Geetanjali Institute of technical studies

CHAPTER 1 INTRODUCTION
1.1 CYBER CRIME The term cyber crime is a misnomer. This term has nowhere been defined in any statute /Act passed or enacted by the Indian Parliament. The concept of cyber crime is not radically different from the concept of conventional crime. Both include conduct whether act or omission, which cause breach of rules of law and counterbalanced by the sanction of the state. Cyber crime is the latest and perhaps the most complicated problem in the cyber world. Cyber crime may be said to be those species, of which, genus is the conventional crime, and where either the computer is an object or subject of the conduct constituting crime. Any criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further crimes comes within the ambit of cyber crime. A generalized definition of cyber crime may be unlawful acts wherein the computer is either a tool or target or both. The computer may be used as a tool in the following kinds of activityfinancial crimes, sale of illegal articles, pornography, online gambling, intellectual property crime, e-mail spoofing, forgery, cyber defamation, cyber stalking. The computer may however be target for unlawful acts in the following cases- unauthorized access to computer/ computer system/ computer networks, theft of information contained in the electronic form, e-mail bombing, data didling, salami attacks, logic bombs, Trojan attacks, internet time thefts, web jacking, theft of computer system, physically damaging the computer system.

1.2 The Computer Dependent Age The modern world relies on computerized system for almost every thing in the life, from air, train and bus traffic control to medical services. The society depends on computer system, therefore has profound human dimension too. The rapid expansion of large-scale computer networks and the ability to access systems through regular telephone lines increase the vulnerability to these systems. And it also increases the

Page 1

Geetanjali Institute of technical studies opportunity for misuse or criminal activity. Security is needed for both external and internal threats. 1.3 History of computer crimes It is difficult to determine when the first crime involving a computer actually took place. The computer has been around in some form since the abacus, which is known to exist in 3500BC in Japan, China, and India. In 1801, profit motives encouraged Joseph Jacquard, a textile manufacturer in France, to design the forerunner of the computer card. This device allowed the repetition of services of stamps in the weaving of special fabrics. However Jacquards employees were committed to discourage further use of new technology. 1.4 Definition of computer crimes Experts debated on what exactly constitutes computer crime or a computer related crime. Even after several years there is no internationally recognized definition of these terms. A global definition of computer crime has not been achieved. Computer crime has been defined as any illegal unethical or unauthorized behavior involving automatic processing or transmission of data. Threats come in two categories: Passive threats This involves monitoring the transmission data of an organization. Here the goal of the assembler if to obtain information that is being transmitted. Passive threats are difficult to detect because they do not involve alterations of data. These are of two types: Release of message content Traffic analysis

Active threats These threats involve some modification of data stream or the creation of a false stream. These are of three types: Modification

Page 2

Geetanjali Institute of technical studies Denial of message service Masquerade

REASONS FOR CYBER CRIME Hart in his work The Concept of Law has said human beings are vulnerable so rule of law is required to protect them. Applying this to the cyberspace we may say that computers are vulnerable so rule of law is required to protect and safeguard them against cyber crime. The reasons for the vulnerability of computers may be said to be: Capacity to store data in comparatively small space-

The computer has unique characteristic of storing data in a very small space. This affords to remove or derive information either through physical or virtual medium makes it much easier. Easy to access-

The problem encountered in guarding a computer system from unauthorised access is that there is every possibility of breach not due to human error but due to the complex technology. By secretly implanted logic bomb, key loggers that can steal access codes, advanced voice recorders; retina imagers etc. that can fool biometric systems and bypass firewalls can be utilized to get past many a security system. Complex-

The computers work on operating systems and these operating systems in turn are composed of millions of codes. Human mind is fallible and it is not possible that there might not be a lapse at any stage. The cyber criminals take advantage of these lacunas and penetrate into the computer system. Negligence-

Negligence is very closely connected with human conduct. It is therefore very probable that while protecting the computer system there might be any negligence, which in turn provides a cyber criminal to gain access and control over the computer system.

Page 3

Geetanjali Institute of technical studies Loss of evidence-

Loss of evidence is a very common & obvious problem as all the data are routinely destroyed. Further collection of data outside the territorial extent also paralyses this system of crime investigation.

Page 4

Geetanjali Institute of technical studies CHAPTER 2 CLASSIFICATION OF CYBER CRIMES

Cyber crime encompasses any criminal act dealing with computers and networks (called hacking). Additionally, cyber crime also includes traditional crimes conducted through the Internet. For example; hate crimes, telemarketing and Internet fraud, identity theft, and credit card account thefts are considered to be cyber crimes when the illegal activities are committed through the use of a computer and the Internet. Cyber crime can be classified in to 4 major categories as; Cyber crime against Individual Cyber crime Against Property Cyber crime Against Organization Cyber crime Against Society

Against Individuals:

Email spoofing : A spoofed email is one in which e-mail header is forged so that mail appears to originate from one source but actually has been sent from another source

Spamming: Spamming means sending multiple copies of unsolicited mails or mass e-mails such as chain letters.

Cyber Defamation: This occurs when defamation takes place with the help of computers and / or the Internet. E.g. someone publishes defamatory matter about someone on a website or sends e-mails containing defamatory information.

Harassment & Cyber stalking: Cyber Stalking Means following the moves of an individual's activity over internet. It

Page 5

Geetanjali Institute of technical studies can be done with the help of many protocols available such as e- mail, chat rooms, user net groups etc. Phishing: Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

(B) Against Property:

Credit Card Fraud : Credit card fraud is a wide-ranging term for theft and fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account.

Intellectual Property crimes : These include Software piracy, illegal copying of programs, Distribution of copies of software, Copyright infringement, Trademarks violations, Theft of computer source code.

Internet time theft: The usage of the Internet hours by an unauthorized person which is actually paid by another person.

(A)Against Organization

Denial of Service: When Internet server is flooded with continuous bogus requests so as to denying legitimate users to use the server or to crash the server.

Virus attack: A computer virus is a computer program that can infect other computer programs by

Page 6

Geetanjali Institute of technical studies modifying them in such a way as to include a (possibly evolved) copy of it. Viruses can be file infecting or affecting boot sector of the computer. Worms, unlike viruses do not need the host to attach themselves to. Email Bombing: Sending large numbers of mails to the individual or company or mail servers thereby ultimately resulting into crashing. Salami Attack: When negligible amounts are removed & accumulated in to something larger. These attacks are used for the commission of financial crime. Logic Bomb: It is an event dependent program, as soon as the designated event occurs, it crashes the computer, release a virus or any other harmful possibilities. Trojan horse: an unauthorized program which functions from inside what seems to be an authorized program, thereby concealing what it is actually doing. Data diddling: This kind of an attack involves altering raw data just before it is processed by a computer and then changing it back after the processing is completed.

(D) Against Society

Forgery : Currency notes, revenue stamps, mark sheets etc can be forged using computers and high quality scanners and printers.

Cyber Terrorism : According to the U.S. Federal Bureau of Investigation, cyber terrorism is any "premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents."

Page 7

Geetanjali Institute of technical studies Web Jacking : Hackers gain access and control over the website of another, even they change the content of website for fulfilling political objective or for money.

3. AGAINST INDIVIDUALS

3.1. E-MAIL SPOOFING:

It is a term used to describe (usually fraudulent but can sometimes be legitimate - see below) email activity in which the sender address and other parts of the e-mail header are altered to appear as though the e-mail originated from a different source. E-mail spoofing is a technique commonly used for spam e-mail and phishing to hide the origin of an e-mail message. By changing certain properties of the e-mail, such as the From, Return-Path and Reply-To fields (which can be found

Page 8

Geetanjali Institute of technical studies in the message header), ill-intentioned users can make the e-mail appear to be from someone other than the actual sender. The result is that, although the e-mail appears to come from the address indicated in the from field (found in the e-mail headers), it actually comes from another source. Occasionally (especially if the spam requires a reply from the recipient, such as the '419' scams), the source of the spam e-mail is indicated in the Reply-To field (or at least a way of identifying the spammer); if this is the case and the initial e-mail is replied to, the delivery will be sent to the address specified in the Reply-To field, which could be the spammer's address. However, most spam emails (especially malicious ones with a Trojan/virus payload, or those advertising a web site) forge this address too, and replying to it will annoy an innocent third party. Prior to the advent of unsolicited commercial email as a viable business model, "legitimately spoofed" email was common. For example, a visiting user might use the local organization's SMTP server to send email from the user's foreign address. Since most servers were configured as open relays, this was a common practice. As spam email became an annoying problem, most of this victim uses antispam techniques. E-mail spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source. Distributors of spam often use spoofing in an attempt to get recipients to open, and possibly even respond to, their solicitations. Spoofing can be used legitimately. Classic examples of senders who might prefer to disguise the source of the e-mail include a sender reporting mistreatment by a spouse to a welfare agency or a "whistle-blower" who fears retaliation. However, spoofing anyone other than you is illegal in some jurisdictions. E-mail spoofing is possible because Simple Mail Transfer Protocol (SMTP), the main protocol used in sending e-mail, does not include an authentication mechanism. Although an SMTP service extension allows an SMTP client to negotiate a security level with a mail server, this precaution is not often taken. If the precaution is not taken, anyone with the requisite knowledge can connect to the server and use it to send messages. To send spoofed e-mail, senders insert commands in headers that will alter message information. It is possible to send a message that

Page 9

Geetanjali Institute of technical studies appears to be from anyone, anywhere, saying whatever the sender wants it to say. Thus, someone could send spoofed e-mail that appears to be from you with a message that you didn't write.

3. 2. SPAMMING: Spam is the use of electronic messaging systems (including most broadcast media, digital delivery systems) to send unsolicited bulk messages indiscriminately. While the most widely recognized form of spam is e-mail spam, the term is applied to similar abuses in other media: instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, wiki spam, online classified ads spam, mobile phone messaging spam, Internet forum spam, junk fax transmissions, social networking spam, television advertising and file sharing network spam. Spamming remains economically viable because advertisers have no operating costs beyond the management of their mailing lists, and it is difficult to hold senders accountable for their mass mailings. Because the barrier to entry is so low, spammers are numerous, and the volume of unsolicited mail has become very high. The costs, such as lost productivity and fraud, are borne by the public and by Internet service providers, which have been forced to add extra capacity to cope with the deluge. Spamming is universally reviled, and has been the subject of legislation in many jurisdictions. People who create electronic spam are called spammers. 3.2.1. INSTANT MESSAGING: Instant Messaging spam makes use of instant messaging systems. Although less ubiquitous than its e-mail counterpart, according to a report from Ferris Research, 500 million spam IMs were sent in 2003, twice the level of 2002. As instant messaging tends to not be blocked by firewalls, it is an especially useful channel for spammers. 3.2.2. NEWSGROUP AND FORUM: Newsgroup spam is a type of spam where the targets are Usenet newsgroups. Spamming of Usenet newsgroups actually pre-dates e-mail spam. Usenet convention defines spamming as excessive multiple posting, that is, the repeated posting of a message (or substantially similar

Page 10

Geetanjali Institute of technical studies messages). The prevalence of Usenet spam led to the development of the Breidbart Index as an objective measure of a message's "spamminess". Forum spam is the creating of messages that are advertisements, abusive, or otherwise unwanted on Internet forums. It is generally done by automated spambots. Most forum spam consists of links to external sites, with the dual goals of increasing search engine visibility in highly competitive areas such as weight loss, pharmaceuticals, gambling, pornography, real estate or loans, and generating more traffic for these commercial websites. Some of these links contain code to track the spambot's identity if a sale goes through, when the spammer behind the spambot works on commission. 3.2.3. MOBILE PHONES: Mobile phone spam is directed at the text messaging service of a mobile phone. This can be especially irritating to customers not only for the inconvenience but also because of the fee they may be charged per text message received in some markets. The term "SpaSMS" was coined at the adnews website Adland in 2000 to describe spam SMS. 3.2.4. ONLINE GAME MESSAGING: Many online games allow players to contact each other via player-to-player messaging, chat rooms, or public discussion areas. What qualifies as spam varies from game to game, but usually this term applies to all forms of message flooding, violating the terms of service contract for the website. They send spam via the in-game private messaging system, via the in-game mailing system, via yelling publicly to everyone in the area and by creating a lot of characters and committing suicide (with hacks) and making a row of bodies resemble a site URL which takes the user to a gold-selling website. All of these spam methods can interfere with the user's game play experience and this is one reason why spam is discouraged by game developers. 3.2.5. BLOG, WIKI, AND GUESTBOOK: Blog spam, or "blam" for short, is spamming on weblogs. In 2003, this type of spam took advantage of the open nature of comments in the blogging software Movable Type by repeatedly placing comments to various blog posts that provided nothing more than a link to the spammer's

Page 11

Geetanjali Institute of technical studies commercial web site. Similar attacks are often performed against wikis and guestbook, both of which accept user contributions.

3.3. PHISHING: Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one One example would be if you received an e-mail that appears to be from your bank requesting you click a hyperlink in the e-mail and verify your online banking information. Usually there will be a repercussion stated in the e-mail for not following the link, such as "your account will be closed or suspended". The goal of the sender is for you to disclose personal and (or) account related information. This type of e-mail scam is also called phishing. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the users information.

3.4. CYBERSTALKING: Cyber Stalking can be defined as the repeated acts harassment or threatening behavior of the cyber criminal towards the victim by using internet services. Stalking in General terms can be referred to as the repeated acts of harassment targeting the victim such as following the victim, making harassing phone calls, killing the victims pet, vandalizing victims property, leaving written messages or objects. Stalking may be followed by serious violent acts such as physical

Page 12

Geetanjali Institute of technical studies harm to the victim and the same has to be treated and viewed seriously. It all depends on the course of conduct of the stalker. Both kind of Stalkers Online & Offline have desire to control the victims life. Majority of the stalkers are the dejected lovers or ex-lovers, who then want to harass the victim because they failed to satisfy their secret desires. Most of the stalkers are men and victim female. Cyber stalking is the use of the Internet or other electronic means to stalk or harass an individual, a group of individuals, or an organization. It may include false accusations, monitoring, making threats, identity theft, and damage to data or equipment, the solicitation of minors for sex, or gathering information in order to harass. The definition of "harassment" must meet the criterion that a reasonable person, in possession of the same information, would regard it as sufficient to cause another reasonable person distress. "Stalking is a form of mental assault, in which the perpetrator repeatedly, unwontedly, and disruptively breaks into the life-world of the victim, with whom he has no relationship (or no longer has), with motives that are directly or indirectly traceable to the affective sphere. Moreover, the separated acts that make up the intrusion cannot by themselves cause the mental abuse, but do taken together (cumulative effect)." 3.5. CYBER DEFAMATION: Cyber Defamation is a crime conducted in cyberspace, usually through the Internet, with the intention of defaming others. The cyber defamation law that the Korean government tries to make is intended to capture such criminal activities by allowing police to crack down on hateful comments without any reports from the victims. The only country where such cyber defamation law is being implemented is China, and South Korea is the first democratic country in the process of introducing the law.

4. AGAINST PROPERTY: 4.1. HACKING:

Page 13

Geetanjali Institute of technical studies Hacking is unauthorized use of computer and network resources. (The term "hacker" originally meant a very gifted programmer. In recent years though, with easier access to multiple systems, it now has negative implications.) Hacking is a felony in the United States and most other countries. When it is done by request and under a contract between an ethical hacker and an organization, it's OK. The key difference is that the ethical hacker has authorization to probe the target. We work with IBM Consulting and its customers to design and execute thorough evaluations of their computer and network security. Depending on the evaluation they request (ranging from Web server probes to all-out attacks), we gather as much information as we can about the target from publicly available sources. As we learn more about the target, its subsidiaries and network connectivity, we begin to probe for weaknesses. Examples of weaknesses include poor configuration of Web servers, old or unpatched software, disabled security controls, and poorly chosen or default passwords. As we find and exploit vulnerabilities, we document if and how we gained access, as well as if anyone at the organization noticed. (In nearly all the cases, the Information Systems department is not informed of these planned attacks.) Then we work with the customer to address the issues we have discovered. When we do an ethical hack, we could be holding the keys to that company once we gain access. It's too great a risk for our customers to be put in a compromising position. With access to so many systems and so much information, the temptation for a former hacker could be too great - like a kid in an unattended candy store. Technically, a hacker is someone who is enthusiastic about computer programming and all things relating to the technical workings of a computer. Under such a definition, I would gladly brand myself a hacker. However, most people understand a hacker to be what is more accurately known as a 'cracker' Crackers are people who try to gain unauthorized access to computers. This is normally done through the use of a 'backdoor' program installed on your machine. A lot of crackers also try to gain access to resources through the use of password cracking software, which tries billions of passwords to find the correct one for accessing a computer.

Page 14

Geetanjali Institute of technical studies

4.2. CREDIT CARD FRAUD Credit card fraud is a wide-ranging term for theft and fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account. Credit card fraud is also an adjunct to identity theft. 4.2.1. SKIMMING: Skimming is the theft of credit card information used in an otherwise legitimate transaction. It is typically an "inside job" by a dishonest employee of a legitimate merchant. The thief can procure a victims credit card number using basic methods such as photocopying receipts or more advanced methods such as using a small electronic device (skimmer) to swipe and store hundreds of victims credit card numbers. Common scenarios for skimming are restaurants or bars where the skimmer has possession of the victim's credit card out of their immediate view. The thief may also use a small keypad to unobtrusively transcribe the 3 or 4 digit Card Security Code which is not present on the magnetic strip. Call centers are another area where skimming can easily occur 4.3. INTELLECTUAL PROPERTY CRIMES: Intellectual property is any innovation, commercial or artistic, or any unique name, symbol, logo or design used commercially. Intellectual property is protected by Patents on inventions; Trademarks on branding devices; Copyrights on music, videos, patterns and other forms of expression;

Page 15

Geetanjali Institute of technical studies Trade secrets for methods or formulas having economic value and used commercially

IP crime is more generally known as counterfeiting and piracy. Counterfeiting is, willful trade mark infringement, while piracy involves, willful copyright infringement. These are very similar and often overlapping crimes. IP crime is not a new phenomenon but due to globalization and advances in technology counterfeiting and piracy has become big business.

5. AGAINST ORGANIZATION 5.1. VIRUS DISSEMINATION: Malicious software attaches itself to other software. (Virus, worms, Trojan horse, Time bomb and Logic Bomb are the malicious). A computer virus is a computer program that can copy itself and infect a computer. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability. A true virus can spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive.Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer. As stated above, the term "computer virus" is sometimes used as a catch-all phrase to include all types of malware, even those that do not have the reproductive ability. Viruses are sometimes confused with worms and Trojan horses, which are technically different. A worm can exploit security vulnerabilities to spread itself automatically to other computers through networks, while a Trojan horse is a program that appears harmless but hides malicious functions. Worms and Trojan horses, like viruses, may harm a computer system's data or performance. Some viruses and other malware have symptoms noticeable to the computer user, but many are surreptitious or simply do nothing to call attention to them. Some viruses do nothing beyond reproducing themselves.

Page 16

Geetanjali Institute of technical studies 5.2. COMPUTER WORM: A computer worm is a self-replicating malware computer program. It uses a computer network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer. Many worms that have been created are only designed to spread, and don't attempt to alter the systems they pass through. A "payload" is code designed to do more than spread the wormit might delete files on a host system (e.g., the Explore Zip worm), encrypt files in a crypto viral extortion attack, or send documents via e-mail. A very common payload for worms is to install a backdoor in the infected computer to allow the creation of a "zombie" computer under control of the worm author. 5.2.1. Worms with good intent Beginning with very first research into worms at Xerox PARC, there have been attempts to create useful worms. The Nachi family of worms, for example, tried to download and install patches from Microsoft's website to fix vulnerabilities in the host systemby exploiting those same vulnerabilities. In practice, although this may have made these systems more secure, it generated considerable network traffic, rebooted the machine in the course of patching it, and did its work without the consent of the computer's owner or user. Some worms, such as XSS worms, have been written for research to determine the factors of how worms spread, such as social activity and change in user behavior, while other worms are little more than a prank, such as one that sends the popular image macro of an owl with the phrase "O RLY?" to a print queue in the infected computer. Most security experts regard all worms as malware, whatever their payload or their writers' intentions. 5.2.2. Protecting against dangerous computer worms

Page 17

Geetanjali Institute of technical studies Worms spread by exploiting vulnerabilities in operating systems. Vendors with security problems supply regular security updates (see "Patch Tuesday"), and if these are installed to a machine then the majority of worms are unable to spread to it. If a vendor acknowledges vulnerability, but has yet to release a security update to patch it, a zero day exploit is possible. However, these are relatively rare. Users need to be wary of opening unexpected email and should not run attached files or programs, or visit web sites that are linked to such emails. However, as with the ILOVEYOU worm, and with the increased growth and efficiency of phishing attacks, it remains possible to trick the end-user into running a malicious code.Anti-virus and anti-spyware software are helpful, but must be kept up-to-date with new pattern files at least every few days. The use of a firewall is also recommended. 5.3. TROJAN HORSE: A Trojan horse, or Trojan, is malware that appears to perform a desirable function for the user prior to run or install but instead facilitates unauthorized access of the user's computer system. "It is a harmful piece of software that looks legitimate. Users are typically tricked into loading and executing it on their systems". The most important difference between a trojan horse and a virus is that trojans dont spread themselves. Trojan horses disguise themselves as valuable and useful software available for download on the internet. Most people are fooled by this ploy and end up dowloading the virus disguised as some other application. The name comes from the mythical Trojan Horse that the Ancient Greeks set upon the city of Troy. A trojan horse is typically separated into two parts a server and a client. Its the client that is cleverly disguised as significant software and positioned in peer-to-peer file sharing networks, or unauthorized download websites. Once the client Trojan executes on your computer, the attacker, i.e. the person running the server, has a high level of control over your computer, which can lead to destructive effects depending on the attackers purpose.

Page 18

Geetanjali Institute of technical studies A trojan horse virus can spread in a number of ways. The most common means of infection is through email attachments. The developer of the virus usually uses various spamming techniques in order to distribute the virus to unsuspecting users. Another method used by malware developers to spread their trojan horse viruses is via chat software such as Yahoo Messenger and Skype. Another method used by this virus in order to infect other machines is through sending copies of itself to the people in the address book of a user whose computer has already been infected by the virus. 5.4. DENIEL OF SERVICE: A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root name servers. The term is generally used with regards to computer networks, but is not limited to this field; for example, it is also used in reference to CPU resource management. One common method of attack involves saturating the target machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.

5.5. E-MAIL BOMBING: In Internet usage, an e-mail bomb is a form of net abuse consisting of sending huge volumes of e-mail to an address in an attempt to overflow the mailbox or overwhelm the server where the

Page 19

Geetanjali Institute of technical studies email address is hosted in a denial-of-service attack. There are two methods of perpetrating an email bomb: mass mailing and list linking. 5.5.1. Mass mailing: Mass mailing consists of sending numerous duplicate mails to the same email address. These types of mail bombs are simple to design but their extreme simplicity means they can be easily detected by spam filters. Email-bombing using mass mailing is also commonly performed as a DoS attack by employing the use of "zombie" botnets; hierarchical networks of computers compromised by malware and under the attacker's control. Similar to their use in spamming, the attacker instructs the botnet to send out millions or even billions of e-mails, but unlike normal botnet spamming, the e-mails are all addressed to only one or a few addresses the attacker wishes to flood. This form of email bombing is similar in purpose to other DoS flooding attacks. As the targets are frequently the dedicated hosts handling website and e-mail accounts of a business, this type of attack can be just as devastating to both services of the host. This type of attack is more difficult to defend against than a simple mass-mailing bomb because of the multiple source addresses and the possibility of each zombie computer sending a different message or employing stealth techniques to defeat spam filters. 5.5.2. List linking: List linking means signing a particular email address to several email list subscriptions. The victim then has to unsubscribe from these unwanted services manually. In order to prevent this type of bombing, most email subscription services send a confirmation email to a person's inbox when that email is used to register for a subscription. This method of prevention is easily circumvented: if the perpetrator registers a new email account and sets it to automatically forward all mail to the victim, he or she can reply to the confirmation emails, and the list linking can proceed. 5.5.3. Zip bombing

Page 20

Geetanjali Institute of technical studies A ZIP bomb is a variant of mail-bombing. After most commercial mail servers began checking mail with anti-virus software and filtering certain malicious file types, EXE, RAR, Zip, 7-Zip. Mail server software was then configured to unpack archives and check their contents as well. A new idea to combat this solution was composing a "bomb" consisting of an enormous text files, containing, for example, only the letter z repeating millions of times. Such a file compresses into a relatively small archive, but its unpacking (especially by early versions of mail servers) would use a greater amount of processing, which could result in a DoS (Denial of Service). 5.6. SALAMI SLICING ATTACKS: Salami slicing is a series of many minor actions, often performed by clandestine means, those together results in a larger action that would be difficult or illegal to perform at once. The term is typically used pejoratively. An example of salami slicing, also known as penny shaving, is the fraudulent practice of stealing money repeatedly in extremely small quantities, usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. It would be done by always rounding down, and putting the fractions of a cent into another account. The idea is to make the change small enough that any single transaction will go undetected. In information security, salami attack is a series of minor attacks that together result in a larger attack. Computers are ideally suited to automating this type of attack.

5.7. LOGIC BOMBS: A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files (such as a salary database trigger), should they ever be terminated from the company. A logic bomb is a program, or portion of a program, which lies dormant until a specific piece of program logic is activated. In this way, a logic bomb is very analogous to a real-world land mine. The most common activator for a logic bomb is a date. The

Page 21

Geetanjali Institute of technical studies logic bomb checks the system date and does nothing until a pre-programmed date and time is reached. At that point, the logic bomb activates and executes its code. A logic bomb could also be programmed to wait for a certain message from the programmer. The logic bomb could, for example, check a web site once a week for a certain message. When the logic bomb sees that message, or when the logic bomb stops seeing that message, it activates and executes its code. A logic bomb can also be programmed to activate on a wide variety of other variables, such as when a database grows past a certain size or a users home directory is deleted. The most dangerous form of the logic bomb is a logic bomb that activates when something doesnt happen. Imagine a suspicious and unethical system administrator who creates a logic bomb which deletes all of the data on a server if he doesnt log in for a month. The system administrator programs the logic bomb with this logic because he knows that if he is fired, he wont be able to get back into the system to set his logic bomb. One day on his way to work, our suspicious and unethical system administrator is hit by a bus. Three weeks later, his logic bomb goes off and the server is wiped clean. The system administrator meant for the logic bomb to explode if he was fired; he did not foresee that he would be hit by a bus. Because a logic bomb does not replicate itself, it is very easy to write a logic bomb program. This also means that a logic bomb will not spread to unintended victims. In some ways, a logic bomb is the most civilized programmed threat, because a logic bomb must be targeted against a specific victim. The classic use for a logic bomb is to ensure payment for software. If payment is not made by a certain date, the logic bomb activates and the software automatically deletes itself. A more malicious form of that logic bomb would also delete other data on the system. 5.8. DATA DIDDLING: Data diddling involves changing data prior or during input into a computer. In other words, information is changed from the way it should be entered by a person typing in the data, a virus that changes data, the programmer of the database or application, or anyone else involved in the

Page 22

Geetanjali Institute of technical studies process of having information stored in a computer file. The culprit can be anyone involved in the process of creating, recording, encoding, examining, checking, converting, or transmitting data.

This is one of the simplest methods of committing a computer-related crime, because it requires almost no computer skills whatsoever. Despite the ease of committing the crime, the cost can be considerable. For example, a person entering accounting may change data to show their account, or that or a friend or family member, is paid in full. By changing or failing to enter the information, they are able to steal from the company. To deal with this type of crime; a company must implement policies and internal controls. This may include performing regular audits, using software with built-in features to combat such problems, and supervising employees. 6. AGAINST SOCIETY: 6.1. COMPUTER FORGERY: Offences of computer forgery and counterfeiting have become rampant as it is very easy to counterfeit a document like birth certificate and use the same to perpetuate any crime. The authenticity of electronic documents hence needs to be safeguarded by making forgery with the help of computers abs explicit offence punishable by law. When a perpetrator alters documents stored in computerized form, the crime committed may be forgery. In this instance, computer systems are the target of criminal activity. Computers, however, can also be used as instruments with which to commit forgery. A new generation of fraudulent alteration or counterfeiting emerged when computerized color laser copiers became available. These copiers are capable of high-resolution copying, modification of documents, and even the creation of false documents without benefit of an original, and they produce documents whose quality is indistinguishable from that of authentic documents except by an expert. These schemes take very little computer knowledge to perpetrate. Counterfeit checks,

invoices and stationery can be produced using scanners, color printers, and graphics software.

Page 23

Geetanjali Institute of technical studies Such forgeries are difficult to detect for the untrained eye. It is relatively easy to scan a logo into a computer system and go from there.

6.2. CYBER TERRORISM: The North Atlantic Treaty Organization (NATO) has offered its own definition in 2008. NATO defined cyber terrorism as a cyber attack using or exploiting computer or communication networks to cause sufficient destruction or disruption to generate fear or to intimidate a society into an ideological goal. Cyber terrorism is a controversial term. Some authors choose a very narrow definition, relating to deployments, by known terrorist organizations, of disruption attacks against information systems for the primary purpose of creating alarm and panic. By this narrow definition, it is difficult to identify any instances of cyber terrorism.

6.3. WEB JACKING: This term is derived from the term hi jacking. In these kinds of offences the hacker gains access and control over the web site of another. He may even change the information on the site. This may be done for fulfilling political objectives or for money. E.g. recently the site of MIT (Ministry of Information Technology) was hacked by the Pakistani hackers and some obscene matter was placed therein. Further the site of Bombay crime branch was also web jacked.

CHAPTER 3 PRECAUTIONS TO PREVENT COMPUTER HACKING

Page 24

Geetanjali Institute of technical studies Nobodys data is completely safe. But everybodys computers can still be protected against would-be hackers. Here is your defense arsenal.

3.1 Firewalls These are the gatekeepers to a network from the outside. Firewall should be installed at every point where the computer system comes in contact with other networks, including the Internet a separate local area network at customers site or telephone company switch.

3.2 Password protection At minimum, each item they logon, all PC users should be required to type-in password that only they and network administrator know. PC users should avoid picking words, phrases or numbers that anyone can guess easily, such as birth dates, a childs name or initials. Instead they should use cryptic phrases or numbers that combine uppercase and lowercase. Letters such as the The Moon Also Rises. In addition the system should require all users to change passwords every month or so and should lockout prospective users if they fail to enter the correct password three times in a row.

3.3 Viruses Viruses generally infect local area networks through workstations, So anti-virus software that works only on the server isnt enough to prevent infection. You cannot get a virus or any system-damaging software by reading e-mail. Viruses and other system-destroying bugs can only exist in files, and e-mail is not a system file. Viruses cannot exist there. Viruses are almost always specific of the operating system involved. Meaning, viruses created to infect DOS application can do no damage to MAC systems, and vice versa. The only exception to this is the Microsoft Word macro virus which infects documents instead of the program.

Page 25

Geetanjali Institute of technical studies 3.4 Encryption Even if intruders manage to break through a firewall, the data on a network can be made safe if it is encrypted. Many software packages and network programs Microsoft Windows NT, Novel NetWare, and lotus notes among others- offer and on encryption schemes that encode all the data sent on the network. In addition, companies can buy stand alone encryption packages to work with individual applications. Almost every encryption package is based on an approach known as public-private key. Scrambled data is encoded using a secret key unique to that transmission. Receivers use a combination of the senders public key and their own private encryption key to unlock the secret code for that message decipher it.

3.5 Audit Trails Almost all firewalls, encryption programs, and password schemes include an auditing function that records activities on the network. This log which, ironically is turned off by many network administrators who doesnt appreciate its importance is an excellent way of recording what occurred during an attack by hackers.

Page 26