Cyber Crimes and Solutions

Like any other space in life, technology has its own benefits and challenges. While it enhances a man’s life in almost all the aspects whether its health care, transport, communication, smart cities etc. There are various challenges which we have to overcome to not turn technology into our own enemy.

A positive association between the growth in incidence of crime and the population of the country has been experiential. Presently the situation in the world is tough, particularly in context to cyber security part. In current scenario cyber crime is increasing very fast as the technology is growing very rapidly. So the cyber crime investigation is becoming a very complicated task to do without a proper framework. There is wide range of different types of cyber crime today. Solution of each case requires a very complicated task.

What is Cyber Crime ?

A generalized definition of cyber crime may be “Unlawful acts wherein the computer is either a tool or target or both.”

“Cyber Criminal is a person who commits an illegal act with a guilty intention or commits a crime in context to cyber crime.”

Reasons Behind the Cyber Crime

There are many reasons why cyber-crimes are increasing, chief among them are mentioned below:

• For the sake of recognition.
• For the sake of quick money.
• To fight a cause one thinks he believes in.
• Low marginal cost of online activity due to global reach.
• Catching by law and enforcement agency is less effective and more expensive.
• New opportunity to do legal acts using technical architecture.
• Official investigation and criminal prosecution is rare.

Techniques of Performing Cyber Crimes

Email Bombing: This kind of activity refers to sending large numbers of mail to the victim, which may be an individual or a company or even mail servers there by ultimately resulting into crashing.

Data Diddling: This kind of an attack involves altering raw data just before a computer processes it and then changing it back after the processing is completed. The electricity board faced similar problem of data diddling while the department was being computerized.

Denial of Service attack: The computer of the victim is flooded with more requests than it can handle which cause it to crash. Distributed Denial of Service attack is also a type of denial of service attack, in which the offenders are wide in number and widespread. E.g. Amazon, Yahoo.

Virus / Worm Attacks: Viruses are programs that attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network. They usually affect the data on a computer, either by altering or deleting it. Worms, unlike viruses do not need the host to attach themselves to. They merely make functional copies of themselves and do this repeatedly till they eat up all the available space on a computer’s memory. E.g. love bug virus, which affected at least 5 % of the computers of the globe. The losses were accounted to be $ 10 million. The world’s most famous worm was the Internet worm let loose on the Internet by Robert Morris sometime in 1988. Almost brought development of Internet to a complete halt.

Logic Bombs: These are event dependent programs. This implies that these programs are created to do something only when a certain event (known as a trigger event) occurs. E.g. even some viruses may be termed logic bombs because they lie dormant all through the year and become active only on a particular date (like the Chernobyl virus).

Phishing Scams: Phishing is a type of online scam that targets consumers by sending them an email that appears to be from a well-known source — an internet service provider, a bank, or a mortgage company, for example. It asks the consumer to provide personal identifying information. Sometimes it’s difficult to recognize what’s genuine and what’s a phishing attempt.

Internet Time Thefts: Normally in these kinds of thefts the Internet surfing hours of the victim are used up by another person. This is done by gaining access to the login ID and the password. E.g. Colonel Bajwa’s case- the Internet hours were used up by any other person. This was perhaps one of the first reported cases related to cyber crime in India. However this case made the police infamous as to their lack of understanding of the nature of cyber crime.

Unauthorized control/access over computer system: This activity is commonly referred to as hacking. The Indian law has however given a different connotation to the term hacking, so we will not use the term “unauthorized access” interchangeably with the term “hacking” to prevent confusion as the term used in the Act of 2000 is much wider than hacking.

Website Spoofing: Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. Spoofing is often the way a bad actor gains access in order to execute a larger cyber attack such as an advanced persistent threat or a man-in-the-middle attack.

Spoofing cyber attacks can range from the less technical with spoofed email addresses, websites, or phone numbers to more advanced spoofing tactics including spoofed IP addresses, Domain Name Servers (DNS), or Address Resolution Protocol (ARP).

Ransomware: Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it.

A notorious example of a ransomware attack that hit companies worldwide was the spring of 2017 Wanna Cry outbreak, which afflicted over 200,000 computers in over 150 countries.

Malware: A malware attack is a common cyber attack where malware executes unauthorized actions on the victim’s system. The malicious software encompasses many specific types of attacks such as ransomware, spyware, command and control, and more. Malware is fast becoming one of the biggest threats online and has been used in some of the world’s largest cyber-attacks including the 2017 Wanna Cry attack that affected more than 200,000 victims in 150 countries.

230,000 new malware samples are produced every day and each strain has its own individual way of infecting and damaging computers.

The most common types of malware are: Virus, Worm, Trojan, Spyware, Adware, Botnet

IoT Hacking: IoT hacking tools enable ethical hacking as they help to automate the necessary steps. Ethical hackers can use them to perform certain features that help to detect device vulnerabilities.

The IoT acts as both a door and a roof for hackers — it gives them both an entrance and concealment for them to conduct their activities.

Solutions to Cyber Crimes

1. Think twice before clicking on a link in an email or an instant message, even if you know the sender.
2. Most browsers nowadays will provide you download add-ons, that contain the signs of a malicious website or alert you about known phishing sites.
3. If the URL of the website doesn’t start with “https”, or you cannot see a closed padlock icon next to the URL, refrain from entering any sensitive information or download files from that site.
4. If you’ve got online accounts you should get into the habit of regularly rotating your passwords.
5. Implement technical controls and procedures to protect against email, website, IP and DNS spoofing.
6. Take advantage of security awareness programs that use flexible learning models to teach adults.
7. Ensure that all applications, operating systems, browsers, network tools, and internal software are up to date and secure.
8. Use anti-virus and anti-malware software or other security policies to block known payloads from launching.
9. Make frequent, comprehensive backups of all important files and isolate them from local and open networks.
10. McAfee Ransomware Recover will be regularly updated as the keys and decryption logic required to decrypt files held for ransom become available.
11. Install Anti-virus software: Anti-virus software will protect your device from malicious software that poses a threat to the system.
12. Regularly update software: In addition to installing anti-virus software, it’s vital to ensure that your software is regularly updated to stop attackers gaining access to your computer through vulnerabilities in older and outdated systems.
13. Only buy Apps from trusted sources: Buying apps from trustworthy sources reduces the chance of your device being infected with malware.
14. Set Passwords: use a password manager to securely keep track of all your passwords.
15. Disable Universal Plug and Play (UPnP): UPnP is designed to help IoT gadgets discover other network devices
16. Create a separate network: When you’re dealing with IoT devices, it’s wise to quarantine them in a separate network unconnected to your main office network.

Prevention of Cyber Crime

Prevention is always better than cure. It is always better to take certain precaution while operating the net. We should make them part of cyber life. 5P mantra for online security
Precaution, Prevention, Protection, Preservation and Perseverance

Keep in mind the following things…

1. To prevent cyber stalking avoid disclosing any information pertaining to one self. This is as good as disclosing your identity to strangers in public place.
2. Always avoid sending any photograph online particularly to strangers and chat friends as there have been incidents of misuse of the photographs.
3. Always use latest and update antivirus software to guard against virus attacks.
4. Always keep back up volumes so that one may not suffer data loss in case of virus contamination
5. Never send your credit card number to any site that is not secured, to guard against frauds.
6. Always keep a watch on the sites that your children are accessing to prevent any kind of harassment or depravation in children.
7. Web site owners should watch traffic and check any irregularity on the site. Putting host-based intrusion detection devices on servers may do this.
8. Use of firewalls may be beneficial.

Conclusion

Capacity of human mind is unfathomable. It is not possible to eliminate cyber crime from the cyber space. It is quite possible to check them. History is the witness that no legislation has succeeded in totally eliminating crime from the globe. The only possible step is to make people aware of their rights and duties and further making the application of the laws more stringent to check crime. Undoubtedly the Act is a historical step in the cyber world. Further I all together do not deny that there is a need to bring changes in the Information Technology Act to make it more effective to combat cyber crime. I would conclude with a word of caution for the pro-legislation school that it should be kept in mind that the provisions of the cyber law are not made so stringent that it may retard the growth of the industry and prove to be counter-productive.

Contributors

◾ Chetan Lohkare
◾ Harsh Kulkarni
◾ Prathamesh Kulkarni
◾ Mayuresh Joshi