Crimes targeting computer systems

20Apr

Crimes targeting computer systems

By crime, cyber, cyber crime, Definitions, Description , , , , , , , , , , , , , , Comments Off on Crimes targeting computer systems

a. Hacking
(Under Section 66 ITAA 2008)
Hacking is a broader term and can be defined as gaining entry into a computer system without the permission, with an intention to cause loss, steal, or destroy the data contained in it. It is often done by people who are well versed with com- puter technologies by exploiting some of the vulnerabilities that are present in the computer system. This involves various methods of acquiring sensitive information like usernames, passwords, Internet Protocol (IP) addresses and using them to access the computer system.

Hackers use various applications or programs that can penetrate the defense mechanisms employed by the target computer system and send back the critical information like computer configuration, user names, IP addresses, MAC addresses, etc., which can be used by the hacker to gain entry into the system itself. These applications may be in the form of trojans, mal- ware, worms, and viruses, which will install in the targeted system and compromise its security. After hacking and gaining entry into the computer system, the hacker can gain administrative rights and can do anything with the data contained in it. The computer systems can also be used to infect and destroy other systems.

b. Denial of Service (DoS) attack or Distributed Denial-of-Service (DDoS) attack
(Under Section 66 of ITAA 2008)
In this kind of attack, an important service offered by a Web site or a server is denied or disrupted thereby causing loss to the intended users of the service. Typically, the loss of service is the inability of a particular network service, such as e-mail, to be available or the temporary loss of all network connectivity and services.

In some cases, DoS attacks have forced the Web sites to temporarily cease operation. This often involves sending large amount of traffic in the form of e-mails and other requests to the targeted network or server so that it occupies the en- tire bandwidth of the system and ultimately results in a crash. ICMP flooding, teardrop attacks, peer-to-peer attacks, application-level flooding, etc. are few examples of DDoS attacks. These attacks make use of multiple systems to flood the bandwidth of the targeted system.

Remarks: The above description speaks about high-level sophisticated attack, but in general, there are cases where the at- tacker causes the denial of access to a computer/computer system/computer network by changing/inserting a password.

c. Spreading viruses and malware
(Under Section 66 of ITAA,2008 or Sec.66F ITAA,2008 in case if it is done against country or to strike terror in the people) Spreading viruses and malware is the biggest crime that is happening today and most of the Internet users are affected by it. These can be generic or targeted to a specific computer system. Injecting and spreading malicious code also can come in the form of viruses, worms, trojans, spyware, adware, and rootkits. These get installed secretly in the victim’s computer system and can be used to access and transmit sensitive information about the system, and in some instances, the infected systems can be used as tools to commit other types of cyber crime.

d. Website defacement
(Under Section 66 of ITAA 2008 or Sec.66F ITAA,2008 in case if it is done against country or to strike terror in the people) It is an attack on a Web site, which will change the visual appearance, and the attacker may post some other indecent, hostile and obscene images, messages, videos, etc., and sometimes make the Web site dysfunctional. It is most commonly done by hackers of one country to the Web sites of other enemy or rival neighbouring country to display their technological superiority and infecting with malware.

e. Cyber terrorism
(Under Section 66F of ITAA 2008)
Whether traditional or cyber terrorism, terrorists these days are using state of the art technology like satellite phones,communicating through encrypted messages, posting messages and recruiting personnel, raising funds, and creating propagandausing Web sites and Internet technology. When it comes to cyber terrorism, they resort to large‑scale disruption of computer networks, Web sites, and attack other critical infrastructural facilities governed by computer systems. In all these instances, digital evidence may be present in the computer systems and computer resources in the form of e‑mail, Web addresses, encrypted messages, photographs, videos, etc.

f. Spoofing
(Under Section 66A, 66D of ITAA 2008)
Spoofing is the most common method employed for several network attacks. In spoofing, the attacker masquerades the data packets, IP addresses, MAC addresses, and e-mail addresses so as to create an impression that they are originating from somebody else’s addresses.

g. Skimming
(Under Section 66C of ITAA 2008)
Skimming is a kind of credit/debit/ATM/chip/SIM card fraud in which a hand‑held device called skimmer is used to capture the information contained in it. The data can be transferred on to a computer system later. The information like name, credit card number, expiry date, etc., can be used to create fake credit cards.

Remarks: If the information obtained by using the above technique is used to make any fraudulent transactions, then section 66D of ITAA 2008 is also applicable

h. Pharming
(Under Section 66C, 66D of ITAA 2008)
Pharming is a type of attack in which the user is deceived into entering sensitive data, such as PIN numbers, credit card numbers, passwords etc., into a fake Web site, which impersonates as genuine Web site. It is different from Phishing in such a way that the attacker need not rely on any of the url or link. Instead, it redirects the Web site traffic from a legitimate Web site to a fake one.

i. Spamming
(Under Section 66A of ITAA 2008)
Spamming is an act of sending unsolicited and junk e-mails or messages by anyone for the purpose of causing annoyance or inconvenience.

Share this post

Author

Related Posts

12Apr

Overview of Cyber Crimes

Information Technology and the Internet have led to innovation and economic growth, but have also created new avenues for malicious... read more

12Apr

Cyber Crimes

There are various definitions of Cyber Crimes and couple of them are discussed below: Any violations of criminal law that involve... read more

20Apr

Crimes in which computer systems are used as tools/instruments

a.Financial fraud (Several sections under IPC, ITAA 2008 and other applicable laws) Financial frauds include business frauds, investment frauds, mass marketing frauds,... read more

28Apr

Computer Ethics

Definition Computer Ethics is a part of practical philosophy which deals with how computing professionals should make decisions regarding professional and... read more

12Apr

Types of Cyber Crimes

Cyber crimes cover a wide range of illegal activities, which are either done solely using computer resources (as defined under... read more

20Apr

What is Digital Evidence and the Nature of Digital Evidence

Digital evidence or electronic evidence is “any probative information stored or transmitted in digital form that a party to a... read more

05Sep

New Zeus Variant for Sale on the Black Market

The 0Day marketplace was a busy beaver this weekend. I’ve been waiting and watching Sphinx for the past 10 days... read more

12Apr

Tools and Techniques used to Commit Cyber Crimes

Cyber Crimes make use of various tools and techniques and many of these tools are used for the commission of... read more

15Jul

Android’s Sandbox

Android's foundation of Linux brings with it a well-understood heritage of Unix-like process isolation and the principle of least privilege.... read more