Cyber wrongdoings (crimes) and their types:- Broadly speaking following type of wrong doings (crimes) are associated with cyber world-
DDoS Attacks These are used to make an online service unavailable and take the network down by overwhelming the site with traffic from a variety of sources. Large networks of infected devices known as Botnets are created by depositing malware on users’ computers. The hacker then hacks into the system once the network is down.
Botnets Botnets are networks from compromised computers that are controlled externally by remote hackers. The remote hackers then send spam or attack other computers through these botnets. Botnets can also be used to act as malware and perform malicious tasks.
Identity Theft This cybercrime occurs when a criminal gains access to a user’s personal information to steal funds, access confidential information, or participate in tax or health insurance fraud. They can also open a phone/internet account in your name, use your name to plan a criminal activity and claim government benefits in your name. They may do this by finding out user’s passwords through hacking, retrieving personal information from social media, or sending phishing emails.
Cyberstalking This kind of cybercrime involves online harassment where the user is subjected to a plethora of online messages and emails. Typically cyberstalkers use social media, websites and search engines to intimidate a user and instill fear. Usually, the cyberstalker knows their victim and makes the person feel afraid or concerned for their safety.
Social Engineering Social engineering involves criminals making direct contact with you usually by phone or email. They want to gain your confidence and usually pose as a customer service agent so you’ll give the necessary information needed. This is typically a password, the company you work for, or bank information. Cybercriminals will find out what they can about you on the internet and then attempt to add you as a friend on social accounts. Once they gain access to an account, they can sell your information or secure accounts in your name.
PUPs PUPS or Potentially Unwanted Programs are less threatening than other cybercrimes, but are a type of malware. They uninstall necessary software in your system including search engines and pre-downloaded apps. They can include spyware or adware, so it’s a good idea to install an antivirus software to avoid the malicious download.
Phishing This type of attack involves hackers sending malicious email attachments or URLs to users to gain access to their accounts or computer. Cybercriminals are becoming more established and many of these emails are not flagged as spam. Users are tricked into emails claiming they need to change their password or update their billing information, giving criminals access.
Prohibited/Illegal Content This cybercrime involves criminals sharing and distributing inappropriate content that can be considered highly distressing and offensive. Offensive content can include, but is not limited to, sexual activity between adults, videos with intense violent and videos of criminal activity. Illegal content includes materials advocating terrorism-related acts and child exploitation material. This type of content exists both on the everyday internet and on the dark web, an anonymous network.
Online Scams These are usually in the form of ads or spam emails that include promises of rewards or offers of unrealistic amounts of money. Online scams include enticing offers that are “too good to be true” and when clicked on can cause malware to interfere and compromise information.
Exploit Kits They are readymade tools criminals can buy online and use against anyone with a computer. The exploit kits are upgraded regularly similar to normal software and are available on dark web hacking forums.
ATM Cloning and Skimming : Cloning is also called skimming and requires copying information at a credit card terminal using an electronic device or software, then transferring the information from the stolen card to a new card or to rewrite an existing card with the information.
Dark Web The dark web refers to encrypted online content that is not indexed by conventional search engines. Sometimes, the dark web is also called the dark net. The dark web is a part of the deep web, which just refers to websites that do not appear on search engines. It is a platform of illegal business on net, here information is traded – stolen card numbers, web based managing account, medical records and access to servers.
Data Security : Some Issues :
Data has certain value due to which it needs to be protected. This value is there due to – a. Confidentiality Value : Some Data/Information are so confidential that their leakage may cause threat even to the sovereignty of a nation, b. Financial Value : Some Data/Information may have monitory value like CVV number, ATM card PIN, Credit Card number and details as to Date of Birth etc., c. Copy Right Value : Some Data/Information may be so valuable that their copy may also have worth e.g. Music CD, Movie DVD etc.
Security Should be at right time and place : At the point of Storage of data sufficient security has to place – sufficiency of security measures depends on volume and nature of data stored & Vulnerability associated with data. Security should also be deployed in Transit of Data/Information – Such security is very important because data is most vulnerable in transit. Most frauds related with cyber world are committed when data remained in transit. Security at the time of retrieval is also very important – since data may be accessed by some one who may not supposed to do the same.
Pillars of Cyber Security :– Some Cyber experts concludes that Cyber security has 4 pillars (First Four enumerated below), while some others are of the opinion that there are more than 4 pillars of data security. Some other cyber professional discuss only first 3 which are called CIA in short.
- Confidentiality :--Quality of confidentiality has to be maintained. Security system which address confidentiality of data is a good security system. If a security system cannot maintain confidentiality of information it is futile.
- Integrity : Integrity of data means data should remain in same form and should not be allowed to be tempered and manipulation. This concept should be respected the most when data is in transit.
- Availability : This concept says that data should be made available at all times as envisaged from system. Non availability of data at the time of need of it makes entire system vulnerable. DOS – Denial of System and DDOS – Distributed Denial of System are among most common bugs in our computer systems.
- Non Repudiation: this pillar says that all stake holders of data should be made responsible and should not be permitted to deny their responsibility. A. Creator owns the responsibility of data entry, B. Sender owns the responsibility of sending data, C. Receiver owns the responsibility of receiving data and finally D. Network provider owns the responsibility of carrying data. No one of them should be allowed to step back and every one of them should be made responsible for their job.
- Authorization : Process of confirming whether the user has authority to access and issue commands which he is accessing and issuing.
- Authentication : This is a process which confirms that he is the actual person or entity who has accessed the system. One factor Authentication this authentication is exercised through possession of device or card. e.g. Id cards or debit cards etc. Two Factor Authentication: In addition of card or device if a person is required to enter PIN or password then it will be called two factor authentication.
- Reliability : Dependability is a subset of integrity. If one can rely upon in times of crisis or disaster data will be called reliable.
Simple Mail Transfer Protocol (SMTP) : Emails are not authentic communication unless specific technology are deployed.
A. Digital signature : Authentic electronic communication results because of digital signatures. These are digital code called a hash value generated and authenticated by a process (Public key encryption).
B. Electronic Signature : Authenticates that person claiming to send has actually sent it and person receiving authenticates and confirm receiving it by user id and password.