CyberCrimes: Classifications

Cyber Crimes

In this post, we are going to learn about the world of cybercrimes. We're going to a little bit detailed on this topic, so we decided to divide it into 2 parts: Classification of Cyber Crimes and Cyber Laws. 

What are Cyber Crimes?

According to the Indian Information Technology Act of 2000, cyber crimes encompass any illegal activities done in a highly sophisticated fashion in which an electronic device such as a computer or mobile phone is either the instrument or the target, or both. It is an illegal usage of the Internet.

Classification of Cyber Crimes

 1. Hacking

   Hacking is defined in Section 66 of the Information Technology Act of 2000 as "wrongful loss or harm to the public or any individual destroys or deletes or modifies any information contained in a computer resource or lowers its value or utility or affects it injuriously by any means."

In simple terms, it is the unauthorized access of information system and the one who does hacking is called the Hacker. And the one who does hacking with malicious intent is called Cracker.

Hackers are classified into 6 types. They are:

  • White Hat Hackers / Ethical Hackers – They are often government-backed security professionals, information security analysts, penetration testers, and cybersecurity researchers who utilize their expertise to safeguard others.
    • Eg: Tim Berners-Lee (Founder of World Wide Web), Linus Torvalds (Founder of Linux systems), Richard M. Stallman (Founder of the free software project GNU), etc
  • Gray Hat Hackers – Hackers who break into systems for sometimes good or sometimes for evil purposes. Their goals are often good, but they do not always use ethical hacking techniques. They are a category that lies between the White hat and the black hat.
  • Black Hat Hackers – They use their knowledge and expertise to gain unauthorized access to computer networks, exploit security flaws, and circumvent security protocols in order to swindle and extort others.
  • Red Hat Hackers – They are known as the Robinhood of Cybersecurity. They use extreme sometimes illegal methods to go against Black Hats and destroy their servers.
  • Blue Hat Hackers – Amateur hackers that hack for personal vengeance (uses doxxing, uploads personal data on public sites, etc.) or security experts who operate outside of the business (performs penetration testing and similar tests to assess vulnerabilities in the organization's cyberspace).
  • Green Hat Hackers – Amateur hackers trying to master hacking techniques.
    • Script kiddies – They are a subset of green hats who are less interested in studying hacking methods and more interested in obtaining scripts, malware, and other similar tools.
Only the first three categories are relevant for the PSC examinations, the rest is for information purposes only.

  Hacking Methods Employed:                            

  • Denial of Service (DoS)/Distributed Denial of Service (DDoS)
  • Spoofing
  • Phishing
  • Malware
  • Keylogger
  • SQL Injection Attack
  • Man-in-the-middle (MitM) attack
  • Cross-Site Scripting

 Denial of Service (DoS)/Distributed Denial of Service (DDoS)

DoS is a cyberattack designed to bring a system or network to a halt, rendering it unreachable to its intended users whereas, in DDoS, the same technique is employed from multiple compromised computer systems.

Example: Blocking legal network traffic, flooding a network, and break connections between two workstations, preventing an individual from accessing a service.
  • Email bombing – Sending massive amounts of email to a certain email address, causing the system to crash.
  • Smurf Attack – The target computer's IP address is first spoofed and then flooded with series of ping messages.

Spoofing

When someone or something impersonates another person in order to gain confidence, get access to systems, steal data, steal money, or transmit malware, such as thieves posing as legitimate businesses in order to collect private personal information.
  • Email Spoofing – A hacker sends an email that has been altered to appear to have come from a reliable source like banks.
  • Website/URL Spoofing – When a hacker develops a phony website/URL that appears to be real and the hacker then obtains your credentials when you log in with your username and password.
  • IP Spoofing – It is a type of DDOS attack in which a hacker changes a packet's original IP address to a bogus one.

Phishing

Phishing is a cybercrime that is generally done using emails/messages to get a user's login credentials. At first, they were used in the AOL chatrooms, nowadays Whatsapp and Telegram are the most common targets.

The different types involved are:
  • Spear phishing –a finely crafted email aimed at a specific person.
  • Whaling – very targeted email; targets are generally executives, CEOs of large organizations, etc.
  • Vishing – It is the phishing done by phone/voice calls.
  • Smishing – The target gets an SMS with a link that appears to be a legitimate source like the bank, when you click the link and enter your login details, your data is stolen.
  • Internal phishing – phishing attacks originating from within an organization.
  • Social media phishing – Luring users to click on malicious links in Facebook, Twitter, or other social media posts.
  • Pharming – redirecting users to malicious sites by compromising a DNS cache.
  • Search Engine Phishing – Hackers create their own websites, which are then be indexed by the search engines and used to lure online shoppers with unbelievable offers and deals. When the shoppers click the buy link, they will be requested to input their bank information, and their data will be hijacked.

Malware

Any type of malicious software that is employed to harm/exploit any vulnerabilities in the victim's computer and executes unauthorized actions on the system/network.

Keylogger

It is an activity monitoring tool that captures all keystrokes on a keyboard and is used to record sensitive information such as passwords, credit card numbers, and so on.

SQL Injection Attack

It is the insertion or injection of a SQL query from the client-side into the backend database, allowing unauthorized access to the information contained in the database.

For example, stealing all of the clients' financial and transaction information from the database of a banking server.

Man-in-the-middle (MitM) attack / Session Hijacking

It is a network attack when an unauthorized third party intercepts/hijacks the communication between two systems or individuals. That's similar to when two individuals are conversing and a third person is listening in.

Cross-Site Scripting (XSS)

This is similar to a SQL injection attack in the sense that malicious code is inserted from the client-side, however, it occurs with online applications such as websites, browsers, etc.

Hackers exploit a compromised website, allowing scripts such as malicious Javascript codes to be performed in the users' browsers, potentially leading to session hijacking.
                                      

2. Cyber Stalking (e-stalking / Cyber Bullying):  

Cyberstalking is the electronic equivalent of stalking, i.e. harassing or threatening someone by any viable means. It has a significant mental and physical impact on the victim, and it is one of the world's fastest increasing forms of cybercrime.

3. Cyber Trespass: 

Obtaining unauthorized access to another person's computer for financial benefit without tampering with the contents of the victim's computer.

4. Cyber Vandalism:

It entails destroying data on the victim's computer or network, as well as causing physical harm to the system.

5. Cyber Defamation: 

It is an act of impugning anybody to damage a person's dignity by hacking his email account and sending a large number of emails using filthy language to an unknown person's email account.

6. Cyber Terrorism: 

It is a hybrid of cybercrime and terrorism and may be described as the unlawful damage or disruption of digital property or other illegal actions carried out in physical or digital space to frighten or force governments or society into pursuing political, religious, or ideological aims.

7. Web Jacking: 

Redirecting users from a trusted website to a hacker created website.

8. Identity Theft: 

It happens when someone steals your identity and impersonates you in order to get access to resources such as credit cards, bank accounts, and other advantages under your name.

9. Data Diddling:

It occurs when someone alters, delete, or counterfeits documents or data in the victim's computer.

10. Intellectual Property Crimes:

  • Copyright Infringement,

  • Trademarks Violations, 
  • Theft of Computer Source Code,
  • Software Piracy: Unauthorized copying, replication, usage, manufacturing, and sale of legally protected software.
  • Cyber Squatting: It is the practice of registering an internet domain that is similar to a well-known brand or individual and profiting from it.

    For example, Amal Augustine of Kochi registered the name maxchanzuckerberg.org, which Facebook CEO Mark Zuckerberg purchased for $700, or like www.google.com and www.goooogle.com.

11. Salami Attacks: Tiny attacks that pile up to one large attack that can go unnoticed, with the hacker siphoning out small quantities of money, which is most commonly found in the financial industry.



📝SideNotes:
  • World Computer Security Day – November 30.
  • World Intellectual Property Day – April 26.
  • First Computer in India was installed at – Indian Statistical Institute, Calcutta (1955).
  • Internet services were launched in India – August 15, 1995 (by Videsh Sanchar Nigam Limited).
  • First Cyber Forensic Laboratory – Tripura.
  • Father of Cyber Criminology – Karuppannan Jaishankar.
  • First cybercrime in the World was registered against – Joseph Marie Jacquard.
  • First cybercrime in India was registered against – Arif Asim.
  • The first cyber police station in Kerala was in – Pattom, Thiruvananthapuram (2009). (Previous PSC Questions: Executive Officer Grade IV, Malabar Devasom Board, 2018)
  • Asian school of cyber laws is situated in – Pune (Maharashtra).
  • Cyber State of India – Andhra Pradesh.
  • First Cyber Post Office in India – Chennai.

Comments