1

The term
High tech crime (HTC), also known as
technology-enabled crime, makes use of information and communications technologies to infringe criminal laws. Online tools are those digital goods or services that can be obtained from the internet.

Case Studies BPO Data Theft in Pune

MPhasis Ltd MsourcE Defrauded US Customers

of Citi Bank
The crime was

committed using "Unauthorized Access" to the "Electronic Account Space" of the customers.
3

Case Study- Case of Extortion of Money Through Internet

The complainant has received a

threatening email demanding protection from unknown person. Police registered a case u/s. 384/506/511 IPC. The sender of the email used the email ID xyz@yahoo.com & abc@yahoo.com and signed as Chengez Babar.
4

Measures to be taken
1. Avoid disclosing any information pertaining to oneself. 2. Avoid sending any photograph online particularly to strangers and chat friends. 3.Use latest and up date anti virus software to guard against virus attacks. 4.Keep back up volumes so that one may not suffer data loss in case of virus contamination 5. Ever send your credit card number to any site that is not secured. 6. Always keep a watch on the sites that your children are accessing. 7. Use a security programme that gives control over the cookies and send information back to the site . 8. Web site owners should watch traffic and check any irregularity on the site. 9. Use of firewalls may be beneficial. 10. Web servers running public sites must be physically separate protected from internal corporate network.

Top Cyber Crimes that Attack Business

Spam Viruses/Worms Industrial Espionage and Hackers Wi-Fi High Jacking
6

SPAM
SPAM Its an electronics junk and an unsolicited,

often commercial, message transmitted through the Internet as a mass mailing to a large number of recipients.
Spamming used to spread malicious payloads, phish,

and pay using adware/malware, spyware

 To address this problem, the U.S. Congress in 2003 passed

legislation designed to curb spam. The law makes it illegal to send e-mail messages that use deceptive subject lines and false return addresses, providing fines and possible prison terms for violators. The law requires all commercial e-mail messages, solicited or unsolicited, to include a valid postal address and an opt-out mechanism within the body of the text so that recipients can prevent future e-mail solicitations.

10

VIRUS
A self-duplicating computer program that spreads

from computer to computer, interfering with data and software. Some viruses are mere annoyances, but others can do serious damage. Viruses can delete or change files, steal important information, load and run unwanted applications, send documents via electronic mail (e-mail).

11

12

WORMS
A program that propagates itself across computers,

usually by spawning copies of itself in each computer's memory. A worm might duplicate itself in one computer so often that it causes the computer to crash.

Trojans:
Also known as a Trojan horse, this is Software that appears to perform or actually performs a desired task for a user while performing a harmful task without the user's knowledge or consent.
13

INDUSRIAL ESPIONAGE
THEFT OF TRADE SECRET

The secret removal, copying, or recording of confidential or valuable information in a company for use by a competitor.

14

HACKING
Stealing data Deleting data for fun Turning computers into zombies

To commit crimes Take down networks Distribute porn Harass someone

Ethical/white hat hackers exist too

Help break into networks to prevent

crimes

15

NO. OF INDIAN SITES HACKED

45

25 16 10

2000

2003

2005

2007
16

The Information Technology Act,2000 and cybercrimes

The Information Technology Act 2000 came into force in India on 17 October 2000. It extends to whole of India and also applies to any offence or contraventions committed outside India by any person (s 1(2),IT Act 2000).
According to s 75 of the Act, the Act applies to any offence or contravention committed outside India by any person irrespective of his nationality, if such act involves a computer, computer system or network located in India.
17

Main Features of IT Act,2000

Applicable to communications made through cell phones ,PDAs Conferred legal validity and recognition to electronic documents & digital signatures Legal recognition to e-contacts Set up Regulatory regime to supervise Certifying Authorities Laid down civil and criminal liabilities for contravention of provisions of IT Act,2000 Created the office of Adjudicating Authority to adjudge contraventions

18

Wi-Fi HiJacking
60-70% wireless networks are wide open
Why are the Wi-Fi networks unprotected?
Most people say Our data is boring But criminals look for wireless networks to commit

their crimes And the authorities will come knocking on your door..

19

Wireless Fidelity (Wi-Fi)

Using antennas to create hot spots
Hotspots Internet Access (sometimes free)
Newport Harbor - All the boats in Harbor have internet

access San Francisco Giants Stadium Surf the web while catching a game UMass (need to register, but its free) Cambridge, MA Philadelphia, PA just announced entire city by 2006
20

CASE STUDY The Bank NSP Case

The Bank NSP case is the one where a management trainee of the bank was engaged to be married. The couple exchanged many emails using the company computers. After sometime the two broke up and the girl created fraudulent email ids like indianbar associations and sent emails to the boys foreign clients and to do this she used the banks computer. The boys company lost a large number of clients & took the bank to court. The bank was held liable for the emails sent using the banks system.

21

Case Study Citi-Bank

1995, First documented attack on US Bank

Attacked Citi-Bank system and obtained userids and

passwords Setup accounts in Banks throughout the world

Bank of America, Banco del Sud Argentina, Bank Artha

Graha Indonesia

Transferred $12 million to the various accounts.

22

FBI & Interpol Arrested them and in Feb 1997 sentenced to 3 years in prison and ordered to pay $240,000.00 to Citi-Bank.

Citi-Bank had been warned about lax security, but they ignored the warnings,

Citi-Bank now extremely security conscious.

23

Types of Cyberattacks, by percentage (source- FBI)

Financial fraud: Sabotage of data/networks: 11% 17%

Theft of proprietary information:

System penetration from the outside: Denial of service: Unauthorized access by insiders: Employee abuse of internet privileges Viruses:

20%
25% 27% 71% 79% 85%
24

Terrorism Linked to Cybercrime

The proportion of cybercrime that can be directly or indirectly attributed to terrorists is difficult to determine. However, linkages do exist between terrorist groups and criminals that allow terror networks to expand internationally through leveraging the computer resources, money laundering activities, or transit routes operated by criminals.

25

CYBER TERRORISM
The use of information technology by terrorist groups and individuals to further their agenda. This can include use of information technology to organize and execute attacks against networks, computer systems and telecommunications infrastructures, or for exchanging information or making threats electronically. Examples are hacking into computer systems, introducing viruses to vulnerable networks, web site defacing, denial-of-service attacks, or terroristic threats made via electronic communication.
26

EFFECTS OF CYBER-TERRORISM
Cyberterrorism can have a serious large-scale influence on significant numbers of people. It can weaken countries' economy greatly, thereby stripping it of its resources and making it more vulnerable to military attack. Cyberterror can also affect internet-based businesses. Like brick and mortar retailers and service providers, most websites that produce income (whether by advertising, monetary exchange for goods or paid services) could stand to lose

money in the event of downtime created by cyber criminals.

As internet-businesses have increasing economic importance to countries, what

is normally cybercrime becomes more political and therefore "terror" related.

27

Don't share access to your computers with strangers

If you have a wi-fi network, password protect it

Disconnect from the Internet when not in use Reevaluate your security on a regular basis

Make sure your employees and family members know this info too!

28

THANK YOU
29