CYBER CRIME : AN OVERVIEW

Now the word cybercrime has become so common even a laymen would have heard about it. So let us have a quick overview in this article with regard to general details which we should be aware in order to tackle a cybercrime.

Cyber Crime just like an offence of personal or property right also includes crimes such as fraud, theft, forgery and defamation but only that involves cyber space. 

Before dwelling with what is a cybercrime, let us understand first what does the word cyber actually connotes, ‘Cyber’ is something which is relating to or involving computers or computer networks and electronic media.

Cyber space is a very wide term and includes computers, networks, software, data storage devices (such as hard disks, USB disks etc), the Internet, websites, emails and even electronic devices such as cell phones, ATM machines etc.

These Cyber spaces cannot function without any restrictions, with the hype in the usage of computers in all the fields and far reach of the World Wide Web these cyber spaces have become part of everyday human life. Hence these Cyber spaces are also governed by law which generally comes under Cyber Law and the violation of the provisions of the said law is also punishable.

                          

        INDEX

  • MAIN CATEGORIES OF CYBER CRIME
    • Against the Property right
    • Against an Individual
    • Against Government
  • FORMS OF CYBER CRIME
    • Cyber staking
    • Cyber harassment
    • Cyber bullying
    • Cyber-attack
    • Hacking
    • Cracking
    • Spoofing
    • Phishing
    • Vishing
    • Cyber extortion
    • Online sextortion
    • Prohibited/ illegal content
    • Data theft
      • Data breach’ and ‘Data leak’
      • Means For A Cyber Theft
        • Compromised Download
        • Social engineering
        • Weak passwords
        • Database or server problems
        • Exploit kits
        • Insider threats
        • Human Error
        • Physical action
        • Publicly available information
        • Online scams
        • Online piracy
      • CONCLUSION

                               

MAIN CATEGORIZATION OF CYBER CRIME

        If we categorize the crimes according to the usage of the cyber space, we can categorize the same into as below for better understanding,   

 Against the Property right: Just like physical possession of property, we hold property right in the world wide web like bank currency, credit card these are accessible in cyber space and cyber criminals tend to use scams and phishing and use fraudulent means to gain access to our funds and properties online. These are also done with use of malicious software to gain access to a web page with confidential information, these include ransomware attacks which are high-profile attacks.

Against an IndividualJust like our physical form, any person who uses the cyber space has a personality and fame and personal data in the World Wide Web. These personal space can be violated by defaming a person online or by an cyber-attack by stealing their data and distribution of personal data online, cyber stalking, distributing pornography and trafficking, morphed photographs etc.,

Against GovernmentThis is the least common cybercrime. Just like individual personal cyber space, Government also runs their undertakings online and with the advent of e-governance, all the Government and personal data of the citizens of any country are maintained in the form of softcopies and accessible through the online. A crime against the Government is also known as cyber terrorism includes hacking government websites, military websites or distributing propaganda, these types of cybercrimes are done usually by terrorists or enemy Governments of other nations. The Law makers and enforcers are entrepreneuring to build a cyber space with security which makes it inaccessible to cyber criminals. We have heard of prominent cyber-attacks on Government websites and Government data the recent being the cyber-attack on the website of the Ukraine army, the defence Ministry and major Banks offline.   

Hence no one is impervious of the cyber crime either it being an Individual, an Organization or the Government.

FORMS OF CYBER CRIME:

These are the most common cybercrimes identified so far,

CYBER STAKING is the usage of Internet or other electronic means to monitor, stalk or harass an individual or group of person or sometime an organization. The Cyber stalking involves monitoring, identity theft, threats, vandalism, solicitation for sex, doxing, or blackmail, false accusations, online defamation, slander, spying via., Google maps, hijacking webcams, tracking location and tracking the victims private data etc., India has seen a swooping increase in the online harassment including cyberstalking towards women with an increase by 500% from last year’s data, in the words of Chairperson of the National Commission for Women, Rekha Sharma according to one of  the TOI publication.

CYBER HARASSMENT as differentiated from cyber stalking this kind of crime is the targeting of persons in the cyber space by repeatedly terrifying, intimidating and humiliating and harassing them through electronic means.

These can be as simple as sending repeated emails, text or phone calls etc., and including situations like hate speech, sexual remarks, trolling etc., The recent incident being the usage of the loan apps during the imposition of COVID-19 lockdown restrictions and sprouting of unauthorized loan apps which steals confidential data of an individual and later bully and harass the borrowers demanding money.   

CYBER BULLYING usually refers to crimes when a child, preteen or teens were harassed, humiliated, threatened or targeted through online. This is the same as Cyber Harassment in which an adult is involved.

CYBER-ATTACK refers to an assault by cyber criminals using one or more computers against a single or multiple computers or networks. They are intended to steal, expose, alter, disable or destroy information. These attacks can be personally motivated or for monetary gains. The cyber-attacks can be in the form of malware, phishing, ransomware, Denial of Service attack etc.,

HACKING are cyber-attacks by compromising digital devices such as computer, smart phones, tablets and other electronic devices and computer networks either for financial gains or as a form of protest or gain access to internal data, spying or even sometimes to show their supremacy as a form of challenge. The criminals are colloquially referred as Hackers. Not all hackers are criminals there are different views on hackers, the main being referred as Black Hat Hackers and White Hat Hackers. As differentiated from Black Hat Hackers who are criminals Hackers, White Hat Hackers are authorized Hacker who profess this as a job to recover the hacked systems from criminals and do other authorized activities.

CRACKING term referring to illegal access of a computer system in order to steal, corrupt and view data. The common referral of the term can be heard with the circulation of cracked software of famous companies which are available for use without obtaining proper authorization from the concerned company. The person called as Crackers are malicious meddlers who breaks into networks, bypasses passwords and licenses of computer programs. These people calling themselves as experts and elite programmers involve themselves in these illegal activity of cracking for fun or for monetary gains.

SPOOFING are cyber criminals masquerading as legitimate entity gains the trust of a person in the cyberspace and gain access systems, steal data, steal money, spread malware etc., Spoofing can be done by spoofed emails, IP’s, DSN, GPS, URL Redirection

PHISHING is a type of cyber-attack were hackers send malicious emails and attachments now also being sent through SMS links., to gain access to their account or computer to steal confidential information.

VISHING is a form of phishing by way of phone calls or text messages and voice messages purporting to be from reputed companies in order to gain personal information such as bank details, credit card information etc.,  

CYBER EXTORTION these are cyber-attacks were hackers hold data, website, computer systems or other sensitive information as hostages and threatening to disable the operations of a targeted business groups or compromise their confidential data unless the ransoms are paid. The common forms for cyber extortions are ransomware and DDos attacks.

ONLINE SEXTORTION is a serious crime the criminals threaten the victims to circulate their private and sensitive materials online or to the friends and family of the victim, if they do not give into their demands. These demands usually involves sexual images, money, sexual favours etc.,

PROHIBITED/ ILLEGAL CONTENT this involves criminals sharing and distributing inappropriate content that can be considered highly distressing and offensive. These includes pornography, videos with intense violence and criminal activity, terrorism related acts, child and women abusive materials.

DATA THEFT is the huge threat that is being now faced by both Individuals, Companies, Government etc., and an in-depth analysis into the nature and knowledge has to be attained for prevention mechanism of Data Theft.

Data theft also known as information theft is the illegal transfer of stored personal, private and confidential information without authorization in an illegal manner. These cybercrimes are serious security threats and breach of privacy with has serious repercussions on the victims either they being an Individual or an Organization.  The data mean to include passwords, software code or algorithms, and proprietary processes or technologies, bank account information, online passwords, passport numbers, driver's license numbers, social security numbers, medical records, online subscriptions, and so on

Now when we see ‘Why steal data’

With these cybercriminals can sell the information or use it for identity theft. These data being sensitive information with these unauthorized persons can gain access to secured accounts, bank accounts, set up credit cards account in the name of the victim, impersonate them online etc.,

‘Data breach’ and ‘Data leak’

These terms are being used interchangeably, looking at the concept of data theft it does not mean taking away of something from a victim as it means in its literal sense when compared to a tangible crime of theft. Data theft instead occurs when an attacker simply copies or duplicates information of the victim.

An analysis of the concept of Data breach and Data Leak will give a clear understanding that both are different concepts.

‘Data leak’ in its literal sense means the accidental exposure of the sensitive data either through internet or through lost hard drive or other storage devices. Hence the cybercriminals gain unauthorized access to sensitive data without any efforts on their part. A normal day to day example is one with the resale of used smartphones which contains sensitive data.

On the other hand, Data breach in an intentional cyber attack to gain access to sensitive information.

 MEANS FOR A CYBER THEFT:

Data theft or digital theft occurs through a variety of means the common ones includes,

Compromised DownloadDownloading and usage of files are the common form of usage of computers and electronic devices. The downloaded files either in the form of a program or data can be corrupted by cyber criminals in order to gain access to our data. These are done by cyber criminals by identifying security lacunas in software or by compromising a website by sending virus, worms, adware or malware. These can be prevented by downloading software and data only through encrypted channels and by running an updated antivirus at all times.

Social engineeringthis is a form of phishing. The attacker impersonating themselves as trusted entities will dupe the victim into entrusting them of their personal data such as email, text messages, whatsapp message etc.,

System vulnerabilitiespoorly designed software, sites and software with security vulnerability and not updated to the current cyber vulnerabilities will allow hackers to exploit and use sensitive data. Antivirus software which are out dated can also create vulnerability to the system. Hence it is advisable to update all software to fix the vulnerabilities and use updated antivirus software and use authenticated versions of software to prevent such security glitches.  

Weak passwords, easy guessing and same password for multiple accounts and poor password habits like writing the password down which is easily accessible and sharing the password with others can allow attackers to gain access to data.

Database or server problems, data can also be stolen from the company we entrust our information with. This can be due to bad maintenance of database or servers or by a cyber-attack on the company storing your information; the attacker could gain access to customers' personal information through this way.

Exploit kits, are tools available online for charges which are utilized by cyber criminals to gain access to user’s computer. Just like software exploit kits are also updated regularly and are circulated in dark web hacking forum.   

Insider threats, information theft can also be done by employees who work in the respective company/organization. These can be done by current employees or a former employee who has access to the electronic files of the company or by a disgruntled employee or a contractor or sub-contractor. These kinds of threats are on the raise nowadays.

Human Error, in contrast to the above data theft can also be due to human error which paved way for data theft. Data leakage can be made by an act of the employee without any malicious intend by sending the data to a wrong person or receiving a corrupted information or by mishandling a file or by misconfiguration or by leakage of confidential information of the company by accident. Even though absolute control over these is impossible in working environment. These can be prevented by centralized access to confidential data by few people, which can make is easy to track the source of the leakage and situation can be resolved with minimum loss possible.

 Physical action data theft can also be done by physical theft of files or devices such a laptops, phones and other storage devices. Card skimming is a recent form of cyber crime were spying devices are inserted in card readers and ATMs to harvest payment and card information and this is another source of data theft.

Publicly available information because of the internet revolution lot of information is found in public domain either through internet searches or social networking post which are made public and does not demand the authentication for access.

 Online scams, cybercriminal uses Ads or spam emails which entices the victims by promising unrealistic rewards or gifts. These Ads or spams are injected with malware, adware which stealthy steal information of the victim.

Online piracy, is a type of data theft where legally protected and copyrighted contented are illegally copied with the use of internet or other electronic means. These are usually done for monetary gains. These kinds of piracy includes Music, Movie, Software, Audiobooks, Digital books etc.,

CONCLUSION:

Even though law makers and law enforcement have been fervent in their action to control the crimes relating to cyber space. The cybercrimes can be reduced only when awareness is created in the mind of the General public. Just like when we don’t allow any unknown persons to enter our house, the users of the internet should also be aware of properly terminating the permission given by them to third party to access their personal data, they should properly guard their computers by an updated anti-virus and should handling their passwords just how we use our housekeys. Internet and advancement of the technology being a double-edged weapon can be safely exploited to the benefit of the users at large if certain precautions are exercised.   
As per the rules of the Bar Council of India, we are not permitted to solicit work and advertise. By visiting the website, the user acknowledges that the information provided on this website is solely available for informational purposes only sought to be voluntarily gained by him/her and is neither soliciting nor advertisement. Further, the information provided on this website is accessed by the user’s own volition, and any transmission, receipt or use of this information available on this website does not create any liability or any relationship with us. APS LEGIS and its members are not liable for any consequence of any action taken by the user relying on material/information provided under this website.