Welcome to

The World of Cyber Security

Happy Learning
 Chapter 1
INTRODUCTION
TO
CYBER CRIME
“ “Security used to be an
inconvenience
sometimes, but now it’s a
necessity all the time.”
— Martina Navratilova

3
Learning Objectives
Analyse and assess the impact of cybercrime on government,
businesses, individuals and society.
To Identify and Describe cybercrime

To Study and Trace cyber law on cybercrime and define

information security
To Write Classification of cybercrime and able to Characterize
Indian ITA 2000
To Analyze global perspective on cybercrime and corelated it
with supported law

4
Chapter 1
Topic1

5
 Uses of the Internet

• The evolution of
technology and increasing
accessibility of smart tech
means there are multiple
access points within users’
homes for hackers to exploit.

• While law enforcement

attempts to tackle the growing
issue, criminal numbers
continue to grow, taking
advantage of the anonymity of
the internet.
Whats the big
impact?

10
11
Cyber
Crime
Where a computer is the object of
the crime or is used as a tool to
commit an offense.

12
Cybercrime can be partitioned
into two classes:

Crimes that aim • Involve different threats

computer (like virus, bugs etc.)
networks or • Denial-of-service (DoS)
devices attacks.

Crimes that use • Include cyber stalking,

computer • Financial fraud or
networks to • Identity theft.
commit other
criminal activities
13
What are some of the terms related to
cybercrime?

14
Cyberspace Cybersquatting Cyberpunk Cyberwarfare

15
What is Cyberspace?
Cyberspace
• A global domain within the
information environment consisting
of the interdependent network of
information systems infrastructures
• including the Internet,
telecommunications networks,
computer systems, and embedded
processors and controllers

17
What is Cybersquatting?
Cybersquatting
• Cybersquatting is registering, selling
or using a domain name with the
intent of profiting from the goodwill of
someone else's trademark.
• It generally refers to the practice of
buying up domain names that use the
names of existing businesses with the
intent to sell the names for a profit to
those businesses.
19
What is Cyberpunk?
Cyberpunk
• Cyberpunk depicts a fast disintegration
of cultural standards because of an
unavoidable move toward the hard and
fast utilization of computer, to such an
extent that the lines between genuine
individuals and computer become
obscured.

21
What is Cyberwarfare?
Cyberwarfare
• Cyberwarfare includes the
utilization of technology and
innovation to assault different
countries, governments, and
residents by attacking their
computer frameworks and
systems.

23
Chapter 1
Topic 2

24
 Categories of
2 Cybercrime
 Property

Categories
of
Cybercrime

Individual Government

26
 Property Individual Government

• This is like a real-life • This classification of • . A crime against the

instance of a criminal cybercrime includes administration is
illegally having a one individual otherwise called cyber
person's bank or dispersing malicious terrorism.
credit card subtleties. or unlawful data on • Government
• The hacker steals an the web. cybercrime
individual's bank • This can incorporate incorporates hacking
subtleties to access cyberstalking, government sites,
funds, make spreading military sites or
purchases on the web pornography and dispersing
or run phishing scams trafficking. propaganda.
to get individuals to • These criminals are
give away their data. normally terrorists or
foe government of
different countries.

27
Chapter 1
Topic 3

28
Want to explore some of the cybercrimes
occurred in history?

29
30
Chapter 1
Topic 4

31
1 Cybersecurity
What is
Cybersecurity?

33
Cyber Security
• Cybersecurity is the protection of
internet-connected systems such as
hardware, software and data from
cyber-threats.
• The practice is used by individuals
and enterprises to protect against
unauthorized access to data centers
and other computerized systems.

34
What is cybersecurity?
The term ‘cybersecurity’ was coined in 1988 as a result of one of the
first ever registered online viruses: the Morris worm.

Cybersecurity is the protection of your cyber (or digital) assets or

information system from attacks or unauthorised access that are
aimed for exploitation.

The Panama Papers, Yahoo hack and Ashley Madison data breaches
are to name a few of the recent high-profile cyber attacks which have
caused a great deal of damage to organisations and common people.

35
What are the objectives of
Cyber Security?
Objective of
Cyber Security

37
 Availability implies data must be accessible when required
• Resolving hardware and software conflicts, along with regular maintenance is crucial to
keep systems up and available.

Integrity implies keeping up precision and culmination of information

• Data must not be changed in transit, and steps must be taken to ensure that data cannot
be altered by unauthorized people

implies data isn't unveiled to unapproved people, substances and

Confidentiality procedure.
• Encryption services can protect your data at rest or in transit and prevent unauthorized
access to protected data.

38
Cyber Security V/s Information Security
• Cybersecurity and information security are closely related but distinct fields.
• Information security (InfoSec) encompasses the protection of all forms of
information, both digital and physical, ensuring its confidentiality, integrity, and
availability.
• Cybersecurity, on the other hand, is a subset of InfoSec that focuses specifically
on protecting digital data and systems from cyber threats like hacking, malware,
and phishing attacks.

39
Aspect Cyber Security Information Security
Protects all forms of information (digital and physical)
Protects systems, networks, and data from
Definition from unauthorized access, disclosure, alteration, or
cyber threats originating in the digital space.
destruction.
Focused primarily on safeguarding data in Broader scope—covers information in any form,
Scope cyberspace (internet, networks, and digital including paper records, physical assets, and digital
devices). data.
Protection against online attacks such as
Protection against risks like unauthorized access,
Focus Area hacking, phishing, ransomware, malware,
espionage, data breaches, theft, and natural disasters.
and DDoS.
Securing data in transit and storage within Securing the confidentiality, integrity, and availability
Primary Concern
digital infrastructure. (CIA) of all information.

Implementing firewalls, intrusion detection Implementing access control policies, encryption,

Examples
systems, and antivirus software. physical security measures, and backup strategies.

Digital environment (IT systems, IoT, cloud, Digital and non-digital environments (physical
Applicable Domain
networks). documents, verbal communication, IT systems).

Often aligned with standards like NIST Often aligned with standards like ISO/IEC 27001,
Regulations/Standards
Cybersecurity Framework, ISO/IEC 27032. HIPAA, GDPR, and other compliance frameworks.

Network security, ethical hacking, threat Risk management, information governance,

Key Skills Required
detection, malware analysis. compliance, policy development.
40
 Lab
Experiment
How to Encrypt a USB Disk
with BitLocker, Unlocking
with Password or Recovery
Key

41
Chapter 1
Topic 5

42
 Global
1 Cybersecurity
Agenda
What is Global Cybersecurity
Agenda?

44
Global Cybersecurity
Agenda (GCA)
▸ The Global Cybersecurity Agenda (GCA) is
an ITU framework for international
cooperation aimed at proposing strategies
for solutions to enhance confidence and
security in the information society.
▸ It is built on existing national and regional
initiatives to avoid duplication of work and
encourage collaboration amongst all
relevant partners.

45
The Global Cybersecurity Agenda has seven
main strategic goals, built on five work areas
as follows:
47
Chapter 1
Topic 6

48
1 Cyber criminals
Who are cyber criminals?

50
Cyber Criminals
▸ Cyber criminals, also known as hackers,
often use computer systems to gain access
to business trade secrets and personal
information for malicious and exploitive
purposes.
▸ Hackers are extremely difficult to identify on
both an individual and group level due to
their various security measures, such as
proxies and anonymity networks, which
distort and protect their identity.

51
Types of Cyber Criminals
Black Hat Hackers

▸ Black hat hackers are malicious

hackers, sometimes called crackers.
▸ Black hats lack ethics, sometimes
violate laws, and break into computer
systems with malicious intent, and
they may violate the confidentiality,
integrity, or availability of an
organization's systems and data.

53
White Hat Hackers

▸ White hat hackers are the good guys,

who include professional penetration
testers who break into systems with
permission, malware researchers who
study malicious code to provide better
understanding and to disclose
vulnerabilities to vendors, etc.
▸ White hat hackers are also known as
ethical hackers; they follow a code of
ethics and obey laws.

54
Crackers
▸ A cracker is someone who breaks into
someone else's computer system, often
on a network; bypasses passwords or
licenses in computer programs; or in
other ways intentionally breaches
computer security.
▸ A cracker can be doing this for profit,
maliciously, for some altruistic purpose or
cause, or because the challenge is there.

55
 Phreakers
▸ Phreakers are individuals who explore,
experiment with, or exploit telecommunication
systems, particularly the telephone network,
to gain unauthorized access or manipulate its
functionality.
▸ Historically, they focused on reverse-
engineering telephone signaling tones to
make free long-distance calls,
▸ but modern phreaking also involves
computer-based attacks on phone company
systems.

56
Whackers

▸ These are the novice or apprentice

hackers who are studying and learning to
become hackers.
▸ Moreover, hackers who attack wireless
LANs and WANs are sometimes known
as whackers.

57
• Script Kiddies – Inexperienced hackers who use existing tools/scripts
without understanding how they work.
• White Hat Hacker – Ethical hacker who tests and strengthens security
systems legally.
• Black Hat Hacker – Malicious hacker who exploits systems for personal or
financial gain.
• Grey Hat Hacker – Hacker who breaks rules but without malicious intent,
often to expose flaws.
• Green Hat Hacker – Beginner hacker eager to learn and improve hacking
skills.
• Red Hat Hacker – Vigilante hacker who targets and takes down malicious
hackers.
• Hacktivists – Hackers driven by political or social causes to promote an
agenda.
• Cyber Terrorist – Hacker who uses cyberattacks to create fear, harm, or
disruption for political or ideological purposes.
58
Chapter 1
Topic 7

59
 Classification of
Cybercrime
1
Cybercrime against Individual:

•Email spoofing and other online frauds,

•Phishing, Vishing,
•Spamming,
•Cyber stalking and harassment,
•Defamation,
•Pornographic offenses.

Cybercrime against property:

•Credit card fraud,

•Intellectual property (IP) crimes.

Cybercrime against organization:

•Password sniffing,
•DOS attack,
•virus attack,
•Salami attack,
•Trojan horse,
•Data diddling.

Cybercrime against society:

•Forgery,
•Web-jacking, Clickjacking.
61
62
E-mail Spoofing
▸ Email spoofing is the creation of email
messages with a forged sender address.
▸ The core email protocols do not have any
mechanism for authentication, making it
common for spam and phishing emails to
use such spoofing to mislead or even prank
the recipient about the origin of the message.
▸ Email spoofing has been responsible for
public incidents with serious business and
financial consequences

63
Phishing
▸ Phishing is the fraudulent attempt to
obtain sensitive information, or data,
such as usernames, passwords and
credit card details by disguising oneself
as a trustworthy entity in an electronic
communication.
▸ Typically carried out by email spoofing or
instant messaging, phishing often directs
users to enter personal information at a
fake website which matches the look and
feel of the legitimate site.

64
Spamming
▸ Spamming is the use of messaging
systems to send an unsolicited message
(spam) to large numbers of recipients for
the purpose of commercial advertising,
for the purpose of non-commercial
preaching, or for any prohibited purpose.
▸ Spam emails are usually sent to try to
get the person to buy something or do
something else that will cause gain for
the sender.

65
Cyber Stalking and Harassment
▸ Cyberstalking and cyber harassment are
forms of online harassment that involve
persistent, unwanted, and threatening
behavior using electronic communication.
▸ This can include stalking someone online,
sending harassing messages, or creating
fake accounts to defame or intimidate the
victim.
▸ These actions can have serious
consequences for the victim's mental
health and well-being.

66
Defamation
▸ Defamation can be comprehended as
the improper and purposeful spread of
something either in the composed or oral
structure about an individual to hurt his
reputation in the general public.
▸ Libel – a statement that is defamatory
and is published in a written form.
▸ Slander – a defamatory statement
spoken that means a verbal form of
defamation

67
Pornographic Offenses
▸ Publishing/Transmitting: Sharing material depicting
children in explicit sexual acts via computer or
communication devices.
▸ Accessing/Promoting: Seeking, collecting, creating,
downloading, or promoting obscene/sexually explicit child
material in digital form.
▸ Online Exploitation: Cultivating, enticing, or inducing
children into online sexual relationships or acts offensive to a
reasonable adult.
▸ Facilitating Abuse: Enabling or supporting online child
abuse.

68
Credit Card Fraud

▸ Credit card fraud, act committed by any person

who, with intent to defraud, uses a credit card that
has been revoked, cancelled, reported lost, or
stolen to obtain anything of value.
▸ Using the credit card number without possession
of the actual card is also a form of credit card
fraud.

69
Intellectual property (IP) crimes
Intellectual property/capital are terms used to describe intangible
assets: the results of human endeavor that have value and are
original.
Intellectual property theft includes the theft of the following:
▸ Unregistered trade secrets,
▸ Copyrighted, Patented or registered works,
▸ Trademark violations,
▸ Technical notes,
▸ Strategic business planning,
▸ Gray-market distributions,
▸ Counterfeiting,
▸ Illegal distributions
70
Password Sniffing
▸ Password sniffing is a technique used to gain knowledge of
passwords that involves monitoring traffic on a network to
pull out information.
▸ The typical implementation of a password sniffing attack
involves gaining access to a computer connected to a local
area network and installing a password sniffer on it.
▸ The password sniffer is a small program that listens to all
traffic in the attached network(s), builds data streams out of
TCP/IP packets, and extracts usernames and passwords
from those streams that contain protocols that send cleartext
passwords.

71
DOS Attack

▸ Denial-of-service attack (DoS attack) is a cyber-

attack in which the perpetrator seeks to make a
machine or network resource unavailable to its
intended users by temporarily or indefinitely
disrupting services of a host connected to the
Internet.

▸ DoS attacks can cost an organization both time

and money while their resources and services are
inaccessible

72
Virus Attack

▸ A virus is a software program written to change

the behavior of a computer or other device on a
network, without the permission or knowledge of
the user.
▸ A virus is a program that spreads from machine to
machine, for the most part making harm to every
framework.
▸ Viruses are a major cause of shutdown of network
components.

73
Salami Attack

▸ A salami attack is when small attacks add up to

one major attack that can go undetected due to
the nature of this type of cyber crime. It also
known as salami slicing.
▸ Although salami slicing is often used to carry out
illegal activities, it is only a strategy for gaining an
advantage over time by accumulating it in small
increments, so it can be used in perfectly legal
ways as well.

74
Data Diddling

▸ Data diddling includes changing information

entered to a computer.
▸ Data diddling is a type of cybercrime in which data
is altered as it is entered into a computer system,
most often by a data entry clerk or a computer
virus.
▸ Computerized processing of the altered data
results in a fraudulent benefit.

75
Forgery

▸ Forgery is a white-collar crime that generally

refers to the false making or material alteration of
a legal instrument with the specific intent to
defraud anyone (other than themself).
▸ Tampering with a certain legal instrument may be
forbidden by law in some jurisdictions but such an
offense is not related to forgery unless the
tampered legal instrument was actually used in
the course of the crime to defraud another person
or entity.

76
Web Jacking

▸ Illegally seeking control of a website by taking

over a domain is know as Web Jacking.
▸ Web jacking is simply when someone clones your
website, and tricks you to believe the cloned site
is yours.
▸ The malicious link is placed somewhere on your
webpage waiting for a click. Immediately, you click
on it; a malicious web server replaces it.
▸ And that means you have lost complete access to
your website.

77
How to secure yourself ?
• Do not click on any links or open any attachments from
unknown sources.
Before Cyber • Check your social media settings and make sure
Attack they’re private.
• To limit impact, regularly back up important files using
an external drive.

• Minimize the damage by notifying your ISP to block the

offender further upstream, and deciding whether to
During Cyber block or monitor the intruder’s activity.
Attack
• Gather forensic data from the affected systems.
• Report threats to local law enforcement agencies.
• Continue to monitor the affected system to detect any
After Cyber malicious software or file.
Attack
• Initiate measures to prevent future attacks.
78