Documente Academic
Documente Profesional
Documente Cultură
About Presenter
Kandarp Shah has worked at a managerial position for leading Info security
consulting organization and has been engaged to provide advisory and
auditing services to customers across verticals for more than 10 years.
Shahkandarp(at)outlook.com
in.linkedin.com/in/kandarps/
Information Security and Cyber Crimes
Some of the possible preventive measures, one can take to avoid getting
victimized for a cyber crime
Introduction
Internet and smart Gadgets are now integral part of our lives
Cyber Laws
Cyber crime is a generic term that refers to all criminal activities done using the medium
of computers, the internet, cyber space and the worldwide web.
Cyber law is a term used to describe the legal issues related to use of communications
technology, particularly "cyberspace", i.e. the Internet. Cyber Law is represented by
Indian IT ACT 2008
Cyber Crime - Motivation
• Money
• Curiosity
• Revenge
• Fun
• Praise seekers
Cyber Crime – Upward Trends
Cyber crime controlled by IT ACT 2008 and respective IPC (constantly evolving)
Complete control of Govt agencies over information stored, processed and transmitted
over internet
Service providers like ISPs, email service providers, etc are liable to share information
with Govt agencies
Curiosity and Revenge may be primary reasons for a student to get motivated for a
cyber crime.
Most of the times, students are not aware about the implications of a cyber crime
Illustrations : -
1. The CEO of a software company in Pune (India) was arrested for sending highly
obscene emails to a former employee
1. A student of the Air Force Balbharati School, New Delhi, was teased by all his
classmates for having a pockmarked face, used a free hosting provider to create a
website
He regularly uploaded “morphed” photographs of teachers and girls from his
school onto the website. He was arrested when the father of one of the victims
reported the case to the police.
Common Scenarios - Identity Theft
Identity theft is a term used to refer to fraud that involves stealing money or getting
other benefits by pretending to be someone else.
Illustrations : -
1. An American national named Ken Haywood, whose most likely fault was, that his Wi-
Fi internet connection was hacked, and under the scanner for involvement in the
Ahmadabad terrorist attacks.
2. The biggest case of identity theft ever seen, took place in August of 2009. Eleven
people, including a US secret service informant, had been charged in connection with
the hacking of nine major retailers and the theft and sale of more than 41 million credit
and debit card numbers. This data breach is believed to be the largest hacking and
identity theft case ever prosecuted by the US Department of Justice.
3. Kingfisher Airlines was duped of Rs 17 crore caused by an online ticket booking fraud,
caused by credit card bookings. These credit card details were obtained by the thieves
from various places like shopping mall, restaurant and petrol-pump employees who
swipe these cards, felt the officers working on this case.
Common Scenarios - Email Spoofing
A spoofed email is one that appears to originate from one source but actually has been
sent from another source
Illustrations : -
1. In an American case, a teenager made millions of dollars by spreading false
information about certain companies whose shares he had short sold. This
misinformation was spread by sending spoofed emails, purportedly from news
agencies like Reuters, to share brokers and investors who were informed that the
companies were doing very badly. Even after the truth came out the values of the
shares did not go back to the earlier levels and thousands of investors lost a lot of
money.
2. A branch of the erstwhile Global Trust Bank in India experienced a run on the bank.
Numerous customers decided to withdraw all their money and close their accounts.
An investigation revealed that someone had sent out spoofed emails to many of the
bank’s customers stating that the bank was in very bad shape financially and could close
operations at any time. The spoofed email appeared to have originated from the bank
itself.
Common Scenarios - Intellectual Property Crime
Intellectual Property Crime include software piracy, copyright infringement, trademarks
violations, theft of computer source code etc
Illustrations : -
A software professional from Bangalore was booked for stealing the source
code of a product being developed by his employers. He started his own company
and allegedly used the stolen source code to launch a new software product.
In 2003, a computer user in China obtained the source code of a popular game -
LineageII from an unprotected website. This proprietary code was then sold to
several people in 2004. One of those people set up a website, www.l2extreme.com, to
offer the “Lineage” game at a discount.
Common Scenarios - Cyber Defamation
It occurs when defamation takes place with the help of computers and / or the
Internet.
Illustration 1
Abhishek, a teenaged student was arrested by the Thane police in India following
a girl’s complaint about tarnishing her image in the social networking site Orkut.
Abhishek had allegedly created a fake account in the name of the girl with her
mobile number posted on the profile.
The profile had been sketched in such a way that it drew lewd comments from
many who visited her profile. The Thane Cyber Cell tracked down Abhishek from
the false e-mail id that he had created to open up the account.
Illustration 2
The Aurangabad bench of the Bombay high court issued a notice to Google.com
following a public interest litigation initiated by a young lawyer.
The lawyer took exception to a community called ‘We hate India’, owned by
someone who identified himself as Miroslav Stankovic. The community featured a
picture of the Indian flag being burnt.
Illustration 3
Unidentified persons posted obscene photographs and contact details of a Delhi
school girl. Girl’s family started receiving defamatory calls
Common Scenarios - Web Defacement
Website defacement is usually the substitution of the original home page of a
website with another page (some abusive page) by a
hacker.
Illustration 1
Mahesh Mhatre and Anand Khare (alias Dr Neukar) were arrested in 2002 for
allegedly defacing the website of the Mumbai Cyber Crime Cell.
They had allegedly used password cracking software to crack the FTP password
for the police website. They then replaced the homepage of the website with
pornographic content. The duo was also charged with credit card fraud for using
225 credit card numbers, mostly belonging to American citizens.
Illustration 2
In 2001, over 200 Indian websites were hacked into and defaced. The hackers put
in words like bugz, death symbol, Paki-king and allahhuakbar.
Common Scenarios - Email Bombing
Email bombing refers to sending a large number of emails to the victim resulting in
the victim’s email account or mail servers crashing.
Illustration 1
A British teenager was found guilty of launching a denial-of service attack against his
former employer. The teenager was accused of sending 5 million e-mail messages to his
ex-employer that caused the company's email server to crash.
Illustration 2
In one case, a foreigner who had been residing in Simla, India for almost 30 years
wanted to avail of a scheme introduced by the Simla Housing Board to buy land at
lower rates. When he made an application it was rejected on the grounds that the
scheme was available only for citizens of India.
He decided to take his revenge. Consequently, he sent thousands of mails to the
Simla Housing Board and repeatedly kept sending e-mails till their servers
crashed.
Common Scenarios - Spreading Virus/Malwares
Computer viruses are small malicious software programs that are designed to spread
from one computer to another and perform harmful activities
• Email messages
• Infected websites
• Instant messaging
• Networking protocols
• Open share machines
• Cyber stalking
• Cyber Bullying
• Installing Key loggers
• Cyber Terrorism
• Email based Frauds
• Web jacking
• Online Gambling
• DoS Attacks
Security Awareness
• Passwords are the only and/OR the primary option to ensure privacy of your information
• Ensure Passwords are complex in nature
• Not as complex that you tend to forget it
• Include combination of upper & lower case, special chars and numbers
• Not easy for others to guess (like your pet name, etc)
• Sensitive passwords should be changed frequently
• Do not write passwords
• Be extra careful of your passwords when using shared machines (like cyber café)
• Avoid sharing your passwords to anyone
Security Awareness – Social Media
• Social Media (FB, twitter, etc) is now an integral part of our daily life
• Be sensitive in what you upload on your social networking account (status, pics, etc)
• Use security and privacy options provided by social media sites
• SMS based second factor authentication
• Access control (who can see what)
• Browser /machine mapping to your social media profile
• Block
• Keep your personal details, personal.
Security Awareness – Smart mobile devices
• Ensure your Antivirus is updated and scans are configured for a routine check
• Implement personal firewall
• Keep your Operating system updated with latest patches
• Avoid installing cracked softwares
• Keep OS files and personal files in different HDD partition
• Factory Restore is the best option to clean your system
Security Awareness – Internet