Cyber Security Unit-1 (Chapter-1) – Introduction to Cybercrime, Cyber offences 1

Cyber Security
Unit-1 (Chapter - 1: Introduction to Cybercrime, Cyber offences)
❖ Cybercrime definition and origins of the word
❖ Cybercrime and information Security
❖ Classifications of Cybercrimes
❖ A global Perspective on cybercrimes
❖ Criminal- plans and Attacks
❖ Social Engineering
❖ Cyber stalking
❖ Cyber Cafe and Cybercrimes
❖ Botnets
❖ Proliferation of Mobile and Wireless Devices
❖ Credit Card Frauds in Mobile and Wireless Computing Era
❖ Security challenges posed by mobile devices

Definition of Cybercrime
According to Goodman and Brenner, the definition of Cybercrime –
“Cybercrime is an act that violates the law, which is perpetrated using information and
communication technology (ICT) to either target networks, systems, data, websites and/or
technology or facilitate a crime.”

Cybercrime specifically can be defined in a number of ways; a few definitions are:

1. A crime committed using a computer and the Internet to steal a person’s identity (identity theft) or
sell contraband or stalk victims or disrupt operations with malevolent programs.
2. Crimes completed either on or with a computer.
3. Any illegal activity done through the Internet or on the computer.
4. All criminal activities done using the medium of computers, the Internet, cyberspace and the WWW.

According to one information security, cybercrime is any criminal activity which uses network access
to commit a criminal act. Cybercrime may be internal or external, with the former easier to perpetrate.
The term “cybercrime” has evolved over the past few years since the adoption of Internet connection on
a global scale with hundreds of millions of users. Cybercrime refers to the act of performing a criminal
act using cyberspace as the communications vehicle.
Some people argue that a cybercrime is not a crime as it is a crime against software & not against a
person (or) property. However, while the legal systems around the world scramble to introduce laws to
combat cyber criminals, 2 types of attacks are prevalent:
1. Techno-crime: A premeditated act against a system or systems, with the intent to copy, steal,
prevent access, corrupt or otherwise deface or damage parts of or the complete computer
system. The 24X7 connection to the internet makes this type of cybercrime a real possibility to
engineer from anywhere in the world, leaving few, if any, “finger prints”.
2. Techno-vandalism: These acts of “brainless” defacement of websites and/or other activities,
such as copying files and publicizing their contents publicly, are usually opportunistic in nature.
Tight internal security, allied to strong technical safeguards should prevent the vast majority of
such incidents.

Prof. Prasad Patil

Department of Computer Applications, Cyber Security (24EBCE301), BCA 5th sem
KLE Technological University,
Belagavi.
Cyber Security Unit-1 (Chapter-1) – Introduction to Cybercrime, Cyber offences 2

There is a very thin line between the two terms “computer crime” and “computer fraud”; both are
punishable. Cybercrimes (harmful acts committed from or against a computer or network) differ from
most terrestrial crimes in four ways:
a. how to commit them is easier to learn,
b. they require few resources relative to the potential damage caused,
c. they can be committed in a jurisdiction without being physically present in it &
d. they are often not clearly illegal.

Important Definitions related to Cyber Security:

Cyberterrorism:
This term was coined in 1997 by Barry Collin, a senior research fellow at the institute for Security and
Intelligence in California. Cyberterrorism seems to be a controversial term. The use of information
technology and means by terrorist groups & agents is called as Cyberterrorism.
“The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks,
with the intention to cause harm or further social, ideological, religious, political or similar objectives or
to intimidate any person in furtherance of such objectives.”
(or)
Cyberterrorism is defined as “any person, group or organization who, with terrorist intent, utilizes
accesses or aids in accessing a computer or computer network or electronic system or electronic device
by any available means, and thereby knowingly engages in or attempts to engage in a terrorist act
commits the offence of cyberterrorism.”
Cybernetics:
Cybernetics deals with information and its use. Cybernetics is the science that overlaps the fields of
neurophysiology, information theory, computing machinery and automation. Worldwide, including India,
cyberterrorists usually use computer as a tool, target for their unlawful act to gain information.
Internet is one of the means by which the offenders can gain priced sensitive information of companies,
firms, individuals, banks and can lead to intellectual property (IP) crimes, selling illegal articles,
pornography/child pornography, etc. This is done using methods such as Phishing, Spoofing, Pharming,
Internet Phishing, wire transfer, etc. and use it to their own advantage without the consent of the
individual.

Phishing:
Phishing is a cyber attack that uses disguised email as a weapon. The goal is to trick the email recipient
into believing that the message is something they want or need a request from their bank, for instance, or
a note from someone in their company and to click a link or download an attachment.
Phishing is an attempt by an individual or a group to thieve personal confidential information such as
passwords, credit card information from unsuspecting victims for identity theft, financial gain & other
fraudulent activities.
(or)
Phishing is a form of online identity theft that aims to steal sensitive information such as online banking
passwords, credit card information from users etc.

Cyberspace:
This is a term coined by William Gibson, a science fiction writer in 1984. Cyberspace is where users
mentally travel through matrices of data. Conceptually, cyberspace is the nebulous place where humans
interact over computer networks. The term “cyberspace” is now used to describe the Internet and other
computer networks. In terms of computer science, “cyberspace” is a worldwide network of computer
networks that uses the Transmission Control Protocol/Internet Protocol (TCP/IP) for communication to
facilitate transmission and exchange of data. Cyberspace is most definitely a place where you chat,
explore, research and play.

Cybersquatting:
The term is derived from “squatting” which is the act of occupying an abandoned/unoccupied space/
building that the user does not own, rent or otherwise have permission to use. Cybersquatting, however,
is a bit different in that the domain names that are being squatted are (sometimes but not always) being
paid for by the cybersquatters through the registration process. Cybersquatters usually ask for prices far
greater than those at which they purchased it. Some cybersquatters put up derogatory or defamatory

Prof. Prasad Patil

Department of Computer Applications, Cyber Security (24EBCE301), BCA 5th sem
KLE Technological University,
Belagavi.
Cyber Security Unit-1 (Chapter-1) – Introduction to Cybercrime, Cyber offences 3

remarks about the person or company the domain is meant to represent in an effort to encourage the
subject to buy the domain from them. This term is explained here because, in a way, it relates to
cybercrime given the intent of cybersquatting. Cybersquatting means registering, selling or using a
domain name with the intent of profiting from the goodwill of someone else’s trademark. In this nature,
it can be considered to be a type of cybercrime. Cybersquatting is the practice of buying “domain names”
that have existing businesses names.

Cyberpunk:
This is a term coined by Bruce Bethke, published in science fiction stories magazine in November 1983.
According to science fiction literature, the words “cyber” and “punk” emphasize the two basic aspects of
cyberpunk: “technology” and “individualism.” The term “cyberpunk” could mean something like
“anarchy via machines” or “machine/computer rebel movement.”

Cyberwarfare:
Cyberwarfare means information attacks against an unsuspecting opponent’s computer networks,
destroying and paralyzing nations. This perception seems to be correct as the terms cyberwarfare and
Cyberterrorism have got historical connection in the context of attacks against infrastructure. The term
“information infrastructure” refers to information resources, including communication systems that
support an industry, institution or population. These types of Cyber-attacks are often presented as threat
to military forces and the Internet has major implications for espionage and warfare.

Prof. Prasad Patil

Department of Computer Applications, Cyber Security (24EBCE301), BCA 5th sem
KLE Technological University,
Belagavi.
Cyber Security Unit-1 (Chapter-1) – Introduction to Cybercrime, Cyber offences 4

CYBERCRIME AND INFORMATION SECURITY

Lack of information security gives rise to cybercrimes. Let us refer to the amended Indian Information
Technology Act (ITA) 2000 in the context of cybercrime. From an Indian perspective, the new version
of the Act (referred to as ITA 2008) provides a new focus on “Information Security in India".
"Cybersecurity” means protecting information, equipment, devices, computer, computer resource,
communication device and information stored therein from unauthorized access, use, disclosure,
disruption, modification or destruction. The term incorporates both the physical security of devices as
well as the information stored therein. It covers protection from unauthorized access, use, disclosure,
disruption, modification and destruction.
Where financial losses to the organization due to insider crimes are concerned (e.g., leaking customer
data), often some difficulty is faced in estimating the losses because the financial impacts may not be
detected by the victimized organization and no direct costs may be associated with the data theft. The
2008 CSI Survey on computer crime and security supports this. Cybercrimes occupy an important space
in information security domain because of their impact. The other challenge comes from the difficulty in
attaching a quantifiable monetary value to the corporate data and yet corporate data get stolen/lost
(through loss/theft of laptops).
Because of these reasons, reporting of financial losses often remains approximate. In an attempt to avoid
negative publicity, most organizations abstain from revealing facts and figures about “security incidents”
including cybercrime. In general, organizations perception about “insider attacks” seems to be different
than that made out by security solution vendor. However, this perception of an organization does not
seem to be true as revealed by the 2008 CSI Survey. Awareness about “data privacy” too tends to be low
in most organizations.
When we speak of financial losses to the organization and significant insider crimes, such as leaking
customer data, such “crimes” may not be detected by the victimized organization and no direct costs may
be associated with the theft.

Prof. Prasad Patil

Department of Computer Applications, Cyber Security (24EBCE301), BCA 5th sem
KLE Technological University,
Belagavi.
Cyber Security Unit-1 (Chapter-1) – Introduction to Cybercrime, Cyber offences 5

Threat of Botnets
A Botnet is a network of computers that have been secretly infected with harmful software, allowing
them to be controlled remotely without the owner’s knowledge. These infected machines are also called
“zombie computers” because they follow the hacker’s commands silently.
A Botnet operates under a common command-and-control system, meaning the hacker (Botnet creator)
can manage all infected machines at once from anywhere in the world.

Common Uses of Botnets by Hackers:

• Launching Denial-of-Service (DoS) attacks to overload websites or networks.
• Installing adware to display unwanted advertisements.
• Running spyware to steal personal data.
• Sending spam emails in bulk.
• Click fraud – tricking online advertising systems for profit.
• Stealing application serial numbers or software keys.
• Collecting login credentials.
• Capturing financial information such as credit card details.

How Computers Become Part of a Botnet:

• Hackers spread viruses or malicious code via email attachments, infected websites, or pirated
software.
• Once infected, the computer may still appear to work normally, so the user is often unaware it
is compromised.
• The infected machine quietly follows the hacker’s instructions, contributing to cybercrimes.

In short, Botnet turns your computer into a silent helper for hackers, often without you ever realizing it.

Prof. Prasad Patil

Department of Computer Applications, Cyber Security (24EBCE301), BCA 5th sem
KLE Technological University,
Belagavi.
Cyber Security Unit-1 (Chapter-1) – Introduction to Cybercrime, Cyber offences 6

CLASSIFICATIONS OF CYBERCRIMES
A crime is when someone does something that is not allowed by law or fails to do something that the
law requires. Cybercrimes are crimes done using computers or the internet. They can be divided into:
a) Cybercrime against individual
b) Cybercrime against property
c) Cybercrime against organization
d) Cybercrime against society
e) Crimes from Usenet newsgroups

a) Cybercrime against individual

1. E-Mail Spoofing
Sending emails that look like they are from someone else, but are actually from a different
source. Example: A person sends bad or false messages pretending to be someone else to
damage their reputation.
2. Online Frauds
Tricking people into giving personal details (like usernames, passwords, bank details) through
fake websites or emails (called phishing). These fake sites look real and may cause identity
theft or money loss. Viruses and spyware can also secretly steal your data or harm your
computer.
3. Phishing, Spear Phishing, Vishing, and Smishing
❖ Phishing: Fake emails/websites to steal personal data.
❖ Spear Phishing: Targeted phishing aimed at a specific organization.
❖ Vishing: Voice phishing via fake phone calls or recorded messages to steal information.
❖ Smishing: Fake text messages with harmful links to steal data or install malware.
4. Spamming
Sending unwanted bulk messages (via email, SMS, social media, etc.) for advertising or fraud.
Can also involve tricks like hiding keywords, using invisible links, or redirecting pages.
5. Cyber Defamation
Spreading false information online to harm someone’s reputation (via websites, emails, etc.).
6. Cyberstalking and Harassment
Using the internet to threaten, follow, or harass someone. Stalkers can be online-only or start
offline and then use the internet.
7. Computer Sabotage
Using viruses, worms, or logic bombs to stop computers from working properly — for money,
revenge, or illegal activities.
8. Pornographic Offenses
Sharing or creating child pornography online is illegal. Criminals (pedophiles) may trick
children online into sharing personal info or meeting in person.
9. Password Sniffing
Using special tools to steal usernames and passwords by secretly recording network activity.

b) Cybercrime against property

1. Credit Card Frauds
Using stolen credit or debit card details to buy goods or transfer money without permission.
2. Intellectual Property (IP) Crimes
Stealing copyrighted material like software, movies, trade secrets, or patents through the
internet. Often sold illegally to others (piracy).
3. Internet Time Theft
Using someone else’s paid internet connection without permission, often by stealing their login
details.

Prof. Prasad Patil

Department of Computer Applications, Cyber Security (24EBCE301), BCA 5th sem
KLE Technological University,
Belagavi.
Cyber Security Unit-1 (Chapter-1) – Introduction to Cybercrime, Cyber offences 7

c) Cybercrime against Organization

1. Unauthorized Accessing of Computer
Gaining access to computer systems or data without permission (hacking).
2. Password Sniffing
Stealing usernames and passwords on a network to impersonate users and access private
information.
3. Denial-of-Service (DoS) Attacks
Overloading a website or network so that it can’t be used by normal users.
4. Virus Attacks
Spreading malicious programs that damage data, slow systems, or disrupt work.
5. E-Mail Bombing
Sending too many emails to crash someone’s inbox or mail server.
6. Salami Attack
Stealing very small amounts of money or data over time so it goes unnoticed (e.g., bank
employee deducting a few cents from many accounts).
7. Logic Bomb
Malicious code that activates only when certain conditions are met (e.g., on a specific date).
8. Trojan Horse
A program that looks useful but secretly gives attackers access to your computer.
9. Data Diddling
Changing data before or during computer processing to commit fraud.
10. Newsgroup Spam
Posting unwanted ads or messages in online discussion groups.
11. Industrial Spying/Espionage
Stealing confidential business information using the internet.
12. Computer Network Intrusions
Breaking into networks to steal data, plant malware, or change user credentials.
13. Software Piracy
Copying, selling, or distributing software illegally.

d) Cybercrime against Society

1. Forgery
Creating fake documents, mark sheets, currency, or stamps using computers and printers.
2. Cyberterrorism
Using the internet to cause fear, harm, or disruption for political or ideological reasons.
3. Web Jacking
Taking control of a website by stealing and changing its login details.

e) Crimes emanating from Usenet newsgroup

Usenet groups are online forums where people can share information. Some posts can be
harmful, false, or offensive. Users should be careful and use good judgment when reading or
participating in these discussions.

Prof. Prasad Patil

Department of Computer Applications, Cyber Security (24EBCE301), BCA 5th sem
KLE Technological University,
Belagavi.
Cyber Security Unit-1 (Chapter-1) – Introduction to Cybercrime, Cyber offences 8

A GLOBAL PERSPECTIVE ON CYBERCRIMES

In Australia, the Cyber Crime Act 2001 defines cybercrime narrowly — mainly as crimes against
computer data and systems.
At the international level, cybercrime has a broader meaning. The Council of Europe’s Cyber Crime
Treaty treats it as an umbrella term covering:
❖ Crimes against computer data and systems
❖ Computer-related crimes
❖ Content-related crimes
❖ Copyright-related crimes
This broad meaning overlaps with other crimes like white-collar crime and economic crime, which
don’t always require technology.
A 2005 International Telecommunication Union (ITU) survey showed that India had no specific
email spam legislation at that time. ITU also works on fighting spam (www.itu.int/spam).
Many countries now link cybersecurity to critical infrastructure protection, meaning they assess
risks, find weak points, and plan solutions.
Recent Developments:
1. August 4, 2006 – US joins CoE Cyber Crime Convention
❖ Targets hackers, virus creators, child exploitation online, racist content, and
cyberterrorism.
❖ Matches US constitutional protections (free speech, civil liberties) and doesn’t require
changes to US law.
2. August 18, 2006 – Website Blocking Proposal in EU
❖ EU officials propose blocking sites that promote terrorism.
❖ Governments would monitor internet and communication data for law enforcement,
with compensation to service providers.
3. CoE Cyber Crime Convention (1997–2001)
❖ First international treaty to fight internet crimes by aligning national laws, improving
investigations, and increasing cooperation.
❖ Ratified by over 40 countries.

Cybercrime and the Extended Enterprise

Many internet users still don’t fully understand online threats or how to protect themselves. Every user
should know both the benefits and risks of being connected.
Extended Enterprise means a company isn’t just its employees and leaders, it includes:
❖ Business partners
❖ Suppliers
❖ Customers
All these parties need access to the right information to work effectively. The extended enterprise works
like a network of independent companies that share resources to deliver products and services.
Instant decision-making is possible only if information flows smoothly and securely between all parts of
this network. Because everything is interconnected, security awareness among all users is essential.
International organizations can help by:
• Sharing good security practices
• Keeping communication channels open
• Encouraging collaboration and information sharing

Prof. Prasad Patil

Department of Computer Applications, Cyber Security (24EBCE301), BCA 5th sem
KLE Technological University,
Belagavi.
Cyber Security Unit-1 (Chapter-1) – Introduction to Cybercrime, Cyber offences 9

CYBERCRIME ERA: SURVIVAL MANTRA FOR THE NETIZENS

The term “Netizen” (coined by Michael Hauben) means a person who actively uses the internet —
spending significant time online, contributing to blogs, running websites, or participating in forums and
chats.
The 5P Mantra for Netizen Safety:
a. Precaution – Be careful online
b. Prevention – Avoid risky actions
c. Protection – Safeguard your devices and data
d. Preservation – Keep important data safe
e. Perseverance – Stay alert and updated

Golden rule: Stranger is Danger!

Protect your customers’ data, your employees’ privacy, and your company’s systems — it benefits the
whole online community.
NASSCOM promotes cybercrime awareness and has set up cyberlabs in major Indian cities to report
and investigate cases.

Tips for Netizens:

❖ Save any digital evidence (emails, screenshots, logs) in case of a cyber incident.
❖ Understand your rights and responsibilities online.
❖ Some NGOs guide cybercrime victims, but they often lack full police cooperation.
❖ There have been cases of false charges against innocent IT professionals.

Need in India:
A legally empowered agency to protect people from misuse of the Information Technology Act,
2000 (ITA 2000) and to ensure proper enforcement.

Prof. Prasad Patil

Department of Computer Applications, Cyber Security (24EBCE301), BCA 5th sem
KLE Technological University,
Belagavi.
Cyber Security Unit-1 (Chapter-1) – Introduction to Cybercrime, Cyber offences 10

How Criminals Plan Attacks – Introduction

❖ Technology is often described as a “double-edged sword” since it can be used for both
good and bad purposes.
❖ Individuals with malicious intent may misuse technology to cause damage or engage in
illegal activities.
❖ Computers and IT tools can become either the target of offense or the means to commit
crimes.
❖ In today’s interconnected world of the Internet and computer networks, criminal
activities can easily cross national borders.
❖ As discussed in Chapter 1, crimes such as hacking, cyber terrorism, network intrusions,
password sniffing, and computer viruses are among the most common threats targeting
computers.
❖ Cybercriminals exploit the World Wide Web and the Internet extensively for illegal
activities like storing data, maintaining contacts, and accessing account information.
❖ Criminals also take advantage of the widespread lack of awareness about cybercrimes
and cyber laws among individuals who use IT infrastructure for both professional and
personal purposes.
❖ People who commit cybercrimes are commonly known as “Crackers.”

How Criminals Plan the Attacks (Phases)

❖ Criminals use many methods and tools to locate the vulnerabilities of their target.
❖ The target can be an individual and/or an organization.
❖ Criminals plan passive and active attacks.
❖ Active attacks are usually used to alter the system (computer network), whereas passive
attacks attempt to gain information about the target.
❖ Active attacks may affect the availability, integrity, and authenticity of data, whereas
passive attacks lead to a violation of confidentiality.

Phases involved in planning cybercrime:

1. Reconnaissance (Information Gathering): The first phase, treated as passive attacks.

2. Scanning and Scrutinizing: Checking the validity of gathered information and
identifying existing vulnerabilities.
3. Launching an Attack: Gaining and maintaining access to the system.

1 Reconnaissance (Reconnaissance)
❖ The literal meaning of reconnaissance is the act of finding something or somebody,
especially to gain information about an enemy or potential enemy.
❖ In hacking, the reconnaissance phase begins with Footprinting – preparation toward the
pre-attack phase, which involves accumulating data about the target’s environment and
computer architecture to find intrusion points.
❖ Footprinting provides an overview of system vulnerabilities and helps judge possible
exploitation.
❖ The objective is to understand the system, networking ports, services, and other security
aspects.
❖ An attacker gathers information in two ways: passive and active attacks.

Prof. Prasad Patil

Department of Computer Applications, Cyber Security (24EBCE301), BCA 5th sem
KLE Technological University,
Belagavi.
Cyber Security Unit-1 (Chapter-1) – Introduction to Cybercrime, Cyber offences 11

2 Passive Attacks
A passive attack involves gathering information about a target without their knowledge.
✓ Examples:
✓ Google or Yahoo search – to locate employee information.
✓ Surfing community groups (e.g., Orkut/Facebook) – to gain personal details.
✓ Organization’s website – may provide directories, contact details, or email
addresses useful for social engineering attacks.
✓ Blogs, newsgroups, and press releases – used to gather company or employee
information.
✓ Job postings – may reveal technologies (servers, devices) used by a company.

3 Active Attacks
Active attacks involve probing the network to confirm details (IP addresses, OS type/version,
services) gathered during passive attacks. This process involves the risk of detection. Also
called “Rattling the Doorknobs” or Active Reconnaissance. It helps attackers confirm security
measures (e.g., whether the “front door” is locked). However, it increases the chance of being
caught or raising suspicion.

4 Scanning and Scrutinizing Gathered Information

Objectives of scanning:
1. Port Scanning: Identify open/closed ports and services.
2. Network Scanning: Understand IP addresses and related details about network
systems.
3. Vulnerability Scanning: Detect existing weaknesses in the system.

5 Attack (Gaining and Maintaining System Access)

After scanning and enumeration, the attacker launches the attack through these steps:
1. Crack the password.
2. Exploit privileges.
3. Execute malicious commands/applications.
4. Hide files (if required).
5. Cover tracks – delete access logs to erase evidence of illicit activity.

Social Engineering
❖ Social engineering is the “technique to influence” and “persuasion to deceive” people to
obtain information or to perform some action.
❖ Social engineers exploit the natural tendency of people to trust, rather than exploiting
computer security holes.
❖ It is generally agreed that people are the weakest link in security, and this makes social
engineering possible.
❖ A social engineer usually uses telecommunication (telephone/mobile) or the Internet to
trick people into doing something against the organization’s security practices/policies.
❖ Social engineering involves gaining sensitive information or unauthorized access
privileges by building inappropriate trust relationships with insiders.
❖ It is an art of exploiting trust while speaking in a normal & convincing manner. The
goal is to fool someone into providing valuable information or access.
❖ Social engineers study human behaviour – exploiting the desire to help, the tendency to
trust, or the fear of getting into trouble.
❖ A successful social engineer obtains information without raising suspicion.

Prof. Prasad Patil

Department of Computer Applications, Cyber Security (24EBCE301), BCA 5th sem
KLE Technological University,
Belagavi.
Cyber Security Unit-1 (Chapter-1) – Introduction to Cybercrime, Cyber offences 12

Example:
A caller pretending to be from Tech Support convinces Mr. Joshi to share his username and
password by claiming that files are being moved on the server. Mr. Joshi unknowingly shares
his credentials, believing it to be a genuine request.

Classification of Social Engineering

A. Human-Based Social Engineering
Person-to-person interaction to extract information.
1. Impersonating an employee or valid user:
Pretending to be an insider, asking for directions, or claiming to have forgotten a
badge.
2. Posing as an important user:
Pretending to be a CEO or senior manager to pressure lower-level staff for access.
3. Using a third person:
Claiming authorization from someone unavailable (e.g., on vacation).
4. Calling technical support:
Help desk staff are trained to be helpful, making them easy targets.
5. Shoulder surfing:
Observing someone’s screen or keyboard to steal usernames or passwords.
6. Dumpster diving:
Searching trash for useful information (printouts, notes, etc.). Also called
dumpstering, binning, trashing, scavenging. UK terms: “binning/skipping”;
person is called a “binner/skipper”.

B. Computer-Based Social Engineering

Attempts made using computers or the Internet.
1. Fake E-Mails (Phishing):
* Attacker sends fraudulent emails that look legitimate.
* Used to steal usernames, passwords, or financial details.
* Common targets: banks, financial institutions, payment gateways.
* Often redirect users to a fake website mimicking the original.
* Term “Phishing” coined in 1996 by hackers stealing AOL accounts.

2. E-Mail Attachments:
* Malicious files disguised as harmless documents.
* Can contain viruses, worms, or Trojans (e.g., keyloggers).

3. Pop-Up Windows:
* Fake pop-ups offering “free stuff” or “special deals” to trick users into installing
malicious software.

Prof. Prasad Patil

Department of Computer Applications, Cyber Security (24EBCE301), BCA 5th sem
KLE Technological University,
Belagavi.
Cyber Security Unit-1 (Chapter-1) – Introduction to Cybercrime, Cyber offences 13

Cyberstalking
❖ The dictionary meaning of “stalking” is an “act or process of following prey stealthily –
trying to approach somebody or something.”
❖ Cyberstalking has been defined as the use of information and communications
technology, particularly the Internet, by an individual or group of individuals to harass
another individual, group of individuals, or organization.
❖ The behavior includes:
✓ False accusations
✓ Monitoring
✓ Transmission of threats
✓ ID theft
✓ Damage to data or equipment
✓ Solicitation of minors for sexual purposes
✓ Gathering information for harassment purposes
❖ Cyberstalking refers to the use of Internet and/or other electronic communications
devices to stalk another person.
❖ It involves harassing or threatening behaviour that an individual will conduct
repeatedly, for example:
✓ Following a person
✓ Visiting a person’s home and/or at business place
✓ Making phone calls
✓ Leaving written messages
✓ Vandalizing against the person’s property
❖ As the Internet has become an integral part of our personal and professional lives,
cyberstalkers take advantage of ease of communication and an increased access to
personal information available with a few mouse clicks or keystrokes.

Types of Stalkers
There are primarily two types of stalkers:
1. Online stalkers:
❖ They aim to start the interaction with the victim directly with the help of the Internet.
❖ E-Mail and chat rooms are the most popular communication medium to get connected
with the victim, rather than using traditional instrumentation like telephone/cell phone.
❖ The stalker makes sure that the victim recognizes the attack attempted on him/her.
❖ The stalker can make use of a third party to harass the victim.
2. Offline stalkers:
❖ The stalker may begin the attack using traditional methods such as following the victim,
watching the daily routine of the victim, etc.
❖ Searching on message boards/newsgroups, personal websites, and people finding
services or websites are most common ways to gather information about the victim
using the Internet.
❖ The victim is not aware that the Internet has been used to perpetuate an attack against
them.

Cases Reported on Cyberstalking

❖ The majority of cyberstalkers are men and the majority of their victims are women.
❖ Some cases also have been reported where women act as cyberstalkers and men as the
victims as well as cases of same-sex cyberstalking.
❖ In many cases, the cyberstalker and the victim hold a prior relationship, and the
cyberstalking begins when the victim attempts to break off the relationship, for
example, ex-lover, ex-spouse, boss/subordinate, and neighbor.
❖ However, there also have been many instances of cyberstalking by strangers.

Prof. Prasad Patil

Department of Computer Applications, Cyber Security (24EBCE301), BCA 5th sem
KLE Technological University,
Belagavi.
Cyber Security Unit-1 (Chapter-1) – Introduction to Cybercrime, Cyber offences 14

How Stalking Works?

It is seen that stalking works in the following ways:
1. Personal information gathering about the victim: Name; family background; contact
details such as cell phone and telephone numbers (of residence as well as office);
address of residence as well as of the office; E-Mail address; date of birth, etc.
2. Establish a contact with victim through telephone/cell phone. Once the contact is
established, the stalker may make calls to the victim to threaten/harass.
3. Stalkers will almost always establish a contact with the victims through E-Mail. The
letters may have the tone of loving, threatening or can be sexually explicit. The stalker
may use multiple names while contacting the victim.
4. Some stalkers keep on sending repeated E-Mails asking for various kinds of favors or
threaten the victim.
5. The stalker may post the victim’s personal information on any website related to illicit
services such as sex-workers’ services or dating services, posing as if the victim has
posted the information and invite the people to call the victim on the given contact
details (telephone numbers/cell phone numbers/E-Mail address) to have sexual services.
The stalker will use bad and/or offensive/attractive language to invite the interested
persons.
6. Whosoever comes across the information, start calling the victim on the given contact
details (telephone/cell phone nos), asking for sexual services or relationships.
7. Some stalkers subscribe/register the E-Mail account of the victim to innumerable
pornographic and sex sites, because of which victim will start receiving such kind of
unsolicited E-Mails.

Real-Life Incident of Cyberstalking

Case Study
The Indian police have registered first case of cyberstalking in Delhi – the brief account of the
case has been mentioned here. To maintain confidentiality and privacy of the entities involved,
we have changed their names.
❖ Mrs. Joshi received almost 40 calls in 3 days mostly at odd hours from as far away as
Kuwait, Cochin, Bombay, and Ahmadabad.
❖ The said calls created havoc in the personal life destroying mental peace of Mrs. Joshi
who decided to register a complaint with Delhi Police.
❖ A person was using her ID to chat over the Internet at the website www.mirc.com,
mostly in the Delhi channel for four consecutive days.
❖ This person was chatting on the Internet, using her name and giving her address, talking
in obscene language.
❖ The same person was also deliberately giving her telephone number to other chatters
encouraging them to call Mrs. Joshi at odd hours.
❖ This was the first time when a case of cyberstalking was registered.
❖ Cyberstalking does not have a standard definition but it can be defined to mean
threatening, unwarranted behavior, or advances directed by one person toward another
person using Internet and other forms of online communication channels as medium.

Prof. Prasad Patil

Department of Computer Applications, Cyber Security (24EBCE301), BCA 5th sem
KLE Technological University,
Belagavi.
Cyber Security Unit-1 (Chapter-1) – Introduction to Cybercrime, Cyber offences 15

Cybercafe and Cybercrimes

❖ In February 2009, Nielsen survey on the profile of cybercafes users in India, it was
found that 90% of the audience, across eight cities and 3,500 cafes, were male and in
the age group of 15–35 years; 52% were graduates and postgraduates, though almost
over 50% were students.
❖ Hence, it is extremely important to understand the IT security and governance practiced
in the cybercafes.
❖ In the past several years, many instances have been reported in India, where cybercafes
are known to be used for either real or false terrorist communication.
❖ Cybercrimes such as stealing of bank passwords and subsequent fraudulent withdrawal
of money have also happened through cybercafes.
❖ Cybercafes have also been used regularly for sending obscene mails to harass people.
❖ Public computers, usually referred to the systems, available in cybercafes, hold two
types of risks:
1. We do not know what programs are installed on the computer – that is, risk of
malicious programs such as keyloggers or Spyware, which may be running at
the background that can capture the keystrokes to know the passwords and other
confidential information and/or monitor the browsing behavior.
2. Over-the-shoulder surfing can enable others to find out your passwords.
Therefore, one has to be extremely careful about protecting his/her privacy on
such systems, as one does not know who will use the computer after him/her.
❖ Indian Information Technology Act (ITA) 2000 does not define cybercafes and
interprets cybercafes as “network service providers” referred to under the Section 79,
which imposed on them a responsibility for “due diligence” failing which they would
be liable for the offenses committed in their network.
❖ Cybercriminals prefer cybercafes to carry out their activities.
❖ The criminals tend to identify one particular personal computer (PC) to prepare it for
their use.
❖ Cybercriminals can either install malicious programs such as keyloggers and/or
Spyware or launch an attack on the target.
❖ Cybercriminals will visit these cafes at a particular time and on the prescribed
frequency, maybe alternate day or twice a week.

Survey Findings in Metropolitan Cities of India

1. Pirated software(s) such as OS, browser, office automation software(s) (e.g., Microsoft
Office) are installed in all the computers.
2. Antivirus software is found to be not updated to the latest patch and/or antivirus
signature.
3. Several cybercafes had installed the software called “Deep Freeze” for protecting the
computers from prospective malware attacks. Deep Freeze can wipe out the details of
all activities carried out on the computer when one clicks on the “restart” button. Such
practices present challenges to the police or crime investigators when they visit the
cybercafes to pick up clues after the Internet Service Provider (ISP) points to a
particular IP address from where a threat mail was probably sent or an online Phishing
attack was carried out, to retrieve logged files.
4. Annual maintenance contract (AMC) found to be not in a place for servicing the
computers; hence, hard disks for all the computers are not formatted unless the
computer is down. Not having the AMC is a risk from cybercrime perspective because
a cybercriminal can install a Malicious Code on a computer and conduct criminal
activities without any interruption.
5. Pornographic websites and other similar websites with indecent contents are not
blocked.
Prof. Prasad Patil
Department of Computer Applications, Cyber Security (24EBCE301), BCA 5th sem
KLE Technological University,
Belagavi.
Cyber Security Unit-1 (Chapter-1) – Introduction to Cybercrime, Cyber offences 16

6. Cybercafe owners have very less awareness about IT Security and IT Governance.
7. Government/ISPs/State Police (cyber cell wing) do not seem to provide IT Governance
guidelines to cybercafe owners.
8. Cybercafe association or State Police (cyber cell wing) do not seem to conduct periodic
visits to cybercafes – one of the cybercafe owners whom we interviewed expressed a
view that the police will not visit a cybercafe unless criminal activity is registered by
filing an First Information Report (FIR). Cybercafe owners feel that police either have a
very little knowledge about the technical aspects involved in cybercrimes and/or about
conceptual understanding of IT security. There are thousands of cybercafes across
India.

Tips for Safety and Security in Cybercafes

1. Always logout
2. Stay with the computer
3. Clear history and temporary files
4. Be alert
5. Avoid online financial transactions
6. Change passwords
7. Use Virtual keyboard
8. Security warnings

Botnets: The Fuel for Cybercrime

Botnet
❖ The dictionary meaning of Bot is “(computing) an automated program for doing some
particular task, often over a network.”
❖ Botnet is a term used for collection of software robots, or Bots, that run autonomously
and automatically.
❖ The term is often associated with malicious software but can also refer to the network of
computers using distributed computing software.
❖ In simple terms, a Bot is simply an automated computer program. One can gain the
control of computer by infecting them with a virus or other Malicious Code that gives the
access.
❖ Computer system may be a part of a Botnet even though it appears to be operating
normally.
❖ Botnets are often used to conduct a range of activities, from distributing Spam and viruses
to conducting denial-of-service (DoS) attacks.
❖ A Botnet (also called as zombie network) is a network of computers infected with a
malicious program that allows cybercriminals to control the infected machines remotely
without the users’ knowledge.
❖ “Zombie networks” have become a source of income for entire groups of cybercriminals.
❖ The invariably low cost of maintaining a Botnet and the ever-diminishing degree of
knowledge required to manage one are conducive to the growth in popularity and,
consequently, the number of Botnets.
❖ If someone wants to start a “business” and has no programming skills, there are plenty of
“Bot for sale” offers on forums.
❖ ‘Encryption of these programs’ code can also be ordered in the same way to protect them
from detection by antivirus tools.
❖ Another option is to steal an existing Botnet. Figure 2.8 explains how Botnets create
business.
❖ One can reduce the chances of becoming part of a Bot by limiting access into the system.
❖ Leaving your Internet connection ON and unprotected is just like leaving the front door
of the house wide open.
Prof. Prasad Patil
Department of Computer Applications, Cyber Security (24EBCE301), BCA 5th sem
KLE Technological University,
Belagavi.
Cyber Security Unit-1 (Chapter-1) – Introduction to Cybercrime, Cyber offences 17

Steps to Secure the System

1. Use antivirus and anti-Spyware software and keep it up-to-date
2. Set the OS to download and install security patches automatically
3. Use a firewall to protect the system from hacking attacks while it is connected on the
Internet: A firewall is a software and/or hardware that is designed to block unauthorized
access while permitting authorized communications.
4. Disconnect from the Internet when you are away from your computer
5. Downloading the freeware only from websites that are known and trustworthy
6. Check regularly the folders in the mail box – “sent items” or “outgoing” – for those
messages you did not send
7. Take an immediate action if your system is infected

Proliferation of Mobile and Wireless Devices

Advancements in technology have drastically transformed mobile and wireless devices. The
trend has consistently been toward smaller devices with higher processing power. Earlier, users
had to choose between a simple PDA and a wireless phone, but now the options include
smartphones, tablets, and high-end PDAs with integrated web capabilities.
A basic handheld mobile device today can perform multiple tasks such as running applications,
browsing the web, playing music and videos, and making voice calls.
Key Distinctions
❖ Mobile Computing: The ability to carry a computer and necessary files/software into
the field.
❖ Wireless Computing: A mode of communication that transfers information without
physical connections (e.g., Wi-Fi, Bluetooth, lasers). Not all wireless communication is
mobile.
❖ Handheld Devices: Pocket-sized gadgets (e.g., PDAs, smartphones) with connectivity
and software-installation capabilities.

Mobile computing may or may not use wireless technology. However, most modern mobile
applications rely on wireless networks.
Types of Mobile Devices
1. Portable Computer – General-purpose, movable but not usable in transit (requires
setup and power).
2. Tablet PC – Touchscreen-based, stylus-enabled, handwriting recognition, limited for
typing-heavy tasks.
3. Internet Tablet – Lightweight internet device with basic apps (browser, media player,
chat).
4. PDA (Personal Digital Assistant) – Pocket-sized device syncing with desktop for
contacts, notes, and email.
5. Ultramobile PC – Small but fully functional computer with a general OS.
6. Smartphone – PDA + mobile phone, supports apps and internet access.
7. Carputer – In-car computing system with GPS, multimedia, word processing, and
Bluetooth.
8. Pentop Computer – Pen-shaped device functioning as a writing tool, translator,
calculator, MP3 player, and storage device.

Prof. Prasad Patil

Department of Computer Applications, Cyber Security (24EBCE301), BCA 5th sem
KLE Technological University,
Belagavi.
Cyber Security Unit-1 (Chapter-1) – Introduction to Cybercrime, Cyber offences 18

Trends in Mobile Computing

Mobile computing is now moving into 3rd Generation (3G) and beyond. Devices like the
iPhone and Android smartphones exemplify this shift. These technologies promise:
❖ Broader applications,
❖ Faster connectivity,
❖ Better usability.
Unfortunately, attackers have also adapted, leading to an increase in mobile-targeted
cybercrimes.

Common Mobile Attacks

1. Malware (Viruses, Worms, Trojans)
✓ Skull Trojan: Attacks Symbian OS (Series 60 phones).
✓ Cabir Worm: Spreads via Bluetooth on Symbian phones.
✓ Mosquito Trojan: Disguised as a cracked game.
✓ Brador Trojan: Targets Windows CE, enabling remote control.
✓ Lasco Worm: Bluetooth worm, based on Cabir source code.
2. Denial of Service (DoS) – Makes mobile devices/services unavailable.
3. Overbilling Attacks – Hijacking user IP addresses to run paid downloads, billing the
real subscriber.
4. Spoofed PDP (Policy Development Process) – Exploiting vulnerabilities in GPRS
Tunneling Protocol.
5. Signaling-Level Attacks – Exploiting weaknesses in SIP-based VoIP systems.

Credit Card Frauds in Mobile & Wireless Era

With the rise of mobile commerce (M-Commerce) and mobile banking (M-Banking), credit
card frauds have escalated. Smartphones and mobile POS (Point-of-Sale) technologies enable
convenient payments but also expose users to risks.

Preventive Measures
Do’s
✓ Sign your card immediately.
✓ Photocopy card details and keep them safe.
✓ Change default PIN before first use.
✓ Carry emergency bank contact numbers.
✓ Keep cards separate from your wallet.
✓ Track your card during transactions.
✓ Preserve and reconcile receipts with statements.
✓ Report discrepancies or lost cards immediately.
✓ Ensure websites are legitimate before entering card details.

Don’ts
❖ Don’t store PINs or card numbers in your phone.
❖ Don’t lend your card.
❖ Don’t leave receipts unattended.
❖ Don’t sign blank receipts.
❖ Don’t disclose card details on calls unless verified.
❖ Don’t just throw receipts in bins—destroy them securely.

Prof. Prasad Patil

Department of Computer Applications, Cyber Security (24EBCE301), BCA 5th sem
KLE Technological University,
Belagavi.
Cyber Security Unit-1 (Chapter-1) – Introduction to Cybercrime, Cyber offences 19

Modern Fraud Techniques

1. Traditional Methods
❖ Identity Theft: Pretending to be someone else.
❖ Financial Fraud: Falsifying financial status to obtain credit.
2. Advanced Methods
❖ Triangulation Fraud
✓ Criminal creates a fake e-commerce site offering discounts.
✓ Customer enters details and places order.
✓ Fraudster uses stolen card data to order real goods from legitimate sites,
shipped to customer.
✓ Criminal profits until site is abandoned.
❖ Credit Card Generators
✓ Software that produces valid card numbers and expiry dates.
✓ Widely available online and misused for fraudulent purchases.

Prof. Prasad Patil

Department of Computer Applications, Cyber Security (24EBCE301), BCA 5th sem
KLE Technological University,
Belagavi.
Cyber Security Unit-1 (Chapter-1) – Introduction to Cybercrime, Cyber offences 20

Security Challenges Posed by Mobile Devices

1. Cryptographic Security for Mobile Devices

1. CGA (Cryptographically Generated Address)
❖ Think of it like giving your phone or device a unique "digital home address" on
the internet.
❖ Instead of just randomly picking this address, it’s generated using cryptography
basically, your address is created by running your public key (a kind of digital
identity) through a mathematical "hash" function.
❖ This way, only the person who has the matching private key can prove they own
that address.

2. Why use CGA?

❖ Security: Prevents others from faking your address.
❖ Authentication: You can prove "this is really me" without needing extra
infrastructure (like a big security server).
❖ Applications:
▪ Protecting IP-level communication in IPv6
▪ Securely finding other devices (neighbour discovery)
▪ Exchanging keys for encryption in mobile protocols

From the Diagram – Push Attack on Mobile Devices

The diagram is showing how an attacker can infect devices and use them to create a DDoS
(Distributed Denial-of-Service) attack.

Step-by-step:
1. Attacker launches attack
❖ They use a rogue ad hoc network — basically a fake wireless connection —
over Wi-Fi (802.11), Bluetooth, or infrared.

Prof. Prasad Patil

Department of Computer Applications, Cyber Security (24EBCE301), BCA 5th sem
KLE Technological University,
Belagavi.
Cyber Security Unit-1 (Chapter-1) – Introduction to Cybercrime, Cyber offences 21

2. Infecting devices (Worm/Zombie)

❖ The attacker sends a worm (self-spreading malicious software) to devices like:
▪ Pocket PC / Mobile Devices
▪ Desktop PCs
❖ Once infected, these devices become zombies — they now obey the attacker’s
commands.
3. Spreading infection
❖ The infected devices send the worm to other devices in the victim’s contact list.
❖ More and more devices become zombies.
4. DDoS attack
❖ All infected zombies flood a target server (e.g., a company’s website) with
massive amounts of fake requests.
❖ This overloads the server, making it crash or become unavailable to real users.

Key Terms in Simple Words:

❖ Worm: A malicious program that spreads itself without needing you to click anything.
❖ Zombie: An infected device controlled remotely by the attacker.
❖ DDoS: Many devices attacking one target at the same time to overload it.
❖ Rogue ad hoc network: A fake wireless network set up to trick devices into
connecting.

2. LDAP Security for Hand-Held Mobile Computing Devices

❖ DAP (Lightweight Directory Access Protocol) is like a phonebook for a network.

❖ It’s a software protocol that helps people find and use resources on a network — for
example: Files, Devices, Users
❖ These resources could be on:
✓ The public internet
✓ The organization’s private network (intranet)
❖ In a network, a “directory” is basically a database telling you where something is (like
where a file is stored or which server has a certain service).
❖ LDAP is lightweight, meaning it’s smaller and faster compared to heavy directory
systems.

The Diagram – Pull Attack on Mobile Devices

Prof. Prasad Patil

Department of Computer Applications, Cyber Security (24EBCE301), BCA 5th sem
KLE Technological University,
Belagavi.
Cyber Security Unit-1 (Chapter-1) – Introduction to Cybercrime, Cyber offences 22

This shows how hackers steal data using rogue wireless access points.

Step-by-step:

1. Legitimate Access Point

❖ This is your normal, safe Wi-Fi router (e.g., in your office or home).
❖ It doesn’t know an attack is happening.

2. Rogue Access Point (Hacker’s fake Wi-Fi)

❖ The attacker sets up a fake Wi-Fi hotspot.
❖ Devices (like Pocket PCs or laptops) might connect to it — either accidentally
or because the attacker tricks them.
❖ This rogue access point records all traffic emails, passwords, files even if it’s
WEP encrypted (a weak security type).

3. Rogue Peer
❖ Another attacker device connected to the same network.
❖ It looks for open ports (ways into your device).
❖ It copies files from your device — emails, passwords, enterprise data.

4. Pocket PC Device
❖ Holds sensitive stuff like: Credentials (username/password), Personal data,
Work documents.
❖ Once it’s connected to the rogue network, this data can be stolen.

Key Idea: This is called a Pull Attack because the attacker “pulls” the data from your device
without you sending it intentionally — they just grab it from your network traffic or open ports.

3. Authentication Service Security:

There are two components of security in mobile computing: security of devices and security in
networks. A secure network access involves authentication between the device and the base
stations or Web servers. This is to ensure that only authenticated devices can be connected to
the network for obtaining the requested services. No Malicious Code can impersonate the
service provider to trick the device into doing something it does not mean to. Thus, the
networks also play a crucial role in security of mobile devices. Some eminent kinds of attacks
to which mobile devices are subjected to are: push attacks, pull attacks and crash attacks.
Authentication services security is important given the typical attacks on mobile devices
through wireless networks: Dos attacks, traffic analysis, eavesdropping, man-in-the-middle
attacks and session hijacking. Security measures in this scenario come from Wireless
Application Protocols (WAPs), use of VPNs, media access control (MAC) address filtering and
development in 802.xx standards.
4. Media Player Control Security
2. Young people use their phones and other devices for music, videos, and entertainment a
lot.
3. But this can be risky because hackers can use these features to attack the device.
4. Example: In 2002, Microsoft warned that its Windows Media Player had security flaws.
Hackers could take control of a computer through it — for example, open files or
control certain parts of the system.
5. In 2004, corrupt media/video files could trick people into downloading harmful content.
Prof. Prasad Patil
Department of Computer Applications, Cyber Security (24EBCE301), BCA 5th sem
KLE Technological University,
Belagavi.
Cyber Security Unit-1 (Chapter-1) – Introduction to Cybercrime, Cyber offences 23

Possible dangers:
1. Open harmful websites without the user knowing.
2. Download and run dangerous code.
3. Crash the system or cause “buffer overflow” problems.
❖ The Windows registry stores settings for apps and devices. Hackers can change these
to control the Media Player.
❖ As mobile devices are more common in work life, the risk of such attacks increases.
People need to be ready with good security measures.

5. Networking API Security for Mobile Computing Applications

❖ With online shopping and mobile payments growing, hackers may target the systems
that handle payment gateways.
❖ APIs (Application Programming Interfaces) help apps talk to each other, but they can
also be a way for attackers to get in.
❖ Hackers may create small malicious apps for devices like phones, media players, or set-
top boxes.
❖ These attacks can target devices running Linux, Symbian, Windows Mobile, etc.
❖ The goal is to protect mobile devices and their software because they often handle
valuable and sensitive information.

Prof. Prasad Patil

Department of Computer Applications, Cyber Security (24EBCE301), BCA 5th sem
KLE Technological University,
Belagavi.