Cyber relates to computers, information technology and virtual reality. The term Cyberspace was first coined by William Gibson in 1982, in his novel Neuromancer. So what is cyber crime? Cyber crime is any illegal activity committed using a computer and / or Internet. Cyber-crime is unlawful acts wherein the computer is either a tool or a target or both. Cyber-crime is an extension of existing illegal activities.
Causes of Cyber Crime:
- Internet makes it easy to commit a cyber crime.
- ‘Crime at a Distance’ – the perpetrator does not have to be at the scene of the crime.
- The criminal can be faceless – till the crime is solved, if it is solved!
- Conviction rates are fairly low as technology makes the detection process difficult.
- Cyber crime has been called as a “Low risk – high returns – low convictions” game and this has led to increase in cyber crime.
Basic Terminology Associated with Cyber Crime:
- Threat – An event or an action that has got the ability to violate the security or to compromise the system.
- Exploit – a way to breach the security of a machine through a loophole or a vulnerability.
- Vulnerability – A weakness in the design or existence of a loop hole that could lead to undesirable or unexpected events that could compromise the security.
- Attacker – Any individual who compromises the security of a machine in order to steal, manipulate or cause destruction of data.
- Attack – The action that is performed by an attacker that would harm the system or the information stored in it.
- Data Theft – Action of stealing data/information from the victim’s machine.
Types of Cyber Crimes:
- Crimes against Persons – stalking, nuisance, harassment, defamation
- Crimes against property – data, information, computer, communication device, damage to source code
- Crimes against government – cyber terrorism, cyber war
- Social media crimes
- Traditional crimes – fraud, cheating
- Identity Theft
- Banking frauds
- Property Crimes – infiltration of computers with malicious software – through email attachments, websites.
- Theft of bandwidth
- Crimes against businesses
- Misuse of Social Media Platforms, spreading of fake news
- Planting viruses
- IPR thefts – Intellectual Property Rights
- Ransomware Tech support scams (non-existing malware, etc)
Challenges in Tackling Cyber Crime:
- New Technologies are constantly evolving and cyber criminals are ahead in adapting this technology.
- New Threats – newer forms of threats are showing up regularly such as malware, phishing, vishing, SIM swap, etc.
- Complex Networks – Network technologies and loop holes in protocols are being exploited to commit cyber crimes
- New vulnerabilities – as application development moves to the mobile and cloud, newer vulnerabilities have emerged and these must be addressed immediately.
- Limited Focus on Security – businesses have to realise that expenditure on securing their digital systems is justified as the value of underlying data is far more than the cost of securing this data.
- Limited Security Expertise – The number of experts at network security is less than the number of cyber criminals. More emphasis on informal training methods like short duration, focused courses on tackling cyber crime are essential in colleges and universities.
Cyber crime Against Individual:
- Cyber stalking – use of technology to harass someone e.g. false accusations
- Distributing pornography
- Grooming – harassment or seduction of a minor by an adult
- Spying – obtaining secrets without the permission of the holder of information (reading another person’s email)
- Juice Jacking – Do you often charge your mobile device using USB from public ports while travelling? Most railway stations, trains , airports, and shopping malls now provide this facility. Did you know that charging your mobile device in such public places can lead to Juice Jacking? How does it work? Attackers use USB charging points available at public places to steal photos, videos files and folders, bank account details contacts, and even to take control of your mobile device. So what are the tips to stay safe from Juice Jacking? (1) Disable Data Transfer feature on your mobile phone while charging your phone from a public USB charging station, (2) Get a “charge only” cable instead of a cable supporting charging and data transfer capabilities. (3) If possible, switch off the device while charging at a public USB charging station. (4) Try to carry a power bank
A person’s or organisation’s computer is broken into so that the personal and sensitive information can be stolen. In India, the Indian Computer Emergency Response Team (CERT-In) issues alerts and advisories regarding latest cyber threats and countermeasures.
The hacker uses a variety of software tools to get into a computer system. The victim may not even be aware that his system has been hacked. Ethical hacking is a different concept – here organisations may employ hacker to test their systems for weakness or vulnerabilities.
- Violation of copyright laws
- Downloading music for commercial purpose
- Download images for commercial purpose
- Download games and movies without paying for them
- Some websites encourage software piracy and these websites are now being shut down
- REMEMBER!!! – Downloading software, music, movies and games without paying for it is a Theft
- This is a form of online harassment.
- Victim is sent numerous messages/emails
- The stalker knows the victim
- Remember these words – follow, shadow, go after, be after, trail, follow in the context of stalking
- Identity Theft is the deliberate use of someone’s identity.
- Someone steals your identity – name, address, passport details.
- Then that ’someone’ becomes you
- Then he/she can pretend to be you, and misuse your bank accounts, credit cards, debit card and other sensitive information
- He/she can buy things online in the victims name
- Causes financial loss and spoils the credit history
How Do Attackers Carry Out Identity Theft?
- Phishing – fake sites are created by fraudsters who trick victims into giving out their information.
- Social Engineering – It is the art of manipulating human emotions for getting sensitive information
- Hacking – If victim’s computer or mobile is compromised, hackers will get maximum information
- Personal data Theft – credit card info, checks, PAN card and Aadhar card or Social Security card details.
- What Should You Do In This Case? Immediately contact your banks and freeze your accounts. Change your passwords. Block all debit and credit cards. File a complaint at the nearest police station. Contact your mobile service provider and get a new SIM card in your name.
- Financial Frauds can be gaining control over bank accounts, get loans based on your identity, credit card frauds, mobile phone frauds.
Such software is intentionally designed to cause damage. These are software or programs that are used to disrupt a network. Such software can be used to steal data, cause damage to a server, slow down or bring down a network.
The thief (phisher) sends a deceptive email to the recipient tricking him into providing personal account details (username/password). The phisher will provide the user a link to “sign in” at an official-looking website. This site looks almost identical to a real vendor’s website with similar design but built specifically to collect personal information. That information will be used against the victim later.
Vishing uses phone to extract data through voice calls. The visher will make cold calls to the victim posing as a representative of the victim’s bank, income tax dept., or insurance company. Other times these calls will be automated with voice prompts. The plan is to gain access to the victim’s financial and personal information.
Mobile Wallet Frauds
These frauds involve transfer of money from one wallet to another. Or the attacker will purchase goods such as mobile phones, etc., and later they sell these expensive goods to others. Take precautions – Never store a large amount of money in mobile wallet and never store credit/debit card details in your mobile wallet.
Debit and Credit Card Frauds
- Don’t keep keep information about your credit/debit card in your mobile
- Remember the CVV number on your card and remove it from the card itself.
- Money stolen from your mobile wallets can be stored in other stolen wallets and in that case you would become not just a victim but even the perpetrator
- Never allow apps to read your SMS – else OTP can be read and transferred
- Don’t use public Wi-Fi to access secure data – banks, etc
- If possible keep a feature phone that doesn’t have internet connectivity or where you can turn off internet activity and use such a phone for receiving all OTPs, and SMS messages from banks and other financial institutions.
- Just ignore all calls offering you a free credit / debit card. Remember, there is no such thing as a free lunch. Also ignore any offers to upgrade your credit limits, bonus points, free gifts etc. It is always advisable to approach the bank directly and sort out all such issues, or through their website.
The following images will illustrate what is click-bait. Plenty of links on a single page, each very tempting. DON’T click on those links as these are likely to take you to an undesired website or maybe run a code in background which can be used to steal your data.
- Use passwords of 12 characters or more.
- Use different password for each site.
- Change password frequently
- Think of your favorite song or phrase and use the 1st alphabet of each of the words to form a password. Use special characters like @, #, $, etc in your passwords.
- Never use these as your passwords: 123456, password, 123456789, Abc123, -admin, !@#$%^, Godhelpme, Donald, qwerty123 and similar words that cab easily guessed. Never use dictionary words as password.
Never Respond To These:
- Free credit card offers
- Lottery schemes from ANYWHERE in the world
- ‘RBI’ lottery
- Income Tax department ‘REFUND’ notice
- ‘Loan is Ready’ emails
- ‘Friendship’ emails
- Bank ‘confirmation email’
- ‘Your email account will be blocked’ emails
- Government jobs emails – Jobs? Government? Joking??
Safe Disposal of Hardware
- Companies sell their old hardware – disks, servers, without wiping sensitive data on them. These servers contain credit card details, health records, source code for controlling fire-fighting equipment, street lights, etc. This information will be misused by cyber criminals. Destroy the device so that it is wholly unusable.
- Pendrives, CD-ROMs, memory cards accumulate lot of personal information over a period of time. Take regular backups from these devices. The tech industry may promise that a CD-ROM will last 50 years, but they didn’t promise us that CD-ROM drives will be available for 50 years. So your CD-ROMS will be intact, data will be intact too but you may not find a CD-Drive in which to use the CD-ROM. Destroy it if you feel you cannot take care of it.