White Hat

considered one of nice guys, a white hat hacker is one who hacks and the
informs the owner of the hacking

Black Hat
in contrast, the black hat hacker is considered a criminal and uses his/her
skills to break the law

Gray Hat
as one would imagine, a gray hat hacker sometimes is good, and sometimes
is criminal;
a combination of the white and black hat
 Script Kiddie
a demeaning term, used for those who hack but do so by following directions
and not creating anything of their own

Trojan horse
deceptive programs that pretend they do one thing, only to enter the computer
system and do another; however, they need not be bad for the computer

Virus
a self-replicating program that inserts itself into executable codes or
documents

Worm
also a self-replicating program, but a worm breeds itself in computer systems.
Tools Hackers Need To Get Into Websites
Some of the tools that a hacker may use are often varied and
constantly changing. One such tool that was used last year
allowed a hacker to gain control of the computers of those who
simply mistyped the word Google - when trying to get the
popular search engine. This automatically directed them to a
special website that would give them such malware items as
Trojan downloaders, backdoors and spyware.

Another tool would be the robot spider. These can be sent out
and put on automatic and will look for ports of access into your
computer. These spiders are running around all the time and
some say that they may hit most computers that are online - up
to 50 times a day.
 Other tools use email attachments. It is claimed that as much as
65% of all email is spam. And as much as 1 in about 30 emails
contains a virus, or some form of malware. This is why having
your own virus and spam protection is a must, as well as a
good spyware remover. Someone is busy. Once someone has
been hacking information on a computer they will often leave a
Trojan file that will give them further access - often more than
one file. Then they could use your computer to send out spam
attacks - without you even knowing that it is taking place. Or,
they could simply be hacking your personal information off of
your computer. These are just a few of their tools.
 DeCSS 1.2b is used as a cracking tool, is highly
engineered software that has been designed in order to
modify the other software with an intention to remove the
usage restriction.

Coldlife 4.0 is another tool for website hacking that falls

in the category of flooder. This is a program that has been
designed to overload the connection by certain
mechanisms like a fast pinging that causes a sudden DoS
Attack.
Best Hacking Tools Available
PCHelps Network Tracer is the other name that uses
standard network query utilities in order to work up a
handy report on a specified Internet address.
Hacking websites
have become easy with the other strong and download
hacking tools called IntelliTamper 2.07. This is a probe
tool that scans websites for all types of information that
the hacker programs is searching for by exploring into
another system looking for the vulnerable points where to
launch an attack from.
 Trojan
is a program that acts as one of the salient causes of
breaking into the systems with a hidden intent.
The word Trojan adds subversive functionality to an
existing program.
A trojaned login program is created to accept a certain
password for any user's account that the hackers can use to
log into the system at any time and from wherever he
wants.
 John The Ripper 1.0
is a password cracking tool, which is a program used to
make an algorithmic approach to decrypt the passwords
and password files.

NMap Win 1.2.12

is also one of the most important tools, which is used in
planning an attack on a remote system. This also helps the
programmer to develop other tools for such attacks.
Profiles of Famous Computer Hackers
Bill Gates, co-founder of Microsoft
Steve Jobs came back with the introduction of several new
products in Apple.
Although Linus Torvalds was known among the hacker
community as the hero who created Linux, the open
source operating system, it hasn't been until recent years
that people started to wonder if there was another option
apart from using Microsoft's operating system.
Profiles of Bad Hackers
One of the most famous black hackers is Kevin Mitnick, who
broke into the computers of several organizations, including
Fujitsu, Motorola, Sun Microsystems and Nokia.

Another famous hacker is Vladimir Levin, a mathematician

who led a group of Russian hackers and stole ten million
dollars from Citibank. Until this day, no one knows how they
did it.

Jonathan James case is a bit more complicated. He was the first

juvenile from the teen hackers of the USA to be prosecuted for
computer hacking. But that didn't stop him. Later, he was able
to access the computer systems of NASA and the US
Department of Defense. Finally, he was imprisoned.
 Example of Hackers

Dennis Ritchie, Ken Thompson, and Brian Kernighan

 Example of Hackers(2)

Linus
Bill Gates and Paul Baran Bjarne Stroustrup
Torvalds
Paul Allen
Example of Crackers

Kevin
Mitnik
Hackers
The computer hackers actually trespass or circumvent
artistically, yet scientifically into the other computer
system with a hunger to know the programmable systems,
how they perform and their internal structures
a hacker generally does not have intention destroy data
maliciously or to steel things.
a hacker who cracks and hacks systems is not only
interested in breaking the security of the system but also
in knowing about the system's details, by which he gains
much more than by simply cracking systems.
Crackers
Cracking means to break off the computer's security
system. This is a subject matter of hard-core science with
an aesthetic undertone of artistic skill that has attracted a
few millions of teenagers and young adults all over the
world.
The cracker breaks through the system's security and
proves to be far more dangerous than the hackers who just
quench his or her thirst by simply discovering the
workings of a system.
Ethical Hacker
They dedicate their skills to serve their clients. Instead of
spending long nights inside obscure rooms filled with
computers looking for some victim, they work inside
corporations, finding ways to protect the networks and
computer systems.
Defining Cyber Crime
In the early 1990's, when hacker efforts stopped AT&T
communications altogether, the U.S. Government
launched its program to go after the hackers.
One of the most famous for his computer crimes hacking
was Kevin Mitnick, who was tracked by computer, and
caught in 1995. He served a prison sentence of about five
years.
Others have likewise been caught. Another case is that of
Vasily Gorshkov from Russia, who was 26 years old when
convicted in 2001.
How To Defeat The Attempts Of A Black Hat
Hacker
Basic Knowledge
So, the first thing that we need to know is that computers,
and networks, are like houses. If they don't have the
windows and doors properly secured, anyone can enter.

Firewall
In order to secure our "house", we need to have a firewall
installed and properly configured. A firewall is like a lock
that assures that all the entrances to your computer are
properly closed, so no one from the outside can access it.
Anti Virus Software
Antivirus have been around since the first personal
computers since viruses have always existed.
Unfortunately, the internet has generated a demographic
explosion and now they wander, freely, through the net.
There are several software packages in the market, so test
the ones with which you feel more comfortable and stay
with the one that is more convenient for you.
Regular Updates
Regular Updates
The next step is to update your operating system,
especially if it is Windows XP. Ninety percent of the
worldwide operating system market is owned by
Microsoft. For that reason, it is the preferred choice for
crackers in the entire world. They are constantly looking
for ways to bypass the security of this operating system,
looking for weaknesses of all kind (even in something as
innocent as the Media Player). In order to stop them,
maintain your operating system updated.
Education in Security Techniques
Finally, if you are inside a company, assure yourself that
the users are trained. They must be able to detect if they
are being victims of cracker scam.
It can be through the internet messaging system, an email
or even an innocent looking PowerPoint attachment sent
by a friend. People are the last line of defense against
black hat hacking.
FI R EWALL
 What is firewall ?
Firewall

Firewall is hardware / software

protects the resources of a private network from users from other networks

Organization , universities , companies use firewall systems

Firewall can act as gateway

Firewall can act as proxy

Firewall filter Incoming & Outgoing information

LAN INTERNET
 Main purpose of using firewalls
Packet filtering
Analyzing packets
Proxy service
Provide access to other networks e.g INTERNET

INTERNET

LAN

 How a firewall works ?
Sniffing Mode
1) An attacker tries to compromise a service on the protected
network.
2) The Firewall identifies the attempt.

Reset

Harden

Alert

The FIREWALL can now:

LOG Log the attempt
Alert the admin
Harden the firewall
Or reset a TCP/IP connection
Types of firewalls ?
Firewalls use one or more of three methods to control traffic flowing in and out of the network .
1 # FILTER BASED FIREWALL
2# PROXY BASED FIREWALL
3# STATEFUL INSPECTION
Filter based firewalls are configured with a table of addresses that characterize the
packets they will , and will not, forward . By addresses, we mean more than just the destinations
IP address,although this in one possibility. Ex : (*,*,128.7.6.5,80) Generally. Each entry in the
table is a 4tuple : it gives the IP address and TCP port number for both source and destination . It
sometimes called as LEVEL 4 SWITCHES.
To understand proxy based firewalls works and why you would want one - consider a
corporate web server,where the company wants to make some the servers page accessible to all
external users ,but it wants to restrict certain of the pages to corporate users at one or more
remote sites . Continues...
The solution is to put an HTTP proxy on the firewall . Remote users establish an
HTTP/TCP connection to the proxy , which looks at the URL contained in the request
message . If the requested page is allowed for source host,the proxy establishes a second
HTTP/TCP connection to the server and forwards the request on to the server. The proxy
then forwards the response in the reverse direction between the two TCP connection.
A newer method that doesnt examine the contents of each packet but
instead compares certain key parts of the packet to a database of trusted information.
Information traveling from inside the firewall to the outside is monitored for specific
defining characteristics . If the comparison yields a reasonable match, the information is
allowed through . Otherwise it is discarded .
 Packet Filter Based Firewall
Advantages
Generally faster than other firewalls because they perform fewer evaluations
Can provide NAT -- Network Address Translation
Least Expensive
Disadvantages
Limited capabilities -- typically only Source & Destination
Cannot address protocol subsets other than IP -- most TCP only, not UDP.
This can impact DNS.
Cannot perform checks on higher-level protocols
No value add features such a s URL filtering, HTTP caching, authentication,
anti-spoofing, etc.

Applications Applications Applications

Presentation Presentation Presentation
Sessions Sessions Sessions
Transport Transport Transport
Network Network Network
DataLink DataLink DataLink
Physical Physical Physical
 Circuit Proxy Based Firewall
Forces the client and the server to address their packets to the proxy.
Intercepts and re-addresses all packets
Advantages
More control than a Packet Filter
Client has no way to learn the server IP address
SOCKS 5 allows optional user authentication & encryption
Disadvantages
Requires client modifications
Still a relatively high level of granularity-- Does not address packet contents
No anti-spoofing

Applications Applications
Presentation Presentation
Sessions Sessions
Transport Transport
Network PROXY Network
DataLink DataLink
Physical Physical
 Stateful Inspection
Advantages
Operates at 2nd/3rd layer in the OSI stack -- faster than Application Proxy
Application independent
More granularity then Circuit Proxy or Packet Filter
Disadvantages
Less granularity than Application Proxy

Applications
Applications Presentation Applications
Presentation Sessions Presentation
Sessions Transport Sessions
Transport Network Transport
Network Network
DataLink DataLink DataLink
Physical Physical Physical

INSPECT
State
Engine Tables
 What firewall protects us from
Remote login
Application backdoors
Operating system bugs
Denial of service
E-mail bombs
Viruses
SPAMs
Trojans
.
Popular hardware & software firewalls
Software Firewall Hardware Firewall
Ms. ISA Server Cisco PIX
Norton Internet Security Fortiguard
Mcafee Internet Security Cyberoam
ZoneAlarm Check Point
Kerio NetScreen
BlackICE NetD
Outpost WatchGuard
 What is proxy ?
Proxy

Proxy is hardware / software

Indirect access to other networks e.g INTERNET. all computers on the local
network have to go through it before accessing information on the Internet.

Organization , universities , companies use proxy systems

Proxy act as gateway

Proxy act as Cache Server/Firewall

Proxy share a connection to others

LAN INTERNET
 Main purpose of using proxies
Improve Performance
Act as Cache server
Bandwidth control
Filter Requests
Prevent access to some web sites!!!
Prevent access to some protocols
Time division
Surfing Anonymously
Browsing the WWW without any identification!!!
 Improve Performance
Caching
Reduce latency
Reduce Network Traffic
Caching can greatly speed up Internet access. If one or more Internet
sites are frequently requested, they are kept in the proxy's cache, so
that when a user requests them, they are delivered directly from the
proxy's cache instead of from the original Internet site.

Caches diminish the need for network bandwidth, typically by 35% or

more, by reducing the traffic from browsers to content servers.

Bandwidth control
Policy-based Bandwidth Limits
Deny by content type

INTERNET
512 Kbps
1 Mbps
128 Kbps

64 Kbps
Filter Requests
Prevent access to some web sites!!!
Categories web sites
Adult/Sexually Explicit
Advertisements & Pop-Ups
Chat
Gambling
Games
Hacking
Peer-to-Peer

Check by content type
.Exe / .Com
.Mid / .MP3 / .Wav
.Avi / .Mpeg / .Rm
 What do you need for
proxy installation?

Proxy Software
Ms ISA Server , Squid , WinRoute ,
Server
At least 2 network cards
DIRECT INTERNET connection (Public IP Address)
Switch/Hub (elective)
Private IP Address
10.0.0.1/8 172.16.0.1/16 192.168.0.1/24
How a proxy works ?

See the next Demo

 Source IP
LAN 172.16.0.2
www.yahoo.com
Dest IP
IP : 172.16.0.2 209.191.93.52
Gw : 172.16.0.1

IP : 172.16.0.1

Proxy Server
INTERNET
IP : 217.219.66.2
Gw : 217.219.66.1
LAN IP : 172.16.0.2
Gw : 172.16.0.1

Source IP
172.16.0.2
www.yahoo.com Change Source IP Address
Source IP
Dest IP
209.191.93.52 217.219.66.2
www.yahoo.com
Dest IP
209.191.93.52
IP : 172.16.0.1

Proxy Server
INTERNET
IP : 217.219.66.2
Gw : 217.219.66.1
LAN IP : 172.16.0.2
Gw : 172.16.0.1

IP : 172.16.0.1

Proxy Server
INTERNET
Source IP
IP : 217.219.66.2
209.191.93.52
Gw : 217.219.66.1
Dest IP
217.219.66.2

Change Source IP Address

& Destination IP Address
LAN IP : 172.16.0.2
Gw : 172.16.0.1

Source IP
209.191.93.52
Dest IP Source IP
172.16.0.2 Change Dest. IP Address
209.191.93.52
Dest IP
217.219.66.2
IP : 172.16.0.1

Proxy Server
INTERNET
IP : 217.219.66.2
Gw : 217.219.66.1
LAN

IP : 172.16.0.2
Gw : 172.16.0.1

Source IP
209.191.93.52
Dest IP
172.16.0.2

IP : 172.16.0.1

Proxy Server
INTERNET
IP : 217.219.66.2
Gw : 217.219.66.1
 Proxy types
Web proxies
Caching proxies
Transparent proxies
Open proxies

Proxy setting in IE
Popular hardware & software proxies
Software Proxy Hardware Proxy
Ms. ISA Server Cisco PIX
Squid Blue Coat
WWWOFFLE Cyberoam
Ziproxy Alacer
SafeSquid
tinyproxy
Privoxy
WinGate
Introduction to Cyber Crime
Computer Crime, E-Crime, Hi-Tech Crime or Electronic Crime is where a
computer is the target of a crime or is the means adopted to commit a crime.

Most of these crimes are not new. Criminals simply devise different ways to
undertake standard criminal activities such as fraud, theft, blackmail, forgery,
and embezzlement using the new medium, often involving the Internet
Computer vulnerability
Computers store huge amounts of data in small spaces
Ease of access
Complexity of technology
Human error
One of the key elements that keeps most members of any society honest is
fear of being caught the deterrence factor. Cyberspace changes two of
those rules. First, it offers the criminal an opportunity of attacking his
victims from the remoteness of a different continent and secondly, the
results of the crime are not immediately apparent.
Need new laws and upgraded technology to combat cyber crimes
Different Types of Cybercrimes

Cyber crimes
Web jacking

Denial of Trojan
Information E-mail Salami Service
Hacking attacks
Theft bombing attacks attacks
Types of Cyber crimes

Credit card frauds

Cyber pornography
Sale of illegal articles-narcotics, weapons, Crime against Government
wildlife
Online gambling
Intellectual Property crimes- software piracy,
copyright infringement, trademarks violations,
theft of computer source code
Email spoofing Crime against property
Forgery
Defamation
Cyber stalking (section 509 IPC)
Phising Crime against persons
Cyber terrorism
 TYPES OF CYBER CRIMES
E-Mail bombing: Email bombing refers to sending a large amount of e-mails to the
victim resulting in interruption in the victims e-mail account or mail servers.

Data diddling: This kind of an attack involves altering the raw data just before it is
processed by a computer and then changing it back after the processing is completed.

Salami attacks: These attacks are used for the commission of financial crimes. The
key here is to make the alteration so insignificant that in a single case it would go
completely unnoticed e.g. A bank employee inserts a program into banks servers, that
deducts a small amount from the account of every customer

Denial of Service: This involves flooding computer resources with more requests
than it can handle. This causes the resources to crash thereby denying authorized users
the service offered by the resources.
Phishing
Phishing, the mass distribution of spoofed e-mail
messages, which appear to come from banks,
insurance agencies, retailers or credit card
companies and are designed to fool recipients into
divulging personal data such as account names,
passwords, or credit card numbers.
Phishing
Delhi doctor Sanjay Sood discovered this modus operandi recently.
He received an official-sounding email, supposedly from the website
administrator, asking for an update of his name, date of birth and pin
code. Reassured that it did not ask for his password, he quickly
provided the information.
Apparently, these details were used to decode his password and
hijack his email ID. Next morning, he was flooded with the kind of
distress calls that have been extensively reported these days.
Somebody had sent emails to all my contacts to kindly send dollars
to my bank account as I was supposedly stranded in Malaysia.
Sood had fallen to yet another instance of phishing, a criminal act of
pretending to be an official website or email of typically a bank,
payment site or website administrator. Private information thus
collected is used to access bank accounts and defraud in other ways.
Carding
Carding, which entails using stolen credentials
(and can include package reshipping, money
moving, and identity theft schemes)
How to hack PayPal and get up to $40,000 USD in
your account!
) Visit (CLICK HERE TO DOWNLOAD) to order a special
donation code (SEE PROGRAM BELOW) to access my
program that captures and decrypts SSL money packets going
around from PayPal users around the world and adds that
money to your account. In other words, you will be receiving
lots and lots of "random" payments from people you never
knew, as seen below in my payments page. This program does
not NEED your Paypal password like all the scams you see
on youtube that steal your account. This is by far the only
working Paypal Bypass, below is a free trial.

DONATION CODE IS: H3J1K0VNDK IT IS REQUIRED

TO LOGIN THE PROGRAM CONTROL PANEL.
 2) After your donation, you will receive a special code
that you will need to access my program. Next, open my
program (download it below), enter the email you want
the money to go to, and how much money would you like
to hack and add to this account in the box
provided. . and finally, enter the donation code.
 3) That's It!! This tool will do everything you need for
you from here on. You may log in your Paypal account
afterwords and watch the payments come one by one in
real time! No more logging out and waiting !!!
Bot Attack
Compromised servers or bots, which may be launching cyber attacks or
sending Spam
 Infect the machine with password stealing Trojan, the Trojan
steals Mail Client settings, extracts the username, password,
email id , SMTP server address and uploads this information to
the central repository. Alternatively, they may also start sending
out spam using these credentials from the infected machine.
From the central repository , this information is then collected
and an attack is coordinated, utilizing the Bot-Networks.
It seems to be a coordinated bot-net attack, wherein, the
compromised user-ids along with their passwords and the
connecting server DNS is being utilized to send SPAM ,
masked an authenticated user.
 The conclusion has been arrived at, after observing that
the originating IP of these authenticated users kept on
changing every1 min.
Due to which, Company servers are accepting the mails
and since they are from authenticated users, mail relay is
being allowed.
Since only the authenticated users (on the external server,
i.e. Server used for accepting mails after authenticating the
user) have been compromised, it is safe to assume that the
user-list was gathered from this server. This List was then
fed into the bot-net system and the attack was initiated.
 There are two possibilities, as to how this list was being
used by Bot-Nets, the first being, one of the servers
containing the list of users was compromised, this
possibility cannot be confirmed, as it is outside the
purview of this document.

The Second possibility, presumes a virus infection on a

large scale at all Company Locations by a password
stealing malware/Trojan, which steals from the infected
systems and uploads to the central repository..
Computer Viruses
Viruses

A computer virus is a computer program that can infect other computer

programs by modifying them in such a way as to include a (possibly
evolved) copy of it. Note that a program does not have to perform
outright damage (such as deleting or corrupting files) in order to be
called a "virus".

A computer virus is a program that can copy itself and infect a

computer without permission or knowledge of the user.
Why Do people Create These Viruses?
To distribute political message.

To attack the products of specific companies.

Some consider their creations to be works of art, and see as a creative

hobby.

Financial gain from identity theft

Types of Viruses

Types of viruses

Armored virus Companion virus Polymorphic virus

Macro virus Boot sector virus Stealth virus

Logic bomb Sparse infector Network viruses

Cyber Threats
Cyber Threats

Cyber threats to a control system refer to persons who attempt

unauthorised access to a control system device and network using a
data communications pathway.

Main threats to cyber crime is Hacking.

Hacking involves gaining unauthorised access to a computer and
altering the system in such a way as to permit continued access, along
with changing the configuration, purpose, or operation of the target
machine, all without the knowledge or approval of the systems owners.
New Internet Threats
All computers need internet security
Home users can lose valuable personal data with one click to the wrong website. Children trading
games also exchange viruses unknowingly. You receive an email requesting an update to your payment
details, and a hacker gains access to your bank account. A backdoor is installed on your machine, and
your PC becomes a zombie, spewing out spam.

New technologies - new anti-malware solutions

As cyber threats have evolved, so has software to deflect such threats. Sophisticated antispyware and
antivirus solutions capable of detecting the most complex new viruses are now available.
What Is Spam
Spam is the equivalent of physical junk mail and unsolicited telemarketing phone calls. It has become
one of the largest nuisances to computer users for both home and business users.

There are two main types of spam, and they have different effects on Internet users.Cancellable Usenet
spam is a single message sent to 20 or more Usenet newsgroups. (Through long experience, Usenet
users have found that any message posted to so many newsgroups is often not relevant to most or all of
them.) Usenet spam is aimed at "lurkers", people who read newsgroups but rarely or never post and
give their address away. Usenet spam robs users of the utility of the newsgroups by overwhelming
them with a barrage of advertising or other irrelevant posts. Furthermore, Usenet spam subverts the
ability of system administrators and owners to manage the topics they accept on their systems.

Email spam targets individual users with direct mail messages. Email spam lists are often created by
scanning Usenet postings, stealing Internet mailing lists, or searching the Web for addresses. Email
spams typically cost users money out-of-pocket to receive. Many people - anyone with measured phone
service - read or receive their mail while the meter is running, so to speak. Spam costs them additional
money. On top of that, it costs money for ISPs and online services to transmit spam, and these costs are
transmitted directly to subscribers.
Frequency of incidents of Cyber
crimes in India
Denial of Service: Section 43
Virus: Section: 66, 43
Data Alteration: Sec. 66
U/A Access : Section 43
Email Abuse : Sec. 67,
500, Other IPC Sections
Data Theft : Sec 66, 65

Source: Survey conducted by ASCL

Frequency of reporting Cyber crimes in India
During the year 2005, 179 cases were registered under IT Act as
compared to 68 cases during 2004 21.2% cases reported from
Karnataka, followed by Maharashtra(26) , Tamil Nadu(22) and
Chhattisgarh and Rajasthan (18 each) out of 179 cases, 50% were
related to Section 67 IT Act.,125 persons were arrested. 74 cases of
hacking were reported wherein 41 were arrested.
Combating cyber crimes

Technological measures- Public key

cryptography, Digital signatures
,Firewalls, honey pots
Cyber investigation- Computer
forensics is the process of identifying,
preserving, analyzing and presenting
digital evidence in a manner that is
legally acceptable in courts of law.
These rules of evidence include
admissibility (in courts), authenticity
(relation to incident), completeness,
reliability and believability.
Legal framework-laws & enforcement
 Combating Cyber crime-Indian legal
framework
Information Technology Act, 2000-came into force on 17 October 2000.
Information technology Act 2000 consists of 94 sections segregated into 13
chapters. Four schedules form part of the Act.

Extends to whole of India and also applies to any offence or contravention

there under committed outside India by any person {section 1 (2)} read with
Section 75- Act applies to offence or contravention committed outside India by
any person irrespective of his nationality, if such act involves a computer,
computer system or network located in India

Section 2 (1) (a) Access means gaining entry into ,instructing or

communicating with the logical, arithmetic or memory function resources of a
computer, computer resource or network

IT Act confers legal recognition to electronic records and digital signatures

(section 4,5 of the IT Act,2000)
 Civil Wrongs under IT Act
Chapter IX of IT Act, Section 43
Whoever without permission of owner of the computer
Secures access (mere U/A access)
Not necessarily through a network
Downloads, copies, extracts any data
Introduces or causes to be introduced any viruses or contaminant
Damages or causes to be damaged any computer resource
Destroy, alter, delete, add, modify or rearrange
Change the format of a file
Disrupts or causes disruption of any computer resource
Preventing normal continuance of computer
 Civil Wrongs under IT Act
(Contd.)

Denies or causes denial of access by any means

Denial of service attacks
Assists any person to do any thing above
Rogue Websites, Search Engines, Insiders providing vulnerabilities
Charges the services availed by a person to the account of another person
by tampering or manipulating any computer resource
Credit card frauds, Internet time thefts
Liable to pay damages not exceeding Rs. One crore to the affected party
Investigation by
ADJUDICATING OFFICER
Powers of a civil court
Data diddling: changing data prior or
during input into a computer
Section 66 and 43(d) of the I.T. Act covers the offence of data diddling
Penalty: Not exceeding Rs. 1 crore
Case in point :
NDMC Electricity Billing Fraud Case: A private contractor who was
to deal with receipt and accounting of electricity bills by the NDMC,
Delhi. Collection of money, computerized accounting, record
maintenance and remittance in his bank who misappropriated huge
amount of funds by manipulating data files to show less receipt and
bank remittance.
 Section 46 IT Act
Section 46 of the IT Act states that an adjudicating officer shall be adjudging
whether a person has committed a contravention of any of the provisions of the
said Act, by holding an inquiry. Principles of Audi alterum partum and natural
justice are enshrined in the said section which stipulates that a reasonable
opportunity of making a representation shall be granted to the concerned person
who is alleged to have violated the provisions of the IT Act. The said Act
stipulates that the inquiry will be carried out in the manner as prescribed by the
Central Government

All proceedings before him are deemed to be judicial proceedings, every

Adjudicating Officer has all powers conferred on civil courts

Appeal to cyber Appellate Tribunal- from decision of Controller, Adjudicating

Officer {section 57 IT act}
 Section 47, IT Act
Section 47 of the Act lays down that while adjudging the quantum of
compensation under this Act, the adjudicating officer shall have due
regard to the following factors, namely-

(a) the amount of gain of unfair advantage, wherever quantifiable,

made as a result of the default;

(b) the amount of loss caused to any person as a result of the default;

(c) the repetitive nature of the default

 Cybercrime provisions under
IT Act,2000
Offence Relevant Section
under IT Act

Tampering with Computer source documents Sec.65

Hacking with Computer systems, Data alteration Sec.66
Publishing obscene information Sec.67
Un-authorized access to protected system Sec.70
Breach of Confidentiality and Privacy Sec.72
Publishing false digital signature certificates Sec.73
 Section 65: Source Code

Most important asset of software companies

Computer Source Code" means the listing of programmes,
computer commands, design and layout
Ingredients
Knowledge or intention
Concealment, destruction, alteration
computer source code required to be kept or maintained by
law
Punishment
imprisonment up to three years and / or
fine up to Rs. 2 lakh
 Section 66: Hacking
Ingredients
Intention or Knowledge to cause wrongful loss

or damage to the public or any person
Destruction, deletion, alteration, diminishing
value or utility or injuriously affecting
information residing in a computer resource

Punishment
imprisonment up to three years, and / or
fine up to Rs. 2 lakh
Cognizable, Non Bailable,
Section 66 covers data theft aswell as data alteration
 Sec. 67. Pornography
Ingredients
Publishing or transmitting or causing to be published
in the electronic form,
Obscene material
Punishment
On first conviction
imprisonment of either description up to five years and
fine up to Rs. 1 lakh
On subsequent conviction
imprisonment of either description up to ten years and
fine up to Rs. 2 lakh
Section covers
Internet Service Providers,
Search engines,
Pornographic websites
Cognizable, Non-Bailable, JMIC/ Court of Sessions
Computer Related Crimes under IPC and Special
Laws

Sending threatening messages by email Sec 503 IPC

Sending defamatory messages by email Sec 499, 500 IPC

Forgery of electronic records Sec 463, 470, 471 IPC

Bogus websites, cyber frauds Sec 420 IPC

Email spoofing Sec 416, 417, 463 IPC

Online sale of Drugs NDPS Act

Web - Jacking Sec. 383 IPC

Online sale of Arms Arms Act

Some more offences dealt with under
IPC
Criminal breach of trust/Fraud- Sec. 405,406,408,409 IPC
Destruction of electronic evidence-Sec.204,477 IPC
False electronic evidence-Sec.193 IPC
Offences by or against public servant-
Sec.167,172,173,175 IPC
Email spoofing:
Pranab Mitra , former executive of Gujarat Ambuja Cement posed as a
woman, Rita Basu, and created a fake e-mail ID through which he contacted
one V.R. Ninawe an Abu Dhabi businessmen . After long cyber relationship
and emotional massages Mitra sent an e-mail that she would commit
suicide if Ninawe ended the relationship. He also gave him another friend
Ruchira Senguptas e-mail ID which was in fact his second bogus address.
When Ninawe mailed at the other ID he was shocked to learn that Mitra had
died and police is searching Ninawe. Mitra extorted few lacs Rupees as
advocate fees etc. Mitra even sent e-mails as high court and police officials
to extort more money. Ninawe finally came down to Mumbai to lodge a
police case.
 Legal provisions to counter identity
theft
The IT Act 2000 in its present form does not have any specific provision to deal with
identity theft. However, the Expert Committee on Amendments to the IT Act 2000
(whose report is presently under consideration by the government for adoption) has
recommended amending the Indian Penal Code (IPC) by inserting in it two new
sections:

section 417A which prescribes punishment of up to 3 years imprisonment and fine

for 'cheating by using any unique identification feature of any other person'; and

section 419A that prescribes punishment of up to 5 years imprisonment and fine for
'cheating by impersonation' using a network or computer resource.
Forgery
Andhra Pradesh Tax Case
In the explanation of the Rs. 22 Crore which was recovered
from the house of the owner of a plastic firm by the sleuths of
vigilance department, the accused person submitted 6000
vouchers to legitimize the amount recovered, but after careful
scrutiny of vouchers and contents of his computers it revealed
that all of them were made after the raids were conducted . All
vouchers were fake computerized vouchers.
Cyber stalking
Ritu Kohli (first lady to register the cyber stalking
case) is a victim of cyber-stalking. A friend of her
husband gave her phone number and name on a chat
site for immoral purposes. A computer expert, Kohli
was able to trace the culprit. Now, the latter is being
tried for "outraging the modesty of a woman", under
Section 509 of IPC.
Cyber defamation
SMC Pneumatics (India) Pvt. Ltd. v. Jogesh Kwatra: Indias first case of cyber
defamation was reported when a companys employee (defendant) started
sending derogatory, defamatory and obscene e-mails about its Managing
Director. The e-mails were anonymous and frequent, and were sent to many
of their business associates to tarnish the image and goodwill of the plaintiff
company.

The plaintiff was able to identify the defendant with the help of a private
computer expert and moved the Delhi High Court. The court granted an ad-
interim injunction and restrained the employee from sending, publishing
and transmitting e-mails, which are defamatory or derogatory to the
plaintiffs.
Online gambling: virtual casinos, Cases of
money laundering
Cyber lotto case: In Andhra Pradesh one Kola Mohan created
a website and an email address on the Internet with the address
'eurolottery@usa.net.' which shows his own name as
beneficiary of 12.5 million pound in Euro lottery. After getting
confirmation with the email address a telgu newspaper
published this as news.
He gathered huge sums from the public as well as from some
banks. The fraud came to light only when a cheque amounting
Rs 1.73 million discounted by him with Andhra bank got
dishonored.
FIR NO 76/02 PS PARLIAMENT
STREET
Mrs. SONIA GANDHI RECEIVED THREATING
E-MAILS
E- MAIL FROM
missonrevenge84@khalsa.com
missionrevenge84@hotmail.com
THE CASE WAS REFERRED ACCUSED
PERSON LOST HIS PARENTS DURING 1984
RIOTS
Cyber Crime Online Challenges

Brand exploitation

Unauthorized use of trademarks

Increased difficulty in managing online

distribution channel

Sale of counterfeit goods

Current online Environment
Easy to hide in plain sight

Easy to confuse customers due to the high quality

of digital copies

Difficult to track infringements

Easy to establish a professional-looking website

Common Forms of Online Threats
Trademark and Brand Infringement

Domain Name

Commercial sites (e.g., offensive content or competing companies)

Domain name monetization (e.g., click-through advertising)
Unhappy consumer sites (e.g., xxx-sucks. COM) (generally, protected)
Sale of Counterfeit Goods in Auction Sites
Logo, Text, and Meta Tag Use in Commercial Sites
Stopping unauthorized parties from using your trademarks
Managing partners use of logos and trademarks
Protecting against Google bombing
Domain theft
Domain theft is an aggressive form of domain hijacking that
usually involves an illegal act. In most cases, identity theft is
used to trick the domain registrar into allowing the hijacker to
change the registration information to steal control of a domain
from the legitimate owner.
Some registrars are quick to set things right when these cases
are discovered. However, it is well documented that some
registrars will admit no fault in accepting the forged credentials
and will refuse to correct the record until forced by legal action.
In many of these cases, justice is not done and the hijacker
retains control of the domain.
Challenges of Cyber Security
The Environment

Explosion of computer and broadband internet availability (over a billion

internet users today).

Low priority of security for software developers.

Challenge of timely patching vulnerabilities on all systems.

Graphical user interface (GUI) based tools that exploit known software
vulnerabilities.
Electronic World

Electronic document produced by a computer.

Stored in digital form, and cannot be perceived
without using a computer
It can be deleted, modified and rewritten without
leaving a mark
Integrity of an electronic document is
genetically impossible to verify
A copy is indistinguishable from the original
It cant be sealed in the traditional way, where the
author affixes his signature
The functions of identification, declaration,
proof of electronic documents carried out using
a digital signature based on cryptography.
Electronic World
Digital signatures created and verified using
cryptography
Public key System based on Asymmetric keys
An algorithm generates two different and related keys
Public key
Private Key
Private key used to digitally sign.
Public key used to verify.
Public Key Infrastructure
Allow parties to have free access to the signers public
key
This assures that the public key corresponds to the
signers private key
Trust between parties as if they know one another
Parties with no trading partner agreements, operating
on open networks, need to have highest level of trust
in one another
Role of the Government

Government has to provide the definition of

the structure of PKI
the number of levels of authority and their juridical form
(public or private certification)
which authorities are allowed to issue key pairs
the extent to which the use of cryptography should be
authorised for confidentiality purposes
whether the Central Authority should have access to the
encrypted information; when and how
the key length, its security standard and its time validity
Section 3 Defines Digital Signatures
The authentication to be affected by use of asymmetric
crypto system and hash function
The private key and the public key are unique to the
subscriber and constitute functioning key pair
Verification of electronic record possible
Secure digital signature-S.15
If by application of a security procedure agreed to by the parties concerned,
it can be verified that a digital signature, at the time it was affixed, was:
(a) unique to the subscriber affixing it;
(b) capable of identifying such subscriber;
(c) created in a manner or using a means under the exclusive control of the
subscriber and is linked to the electronic record to which it relates in such a
manner that if the electronic record was altered the digital signature would
be invalidated,
then such digital signature shall be deemed to be a secure digital signature
IT Act overview of other relevant
provisions
Section 16- Central Government to prescribe security
procedures
Sec 17 to 34- Appointment and Regulation of
Controller and certifying authority
Sec 35 to 39- Obtaining DSC
Sec 40 to 42- Duties of Subscriber of DSC- exercise
due care to retain the private key
Threats to cyber security- Methods Used To
Penetrate Victim Machines
Trojan droppers and downloaders injected into pirate
software which is distributed via file sharing p2p networks
(kazaa, eDonkey etc.)

Exploiting vulnerabilities in MS Windows and popular

applications such as IE & Outlook.

Email worms
Password Authentication protocol

Password authentication protocol, sometimes abbreviated

PAP, is a simple authentication protocol used to a network
access server used for example by internet service provider.
PAP is used by point to point protocol. Authentication is a
process of validating a user before allowing them access to
server resources. Almost all network operating system
remote servers support PAP.
10 Ways To Wireless Security
Use encryption - chances are bad guys wont bother breaking it.

Use strong encryption - in case they are trying to break it, make it
harder for them.

Change the default admin password - avoid using password as the

password.

Turn off SSID broadcasting - dont shout to everybody in the

neighborhood "come and try me."

Turn off WAP when not in use - do you leave your TV on running when
you are not at home?
10 Ways To Wireless Security
Change your default SSID - yes, there are at least 50 other linksys stations
around, and they are easier to find.

Use MAC filtering - you give keys to your home only to trusted people - do the
same with the wireless network.

Isolate the wireless LAN from the rest of the network - why did you think
Titanic sank? Create levels of protection.

Control the wireless signal - unless you want to power the whole city, there is no
need to use signal amplifiers.

Transmit on a different frequency - this is why we havent intercepted the aliens

yet
Protection of Personal Information
Identifying Purposes:- The purposes for which personal information is
collected shall be identified by the organization at or before the time the
information is collected.
Accuracy:- Personal information shall be as accurate, complete, and up-to-
date as is necessary for the purposes for which it is to be used.
Safeguards:- Personal information shall be protected by security safeguards
appropriate to the sensitivity of the information.
Accountability:- An organization is responsible for personal information
under its control and shall designate an individual or individuals who are
accountable for the organizations compliance with the following principles.
Openness:- An organization shall make readily available to individuals
specific information about its policies and practices relating to the management
of personal information.
Recommended cyber safety tips

Use antivirus softwares

change passwords frequently
insert firewalls
Adopt regular scanning against spyware
install software patches
uninstall unnecessary software
separate user accounts
maintain backup
check security settings
Perform IT audits