Cyber Crime and Computer Hacking

By: Ujwal Pratap Singh, Anuj Kumar, Sandheer Kumar

Presentation Over:

What is Cyber Crime??? Cyber Criminals Reasons for Cyber Crime and Classification Types of Cyber Crime Hacking, History, Techniques, Types, Needs of Hacker, Successful Hackers Industry Response Protect Computers Intrusion Detection Practical Steps for Prevention of Cyber Crime Laws, Fines and Penalties Conclusion

What is

The

Invisible Criminals Are Dangerous Than The Visible One

What is Cyber Crime?

He Uses Technology As His Weapon
It Is A Criminal Activity Committed On The Internet . A Generalized Definition Of Cyber Crime May Be Unlawful Acts Wherein The Computer Is Either A Tool Or Target Or Both. Cyber crime offenses against the information technology infrastructure. Such conducts includes: Illegal access Illegal interception System interference Data interference Misuse of devices Fraud Forgery

Cyber Criminals

Children and adolescents between the age group of 6 18 years Organised hackers Professional hackers / crackers Discontented employees

Reasons for Cyber Crime

Capacity

to store data in small space Easy to access Complex Negligence Loss of evidence

Classification

Against Individuals Against Individual Property Against Organization Against Society at large

Types of Cyber Crime

Hacking Email bombing Data diddling Salami attacks Denial of Service attack Virus / worm attacks Logic bombs Web jacking

Hacking
What is Hacking?

Unauthorized use of computer and network resources. Hacker originally meant a very gifted programmer. Hacking is a felony in the US and most other countries. When it is done by request and under a contract between an ethical hacker and an organization, it is OK! The difference is that the ethical hacker has authorization to probe the target. The number of really gifted hackers in the world is very small, but there are lots of wannabes(-Dr. Charles C. Palmer, IBM)

Who are Hackers?

A school definition for the term hacker. Is someone who never goes to class, who in fact sleeps all day, and who spends the night pursuing recreational activities rather than studying.

There are at least two common interpretations:

Someone who bypasses the systems access controls by taking advantage of security weaknesses left in the system by developers Someone who is both knowledgeable and skilled at computer programming, and who is a member of the hacker subculture, one with its own philosophy and code of ethics

History of Hackers

In December of 1947, the transistor was invented. Captain Crunch Steve Jobs Kevin Mitnick AT&T The Worm- Robert Tappan Morris Kevin Poulsen (a.k.a. Dark Dante) Tsumomu Shimomura David Smith Jon Johansen (a.k.a. DVD Jon)

What Do Hackers Do?

System Access confidential information Threaten someone from YOUR computer Broadcast your confidential letters or materials Store illegal or espionage material Network Eavesdrop and replay Imposer: server / client Modify data / stream Denial-of-Service

Hackers Techniques
System

hacking hacking hacking

Network Software

Types of Hackers

Professional hackers Black Hats the Bad Guys White Hats Professional Security Experts Underemployed Adult Hackers Former Script Kiddies Cant get employment in the field Want recognition in hacker community Ideological Hackers hack as a mechanism to promote some political or ideological purpose Usually coincide with political events Criminal Hackers Real criminals, are in it for whatever they can get no matter who it hurts Disgruntled Employees Most dangerous to an enterprise as they are insiders Since many companies subcontract their network services a disgruntled vendor could be very dangerous to the host enterprise

Top Tools Hackers Use

Spam

Downloads
Pop-ups

Active

Successful Hackers
Eric McCarty hacks into USC database Australian hacker attacks sewage control computers

Most Likely to be Hacked

Small businesses with 10 or fewer employees.

Most vulnerable Less resources Ignore or unaware of risks

Large businesses with 100 or more employees

Higher profile Larger network

Is Computer Hacking a Crime???

Computer hacking is broadly defined as any action that results in unauthorized interference with a computer, computer system or network. Computer hacking includes breaking into a computer with the intent to steal, damage, modify or monitor data or settings within the system.

Significance

Computer hacking is considered a crime in all countries; it is also a crime under federal and international law. Because a computer may be accessed from anywhere, a person may be charged with computer hacking on the state, federal and international level.

Types

Hacking often involves more than just unauthorized access to a computer. Computer hackers may access a computer in order to: steal financial information such as credit card access numbers; steal personal information (identity theft); harass (swatting); vandalize; gain access to other computers; launch computer attacks; or place malicious software (malware).

Email Bombing
Refers to sending a large number of emails to the victim resulting in the victim's Email account (in case of an individual) or Mail servers (in case of a company or an email service provider) crashing.

Data Diddling

Altering raw data just before it is processed by a computer and then changing it back after the processing is completed.
Electricity Boards in India have been victims to data diddling programs inserted when private parties were computerizing their systems.

Salami Attacks

Used for the commission of financial crimes. Key here is to make the alteration so insignificant that in a single case it would go completely unnoticed.
E.g. a bank employee inserts a program, into the bank's servers, that deducts a small amount of money (say Rs. 5 a month) from the account of every customer. No account holder will probably notice this unauthorized debit, but the bank employee will make a sizable amount of money every month.

Denial of Service Attack

Involves flooding a computer resource with more requests than it can handle. Causes the resource (e.g. a web server) to crash thereby denying authorized users the service offered by the resource.

Virus Attacks

Programs that attach themselves to a computer or a file Circulate themselves to other files and to other computers on a network Affect the data on a computer, either by altering or deleting it

Worm Attacks

Do not need the host to attach themselves to. Make functional copies of themselves and do this repeatedly till they eat up all the available space on a computer's memory.

Logic Bombs

Event dependent programs. Programs are created to do something only when a certain event (known as a trigger event) occurs.
E.g. even some viruses may be termed logic bombs because they lie dormant all through the year and become active only on a particular date (like the Chernobyl virus).

Web Jacking
Occurs when someone forcefully takes control of a website (by cracking the password and later changing it).

Types of Cyber attacks by %(Source- FBI)

Financial fraud Sabotage of data/networks Theft of proprietary information System penetration from the outside Denial of service Unauthorized access by insiders Employee abuse of internet privileges Viruses

11% 17% 20% 25% 27% 71% 79% 85%

Industry Response

Software analyst meet to discuss the latest technology Demand for security professionals Many companies have spent money on security and repairs Microsoft estimated five billion dollars in 2010
www.Getsafeonline.com http://www.homeoffice.gov.uk/

Protect your Computers

Use anti-virus software and firewalls - keep them up to date Keep your operating system up to date with critical security updates and patches Don't open emails or attachments from unknown sources Use hard-to-guess passwords. Dont use words found in a dictionary. Remember that password cracking tools exist Don't share access to your computers with strangers Back-up your computer data on disks or CDs often If you have a Wi-Fi network, password protect it Disconnect from the Internet when not in use Reevaluate your security on a regular basis Make sure your employees and family members know this info too!

Intrusion Detection

Intrusion detection systems are the next generation of security beyond firewall protection Host Based IDS: For servers that contain sensitive information. Network Based IDS: Monitors certain network segments. Gives administrators a more proactive approach to stopping a potential threat.

Introduction to Detection

HOW TO DEALWITH THIS PROBLEM

International Agreements and Cooperation Essential due to the Worldwide Nature of the Internet Software and Hardware defenses (e.g., antispam, antivirus software, firewalls) Other practical steps.

Practical Steps for prevention of Cyber Crime

Avoid disclosing any information pertaining to oneself. Avoid sending any photograph online particularly to strangers. Use latest and up date anti virus software. Keep back up volumes. Never send your credit card number to any site that is not secured. Use of firewalls may be beneficial.

Laws, Fines, and Penalties

Hackers, virus and worm writers could get 20 years to life in federal prison. Anyone who uses computers to cause death or bodily harm, such as bringing down power grids or airport control centers, can get the maximum sentence. The sentence is increased by 25% if they steal personal information. The sentence is increased by 50% if they share the stolen information. If posted on the Internet, sentence is doubled!

Person found doing activities such as

Tampering with computer source documents Hacking with computer system Publishing of information which is obscene in electronic form Misrepresentation Breach of confidentiality and privacy Publishing digital signature false in certain particulars Publication of unlawful document for fraudulent purpose Can be charged up to rupees 1 to 3 Lakhs OR Can get imprisonment for 2 to 10 Years OR Both can be implemented according to the law

Conclusion

User awareness is key to a secure computer/network

Do not open suspicious files/emails Verify ActiveX/Java prompts Avoid using P2P programs Avoid downloading freeware If attacked, disconnect the network. Do not turn off the computer

Without

Careful Attention To These Issues, The Uncontrolled Interconnection Of Existing Systems, On Which People And Organizations Are Critically Dependent, Will Continue To Create Huge, Ill-defined And Defenseless Super - Systems. So We Must Pay Attention To All Those Issues And Protect The World From Cyber Crime.