The internet was born around 1960’s where its access was limited to few scientist, researchers and the defence only. Internet user base have evolved exponentially. Initially the computer crime was only confined to making a physical damage to the computer and related infrastructure.
Around 1980’s the trend changed from causing the physical damaging to computers to making a computer malfunction using a malicious code called virus. Till then the effect was not so widespread because internet was only available to defence setups, large international companies and research communities.
In 1996, when internet was launched for the public, it immediately became popular among the masses and they slowly became dependent on it to an extent that it have changed their lifestyle. The GUIs were written so well that the user don’t have to bother how the internet was functioning.
They have to simply make few click over the hyper links or type the desired information at the desired place without bothering where this data is stored and how it is sent over the internet or whether the data can accessed by another person who is connected to the internet or whether the data packet sent over the internet can be spoofed and tempered. The focus of the computer crime shifted from merely damaging the computer or destroying or manipulating data for personal benefit to financial crime. These computer attacks are increasing at a rapid pace. Every second around 25 computer became victim to cyber attack and around 800 million individuals are effected by it till 2013.
CERT-India have reported around 308371 Indian websites to be hacked between 2011-2013 and over 26000 websites was hacked in year 2020 only. It is also estimated that around $160 million are lost per year due to cyber crime. This figure is very conservative as most of the cases are never reported.
Before discussing the matter further, let us know what the cyber crime is?
The term cyber crime is used to describe a unlawful activity in which computer or computing devices such as smartphones, tablets, Personal Digital Assistants(PDAs), etc. which are stand alone or a part of a network are used as a tool or/and target of criminal activity. It is often committed by the people of destructive and criminal mindset either for revenge, greed or adventure.
Top 20 Types of Cyber Crime
1. Cyber Stalking
It is an act of stalking, harassing or threatening someone using Internet/computer as a medium. This is often done to defame a person and use email, social network, instant messenger, web-posting, etc. as a using Internet as a medium as it offers anonymity. The behavior includes false accusations, threats, sexual exploitation to minors, monitoring, etc.
2. Child Pornography
It is an act of possessing image or video of a minor (under 18), engaged in sexual conduct.
3. Forgery and Counterfeiting
It is a use of computer to forgery and counterfeiting is a document. With the advancement in the hardware and the software, it is possible to produce counterfeit which matches the original document to such an extent that it is not possible to judge the authenticity of the document without expert judgement.
4. Software Piracy and Crime related to IPRs
Software piracy is an illegal reproduction and distribution for personal use or business. It comes under crime related to IPR infringement. Some of the other crimes under IPR infringement are: download of songs, downloading movies, illegal content, dark web etc.
5. Cyber Terrorism
It is defined as the use of computer resources to intimidate or coerce government, the civilian population or any segment thereof in furtherance of political or social objectives.
It is a process of acquiring personal and sensitive information of an individual via email by disguising as a trustworthy entity in an electronic communication. The purpose of phishing is identity theft and the personal information like username, password, and credit card number etc. may be used to steal money from user account. If a telephone is used as a medium for identity theft, it is known as Vishing (voice phishing). Another form of phishing is Smishing, in which SMS is used to lure customers.
7. Computer Vandalism
It is an act of physical destroying computing resources using physical force or malicious code.
8. Computer Hacking
It is a practice of modifying computer hardware and software to accomplish a goal outside the creator‟s original purpose. The purpose of hacking a computer system may vary from simply demonstrations of the technical ability, to sealing, modifying or destroying information for social, economic or political reasons. Now the corporate are hiring hackers, a person who is engaged in hacking computers, to intentionally hack the computer of an organization to find and fix security vulnerabilities.
The hackers may be classified as:
- White Hat: white hat hackers are the persons who hack the system to find the security vulnerabilities of a system and notify to the organizations so that a preventive action can be taken to protect the system from outside hackers. White hat hackers may be paid employee of an organization who is employed to find the security loop-holes, or may be a freelancer who just wants to prove his mantle in this field. They are popular known as ethical hackers.
- Black Hat: in contrast to the white hat, the black hat hack the system with ill intentions. They may hack the system for social, political or economically motivated intentions. They find the security loopholes the system, and keep the information themselves and exploit the system for personal or organizational benefits till organization whose system is compromised is aware of this, and apply security patches. They are popularly known as crackers.
- Grey Hat: Grey hat hackers find out the security vulnerabilities and report to the site administrators and offer the fix of the security bug for a consultancy fee.
- Blue hat: A blue hat hacker is someone outside computer security consulting firms who is used to bug-test a system prior to its launch, looking for exploits so they can be closed.
9. Creating and distributing viruses over internet
The spreading of an virus can cause business and financial loss to an organization. The loss includes the cost of repairing the system, cost associated with the loss of business during downtime and cost of loss of opportunity. The organization can sue the hacker, if found, for the sum of more than or equivalent to the loss borne by the organization.
Sending of unsolicited and commercial bulk message over the internet is known as spamming. An email can be classified as spam, if it meets following criteria:
- Mass mailing:- the email is not targeted to one particular person but to a large number of peoples.
- Anonymity:- The real identify of the person not known
- Unsolicited:- the email is neither expected nor requested for the recipient.
These spams not only irritate the recipients and overload the network but also waste the time and occupy the valuable memory space of the mailbox.
11. Cross Site Scripting (XSS)
It is an activity which involves injecting a malicious client side script into a trusted website. As soon as the browser executes the malicious script, the malicious script gets access to the cookies and other sensitive information and sent to remote servers. Now this information can be use to gain financial benefit or physical access to a system for personal interest.
Types of XSS –
- Stored XSS (Persistent)
- Reflected XSS (Non-Persistent)
- DOM XSS
12. Online Auction Fraud
There are many genuine websites who offers online auction over internet. Taking the advantage of the reputation of these websites, some of the cyber criminals lure the customers to online auction fraud schemes which often lead to either over payment of the product or the item is never delivered once the payment is made.
13. Cyber Squatting
It is an act of reserving the domain names of someone else‟s trademark with intent to sell it afterwards to the organization who is the owner of the trademark at a higher price.
14. Logic Bombs
These are malicious code inserted into legitimate software. The malicious action is triggered by some specific condition. If the conditions holds true in future, the malicious action begins and based on the action defined in the malicious code, they either destroy the information stored in the system or make system unusable.
15. Web Jacking
The hacker gain access to a website of an organization and either blocks it or modify it to serve political, economical or social interest. The recent examples of web jacking are some of the websites of the educational institutes were hacked by Pakistani hackers and an animation which contains Pakistani flags were flashed in the homepage of these websites. Another example is Indian hackers hacked website of Pakistani railways and flashed Indian flag in the homepage for several hours on the occasion of Independence Day of India in 2014.
16. Internet Time Thefts
Hacking the username and password of ISP of an individual and surfing the internet at his cost is Internet Time Theft.
17. Denial of Service Attack
It is a cyber attack in which the network is chocked and often collapsed by flooding it with useless traffic and thus preventing the legitimate network traffic.
18. Salami Attack
It is an attack which proceeds with small increments and final add up to lead to a major attack. The increments are so small that they remain unnoticed. An example of salami attack is gaining access to online banking of an individual and withdrawing amount in such a small amounts that it remains unnoticed by the owner. Often there is default trigger set in the banking website and transactions below say, $1000 withdrawal are not reported to the owner of the account. Withdrawing amount of $1000 over a period of time will lead to total withdrawal of a large sum.
19. Data Diddling
It is a practice of changing the data before its entry into the computer system. Often, the original data is retained after the execution on the data is done. For example, DA or the basic salary of the person is changed in the payroll data of an individual for pay calculation. Once the salary is calculated and transferred to his account, the total salary is replaced by his actual salary in the report.
20. Email Spoofing
It is a process of changing the header information of an e-mail so that its original source is not identified and it appears to an individual at the receiving end that the email has been originated from source other than the original source.