A survey of Indian Cyber crime and law and its pre- vention approach

More documents

Recommendations

Info

International Journal of Advanced Computer Technology (IJACT)ISSN:2319-7900Various Cyber CrimeComputer crime, cyber crime [4], e-crime, hi-tech crime orelectronic crime generally refers to criminal activity where acomputer or network is the source, tool, target, or place of acrime. These categories are not exclusive and many activitiescan be characterized as falling in one or more category.Additionally, although the terms computer crime or cybercrime are more properly restricted to describing criminalactivity in which the computer or network is a necessary partof the crime, these terms are also sometimes used to includetraditional crimes, such as fraud, theft, blackmail, forgery,and embezzlement, in which computers or networks are usedto facilitate the illicit activity. Computer crime can broadlybe defined as criminal activity involving an informationtechnology infrastructure, including illegal access (unauthorizedaccess), illegal interception (by technical means ofnon-public transmissions of computer data to, from or withina computer system), data interference (unauthorized damaging,deletion, deterioration, alteration or suppression ofcomputer data), systems interference (interfering with themfunctioning of a computer system by inputting, transmitting,damaging, deleting, deteriorating, altering or suppressingcomputer data), misuse of devices, forgery (ID theft), andelectronic fraud. Basically above various crimes can happenedtwo ways, outside of cyberspace or inside of cyberspace.to their own account followed by withdrawal of money. Byhacking web server taking control on another person‟s websitecalled as web hijacking [6].Trojan AttackThe program that act like something useful but do the thingsthat are quiet damping. The programs of this kind are calledas Trojans. The name Trojan horse is popular. Trojans comein two parts, a Client part and a Server part. When the victim(unknowingly) runs the server on its machine, the attackerwill then use the Client to connect to the Server and startusing the trojan.TCP/IP protocol is the usual protocol typeused for communications, but some functions of the Trojansuse the UDP protocol as well.Virus and Worm attackA program that has capability to infect other programs andmake copies of itself and spread into other programs iscalled virus. Programs that multiply like viruses but spreadfrom computer to computer are called as worms.E-mail & IRC related crimesEmail spoofingEmail spoofing refers to email that appears to have beenoriginated from one source when it was actually sent fromanother source.Technical AspectsTechnological advancements have created new possibilitiesfor criminal activity, in particular the criminal misuse ofinformation technologies from inside (direct attack duringsystem access) or outside (indirect attack via internet) of thecyberspace such asUnauthorized access & HackingAccess means gaining entry into, instructing or communicatingwith the logical, arithmetical, or memory function resourcesof a computer, computer system or computer network[5]. Unauthorized access would therefore mean anykind of access without the permission of either the rightfulowner or the person in charge of a computer, computer systemor computer network. Every act committed towardsbreaking into a computer and/or network is hacking. Hackerswrite or use ready-made computer programs to attack thetarget computer. They possess the desire to destruct and theyget the kick out of such destruction. Some hackers hack forpersonal monetary gains, such as to stealing the credit cardinformation, transferring money from various bank accountsEmail SpammingEmail "spamming" [7] refers to sending email to thousandsand thousands of users - similar to a chain letter.Sending malicious codes through emailE-mails are used to send viruses, Trojans etc through emailsas an attachment or by sending a link of website which onvisiting downloads malicious code.Email bombingE-mail "bombing" is characterized by abusers repeatedlysending an identical email message to a particular address.IRC relatedThree main ways to attack IRC are: "verbal attacks, cloneattacks, and flood attacks.Denial of Service attacksINTERNATIONAL JOURNAL OF ADVANCED COMPUTER TECHNOLOGY | VOLUME 1, NUMBER 2, 49
International Journal of Advanced Computer Technology (IJACT)ISSN:2319-7900Flooding a computer resource with more requests than it canhandle. This causes the resource to crash thereby denyingaccess of service to authorized users.Examples includeAttempts to "flood" a network, thereby preventing legitimatenetwork traffic attempts to disrupt connections between twomachines, thereby preventing access to a service attempts toprevent a particular individual from accessing a service attemptsto disrupt service to a specific system or person.About insider crimeWe generally focus on insider cyber crime. Insider cyberattacks are most dangerous then other attacks because it canhappen any legal access of system. Further, as individualshaving authorized access and with positions of trust, insiderscould be capable of defeating methods not available to outsiders.Insiders have more opportunity (i.e. more favorable(conditions) to select the most vulnerable target and the besttime to perform or attempt to perform the malicious act.They can extend the malicious act over a long period of timeto maximize the likelihood of success. This could include,for example, tampering with safety equipment to prepare foran attempt or act of sabotage or falsifying accountingrecords to repeatedly steal small amounts of nuclear material.In the discussion of computer security there should bealways an assumption that we cannot apply those so calledmethods or constraints for the employees within. Thereforethe insider attacks seem to us like unstoppable. But it is nottrue always. Insiders can be stopped, but stopping them is acomplex problem. Insider attacks can only be preventedthrough a layered defense strategy consisting of policies,procedures, and technical controls. Therefore, managementmust pay close attention to many aspects of its organization,including its business policies and procedures, organizationalculture, and technical environment. It must look beyondinformation technology to the organization‟s overall businessprocesses and the interplay between those processesand the technologies used.Types of insider cyber crimeInsiders may have different motivations and may be passiveor active, non-violent or violent (Fig. 1). The term „motivation‟is used to describe the motive forces that compel anadversary to perform or attempt to perform a malicious act.Motivation may include ideological, personal, financial andpsychological factors and other forces such as coercion. Insiderscould act independently or in collusion with others.They could become malicious on a single impulse, or act ina premeditated and well prepared manner, depending upontheir motivation .An individual could be forced to becomean insider by coercion or by coercing his family members.Passive insiders are non-violent and limit their participationto providing information that could help adversaries to performor attempt to perform a malicious act. Active insidersare willing to provide information, perform actions and maybe violent or non-violent. Active insiders are willing to opendoors or locks, provide hands-on help and aid in neutralizingresponse force personnel. Non-violent active insiders are notwilling to be identified or risk the chance of engaging responseforces and may limit their activities to tamperingwith accounting and control, and safety and security systems.Violent active insiders may use force regardless ofwhether it enhances their chances of success; they may actrationally or irrationally.FIG -1. Categories of insiders.Types of Attacks from InsiderThere are many types of attacks can be occur but most importance‟sare as following:Fraudcases in which current or former customer or contractorsintentionally exceeded or misused an authorized level ofaccess to networks, systems, or data with the intention ofA survey of Indian Cyber crime and law and its prevention approach 50
Page 1: International Journal of Advanced C
Page 5 and 6: International Journal of Advanced C
Page 7 and 8: International Journal of Advanced C

A survey of Indian Cyber crime and law and its pre- vention approach

Create successful ePaper yourself

Delete template?

Save as template?