Case study on cyber crime

Case Study on Cyber Crime

Mehta Ishani J

2nd M.E.(C.S.E)

130040701003

[email protected]

B.H.Gardi College of Engineering and Technology

mailto:[email protected]

Case Study on Cyber Crime Mehta Ishani J


2

Table of Contents

Introduction ........................................................................................................ 3

The Evolution of Cyber Crime ...................................................................... 4

Categories of Cyber Crime ............................................................................ 6

Cyber Crime Tools ............................................................................................. 8

Real World Cases ........................................................................................... 111

Current occurring Crime News .................................................................... 27

Statistical Overview ..................................................................................... 30

Conclusion .......................................................................................................... 32

References .......................................................................................................... 33



3

Introduction

In 1960s internet was developed for better communication and

research. With advancement of technology and expansion of

internet every area becomes easy to access but it also provides

a pathway to commit crimes easily without any effort only

sitting on a system.

The rapid growth of the Internet, not just in terms of users,

but also in terms of functionality has allowed entire industries

to move their operations, and importantly their money onto the

Internet. This has lead naturally towards a prolific growth in

criminal activity conducting solely through virtual means.

Some human minds of criminal nature use internet as a tool of

crime which is now known as cyber crime committed in cyber

space. Cyber crime is now the burning issue for all countries to

handle because most of data is transferred online even

governmental data also. Cyber crime term is used to describe

criminal activity in which computer or computer network are a

tool or target of criminal activity to denial of service attack.

It also include traditional crime in which computer are used.

Cyber crime mainly consists of unauthorized access to Data and

data alteration, data destruction, theft of funds or

intellectual property. Due to these online criminal activities

cyberspace is most unsafe place to do business. Word cyber space

was first used by William Gibson, in his book, Necromancer,

written in 1984. Cyberspace can be defined as a virtual world of

computers where internet is involved, where individuals can

interact, conduct business, do transactions, develop graphics.

In this case study I will discuss many types of cyber crime

commonly committed with some current case happened in various

cities. I will also discuss statics



4

The Evolution of Cyber Crime

Cybercrime evolved from hacking of another system, the public

switched telephone network. These phone “phreakers” developed

methods of breaking into phone systems to make long distance

calls for free. Perhaps, the most famous of these phreakers was

John Draper (aka "Cap'n Crunch"), who discovered that toy

whistles given away with Cap'n Crunch cereals generate a 2600-

hertz sound, which can be used to access AT&T's long-distance

switching system. Draper proceeded onto build a "blue box"

which, when used together with the whistle, allowed phreakers to

make free calls. Shortly after, wire fraud in the United States

escalates. Draper was arrested on toll fraud charges in 1972 and

sentenced to five years' probation.

In the 1970's, the first affordable personal computers became

available on the market, and it was shortly thereafter that the

first bulletin board service, or BBS, was established. Still,

even as the Internet grew, getting online was far from easy.

Designers of operating systems at the time had no idea how

important the Internet would be. They didn’t design software

with built-in functionality to connect to an Internet service

provider. ISPs were few and far between, and very pricey. For a

user to connect to the Internet, they would have to obtain,

install and configure a number of settings that could be tricky

for the casual user.

Online services such as CompuServe, AOL, and Prodigy helped to

solve this problem. They provided their subscribers with

software that would enable them to connect to their service with

relative ease.

In 1986, alarmed by the larger numbers of computer break-ins,

the US government passes the Computer Fraud and Abuse Act. This

made it a crime to illegally break into computer networks. The

law did not apply to juveniles.

Robert Morris became the first person to be convicted under the

new Computer Fraud and Abuse Act of 1986. Morris was punished

for his Internet worm, which crashed 6,000 Net-linked government

and university computers.



5

Price was still an issue, though, but in the early 1990’s, costs

for the user dropped to around $3 an hour, and eventually, to

less than $20 a month for unlimited usage, allowing not only the

Internet to grow exponentially, but also for criminals to learn

how to effectively exploit the system.

Computers are now ubiquitous and many tasks performed in the

daily lives of users depend on computers and computer networks.

The Internet has become a mission-critical infrastructure for

governments, companies, and financial institutions. Computers

and networks are used for controlling and managing manufacturing

processes, water supplies, the electric power grid, air traffic

control systems, and stock market systems, to mention a few.

A benefit of online services that attracts criminals is the

anonymity they offer, making it easier for criminals to change

identities and cover their tracks. The rapid growth of the

Internet in the mid 1990’s gave rise to cybercrime as we know it

today.

Ten years ago, hackers were dabbling on other systems to only

see how they were configured and operated. Most of the time they

did not cause any damage. Unfortunately, the circumstances have

changed and become incredibly malicious. Instead of being driven

by curiosity, hackers today are driven mostly by financial

motives.

The value of Internet activities and the wealth stored on

computers is the source of the attraction. While e-commerce

represents only a fraction of total commerce, it reached almost

$70 billion in the U.S. at the end of 2004, an increase of 24

percent over 20033. A third of the U.S. workforce is online,

roughly 50 million people, an important consideration since more

than half of e-commerce transactions are made from work.

Sixty million residents of North America, almost half of the

Internet user population in Canada and the U.S., have online

bank accounts. The combination of banking and commerce draws

criminals more than anything else.



6

Categories of Cyber Crime

Cybercrime has manifested itself in many different forms over

the years. The following points are illustrative of some of the

different categories that criminals have entered.

1) Spam - Although for much of history, spam was not

technically a crime, the 2003 CAN-SPAM Act4 changed legal

definitions on what is acceptable. Spam now represents more

than 50 percent of all email transmitted over the Internet.

It’s costs, which Internet service providers (ISPs) pass on

to their customers, are enormous. With spam’s ubiquity

comes a whole culture and industry devoted to fighting it.

Large groups of people, such as the Spamhaus Project, spend

enormous effort to identify the sources of spam so as to

block their activity. New technologies have been created to

flag its sources, like blacklists, and spam identification

through Bayesian filters, distributed checksum databases,

and other advanced heuristics. Increasingly on the

defensive, spammers are fighting back by becoming more

sophisticated, generating unique messages, and using

subverted computers to send messages.

2) Extortion and Damaging Reputations - In the Internet

variant of blackmail, criminal gangs will threaten

companies with disruption of their networks, through denial

of service attacks, or the theft of valuable information,

unless they pay ransom into offshore bank accounts.

Defacement of a company’s website can cause not just

embarrassment but loss of sales. In other cases, spite or a

desire to inflict harm means that the attack will be

executed without warning.

3) Fraud and Phishing - The anonymity and opportunities for misrepresentation found on the Internet make fraud easy.

Consumer Sentinel, a complaint database developed and

maintained by the US Federal Trade Commission5, has

recorded more than 390,000 Internet-related fraud

complaints regarding transactions involving over US$540

million losses in 2004 alone.

Fraud schemes are usually peddled by individuals who spam

potential victims, such as the Nigerian, or 419, scam. But

as the number of fraud cases has increased, so has the



7

public’s awareness of them; fraudsters are increasingly

forced to resort to more intricate schemes.

New practices like “phishing” are gaining popularity with

fraudsters. Using this scheme, criminals create email

messages with return addresses, links, and branding that

seem to come from trusted, well-known organizations with

the hope to convince victims to disclose sensitive

information.

This practice originates in attempts to fool America Online

users into parting with their screen names and passwords in

the mid-1990s. The goal these days is to extract

information from a victim that crackers can use for

financial gain. A commonly targeted item is victim’s credit

card information.

Criminals also want access to Internet payment systems such

as e-Bullion, egold, or PayPal; online transaction services

such as Authorize.Net, iBill, and Verotel; and Internet

accessible banks which includes almost all major banks

today.

4) Service Disruption - A cybercriminal can use an Internet

attack to disrupt a key service. Denial of service attacks

are one method, worms and viruses containing malicious code

are another.

A major auto manufacturer was one of many companies that

had to shutdown its e-mail network for a few days because

of the Love Letter virus.

5) Information Theft - The most damaging category of Internet crime, information theft can take several forms.

Cybercriminals can extract personal identification

information or credit information from a company’s database

and affect thousands of consumers. Cybercriminals can also

extract a company’s own financial information.

Finally, cybercriminals can steal valuable intellectual

property from a company. While the reported cost of

information theft is declining, it remains one of the

greatest Internet risks a company can face.



8

6) Money Laundering - The growth of global financial services makes it easy to conduct banking operations across borders

over the Internet. The Financial Action Task Force, a group

of national law enforcement agencies, notes that “within

the retail banking sector, services such as telephone and

Internet banking allow customers to execute transactions on

a non face-to-face basis from any location with telephone

or Internet access.”

While use of the Internet provides law enforcement agencies

a greater ability to trace transactions through electronic

records, the volume of transactions, the anonymity, and the

lack of consistent record-keeping make it attractive to

criminals and terrorists.

Cyber Crime Tools

Cybercriminals have developed a wide array of potential tools

that have had varying degrees of success over the years. The

following are a short list of some of these techniques.

1) Bots — A bot (short for robot) is a computer on which a worm or virus has installed programs that run automatically

and allow cybercriminals access and control. Cybercriminals

use viruses or other bots to search for vulnerable

computers where they can load their own programs or store

data.

A botnet is a collection of these infected machines that

can be centrally controlled and used to launch simultaneous

attacks. Spammers, hackers, and other cybercriminals are

acquiring or renting botnets, making it harder for

authorities to track down the real culprits.

2) Keylogging — Keyloggers are programs that covertly recover the keys typed by a computer user and either stores the

data for later access or secretly sends the information to

the author. The advantage of a keylogger program is that

the cybercriminal does not need to trick a user into

supplying sensitive information.

3) Bundling — Covertly attaching a virus or spyware to a

benign or legitimate download, such as a screensaver or a

game. When the computer user downloads and installs the

legitimate file, they are unwittingly also giving

permission to install the criminal program.



9

4) Denial of Service — An attack specifically designed to

prevent the normal functioning of a computer network or

system and to prevent access by authorized users.

A distributed denial of service attack uses thousands of

computers captured by a worm or trojan to send a landslide

of data in a very short time. Attackers can cause denial of

service attacks by destroying or modifying data or by using

zombie computers to bombard the system with data until its

servers are overloaded and cannot serve normal requests.

5) Packet Sniffers — Software programs that monitor’s network traffic. Attackers use packet sniffers to capture and

analyze data transmitted via a network. Specialized

sniffers capture passwords as they cross a network.

6) Rootkit — A set of tools used by an intruder after hacking a computer. The tools allow the cybercriminal to maintain

access, prevent detection, build in hidden backdoors, and

collect information from both the compromised computer.

7) Spyware — Software that gathers information without the

users’ knowledge. Spyware is typically bundled covertly

with another program. The user does not know that

installing one also installs the other. Once installed, the

spyware monitors user activity on the Internet and

transmits that information in the background to someone

else.

8) Social Engineering — Social engineering is not limited to cybercrime, but it is an important element for cyber fraud.

Social engineering tricks deceive the recipient into taking

an action or revealing information. The reasons given seem

legitimate but the intent is criminal.

Phishing is an obvious example, a certain percentage of

users will respond unthinkingly to a request that appears

to be from a legitimate institution.

9) Worms and Trojans — A trojan is a malicious program

unwittingly downloaded and installed by computer users.

Some trojans pretend to be a benign application. Many hide

in a computer’s memory as a file with a nondescript name.

Trojans contain commands that a computer automatically

executes without the user’s knowledge. Sometimes it can act

as a zombie and send spam or participate in a distributed



10

denial of service attack. It may be a keylogger or other

monitoring program that collects data and sends it covertly

to the attacker.

Worms are wholly contained viruses that travel through

networks, automatically duplicate themselves and send

themselves to other computers whose addresses are in the

host computer.

In the past, cybercriminals occasionally use worms and

trojans to hijack a victim’s Web browsers. They replace

the victims’ home and search pages with links to Web spam,

as well as drop links to the spam in the victims’ bookmarks

and on their desktops. To make money, they infect computers

with malicious code that generates fraudulent ad views.

10) Virus — A program or piece of code that spreads from

computer to computer without the users’ consent. They

usually cause an unexpected and negative event when run by

a computer. Viruses contaminate legitimate computer

programs and are often introduced through e-mail

attachments, often with clever titles to attract the

curious reader.

11) Internet message boards – Internet message boards

dedicated to stocks are fertile ground for impersonators. A

habit of many posters to these boards is to cut-and-paste

press releases and news stories from other electronic

sources into their posts to alert other posters and

visitors to that information. Frequently, posters will

paste in a hyperlink to direct a reader to a source

directly, as Hoke did in the PairGain hoax.6 In addition to

the rising threat, as national level attacks become more

plausible, the vulnerabilities have also increased.



11

Real World Cases

This section presents real world cases. First the various

scenarios are covered. A detailed discussion on the various

cyber crimes, is covered from the ASCL publication titled

“Understanding Hackers and Cyber Criminals”. Then the applicable

law and legal liabilities are covered. Then the modus operandi

usually followed by the criminals is discussed.

1 Orkut Fake Profile cases

Orkut.com is a very popular online community and social

networking website. Orkut users can search for and interact with

people who share the same hobbies and interests. They can create

and join a wide variety of online communities. The profiles of

Orkut members are publicly viewable.

The scenarios

1. A fake profile of a woman is created on Orkut. The profile displays her correct name and contact information (such as

address, residential phone number, cell phone number etc).

Sometimes it even has her photograph. The problem is that

the profile describes her as a prostitute or a woman of

“loose character” who wants to have sexual relations with

anyone. Other Orkut members see this profile and start

calling her at all hours of the day asking for sexual

favours. This leads to a lot of harassment for the victim

and also defames her in society.

2. An online hate community is created. This community

displays objectionable information against a particular

country, religious or ethnic group or even against national

leaders and historical figures.

3. A fake profile of a man is created on Orkut. The profile contains defamatory information abut the victim (such as

his alleged sexual weakness, alleged immoral character etc)

The law

Scenario 1: Section 67 of Information Technology Act and

section 509 of the Indian Penal Code.

Scenario 2: Section 153A and 153B of Indian Penal Code.

Scenario 3: Section 500 of Indian Penal Code.

Who is liable?

Scenario 1: Directors of Orkut as well as all those who

create and update the fake profile.

Scenario 2: Same as Scenario 1.



12

Scenario 3: Same as Scenario 1.

The motive

Scenario 1: Jealousy or revenge (e.g. the victim may have

rejected the advances made by the suspect).

Scenario 2: Desire to cause racial hatred (e.g. Pakistani

citizens creating an anti-India online community).

Scenario 3: Hatred (e.g. a school student who has failed

may victimize his teachers).

Modus Operandi

1. The suspect would create a free Gmail account using a

fictitious name.

2. The email ID chosen by him would be unrelated to his

real identity.

3. The suspect would then login to Orkut.com and create the

offensive profile.

2 Email Account Hacking

Emails are increasingly being used for social interaction,

business communication and online transactions. Most email

account holders do not take basic precautions to protect their

email account passwords. Cases of theft of email passwords and

subsequent misuse of email accounts are becoming very common.

The scenarios

1. The victim’s email account password is stolen and the account is then misused for sending out malicious code

(virus, worm, Trojan etc) to people in the victim’s

address book. The recipients of these viruses believe

that the email is coming from a known person and run the

attachments. This infects their computers with the

malicious code.

2. The victim’s email account password is stolen and the hacker tries to extort money from the victim. The victim

is threatened that if he does not pay the money, the

information contained in the emails will be misused.

3. The victim’s email account password is stolen and

obscene emails are sent to people in the victim’s

address book.

The law

Scenario 1: Sections 43 and 66 of Information Technology

Act.



13


Act and section 384 of Indian Penal Code.

Scenario 3: Sections 43, 66 and 67 of Information

Technology Act and section 509 of the Indian Penal Code.

Who is liable?

Scenario 1: Persons who have stolen the email account

password and who are misusing the email account.


password and who are threatening to misuse it.


password and who are misusing the email account.

The motive

Scenario 1: Corporate Espionage, perverse pleasure in being

able to destroy valuable information belonging to strangers

etc.

Scenario 2: Illegal financial gain.

Scenario 3: Revenge, jealousy, hatred.

Modus Operandi

1. The suspect would install keyloggers in public computers

(such as cyber cafes, airport lounges etc) or the computers

of the victim.

2. Unsuspecting victims would login to their email accounts

using these infected computers.

3. The passwords of the victim’s email accounts would be

emailed to the suspect.

3 Credit Card Fraud

Credit cards are commonly being used for online booking of

airline and railway tickets and for other ecommerce

transactions. Although most of ecommerce websites have

implemented strong security measures (such as SSL, secure web

servers etc), instances of credit card frauds are increasing.

The scenario

The victim’s credit card information is stolen and misused

for making online purchases (e.g. airline tickets,

software, subscription to pornographic websites etc).

The law

Sections 43 and 66 of Information Technology Act and

section 420 of Indian Penal Code.



14

Who is liable?

All persons who have stolen the credit card information as

well as those who have misused it.

The motive

Illegal financial gain.

Modus Operandi

Scenario 1: The suspect would install keyloggers in public

computers (such as cyber cafes, airport lounges etc) or the

computers of the victim. Unsuspecting victims would use

these infected computers to make online transactions. The

credit card information of the victim would be emailed to

the suspect.

Scenario 2: Petrol pump attendants, workers at retail

outlets, hotel waiters etc note down information of the

credit cards used for making payment at these

establishments. This information is sold to criminal gangs

that misuse it for online frauds.

4 Online Share Trading Fraud

With the advent of dematerialization of shares in India, it has

become mandatory for investors to have demat accounts. In most

cases an online banking account is linked with the share trading

account. This has led to a high number of online share trading

frauds.

The scenario

Scenario 1: The victim’s account passwords are stolen and

his accounts are misused for making fraudulent bank

transfers.

Scenario 2: The victim’s account passwords are stolen and

his share trading accounts are misused for making

unauthorized transactions that result in the victim making

losses.

The law





Who is liable?

Scenario 1: All persons who have stolen the account

information as well as those who have misused it.

Scenario 2: All persons who have stolen the account

information as well as those who have misused it.



15

The motive

Scenario 1: Illegal financial gain

Scenario 2: Revenge, jealousy, hatred

Modus Operandi

Scenario 1: The suspect would install keyloggers in public

computers (such as cyber cafes, airport lounges etc) or the

computers of the victim. Unsuspecting victims would use

these infected computers to login to their online banking

and share trading accounts. The passwords and other

information of the victim would be emailed to the suspect.

Scenario 2: Same as scenario 1.

5 Tax Evasion and Money Laundering

Many unscrupulous businessmen and money launderers (havala

operators) are using virtual as well as physical storage media

for hiding information and records of their illicit business.

The scenario

Scenario 1: The suspect uses physical storage media for

hiding the information e.g. hard drives, floppies, USB

drives, mobile phone memory cards, digital camera memory

cards, CD ROMs, DVD ROMs, iPods etc.

Scenario 2: The suspect uses virtual storage media for

hiding the information e.g. email accounts, online

briefcases, FTP sites, Gspace etc.

The law

Scenario 1: Depending upon the case, provisions of the

Income Tax Act and Prevention of Money Laundering Act will

apply.

Scenario 2: Depending upon the case, provisions of the

Income Tax Act and Prevention of Money Laundering Act will

apply.

Who is liable?

Scenario 1: The person who hides the information.

Scenario 2: The person who hides the information. If the

operators of the virtual storage facility do not cooperate

in the investigation, then they also become liable.

The motive





16

Modus Operandi

Scenario 1: The suspect would purchase small storage

devices with large data storage capacities.

Scenario 2: The suspect would open free or paid accounts

with online storage providers.

6 Source Code Theft

Computer source code is the most important asset of software

companies. Simply put, source code is the programming

instructions that are compiled into the executable files that

are sold by software development companies. As is expected, most

source code thefts take place in software companies. Some cases

are also reported in banks, manufacturing companies and other

organizations that get original software developed for their

use.

The scenario

Scenario 1: The suspect (usually an employee of the victim)

steals the source code and sells it to a business rival of

the victim.

Scenario 2: The suspect (usually an employee of the victim)

steals the source code and uses it as a base to make and

sell his own version of the software.

The law

Scenario 1: Sections 43, 65 and 66 of the Information

Technology Act, section 63 of the Copyright Act.

Scenario 2: Sections 43, 65 and 66 of the Information

Technology Act, section 63 of the Copyright Act.

Who is liable?

Scenario 1: The persons who steal the source code as well

as the persons who purchase the stolen source code.

Scenario 2: The persons who steal the source code.

The motive



Modus Operandi

Scenario 1: If the suspect is an employee of the victim, he

would usually have direct or indirect access to the source

code. He would steal a copy of the source code and hide it

using a virtual or physical storage device. If the suspect

is not an employee of the victim, he would hack into the

victim’s servers to steal the source code. Or he would use



17

social engineering to get unauthorized access to the code.

He would then contact potential buyers to make the sale.

Scenario 2: If the suspect is an employee of the victim, he

would usually have direct or indirect access to the source

code. He would steal a copy of the source code and hide it

using a virtual or physical storage device. If the suspect

is not an employee of the victim, he would hack into the

victim’s servers to steal the source code. Or he would use

social engineering to get unauthorized access to the code.

He would then modify the source code (either himself or in

association with other programmers) and launch his own

software.

7 Theft of Confidential Information

Most business organizations store their sensitive information in

computer systems. This information is targeted by rivals,

criminals and sometimes disgruntled employees.

The scenario

Scenario 1: A business rival obtains the information (e.g.

tender quotations, business plans etc) using hacking or

social engineering. He then uses the information for the

benefit of his own business (e.g. quoting lower rates for

the tender).

Scenario 2: A criminal obtains the information by hacking

or social engineering and threatens to make the information

public unless the victim pays him some money.

Scenario 3: A disgruntled employee steals the information

and mass mails it to the victim’s rivals and also posts it

to numerous websites and newsgroups.

The law

Scenario 1: Sections 43 and 66 of the Information

Technology Act, section 426 of Indian Penal Code.





Who is liable?

Scenario 1: The persons who steal the information as well

as the persons who misuse the stolen information.

Scenario 2: The persons who steal the information as well

as the persons who threaten the victim and extort money.

Scenario 3: The disgruntled employee as well as the persons

who help him in stealing and distributing the information.



18

The motive



Scenario3: Revenge.

Modus Operandi

Scenario 1: The suspect could hire a skilled hacker to

break into the victim systems. The hacker could also use

social engineering techniques.

Illustration: A very good looking woman went to meet the

system administrator (sysadmin) of a large company. She

interviewed the sysadmin for a “magazine article”.

During the interview she flirted a lot with the sysadmin

and while leaving she “accidentally” left her pen drive at

the sysadmin’s room. The sysadmin accessed the pen drive

and saw that it contained many photographs of the lady. He

did not realize that the photographs were Trojanized!

Once the Trojan was in place, a lot of sensitive

information was stolen very easily.

Illustration: The sysadmin of a large manufacturing company

received a beautifully packed CD ROM containing “security

updates” from the company that developed the operating

system that ran his company’s servers. He installed the

“updates” which in reality were Trojanized software.

For 3 years after that a lot of confidential information

was stolen from the company’s systems!

Scenario 2: Same as scenario 1.

Scenario 3: The disgruntled employee would usually have

direct or indirect access to the information. He can use

his personal computer or a cyber café to spread the

information.

8 Software Piracy

Many people do not consider software piracy to be theft. They

would never steal a rupee from someone but would not think twice

before using pirated software. There is a common perception

amongst normal computer users to not consider software as

“property”. This has led to software piracy becoming a

flourishing business.

The scenario

Scenario 1: The software pirate sells the pirated software

in physical media (usually CD ROMs) through a close network

of dealers.

Scenario 2: The software pirate sells the pirated software

through electronic downloads through websites, bulletin

boards, newsgroups, spam emails etc.



19

The law


Technology Act, section 63 of Copyright Act.



Who is liable?

Scenario 1: The software pirate as well as the persons who

buy the pirated software from him.

Scenario 2: The software pirate as well as the persons who

buy the pirated software from him.

The motive



Modus Operandi

Scenario 1: The suspect uses high speed CD duplication

equipment to create multiple copies of the pirated

software. This software is sold through a network of

computer hardware and software vendors.

Scenario 2: The suspect registers a domain name using a

fictitious name and then hosts his website using a service

provider that is based in a country that does not have

cyber laws. Such service providers do not divulge client

information to law enforcement officials of other

countries.

9 Music Piracy

Many people do not consider music piracy to be theft. They would

never steal a rupee from someone but would not think twice

before buying or using pirated music. There is a common

perception amongst people users to not consider music as

“property”. There is a huge business in music piracy. Thousands

of unscrupulous businessmen sell pirated music at throw away

prices.

The scenario

Scenario 1: The music pirate sells the pirated music in

physical media (usually CD ROMs) through a close network of

dealers.

Scenario 2: The music pirate sells the pirated music

through electronic downloads through websites, bulletin

boards, newsgroups, spam emails etc.



20

The law





Who is liable?

Scenario 1: The music pirate as well as the persons who buy

the pirated software from him.

Scenario 2: The music pirate as well as the persons who buy

the pirated software from him.

The motive



Modus Operandi

Scenario 1: The suspect uses high speed CD duplication

equipment to create multiple copies of the pirated music.

This music is sold through a network of dealers.

Scenario 2: The suspect registers a domain name using a

fictitious name and then hosts his website using a service

provider that is based in a country that does not have

cyber laws. Such service providers do not divulge client

information to law enforcement officials of other

countries.

10 Email Scams

Emails are fast emerging as one of the most common methods of

communication in the modern world. As can be expected, criminals

are also using emails extensively for their illicit activities.

The scenario

In the first step, the suspect convinces the victim that

the victim is going to get a lot of money (by way of

winning a lottery or from a corrupt African bureaucrat who

wants to transfer his ill gotten gains out of his home

country). In order to convince the victim, the suspect

sends emails (some having official looking documents as

attachments).

Once the victim believes this story, the suspect asks for a

small fee to cover legal expenses or courier charges. If

the victim pays up the money, the suspect stops all

contact.

The law

Section 420 of Indian Penal Code



21

Who is liable?

The sender of the email.

The motive


Modus Operandi

The suspect creates email accounts in fictitious names and

sends out millions of fraudulent emails using powerful spam

software.

11 Phishing

With the tremendous increase in the use of online banking,

online share trading and ecommerce, there has been a

corresponding growth in the incidents of phishing being used to

carry out financial frauds. Phishing involves fraudulently

acquiring sensitive information (e.g. passwords, credit card

details etc) by masquerading as a trusted entity.

The scenario

Scenario 1: The victim receives an email that appears to

have been sent from his bank. The email urges the victim to

click on the link in the email. When the victim does so, he

is taken to “a secure page on the bank’s website”. The

victim believes the web page to be authentic and he enters

his username, password and other information. In reality,

the website is a fake and the victim’s information is

stolen and misused.

The law

Sections 43 and 66 of Information Technology Act and

sections 419, 420 and 468 of Indian Penal Code.

Who is liable?

All persons involved in creating and sending the fraudulent

emails and creating and maintaining the fake website. The

persons who misuse the stolen or “phished” information are

also liable.

The motive


Modus Operandi

The suspect registers a domain name using fictitious

details. The domain name is usually such that can be

misused for spoofing e.g. Noodle Bank has its website at



22

www.noodle.com The suspects can target Noodle customers

using a domain name like www.noodle-bank-customerlogin.com

The suspect then sends spoofed emails to the victims. e.g.

the emails may appear to come from [email protected] The fake

website is designed to look exactly like the original

website.

12 Cyber Pornography

Cyber pornography is believed to be one of the largest

businesses on the Internet today. The millions of pornographic

websites that flourish on the Internet are testimony to this.

While pornography per se is not illegal in many countries, child

pornography is strictly illegal in most nations today.

Cyber pornography includes pornographic websites, pornographic

magazines produced using computers (to publish and print the

material) and the Internet (to download and transmit

pornographic pictures, photos, writings etc).

The scenario

The suspect accepts online payments and allows paying

customers to view / download pornographic pictures, videos

etc from his website.

The law

Section 67 of Information Technology Act.

Who is liable?

The persons who create and maintain the pornographic

websites are liable. In some cases cyber café owners and

managers may also be liable in case they knowingly allow

their customers to access the pornographic websites.

The motive


Modus Operandi

The suspect registers a domain name using fictitious

details and hosts a website on a server located in a

country where cyber pornography is not illegal. The suspect

accepts online payments and allows paying customers to view

download pornographic pictures, videos etc from his

website.




23

13 Online Sale of Illegal Articles

It is becoming increasingly common to find cases where sale of

narcotics drugs, weapons, wildlife etc. is being facilitated by

the Internet. Information about the availability of the products

for sale is being posted on auction websites, bulletin boards

etc.

The scenario

The suspect posts information about the illegal sale that

he seeks to make. Potential customers can contact the

seller using the email IDs provided. If the buyer and

seller trust each other after their email and / or

telephonic conversation, the actual transaction can be

concluded. In most such cases the buyer and seller will

meet face to face at the time of the final transaction.

Illustration: In March 2007, the Pune rural police cracked

down on an illegal rave party and arrested hundreds of

illegal drug users. The social networking site, Orkut.com,

is believed to be one of the modes of communication for

gathering people for the illegal “drug” party.

The law

Depending upon the illegal items being transacted in,

provisions of the Narcotic Drugs and Psychotropic

Substances Act, Arms Act, Indian Penal Code, Wildlife

related laws etc may apply.

Who is liable?

The persons who buy and sell these items.

The motive


Modus Operandi

The suspect creates an email ID using fictitious details.

He then posts messages, about the illegal products, in

various chat rooms, bulletin boards, newsgroups etc.

Potential customers can contact the seller using the email

IDs provided. If the buyer and seller trust each other

after their email and / or telephonic conversation, the

actual transaction can be concluded. In most such cases the

buyer and seller will meet face to face at the time of the

final transaction.



24

14 Use of Internet and Computers by Terrorists

Many terrorists are using virtual as well as physical storage

media for hiding information and records of their illicit

business. They also use emails and chat rooms to communicate

with their counterparts around the globe.

The scenario

The suspects carry laptops wherein information relating to

their activities is stored in encrypted and password

protected form. They also create email accounts using

fictitious details. In many cases, one email account is

shared by many people. E.g. one terrorist composes an email

and saves it in the draft folder. Another terrorist logs

into the same account from another city / country and reads

the saved email. He then composes his reply and saves it in

the draft folder. The emails are not actually sent. This

makes email tracking and tracing almost impossible.

Terrorists also use physical storage media for hiding the

information e.g. hard drives, floppies, USB drives, mobile

phone memory cards, digital camera memory cards, CD ROMs,

DVD ROMs, iPods etc. They also use virtual storage media

for hiding the information e.g. email accounts, online

briefcases, FTP sites, Gspace etc.

The law

Terrorists are covered by conventional laws such as Indian

Penal Code and special legislation relating to terrorism.

Who is liable?

Terrorists as well as those who help them to protect their

information are liable. If email service providers do not

assist the law enforcement personnel in the investigation

then they are also legally liable.

The motive

Keeping terrorism related information confidential. Secure

communication amongst terrorist group members.

Modus Operandi

The terrorists purchase small storage devices with large

data storage capacities. They also purchase and use

encryption software. The terrorists may also use free or

paid accounts with online storage providers.



25

15 Virus Attacks

Computer viruses are malicious programs that destroy electronic

information. As the world is increasingly becoming networked,

the threat and damage caused by viruses is growing by leaps and

bounds.

The scenario

Scenario 1: The virus is a general “in the wild” virus.

This means that it is spreading all over the world and is

not targeted at any specific organization.

Scenario 2: The virus targets a particular organization.

This type of a virus is not known to anti-virus companies

as it is a new virus created specifically to target a

particular organization.

The law





Who is liable?

Scenario 1: The creator of the virus.

Scenario 2: The creator of the virus as well as the buyer

who purchases the virus (usually to target his business

rivals).

The motive

Scenario 1: Thrill and a perverse pleasure in destroying

data belonging to strangers.

Scenario 2: Illegal financial gain, revenge, business

rivalry.

Modus Operandi

Scenario 1: A highly skilled programmer creates a new type

or strain of virus and releases it on the Internet so that

it can spread all over the world. Being a new virus, it

goes undetected by many anti-virus software and hence is

able to spread all over the world and cause a lot of

damage. Anti-virus companies are usually able to find a

solution within 8 to 48 hours.

Scenario 2: A highly skilled programmer creates a new type

or strain of virus. He does not release it on the Internet.

Instead he sells it for a huge amount of money. The buyer

uses the virus to target his rival company. Being a new

virus, it may be undetected by the victim company’s anti-

virus software and hence would be able to cause a lot of



26

damage. Anti-virus companies may never get to know about

the existence of the virus.

16 Web Defacement

Website defacement is usually the substitution of the original

home page of a website with another page (usually pornographic

or defamatory in nature) by a hacker. Religious and government

sites are regularly targeted by hackers in order to display

political or religious beliefs. Disturbing images and offensive

phrases might be displayed in the process, as well as a

signature of sorts, to show who was responsible for the

defacement. Websites are not only defaced for political reasons,

many defacers do it just for the thrill.

The scenario

The homepage of a website is replaced with a pornographic

or defamatory page. In case of Government websites, this is

most commonly done on symbolic days (e.g. the Independence

day of the country).

The law

Sections 43 and 66 of Information Technology Act [In some

cases section 67 and 70 may also apply].

Who is liable?

The person who defaces the website.

The motive

Thrill or a perverse pleasure in inciting communal

disharmony.

Modus Operandi

The defacer may exploit the vulnerabilities of the

operating system or applications used to host the website.

This will allow him to hack into the web server and change

the home page and other pages. Alternatively he may launch

a brute force or dictionary attack to obtain the

administrator passwords for the website. He can then

connect to the web server and change the webpages.



27

Current occurring Crime News

Many of us are not aware of the terms used for crime like

stalking, phishing, vishing, bot networks, XSS etc. although we

know nature of crime.

1 Stalking:

Cyber stalking is one of the most common crimes which are

commenced on internet the modern world. Cyber stalking is use of

the Internet or other electronic means to stalk someone. This

term is used interchangeably with online harassment and online

abuse. Stalking generally involves harassing or threatening

behavior repeatedly such as following a person, appearing at a

person's home or place of business, making harassing phone

calls, leaving written messages or objects, or Vandalizing a

person's property. Cyber stalkers use websites, chat rooms,

discussion forums, open publishing websites (e.g. blogs and Indy

media) and email to stalk victim.

First stalking case registered in India:

The Delhi Police registered India’s First Case of Cyber

stalking. One Mrs. Ritu Kohli complained to the police against

a person who was using her identity to chat over the Internet at

the website www.mirc.com, mostly in the Delhi channel for four

consecutive days. Mrs. Kohli further complained that the person

was chatting on the Net, using her name and giving her address

and was talking obscene language. The same person was also

deliberately giving her telephone number to other chatters

encouraging them to call Ritu Kohli at odd hours. Consequently,

Mrs Kohli received almost 40 calls in three days mostly at odd

hours from as far away as Kuwait, Cochin, Bombay and Ahmedabad.

The said calls created havoc in the personal life and mental

peace of Ritu Kohli who decided to report the matter.

Report by Pawan Duggal, Cyberlaw consultant,

president, cyberlaws.net

2 Hacking.

"Hacking" is a crime, which entails cracking systems and gaining

unauthorized access to the data stored in them. Hacking could be

done easily by using Trojan horse virus. Cases of hacking

reported in 2011 was 157 and reported in 2012 was435 thereby %

variation in increase in cases over 2011 is 177.1%.



28

Case related to hacking reported:

MUMBAI: Cyber criminals hacked into the Mumbai-based current

account of the RPG Group of companies and shifted Rs 2.4 crore

recently. The bank has blocked the accounts of the illegal

beneficiaries, but the hackers have already managed to withdraw

some funds from them, sources said. Investigators said the cyber

criminals followed a similar procedure to the one executed on

January 31 when Rs 1 crore was siphoned off in Mulund from the

current account of a cosmetics company. "Prima facie, the

company officials may have responded to a Trojan mail sent by

the fraudsters. The hacker then probably got the group's current

account username and password when officials logged in," said an

investigator. The arrested men said they allowed their bank

accounts to be used in return for a good commission. A case has

been filed under sections of the Indian Penal Code and IT Act.

Investigators have also sought details from the bank on whether

it has followed the Know Your Customer norms.

Times of India,” Mumbai bank hacked, Rs 2.4 crore siphoned off

in 3 hours “, May 18, 2013

3Phishing

Phishing is just one type of the many frauds on the Internet,

trying to fool people into parting with their money. Phishing

refers to the receipt of unsought emails by customers of

financial institutions, asked them to enter their username,

password or other personal information to access their account

for some reason. Customers are directed to a Website which could

be fraud copy of the original institution's website when they

click on the links on the email to enter their information, and

so they remain unaware that the fraud has occurred. The criminal

then has access to the customer's online bank account and to the

funds contained in that account number.

Case related to phishing:

HYDERABAD:

An email allegedly from India's central bank, asking to secure

their bank account details with the RBI is fake, and an attempt

by new-age fraudsters to con people into giving away bank

account details and lose hard-earned money, security experts

said. The email says RBI has launched a new security system,

asking users to click on a link to open a page with list of

banks in place. Once anyone chooses a particular bank, it asks

for all net banking details, including card numbers and the

secret three digit CVV number, among others. "The email is so

neat and I for once was thrilled that RBI is taking such a big

step to ensure security of people. But at the advice of a



29

friend, I checked with the police and learned that I would have

lost all my savings to this racket," K Manoj, a resident said.

RBI is cautioning people that the central bank, which controls

the monetary policy of the Indian rupee, "has not developed any

such software and nor has it sent any such mail asking online

banking customers to update their account details to secure

their online accounts."The RBI does not even have any mail id

with [email protected], the central bank says.

Times of India, "Now, a phishing email in the name of RBI”,

may14, 2013.

4 Vishing

The name comes from “voice,” and “phishing,” Vishing is the act

of using the telephone in an attempt to scam the user. Which is,

of course, the use of spoofed emails designed to trap targets

into clicking malicious links that leads to a toll free number?

Instead of email, vishing generally relies on automated phone

calls, which instruct targets to provide account numbers for the

purpose of financial reward.

How vishing scams work:

Criminals set up an automated dialing system to text or call

people in a particular region or area code (or sometimes they

use stolen customer phone numbers from banks or credit unions).

The victims receive messages like: “There’s a problem with your

account,” or “Your ATM card needs to be reactivated,” and are

directed to a phone number or website asking for personal

information. Sometimes criminal quote some information about

your account before asking you to enter information, so you

could believe its an authenticated source. Sometimes, if a

victim logs onto one of the phony websites with a Smartphone,

they could also end up downloading malicious software that could

give criminals access to anything on the phone.

5 Squatting

Cyber squatting is the act of registering a famous domain name

and then selling it for a fortune. This is an issue that has not

been tackled in IT act 2000. As , The Gap, Inc. has filed a

cyber squatting case against TheGap.com under the

Anticybersquatting Consumer Protection Act (ACPA). The complaint

alleges that The Gap.com redirects visitors to websites that are

designed to deceive consumers into believing the sites belong to

The Gap, Inc.” or are affiliated with or sponsored by” The Gap,

Inc. ACPA- Anticybersquatting Consumer Protection Act.

The Hindu, “a new squatting case registered under ACPA”,

February 13th, 2013



30

6 Bot networks

A cyber crime called 'Bot Networks', where spamsters and other

perpetrators of cyber crimes remotely take control of computers

without the users realizing the fact that their system is being

in use by some fake user.

7 Cross Site Scripting (XSS)

Cross site scripting Cross-site scripting (XSS) is a type of

computer security threat in which malicious users insert some

harmful code into the WebPages of trusted web sites viewed by

other users.

These were some types discussed but there are many more sides of

cyber crimes which falls under IT act 2000 and IPC like obscene

publication, obtaining license of digital signature by providing

false information, breach of privacy, offence against public

servant, forgery, criminal breach of trust and many more. Detail

of each n every crime will be beyond the limit of this paper.

Statistical Overview

Technology plays a key role in the commission of many financial

crimes. Offenders use Internet-based tools such as spyware,

malicious codes, viruses, worms, and malware to commit fraud,

scams, identity theft, and other crimes.

In the first half of 2010, spyware infections prompted 617,000

U.S. households to replace or repair their computers. One of

every 11 households surveyed had a major problem due to spyware,

with damage totaling $1.2 billion.

In 2010, the Internet Crime Complaint Center (IC3) received

303,809 complaints regarding possible online criminal activity,

a 9.8 percent decrease from 2009. The IC3 averages 25,317

complaints a month. Of the total number of complaints, 121,710

(or 40 percent) were referred to federal, state, and local law

enforcement.

IC3 prepared 1,420 cases (representing 42,808 complaints) in

2010. The number of cases prepared by law enforcement was 698

(representing 4,015 complaints). Law enforcement also asked for

assistance from the FBI on 598 Internet crime matters. From the

referrals prepared by the FBI analysts, 122 open investigations

were reported, resulting in 31 arrests, 6 convictions, 17 grand

jury subpoenas, and 55 search/seizure warrants.



31

In 2010, non-delivery of payment scams were the number-one

Internet scam, accounting for 14.4 percent of all complaints,

followed by FBI-related scams at 13.2 percent, and identity

theft at 9.8 percent.

According to a 2011 report, the median annual cost of cybercrime

for 50 large benchmarked organizations is $5.9 million, with a

range from $1.5 million to $36.5 million each year per company.

The 50 companies studied experienced 72 successful attacks per

week.

The same study indicated that in 2011 malicious code, denial of

service, stolen or hijacked devices, Web-based attacks, and

malicious insiders accounted for 75 percent of all cyber crime

costs per organization on an annual basis.

Twenty-three percent of cybercrime costs were due to malicious

code attacks; 17 percent were due to denial of service attacks;

13 percent were due to stolen devices; 13 percent were due to

Web-based attacks; 9 percent due to malicious insiders; 9

percent were due to phishing and social engineering; 7 percent

were due to viruses, worms, and trojans; 4 percent were due to

malware; and 4 percent were due to botnets.



32

Conclusion

Cybercrime has captured the attention of not only law

enforcement, but also home users, system administrators and even

the government. The history of cybercrime has slowly converged

into a state in which large amounts of money are responsible for

driving crime rather than respect or youthful experimentation.

Although much work must be done in the field to standardize

processes and procedures, it is clear that the majority of

criminals will not remain anonymous forever. With successful

forensic investigations, it is then up to the law and government

to assign punitive measures.

This has and will remain challenging for law and policy makers

who traditionally move slowly. Moreover, international

cooperation is increasingly required to successfully resolve

crimes, resulting in the need for comprehensive treaties between

nations.

Finally, any discussion of cybercrime must discuss what

directions it seems to be heading in, as preparations must be

made for all contingencies. Certainly, criminals will attempt to

increase their use of the Internet to perpetrate acts of fraud

and other crimes. The real question though is whether

researchers, industry, law enforcement and the government can

work together in order to reign in the ability to commit crimes

and normalize it to a manageable level. It is still an open

debate, though and only time will tell whether cybercrime

becomes an unchecked monster or a just another growing pain in a

long history of the Internet.



33

References

1. Cyber Crime & Digital Evidence – Indian Perspective authored by Rohas Nagpal.

2. Cybercriminal Activity Hemavathy Alaganandam – The Evolution of Cybercrime

3. STATISTICS OF CYBER CRIME IN INDIA: AN OVERVIEW Rupinder Pal Kaur*

Guru Nanak College For Girls, Muktsar , Punjab, India

[email protected]

4. StatiStical OverviewS 2013 NCVRW ResouRCe Guide


Case study on cyber crime

Engineering

Transcript of Case study on cyber crime