CYBER HACKING IN INDIA VIA SOCIAL MEDIA

A RESEARCH PAPER SUBMITTED TO AMITY LAW SCHOOL, DELHI

AFFILIATED TO GURU GOBIND SINGH INDRAPRASTHA UNIVERSITY IN
PARTIAL FULFILMENT OF
BACHELOR OF LAWS

Submitted By
HARSHITA SINGH
22310303812

AMITY LAW SCHOOL, DELHI

BLOCK F-1, SECTOR 125,
AMITY UNIVERSITY CAMPUS, NOIDA
UTTAR PRADESH- 2001303

CYBER HACKING IN INDIA VIA SOCIAL MEDIA

ABSTRACT

When people talk about hacking and social networking, they are not referring to the common definition of hacking, which is using malicious codes or backdoors in computer
network to damage systems or steal proprietary information. Hacking into social networks
requires very little technical skill. It's much more of a psychological game -- using
information on personal profiles to win a complete stranger's trust.
This type of hacking is called social engineering. Social engineering uses persuasive
psychological techniques to exploit the weakest link in the information security system.

Cyber Crimes are offences committed with the help of a communication devices with a
criminal intent to either tarnish harm the reputation of the victim or cause physical or
mental harm / loss to the victim directly or indirectly. The number of cyber-crimes in India
may almost get double-fold in 20165 as compared to the levels of last year. At present, the
number of cyber-crimes in India is nearly around 149,254 and is likely to cross the 300,000
by 20156 growing at compounded annual growth rate (CAGR) of about 107 percent. During
2011, 2012, 2013 and 2014 and 2015, the total numbers of cyber-crimes registered were
13,301, 22,060, 71,780 and 62,189 (till May) respectively, it said.

Cyber Crime: An Introduction

The scope of cybercrime can be classified into the following Cyber Crimes the following:
1. The crimes wherein computer is targeted. Examples of such crimes are hacking, virus
attacks, stealing of confidential information, etcetc.; and.
2. The crimes wherein computer is used as a tool. Examples of such crimes are publishing of
obscene material, phishing, impersonation, financial frauds, etc.

In India, law as to cyber-crimes is contained under Information Technology Act, 2000]. And
offences are specifically contained under Chapter 11 of the Information Technology Act Offences.In India, law as to cyber-crimes is contained under Information Technology Act,
2000. And offences are specifically contained under Chapter 11 of the Information
Technology Act - Offences. A cybercrime is defined in India as any unlawful act where a
computer is used as a tool or target or both and offenders are booked under the
Information Technology Act. However, according to the governments own admission
in Parliament in July, the rate of conviction is very low till now. To register a Cyber
Crime related complaint, the same should be lodged with a local police station or if
available, Cyber Crime Cell in your city. Every sixth Cybercrime in India is committed
through social media, Alok Mittal, the Chief of the National Investigation Agency (NIA)
has said. Though he did not divulge the basis of his findings, data from the National
Crime Records Bureau (NCRB) show around 70% rise in Cybercrimes annually between
2013 and 2015. In comparison, theft and robbery, which account for the highest
incidences of crime in India, show an annual growth of 17-18%. The number of
cybercrime cases reported across India in 2014 was a little more than 9,600, a mere
fraction of the estimated three lakh theft cases (that year). But the concern is an annual
growth of 70% for the last three years, Mittal said. In 2013, the number was 5,693.
Estimates for 2015 put the number of cybercrimes at 16,000. In recent years, Noida has
turned into a hub of Cyber-attacks in the national capital region. With 780 cases of
cybercrime reported in 2015, Noida saw the setting up of the Centre for Cyber Crime
Investigation in 2016. This is a menace that will only increase with the rising number
of internet users in India. Unless people learn to protect themselves, this cannot be
controlled, said Mittal.

Cyber experts said high rate of Cybercrime is natural in a country where technology
adoption is high but awareness is low. According to experts, economic fraud tops the
list of cybercrimes in India. Lottery and job scams are rampant. It has taken the form
of organized crime in India, said Mittal. Most of Cybercrime emanates is targeted
towards people with social media accounts since in India knowledge about security and
privacy protection is low, said Mrityunjay Kapoor, head of risk analysis at KPMG.
Generally, Cyber Crime in India has been into the following offences:

Cyber Bullying: It involves use of social networks to repeatedly harm or harass other
people in a deliberate manner. It mainly includes online harassment of school

children.
Cheating by Personation: Impersonation involves trying to assume the identity of

another, in order to commit fraud/cheating, including false who is of a website.

Identity Theft: Fraudulently or dishonestly make use of the electronic signature,

password or any other unique identification feature of any other person.

Obscene Material: Publishing material in the electronic form, which is lascivious or
appeals to the prurient interest including pictures of private area of any person or

sexual acts online.

Offensive/Harassing

Messages:

Sending

of

offensive

messages

through

communication devices and/or social media. In such crimes, mostly women are the

target.
Defamation: Online publishing of false statement that harms/damages the good
reputation of an individual, group of individuals, brand or a product. Consumer

Complaint websites are a good example here.

Cyber Extortion: Extortion is blackmailing another for obtaining, money,
property, or services online. For example, defaming a company on a website and

demanding money for removal of a complaint.

Hacking: Hacking is unauthorized attempts to bypass the security mechanisms
of an information system or network. It is provided under Section 66 of

Information Technology Act.

Virus Attacks: Viruses are spread by Cyber Criminals with an objective to hack
into a computer system and/or to steal confidential/sensitive information.
Publishing/Circulation of Rumors, especially hurting religious sentiments:
Social Media and Mobile messages are used as a tool to spread hatred messages,

which may result in violence in a state or a particular part of the country.

Phishing: The act of sending email that falsely claims to be from a legitimate
organization, specially Banks. This is usually combined with a request for

information: for example, that an account will close, a balance is due, or

information is missing from an account. The email will ask the recipient to
supply confidential information, such as bank account details, PINs or
passwords; these details are then used by the owners of the fake website to

conduct fraud.
IPR violations: This involves Software Piracy or otherwise Trademark and
Copyright violations like copying of an existing website and/or its content/text is
quite common, for which an injunction is required to be taken from court. Also
misrepresenting one business with third party's Trademark may be regarding

as cheating.
Skimming: It involves fitting an ATM machine with a skimmer device which
may reads and records the credit card details on to the device. It results in

misuse of credit card and fraud.

Financial Frauds: This may be as a direct result of the above crimes like
Hacking, Virus Attack, Extortion, Identity Theft, Skimming, etc. Cyberstalking:
Cyberstalking is the use of the Internet or other electronic means to stalk or
harass an individual, a group, or an organization. It may include false
accusations, defamation, monitoring, identity theft, threats, or gathering

information that may be used to threaten or harass.

Cyber Terrorism: A cyber-crime committed with an intent to threaten the unity,
integrity, security or sovereignty of India or to strike terror in the people or any
section of the people.

Effects of Cybercrime in India

History shows that the relationship between crime and technology is not new. Although the
hardware has changed across the span of time but the basic crime ideas remain same. The
significant change in modern time is on increase in personal computing power in a
globalized communication network. The networked technology has become more than
simply a force multiplier, because not only the ideas about committing a crime are
shared on a global scale, but these ideas are also put to practice across the global
network at a very fast speed. Internet is a set of social practices; it is the kind of
purpose to which we put the internet that creates the possibility of criminal and deviant
activities. The internet provides the means to link up the many and diverse networks
already in existence.

The sky of social networking is not presented without the dark clouds of people who gain
unlawfully or illegally by causing harm to the users who are the pigeons who wander the
web for their needs. There are many persons who have been affected personally because of
these acts. Amit Sahays worst nightmare came true when someone hacked into his
Facebook account and started posting pornographic content. Amit first warned his
friends and then tried changing his password. But when the hacking persisted, he was
forced to get a new account. Amits ordeal, however, is not an isolated case. For Amit, a
Bengaluru-based florist, the hacking of his FB account was scary. Whoever hacked
my account was putting me in a socially awkward situation and was trying to malign
my identity, he said.
Papri Das almost fell into a trap when she started receiving emails purportedly from
the Reserve Bank of India (RBI), pointing out tax irregularities and asking her to
pay her outstanding taxes. I thought I was in trouble and took the mail seriously. I
went back to check my tax filings and had nearly made up my mind to pay the
remaining taxes as mentioned in the mail, Das said. Only when she discussed with
friends and read an RBI advisory against such frauds that she blocked the mail ID.

Hacking and Social Engineering

Typically, hackers pose as someone else to gain information they otherwise cant access.
Hackers then take the information obtained from their victims and wreak havoc on
network resources, steal or delete files, and even commit industrial espionage or some
other form of fraud against the organization theyre attacking. Social engineering is
different from physical-security issues, such as shoulder surfing and dumpster diving,
but they are related.
The following is an example of social engineering:
False support personnel claim that they need to install a patch or new version of
software on a users computer, talk the user into downloading the software, and obtain
remote control of the system. False vendors claim to need to make updates to the
organizations accounting package or phone system, ask for the administrator
password, and obtain full access. False contest Web sites run by hackers gather user

IDs and passwords of unsuspecting contestants. The hackers then try those passwords
on other Web sites, such as Yahoo! and Amazon.com, and steal personal or corporate
information. 09 55784x Ch05.qxd 3/29/04 4:15 PM Page 55False employees notify the
security desk that they have lost their keys to the computer room, are given a set of
keys, and obtain unauthorized access to physical and electronic information.

Sometimes, social engineers act as forceful and knowledgeable employees, such as

managers or executives. Other times, they may play the roles of extremely uninformed
or nave employees. They often switch from one mode to the other, depending on whom
they are speaking to. Effective information security especially for fighting social
engineering begins and ends with your users. Other chapters in this book provide great
technical advice, but never forget that basic human communication and interaction also
affect the level of security. The candy-security adage is Hard crunchy outside, soft chewy
inside. The hard-crunchy outside is the layer of mechanisms such as firewalls,
intrusion-detection systems, and encryption that organizations rely on to secure
their information. The soft chewy inside is the people and the systems inside the
organization. If hackers can get past the thick outer layer, they can compromise the
(mostly) defenseless inner layer.

Social engineering is one of the toughest hacks, because it takes great skill to come
across as trustworthy to a stranger. Its also by far the toughest hack to protect against
because people are involved. Social engineering is an art and a science. It takes great
skill to perform social engineering as an ethical hacker and is dependent upon your
personality and overall knowledge of the organization youre testing. If social
engineering isnt natural for you, consider using the information in this chapter for
educational purposes at first until you have more time to study the subject. Social
engineering can harm peoples jobs and reputations, and confidential information
could be leaked. Proceed with caution and think before you act. These socialengineering techniques may be best performed by an outsider to the organization. If
youre performing these tests against your own organization, you may have difficulties
acting as an outsider if everyone knows you. This may not be a problem in larger
organizations, but if you have a small, close-knit company, people usually are on to
your antics. You can outsource social-engineering testing to a trusted consulting firm or
even have a colleague perform the tests for you. The key word here is trusted. If youre

involving someone else, you must get references, perform background checks, and have
the testing approved by management in writing beforehand.

A case study in social engineering with Ira Winkler; in this case study, Ira Winkler, a
world-renowned social engineer, was gracious in sharing an interesting study in social
engineering. The Situation Mr. Winklers client wanted a general temperature of the
organizations security awareness level. He and his accomplice went for the pot of gold
and tested the organizations susceptibility to social engineering. Getting started, they
scoped out the main entrance of the clients building and found that the
reception/security desk was in the middle of a large lobby and was staffed by a
receptionist. The next day, the two men walked into the building during the morning
rush while pretending to talk on cell phones. They stayed at least 15 feet from the
attendant and simply ignored her as they walked by. After they were inside the facility,
they found a conference room to set up shop. They sat down to plan the rest of the day
and decided a facility badge would be a great start. Mr. Winkler called the main
information number and asked for the office that makes the badges. He was forwarded
to the reception/security desk. He then pretended to be the CIO and told the person on
theother end of the line that he wanted badges for a couple of subcontractors. The
person responded, Send the subcontractors down to the main lobby. When Mr.
Winkler and his accomplice arrived, a uniformed guard asked what they were working
on, and they mentioned computers. The guard then asked them if they needed access to
the computer room! Of course they said, That would help. Within minutes, they both
had badges with access to all office areas and the computer operations center. They
went to the basement and used their badges to open the main computer room door.
They walked right in and were able to access a Windows server, load the user
administration tool, add a new user to the domain, and make the user a member of the
administrators group. Then they quickly left. The two men had access to the entire
corporate network with administrative rights within two hours! They also used the
badges to perform after-hours walkthroughs of the building. In doing this, they found
the key to the CEOs office and planted a mock bug there. The Outcome Nobody
outside the team knew what the two men did until they were told after the fact. After
the employees were informed, the guard supervisor called Mr. Winkler and wanted to
know who issued the badges. Mr. Winkler informed him that the fact that his area
didnt know who issued the badges was a problem in and of itself, and that he does not

disclose that information. How This Could Have Been Prevented According to Mr.
Winkler, the security desk should have been located closer to the entrance, and the
company should have had a formal process for issuing badges. In addition, access to
special areas like the computer room should require approval from a known entity.
After access is granted, a confirmation should be sent to the approver. Also, the server
screen should have been locked, the account should not have been logged on
unattended, and any addition of an administrator-level account should be audited and
appropriate parties should be alerted. Ira Winkler, CISSP, CISM, is considered one of
the worlds best social engineers. You can find more of his case studies in his book Spies
Among Us.

Bad guys use social engineering to break into systems because they can. They want
someone to open the door to the organization so that they dont have to break in and
risk getting caught. Firewalls, access controls, and authentication devices cant stop a
determined social engineer.
Most social engineers perform their attacks slowly, so theyre not so obvious and dont
raise suspicion.
The bad guys gather bits of information over time and use the information to create a
broader picture. Alternatively, some socialengineering attacks can be performed with a
quick phone call or e-mail. The methods used depend on the hackers style and
abilities.
Social engineers know that many organizations dont have formal data classification,
access-control systems, incident-response plans, and securityawareness programs.
Social engineers know a lot about a lot of things both inside and outside their target
organizations because it helps them in their efforts. The more information social
engineers gain about organizations, the easier it is for them to pose as employees or
other trusted insiders. Social engineers knowledge and determination give them the
upper hand over average employees who are unaware of the value of the information
social engineers are seeking.

The process of social engineering is actually pretty basic. In general, social engineers
find the details of organizational processes and information systems to perform their

attacks. With this information, they know what to pursue. Hackers typically perform
social-engineering attacks in four simple steps:
1. Perform research. 2. Build trust. 3. Exploit relationship for information through
words, actions, or technology. 4. Use the information gathered for malicious purposes.
These steps can include myriad substeps and techniques, depending on the attack being
performed.
Before social engineers perform their attacks, they need a goal in mind. This is the
hackers first step in this process, and this goal is most likely already implanted in the
hackers mind. What does the hacker want to accomplish? What is the hacker trying to
hack? Does he want intellectual property, server passwords, or security badges; or does
he simply want to prove that the companys defenses can be penetrated? In your efforts
as an ethical hacker performing social engineering, determine this goal before you
move forward.
Phone systems Hackers can obtain information by using the dial-by-name feature built
into most voice-mail systems. To access this feature, you usually just press 0
when calling into the companys main number or even someones desk. This trick
works best after hours to make sure that no one answers.
Hackers can protect their identifies if they can hide where theyre calling from. Here
are some ways that they can do that:
Residential phones sometimes can hide their numbers from caller ID. The code to hide
a residential phone number from a caller ID is *67. Just dial *67 before the number; it
blocks the source number. This feature is usually disabled when youre calling toll-free
(800, 888, 877) numbers. Business phones are more difficult to spoof from an office by
using a phone switch. However, all the hacker usually needs is the user guide and
administrator password for the phone-switch software. In many switches, the hacker
can enter the source number including a falsified number, such as the victims home
phone number.
Hackers find interesting bits of information, such as when their victims are out of
town, just by listening to voice-mail messages. They even study victims voices by
listening to their voice-mail messages or Internet presentations and Webcasts to
impersonate those people.
Building trust Trust so hard to gain, so easy to lose. Trust is the essence of social
engineering. Most humans trust other humans until a situation occurs that forces them

not to. We want to help one another, especially if trust can be built and the request for
help is reasonable. Most people want to be team players in the workplace and dont
know what can happen if they divulge too much information to a trusted source.
This is why social engineers can accomplish their goals. Of course, building deep trust
often takes time. Crafty social engineers gain it within minutes or hours. How do they
build trust?
Likability: Who cant relate to a nice person? Everyone loves courtesy. The friendlier
the social engineer without going overboard the better his chances of getting
what he wants. Social engineers often begin by establishing common interests. They
often use information they gained in the research phase to determine what the victim
likes and act as if they like those things as well. For instance, they can phone victims or
meet them in person and, based on information theyve learned about the person, start
talking about local sports teams or how wonderful it is to be single again. A few lowkey and well-articulated comments can be the start of a nice new relationship.
Believability: Of course, believability is based in part on the knowledge that social
engineers have and how likable they are. But social engineers also use impersonation
perhaps posing as a new employee or fellow employee that the victim hasnt met. They may
even pose as a vendor that does business with the organization. They often modestly claim
authority to influence people. The most common social-engineering trick is to do something
nice so that the victim feels obligated to be nice in return or to be a team player for the
organization.
Exploiting the relationship After social engineers obtain the trust of their unsuspecting
victims, they coax them into divulging more information than they should. Whammo
they can go in for the kill. They do this through face-to-face or electronic
communications that victims feel comfortable with, or they use technology to get
victims to divulge information.
Deceit through words and actions Wily social engineers can get inside information
from their victims many ways. They are often articulate and focus on keeping their
conversations moving without giving their victims much time to think about what
theyre saying. However, if theyre careless or overly anxious during their socialengineering attacks, the following tip-offs may give them away:
Acting overly friendly or eager Mentioning names of prominent people within the
organization

Bragging about authority within the organization

Threatening

reprimands if requests arent honored Acting nervous when questioned (pursing the

lips and fidgeting especially the hands and feet, because more conscious effort is
required to control body parts that are farther from the face) Overemphasizing details
Physiological changes, such as dilated pupils or changes in voice pitch Appearing
rushed

Refusing to give information

Volunteering information and answering

unasked questions Knowing information that an outsider should not have A known
outsider using insider speech or slang
Asking strange questions Misspelling words in written communications

Punishment For Hacking And Damage

According to the Section: 43 of Information Technology Act, 2000 whoever destroys,
deletes, alters and disrupts or causes disruption of any computer with the intention of
damaging of the whole data of the computer system without the permission of the owner of
the computer, shall be liable to pay fine upto 1 crore to the person so affected by way of
remedy.
According

to

the

Section:43A

which

is

inserted

by

Information

Technology(Amendment) Act, 2008 where a body corporate is maintaining and

protecting the data of the persons as provided by the central government, if there is
any negligent act or failure in protecting the data/ information then a body corporate
shall be liable to pay compensation to person so affected. And Section 66 deals with
hacking with computer system and provides for imprisonment up to 3 years or fine,
which may extend up to 2 years or both.
For Teens and First Time Cyber Crime Offenders; usually teens involve in this crime
unknowingly or which according to them is fun. So, recently it was proposed by Home
Ministry and IT department that first-time offenders will be handled with leniency and with
remedies like warning, counseling and parental guidance.
Many people feel that the legal proceedings initiated against a young or first-time offender,
expose him to social disgrace and adversely affect his studies and career. So even
though the court decides the intensity of punishment, people want government to make
a soft law, which would essentially help a first-time offender, who committed the act
without any pure intention. (via Silicon India)

Cyber Crimes in India

Cyber Crime in India Reliable sources report that during the year 2005, 179 cases were
registered under the I.T. Act as compared to 68 cases during the previous year, reporting the
significant increase of 163% in 2005 over 2004. (Source: Karnika Seth - Cyber lawyer &
Consultant practicing in the Supreme Court of India and Delhi High Court) Some of the
cases are the BPO, Mphasis Ltd. case of data theft, the DPS MMS case, Pranav Mitra's
email spoofing fraud. Some Professions giving birth to Cyber Crimes are classified as
follows:
1. IT or Tech Professionals Since Cyber Crime is all about computers and Networks
(Internet), many types of IT & Technology professionals are quite prominently active in
the same, which include but are not restricted to:
Network Engineers
Cyber Security Software Professionals
Cyber Forensic Experts
IT Governance Professionals
Certified Internet Security Auditors
Ethical Hackers
2. Cyber Law Experts Cyber Law has become a multidisciplinary approach and hence
specialization in handling cybercrimes is required. Cyber law experts handle:
Patent and Patent Infringements or other Business Cyber crimes
Cyber Security for Identity thefts and Credit Cards and other Financial
transactions
General Cyber Law
Online Payment Frauds
Copyright Infringement of software, music and video
3. Cyber Law Implementation Professionals Many agencies play a role in cyber law
implementation, which include the e-Governance agencies, law and enforcement
agencies, cybercrime research cells and cyber forensic labs. Each of these would have a
different category of professionals.

The Challenge of Cyber Crime in India: The Role of Government Dr.

AtulBamrara

Nascent personal computers, high-bandwidth wireless networking technologies and the

pervasive use of the internet have transformed the style of performing business. The IT
infrastructure provides transmission and storage of gigantic amounts of critical
information used in each domain of society and it enables government agencies to
speedily interact with each other as well as with industry, citizens, state, local
governments and across international boundaries. The paper focuses on an assortment
of concerns related to cybercrime and the role of Government to combat the issue.
Further findings draw attention to array of cybercrime which is not covered in the IT
Act. The Internet is primarily conscientious for developing and enriching global
commerce to previously implausible heights, fostering remarkable advancements in
education and healthcare, and facilitating worldwide communication that was once
perceived to be limited and costly (McFarlane and Bocij 2003; Jaishankar and
Umasankary 2005). However, the Internet, with its immeasurable size and previously
unimaginable capabilities, has a gloomy side in that it has opened windows of
previously unknown criminal opportunities that not only challenge, but also transcend
all physical boundaries, borders, and limitations to sense, rebuke and diminish what
appears to be a growing social problem of global proportions. The concept of
cybercrime is not radically different from the concept of conventional crime. Both
include conduct whether act or omission, which cause breach of rules of law
counterbalanced by the sanction of the state. Computer crime or cybercrime refers to
any crime that involves a computer and a network (Moore 2005). The computer may
have been used in the commission of a crime, or it may be the target (Kruse andHeiser
2002). Cyber Crime is criminal activity done using computers and the Internet. This
includes anything from downloading illegal music files to stealing millions of dollars
from online bank accounts (techterms.com). Cyber Crime also includes non-monetary
offences, such as creating and distributing viruses on other computers or posting
confidential business information on the Internet. The computer may however be a
target for unlawful acts in the following
cases- unauthorized access to computer/ computer system/ computer networks, theft of
information contained in electronic form, e-mail bombing, data diddling, salami
attacks, logic bombs, Trojan attacks, internet time thefts, web jacking, theft of
computer system, physically damaging the computer system. Symantec defines
cybercrime as any crime that is committed using a computer or network, or hardware
device. The computer or device may be the agent of the crime, the facilitator of the

crime, or the target of the crime. The crime may take place on the computer alone or in
addition to other locations. Cyber Crime Challenge Cyber crime is the hottest and
conceivably the most complicated problem in the cyber world. Industry, government
and indeed society are becoming vitally dependent on IT (Anderson 1994; Apt and
Olderog 1997). This dependence is illustrated by the serious concerns which are now
being caused by residual Year 2000 bugs. Seeing that even these conceptually-simple
software faults are demanding massive resources, we must be concerned about the
much more difficult effects of cyber crimes, malicious activities by hackers or
organizations seeking to exploit or disrupt an IT system, for mischief, financial gain, or
more sinister motives (Benjamin 1990). Deloitte (2010) revealed a serious lack of
awareness and a degree of complacency on the part of IT organizations and perhaps
security officers, vis-vis the threat of cyber crime. Much of this belief is predicated on
the notion that cyber crime technologies and techniques are so effective at eluding
detection that the actual extent of the problem may be grossly underestimated. The
cyber criminals constitute of various groups/ category. Today's cyber criminals are
increasingly adroit at gaining undetected access and maintaining a persistent, lowprofile, long-term presence in IT environments. Meanwhile, many organizations may
be leaving themselves vulnerable to cyber crime based on a false sense of security.
Cyber criminals are generally computer professionals or computer-literate persons and
are not history sheeters and mostly without previous criminal record (Kumar 2002).
Studies also show that the threat is mostly from employees or from those with access to
the system, such as maintenance personnel, hardware and software vendors, etc.
However, external threats via remote access have shown an increasing trend. The
Internet is now available in over two hundred countries and because of its borderless
nature. Crimes may be committed through communications that are routed through a
number of different countries (U. S. Department of Justice 2000). Although cyber
crimes cells have been set up in major cities of the nation but most cases of Spamming,
Hacking, Phishing, Vishing remain unreported due to the lack of awareness among
internet users and employees of financial institutions.
We'll talk about setting up online profiles along with how to avoid being hacked. We'll
also focus on specific social networking groups from those for Information technology
professions to ones geared at sneakerheads.
Check out the next page to find out how to set up social-networking profiles.

Before you can make an online connection, you need to create a profile on a socialnetworking site. You'll be asked to choose a login name and password. Once you've
created those, you'll be asked for some basic personal information, such as your name,
sex, age, location and any hobbies or special interests.
You can personalize your profile by adding photos, music or video files. Just remember
that your profile is the image you're presenting to the online world. But on most sites
you also maintain control over who can view your full profile.

When creating a profile page on a social network, many people fail to consider the
possible security risks. The more personal and professional information you include on
your public profile, the easier it is for a hacker to exploit that information to gain your
trust.
Let's say you're an engineer and you blog about one of your current projects on your
Facebook page. A hacker can use that information to pose as an employee from that
company. He has your name and your position in the company, so you're liable to trust
him. Now he can try to get a password out of you or proprietary information that he
can sell to your competitors.
The security advantage of most online social networks is that only your "friends" or
members of your network can see your complete profile. That's only effective if you're
extremely selective about whom you include in your network. If you accept invitations
from absolutely everyone, one of those people may potentially be a hacker.
The problem with online social networks is that they have no built-in authentication
system to verify that someone is indeed who they say they are. A hacker can create a
free profile on a site like LinkedIn, designing his profile to match perfectly with the
business interests of his target. If the target accepts the hacker as a connection, then
the hacker suddenly has access to information on all of the target's other connections.
With all that information, it's possible to construct an elaborate identity theft scam.
To fight back against social engineering, the key is awareness. If you know that social
engineering hackers exist, you'll be more careful about what you post on your online
profiles. And if you're familiar with common social engineering scams, you'll recognize
a con when it's happening instead of when it's too late.
On the next page, we'll talk about social-networking sites for information technology
professionals.

Information Technology has grown tremendously during the last two decades and
became the main source of knowledge and as a result, cyber-crime in India are on the
rise .The major attacks are on ICT infrastructure, online fraud, child pornography,
hacking and Cracking and intellectual property rights violation etc. Cybercrimes also
poses a great threat to the national security of all countries, and sometimes leads to a
great loss in financial stability. Nortons Cyber Crime Report 2011 reveals that India
loses approximately INR 34110 corers annually due to cyber related crimes [3]. India's
prominent role in the IT global market has become one of the compelling priorities for
the country to provide secure computing environment, adequate trust and confidence
in electronic transactions by creation of suitable cyber security policy in the country.
The IT policies of India requires constant updation and also provide awareness about
various types of cyber-attack and its consequences in individual, organizations,
Industry and nationwide.

Types Of Cyber Crime

i. Cyber Stalking/Online harassment: When a victim is repeatedly and persistently

followed and pursued online by e-mail or other electronic communication by offenders
that may negatively impact a victim's livelihood, well-being, and mental or emotional
state.
ii. Cyber Bullying: Acts of harassment, embarrassment, taunting, insulting or
threatening behavior towards a victim by using internet, e-mail or other electronic
communication device.
iii. Hacking: It is an electronic intrusion, or gaining access to resources like computer,
e-mail or social networking accounts such as Face book, Gmail, and Hotmail etc. via a
computer or network resource without permission.
iv. Identity Theft: When someone appropriates personal information without his or her
knowledge to commit theft or fraud.
v. Computer Fraud: Computer or Internet fraud is any type of fraud scheme that uses
one or more components of the Internet-such as chat rooms, e-mail, message boards, or

Web sites to present fraudulent transactions or to transmit the proceeds of fraud to

financial institutions or to others.
vi. Credit/Debit Card Fraud: It is the unauthorized use of a credit/debit card to
fraudulently obtain money or property. Credit/debit card numbers can be stolen from
unsecured web sites, or can be obtained in an identity theft scheme.
vii. Spoofing: It is a technique whereby a fraudster pretends to be someone else email
or web site. This is typically done by copying the web content of a legitimate web site to
the fraudsters newly created fraudulent web site.
viii. Phishing: It refers to the scheme whereby the perpetrators use the spoofed web
sites in an attempt to dope the victim into divulging sensitive information, such as
passwords, credit card and bank account numbers. The victim, usually via email is
provided with a hyperlink that directs hi/her to a fraudster's web site. This fraudulent
web site's name closely resembles the true name of the legitimate business.
ix. Denial of Service: A denial of service attack is a targeted effort to disrupt a
legitimate user of a Service from having access to the service. Offenders can limit or
prevent access to services by overloading the available resources, changing the
configuration of the service's data, or physically destroying the available connections to
the information
x. Spam: It is the distribution of bulk e-mail that offers recipients deals on products or
services.
xi. Malicious Programs/Viruses: Viruses and malicious programs can potentially
impact a massive amount of individuals and resources. These programs are intended to
cause electronic resources to function abnormally and may impact legitimate users
access to computer resources.
xii. Cyber terrorism: It is the adaptation of terrorism to computer resources, whose
purpose is to cause fear in its victims by attacking electronic resources.
xiii. Online Child Pornography: Online child pornography is defined by paedophiles
using computer resources to distribute illegal media of and to minors, as well as
engaging in actions to sexually exploit children. Unwanted exposure to sexually explicit
material: When a criminal sends pictures, videos, sound clips cartoons or animations
depicting sexual contents by e-mail or any other electronic means. This would include
audio or video chat using web camera etc.

Recent Cyber Crimes in India In January 2013, two residents of Chandigarh received
credit card bills for shopping done in Mumbai and Hyderabad. The money was
deducted from their accounts before they could even approach the bank. People are
losing money by making payments at petrol pumps in Chandigarh city. Nearly 55cases
of skimming have been reported from petrol pumps in Chandigarh over the last six
months. In these cases, miscreants cloned the cards and shopped at faraway places
such as Mumbai and Hyderabad. The scam is worth lakhs [8]. In April, 2012, a gang of
fraudsters were arrested in Hyderabad for skimming and cloning credit and debit
cards using a complex modus operandi of hacking international IP addresses, internet
hawala,and spying and electronic data theft. The racket came to light in May 2011
when people who visited two malls complained that huge amounts were withdrawn
from their accounts. The gang succeeded in skimming off 4 to 5 core INR from
unsuspecting credit and debit card holders across the country from Hyderabad to
Delhi, Kolkata to Bangalore. They used 15 point of sale (electronic draft capture)
skimming machines, one ATM data skimming machine, ATM dome cameras, electronic
magnetic writers, card printers and ATM pin pad skimmer machines and even placed
spy cameras at ATMs which picked up the PINs of users.[4] In 2013, the customer data
of a reputed private insurance company was stolen by three people and used for
negative publicity of the company, its policies and schemes. These individuals were
owners of a rival company and indulged in corporate espionage. They breached the
Information and Technology Act and section 379 of the Indian Penal Code for omitting
theft of customer data. [3] Cyber Crime Investigation Cell, C.B.,C.I.D., Mumbai had
detected a racket wherein educated cyber criminals have adopted the innovative way of
E-Cheating by using the details of stolen Credit Cards. One financial Institute
registered a crime stating that some persons (perpetrators) have perpetrated certain
acts through misleading emails ostensibly emanating from ICICI Banks email ID.
Such acts have been perpetrated with intent to defraud the Customers.The
Investigation was carried out with help of those emails received by the customers of
that financial Institute and arrested the accused, the place of offence at Vijayawada
was searched for the evidence. The arrested accused had used open source code email
application software for sending spam emails. He has down loaded the same software
from net and then used it as it is. He used only VSNL emails to spam the email to
customers of financial Institute because VSNL email service provider do not have spam
box to block the unsolicited emails. The financial Institute customers those who have

received his email felt that the email was originated from the financial Institute bank.
When they filled the confidential information and submitted that time said information
was directed to accused. This was possible because the dynamic link was given in the
Home page of the fake web site. The dynamic link means when people click on the link
provided in spamming email that time only the link will be activated. The dynamic link
was coded by handling the Internet Explorer Onclick () event and the information of
the form will be submitted to the web server (Where the fake web site is hosted). Then
server will send he data to configured email address and in this case email configured
was to the accused email .So on submission of the confidential information the
information was directed to email ID accused email .The all the information after
phishing (user name, password, Transaction password, Debit card Number and PIN,
mothers maiden name which he had received through Wi-Fi internet connectivity of
Reliance.com which was available on his Acer Lap Top. Mumbai police have arrested a
hacker for hacking into a financial website. Although the hacker couldnt break into
the main server of the financial institution, which was well secured by the financial
institution. The accused person could make some addition to the home page of the
financial website and has added a string of text to the news module of the home page of
the website. Police were able to crack the case by following the trace left by the hacker
on the web server of the financial institution. The financial institution has maintained a
separate server for financial online transactions, for which utmost security has been
taken by the financial institution. The website was hosted on a different server which
comparatively had lesser security.

The most popular form of social media is social networking, which consists of websites
that allow users to create an online profile in which users post up-to-the-minute
personal and professional information about their lives that can include pictures,
videos, and related content. Websites under this category include Facebook, LinkedIn,
Twitter, and the now nearly defunct Myspace. Social networking is a potential gold mine
for criminals who leverage the users personal details into financial opportunity.
Burglary: Simplified The classic example of exploitation on social networking sites
involves the perpetrator perusing users profiles and looking for potential victims in the
vicinity who wont be home. For instance, Facebook users can post that they will be
out for the evening, which gives potential thieves a large time window to burgle the
property. Stories of this nature are appearing in the media6 and serve as a reminder

that users are not as cautious as they should be with their personal information. The
thieves are sometimes caught by using stolen wares that are unique in some way. For
example, a recent investigation in New Hampshire ended when thieves who used
Facebook to profile victims were caught using a very peculiar type of firework that
was recently taken in a burglary. An off-duty officer investigated firework explosions
he could hear in the distance. The fireworks were stolen in the series of break-ins over
the prior month.7 CONTACT: Research Section 5000 NASA Blvd., Suite 2400 Fairmont,
WV 26554 Ph: 877-628-7674 Fax: 304-366-9095 Web: www.nw3c.org Other social
networking applications, such as foursquare and Gowalla, are primarily locationbased networks. Users of these networks are rewarded for posting their locations
frequently and are given temporary titles while at their locationfor example, posting
that youre having a cup of coffee at Starbucks could make you the Mayor of
Starbucks.8 As before, posting your location allows perpetrators the perfect window
to commit a burglary, vandalism, or a home invasion. Social Engineering & Phishing
Not surprisingly, the majority of crimes on social networking sites are cyber based, and
many of them use a technique called social engineering. In a classical sense, social
engineering refers to the social manipulation of large groups of people to meet political or
economic ends. Today, its taken on an additional meaning in the cyber security world. For
our purposes, social engineering refers to gaining access to information by exploiting human
psychology.9 A classic example of this starts with a friend on your network sending you a
message asking for a quick loan to get car repairs so he/she can get home for work on
Monday, and ends with you finding out a few days later that your friend never needed car
repairs and that the person you transferred money to was a scam artist. This form of social
engineering is surprisingly easy to achieve, and because of it, the computer security firm
Trend Micro calls Facebook a minefield of scams.10 All that is needed by the
scammer is the username and password of one member of a network and a little practice in
writing letters that sound urgent to inspire friends to aid you. All the while the scammer is
vague enough not to reveal the impersonation. Even if only a few friends on the list are
duped, the return on investment for the scammer is quite high. Social engineering isnt
limited to social networking. A recent case involved the software company Oracle. During
a convention, a contest was held to demonstrate the dangers of social engineering. Several
hackers posed as IT professionals and asked company employees to hand over data and
visit websites as part of routine IT protocol. Oracle employees as well as many
others were frighteningly compliant in the demonstration.11 One popular technique of

social engineering is called phishing. Phishing involves making attempts to acquire

passwords, account numbers, and related information; this information is often used to
commit identity theft. The term phishing is a play on fishing, in which perpetrators
send out many (sometimes millions) of emails with the hopes of getting bites in
return. The victimization rate that results is usually somewhere in the 0.5% to 1%
range.12 Despite the low success rate, criminals continue to send out emails that look
like legitimate concerns over account security or sale reminders from your favorite
retailer.13 Microsoft has recently reported that phishing attacks are up over 1200%
from 8.3% phishing attacks to 84.5% phishing attacks just over the course of 2010.14
Malware Last, social networking offers golden opportunities for virus and malware
developers. Users clicking on links, opening attachments, and responding to messages on
networks can become victims without knowing it, resulting in adware, viruses, and malware
being loaded onto their machines. In December 2010, antivirus developer Sophos reported
that 40% of social network users had encountered malicious attacks.15 Microsoft released
their own study in the spring of 2011, stating that rogue software was found on 19 million
PCs.16 Additionally, the business world is concerned that their employees online behavior
could be putting their network security at risk. Sophos 2010 Security Report surveyed
over 500 organizations and found that 72% were concerned that social networking
endangered their security.

Conclusion
The growth of cybercrime is very high in India. The proper education about
cybercrime and preventive measures are needed to reduce cybercrime. Here we are
representing the cybercrimes cases occurred during the 2010 to 2013 and find out the
results which is continuously increase the cybercrimes cases every year. Web related
crimes are in an increasing manner. Most of them use built in software to do the crime.
Similar way 80% of students below 20 not knows about IT Act. Proper education of IT
Act is also needed for decreasing the crime rate in India. It is strongly state that
cybercrime investigation and law enforcement is the largest challenge in the area of
investigation. The main challenge of the cybercrime is the availability of readymade
hacking tools that are used for different types of cyber related to crime. (ADD ABOUT
SOCIAL NETWORKING)

REFERENCES

1.http://computer.howstuffworks.com/internet/social-networking/information/howonline-social-networks-work3.htm
2.CYBER CRIME: A CONCEPTUAL AND THEORETICAL FRAMEWORK
3.HACKING FOR DUMMIES by Kevin Beaver Foreword by Stuart McClure
4.Cyber Hacking: Wars in Virtual Space
5.Shrivastav et al., International Journal of Advanced Research in Computer Science
and Software Engineering 3(7),July - 2013, pp. 414-4192013