a simple virus infects a program and then replicates when the program starts to run, the logic bomb does not replicate – it merely waits for some pre-specified event or time to do its damage.
Time is not the only criterion used to set off logic bombs. Some bombs do their damage after a particular program is run a certain number of times. Others are more creative. In several cases we’ve heard about, a programmer told the logic bomb to destroy data if the company payroll is run and his name is not on it.; this is a sure-fire way to get back at the company if he is fired! The employee is fired, or may leave on his own, but does not remove the logic bomb. The next time the payroll is run and the computer searches for but doesn’t find the employee’s name, it crashes, destroying not only all of the employee payroll records, but the payroll application program as well.
Trojan horses present a major threat to computer systems, not just because of the damage they themselves can do, but because they provide a technique to facilitate more devastating crimes.