Information Security and Cyber Crimes

About Presenter

Kandarp Shah has worked at a managerial position for leading Info security
consulting organization and has been engaged to provide advisory and
auditing services to customers across verticals for more than 10 years.

Helped various organizations to strategies their information security

requirements in terms of services and/or solutions.

Shahkandarp(at)outlook.com
in.linkedin.com/in/kandarps/
 Information Security and Cyber Crimes

The objective of this presentation is to educate and create awareness

amongst the student community on use of Technology, Internet media and
its implications on possible cyber crimes.

Some of the possible preventive measures, one can take to avoid getting
victimized for a cyber crime
Introduction

Internet and smart Gadgets are now integral part of our lives
Cyber Laws

Cyber crime is a generic term that refers to all criminal activities done using the medium
of computers, the internet, cyber space and the worldwide web.

"Cyber Security“ means protecting information, equipment, devices, computer,

computer resource, communication device and information stored therein from
unauthorized access, use, disclosure, disruption, modification or destruction.

Cyber law is a term used to describe the legal issues related to use of communications
technology, particularly "cyberspace", i.e. the Internet. Cyber Law is represented by
Indian IT ACT 2008
Cyber Crime - Motivation

• Money

• Curiosity

• Revenge

• Fun

• Praise seekers
Cyber Crime – Upward Trends

• Huge increase in the use of Internet and smart phones

• Individuals share personal and work related information on
Internet
•Critical and sensitive information are shared on Internet
• Financial transactions take place on Internet
• Security controls are never 100% and adequate
• BAD guys are always ahead of GOOD guys
Cyber Crime – Its No more a fun

Cyber crime controlled by IT ACT 2008 and respective IPC (constantly evolving)

Complete control of Govt agencies over information stored, processed and transmitted
over internet

Upradation of Investigating agencies with latest technology

Service providers like ISPs, email service providers, etc are liable to share information
with Govt agencies

Upgradation of Forensic labs

Stringent punishment for cyber crimes

Cyber Crime – Awareness for Students

Curiosity and Revenge may be primary reasons for a student to get motivated for a
cyber crime.

Most of the times, students are not aware about the implications of a cyber crime

Girls are the most found victims of a cyber crime

Common Scenarios - Cyber Pornography

Cyber pornography covers pornographic websites, pornographic magazines produced

using computers and the Internet.
Whoever publishes or transmits or causes to be published in the electronic form,
any material which is obscene in nature falls under cyber pornography

Section 67: Punishment for publishing or transmitting obscene material in electronic

form
Punishment – Imprisonment from 2 – 10 years with fine upto 10 lakhs
Common Scenarios - Cyber Pornography

Illustrations : -
1. The CEO of a software company in Pune (India) was arrested for sending highly
obscene emails to a former employee

1. A student of the Air Force Balbharati School, New Delhi, was teased by all his
classmates for having a pockmarked face, used a free hosting provider to create a
website
He regularly uploaded “morphed” photographs of teachers and girls from his
school onto the website. He was arrested when the father of one of the victims
reported the case to the police.
 Common Scenarios - Identity Theft
Identity theft is a term used to refer to fraud that involves stealing money or getting
other benefits by pretending to be someone else.

Section 66C Punishment for identity theft.

Whoever, fraudulently or dishonestly make use of the
electronic signature, password or any other unique
identification feature of any other person, shall be
punished with imprisonment of either description for
a term which may extend to three years and shall
also be liable to fine which may extend to rupees one
lakh.

Section 66D Punishment for cheating by personation

by using computer resource
Whoever, by means of any communication device or
computer resource cheats by personation, shall be
punished with imprisonment of either description for
a term which may extend to three years and shall
also be liable to fine which may extend to one lakh
rupees.
Common Scenarios - Identity Theft

Illustrations : -
1. An American national named Ken Haywood, whose most likely fault was, that his Wi-
Fi internet connection was hacked, and under the scanner for involvement in the
Ahmadabad terrorist attacks.

2. The biggest case of identity theft ever seen, took place in August of 2009. Eleven
people, including a US secret service informant, had been charged in connection with
the hacking of nine major retailers and the theft and sale of more than 41 million credit
and debit card numbers. This data breach is believed to be the largest hacking and
identity theft case ever prosecuted by the US Department of Justice.

3. Kingfisher Airlines was duped of Rs 17 crore caused by an online ticket booking fraud,
caused by credit card bookings. These credit card details were obtained by the thieves
from various places like shopping mall, restaurant and petrol-pump employees who
swipe these cards, felt the officers working on this case.
 Common Scenarios - Email Spoofing
A spoofed email is one that appears to originate from one source but actually has been
sent from another source

Forgery of electronic records, Email spoofing Under ITA 2008

Section 66A, 66C.
• 66A Punishment for sending offensive messages through
communication service, etc.
• 66C Punishment for identity theft

Whoever, fraudulently or dishonestly make use of the

electronic signature, password or any other unique
identification feature of any other person, shall be punished
with imprisonment of either description for a term which may
extend to three years and shall also be liable to fine which may
extend to rupees one lakh
Common Scenarios - Email Spoofing

Illustrations : -
1. In an American case, a teenager made millions of dollars by spreading false
information about certain companies whose shares he had short sold. This
misinformation was spread by sending spoofed emails, purportedly from news
agencies like Reuters, to share brokers and investors who were informed that the
companies were doing very badly. Even after the truth came out the values of the
shares did not go back to the earlier levels and thousands of investors lost a lot of
money.

2. A branch of the erstwhile Global Trust Bank in India experienced a run on the bank.
Numerous customers decided to withdraw all their money and close their accounts.
An investigation revealed that someone had sent out spoofed emails to many of the
bank’s customers stating that the bank was in very bad shape financially and could close
operations at any time. The spoofed email appeared to have originated from the bank
itself.
 Common Scenarios - Intellectual Property Crime
Intellectual Property Crime include software piracy, copyright infringement, trademarks
violations, theft of computer source code etc

Motivation for the IP crime is high as it is easy

and cheap to steal someones IP.

Owners and creators are at huge risk of loosing

out their creative work after investing huge
amount of money and time

Any person who knowing performs a IP crime

shall be punishable for a term of not less than 6
months and fine not lest than fifty thousand
Common Scenarios - Intellectual Property Crime

Illustrations : -
A software professional from Bangalore was booked for stealing the source
code of a product being developed by his employers. He started his own company
and allegedly used the stolen source code to launch a new software product.

In 2003, a computer user in China obtained the source code of a popular game -
LineageII from an unprotected website. This proprietary code was then sold to
several people in 2004. One of those people set up a website, www.l2extreme.com, to
offer the “Lineage” game at a discount.
Common Scenarios - Cyber Defamation
It occurs when defamation takes place with the help of computers and / or the
Internet.

Any person who sends, by means of a computer

resource or a communication device,-
a) any information that is grossly offensive or has
menacing character; or
b) any information which he knows to be false, but
for the purpose of causing defamation
c) any electronic mail or electronic mail message for
the purpose of causing annoyance or inconvenience
or to deceive or to mislead the addressee or
recipient about the origin of such messages

Punishment for creating Cyber Defamation extends

to 2-3 years with fine
Common Scenarios - Cyber Defamation

Illustration 1
Abhishek, a teenaged student was arrested by the Thane police in India following
a girl’s complaint about tarnishing her image in the social networking site Orkut.
Abhishek had allegedly created a fake account in the name of the girl with her
mobile number posted on the profile.
The profile had been sketched in such a way that it drew lewd comments from
many who visited her profile. The Thane Cyber Cell tracked down Abhishek from
the false e-mail id that he had created to open up the account.
Illustration 2
The Aurangabad bench of the Bombay high court issued a notice to Google.com
following a public interest litigation initiated by a young lawyer.
The lawyer took exception to a community called ‘We hate India’, owned by
someone who identified himself as Miroslav Stankovic. The community featured a
picture of the Indian flag being burnt.
Illustration 3
Unidentified persons posted obscene photographs and contact details of a Delhi
school girl. Girl’s family started receiving defamatory calls
Common Scenarios - Web Defacement
Website defacement is usually the substitution of the original home page of a
website with another page (some abusive page) by a
hacker.

Whoever knowingly or intentionally, destroy or alter

any computer source code, shall be punishable with
imprisonment up to three years, or with fine which
may extend up to two lakh rupees, or with both.
Common Scenarios - Web Defacement

Illustration 1
Mahesh Mhatre and Anand Khare (alias Dr Neukar) were arrested in 2002 for
allegedly defacing the website of the Mumbai Cyber Crime Cell.
They had allegedly used password cracking software to crack the FTP password
for the police website. They then replaced the homepage of the website with
pornographic content. The duo was also charged with credit card fraud for using
225 credit card numbers, mostly belonging to American citizens.

Illustration 2
In 2001, over 200 Indian websites were hacked into and defaced. The hackers put
in words like bugz, death symbol, Paki-king and allahhuakbar.
Common Scenarios - Email Bombing
Email bombing refers to sending a large number of emails to the victim resulting in
the victim’s email account or mail servers crashing.

It is also a kind of Denial of Service (DoS) attack

If found guilty, the punishment shall be extended till

3 years
Common Scenarios - Email Bombing

Illustration 1
A British teenager was found guilty of launching a denial-of service attack against his
former employer. The teenager was accused of sending 5 million e-mail messages to his
ex-employer that caused the company's email server to crash.

Illustration 2
In one case, a foreigner who had been residing in Simla, India for almost 30 years
wanted to avail of a scheme introduced by the Simla Housing Board to buy land at
lower rates. When he made an application it was rejected on the grounds that the
scheme was available only for citizens of India.
He decided to take his revenge. Consequently, he sent thousands of mails to the
Simla Housing Board and repeatedly kept sending e-mails till their servers
crashed.
Common Scenarios - Spreading Virus/Malwares
Computer viruses are small malicious software programs that are designed to spread
from one computer to another and perform harmful activities

There are multiple ways one can spread

viruses

• Email messages
• Infected websites
• Instant messaging
• Networking protocols
• Open share machines

If found guilty, then the punishment shall

be two to three years.
Common Scenarios - Spreading Virus/Malwares
Illustration 1
The VBS_LOVELETTER virus was reportedly written by a Filipino undergraduate. In May
2000, this deadly virus became the world’s most prevalent virus. Losses incurred during
this virus attack were pegged at US $ 10 billion.
VBS_LOVELETTER utilized the addresses in Microsoft Outlook and e-mailed itself to
those addresses. The e-mail, which was sent out, had “ILOVEYOU” in its subject line.
The attachment file was named “LOVE-LETTER-FORYOU. TXT.vbs”.
Illustration 2
In 2002, the creator of the Melissa computer virus was convicted. The virus had spread
in 1999 and caused more than $80 million in damage by disrupting personal computers,
business and government computer networks.
Illustration 4
In 2006, a US citizen was convicted for conspiracy to intentionally cause damage
to protected computers and commit computer fraud. Between 2004 and 2005, he
created and operated a malicious software to constantly scan for and infect new
computers.
It damaged hundreds of US Department of Defence computers in USA, Germany
and Italy. The software compromised computer systems at a Seattle hospital,
including patient systems, and damaged more than 1,000 computers in a
California school district.
Other Common Cyber Crimes
Cyber crimes can be categorized and listed in multiple ways, however some of the
other common cyber crimes observed are as below but not limited to :-

• Cyber stalking
• Cyber Bullying
• Installing Key loggers
• Cyber Terrorism
• Email based Frauds
• Web jacking
• Online Gambling
• DoS Attacks
Security Awareness

YOU can make the difference

 Security Awareness – PASSWORD

• Passwords are the only and/OR the primary option to ensure privacy of your information
• Ensure Passwords are complex in nature
• Not as complex that you tend to forget it
• Include combination of upper & lower case, special chars and numbers
• Not easy for others to guess (like your pet name, etc)
• Sensitive passwords should be changed frequently
• Do not write passwords
• Be extra careful of your passwords when using shared machines (like cyber café)
• Avoid sharing your passwords to anyone
 Security Awareness – Social Media

• Social Media (FB, twitter, etc) is now an integral part of our daily life
• Be sensitive in what you upload on your social networking account (status, pics, etc)
• Use security and privacy options provided by social media sites
• SMS based second factor authentication
• Access control (who can see what)
• Browser /machine mapping to your social media profile
• Block
• Keep your personal details, personal.
 Security Awareness – Smart mobile devices

• DO NOT jail break or root your smart phones

• Connect to ONLY authorized wifi access
• Use auto lock features
• Download apps from authorized app stores ONLY
• Use Privacy options provided by various mobile Operating system
• Do NOT accept calls from weird numbers OR do not give a call back
 Security Awareness – Desktops/laptops

• Ensure your Antivirus is updated and scans are configured for a routine check
• Implement personal firewall
• Keep your Operating system updated with latest patches
• Avoid installing cracked softwares
• Keep OS files and personal files in different HDD partition
• Factory Restore is the best option to clean your system
 Security Awareness – Internet

• Internet use is a two edge sword. Be SMART on using Internet

• NEVER visit untrusted websites
• NEVER user referral links to visit a website. Instead type in the URL address in the browser
• Always download software from authorized / Trusted sources
• Use Browser addons to get protected from known BAD sites
• Do Not Connect to unknown or unprotected wifi zones
• Ensure no one is shoulder surfing your key strokes
Your feedback is precious … shahkandarp(at)outlook.com