CYBER SECURITY

Submmited To: Submmited By:

Dr.V.Esther Jyothi ATHAULLA REHMAN
SHAIK
228W1F0003
1) Present the key provisions under the Indian IT Act 2000. in cyber security
A:
Cybercrime and the Indian ITA 2000:
• In India, the ITA 2000 was enacted after the United Nation General Assembly Resolution A/RES/51/162 in
January 30, 1997 by adopting the Model Law on Electronic Commerce adopted by the United Nations
Commission on International Trade Law.
• This was the first step toward the Law relating to E-Commerce at international level to regulate an
alternative form of commerce and to give legal status in the area of E-Commerce.
• It was enacted taking into consideration UNICITRAL model of Law on Electronic Commerce (1996).
8.1 Hacking and the Indian Law(s)
• Cybercrimes are punishable under two categories: the ITA 2000 and the IPC
• A total of 207 cases of cybercrime were registered under the IT Act in 2007 compared to 142 cases
registered in 2006. Under the IPC too, 339 cases were recorded in 2007 compared to 311 cases in 2006.
• There are some noteworthy provisions under the ITA 2000, which is said to be undergoing key changes
very soon.
• Cases of Spam, hacking, cyberstalking and E-Mail fraud are rampant and, although cybercrimes cells
have been set up in major cities, the problem is that most cases remain unreported due to a lack of awareness.
• In an environment like this, there are a number of questions in the minds of a commoner:
• CHAPTER XI of the original ITA 2000 lists a number of activities that may be taken to constitute
cybercrimes.
• This includes tampering with computer source code, hacking, publishing or transmitting any information in
electronic form that is lascivious, securing access to a protected system, and breach of confidentiality and
privacy. In the original ITA 2000, the following is stated under CHAPTER XI (Offences):
1. Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to
the public or any person destroys or deletes or alters any information residing in a computer resource or
diminishes its value or utility or affects it injuriously by any means, commits hack.
2. Whoever commits hacking shall be punished with imprisonment up to 3 years, or with fi ne which
may extend up to ` 2 lakhs (` 200,000), or with both.
• In the amendment to the IT Act 2000, now known as the ITA 2008, several offenses have been added to the
Act.
• The amendments have now revealed a whole bundle of surprises which will make the cybercrime police
jump. This section has now been expanded to include Sections
66A (offensive messages),
66B (receiving stolen computer),
66C (identity theft),
66D (impersonation),
66E (voyeurism) and 66F (cyberterrorism). Section 66F is a new section of the ITA 2008(recent
amendments to the Indian ITA 2000). It covers “Cyberterrorism” and makes it punishable with imprisonment
up to life term.
2)How do we classify cybercrimes? Explain each one in brief
A: Cybercrimes are classified as follows:
1)Cybercrime against individual
a. Electronic mail (E-Mail ) Spoofing and other online frauds:
• A spoofed E-Mail is one that appears to originate from one source but actually has been sent from
another source.
b. Online Frauds
• Online Scams. There are a few major types of crimes under the category of hacking:
• Spoofing website and E-Mail security alerts, false mails about virus threats, lottery frauds and
Spoofing.
• In Spoofing websites and E-Mail security threats, fraudsters create authentic looking websites that
are actually nothing but a spoof.
• The purpose of these websites is to make the user enter personal information which is then used to
access business and bank accounts.
c. Phishing, Spear Phishing and its various other forms such as Vishing and Smishing
• “Phishing” refers to an attack using mail programs to deceive or coax (lure) Internet users into
disclosing confidential information that can be then exploited for illegal purposes.
• “Spear Phishing” is a method of sending a Phishing message to a particular organization to gain
organizational information for more targeted social engineering.
• “Vishing” is the criminal practice of using social engineering over the telephone system, most often
using features facilitated by VoIP, to gain access to personal and financial information from the public for the
purpose of financial reward.
• “Smishing” is a criminal offense conducted by using social engineering techniques similar to
Phishing. The name is derived from “SMS PhISHING.” SMS – Short Message Service – is the text messages
communication component dominantly used into mobile phones.
 d. Spamming:
• People who create electronic Spam are called spammers.
• Spam is the abuse of electronic messaging systems (including most broadcast media, digital
delivery systems) to send unrequested bulk messages indiscriminately.
• Although the most widely recognized form of Spam is E-Mail Spam, the term is applied to
similar abuses in other media:
e. Cyber defamation:
• Cyberdefamation happens when the above takes place in an electronic form.
• In other words, “cyberdefamation” occurs when defamation takes place with the help of
computers and/or the Internet,
f. Cyberstalking and harassment:
• The dictionary meaning of “stalking” is an “act or process of following prey stealthily –
trying to approach somebody or something.”
• Cyberstalking has been defined as the use of information and communications technology,
particularly the Internet, by an individual or group of individuals to harass another individual, group of
individuals, or organization
g. Computer sabotage:
• The use of the Internet to stop the normal functioning of a computer system through the
introduction of worms, viruses or logic bombs, is referred to as computer sabotage.
• It can be used to gain economic advantage over a competitor, to promote the illegal
activities of terrorists or to steal data or programs for extortion purposes.
 h. Pornographic offenses:
• “Child pornography” means any visual depiction, including but not limited to the
following:
1. Any photograph that can be considered obscene and/or unsuitable for the age of child
viewer;
2. film, video, picture;
3. computer-generated image or picture of sexually explicit conduct where the production of
such visual depiction involves the use of a minor engaging in sexually explicit conduct.
i. Password sniffing:
• This also belongs to the category of cybercrimes against organization because the use of
password could be by an individual for his/her personal work or the work he/she is doing using a
computer that belongs to an organization.
2) Cybercrime against property :
a. Credit card frauds:
• Information security requirements for anyone handling credit cards have been increased
dramatically recently.
• Millions of dollars may be lost annually by consumers who have credit card and calling
card numbers stolen from online databases.
b. Intellectual property (IP) crimes:
Basically, IP crimes include
• software piracy,
• copyright infringement,
• trademarks violations,
• theft of computer source code, etc.
c. Internet time theft:
• Such a theft occurs when an unauthorized person uses the Internet hours paid for by
another person.
 3)Cybercrime against organization:
a. Unauthorized accessing of computer:
Hacking is one method of doing this and hacking is a punishable offense
b. Password sniffing:
• Password Sniffers are programs that monitor and record the name and password of network
users as they login, jeopardizing security at a site.
• Whoever installs the Sniffer can then impersonate an authorized user and login to access
restricted documents.
c. Denial-of-service attacks (known as DoS attacks):
• The goal of DoS is not to gain unauthorized access to systems or data, but to prevent
intended users (i.e., legitimate users) of a service from using it. A DoS attack may do the following:
• Virus attacks can be used to damage the system to make the system unavailable
• Computer virus is a program that can “infect” legitimate (valid) programs by modifying
them to include a possibly “evolved” copy of itself.
• Viruses spread themselves, without the knowledge
e. E-Mail bombing/mail bombs:
• E-Mail bombing refers to sending a large number of E-Mails to the victim to crash
victim’s E-Mail account (in the case of an individual) or to make victim’s mail servers crash (in the case
of a company or an E-Mail service provider).
 f. Salami attack/Salami technique:
• These attacks are used for committing financial crimes.
• The idea here is to make the alteration so insignificant that in a single case it
would go completely unnoticed;
g. Logic bomb:
• Logic bombs are event-dependent programs created to do something only when a
certain event (known as a trigger event) occurs.
• Some viruses may be termed as logic bombs because they lie dormant all through
the year and become active only on a particular date
h. Trojan Horse:
• Trojan Horses: A Trojan Horse, Trojan for short, is a term used to describe
malware that appears, to the user, to perform a desirable function but, in fact, facilitates
unauthorized access to the user’s computer system
i. Data diddling:
• A data diddling (data cheating) attack involves altering raw data just before it is
processed by a computer and then changing it back after the processing is completed.
• Electricity Boards in India have been victims to data diddling programs inserted
when private parties computerize their systems.
j. Crimes emanating from Usenet newsgroup: .
• As explained earlier, this is one form of spamming. The word “Spam” was
usually taken to mean Excessive Multiple Posting (EMP).
• The advent of Google Groups, and its large Usenet archive, has made Usenet
more attractive to spammers than ever.
 k. Industrial spying/industrial espionage:
• Spying is not limited to governments. Corporations, like governments, often spy on the
enemy.
• The Internet and privately networked systems provide new and better opportunities for
espionage.
l. Computer network intrusions:
• “Crackers” who are often misnamed “Hackers can break into computer systems from
anywhere in the world and steal data, plant viruses, create backdoors, insert Trojan Horses or change user
names and passwords.
m. Software piracy :
• This is a big challenge area indeed.
• Cybercrime investigation cell of India defines “software piracy” as theft of software through
the illegal copying of genuine programs or the counterfeiting and distribution of products intended to pass
for the original.
4) Cybercrime against Society :
a. Forgery
• Counterfeit currency notes, postage and revenue stamps, marksheets, etc. can be forged
using sophisticated computers, printers and scanners.
• Outside many colleges there are miscreants soliciting the sale of fake mark-sheets or even
degree certificates.
b. Cyberterrorism:
•Cyberterrorism is defined as “any person, group or organization who, with terrorist intent,
utilizes accesses or aids in accessing a computer or computer network or electronic system or electronic
device by any available means
c. Web jacking:
• Web jacking occurs when someone forcefully takes control of a website.
3)State and explain the kinds of attacks on mobile/cell phone with examples?
A:Attacks on Mobile/Cell Phones:
Mobile Phone Theft :
• Mobile phones have become an integral part of everbody’s life and the mobile phone has
transformed from being a luxury to a bare necessity.
• Theft of mobile phones has risen dramatically over the past few years.
• Since huge section of working population in India use public transport, major locations where
theft occurs are bus stops, railway stations and traffic signals.
• Many Insurance Companies have stopped offering Mobile Theft Insurance due to a large
number of false claims.
• The following factors contribute for outbreaks on mobile devices:
1. Enough target terminals: Enough terminals or more devices to attack.
2. Enough functionality: The expanded functionality i.e., office functionality and
applications also increases the probability of malware.
3.Enough connectivity: Smartphones offer multiple communication options, such as
SMS, MMS, synchronization, Bluetooth, infrared (IR) and WLAN connections.
Mobile Viruses :
• A mobile virus is similar to a computer virus that targets mobile phone data or
applications/software installed in it.
• Virus attacks on mobile devices are no longer an exception or proof-of-concept nowadays.
• In total, 40 mobile virus families and more than 300(+) mobile viruses have been identified.
• First mobile virus was identified in 2004 and it was the beginning to understand that mobile
devices can act as vectors to enter the computer network.
• Mobile viruses get spread through two dominant communication protocols – Bluetooth and
MMS.
 Following are some tips to protect mobile from mobile malware attacks:
1. Download or accept programs and content (including ring tones, games, video clips and
photos) only from a trusted source.
2. If a mobile is equipped with Bluetooth, turn it OFF or set it to non-discoverable mode
when it is not in use and/or not required to use.
Mishing:
• Mishing is a combination of mobile and Phishing.
• Mishing attacks are attempted using mobile phone technology.
• M-Commerce is fast becoming a part of everyday life. If you use your mobile phone for
purchasing goods/services and for banking, you could be more vulnerable to a Mishing scam.
• A typical Mishing attacker uses call termed as Vishing or message (SMS) known as Smishing.

Vishing:
• Vishing is the criminal practice of using social engineering over the telephone system, most
often using features facilitated by VoIP, to gain access to personal and financial information from the public
for the purpose of financial reward.
• The term is a combination of V – voice and Phishing.
• Vishing is usually used to steal credit card numbers or other related data used in ID theft
schemes from individuals.
The most profitable uses of the information gained through a Vishing attack include:
1. ID theft;
2. purchasing luxury goods and services;
3. transferring money/funds;
4. monitoring the victims’ bank accounts;
 Smishing:
• Smishing is a criminal offense conducted by using social engineering techniques similar to
Phishing.
• The name is derived from “SMS PhISHING.”
• SMS can be abused by using different methods and techniques other than information
gathering under cybercrime.
Hacking Bluetooth :
• Bluetooth is an open wireless technology standard used for communication (i.e., exchanging
data) over short distances (i.e., using short length radio waves) between fixed and/or mobile device.
• Bluetooth is a short-range wireless communication service/technology that uses the 2.4- GHz
frequency range for its transmission/communication.
emerged as Bluetooth-specific security issues.
1. Bluejacking: It means Bluetooth + Jacking where Jacking is short name for hijack – act
of taking over something. Bluejacking is sending unsolicited messages over Bluetooth to Bluetooth-
enabled devices such as mobile phones, PDAs or computers
2. Bluesnarfing: It is the unauthorized access from a wireless device through a Bluetooth
connection between cell phones, PDAs and computers
3. Bluebugging: It allows attackers to remotely access a user’s phone and use its features
without user’s attention.
4. Car Whisperer: It is a piece of software that allows attackers to send audio to and receive
audio from a Bluetooth-enabled car stereo.
4)Present the operating guidelines for implementing mobile device security policies in an organization?
A:. Organizational Security Policies and Measures in Mobile Computing Era :
Importance of Security Policies relating to Mobile Computing Devices
• Growth of mobile devices used makes the cybersecurity issue harder than what we would
tend to think.
• People (especially, the youth) have grown so used to their mobiles that they are treating
them like wallets!
• For example, people are storing more types of confidential information on mobile
computing devices than their employers or they themselves know; they listen to music using their hand-held
devices
• One should think about not to keep credit card and bank account numbers, passwords,
confidential E-Mails and strategic information about organization.
• Imagine the business impact if mobile or laptop was lost or stolen, revealing sensitive
customer data such as credit reports, social security numbers (SSNs) and contact information. Operating
Guidelines for Implementing Mobile Device Security Policies
• Through the following steps we can reduce the risk when mobile device lost or stolen
1. Determine whether the employees in the organization need to use mobile
computing devices or not.
2. Implement additional security technologies like strong encryption, device
passwords and physical locks.

Operating Guidelines for Implementing Mobile Device Security Policies :

• Through the following steps we can reduce the risk when mobile device lost or stolen
1. Determine whether the employees in the organization need to use mobile computing
devices or not.
2. Implement additional security technologies like strong encryption, device passwords
and physical locks.
 3. Standardize the mobile computing devices and the associated security tools being used with
them.
4. Develop a specific framework for using mobile computing devices.
5. Maintain an inventory so that you know who is using what kinds of devices.
6. Establish patching procedures for software on mobile devices.
7. Label the devices and register them with a suitable service.
8. Establish procedures to disable remote access for any mobile.
9. Remove data from computing devices that are not in use
10. Provide education and awareness training to personnel using mobile devices.
5)Assess the types or levels of DoS attacks?
A:Types or Levels of DoS Attacks:
There are several types or levels of DoS attacks as follows:
1. Flood attack: This is the earliest form of DoS attack and is also known as ping food. It is based
on an attacker simply sending the victim overwhelming number of ping packets, usually by using the “ping”
command, which result into more traffic than the victim can handle.
2. Ping of death attack: The ping of death attack sends oversized Internet Control Message
Protocol (ICMP) packets, and it is one of the core protocols of the IP Suite. It is mainly used by networked
computers’ OSs to send error messages indicating (e.g., that a requested service is not available or that a host
or router could not be reached) datagrams (encapsulated in IP packets) to the victim.
3. SYN attack: It is also termed as TCP SYN Flooding. In the TCP, handshaking of network
connections is done with SYN and ACK messages. An attacker initiates a TCP connection to the server with
an SYN. The server replies with an SYN-ACK. The client then does not send back an ACK, causing the
server to allocate memory for the pending connection and wait. This fills up the buffer space for SYN
messages on the target system, preventing other systems on the network from communicating with the target
system.
4. Teardrop attack: The teardrop attack is an attack where fragmented packets are forged to
overlap each other when the receiving host tries to reassemble them. IP’s packet fragmentation algorithm is
used to send corrupted packets to confuse the victim and may hang the system. Th is attack can crash various
OSs due to a bug in their TCP/IP fragmentation reassembly code.
5. Smurf attack: This is a type of DoS attack that floods a target system via spoofed broadcast ping
messages. This attack consists of a host sending an echo request (ping) to a network broadcast address.
6. Nuke: Nuke is an old DoS attack against computer networks consisting of fragmented or invalid
packets sent to the target.
6)How can keyloggers be used to commit a cybercrime?
A:Keyloggers :
• Keystroke logging, often called keylogging, is the practice of noting (or logging) the keys struck
on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that such actions
are being monitored.
• Keystroke logger or keylogger is quicker and easier way of capturing the passwords and
monitoring the victims’ IT savvy behavior. It can be classified as software keylogger and hardware keylogger.
Software Keyloggers :
• Software keyloggers are software programs installed on the computer systems which usually are
located between the OS and the keyboard hardware, and every keystroke is recorded.
• Software keyloggers are installed on a computer system by Trojans or viruses without the
knowledge of the user.
• Cybercriminals always install such tools on the insecure computer systems available in public
places (i.e., cybercafés, etc) and can obtain the required information about the victim very easily.
• A keylogger usually consists of two files that get installed in the same directory: a dynamic link
library (DLL) file and an EXEcutable (EXE) file that installs the DLL file and triggers it to work. DLL does
all the recording of keystrokes.
Hardware Keyloggers:
• Hardware keyloggers are small hardware devices.
• These are connected to the PC and/or to the keyboard and save every keystroke into a file or in the
memory of the hardware device.
• Cybercriminals install such devices on ATM machines to capture ATM Cards’ PINs.
• Each keypress on the keyboard of the ATM gets registered by these keyloggers.
• These keyloggers look like an integrated part of such systems; hence, bank customers are unaware of
their presence.
Antikeylogger:
• Antikeylogger is a tool that can detect the keylogger installed on the computer system and also can
remove the tool. (Visit http://www.anti-keyloggers.com for more information)
Advantages of using antikeylogger are as follows:
1. Firewalls cannot detect the installations of keyloggers on the systems; hence, antikeyloggers can
detect installations of keylogger.
2. This software does not require regular updates of signature bases to work effectively such as other
antivirus and antispy programs; if not updated, it does not serve the purpose, which makes the users at risk.
3. Prevents Internet banking frauds. Passwords can be easily gained with the help of installing
keyloggers.
4. It prevents ID theft (we will discuss it more in Chapter 5).
5. It secures E-Mail and instant messaging/chatting.
7) Describe the specific challenges that exist in India with regard to the law and cybercrime scenario in
India.
A:Challenges to Indian Law and Cybercrime Scenario in India
The offenses covered under the Indian ITA 2000 include:
1. Tampering with the computer source code or computer source documents;
2. un-authorized access to computer (“hacking” is one such type of act);
3. publishing, transmitting or causing to be published any information in the electronic form
which is lascivious or which appeals to the prurient interest;
4. failure to decrypt information if the same is necessary in the interest of the sovereignty or
integrity of India, the security of the state, friendly relations with foreign state, public order or for preventing
incitement to the commission of any cognizable offense;
5. securing access or attempting to secure access to a protected system;
6. misrepresentation while obtaining, any license to act as a Certifying Authority (CA) or a
digital signature certificate;
7. breach of confidentiality and privacy;
8. publication of digital signature certificates which are false in certain particulars;
9. publication of digital signature certificates for fraudulent purposes.
These drawbacks prevent cybercrimes from being addressed in India.
• First, the difficulties/ drawbacks with most Indians not to report cybercrimes to the law enforcement
agencies because they fear it might invite a lot of harassment.
• Second, their awareness on cybercrime is relatively on the lower side.
• Another factor that contributes to the difficulty of cybercrime resolution is that the law
enforcement agencies in the country are neither well equipped nor knowledgeable enough about cybercrime.
• Most investigating officers with the Police force may be well equipped to fight cybercrime. We
need dedicated, continuous and updated training of the law enforcement agencies.
8) What is the purpose of X.509 digital certificate? And explain in detail.
A:
X.509 certificates are digital documents that are used to verify the identity of individuals, organizations, or
devices over the internet. They are widely used in various applications like secure email, web browsing, online
banking, and electronic transactions.
An X.509 certificate contains information about the certificate holder's identity, such as their
name, public key, digital signature, and the name of the certificate authority (CA) that issued the certificate.
The public key is used to encrypt messages, and the digital signature is used to verify that the message was sent
by the holder of the private key associated with the public key.
In other words, an X.509 certificate acts like a digital identity card that enables secure communication and
transaction between two parties. X.509 certificates are used for various purposes related to secure
communication and digital identity verification. Some of the most common uses of X.509 certificates include:
1.SSL/TLS Encryption: X.509 certificates establish secure communication between a web browser and a web
server. When you visit a website with "https" in the URL, the website uses SSL/TLS encryption, and X.509
certificates are used to authenticate the website and encrypt the communication between the browser and the
server.
2.Code Signing: X.509 certificates are used to digitally sign software code, ensuring that the code is from a
trusted source and has not been tampered with.
3.Email Security: X.509 certificates are used to provide secure email communication by encrypting email
messages and verifying the identity of the sender.
4.VPN Authentication: X.509 certificates are used to authenticate users in virtual private network (VPN)
connections.
5.Document Signing: X.509 certificates are used to sign electronic documents, providing assurance that the
document is from a trusted source and has not been modified since it was signed.
6.User Authentication: X.509 certificates are used to authenticate users in various applications, including
online banking, e-commerce, and other online services.
An X.509 certificate contains several pieces of information, including:
1.Version Number: The version number of the X.509 certificate.
2.Serial Number: A unique identifier assigned to the certificate by the issuer.
3.Signature Algorithm: The algorithm used to create the digital signature.
4.Issuer: The name of the organization or entity that issued the certificate.
5.Validity Period: The period during which the certificate is valid, including the start and end dates.
6.Subject: The name of the certificate holder or entity.
7.Public Key: The public key associated with the certificate holder.
8.Extensions: Additional information included in the certificate, such as the intended usage of the certificate,
the certificate revocation list (CRL), or other custom data.
9.Digital Signature: The digital signature created by the issuer to verify the authenticity of the certificate.
THANK YOU
Done By:
ATHAULLA REHMAN SHAIK