Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Submitted By
HARSHITA SINGH
22310303812
ABSTRACT
When people talk about hacking and social networking, they are not referring to the common definition of hacking, which is using malicious codes or backdoors in computer
network to damage systems or steal proprietary information. Hacking into social networks
requires very little technical skill. It's much more of a psychological game -- using
information on personal profiles to win a complete stranger's trust.
This type of hacking is called social engineering. Social engineering uses persuasive
psychological techniques to exploit the weakest link in the information security system.
Cyber Crimes are offences committed with the help of a communication devices with a
criminal intent to either tarnish harm the reputation of the victim or cause physical or
mental harm / loss to the victim directly or indirectly. The number of cyber-crimes in India
may almost get double-fold in 20165 as compared to the levels of last year. At present, the
number of cyber-crimes in India is nearly around 149,254 and is likely to cross the 300,000
by 20156 growing at compounded annual growth rate (CAGR) of about 107 percent. During
2011, 2012, 2013 and 2014 and 2015, the total numbers of cyber-crimes registered were
13,301, 22,060, 71,780 and 62,189 (till May) respectively, it said.
The scope of cybercrime can be classified into the following Cyber Crimes the following:
1. The crimes wherein computer is targeted. Examples of such crimes are hacking, virus
attacks, stealing of confidential information, etcetc.; and.
2. The crimes wherein computer is used as a tool. Examples of such crimes are publishing of
obscene material, phishing, impersonation, financial frauds, etc.
In India, law as to cyber-crimes is contained under Information Technology Act, 2000]. And
offences are specifically contained under Chapter 11 of the Information Technology Act Offences.In India, law as to cyber-crimes is contained under Information Technology Act,
2000. And offences are specifically contained under Chapter 11 of the Information
Technology Act - Offences. A cybercrime is defined in India as any unlawful act where a
computer is used as a tool or target or both and offenders are booked under the
Information Technology Act. However, according to the governments own admission
in Parliament in July, the rate of conviction is very low till now. To register a Cyber
Crime related complaint, the same should be lodged with a local police station or if
available, Cyber Crime Cell in your city. Every sixth Cybercrime in India is committed
through social media, Alok Mittal, the Chief of the National Investigation Agency (NIA)
has said. Though he did not divulge the basis of his findings, data from the National
Crime Records Bureau (NCRB) show around 70% rise in Cybercrimes annually between
2013 and 2015. In comparison, theft and robbery, which account for the highest
incidences of crime in India, show an annual growth of 17-18%. The number of
cybercrime cases reported across India in 2014 was a little more than 9,600, a mere
fraction of the estimated three lakh theft cases (that year). But the concern is an annual
growth of 70% for the last three years, Mittal said. In 2013, the number was 5,693.
Estimates for 2015 put the number of cybercrimes at 16,000. In recent years, Noida has
turned into a hub of Cyber-attacks in the national capital region. With 780 cases of
cybercrime reported in 2015, Noida saw the setting up of the Centre for Cyber Crime
Investigation in 2016. This is a menace that will only increase with the rising number
of internet users in India. Unless people learn to protect themselves, this cannot be
controlled, said Mittal.
Cyber experts said high rate of Cybercrime is natural in a country where technology
adoption is high but awareness is low. According to experts, economic fraud tops the
list of cybercrimes in India. Lottery and job scams are rampant. It has taken the form
of organized crime in India, said Mittal. Most of Cybercrime emanates is targeted
towards people with social media accounts since in India knowledge about security and
privacy protection is low, said Mrityunjay Kapoor, head of risk analysis at KPMG.
Generally, Cyber Crime in India has been into the following offences:
Cyber Bullying: It involves use of social networks to repeatedly harm or harass other
people in a deliberate manner. It mainly includes online harassment of school
children.
Cheating by Personation: Impersonation involves trying to assume the identity of
Messages:
Sending
of
offensive
messages
through
communication devices and/or social media. In such crimes, mostly women are the
target.
Defamation: Online publishing of false statement that harms/damages the good
reputation of an individual, group of individuals, brand or a product. Consumer
conduct fraud.
IPR violations: This involves Software Piracy or otherwise Trademark and
Copyright violations like copying of an existing website and/or its content/text is
quite common, for which an injunction is required to be taken from court. Also
misrepresenting one business with third party's Trademark may be regarding
as cheating.
Skimming: It involves fitting an ATM machine with a skimmer device which
may reads and records the credit card details on to the device. It results in
History shows that the relationship between crime and technology is not new. Although the
hardware has changed across the span of time but the basic crime ideas remain same. The
significant change in modern time is on increase in personal computing power in a
globalized communication network. The networked technology has become more than
simply a force multiplier, because not only the ideas about committing a crime are
shared on a global scale, but these ideas are also put to practice across the global
network at a very fast speed. Internet is a set of social practices; it is the kind of
purpose to which we put the internet that creates the possibility of criminal and deviant
activities. The internet provides the means to link up the many and diverse networks
already in existence.
The sky of social networking is not presented without the dark clouds of people who gain
unlawfully or illegally by causing harm to the users who are the pigeons who wander the
web for their needs. There are many persons who have been affected personally because of
these acts. Amit Sahays worst nightmare came true when someone hacked into his
Facebook account and started posting pornographic content. Amit first warned his
friends and then tried changing his password. But when the hacking persisted, he was
forced to get a new account. Amits ordeal, however, is not an isolated case. For Amit, a
Bengaluru-based florist, the hacking of his FB account was scary. Whoever hacked
my account was putting me in a socially awkward situation and was trying to malign
my identity, he said.
Papri Das almost fell into a trap when she started receiving emails purportedly from
the Reserve Bank of India (RBI), pointing out tax irregularities and asking her to
pay her outstanding taxes. I thought I was in trouble and took the mail seriously. I
went back to check my tax filings and had nearly made up my mind to pay the
remaining taxes as mentioned in the mail, Das said. Only when she discussed with
friends and read an RBI advisory against such frauds that she blocked the mail ID.
Typically, hackers pose as someone else to gain information they otherwise cant access.
Hackers then take the information obtained from their victims and wreak havoc on
network resources, steal or delete files, and even commit industrial espionage or some
other form of fraud against the organization theyre attacking. Social engineering is
different from physical-security issues, such as shoulder surfing and dumpster diving,
but they are related.
The following is an example of social engineering:
False support personnel claim that they need to install a patch or new version of
software on a users computer, talk the user into downloading the software, and obtain
remote control of the system. False vendors claim to need to make updates to the
organizations accounting package or phone system, ask for the administrator
password, and obtain full access. False contest Web sites run by hackers gather user
IDs and passwords of unsuspecting contestants. The hackers then try those passwords
on other Web sites, such as Yahoo! and Amazon.com, and steal personal or corporate
information. 09 55784x Ch05.qxd 3/29/04 4:15 PM Page 55False employees notify the
security desk that they have lost their keys to the computer room, are given a set of
keys, and obtain unauthorized access to physical and electronic information.
Social engineering is one of the toughest hacks, because it takes great skill to come
across as trustworthy to a stranger. Its also by far the toughest hack to protect against
because people are involved. Social engineering is an art and a science. It takes great
skill to perform social engineering as an ethical hacker and is dependent upon your
personality and overall knowledge of the organization youre testing. If social
engineering isnt natural for you, consider using the information in this chapter for
educational purposes at first until you have more time to study the subject. Social
engineering can harm peoples jobs and reputations, and confidential information
could be leaked. Proceed with caution and think before you act. These socialengineering techniques may be best performed by an outsider to the organization. If
youre performing these tests against your own organization, you may have difficulties
acting as an outsider if everyone knows you. This may not be a problem in larger
organizations, but if you have a small, close-knit company, people usually are on to
your antics. You can outsource social-engineering testing to a trusted consulting firm or
even have a colleague perform the tests for you. The key word here is trusted. If youre
involving someone else, you must get references, perform background checks, and have
the testing approved by management in writing beforehand.
A case study in social engineering with Ira Winkler; in this case study, Ira Winkler, a
world-renowned social engineer, was gracious in sharing an interesting study in social
engineering. The Situation Mr. Winklers client wanted a general temperature of the
organizations security awareness level. He and his accomplice went for the pot of gold
and tested the organizations susceptibility to social engineering. Getting started, they
scoped out the main entrance of the clients building and found that the
reception/security desk was in the middle of a large lobby and was staffed by a
receptionist. The next day, the two men walked into the building during the morning
rush while pretending to talk on cell phones. They stayed at least 15 feet from the
attendant and simply ignored her as they walked by. After they were inside the facility,
they found a conference room to set up shop. They sat down to plan the rest of the day
and decided a facility badge would be a great start. Mr. Winkler called the main
information number and asked for the office that makes the badges. He was forwarded
to the reception/security desk. He then pretended to be the CIO and told the person on
theother end of the line that he wanted badges for a couple of subcontractors. The
person responded, Send the subcontractors down to the main lobby. When Mr.
Winkler and his accomplice arrived, a uniformed guard asked what they were working
on, and they mentioned computers. The guard then asked them if they needed access to
the computer room! Of course they said, That would help. Within minutes, they both
had badges with access to all office areas and the computer operations center. They
went to the basement and used their badges to open the main computer room door.
They walked right in and were able to access a Windows server, load the user
administration tool, add a new user to the domain, and make the user a member of the
administrators group. Then they quickly left. The two men had access to the entire
corporate network with administrative rights within two hours! They also used the
badges to perform after-hours walkthroughs of the building. In doing this, they found
the key to the CEOs office and planted a mock bug there. The Outcome Nobody
outside the team knew what the two men did until they were told after the fact. After
the employees were informed, the guard supervisor called Mr. Winkler and wanted to
know who issued the badges. Mr. Winkler informed him that the fact that his area
didnt know who issued the badges was a problem in and of itself, and that he does not
disclose that information. How This Could Have Been Prevented According to Mr.
Winkler, the security desk should have been located closer to the entrance, and the
company should have had a formal process for issuing badges. In addition, access to
special areas like the computer room should require approval from a known entity.
After access is granted, a confirmation should be sent to the approver. Also, the server
screen should have been locked, the account should not have been logged on
unattended, and any addition of an administrator-level account should be audited and
appropriate parties should be alerted. Ira Winkler, CISSP, CISM, is considered one of
the worlds best social engineers. You can find more of his case studies in his book Spies
Among Us.
Bad guys use social engineering to break into systems because they can. They want
someone to open the door to the organization so that they dont have to break in and
risk getting caught. Firewalls, access controls, and authentication devices cant stop a
determined social engineer.
Most social engineers perform their attacks slowly, so theyre not so obvious and dont
raise suspicion.
The bad guys gather bits of information over time and use the information to create a
broader picture. Alternatively, some socialengineering attacks can be performed with a
quick phone call or e-mail. The methods used depend on the hackers style and
abilities.
Social engineers know that many organizations dont have formal data classification,
access-control systems, incident-response plans, and securityawareness programs.
Social engineers know a lot about a lot of things both inside and outside their target
organizations because it helps them in their efforts. The more information social
engineers gain about organizations, the easier it is for them to pose as employees or
other trusted insiders. Social engineers knowledge and determination give them the
upper hand over average employees who are unaware of the value of the information
social engineers are seeking.
The process of social engineering is actually pretty basic. In general, social engineers
find the details of organizational processes and information systems to perform their
attacks. With this information, they know what to pursue. Hackers typically perform
social-engineering attacks in four simple steps:
1. Perform research. 2. Build trust. 3. Exploit relationship for information through
words, actions, or technology. 4. Use the information gathered for malicious purposes.
These steps can include myriad substeps and techniques, depending on the attack being
performed.
Before social engineers perform their attacks, they need a goal in mind. This is the
hackers first step in this process, and this goal is most likely already implanted in the
hackers mind. What does the hacker want to accomplish? What is the hacker trying to
hack? Does he want intellectual property, server passwords, or security badges; or does
he simply want to prove that the companys defenses can be penetrated? In your efforts
as an ethical hacker performing social engineering, determine this goal before you
move forward.
Phone systems Hackers can obtain information by using the dial-by-name feature built
into most voice-mail systems. To access this feature, you usually just press 0
when calling into the companys main number or even someones desk. This trick
works best after hours to make sure that no one answers.
Hackers can protect their identifies if they can hide where theyre calling from. Here
are some ways that they can do that:
Residential phones sometimes can hide their numbers from caller ID. The code to hide
a residential phone number from a caller ID is *67. Just dial *67 before the number; it
blocks the source number. This feature is usually disabled when youre calling toll-free
(800, 888, 877) numbers. Business phones are more difficult to spoof from an office by
using a phone switch. However, all the hacker usually needs is the user guide and
administrator password for the phone-switch software. In many switches, the hacker
can enter the source number including a falsified number, such as the victims home
phone number.
Hackers find interesting bits of information, such as when their victims are out of
town, just by listening to voice-mail messages. They even study victims voices by
listening to their voice-mail messages or Internet presentations and Webcasts to
impersonate those people.
Building trust Trust so hard to gain, so easy to lose. Trust is the essence of social
engineering. Most humans trust other humans until a situation occurs that forces them
not to. We want to help one another, especially if trust can be built and the request for
help is reasonable. Most people want to be team players in the workplace and dont
know what can happen if they divulge too much information to a trusted source.
This is why social engineers can accomplish their goals. Of course, building deep trust
often takes time. Crafty social engineers gain it within minutes or hours. How do they
build trust?
Likability: Who cant relate to a nice person? Everyone loves courtesy. The friendlier
the social engineer without going overboard the better his chances of getting
what he wants. Social engineers often begin by establishing common interests. They
often use information they gained in the research phase to determine what the victim
likes and act as if they like those things as well. For instance, they can phone victims or
meet them in person and, based on information theyve learned about the person, start
talking about local sports teams or how wonderful it is to be single again. A few lowkey and well-articulated comments can be the start of a nice new relationship.
Believability: Of course, believability is based in part on the knowledge that social
engineers have and how likable they are. But social engineers also use impersonation
perhaps posing as a new employee or fellow employee that the victim hasnt met. They may
even pose as a vendor that does business with the organization. They often modestly claim
authority to influence people. The most common social-engineering trick is to do something
nice so that the victim feels obligated to be nice in return or to be a team player for the
organization.
Exploiting the relationship After social engineers obtain the trust of their unsuspecting
victims, they coax them into divulging more information than they should. Whammo
they can go in for the kill. They do this through face-to-face or electronic
communications that victims feel comfortable with, or they use technology to get
victims to divulge information.
Deceit through words and actions Wily social engineers can get inside information
from their victims many ways. They are often articulate and focus on keeping their
conversations moving without giving their victims much time to think about what
theyre saying. However, if theyre careless or overly anxious during their socialengineering attacks, the following tip-offs may give them away:
Acting overly friendly or eager Mentioning names of prominent people within the
organization
Threatening
reprimands if requests arent honored Acting nervous when questioned (pursing the
lips and fidgeting especially the hands and feet, because more conscious effort is
required to control body parts that are farther from the face) Overemphasizing details
Physiological changes, such as dilated pupils or changes in voice pitch Appearing
rushed
unasked questions Knowing information that an outsider should not have A known
outsider using insider speech or slang
Asking strange questions Misspelling words in written communications
to
the
Section:43A
which
is
inserted
by
Information
Cyber Crime in India Reliable sources report that during the year 2005, 179 cases were
registered under the I.T. Act as compared to 68 cases during the previous year, reporting the
significant increase of 163% in 2005 over 2004. (Source: Karnika Seth - Cyber lawyer &
Consultant practicing in the Supreme Court of India and Delhi High Court) Some of the
cases are the BPO, Mphasis Ltd. case of data theft, the DPS MMS case, Pranav Mitra's
email spoofing fraud. Some Professions giving birth to Cyber Crimes are classified as
follows:
1. IT or Tech Professionals Since Cyber Crime is all about computers and Networks
(Internet), many types of IT & Technology professionals are quite prominently active in
the same, which include but are not restricted to:
Network Engineers
Cyber Security Software Professionals
Cyber Forensic Experts
IT Governance Professionals
Certified Internet Security Auditors
Ethical Hackers
2. Cyber Law Experts Cyber Law has become a multidisciplinary approach and hence
specialization in handling cybercrimes is required. Cyber law experts handle:
Patent and Patent Infringements or other Business Cyber crimes
Cyber Security for Identity thefts and Credit Cards and other Financial
transactions
General Cyber Law
Online Payment Frauds
Copyright Infringement of software, music and video
3. Cyber Law Implementation Professionals Many agencies play a role in cyber law
implementation, which include the e-Governance agencies, law and enforcement
agencies, cybercrime research cells and cyber forensic labs. Each of these would have a
different category of professionals.
AtulBamrara
crime, or the target of the crime. The crime may take place on the computer alone or in
addition to other locations. Cyber Crime Challenge Cyber crime is the hottest and
conceivably the most complicated problem in the cyber world. Industry, government
and indeed society are becoming vitally dependent on IT (Anderson 1994; Apt and
Olderog 1997). This dependence is illustrated by the serious concerns which are now
being caused by residual Year 2000 bugs. Seeing that even these conceptually-simple
software faults are demanding massive resources, we must be concerned about the
much more difficult effects of cyber crimes, malicious activities by hackers or
organizations seeking to exploit or disrupt an IT system, for mischief, financial gain, or
more sinister motives (Benjamin 1990). Deloitte (2010) revealed a serious lack of
awareness and a degree of complacency on the part of IT organizations and perhaps
security officers, vis-vis the threat of cyber crime. Much of this belief is predicated on
the notion that cyber crime technologies and techniques are so effective at eluding
detection that the actual extent of the problem may be grossly underestimated. The
cyber criminals constitute of various groups/ category. Today's cyber criminals are
increasingly adroit at gaining undetected access and maintaining a persistent, lowprofile, long-term presence in IT environments. Meanwhile, many organizations may
be leaving themselves vulnerable to cyber crime based on a false sense of security.
Cyber criminals are generally computer professionals or computer-literate persons and
are not history sheeters and mostly without previous criminal record (Kumar 2002).
Studies also show that the threat is mostly from employees or from those with access to
the system, such as maintenance personnel, hardware and software vendors, etc.
However, external threats via remote access have shown an increasing trend. The
Internet is now available in over two hundred countries and because of its borderless
nature. Crimes may be committed through communications that are routed through a
number of different countries (U. S. Department of Justice 2000). Although cyber
crimes cells have been set up in major cities of the nation but most cases of Spamming,
Hacking, Phishing, Vishing remain unreported due to the lack of awareness among
internet users and employees of financial institutions.
We'll talk about setting up online profiles along with how to avoid being hacked. We'll
also focus on specific social networking groups from those for Information technology
professions to ones geared at sneakerheads.
Check out the next page to find out how to set up social-networking profiles.
Before you can make an online connection, you need to create a profile on a socialnetworking site. You'll be asked to choose a login name and password. Once you've
created those, you'll be asked for some basic personal information, such as your name,
sex, age, location and any hobbies or special interests.
You can personalize your profile by adding photos, music or video files. Just remember
that your profile is the image you're presenting to the online world. But on most sites
you also maintain control over who can view your full profile.
When creating a profile page on a social network, many people fail to consider the
possible security risks. The more personal and professional information you include on
your public profile, the easier it is for a hacker to exploit that information to gain your
trust.
Let's say you're an engineer and you blog about one of your current projects on your
Facebook page. A hacker can use that information to pose as an employee from that
company. He has your name and your position in the company, so you're liable to trust
him. Now he can try to get a password out of you or proprietary information that he
can sell to your competitors.
The security advantage of most online social networks is that only your "friends" or
members of your network can see your complete profile. That's only effective if you're
extremely selective about whom you include in your network. If you accept invitations
from absolutely everyone, one of those people may potentially be a hacker.
The problem with online social networks is that they have no built-in authentication
system to verify that someone is indeed who they say they are. A hacker can create a
free profile on a site like LinkedIn, designing his profile to match perfectly with the
business interests of his target. If the target accepts the hacker as a connection, then
the hacker suddenly has access to information on all of the target's other connections.
With all that information, it's possible to construct an elaborate identity theft scam.
To fight back against social engineering, the key is awareness. If you know that social
engineering hackers exist, you'll be more careful about what you post on your online
profiles. And if you're familiar with common social engineering scams, you'll recognize
a con when it's happening instead of when it's too late.
On the next page, we'll talk about social-networking sites for information technology
professionals.
Information Technology has grown tremendously during the last two decades and
became the main source of knowledge and as a result, cyber-crime in India are on the
rise .The major attacks are on ICT infrastructure, online fraud, child pornography,
hacking and Cracking and intellectual property rights violation etc. Cybercrimes also
poses a great threat to the national security of all countries, and sometimes leads to a
great loss in financial stability. Nortons Cyber Crime Report 2011 reveals that India
loses approximately INR 34110 corers annually due to cyber related crimes [3]. India's
prominent role in the IT global market has become one of the compelling priorities for
the country to provide secure computing environment, adequate trust and confidence
in electronic transactions by creation of suitable cyber security policy in the country.
The IT policies of India requires constant updation and also provide awareness about
various types of cyber-attack and its consequences in individual, organizations,
Industry and nationwide.
Recent Cyber Crimes in India In January 2013, two residents of Chandigarh received
credit card bills for shopping done in Mumbai and Hyderabad. The money was
deducted from their accounts before they could even approach the bank. People are
losing money by making payments at petrol pumps in Chandigarh city. Nearly 55cases
of skimming have been reported from petrol pumps in Chandigarh over the last six
months. In these cases, miscreants cloned the cards and shopped at faraway places
such as Mumbai and Hyderabad. The scam is worth lakhs [8]. In April, 2012, a gang of
fraudsters were arrested in Hyderabad for skimming and cloning credit and debit
cards using a complex modus operandi of hacking international IP addresses, internet
hawala,and spying and electronic data theft. The racket came to light in May 2011
when people who visited two malls complained that huge amounts were withdrawn
from their accounts. The gang succeeded in skimming off 4 to 5 core INR from
unsuspecting credit and debit card holders across the country from Hyderabad to
Delhi, Kolkata to Bangalore. They used 15 point of sale (electronic draft capture)
skimming machines, one ATM data skimming machine, ATM dome cameras, electronic
magnetic writers, card printers and ATM pin pad skimmer machines and even placed
spy cameras at ATMs which picked up the PINs of users.[4] In 2013, the customer data
of a reputed private insurance company was stolen by three people and used for
negative publicity of the company, its policies and schemes. These individuals were
owners of a rival company and indulged in corporate espionage. They breached the
Information and Technology Act and section 379 of the Indian Penal Code for omitting
theft of customer data. [3] Cyber Crime Investigation Cell, C.B.,C.I.D., Mumbai had
detected a racket wherein educated cyber criminals have adopted the innovative way of
E-Cheating by using the details of stolen Credit Cards. One financial Institute
registered a crime stating that some persons (perpetrators) have perpetrated certain
acts through misleading emails ostensibly emanating from ICICI Banks email ID.
Such acts have been perpetrated with intent to defraud the Customers.The
Investigation was carried out with help of those emails received by the customers of
that financial Institute and arrested the accused, the place of offence at Vijayawada
was searched for the evidence. The arrested accused had used open source code email
application software for sending spam emails. He has down loaded the same software
from net and then used it as it is. He used only VSNL emails to spam the email to
customers of financial Institute because VSNL email service provider do not have spam
box to block the unsolicited emails. The financial Institute customers those who have
received his email felt that the email was originated from the financial Institute bank.
When they filled the confidential information and submitted that time said information
was directed to accused. This was possible because the dynamic link was given in the
Home page of the fake web site. The dynamic link means when people click on the link
provided in spamming email that time only the link will be activated. The dynamic link
was coded by handling the Internet Explorer Onclick () event and the information of
the form will be submitted to the web server (Where the fake web site is hosted). Then
server will send he data to configured email address and in this case email configured
was to the accused email .So on submission of the confidential information the
information was directed to email ID accused email .The all the information after
phishing (user name, password, Transaction password, Debit card Number and PIN,
mothers maiden name which he had received through Wi-Fi internet connectivity of
Reliance.com which was available on his Acer Lap Top. Mumbai police have arrested a
hacker for hacking into a financial website. Although the hacker couldnt break into
the main server of the financial institution, which was well secured by the financial
institution. The accused person could make some addition to the home page of the
financial website and has added a string of text to the news module of the home page of
the website. Police were able to crack the case by following the trace left by the hacker
on the web server of the financial institution. The financial institution has maintained a
separate server for financial online transactions, for which utmost security has been
taken by the financial institution. The website was hosted on a different server which
comparatively had lesser security.
The most popular form of social media is social networking, which consists of websites
that allow users to create an online profile in which users post up-to-the-minute
personal and professional information about their lives that can include pictures,
videos, and related content. Websites under this category include Facebook, LinkedIn,
Twitter, and the now nearly defunct Myspace. Social networking is a potential gold mine
for criminals who leverage the users personal details into financial opportunity.
Burglary: Simplified The classic example of exploitation on social networking sites
involves the perpetrator perusing users profiles and looking for potential victims in the
vicinity who wont be home. For instance, Facebook users can post that they will be
out for the evening, which gives potential thieves a large time window to burgle the
property. Stories of this nature are appearing in the media6 and serve as a reminder
that users are not as cautious as they should be with their personal information. The
thieves are sometimes caught by using stolen wares that are unique in some way. For
example, a recent investigation in New Hampshire ended when thieves who used
Facebook to profile victims were caught using a very peculiar type of firework that
was recently taken in a burglary. An off-duty officer investigated firework explosions
he could hear in the distance. The fireworks were stolen in the series of break-ins over
the prior month.7 CONTACT: Research Section 5000 NASA Blvd., Suite 2400 Fairmont,
WV 26554 Ph: 877-628-7674 Fax: 304-366-9095 Web: www.nw3c.org Other social
networking applications, such as foursquare and Gowalla, are primarily locationbased networks. Users of these networks are rewarded for posting their locations
frequently and are given temporary titles while at their locationfor example, posting
that youre having a cup of coffee at Starbucks could make you the Mayor of
Starbucks.8 As before, posting your location allows perpetrators the perfect window
to commit a burglary, vandalism, or a home invasion. Social Engineering & Phishing
Not surprisingly, the majority of crimes on social networking sites are cyber based, and
many of them use a technique called social engineering. In a classical sense, social
engineering refers to the social manipulation of large groups of people to meet political or
economic ends. Today, its taken on an additional meaning in the cyber security world. For
our purposes, social engineering refers to gaining access to information by exploiting human
psychology.9 A classic example of this starts with a friend on your network sending you a
message asking for a quick loan to get car repairs so he/she can get home for work on
Monday, and ends with you finding out a few days later that your friend never needed car
repairs and that the person you transferred money to was a scam artist. This form of social
engineering is surprisingly easy to achieve, and because of it, the computer security firm
Trend Micro calls Facebook a minefield of scams.10 All that is needed by the
scammer is the username and password of one member of a network and a little practice in
writing letters that sound urgent to inspire friends to aid you. All the while the scammer is
vague enough not to reveal the impersonation. Even if only a few friends on the list are
duped, the return on investment for the scammer is quite high. Social engineering isnt
limited to social networking. A recent case involved the software company Oracle. During
a convention, a contest was held to demonstrate the dangers of social engineering. Several
hackers posed as IT professionals and asked company employees to hand over data and
visit websites as part of routine IT protocol. Oracle employees as well as many
others were frighteningly compliant in the demonstration.11 One popular technique of
Conclusion
The growth of cybercrime is very high in India. The proper education about
cybercrime and preventive measures are needed to reduce cybercrime. Here we are
representing the cybercrimes cases occurred during the 2010 to 2013 and find out the
results which is continuously increase the cybercrimes cases every year. Web related
crimes are in an increasing manner. Most of them use built in software to do the crime.
Similar way 80% of students below 20 not knows about IT Act. Proper education of IT
Act is also needed for decreasing the crime rate in India. It is strongly state that
cybercrime investigation and law enforcement is the largest challenge in the area of
investigation. The main challenge of the cybercrime is the availability of readymade
hacking tools that are used for different types of cyber related to crime. (ADD ABOUT
SOCIAL NETWORKING)
REFERENCES
1.http://computer.howstuffworks.com/internet/social-networking/information/howonline-social-networks-work3.htm
2.CYBER CRIME: A CONCEPTUAL AND THEORETICAL FRAMEWORK
3.HACKING FOR DUMMIES by Kevin Beaver Foreword by Stuart McClure
4.Cyber Hacking: Wars in Virtual Space
5.Shrivastav et al., International Journal of Advanced Research in Computer Science
and Software Engineering 3(7),July - 2013, pp. 414-4192013