INFORMATICS AND CYBER

LAWS
FOUNDATION COURSE II CO 1221
SECOND SEMESTER BCom DEGREE
UNIVERSITY OF KERALA

SYAM S, ASSISTANT PROFESSOR, MARIAN COLLEGE

 MODULE – 5
CYBER CRIMES
 M – 5 CONTENT

• NATURE AND SCOPE OF CYBERCRIMES

• CYBER OFFENCES UNDER IT ACT
• CYBER TERRORISM
• TYPES OF CYBER CRIMES
CYBER CRIMES
 CYBERCRIMES

• Cybercrime refers to criminal activities carried out using computers,

networks, and the internet.

• It encompasses a wide range of illicit activities committed in

cyberspace, often for financial gain, personal motives, or disruption
of systems.

• Cybercrimes can target individuals, businesses, governments, or

critical infrastructure, and they can result in financial loss, data
breaches, privacy violations, and other harmful consequences.

• With the increasing reliance on digital technology and connectivity,

cybercrimes have become a significant concern globally, requiring
ongoing efforts to prevent, detect, and prosecute offenders.
 Meaning and Definitions

Cybercrime refers to any criminal activity that involves a computer,

network, or networked device, as well as traditional crimes in which
computers or networks are used to facilitate illicit activities.

Laws in various jurisdictions define cybercrime differently,

encompassing offenses such as hacking, identity theft, online fraud,
cyber stalking, phishing, malware distribution, and more.

Cybercrime exploits vulnerabilities in computer systems, networks, and

digital data to commit offenses ranging from theft to sabotage.

Cybercrime transcends geographical boundaries, with perpetrators and

victims often located in different countries.
 Nature and Scope
1. Complexity: Cybercrimes often involve sophisticated techniques and
technologies, requiring specialized skills and knowledge.
2. Anonymity: Perpetrators can conceal their identities online, making it
challenging for law enforcement to track and apprehend them.
3. Economic Impact: Cybercrimes inflict significant financial losses on
individuals, businesses, and governments through theft, fraud, and
disruption of services.
4. Rapid Evolution: Cybercriminals continuously adapt their tactics to
exploit emerging technologies and vulnerabilities, posing ongoing
challenges for cyber security professionals and law enforcement
agencies.
5. Diverse Motivations: Perpetrators engage in cybercrime for various
reasons, including financial gain, ideological motives, espionage, and
personal vendettas.
6. Global Reach: The internet's borderless nature enables
cybercriminals to target victims worldwide, amplifying the scope and
impact of their activities.
 REASONS
FOR CYBER
CRIMES
 REASONS FOR INCREASE IN CYBER CRIMES
1. More people using the internet means more opportunities for
cybercriminals.
2. Cybercriminals can hide their identity easily online.
3. Criminals can steal money and sensitive information from anywhere
in the world.
4. Many cybercrimes are done for financial gain.
5. Weak passwords and other security flaws make it easier for criminals
to break into systems.
6. Cybercriminals are always finding new ways to trick people.
7. Some countries use cyber attacks for political or military reasons.
8. It's hard for law enforcement to catch cyber criminals because they
can operate from anywhere.
9. With the rise of smart devices, there are more targets for
cybercriminals.
10. Cybercrimes are becoming more common because criminals can
make money without getting caught easily.
CLASSIFICATION OF CYBER CRIMES
1. Cyber defamation is the act of distributing false or harmful
statements about a person or an organization on the internet. It
commonly occurs on platforms like social media, forums, blogs, or
any website.
2. Cyberstalking refers to the use of the internet and other technologies
to harass or stalk another person online, and is potentially a crime
globally.
3. Internet time theft refers to the theft in a manner where the
unauthorized person uses internet hours paid by another person.
4. Salami attack is a type of cybercrime that attackers typically use to
commit financial crimes. Criminals steal money or resources from
financial accounts on a system one at a time. This attack occurs when
several minor attacks combine to form a powerful attack.
5. Logic bomb is a type of malicious code embedded in software that
remains dormant until specific conditions are met. When triggered, a
logic bomb virus executes a destructive action, such as deleting files
or disrupting critical systems.
6. Trojan Horse Virus is a type of malware that downloads onto a
computer disguised as a legitimate program. The delivery method
typically sees an attacker use social engineering to hide malicious
code within legitimate software to try and gain users' system access
with their software.
7. Data diddling is a type of cybercrime in which data is altered as it is
entered into a computer system, most often by a data entry clerk or a
computer virus. Computerized processing of the altered data results
in a fraudulent benefit.
8. Cyber terrorism (also known as digital terrorism) is defined as
disruptive attacks by recognised terrorist organisations against
computer systems with the intent of generating alarm, panic, or the
physical disruption of the information system.
9. Web Jacking is when attackers illegally gain control of an
organisation's or individual's website is known as Web Jacking. The
hackers implant a fake website, which, when you open it, takes you to
another fraudulent website, where the attackers try to extract
sensitive information.
Juice jacking is a form of cyber attack where hackers tamper with
public USB charging ports, infecting them with malware or making
hardware changes that allow them to steal data from devices
connected to them. This type of attack has been a growing concern,
with incidents reported in various public spaces such as airports,
hotels, and shopping centres.
 CYBER TERRORISM

• The term 'Cyberterrorism' was first coined by Banny C. Collin of the

Institute for Security and Intelligence (ISI) in the late 1980s. But, its
usage was better understood during the 9/11 attack.

• Meaning: Cyber terrorism refers to the use of the internet, computer

systems, or other technology to conduct terrorist activities aimed at
causing disruption, fear, or harm to individuals, groups, or societies.

• It involves the exploitation of vulnerabilities in digital systems to carry

out attacks for political, ideological, or religious purposes.
 DEFINITION OF CYBER TERRORISM

• According to Federal Bureau of Investigation (FBI), new phenomenon

recognized as a cyber terrorism is defined by follow: “previously
planned, politically motivated attack against information, computer
systems, computer programs and data that result with violence
against targets that are not military (civilian) by the sub - national
groups or secret agents”.
S
Disrupting critical infrastructure such as power grids,
C transportation systems, or financial networks.
O
P
E Launching attacks on government agencies or military
networks to steal classified information or disrupt
O operations.
F

C Spreading propaganda or extremist ideologies through

social media platforms or websites.
Y
B
E
R Coordinating and executing coordinated cyber attacks to
cause mass disruption or financial damage.
T
E
R
R Spreading of terrorist ideologies.
O
R
I
S Cyber terrorists may operate from anywhere in the
M world.
 Types of Cyber Terrorism

1. Denial of Service (DoS) Attacks: Overloading targeted systems with

excessive traffic to make them unavailable to legitimate users.
2. Malware Attacks: Distributing malicious software to compromise
systems, steal data, or disrupt operations.
3. Hacking: Unauthorized access to computer systems or networks to
steal information, deface websites, or cause damage.
4. Phishing: Sending deceptive emails or messages to trick users into
revealing sensitive information or installing malware.
5. Cyber Espionage: Gathering intelligence or classified information
through unauthorized access to government or corporate networks.
 TERMS RELATED WITH CYBER CRIMES

1. Phishing: Sending deceptive emails or messages to trick individuals

into divulging sensitive information such as passwords or financial
details.
2. Ransomware: Malicious software that encrypts a victim's files or
systems, demanding payment for their release.
3. Identity Theft: Stealing personal information, such as Social Security
numbers or credit card details, to impersonate individuals or commit
fraud.
4. Hacking: Unauthorized access to computer systems or networks to
steal data, disrupt services, or plant malware.
5. Online Fraud: Using the internet to deceive victims into making
fraudulent transactions or investments.
6. Cyber bullying: Harassing or intimidating individuals online through
abusive messages, spreading rumors, or posting derogatory content.
7. Distributed Denial of Service (DDoS) Attacks: Overloading a website
or network with excessive traffic to disrupt its normal functioning.
8. Denial of Service (DoS) Attack: Flooding a website or network with so
much traffic that it becomes overwhelmed and unavailable to
legitimate users.
9. Child Exploitation: Distributing or producing child pornography,
grooming minors for sexual exploitation, or engaging in online sexual
abuse.
10. Data Breach: Unauthorized access to a company's or organization's
data, where sensitive information like customer records or financial
details is stolen or exposed.
11. Hacking – "Hacking" generally refers to the unauthorized access or
intrusion into computer systems or networks, typically done with the
intent to steal data, disrupt operations, or cause harm. The term
"hacker" can have different connotations depending on context,
ranging from skilled computer programmers to individuals who
exploit vulnerabilities for malicious purposes.

Main types of hacking

1. Ethical Hacking (White Hat):

Ethical hackers are authorized individuals who penetrate systems to
identify vulnerabilities and weaknesses. They do this to improve
security by fixing these issues before malicious hackers can exploit
them.
2. Malicious Hacking (Black Hat):
Malicious hackers break into systems without authorization, often with
the intent to steal data, disrupt operations, or cause damage. This is
illegal and unethical.

3. Grey Hat Hacking:

Grey hat hackers operate between ethical and malicious hacking. They
may break into systems without permission but do not have harmful
intentions. They may notify the organization of vulnerabilities after
the fact.
12. Identity Theft – Identity theft refers to the act of obtaining and using
someone else's personal information, such as their name, Social
Security number, credit card details, or other identifying data,
without their permission, typically for financial gain or to commit
fraud. This stolen information can be used to open accounts, make
purchases, apply for loans, or engage in other activities that can harm
the victim's finances or reputation.
• Phishing involves tricking users into providing sensitive information
such as passwords or credit card numbers by masquerading as a
trustworthy entity in electronic communications.
Main Types of Phishing

• Phishing is a technique used by cybercriminals to trick individuals into

providing sensitive information, such as login credentials or financial
details, by posing as a trustworthy entity.
• There are several common types of phishing attacks such as Email
Phishing, Spear Phishing, Smishing (SMS Phishing), Vishing (Voice
Phishing).
13. Pharming – Pharming is a cyber attack that redirects users from
legitimate websites to fraudulent ones without their knowledge. This
is typically achieved by manipulating the domain name system (DNS)
or using malware.

Main types of Pharming

• There are several common types of pharming attacks such as DNS

Pharming, Hosts File Pharming, Malware-Based Pharming.

14. Cyber Stalking – Cyber stalking refers to the use of electronic

communications (such as emails, social media, or messaging apps) to
repeatedly harass or threaten someone, causing fear or emotional
distress. It involves a pattern of behavior that is intrusive and
obsessive, often leading to the victim feeling unsafe or endangered.
15. Cyber Harassment – Cyber harassment involves sending offensive,
threatening, or malicious messages or images to the victim with the
intent to harass, embarrass, or harm them psychologically. It can take
the form of abusive comments, hate speech, or targeted attacks on
social media, blogs, or online forums.
16. Cyber Bullying – Cyber bullying refers to the use of digital
communication tools (such as social media, instant messaging, or
online gaming platforms) to repeatedly target and intimidates
someone, often with the intent to humiliate or belittle them. Cyber
bullying typically involves a power imbalance, where the bully uses
the anonymity or distance provided by the internet to harass their
victim.
17. Web hijacking – Web hijacking, also known as website hijacking or
web defacement, refers to the unauthorized takeover or modification
of a website's content or functionality by an attacker. In a web
hijacking attack, the attacker gains access to the website's
administrative controls or exploits vulnerabilities in its security to
alter the appearance or behavior of the site.
18. Malicious software – often referred to as malware, is a broad term
used to describe any type of software or program that is designed to
infiltrate, damage, or gain unauthorized access to computer systems
or networks. Malware is created and distributed by cybercriminals
with various malicious intentions, such as stealing sensitive
information, disrupting operations, or causing damage to devices or
networks.

Specific types of malicious software:

Virus:
A virus is a type of malware that attaches itself to legitimate programs
or files and spreads from one computer to another when the infected
program is executed. Viruses can cause damage by corrupting or
deleting files, slowing down system performance, or allowing
unauthorized access to the system.
Worms:
Worms are standalone malware programs that replicate themselves to
spread across networks and systems, often exploiting security
vulnerabilities. Unlike viruses, worms do not require a host program
to attach themselves to and can independently propagate and
execute.

Trojan Horse (Trojan):

A Trojan horse is a type of malware disguised as legitimate software or
files to trick users into downloading and executing them. Once
activated, Trojans can perform various malicious actions, such as
stealing data, spying on user activities, or providing unauthorized
access to attackers.
Spyware:
Spyware is a type of malware designed to secretly monitor and gather
information about a user's activities on a computer or device. This
can include capturing keystrokes, logging browsing history, recording
passwords, or collecting personal information.

Adware:
Adware is a form of malware that displays unwanted advertisements or
pop-ups on a user's device. Adware is often bundled with legitimate
software and can generate revenue for attackers through pay-per-
click advertising schemes.

Ransomware:
Ransomware is a type of malware that encrypts a victim's files or locks
their device, rendering it unusable until a ransom is paid.
Ransomware attacks are designed to extort money from victims in
exchange for restoring access to their data or devices.
Rootkit:
A rootkit is a type of stealthy malware that enables unauthorized access
to a computer or network while concealing its presence from
detection by antivirus or security software. Rootkits are often used to
maintain persistent access for attackers and can be difficult to
remove.

Botnet:
A botnet is a network of compromised computers (known as bots or
zombies) that are controlled remotely by attackers. Botnets are often
used to carry out coordinated attacks, such as Distributed Denial of
Service (DDoS) attacks, steal sensitive information, or distribute spam
and malware.
19. Financial Crimes
• Financial crimes refer to a wide range of illegal activities that are
committed with the intent of gaining financial benefit through
deceptive, manipulative, or illicit means. These crimes often involve
fraudulent practices, misappropriation of funds, or illegal transactions
that undermine the integrity of financial systems and institutions.
Financial crimes can have serious consequences, including financial
losses for individuals and organizations, as well as broader economic
impacts.
Cyber contraband – Cyber contraband refers to illegal or prohibited
goods, materials, or services that are traded or distributed through
online platforms or digital channels. This can include items such as
counterfeit products, illegal drugs, pirated software or media,
weapons, or other contraband goods that are sold or exchanged via
the internet or dark web. Cyber contraband transactions often
circumvent legal regulations and pose significant challenges for law
enforcement agencies tasked with combating online crime.
Cyber laundering – Cyber laundering, also known as cyber money
laundering, refers to the process of concealing the origins of illegally
obtained funds or assets through online platforms, digital
transactions, or virtual currencies. Cyber laundering techniques
leverage the anonymity and global reach of the internet to transfer,
convert, or disguise illicit proceeds in order to make them appear
legitimate or "clean”.
20. Intellectual Property Crimes
Intellectual property (IP) crimes involve the unauthorized use, theft, or
infringement of intellectual property rights, which include creations
of the mind such as inventions, literary and artistic works, designs,
symbols, names, and images used in business. These crimes
undermine the value of intellectual property and can result in
financial losses for creators, innovators, and rights holders. Common
types of intellectual property crimes include copyright infringement,
trademark counterfeiting, patent infringement, and trade secret
theft. IPR crimes include:
Software piracy – Software piracy refers to the unauthorized copying,
distribution, or use of software without the proper license or
permission from the copyright holder. This includes making illegal
copies of software, sharing license keys or activation codes, or
downloading pirated software from unauthorized sources.
Cyber Squatting – Cyber squatting, also known as domain squatting,
refers to the practice of registering, trafficking, or using internet
domain names with the intent of profiting from the goodwill
associated with someone else's trademark or brand.
Meta Tagging – In the context of intellectual property crimes, meta
tagging can be used to misappropriate or infringe on trademarks,
copyrighted material, or brand names by including them as hidden
keywords or descriptions in webpages. This can deceive search
engines and users into visiting irrelevant or misleading websites.
21. Cyber extortion – Cyber extortion refers to a type of criminal activity
where perpetrators use threats or coercion, typically via digital
communication methods, to demand money, services, or other
concessions from individuals or organizations under the threat of
exposing sensitive information, disrupting operations, or causing
harm.

22. Cyber Warfare – Cyber warfare refers to the use of digital

technologies and computer-based tactics to disrupt, sabotage, or gain
unauthorized access to an adversary's computer systems, networks,
and infrastructure. It is a form of conflict conducted in the digital
realm, often involving state-sponsored or organized groups with
strategic objectives related to national security, geopolitical influence,
or economic interests.
23. Cyber Vandalism – Cyber vandalism refers to malicious acts
committed online that involve damaging, defacing, or disrupting
digital assets, such as websites, databases, or computer systems. This
form of cybercrime is motivated by various factors, including political
activism, personal grievances, or simply the desire to cause chaos or
mischief in the digital space. Cyber vandalism can have significant
consequences for individuals, organizations, and society as a whole.
OFFENCES UNDER IT (AMENDMENT)
ACT, 2008
END OF MODULE – 5