Introduction to Cyber Crime
The first recorded cyber crime took place in the year 1820! That is not
surprising considering the fact that the abacus, which is thought to be
the earliest form of a computer, has been around since 3500 B.C. in
India, Japan and China. The era of modern computers, however, began with
the analytical engine of Charles Babbage. Cyber crime is an evil having
its origin in the growing dependence on computers in modern life. In a
day and age when everything from microwave ovens and refrigerators to
nuclear power plants is being run on computers, cyber crime has assumed
rather sinister implications. Major cyber crimes in the recent past
include the Citibank rip off. US $ 10 million were fraudulently
transferred out of the bank and into a bank account in Switzerland. A
Russian hacker group led by Vladimir Kevin, a renowned hacker,
perpetrated the attack. The group compromised the bank's security
systems. Vladimir was allegedly using his office computer at AO Saturn,
a computer firm in St. Petersburg, Russia, to break into Citibank
computers. He was finally arrested on Heathrow airport on his way to
What is a Computer Crime?
a. Criminals Can Operate Anonymously Over the
1. Be careful about talking to "strangers" on a computer network.
Who are these people anyway? Remember that people online may not be who
they seem at first. Never respond to messages or bulletin board items
that are: Suggestive of something improper or indecent; Obscene, filthy,
or offensive to accepted standards of decency; Belligerent,
hostile, combative, very aggressive; and Threaten to do harm or danger
towards you or another
2. Tell a grown-up right away if you come across any information
that makes you feel uncomfortable.
3. Do not give out any sensitive or personal information about you
or your family in an Internet "chat room." Be sure that you are dealing
with someone you and your parents know and trust before giving out any
personal information about yourself via e-mail.
4. Never arrange a face-to-face meeting without telling your parents
or guardians. If your parent or guardian agrees to the meeting, you
should meet in a public place and have a parent or guardian go with you.
1. Define a hacker - A hacker is someone who breaks into
computers sometimes to read private e-mails and other files.
2. What is your privacy worth?
What information about you or your parents do you think should be
considered private? For example, medical information, a diary, your
grades, how much money your parents owe, how much money your family has
in a savings account or in a home safe, and your letters to a friend.
Would this kind of invasion of your privacy be any different than
someone breaking into your school locker or your house to get this
information about you and your family?
Destroy "Property" in the Form of Computer Files or Records.
1. Hackers delete or alter files.
2. When you write something, like a term paper or report, how
important is it to be able to find it again? Would this be
different if someone broke into your locker and stole your term paper?
3. How important is it that data in computers like your term
paper, a letter, your bank records, and medical records, not be altered?
How important is it for a drug company or a pharmacy to not have its
computer files altered or deleted by hackers? What would happen if a
hacker altered the chemical formulas for prescription drugs, or the
flight patterns and other data in air traffic control computers? What
does the term "tamper" mean? To interfere in a harmful way or to alter
improperly.Is tampering with computer files different from tampering
that occurs on paper files or records?
Injure Other Computer Users by Destroying Information Systems
1. Hackers cause victims to spend time and money checking and
re-securing systems after break-in. They also cause them to interrupt
service. They think it's fine to break-in and snoop in other people's
files as long as they don't alter anything. They think that no harm has
2. Hackers steal telephone and computer time and share
unauthorized access codes and passwords. Much of the stealing is very
low-tech. "Social engineering" is a term used among crackers for
cracking techniques that rely on weaknesses in human beings rather than
on software. "Dumpster diving" is the practice of sifting refuse from an
office or technical
installation to extract confidential data, especially security
Who do you think pays for this? How much stealing of computer time do
you think there is? For example, there is $2 billion annually in
telephone toll fraud alone. Would you want someone going through your
garbage? Have you ever thrown away private papers or personal notes?
3. Hackers crash systems that cause them to malfunction and not work.
How do we use computer information systems in our daily lives? What
could happen if computers suddenly stopped working? For example, would
public health and safety be disrupted and lives be endangered if
computers went down?
e. Computer "Pirates" Steal Intellectual Property
1. Intellectual property is the physical expression of ideas contained
in books, music, plays, movies, and computer software. Computer pirates
steal valuable property when they copy software, music,
movies, books (all available on the Internet).
How is the person who produced or developed these forms of entertainment
harmed? Is this different from stealing a product (computer hardware)
which someone has invented and manufactured? Who pays for this theft?
2. It may seem simple and safe to copy recordings, movies and computer
programs by installing a peer-to-peer (P2P) file sharing software
program. However, most material that you may want to copy is protected
by copyright which means that you are restricted from making copies
unless you have permission to do so. Making copies of intellectual
propertyincluding music, movies and software--without the right to do so
is illegal. P2P software and the files traded on the P2P networks may
also harm your computer by installing viruses or spy ware, or allow
others to access the files contained on your hard drive beyond those you
intend to share.
3. Copyright violations have civil and criminal remedies.
a.) Civil remedy: copyright holder can sue infringer for money to cover
loss of sales or other loss caused by infringement.
b.) Criminal remedy: jail or fine paid to the government (not copyright
holder) where person infringes a copyright for commercial advantage or
private gain. For example, a person who makes multiple copies of a
and sell the copies.
Defining Cyber Crime
Defining cyber crimes, as "acts that are punishable by the Information
Technology Act" would be unsuitable as the Indian Penal Code also covers
many cyber crimes, such as email spoofing and cyber defamation, sending
threatening emails etc. A simple yet sturdy definition of cyber crime
would be "unlawful acts wherein the computer is either a tool or a
target or both".
This would include cheating, credit card frauds, money laundering etc.
To cite a recent case, a website offered to sell Alphonso mangoes at a
throwaway price. Distrusting such a transaction, very few people
responded to or supplied the website with their credit card numbers.
These people were actually sent the Alphonso mangoes. The word about
this website now spread like wildfire. Thousands of people from all over
the country responded and ordered mangoes by providing their credit
card numbers. The owners of what was later proven to be a bogus website
then fled taking the numerous credit card numbers and proceeded to spend
huge amounts of money much to the chagrin of the card owners.
This would include pornographic websites; pornographic magazines
produced using computers (to publish and print the material) and the
Internet (to download and transmit pornographic pictures, photos,
writings etc). Recent Indian incidents revolving around cyber
pornography include the Air Force Balbharati School case. A student of
the Air Force Balbharati School, Delhi, was teased by all his classmates
for having a pockmarked face. Tired of the cruel jokes, he decided to
get back at his tormentors. He scanned photographs of his classmates and
teachers, morphed them with nude photographs and put them up on a
website that he uploaded on to a free web hosting service. It was only
after the father of one of the class girls featured on the website
objected and lodged a complaint with the police that any action was
In another incident, in Mumbai a Swiss couple would gather slum children
and then would force them to appear for obscene photographs. They would
then upload these photographs to websites specially designed for
paedophiles. The Mumbai police arrested the couple for pornography.
Sale of illegal articles
This would include sale of narcotics, weapons and wildlife etc., by
posting information on websites, auction websites, and bulletin boards
or 167 simply by using email communication. E.g. many of the auction
sites even in India are believed to be selling cocaine in the name of
There are millions of websites; all hosted on servers abroad, that offer
online gambling. In fact, it is believed that many of these websites
are actually fronts for money laundering.
Intellectual Property crimes
These include software piracy, copyright infringement, trademarks
violations, theft of computer source code etc.
A spoofed email is one that appears to originate from one source but
actually has been sent from another source. E.g. Pooja has an e-mail
address firstname.lastname@example.org. Her enemy, Sameer spoofs her e-mail and
sends obscene messages to all her acquaintances. Since the e-mails
appear to have originated from Pooja, her friends could take offence and
relationships could be spoiled for life.
Email spoofing can also cause monetary damage. In an American case, a
teenager made millions of dollars by spreading false information about
certain companies whose shares he had short sold. This misinformation
was spread by sending spoofed emails, purportedly from news agencies
like Reuters, to share brokers and investors who were informed that the
companies were doing very badly. Even after the truth came out the
values of the shares did not go back to the earlier levels and thousandsof investors lost a lot of money.
Counterfeit currency notes, postage and revenue stamps, mark sheets etc
can be forged using sophisticated computers, printers and scanners.
Outside many colleges across India, one finds touts soliciting the sale
of fake mark sheets or even certificates. These are made using
and high quality scanners and printers. In fact, this has becoming a
booming business involving thousands of Rupees being given to student
gangs in exchange for these bogus but authentic looking certificates.
This occurs when defamation takes place with the help of computers and /
or the Internet. E.g. someone publishes defamatory matter about someone
on a website or sends e-mails containing defamatory information to all
of that person's friends.
In a recent occurrence, Surekha (names of people have been changed), a
young girl was about to be married to Suraj. She was really pleased
because despite it being an arranged marriage, she had liked the boy. He
had seemed to be open-minded and pleasant. Then, one day when she met
Suraj, he looked worried and even a little upset. He was not really
interested in talking to her. When asked he told her that, members of
his family had been receiving e-mails that contained malicious things
about Surekha's character. Some of them spoke of affairs, which she had
had in the past. He told her 168 that, his parents were justifiably very
upset and were also considering breaking off the engagement.
Fortunately, Suraj was able to prevail upon his parents and the other
elders of his house to approach the police instead of blindly believing
what was contained in the mails.
During investigation, it was revealed that the person sending those
was none other than Surekha's stepfather. He had sent these e-mails so
as to break up the marriage. The girl's marriage would have caused him
to lose control of her property of which he was the guardian till she
Another famous case of cyber defamation occurred in America. All friends
and relatives of a lady were beset with obscene e-mail messages
appearing to originate from her account. These mails were giving the
lady in question a bad name among her friends. The lady was an activist
against pornography. In reality, a group of people displeased with her
views and angry with her for opposing they had decided to get back at
her by using such underhanded methods. In addition to sending spoofed
obscene e-mails they also put up websites about her, that basically
maligned her character and sent e-mails to her family and friends
containing matter defaming her.
The Oxford dictionary defines stalking as "pursuing stealthily". Cyber
stalking involves following a person's movements across the Internet by
posting messages (sometimes threatening) on the bulletin boards
frequented by the victim, entering the chat-rooms frequented by the
victim, constantly bombarding the victim with emails etc.
Frequently Used Cyber Crimes
Unauthorized access to computer systems or networks
This activity is commonly referred to as hacking. The Indian law has
however given a different connotation to the term hacking, so we will
not use the term "unauthorized access" interchangeably with the term
Theft of information contained in electronic form
This includes information stored in computer hard disks, removable
storage media etc
Email bombing refers to sending a large number of emails to the victim
resulting in the victim's email account (in case of an individual) or
mail servers (in case of a company or an email service provider)
Some of the major email related crimes are:
1. Email spoofing
2. Sending malicious codes through email
3. Email bombing
4. Sending threatening emails
5. Defamatory emails
6. Email frauds
This kind of an attack involves altering raw data just before it is
processed by a computer and then changing it back after the processing
is completed. Electricity Boards in India have been victims to data
diddling programs inserted when private parties were computerizing their
These attacks are used for the commission of financial crimes. The key
here is to make the alteration so insignificant that in a single case it
would go completely unnoticed.
Denial of Service attack
This involves flooding a computer resource with more requests than it
can handle. This causes the resource (e.g. a web server) to crash
thereby denying authorized users the service offered by the resource.
Another variation to a typical denial of service attack is known as a
Distributed Denial of Service (DDoS) attack wherein the perpetrators are
many and are geographically widespread. It is very difficult to control
such attacks. The attack is initiated by sending excessive demands to
the victim's computer(s), exceeding the limit that the victim's servers
can support and making the servers crash.
Virus / worm attacks
Viruses are programs that attach themselves to a computer or a file and
then circulate themselves to other files and to other computers on a
network. They usually affect the data on a computer, either by altering
or deleting it. Worms, unlike viruses do not need the host to attach
themselves to. They merely make functional copies of themselves and do
this repeatedly till they eat up all the available space on a computer's
These are event dependent programs. This implies that these programs are
created to do something only when a certain event (known as a trigger
event) occurs. E.g. even some viruses may be termed logic bombs because
they lie dormant all through the year and become active only on a
A Trojan as this program is aptly called, is an unauthorized program
which functions from inside what seems to be an authorized program,
thereby concealing what it is actually doing.
Internet time thefts
This connotes the usage by an unauthorized person of the Internet hours
paid for by another person. In a case reported before the enactment of
the Information Technology Act, 2000 Colonel Bajwa, a resident of New
Delhi, asked a nearby net caf owner to come and set up his Internet
connection. For this purpose, the net caf owner needed to know his
username and password. After having set up the connection he went away
with knowing the present username and password. He then sold this
information to another net cafe. One week later Colonel Bajwa found that
his Internet hours were almost over. Out of the 100 hours that he had
bought, 94 hours had been used up within the span of that week.
Surprised, he reported the incident to the Delhi police. The police
could not believe that time could be stolen. They were not aware of the
concept of time-theft at all. Colonel Bajwa's report was rejected. He
decided to approach The Times of India, New Delhi. They, in turn carried
a report about the inadequacy of the New Delhi Police in handling cyber crimes. The
Commissioner of Police, Delhi then took the case into his own hands and
the police under his directions raided and arrested the net cafe owner
under the charge of theft as defined by the Indian Penal Code. The net
caf owner spent several weeks locked up in Tihar jail before being
This occurs when someone forcefully takes control of a website (by
cracking the password and later changing it). The actual owner of the
website does not have any more control over what appears on that website
In a recent incident reported in the USA the owner of a hobby website
for children received an e-mail informing her that a group of hackers
had gained control over her website.
Theft of computer system
This type of offence involves the theft of a computer, some part's of a
computer or a peripheral attached to the computer.
Physically damaging a computer system. This crime is committed by physically damaging a computer or its
Kids (age group 9-16 etc.)
It seems really difficult to believe but it is true. Most amateur
hackers and cyber criminals are teenagers. To them, who have just begun
to understand what appears to be a lot about computers, it is a matter
of pride to have hacked into a computer system or a website. There is
also that little issue of appearing really smart among friends. These
young rebels may also commit cyber crimes without really knowing that
they are doing anything wrong.
Hacktivists are hackers with a particular (mostly political) motive. In
other cases this reason can be social activism, religious activism, etc.The attacks on approximately 200 prominent Indian websites by a group
of hackers known as Pakistani Cyber Warriors are a good example of
political hacktivists at work.
One can hardly believe how spiteful displeased employees can become.
Till now they had the option of going on strike against their bosses.
Now, with the increase independence on computers and the automation of
processes, it is easier for disgruntled employees to do more harm to
their employers by committing computer related crimes, which can bring
entire systems down.
Professional hackers (corporate espionage)
Extensive computerization has resulted in business organizations storing
all their information in electronic form. Rival organizations employ
hackers to steal industrial secrets and other information that could be
beneficial to them. The temptation to use professional hackers for
industrial espionage also stems from the fact that physical presence
required to gain access to important documents is rendered needless if
hacking can retrieve those.
The World's Most Famous Hackers
His claim to fame is that this mathematician who graduated from St.
Petersburg Tekhnologichesky University was the brain behind the Russian
hacker gang that cheated Citibank's computers into giving out $10
million. Although his first use of a computer is unknown Vladimir was
allegedly using his office computer at AO Saturn, a computer firm in St.Petersburg, Russia, to break into Citibank
computers. Vladimir Levin was arrested at the Heathrow airport in 1995. Tools used
by him included computer, computer games and disks, a camcorder, music
speakers and a TV set all of which were found by the Russian police at
his apartment. During his trial, Levin alleged that one of his defence
lawyers was actually an FBI agent.
He was known to run the world's most popular re-mailer programme called
penet.fi. Surprisingly, this re-mailer, the busiest in the world, was run
on an ordinary 486 with a 200-megabyte hard drive. His other
idiosyncrasy was that he never tried to remain anonymous.The Finnish police raided Johan in 1995 due to a complaint by the Church
of Scientology that a penet.fi customer was posting the "church's"
secrets on the Net. At that time Johan had to abandon the re-mailer.
Kevin Mitnick alias on the Net was Condor. As a teenager Kevin Mitnick
could not afford his own computer. He would therefore go to a Radio
Shack store and use the models kept there for demonstration to dial into
other computers.One of the unusual things about Mitnick was that he used the Internet
Relay Chat (IRC) to send messages to his friends. A judge sentenced him
to one year in a residential treatment center. There, Kevin enrolled in
a 12-step program to rid him of what the judge also termed his "computer
addiction". Mitnick was immortalized when he became the first hacker to
have his face put on an FBI "most wanted" poster. His repeated offences
- and an image of a teenage hacker who refused to grow up - made him
The Lost Boy of Cyberspace.
He was known to the Internet community as "rtm". But he was
distinguished by much more than his fame as a hacker. He was the son of
the chief scientist at the National Computer Security Center -- part of
the National Security Agency (NSA), USA. In addition, this graduate from
Cornell University rocketed to fame because of the Internet worm, which
he unleashed in 1988, practically maiming the fledgling Internet.
Thousands of computers were infected and subsequently crashed. Suddenly,
the term "hacker" became common in every household in America.
Surprisingly, Robert's father is to be held responsible for introducing
him to the world of computers. He brought the original Enigma
cryptographic machines home from the NSA. Later, as a teenager, Morris
was recognized as a star user at the Bell Labs network where he had an
account. This recognition was due to his earlier forays into hacking.
Dennis Ritchie and Ken Thompson
He was also known as dmr and Ken were the legendary coders who designed
the UNIX system for mini-computers in 1969. They were the creative
geniuses behind Bell Labs' computer science operating group. UNIX really
helped users and soon became a standard language. One of the tools used
by them included Plan 9, the next-generation operating system, created
after UNIX by Rob Pike, their colleague at bell Labs. Dennis also has
the distinction of being the author of the C programming language.
Denial of Service Tools
Denial-of-service (or DoS) attacks are usually launched to make a
particular service unavailable to someone who is authorized to use it.
These attacks may be launched using one single computer or many
computers across the world. In the latter scenario, the attack is known
as a distributed denial of service attack. Usually these attacks do not
necessitate the need to get access into anyone's system.
These attacks have been getting decidedly more popular as more and more
people realize the amount and magnitude of loss, which can be caused
What are the reasons that a hacker may want to resort to a DoS attack?
He may have installed a Trojan in the victim's computer but needed to
have the computer restarted to activate the Trojan. The other good
reason also may be that a business may want to harm a competitor by
crashing his systems.
Denial-of-service attacks have had an impressive history having, in the
past, blocked out websites like Amazon, CNN, Yahoo and eBay. The attack
is initiated by sending excessive demands to the victim's computer's,
exceeding the limit that the victim's servers can support and making the
servers crash. Sometimes, many computers are entrenched in this process
by installing a Trojan on them; taking control of them and then making
them send numerous demands to the targeted computer. On the other side, the victim of such an attack may see many such
demands (sometimes even numbering tens of thousands) coming from
computers from around the world. Unfortunately, to be able to gain
control over a malicious denial-of-service attack would require tracing
all the computers involved in the attack and then informing the owners
of those systems about the attack. The compromised system would need to
be shut down or then cleaned. This process, which sounds fairly simple,
may prove very difficult to achieve across national and later
Even when the source(s) of the attack are traced there are many
which the victim may be faced with. He will need to inform all the
involved organizations in control of the attacking computers and ask
them to either clean the systems or shut them down. Across international
boundaries this may prove to be a titanic task. The staff of the
organization may not understand the language. They may not be present if
the attack were to be launched during the night or during weekends.
The computers that may have to be shut down may be vital for their
processes and the staff may not have the authority to shut them down.
The staff may not understand the attack, system administration, network
topology, or any number of things that may delay or halt shutting down
the attacking computer's. Or, more simply, the organization may not
have the desire to help.
If there are hundreds or even thousands of computers on the attack, with
problems like the ones mentioned above, the victim may not be able to
stop the attack for days by which time the damage would have been done.
His servers would be completely incapacitated to administer to so many
demands and consequently would crash.
It is very simple for anyone to launch an attack because
tools can easily be procured from the Net. The major versions of
distributed denial of service attack tools are Trinoo (or trin00), TFN,
TFN2K and Stacheldraht. Denial-of-Service tools allow the attackers to
automate and preset the times and frequencies of such attacks so that
the attack is launched and then stopped to be launched once again later.
This makes it very difficult, in fact almost impossible, to trace the
source of the attack.
These tools also provide another service by which the attacking computer
can change its source address randomly thereby making it seem as if the
attack is originating from many thousands of computers while in reality
there may be only a few. Distributed denial-of-service attacks are a
very perturbing problem for law enforcement agencies mainly because they
are very difficult to trace. In addition, usually these attacks are
directed towards very sensitive systems or networks sometimes even those
that are vital to national security. Sometimes, even when the
perpetrators can be traced, international extradition laws may prove to
be a hitch in bringing them under the authority of the law.
How Can We Prevent Computer Crime?
a. By Educating Everyone.
For example, users and systems operators; people who hold personal data
and the people about whom it is held; people who create intellectual
property and those who buy it; and the criminals. We must educate people to:
1. Understand how technology can be used to help or hurt others.
2. Think about what it would be like to be the victim of a computer
hacker or computer pirate.
b. By Practicing Safe Computing.
1. Always ask: Who has or may have access to my log-in address?
2. Remember: People such as computer hackers and pirates who hurt others
through computer technology are not "cool." They are breaking the law.