Swati Lathia

Learning ways

Unit – 2 | Cyber Crime & Cyber Law

Classification of Cyber Crimes

  • Here are two common ways of classification for Cyber Crimes:
  • By Target
  • Crimes against Individuals: These target the people and their private data. Examples are:
    1. Identity Theft: Stealing personal information from someone in order to fraud them or impersonate them
    2. Cyberstalking: Using technology to cause fear or annoy someone.
    3. Cyberbullying: Abuse someone online through electronic means.
    4. Online Scams: tricking them into exposing their personal information or money.
  • Crimes against Organizations: These target businesses and organizations. Examples are:
    1. Data Breaches: Sensitive data theft and unauthorized access.
    2. Denial-of-Service (DoS) Attacks: overloading a network or website with so much traffic that it becomes unavailable.
    3. Hacking: Unauthorized interruption into a computer system or network.
    4. Malware Attacks: Installing malicious software on computers in order to steal information, interfere with operations, or do harm.
    5. Cyber Espionage: Stealing private data from a government organization or rival.
  • Crimes against Society at Large: They can cause significant disruption and target towards society as a whole. Examples are:
    1. Cyberterrorism: Launching attacks through computer networks that harm people physically or damage critical systems.
    2. Disinformation Campaigns: Spreading incorrect or misleading information in an attempt to create conflict or manipulate public opinion.
    3. Social Engineering Attacks: misleading someone into clicking on harmful websites or exposing private information.
    4. Crimes against Critical Infrastructure: Targeting networks of transportation or electricity systems, or other systems necessary for a society to function.
  • By Nature of the Crime:
    1. Financial Crimes: The aim of these crimes is to steal money or bank data. Online banking frauds, credit card fraud, and identity theft are a few examples.
    2. Content-Related Crimes: These offences include producing or spreading prohibited content, such as copyrighted or child pornographic materials.
    3. Disruption and Destruction: The goal of these crimes is to interfere with or harm networks or computer systems. Malware and DoS attacks are two examples.
    4. Privacy Violations: These offences include the unapproved entry, gathering, or application of private data. Cyberstalking and data breaches are two examples.

Common Cyber Crimes

Cyber Crime Targeting Computers and Mobiles

  • Cybercriminals are continuously on searching for methods for finding gaps in computers and mobile devices. The following is an overview of some of the most frequent cybercrimes that target these devices:
  • Infection by Malicious Software (Malware):
    1. Viruses: This self-replicate and spread from one device to another, erasing or damaging data.
    2. Worms: Though they resemble viruses, they spread quickly by taking advantage of network vulnerabilities.
    3. Trojan Horses: They trick users into installing them by pretending to be legitimate software, after which they steal data or damage the device.
    4. Spyware: Quietly monitors your activities in the background, gathering passwords and browsing history.
    5. Ransomware: This malicious software encrypts your files, making them unreadable, and requests a ransom to unlock.
  • Tricking You into Giving Up Information:
    1. Phishing Attacks: Deceptive email or messages that pretend to be from a reliable source (bank, social networking site) aim to obtain your personal information or login credentials.
    2. Smishing: Like phishing, except using SMS texts in place of emails.
  • Exploiting Weaknesses in Devices and Software:
    1. Zero-Day Attacks: These are extremely dangerous because they take use of weaknesses in software that not even the developers are aware of yet.
    2. Unpatched Software: Vulnerabilities in outdated software make it an ideal target for hackers.
  • Social Engineering Tactics:
    1. Vishing: Similar to phishing, but phones you and tricks you into giving private information.
    2. Pretexting: creating a situation in order to obtain your trust and obtain personal data. For instance, a con artist may phone and pose as a tech support representative.
  • Mobile-Specific Threats:
    1. Malicious Apps: These apps—which you may download from unknown sources—can track your location, steal data, or show annoying commercials.
    2. Unsecured Wi-Fi: If you use public Wi-Fi without a VPN, you run the risk of having your data stolen.

Cyber Crime against Women and Children

  • Some common Cyber Crimes against women and children are as follows:
  1. Cyberstalking: Repeatedly harassing or following a woman or child online through texts, social media, or other electronic means. For the victim, this can be highly upsetting and terrifying.
  2. Cyberbullying: Bullying a woman or child online with technology by sending them messages, making posts on social media, or excluding them from online communities.
  3. Online Harassment: Sending a woman or child abusive or threatening messages via the internet.
  4. Cyber Threats: Threatening a woman or child online with violence or other damage.
  5. Online Grooming: Adults making online friends with children in order to get their trust for sexual purpose.
  6. Sextortion: Threatening to disclose already-existing content with others in order to blackmail someone – typically a child or young adult – into giving sexually explicit content or money.
  7. Sharing of Child Sexual Abuse Material: Distributing or obtaining photos or videos depicting the sexual abuse of children. There are harsh punishments for this criminal offence.

Financial Frauds

  • Financial fraud happens when someone steals your money or other financial assets through dishonest or illegal means.  There are many different types of financial fraud, but some of the most common ones include:
    1. Identity theft: This is when someone steals your personal information, such as your Social Security number or credit card number, and uses it to open new accounts or make purchases in your name.
    2. Investment fraud: This is when someone tries to trick you into investing in a fake or risky investment. This can include things like Ponzi schemes and pyramid schemes.
    3. Credit card fraud: This is when someone uses your credit card number to make unauthorized purchases. This can happen if your card is lost or stolen, or if someone steals your credit card information online.
    4. Bank fraud: This is when someone steals money from your bank account. This can be done through things like check forgery, ATM skimming, or wire transfer fraud.

Social Engineering Attacks

  • Social engineering attacks are the digital equivalent of a sophisticated con artist. Rather than depending on complex hacking methods, they take use of human psychology to trick you into giving private information or doing activities that compromise your security. Here’s how it works:
  • Psychological Manipulation: Attackers trick you using a variety of strategies. They could play on your interest or helpfulness, create a sense of urgency or panic, or even pose as a reliable source like your bank or employer.
    1. Information Gathering: Attackers frequently conduct preliminary research to learn more about you. This may include information from public records, social media profiles, or even phishing emails you have previously clicked on. Here are some common types of social engineering attacks:
    2. Phishing: Probably the most well-known is this one. You get a message or email (by SMS or social media) that seems to be from a reliable source, such as a tech business or your bank. It may alert you to an issue with your account or present an offer that seems too good to be true. If you click on a link or attachment in the message, malware may download or you may be redirected to a fraudulent website where your login information is being stolen.
    3. Pretexting: The hacker creates a fictitious situation, or “pretext,” in an effort to win your confidence and obtain data. For instance, they might phone you claiming to be from your IT department and asking for assistance with a computer problem.
    4. Baiting: It’s similar like holding out a carrot in front of you. In exchange for your personal information, the attacker may offer you free software or special access to a website.

Malware and Ransomware Attacks

  • Although both ransomware and malware are harmful software that can cause havoc on your computer or network, they operate slightly differently:
  • Any software that is intended to cause harm to a system is referred to as malware. Here are some ways malware can cause problems:
    1. Stealing Data: Malware can be created with the intention of monitoring your online activities and stealing private data, such as credit card numbers, passwords, and personal documents.
    2. Corrupting Files: Your vital files may be damaged or erased by malware, rendering them unusable or inaccessible.
    3. Disrupting Operations: Malware may affect the functionality of your computer, resulting in slowdowns, crashes, or the inability to use specific applications or features.
    4. Downloading More Malware: Certain malware can serve as a portal for additional harmful programs to be downloaded, which can lead to a more serious infection.
  • There are many different types of malware, including:
    1. Viruses: These self-replicates and spread from one device to another, erasing or damaging data.
    2. Worms: Though they resemble viruses, they spread quickly by taking advantage of network vulnerabilities.
    3. Trojan Horses: They trick users into installing them by pretending to be legitimate software, after which they steal data or damage the device.
    4. Spyware: Quietly monitors your activities in the background, gathering passwords and browsing history.
  • One particular kind of malware that aims to extract money from you is called ransomware. This is how it operates:
    1. Infection: Malicious websites, phishing emails, corrupted software downloads, and other methods are common ways for ransomware to attack your system.
    2. Encryption: Ransomware encrypts your files after it’s installed, rendering them unreadable and inaccessible.
    3. Ransom Demand: Then, a notice demanding payment for a ransom is displayed by the attacker in exchange for a decryption key that unlocks your files. Usually demanded in cryptocurrencies such as Bitcoin, this ransom makes it hard to track down.
  • Attacks using ransomware have the potential to be disastrous, particularly for companies whose everyday operations depend on data. Here are a few more things to think about:
  • No Guarantee of Recovery: There is no assurance that you will have your files returned, even if you manage to pay the ransom.
  • Increased Risk of Data Leaks: Before encrypting data, some ransomware gangs take it and threaten to make it public if the ransom isn’t paid.

Zero Day and Zero Click Attacks

  • Hackers can use both zero-day and zero-click attacks to secretly take advantage of computer systems, although they target weaknesses differently:
  • Zero-Day Attack:
  • Fresh Flaw: A zero-day attack takes advantage of a flaw (vulnerability) in firmware, hardware, or software that was just recently found. The software developer or manufacturer has “zero days” to build a repair (patch) because this vulnerability is so new that they aren’t even aware of it.
  • Hacker’s Advantage: Attackers can use this vulnerability to initiate their attack before anyone is aware of it because there isn’t a fix available. They are particularly deadly because of this.
  • Targets: Zero-day attacks are frequently employed against well-known systems or businesses that hold significant data, such as vital infrastructure, financial institutions, or governments.
  • Zero-Click Attack:
  • No User Needed: In contrast to conventional attacks, which include clicking on a malicious link or opening an infected file, a zero-click attack eliminates all user input.
  • Exploiting Weaknesses: These attacks depend on pre-existing vulnerabilities in software that you may be familiar with, such as your web browser, operating system, or even a particular application.
  • Silent Strike: Zero-click attacks are challenging to identify and stop as they don’t need your involvement.
  • Here’s a table summarizing the key differences:
FeatureZero – Day AttackZero – Click Attack
User InteractionNot Required (after initial infection)Not Required
VulnerabilityNew, undiscoveredExisting, known
Patch StatusNo patch availablePatch may be available
Difficulty to DetectModerateHigh
Difference Between Zero-Day Attack & Zero-Click Attack
  • Zero-day attacks are more dangerous but less frequent. Their uniqueness makes them more difficult to counter.
  • Attacks with zero clicks are increasing in frequency. These kinds of attacks represent a serious concern as additional vulnerabilities are found and exploited by attackers.

Cybercriminals Modus-Operandi

  • Although cybercriminals have a script, it is always changing in parallel with technological advancements and security protocols. Below is an explanation of their standard operating procedure:
  • 1. Preparation:
    • Target Selection: Because of the possibility for money, criminals frequently target certain people or organizations. This might be done for disruptive purposes (like attacking vital infrastructure) or for financial gain (like stealing financial data)..
    • Reconnaissance: They may use a variety of techniques, including as social media profiling, data breaches, or malware infections on target computers, to learn more about their target.
  • 2. Attack:
    • Delivery: They use a variety of techniques to get their malicious code or tools onto the target system, such as phishing emails with malicious attachments, zero-day attacks, or social engineering.
    • Exploitation: Once they have a grip, they take advantage of user errors or vulnerabilities they have found to install malware, steal data, or interfere with normal operations.
  • 3. Control and Profit:
    • Maintaining Access: Criminals may try to establish persistent access to the system to get control, carry out more attacks and steal data over time.
    • Reaching the Objective: The final objective will change based on the kind of attack. Theft of intellectual property, interruption caused by denial-of-service attacks, and financial gain through ransomware or data theft are all possibilities.
  • 4. Escape and Evasion:
    • Covering Tracks: To prevent discovery, cybercriminals frequently attempt to remove their digital traces. This might include utilizing anonymizing software, erasing logs, or encrypting stolen data.
    • Cashing Out: After they’ve accomplished their objectives, they’ll attempt to turn stolen data into money. This can entail utilizing it for illegal transactions, putting it up for sale on the dark web, or requesting ransom payments.
  • Cybercrime is a business: These thieves are frequently well-organized organizations with specialized knowledge who are always searching for new ways to take advantage of vulnerabilities.
  • There are a variety of motivations: Monetary gain is a typical one, but there may also be other factors, such as state-sponsored attacks intended to cause disruption or espionage.
  • Maintaining security is a constant effort: There is no foolproof way to halt cybercrime. Both individuals and businesses must maintain a constant state of alertness and update their defenses.

Reporting of Cyber Crimes

  • Reporting cybercrime can take many forms based on the sort of crime and where you live, but here are some broad guidelines to get you started:
    • Local Law Enforcement:
      • In cases of crimes like identity theft, internet harassment, or financial frauds, this is frequently the initial point of contact.
      • Head to your local police Go to the police station in your local area and ask about reporting cybercrime. They might collaborate with federal agencies on investigations or establish a separate team dedicated to cybercrime.
    • Federal Agencies (US Specific):
      • Internet Crime Complaint Center (IC3): This is a central FBI resource for reporting cybercrime. File a complaint online at https://www.ic3.gov/.
      • Other Agencies: You may also want to report the specific crime to regulatory bodies such as the Securities and Exchange Commission (SEC) for investment fraud or the Federal Trade Commission (FTC) for identity theft. You can find instructions on how to file a report on their websites.
    • Specialized Reporting Sites:
      • There may be national cybercrime reporting portals in some nations.
      • A National Cyber Crime Reporting Portal is available in India, for instance (https://cybercrime.gov.in/).
      • To find such resources in your area, check the websites of your local government or cyber security organizations.
    • Gather Evidence:
      • Your case will be stronger the more proof you can offer. For example:
        • Screenshots of malicious emails, texts, or websites
        • Logs or digital footprints connected to the attack
        • Copies of any financial transactions or stolen papers
        • Any other material that may help investigators in understanding the crime
    • Be Specific in Your Report:
      • When filing a report, be as detailed as possible about the incident. Include:
      • Dates and times of the crime
      • Websites or online platforms involved
      • Usernames, email addresses, or IP addresses (if known)
      • A clear description of what happened and how you were impacted
    • Report Immediately:
      • The sooner you report a crime, the easier it will be for law enforcement to investigate.
      • Don’t delay in reporting, as evidence can become harder to recover over time.
    • Seek Additional Help:
      • If you’ve been a victim of cybercrime, there are resources available to help you recover. You can contact:
        • Your local consumer protection agency
        • Non-profit organizations specializing in cybercrime assistance
        • National Cyber Security Alliance: https://staysafeonline.org/

Remedial and Mitigation Measures

  • While both remedial and mitigation actions attempt to address security threats, they do so in different ways:
  • Remediation:
    • Focus: Attempt to completely remove the security risk or weakness entirely.
    • Action: This involves fixing the issue at its source. For instance, fixing a software fault, changing credentials that have been hacked, or cleaning a system of malware.
    • Ideal Outcome: The security risk is totally eliminated, avoiding such attacks in the future.
  • Mitigation:
    • Focus: Tries to decrease a security threat’s effects, even if it can’t be totally removed.
    • Action: This refers to taking steps that prevent the success of attackers or limit the harm they can do. Stronger access controls, data encryption, and user education initiatives on cybersecurity awareness are a few examples.
    • Ideal Outcome: Although the security danger is not totally eliminated, its ability to cause harm is significantly reduced. Although an attack might still be feasible, it might be harder to initiate or deal less damage.
  • Here’s a table summarizing the key differences:
GoalEliminate the threatReduce impact of threat
ActionFix the root causeImplement safeguards
Ideal OutcomeThreat completely goneReduced risk of attack
  • The optimal strategy is based upon the particular circumstances:
  • Give remediation first priority, if you can. The best course of action is always to completely eliminate the threat, if that is possible.
  • If full remediation is not an option, mitigation is required. This could be the result of a system vulnerability for which there is currently no patch or both. While a long-term remedy is being researched, mitigation can buy some time.
  • Strong security practices (mitigation) combined with vulnerability fixing (remediation) result in a stronger security posture.
  • Here are some additional points to consider:
  • Documentation and testing of remediation activities are necessary. Make sure the patch resolves the vulnerability and doesn’t cause any new issues.
  • It is necessary to routinely assess and adjust mitigation techniques. Your mitigation strategies should also change as threats do.

Legal Perspective of Cyber Crime

  • The way that the law interprets and addresses criminal activity involving computers or the internet is known as the legal perspective on cybercrime. In essence, this is how the legal system and law enforcement handle offenses of this nature.
  • Due to its ever-changing nature, cybercrime presents a special challenge to judicial systems worldwide. An overview of the legal viewpoint on cybercrime is provided below:
  • Types of Cyber Crimes:
  • Two primary categories can be used to broadly classify cybercrime:
    • Crimes where the computer is used as a tool: These are standard crimes carried out online or through computers, such as fraud, theft, or forgeries.
    • Crimes against computers: These include hacking, virus distribution, and denial-of-service attacks that aim to harm the computer system directly.
  • Legal Frameworks:
  • Several nations have passed specialized laws to fight cybercrime. These laws usually encompass the following:
    • Unauthorized computer system access
    • Data breaches and theft
    • Identity theft and cyber fraud
    • Online harassment and defamation
    • Content related to child sexual abuse and cyberbullying
  • Difficulties with Cybercrime Law:
    • Jurisdiction: Since cybercrime can cross national boundaries, it can be challenging to decide which nation’s laws apply.
    • Quick Evolution: Cybercriminals are often coming up with new strategies, so it’s hard for the law to stay up.
    • Digital Evidence: Collecting and preserving digital evidence for legal purposes is a complicated process that calls for experience.
  • Examples of Legal Responses:
  • The Computer Fraud and Abuse Act (CFAA) and other state-level statutes are in place in the United States.
  • The General Data Protection Regulation (GDPR), which is centered on data security and privacy, was established by the European Union.
  • The Information Technology Act (2000), which covers a variety of cybercrimes, was passed in India.

IT Act 2000 and Its Amendments

  • In India, the main regulation addressing cybercrime and electronic commerce is the Information Technology Act, 2000 (IT Act). It created a legal structure for dealing with cybercrimes, e-governance, and electronic commerce.
  • Features of the IT Act of 2000:
    • Legal Recognition for Electronic Transactions: Under the Act, digital signatures and electronic records are granted the same legal standing as handwritten signatures and paper-based documents.
    • E-commerce Facilitation: By offering a legal framework for digital signatures, online contracts, and safe online transactions, it encourages electronic trade.
    • Definitions and Penalties of Cybercrimes: The Act lists a number of cybercrimes, including data theft, hacking, and online harassment. It specifies punishments for various violations.
    • Cyber Appellate Tribunal: To settle disagreements resulting from the IT Act, a Cyber Appellate Tribunal was established.
    • Amendments: To address new issues, the IT Act has undergone multiple amendments. Among the noteworthy changes are:
      • Section 66A (subsequently overturned): This contentious provision addressed the penalties for using communication services to convey “offensive” communications. Its wide wording and potential for abuse drew criticism. In 2015, the Indian Supreme Court ruled that it was unconstitutional.
      • Initiatives for Data Protection: Changes have been undertaken to address privacy issues with data and to provide a framework for data protection. A thorough data protection law is still being developed, nevertheless.

Cyber Crime and Offences

  • Criminal activity involving computers and networks is known as cybercrime. In these acts, the computer can be either a tool used for the crime or the very target of the crime itself.
  • The Indian government’s Information Technology Act, 2000 (IT Act) lists a number of offences associated with cybercrime. Below is a summary of some important sections:
    1. Against Data and Systems:
      • Section 43: Includes downloading, copying, destroying, or interfering with computer systems or data without authorization.
      • Section 65: Covers tampering with computer source documents, which are the underlying codes and instructions for software.
    2. Online Content:
      • Section 66A: Punishes the spread of objectionable content via social media or email.
      • Section 67: Focuses on the spread of pornographic content via electronic means.
      • Section 67A: Focuses on the transmission or publication of content that includes explicit sexual actions.
    3. Identity and Privacy:
      • Section 66B: Makes it illegal to obtain or hold onto stolen communication or computer equipment.
      • Section 66C: Penalizes identity theft, which is the act of posing online as someone else.
      • Section 72: Prohibits the leaking of information in violation of valid contracts, so violating privacy and confidentiality.
    4. Other Offences:
      • Section 71: Punishes fraud, which includes the transmission of misleading information online.
      • Section 73: Penalizes the publication of a bogus electronic signature certificate.
      • Section 74: Focusing on distributing data for misleading ends.
  • The IT Act can be applied to offences committed outside India if they impact a computer system located in India.
  • The Act also allows for confiscation of computer equipment used in cybercrimes.

Organizations Dealing with Cyber Crime and Cyber Security in India

  • Here are some of the important organizations dealing with Cyber Crime and Cyber Security in India:
  • Government Agencies:
    • Indian Computer Emergency Response Team (CERT-In): The national nodal agency for cyber security incidents and threats. It is responsible for handling cyber security emergencies, issuing advisories and vulnerabilities, and coordinating cyber security efforts.
    • National Critical Information Infrastructure Protection Centre (NCIIPC): A designated authority to protect Critical Information Infrastructure (CII) in India. It works towards securing CII assets and promoting a culture of cyber security.
    • Indian Cyber Crime Coordination Centre (I4C): A national initiative to combat cybercrime in India. It facilitates reporting of cybercrimes, coordinates investigation efforts of various law enforcement agencies, and provides training and resources to improve cybercrime investigation capabilities.
  • Industry Bodies:
    • Data Security Council of India (DSCI): A non-profit industry body focused on promoting data protection in India. It provides best practices, standards, and initiatives to help organizations implement effective data security measures.
    • Cyber Security Association of India (CSAI): A not-for-profit organization working towards creating a secure cyber space in India. It brings together stakeholders from government, industry, and academia to collaborate on cyber security issues.
Scroll to top