Documente Academic
Documente Profesional
Documente Cultură
College, Ajmer
Chapter -1
1.1
Cyber Law is the law governing Cyber space. Cyber space is a collective noun for the diverse range of environments that have arisen using the Internet and the various services. The expression crime is defined as an act, which subjects the doer to legal punishment or any offence against morality, social order or any unjust or shameful act. The "offence" is defined in the Code of Criminal procedure to mean as an act or omission made punishable by any law for the time being in force. Cyber crime is a term used to broadly describe criminal activity in which computers or computer networks are a tool, a target, or a place of criminal activity and include everything from electronic cracking to denial of service attacks. It is also used to include traditional crimes in which computers or networks are used to enable the illicit activity. Computer crime mainly consists of unauthorized access to computer systems data alteration, data destruction, theft of intellectual properly. Cyber crime in the context of national security may involve hacktivism, traditional espionage, or information warfare and related activities. Cyber crimes have been reported across the world. Cyber crime is now amongst the most important revenue sectors for global organized crime, says Frost Sullivan Industry Analyst Katie Gotzen. Because of this, the potential risks associated with malware have risen dramatically. Unlike in traditional crimes, the Information Technology infrastructure is not only used to commit the crime but very often is itself the target of the crime. Pornography, threatening email, assuming someone's identity, sexual harassment, defamation, SPAM and Phishing are some examples where computers are used to commit crime, whereas viruses, worms and industrial espionage, software piracy and hacking are examples where computers become target of crime.
1.3.2 Against Property Credit Card Fraud. Intellectual Property crimes: These include Software piracy, illegal copying of programs, distribution of copies of software, Copyright infringement, Trademarks violations Internet time theft: the usage of the Internet hours by an unauthorized person which is actually paid by another person.
1.3.3 Against Organization Unauthorized Accessing of Computer: Accessing the computer/network without permission from the owner. Denial of Service: When Internet server is flooded with continuous bogus requests so as to denying legitimate users to use the server or to crash the server. Virus attack: A computer virus is a computer program that can infect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of it. Viruses can be file infecting or affecting boot sector of the computer. Worms, unlike viruses do not need the host to attach themselves to. Email Bombing: Sending large numbers of mails to the individual or company or mail servers thereby ultimately resulting into crashing. Salami Attack: When negligible amounts are removed & accumulated in to something larger. These attacks are used for the commission of financial crimes. Logic Bomb: Its an event dependent programme, as soon as the designated event occurs, it crashes the computer, release a virus or any other harmful possibilities. Trojan horse: an unauthorized program which functions from inside what seems to be an authorized program, thereby concealing what it is actually doing. Data diddling: This kind of an attack involves altering raw data just before it is processed by a computer and then changing it back after the processing is completed.
3
1.3.4 Against Society Forgery: currency notes, revenue stamps, mark sheets etc can be forged using computers and high quality scanners and printers. Cyber Terrorism: Use of computer resources to intimidate or coerce others. Web Jacking: Hackers gain access and control over the website of another, even they change the content of website for fulfilling political objective or for money.
1.4.1 Cyber Stalking Cyber Stalking can be defined as the repeated acts harassment or threatening behavior of the cyber criminal towards the victim by using Internet services. Stalking in General terms can be referred to as the repeated acts of harassment targeting the victim such as 1. 2. 3. 4. 5. Following the victim Making harassing phone calls Killing the victims pet Vandalizing victims property Leaving written messages or objects
Stalking may be followed by serious violent acts such as physical harm to the victim and the same has to be treated and viewed seriously. It all depends on the course of conduct of the stalker. Cyber-stalking refers to the use of the Internet, e-mail, or other electronic communications device to stalk another person. It is a relatively new form of harassment, unfortunately, rising to alarming levels especially in big cities. In many cases, the cyber stalker and the victim had a prior relationship, and the cyber stalking begins when the victim attempts to break off the relationship. However, there also have been many instances of cyber stalking by strangers. Given the enormous amount of personal information available through the Internet, a cyber stalker can easily locate private information about a potential victim with a few mouse clicks or keystrokes. The fact that cyber stalking does not involve physical contact may create the misperception that it is more benign than physical stalking. This is not necessarily true.
1.4.3 Hackers Hacking is in some ways the online equivalent to burglary; in other words breaking into premises against the wishes of the lawful owner - in some jurisdictions a crime in itself from which other criminal acts such as theft and/or damage generally result. Computer hacking refers to gaining unauthorised access to, and hence some measure of control over, a computer facility, and most countries now have specific legislation in place to deter those who might wish to practice this art and science. In some jurisdictions, unauthorised access alone constitutes a criminal offence, even if the hacker attempts nothing further. However, in practice, hackers generally have a particular target in mind, so their unauthorised access leads to further acts, which national law might also define as criminal activities. These can be summarised under the headings of unauthorised: Obtaining of confidential information: perhaps the major growth area in computer crime is "identity theft", in other words the obtaining of personal information that can then be used to commit other serious offences, usually in the area of fraud. However, other motives include espionage (both governmental and commercial secrets) and the obtaining
5
of personally sensitive information that might be used for tracing people, deception and blackmail. Alteration or deletion of data and code: most organisations now depend to some extent on computerised information systems, and any act resulting in significant corruption or deletion of corporate data could have serious implications on their ability to transact business. Degradation or cessation of service: acts that result in systems being unable to carry their workload or that fail altogether, could also have serious business implications;
Spoof websites and email security alerts Fraudsters create authentic looking websites that are actually nothing but a spoof. The purpose of these websites is to make the user enter personal information. This information is then used to access business and bank accounts. Fraudsters are increasingly turning to email to generate traffic to these websites. A lot of customers of financial institutions recently received such emails. Such emails usually contain a link to a spoof website and mislead users to enter User ids and passwords on the pretence that security details can be updated, or passwords changed. Virus hoax emails It is a sad fact of life that there are those who enjoy exploiting the concerns of others. Many emailed warnings about viruses are hoaxes, designed purely to cause concern and disrupt businesses. These warnings may be genuine, so don't take them lightly, but always check the story out by visiting an anti-virus site such as McAfee, Symantec before taking any action, including forwarding them to friends and colleagues. Lottery Frauds These are letters or emails, which inform the recipient that he/ she has won a prize in a lottery. To get the money, the recipient has to reply. After which another mail is received asking for bank details so that the money can be directly transferred. The email also asks for a processing fee/ handling fee. Of course, the money is never transferred in this case, the processing fee is swindled and the banking details are used for other frauds and scams.
Spoofing Spoofing means illegal intrusion, posing as a genuine user. A hacker logs-in to a computer illegally, using a different identity than his own. He is able to do this by having previously obtained actual password. He creates a new identity by fooling the computer into thinking he is the genuine system operator. The hacker then takes control of the system.
1.4.5 Pornography
Child pornography is a very unfortunate reality of the Internet. The Internet is being highly used by its abusers to reach and abuse children sexually, worldwide. The Internet is very fast becoming a household commodity in India. Its explosion has made the children a viable victim to the cyber crime. As more homes have access to Internet, more children would be using the Internet and more are the chances of falling victim to the aggression of pedophiles. Child pornography means any visual depiction, including 1. any photograph 2. film, video, picture, or 3. computer or computer-generated image or picture, of sexually explicit conduct, where the production of such visual depiction involves the use of a minor engaging in sexually explicit conduct
1.4.7 Spoofing
Spoofing means a hacker logs-in to a computer illegally using a different identity than his own. He is able to do this by having previously obtained actual password. He creates a new identity by fooling the computer into thinking he is the genuine system operator. Hacker then takes control of the system.
Possible Criminal Uses of Usenet Distribution/Sale of pornographic material. Distribution/Sale of pirated software Distribution of Hacking Software Sale of Stolen credit card numbers Sale of Stolen Data/Stolen property.
Act to apply for offences or contraventions committed outside India (Section 75) Investigation of computer crimes is to be investigated by officer at the DSP level. Network service providers not to be liable in certain cases (Section 79). Power of police officers and other officers to enter into any public place and search and arrest without warrant (Section 80) Offences by the Companies (Section 85)
2.2 The Information Technology Act Amendment (2008) The Information Technology (Amendment) Act, 2008 has been signed by the President of India on February 5, 2009. A review of the amendments indicates that there are several provisions relating to data protection and privacy as well as provisions to curb terrorism using the electronic and digital medium that have been introduced into the new Act. Some of the salient features of the Act are as follows: The term digital signature has been replaced with electronic signature to make the Act more technology neutral. A new section has been inserted to define communication device to mean cell phones, personal digital assistance or combination of both or any other device used to communicate, send or transmit any text video, audio or image. A new section has been added to define cyber caf as any facility from where the access to the internet is offered by any person in the ordinary course of business to the members of the public. A new definition has been inserted for intermediary. Intermediary with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, webhosting service providers, search engines, online payment sites, online-auction sites, online market places and cyber cafes, but does not include a body corporate referred to in Section 43A. A new section 10A has been inserted to the effect that contracts concluded electronically shall not be deemed to be unenforceable solely on the ground that electronic form or means was used. The damages of Rs. One Crore (approximately USD 200,000) prescribed under section 43 of the earlier Act for damage to computer, computer system etc has been deleted and the relevant parts of the section have been substituted by the words, he shall be liable to pay damages by way of compensation to the person so affected. A new section 43A has been inserted to protect sensitive personal data or information possessed, dealt or handled by a body corporate in a computer resource which such body corporate owns, controls or operates. If such body corporate is negligent in implementing and
10
maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, it shall be liable to pay damages by way of compensation to the person so affected. A host of new sections have been added to section 66 as sections 66A to 66F prescribing punishment for offenses such as obscene electronic message transmissions, identity theft, cheating by impersonation using computer resource, violation of privacy and cyber terrorism. Section 67 of the old Act is amended to reduce the term of imprisonment for publishing or transmitting obscene material in electronic form to three years from five years and increase the fine thereof from Indian Rupees 100,000 (approximately USD 2000) to Indian Rupees 500,000 (approximately USD 10,000). A host of new sections have been inserted as Sections 67 A to 67C. While Sections 67 A and B insert penal provisions in respect of offenses of publishing or transmitting of material containing sexually explicit act and child pornography in electronic form, section 67C deals with the obligation of an intermediary to preserve and retain such information as may be specified for such duration and in such manner and format as the central government may prescribe. In view of the increasing threat of terrorism in the country, the new amendments include an amended section 69 giving power to the state to issue directions for interception or monitoring of decryption of any information through any computer resource. Further, sections 69 A and B, two new sections, grant power to the state to issue directions for blocking for public access of any information through any computer resource and to authorize to monitor and collect traffic data or information through any computer resource for cyber security. Section 79 of the old Act which exempted intermediaries has been modified to the effect that an intermediary shall not be liable for any third party information data or communication link made available or hosted by him if; (a) the function of the intermediary is limited to providing access to a communication system over which information made available by third parties is transmitted or temporarily stored or hosted; (b) the intermediary does not initiate the transmission or select the receiver of the transmission and select or modify the information contained in the transmission; (c) the intermediary observes due diligence while discharging his duties. However, section 79 will not apply to an intermediary if the intermediary has conspired or abetted or aided or induced whether by threats or promise or otherwise in the commission of the unlawful act or upon receiving actual knowledge or on being notified that any information, data or communication link residing in or connected to a computer resource controlled by it is being used to commit an unlawful act, the intermediary fails to expeditiously remove or disable access to that material on that resource without vitiating the evidence in any manner. A provision has been added to Section 81 which states that the provisions of the Act shall have overriding effect. The proviso states that nothing contained in the Act shall restrict any person from exercising any right conferred under the Copyright Act, 1957.
11
Use of Good Antivirus like BitDefender, McAfee, Kaspersky A well established Firewall at company's router may help in analyzing every packet Eliminate use of the Internet on the job as long as possible. Use a good password length. Encrypt data. Avoid P2P File Sharing Software. Delete Unknown Emails. Do not click on Ads. Be careful what you attach to your computer. Secure Your Wireless Network. Install only Trusted Software. Windows update.
Switch of Bluetooth at public places or when not in use. The "pairing procedure" is the main fundamental level of protection for Bluetooth devices. The Encoding algorithm must be enough safe to employ a secure communication among devices. Switch the phone into invisible mode. Regularly update the phones security features. Exercise caution before opening attachments. Only download content from a trusted source.
3.3 Mobile and Wireless Hacking Be careful where you store sensitive information for example dont use a non secure notes type app to store your credit card, bank account or pin codes in. Use a secure (password/pin protected) app or better still dont store this type of information anywhere. Avoid public Wi-Fi Avoid checking emails, logging into mobile banking sites and accessing private information when your phone is connected to public Wi-Fi such as those in coffee shops as these are often insecure.
Set a phone password If your phones lost or stolen then a password could stop a data hacker in their tracks.
12
Turn off Bluetooth When youre not using Bluetooth always turn it off as hackers could use the wireless connection to gain remote access to your phone. Turn off auto-complete Some phones save user names and passwords automatically to help you log-in faster next time, but this could also help a hacker access your personal data. Check your phones Settings menu to see if it is automatically storing information. Delete your browsing history Not seeing a list of which websites youve recently visited and the information youve accessed might be a little inconvenient, but clearing your mobile phones Internet browser history, cookies and cache will make it harder for a hacker to get your data.
13
14
4.3 Virtualization
Virtualization is the creation of a virtual (rather than actual) version of something, such as a hardware platform, operating system, a storage device or network resources. There are many types of Virtualization Hardware - Hardware virtualization or platform virtualization refers to the creation of a virtual machine that acts like a real computer with an operating system. Desktop - Desktop virtualization is the concept of separating the logical desktop from the physical machine. Software
It includes hosting of multiple virtualized environments within a single OS instance Application virtualization and workspace virtualization, the hosting of individual applications in an environment separated from the underlying OS. Service virtualization, emulating the behavior of dependent system components that are needed to exercise an application under test (AUT) for development or testing purposes.
Memory
Memory virtualization, aggregating RAM resources from networked systems into a single memory pool Virtual memory, giving an application program the impression that it has contiguous working memory, isolating it from the underlying physical memory implementation
Storage
Storage virtualization, the process of completely abstracting logical storage from physical storage Distributed file system Storage hypervisor
15
Data
Data virtualization, the presentation of data as an abstract layer, independent of underlying database systems, structures and storage Database virtualization, the decoupling of the database layer, which lies between the storage and application layers within the application stack
Network
Network virtualization, creation of a virtualized network addressing space within or across network subnets.
16
CHAPTER - 5
PHISHING
5.1 INTRODUCTION
In October 2004, the Canada-U.S. Cross-Border Crime Forum released a report, prepared jointly by the U.S. Department of Justice (DOJ) and Public Safety and Emergency Preparedness Canada (PSEPC), on Identity Theft. The report identified, among other methods of committing identity theft, the growing use of a technique known as phishing. Consumers will receive "spoofed" e-mails (e-mails that appear to belong to legitimate businesses such as financial institutions or online auction sites). These e-mails will typically redirect consumers to a spoofed website, appearing to be from that same business or entity. Similarly, many consumers receive "pretext" phone calls (phone calls from persons purporting to be with legitimate institutions or companies) asking them for personal information. In fact, the criminals behind these e-mails, websites and phone calls have no real connection with those businesses. Their sole purpose is to obtain the consumers personal data to engage in various fraud schemes. The Canada-U.S. Cross-Border Crime Forum determined that it would be appropriate to follow up on the Identity Theft report with a joint report on Phishing and its impact on cross-border criminality. It directed the Canada-U.S. Working Group on Cross-Border Mass-Marketing Fraud, which reports to the Forum annually, to prepare this report.
broadly to the practice of obtaining and misusing others identifying information for criminal purposes. Identity fraud also can be used to refer to the subsequent criminal use of others identifying information to obtain goods or services, or to the use of fictitious identifying information (not necessarily associated with a real living person) to commit a crime. Phishing is committed so that the criminal may obtain sensitive and valuable information about a consumer, usually with the goal of fraudulently obtaining access to the consumers bank or other financial accounts. Often phishers will sell credit card or account numbers to other criminals, turning a very high profit for a relatively small technological investment.
18
Although data on phishing attempts provide important indications of the dimensions of the phishing problem, several obstacles may prevent complete and accurate measurement. First, victims often have no idea how criminals obtained their data. Victims typically provide their personal information to phishers precisely because they believe the solicitation to be trustworthy. The unexplained and unexpected charges that later appear on their credit card statements often occur so long after the phishing solicitation, and involve items having no relation to the original subject matter of the phishing e-mails and websites, that victims have no reason to understand that there is a connection between these events. Second, companies that are victimized by phishing may not report these instances to law enforcement. Unlike some other types of Internet-based crime, such as hacking, that may be conducted surreptitiously, phishing, by its nature, involves public misuse of legitimate companies and agencies names and logos. Nonetheless, some companies may be reluctant to report all such instances of phishing to law enforcement -- in part because they are concerned that if the true volume of such phishing attacks were made known to the public, their customers or accountholders would mistrust the companies or they would be placed at a competitive disadvantage. As these statistics indicate, phishing continues to be a rapidly growing form of online identity theft that can cause both short-term losses and long-term economic damage. In either event, phishing scams and other identity theft crimes create significant costs that may ultimately be borne by consumers in the form of increased fees from the credit card companies or higher prices from the merchants who accept credit cards.
accounts or other existing relationships with these companies, some of them will and therefore are more likely to believe the e-mail and websites to be legitimate. The concept behind many phishing attacks is similar to that of "pretext" phone calls (i.e., phone calls from persons purporting to be with legitimate institutions or companies asking the call recipients for personal information). In fact, the criminals behind these e-mails, websites, and phone calls have no real connection with those businesses. Their sole purpose is to obtain the consumers personal data to engage in various fraud schemes. Phishing schemes typically rely on three elements. First, phishing solicitations often use familiar corporate trademarks and trade names, as well as recognized government agency names and logos. The use of such trademarks is effective in many cases because they are familiar to many Internet users and are more likely to be trusted without closer scrutiny by the users. Moreover, the indicators that are provided for web browsers to assess the validity and security of a website (e.g., the lock icon or the address bar) can all be spoofed. This problem is further compounded by the lack of standardized protocols among financial institutions for how they will communicate with their customers and what information they will request via the Internet. Second, the solicitations routinely contain warnings intended to cause the recipients immediate concern or worry about access to an existing financial account. Phishing scams typically create a sense of urgency by warning victims that their failure to comply with instructions will lead to account terminations, the assessment of penalties or fees, or other negative outcomes. The fear that such warnings create helps to further cloud the ability of consumers to judge whether the messages are authentic. Even if a small percentage of people who receive these fraudulent warnings respond, the ease with which such solicitations can be distributed to millions of people creates a sizable pool of victims. (It should be noted that some schemes instead are based on offering positive incentives, for example by offering the promise of a payment in return for taking part in an online survey). Third, the solicitations rely on two facts pertaining to authentication of the e-mails: (1) online consumers often lack the tools and technical knowledge to authenticate messages from financial institutions and e-commerce companies; and (2) the available tools and techniques are inadequate for robust authentication or can be spoofed. Criminals can therefore use techniques, such as forging of e-mail headers and subject lines, to make the e-mails appear to come from trusted sources, knowing that many recipients will have no effective way to verify the true provenance of the e-mails. Example Phishing scam targets Royal Bank Customers In June 2004, the Royal Bank of Canada notified customers that fraudulent e-mails purporting to originate from the Royal Bank were being sent out asking customers to verify account numbers and personal identification numbers (PINs) through a link included in the e-mail. The fraudulent e-mail stated that if the receiver did not click on the link and key in his client card number and
20
pass code, access to his account would be blocked. These e-mails were sent within a week of a computer malfunction that prevented customer accounts from being updated. The malfunction impacted payroll deposits that were scheduled to enter many accounts, leaving customers at risk of missing mortgage, rent and other payments. The Royal Bank believes it is likely someone tried to take advantage of the situation.
5.5.1 Spear phishing Spear phishing is a colloquial term that can be used to describe any highly targeted phishing attack. Spear phishers send spurious e-mails that appear genuine to a specifically identified group of Internet users, such as certain users of a particular product or service, online account holders, employees or members of a particular company, government agency, organization, group, or social networking website. Much like a standard phishing e-mail, the message appears to come from a trusted source, such as an employer or a colleague who would be likely to send an e-mail message to everyone or a select group in the company (e.g., the head of human resources or a computer systems administrator). Because it comes from a known and trusted source, the request for valuable data such as user names or passwords may appear more plausible.
Whereas traditional phishing scams are designed to steal information from individuals, some spear phishing scams may also incorporate other techniques, ranging from computer hacking to pretexting (the practice of getting personal information under false pretences), to obtain the additional personal information needed to target a particular group or to enhance the phishing emails credibility. In essence, some criminals will use any information they can to personalize a phishing scam to as specific a group as possible.
5.5.2 Vishing A phishing technique that has received substantial publicity of late is vishing, or voice phishing. Vishing can work in two different ways. In one version of the scam, the consumer receives an e-mail designed in the same way as a phishing e-mail, usually indicating that there is a problem with the account. Instead of providing a fraudulent link to click on, the e-mail
21
provides a customer service number that the client must call and is then prompted to log in using account numbers and passwords. The other version of the scam is to call consumers directly and tell them that they must call the fraudulent customer service number immediately in order to protect their account. Vishing criminals may also even establish a false sense of security in the consumer by confirming personal information that they have on file, such as a full name, address or credit card number. Vishing poses a particular problem for two reasons. First, criminals can take advantage of cheap, anonymous Internet calling available by using Voice over Internet Protocol (VoIP), which also allows the criminal to use simple software programs to set up a professional sounding automated customer service line, such as the ones used in most large firms. Second, unlike many phishing attacks, where the legitimate organization would not use e-mail to request personal information from accountholders, vishing actually emulates a typical bank protocol in which banks encourage clients to call and authenticate information.xix Although banks will legitimately phone a client and ask questions to verify the clients identity, consumers must remember that a bank will never ask for PINs or passwords. It is also important that consumers never trust a phone number provided in an e-mail, and instead contact the institution through a number that has been independently verified or obtained through directory assistance. As noted above, this might include the telephone number or website printed on the back of their credit cards or on monthly account statements. Consumers, law enforcement, and the private sector should assume that as public education about phishing increases, criminals will continue to use these variants but also develop additional variants and refinements to phishing techniques.
Reports survey, which showed declining confidence in the security of the Internet. Among several findings, the survey found that 9 out of 10 American adult Internet users have made changes to their Internet habits because of the threat of identity theft, and of those, 30 percent say that they reduced their overall usage. Furthermore, 25 percent say they have stopped shopping online, while 29 percent of those that still shop online say they have decreased the frequency of their purchases.
DIFFICULTIES IN LAW ENFORCEMENT INVESTIGATIONS. Unlike certain other types of identity theft that law enforcement agencies can successfully investigate in a single geographic area (e.g., theft of wallets, purses, or mail), phishing like other types of crime that exploit the Internet -- can be conducted from any location where phishers can obtain Internet access. This can include situations in which a phisher in one country takes control of a computer in another country, and then uses that computer to host his phishing website or send his phishing e-mails to residents of still other countries. Moreover, online criminal activity in recent years has often reflected clearcut divisions of labor. For example, in an online fraud scheme, the tasks of writing code, locating hosts for phishing sites, spamming, and other components of a full-scale phishing operation may be divided among people in various locations. This means that in some phishing investigations, timely cooperation between law enforcement agencies in multiple countries may be necessary for tracing, identification, and apprehension of the criminals behind the scheme.
INCENTIVES FOR CROSS-BORDER OPERATIONS BY CRIMINAL ORGANIZATIONS. Law enforcement authorities in Canada and the United States are concerned that each of the preceding factors also creates incentives for members of fullfledged criminal organizations in various countries to conduct phishing schemes on a systematic basis. Law enforcement already has indications that criminal groups in Europe are hiring or contracting with hackers to produce phishing e-mails and websites and develop malicious code for use in phishing attacks.
obtaining identity information for a criminal purpose. If a phishing attack is using large volumes of spam (unsolicited e-mails) that could interfere with a computer system, or if the spam employs deceptive headers so as to avoid spam filters, then certain computer data related offences in the Criminal Code may apply. The use of identity information that has been obtained by phishing or by other means, could however amount to any of a number of criminal offences, such as fraudulent personation, fraud, or unlawful use of credit card data. The Department of Justice began several years ago to review the Criminal Code to determine its adequacy for dealing with the growing problem of identity theft. The Department has begun developing proposals to address some of the limitations of the criminal law in this area and consulting with key stakeholders to obtain their valuable input on legislative amendments. Another recent development in Canada with implications for phishing-related legislation was the 2004 launch by the Government of Canada of An Anti-Spam Action Plan for Canada and the establishment of a government-private sector task force to oversee and coordinate its implementation. In 2005 this task force was asked to produce a report on the status and progress that had been made. The report that they produced, Stopping Spam: Creating a Stronger, Safer Internet, set forward 22 recommendations to combat spam, promote public awareness, and restore confidence in e-mail. They also set forward best practices for Internet service providers and other network operators, and for e-mail marketing. Additionally, they recommend that legislation be enacted to prohibit certain forms of spam and other emerging threats to the safety and security of the Internet (e.g. phishing), and that a federal coordinating body should be established to deal with the spam issue on an ongoing basis. This is important for the phishing issue because phishing is usually accomplished through the technique of spamming, which is the sending out of unsolicited bulk e-mails. In the case of phishing, spam routinely allows criminals to distribute their fraudulent e-mails to many consumers at minimal cost. In the United States, since 1998 federal law, and laws in nearly all of the states, has adopted specific criminal legislation on identity theft that can be applied to phishing. In addition, federal authorities can use a variety of federal fraud offences, such as wire fraud, and the CAN-SPAM Act to address both the sending of phishing e-mails and the use of deceptive e-mail headers or other techniques characteristic of criminal spam. Currently, at the direction of President Bush, the Presidents Identity Theft Task Force is preparing a strategic plan to combat all forms of identity theft more effectively, including possible changes in legislation where appropriate. That plan is expected to be submitted to the White House in early February 2007.
24
CHAPTER 6 BOTNETS
6.1 Introduction
The term bot, derived from ro-bot in its generic form is used to describe a script or set of scripts or a program designed to perform predefined functions repeatedly and automatically after being triggered intentionally or through a system infection. Although bots originated as a useful feature for carrying out repetitive and time consuming operations but they are being exploited for malicious intent. Bots that are used to carry out legitimate activities in an automated manner are called benevolent bots and those that are meant for malicious intent are known as malicious bots. Benevolent bots among various other activities are used by search engines to spider online website content and by online games to provide virtual opponent. The first bot program Eggdrop created by Jeff Fisher in 1993 originated as a useful feature on Internet Relay Chat (IRC) for text based conferencing on many machines in a distributed fashion. In a typical IRC setup (Oikarinen & Reed 1993), a user running an IRC client program connects to an IRC server in an IRC network. The default TCP service port for IRC is 6667 and generally IRC servers listen on port range of 6000-7000, though servers could be configured to run on any TCP port. All servers are interconnected and pass messages from one user to other. As IRC gained popularity among Internet users, attacks on IRC started, initially due to curiosity or seeking fame and later for illicit financial gain, resulting in its misuse. An IRC malicious bot program runs on an IRC host or client each time it boots in a hidden manner and controlled by commands given by other IRC bot(s). It is typically an executable file with a size of less than 15 KB in its compressed form. An IRC host computer running an IRC bot malware program becomes a Zombie or a drone. The first malicious IRC bot, Pretty Park Worm that appeared in 1999 contained a limited set of functionality and features, such as the ability to connect to a remote IRC server, retrieve basic system information e.g. operating system version, login names, email addresses, etc. . However, bots extend the basic functions of their predecessors and have become a very powerful tool in building large computer armies which is the key difference between bots and other programs like viruses and worms. This very large pool of such Zombie hosts running bot programs form a large network called a botnet run under the command and control of a single or a group of hackers known as botmaster. Any host on Internet that is compromised by the botmaster becomes part of this botnet. A typical botnet comprises of thousands of Zombie hosts and thus poses a tremendous threat to the Internet security and privacy.
25
6.2 Botnet Creation and Propagation The process of building a botnet requires minimum technical and programming skills. Besides this, some IRC channels offer special training programs for creation, propagation and use of botnets. A brief two stage overview of building a botnet is outlined in this section.
6.2.1 Bot Creation This stage largely depends on skills and requirements of an attacker. The attacker may choose to write its own code or simply extend or customize an existing bot. Readymade and highly configurable bots with step by step instructions on how to compromise systems are sold on Internet. The instructions include instructions to obtain packaging exploits, simple character and graphical user interfaces, and various other tools for gaining backdoor entry into networks. The bot code generally contains configurable components that include IRC server and channel information, remote IRC TCP service port, the location and name of the bot code file in the infected machine, and other components permitting the botmaster to dynamically change the attack behavior and to hide it, list of botmasters and their credentials. The values pertaining to these components are supplied to the bots by the botmaster(s) using various Command and Control techniques.
6.2.2 Bot Propagation In this stage vulnerable systems and tools to exploit them are located which are then used to gain backdoor access to these systems facilitating installation of bot malware by uploading or commanding the victim machine to download a copy of the bot malware. This infection stage involves use of various direct and indirect techniques to spread bot malware. These include attack through software vulnerabilities, vulnerabilities caused by other infections, social engineering through the use of email, instant messaging and malicious web page content. The bot malware is also propagated through peer to peer networks, open file sharing, and direct client to client file exchange. Bot malware uses FTP, TFTP, HTTP protocol based services to infect computers and spread it until a desired strength of botnet is assembled. Botnets are also created by other botnets called seed botnets.
26
6.3.2 Spamming
Loosely defining spam is any message or posting, regardless of its content, that is sent to multiple recipients who have not specifically requested the message (Opt-In). Spam can also be multiple postings of the same message to newsgroups or list servers that are not related to the topic of discussion. A person engaged in spamming is called spammer. Spam in blogs called blog spam or comment spam is a form of search engine spamming done manually or automatically by posting random comments, promoting commercial services, to blogs, wikis, guestbooks, or other publicly-accessible online discussion boards. Any web application that accepts and displays hyperlinks submitted by visitors may be a target of Link Spam. This is the placing or solicitation of links randomly on other sites, placing a desired keyword into the hyperlinked text of the backlink. Blogs, guest books, forums and any site that accepts visitors' comments are particular targets and are often victims of drive-by spamming, where automated software creates nonsense posts with links that are usually irrelevant and unwanted. Link spam dishonestly and deliberately manipulates link-based ranking algorithms of search engines like Google's PageRank to increase the rank of a web site or page so that it is placed as close to the top of search results as possible. Spam generally refers to email, rather than other forms of
27
electronic communication. The term spim, for example, is used for unsolicited advertising via Instant Messaging. Spit refers to unsolicited advertising via Voice Over Internet Protocol (VOIP). Unsolicited advertising on wireless devices such as cell phones is called wireless spam.
28
29
CHAPTER 7
BLUETOOTH
7.1 Introduction Bluetooth is a short-range wireless communication protocol for personal area networks (PAN). In any communication link there is one master and one or more slave. The master and its slaves form a piconet. Overlapping piconet is called a scatternet. A unit may be a master in one piconet and a slave in another. It was initially developed by Ericsson but is formalized as an industrial standard by the Bluetooth Special Interest Group (SIG). The SIG was formed by Ericsson, Intel, Toshiba, Nokia, and IBM but is now expanded to include about 1800 members. There are a numerous devices that support the Bluetooth standard now approximately 6 years after its launch. It is used mostly in consumers products like cell phones and personal digital assistants.
30
Unit key. Each unit has a unit key. This key is almost never changed and should be kept secret. This key may be used as the link key. It is then sent to the opponent by XOR-ing it with the present link key. It is not recommended to use this option. However some units with limited memory must use this as a link key. Then the PIN code could also be fixed for the unit. Such units offer reduced security. Combination key. Two units that will communicate and does not want to use the unit key of one of the opponents create a common key, (the Combination key). The opponents exchange this key by a key exchange protocol. Random variables LK_RANDA and LK_RANDB are created. These random variables are exchanged secure by using the present link key as a cipher. The link key is now discharged. The algorithm E21 uses the addresses of the opponents and the two random numbers to produce the combination key, One should assume that any attacker knows XOR (LK_RANDA, LK_RANDB) and the addresses of the units A and B. Master key. If the links are parts of a point to multipoint piconet there may be need for a master key. This key is made from random numbers and the algorithm E22. It is exchanged by using a key made by E22 from the present link key and a random number. Encryption key. The encryption key is made by the algorithm E3 from 1. The current link key K 2. A random number EN_RAND 3. COF (128 bit): Either a number computed in the authentication procedure or made from the master key. Using the master key for creating COF is obligatory if such is used as the current link key. The length of the encryption key can be from 8 of 128 effective bits. This is up to each device and is not user configurable. Payload encryption key. This key is made from the encryption key, a unit address, the master clock, and a 128 bit publicly known random number EN_RAND. This key is used to encrypt up to 2745 bits in one payload. The payload key is unique for each packet. The length of the key is 128 bits.
31
Implementation weaknesses
In some implementations there are security breaches, such as the possibility to overwrite the stack by buffer overflow. In this way one can run arbitrary code on the victim unit. This weakness is in the Bluetooth connectivity software made by WIDCOMM. Newer versions (3+) of this software are not vulnerable. It is not clear if the failure makes the units vulnerable for attacks from arbitrary units, or if the attacking units already must be connected to the victim unit.
32
done via so-called Bluetooth war nibbling. Often, when a unit is on the move or when the unit is never switched on for a longer time, the vulnerability of such an attack should be small.
Bluejacking
Bluejacking is the process of hijacking a Bluetooth session/unit. It can be done in different ways, e.g. through social engineering or by using backdoors in second hand units, (even if the pin-card is changed a unit may still be paired with another unit.) A hacker can also hijack a Bluetooth device by using his own PIN card and then set up a connection to a given Bluetooth device he controls. The hacker needs physical access to the target phone to success with the last attack. A long user definable name-field in the protocol for requesting a link can be used to send messages to a phone holder in the purpose to trick him to accept a connection request from the attacking party. A good user interface should alert the user and prevent him from being a victim of such an attack. The short range of Bluetooth will make it harder for intruders, but the nature of the Bluetooth technology one should expect that it would increase the users mobility, and hence we can assume that the users carry the equipment with them.
Snarf attack
On some phones it is possible to connect to a cell phone without the knowledge of the owner. It is possible to see some of the stored data in the attacked phone. The entire phonebook, the calendar, the clock, etc is accessible. The IMEI (International Mobile Equipment Identity) is also accessible which makes it possible for an intruder to make a clone of the phone. According to Laurie et all vulnerable phones include: Ericsson T68; Sony Ericsson R520m, T68i, T610 and Z1010; and Nokia 6310, 6310i, 8910 and 8910i. The NOKIA phones mentioned is also vulnerable if it is in invisible mode.
Backdoor attack
This attack is using already establish pairing with a unit. Vulnerable devices are mostly second hand cell phones and PDAs that has not its former pairing erased.
BlueBug
There is a bug in some cell phones that makes them vulnerable for attacks. This attack seems to be serious for those phones that are infected. The attack opens up for sending AT-commands to a cell phone. These attacks opens for reading and sending SMS initiate phone talks, enter the Internet, writing and reading phone book entries. The author does not know which phones that is vulnerable.
33
34
knowledge among hackers, who can use them to change your WAP settings. The first thing you should do when you set up a WAP is change the default password to a strong password.
8.2.8 Isolate the wireless network from the rest of the LAN
To protect your wired internal network from threats coming over the wireless network, create a wireless DMZ or perimeter network that's isolated from the LAN. That means placing a firewall between the wireless network and the LAN. Then you can require that in order for any wireless client to access resources on the internal network, he or she will have to authenticate with a remote access server and/or use a VPN. This provides an extra layer of protection.
36
37
Malware is software that is designed to engage in malicious behaviour on a device. For example, malware can commonly perform actions without a users knowledge, such as making charges to the users phone bill, sending unsolicited messages to the users contact list, or giving an attacker remote control over the device. Malware can also be used to steal personal information from a mobile device that could result in identity theft or financial fraud. Spyware is designed to collect or use data without a users knowledge or approval. Data commonly targeted by spyware includes phone call history, text messages, location, browser history, contact list, email, and camera pictures. Spyware generally fits into two categories: it can be targeted, designed for surveillance over a particular person or organization, or untargeted, designed to gather data about a large group of people. Depending on how it is used, targeted spyware may or may not be considered malicious, such as in the case of a parent using a text messaging or location monitoring application on a childs phone. Privacy Threats may be caused by applications that are not necessarily malicious (though they may be), but gather or use more sensitive information (e.g., location, contact lists, personally identifiable information) than is necessary to perform their function or than a user is comfortable with. Vulnerable Applications contain software vulnerabilities that can be exploited for malicious purposes. Such vulnerabilities can often allow an attacker to access sensitive information, perform undesirable actions, stop a service from functioning correctly, automatically download additional apps, or otherwise engage in undesirable behavior. Vulnerable applications are typically fixed by an update from the developer.
Phishing Scams use web pages or other user interfaces designed to trick a user into providing information such as account login information to a malicious party posing as a legitimate service. Attackers often use email, text messages, Facebook, and Twitter to send links to phishing sites.
38
Drive-By Downloads automatically begins downloading an application when a user visits a web page. In some cases, the user must take action to open the downloaded application, while in other cases the application can start automatically. Browser exploits are designed to take advantage of vulnerabilities in a web browser or software that can be launched via a web browser such as a Flash player, PDF reader, or image viewer. Simply by visiting a web page, an unsuspecting user can trigger a browser exploit that can install malware or perform other actions on a device.
Network exploits take advantage of software flaws in the mobile operating system or other software that operates on local or cellular networks. Network exploits often do not require any user intervention, making them especially dangerous when used to automatically propagate malware. Wi-Fi Sniffing can compromise data being sent to or from a device by taking advantage of the fact that many applications and web pages do not use proper security measures, sending their data in the clear (not encrypted) so that it may be easily intercepted by anyone listening across an unsecured local wireless network.
Lost or Stolen Devices are one of the most prevalent mobile threats. The mobile device is valuable not only because the hardware itself can be re-sold on the black market, but more importantly because of the sensitive personal and organization information it may contain.
39
Only download apps from trusted sources, such as reputable app stores and download sites. Remember to look at the developer name, reviews, and star ratings. After clicking on a web link, pay close attention to the address to make sure it matches the website it claims to be if you are asked to enter account or login information. Set a password on your mobile device so that if it is lost or stolen, your data is difficult to access. Download a mobile security tool that scans every app you downloads for malware and spyware and can help you locate a lost or stolen device. For extra protection, make sure your security app can also protect from unsafe websites. Be alert for unusual behaviours on your phone, which could be a sign that it is infected. These behaviours may include unusual text messages, strange charges to the phone bill, and suddenly decreased battery life. Make sure to download firmware updates as soon as they are available for your device.
40
Cyber criminals are targeting organizations and individuals with malware and anonymization techniques that can evade current security controls. Current perimeter-intrusion detection, signature-based malware, and anti-virus solutions are providing little defense and are rapidly becoming obsoletefor instance, cyber criminals now use encryption technology to avoid detection. Cyber criminals are leveraging innovation at a pace which many target organizations and security vendors cannot possibly match. Effective deterrents to cyber crime are not known, available, or accessible to many practitioners, many of whom underestimate the scope and severity of the problem. There is a likely nexus between cyber crime and a variety of other threats including terrorism, industrial espionage, and foreign intelligence services.
10.3 Todays stunning cyber-crime trends Demand a strong, bold, near-term response.
Cyber crime attacks being more severe, more complex, and more difficult to prevent, detect, and address than current ones, which are bad enough. An underground economy has evolved around stealing, packaging, and reselling information. Malware authors and other cyber criminals for hire provide skills, capabilities, products, and outsourced services to cyber criminals. These include data acquisition and storage, stealthy access to systems, identity collection and theft, misdirection of communications, keystroke identification, identity authentication, and bonnets, among others. Meanwhile, todays security model is primarily reactive, and cyber criminals are exploiting that weakness. As a result of such developments, data breaches have occurred in many organizations which appear to have deployed traditional security controls, processes, and leading practice architectures, including the following representative instances in 2008 and 2009: At a major online service provider, more than one-half million credit card accounts were put at risk by malware, to be discovered four months later. At a major online payment facilitator, over one hundred million credit card accounts were put at risk by malware over an unknown period
42
before discovery. Malware on an online booking system exposed some eight million personal records to risk. Malicious software on cash register terminals at a regional restaurant chain compromised thousands of credit and debit card accounts and, separately at a major supermarket chain, over four million credit card accounts. Website intrusion compromised tens of thousands of customer records at an auto repair chain.
10.4.1 Awareness or complacency Deloitte believes the survey responses reveal a serious lack of awareness and a degree of complacency on the part of IT organizations, and perhaps security officers, vis--vis the threat of cyber crime. Much of this belief is predicated on the notion that cyber crime technologies and techniques are so effective at eluding detection that the actual extent of the problem may be grossly underestimated. Although we cannot quantify the financial impact of cyber criminal activity, we would like to highlight a comment made last year to help establish some potential statistics. Last year, the White House issued the Cyber Security Policy Review, which profiled the systemic loss of U.S. economic value from intellectual property and data theft in 2008 as high as $1 trillion. In this section, we will first summarize our view and then examine areas of divergence with selected survey responses. Some of our views will not surprise security and IT professionals in industries characterized by high vulnerability or organizations that have experienced some degree of cyber crime. Other readers may find our view of the seriousness of cyber crime surprising. Our purpose here is to provide an updated, broad, but well-supported view of the cyber crime threats that we perceive as most serious and to present potentially more effective ways of addressing these threats.
3. Relatively few organizations have recognized organized cyber criminal networks, rather than hackers, as their greatest potential cyber security threat; even fewer are prepared to address this threat. 4. Organizations tend to employ security-based, wall-and-fortress approaches to address the threat of cyber crime, but this is not enough to mitigate the risk. 5. Risk-based approachesand approaches that focus on what is leaving the IT environment as well as on what is entering ithold potentially greater value than traditional security-based, wall-andfortress approaches. 6. Organizations should understand how they are viewed by cyber criminals in terms of attack vectors, systems of interest, and process vulnerabilities, so they can better protect themselves from attack.
10.4.3 The focus obscures the view Most cyber security focuses on preventing attacks and unauthorized usage. It is this very focus that can allow and even enable cyber criminals to employ legitimate users as unwitting accomplices. Authorized users can access and travel throughout a system, remove or change data in the system, and conduct transactions. When cyber criminals employ such users as unwitting accomplices or money mules, they can operate as if they were users. They can acquire the same, or even greater, ability to navigate pathways, copy data, execute transactions, and monitor keystrokes. It is that kind of activity that must be detected, prevented, and addressed. Of course, practices designed to secure the environment and data and to detect traditional breaches must remain in place. But sophisticated cyber criminals have studied the methods organizations use to both wall off and grant access to their networks and data. This positions criminals to conduct activities that can go undetected for months, or to commit a single, major, extremely profitable and damaging crime, such as wire transfer fraud. In many cases cyber criminals have obtained credentials and accessed systems as if they were actual employees and customers. Thus, the integrity of the endpoint that is being granted access to the organizations systems and data must be a primary concern. The public sector is as exposed as the private sector. There have been cases in which state-level government agencies in the United States have lost measurable monetary sums. For example, the July 2, 2009 entry on Washington Post reporter Brian Krebs
44
blog stated that Ukrainian cyber criminals had stolen $415,000 from a county by means of unauthorized wire transfers from the countys bank. The criminals were aided by more than two dozen coconspirators in the United States. Krebs reported that his source, an investigator on the case, noted that the criminals used a custom variant of a keystroke logging Trojan that promptly sent stolen credentials to the attackers by instant messenger. This malware also enabled the attackers to log into the victims bank account by using the victims own Internet connection. Similarly, $480,000 was stolen from a bank account of a county Redevelopment Authority by means of Trojan malware. Threats from cyber crime at federal agencies could extend to matters of national security. 10.4.4 Shifting the basic approach One of the more fruitful approaches to consider in addressing the threat of cyber crime involves moving from a primarily security-based approach to a more risk-based approach. Blocking what is coming into the environment the strength of the security-based approachis useful and necessary. However, that can often be accomplished less expensively and perhaps more selectively. Shifting the focus to include monitoring and identifying data that leaves the environment can detect activities enabled by techniques and technologies that mimic, exploit, or piggyback on the access of authorized users. Relevant items may include user credentials, personally identifiable information, financial data, and vulnerability details. Current security wall, access control, and identity authentication approaches typically wont identify criminal activity geared to capturing that data and information. With their current methods, cyber criminals can even infiltrate systems of organizations that hire white hat hackers to test their defenses. Cyber criminals view a system from a process perspective with the goal of gaining access as an actual user would. They then focus on acquiring the access and authentication tools that an actual user would have. Once inside a system, cyber criminals can use it in ways that the organization did not, and cannot, anticipate or defend against. While security personnel are intently watching their Security Information Manager screens, the cyber criminals are already inside.
45
10.5.1 Developing Actionable cyber threat intelligence Combating cyber crime requires commitment from senior executives and board members. Yes, their plates are full. However, addressing cyber crime falls within risk management, an item already on their plate. Cyber crime is best addressed in the context of the organizations overall risk management approach. That way, it becomes an item in the IT, security, and risk management budgets and on the agenda at management and board meetings. Once the commitment is made, several specific steps can improve cyber security and, incidentally, protection against other threats. These steps within Deloittes approach focus first on intelligence gathering and analysis, then on assessment. The overall process is summarized in Exhibit 1. In practice, this process is best applied to specific areasactivities, data sets, delivery channels,
46
and aspects of the IT infrastructure. Identifying these areas takes time and resources, but they can be identified in the context of an overall risk management system. If a detailed enterprise-wide risk assessment has already been conducted, that assessment will have identified critical processes, activities, data, delivery channels, and other resources, which can be employed in this effort.
47
10.5.2 Intelligence gathering Gathering intelligence is a continuous activity. For our purposes here, it involves choosing promontories from which to scan the external environment and monitor the internal environment. Another way to think of them would be as channels (akin to radio or television channels) through which you can monitor these environments. Promontories or channels include those that constitute external cyber threat intelligence feeds and internal cyber threat intelligence feeds, as listed in Exhibit 2.
While it pays to cast a wide net, there is always the factor of cost and the danger of sacrificing depth for breadth. So pick and choose your feeds given your industry, needs and capabilities. Not every source will be useful to every organization, and some will be more useful than others to a given enterprise. Proactive surveillance rounds out the intelligence gathering effort. Resources here include honeynets, malware forensics, brand monitoring, P2P (peer to peer) monitoring, DNS monitoring, and watchlist monitoring. A few of the specific technologies on which to focus threat research include the following: Internet applications: online transactions, HR systems, wire systems, Websites Mobile computing: Blackberries, Smart phones, cellular networks, text messaging services
48
Personal computers: operating systems, third-party Another potential source of intelligence would be the resources that potential adversaries use. Again, the goal should be to focus on devices and applications that expose the organizations most valuable data, processes, activities, and infrastructure to the most risk. Once a rich mix of intelligence is being acquired, efforts turn to analysis.
The amount of data derived from broad-based intelligence gathering can be staggering. Therefore, analysis includes statistical techniques for parsing, normalizing, and correlating findings, as well as human review.
Six questions should drive this analysis: How can we improve our visibility into the environment? What new technologies do we need to watch for and monitor? Do we have vulnerable technologies and data? To what extent will our existing controls protect us? Which industries are cyber criminals targeting and which techniques are they using and planning to use? How can we identify actionable information?
This analysis should be conducted within a risk management process built around well-defined risk identification, prevention, and detection, communication, and mitigation activities. We wont delineate that process here, because most readers will be familiar with it. A cyber risk management process prioritizes threats, analyzes threats, detects a threat before, during, or after actual occurrence, and specifies the proper response. The latter may consist of remediation, control updates, vendor or partner notification, or other actions. Analysis, such as failure modes and effects analysis, provides a feedback mechanism, such as lessons learned, to constantly improve the effectiveness of the analytics being performed.
49
10.5.4 Benefits of a risk-based approach In light of the potential risks of cyber crime, Deloitte recommends a risk-based approach, as outlined above. This contrasts withbut also augmentssecurity-based approaches geared to walling off the IT environment. The benefits of a risk-based approach include the ability to: Define the value and risk-related significance of categories of data and to prioritize and protect them accordingly. Identify and mitigate devices inside the organizations network that are being used to support cyber criminal activities. Identify customers, suppliers, service providers, and other parties that have compromised devices inside their networks. Monitor transactions to identify those being conducted from compromised devices. Track compromised data that has left or is leaving the organization. Understand the organizations susceptibility to persistent, sustained access by cyber criminals.
Given the sophistication, complexity, and evolution of cyber crime technologies and techniques, no sizable organization can plan and implement the necessary response alone. CIOs, CSOs, CROs, and cyber security professionals should share information, techniques, and technologies in their battle against cyber crime. This can be done without revealing sensitive corporate or competitive information, but it had best be done.
In general, effective cyber security efforts require perspectives and expertise beyond those that reside in the organization. Thus, a 2010 CSO Cyber Security Watch Survey finding that we found disappointingand surprisingwas that only 21 percent of respondents reported participation in their industry-sector IT Information Sharing and Analysis Center (IT-ISAC). These communities of security specialists are supported by federal leadership, but much work remains if they are to become true public-private sector collaborations as originally intended. They certainly require the support of the cyber security community if they are to succeed.
50
51
CHAPTER - 11 CONCLUSION
Capacity of human mind is unfathomable. It is not possible to eliminate cyber crime from the cyber space. It is quite possible to check them. History is the witness that no legislation has succeeded in totally eliminating crime from the globe. The only possible step is to make people aware of their rights and duties (to report crime as a collective duty towards the society) and further making the application of the laws more stringent to check crime. Undoubtedly the Act is a historical step in the cyber world. Further I all together do not deny that there is a need to bring changes in the Information Technology Act to make it more effective to combat cyber crime. I would conclude with a word of caution for the pro-legislation school that it should be kept in mind that the provisions of the cyber law are not made so stringent that it may retard the growth of the industry and counter-productive. The issue of network and Internet security has become increasingly more important as more and more business and people go on-line. To avoid the information from hackers we use the passwords secretly and we change the passwords regularly. We cannot use our names, initials as passwords that are easily traced. We should not download any executable files from unknown sources, information from any sources without checking for virus. We have to use licensed antivirus software. Also teams like CERT and FIRST assist in solving hacker attacks and to disseminate information on security.
52
INFORMATION Acts,
Technology
http://www.mit.gov.in/content/information-technology-act (4th March, 2012) 11. Forensic countermeasures.pdf - A Case Study - Mark-longworth
12. http://www.bluetooth.com/Bluetooth/Technology/Basics.htm 13. http://en.wikipedia.org/wiki/Bluetooth 14. http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf 15. Software Security Technologies, programmable approach, By Prof. Richard Sinn. 16. http://www.urel.feec.vutbr.cz/ra2008/archive/ra2006/abstracts/085.pdf 17. http://en.wikipedia.org/wiki/Bluetooth 18. http://csrc.nist.gov/publications/nistpubs/800-121/SP800-121.pdf
53