CYBER CRIME & HACKING
HATIM NAGARWALA
Computer Science and engineering, Vishwabharati
Academy’s College of Engineering, Ahmednagar,
Email : hatim.nagarwala@yahoo.in
ABSTRACT
This paper explores the fast growing Cyberworld
and its components. It starts with definitions of
who is the hacker, and what is a cybercrime. Types
and offenses of cybercrime are addressed as well.
The paper concentrates on the possibilities to
protect ourselves from the cybercrime, and guard
Cyberworld from us. Therefore, it emphasizes the
importance of users' education, starting from the
early age, creation and enforcement of policies,
and awareness training. The paper presents laws,
applicable to the computer related crime.
INTRODUCTION
Any use of a computer as an instrument to further
illegal ends, such as committing fraud, trafficking
in child pornography and intellectual property,
stealing identities, or violating privacy.
Cybercrime, especially through the Internet, has
grown in importance as the computer has become
central to commerce, entertainment, and
government. The international nature of
cybercrimes has led to international cyberlaws.The
following is a selection of items (artistic styles or
groups, constructions, events, fictional characters,
organizations, publications) associated with
"cybercrime"
1. Malware
2. Trojan horse
3. Phishing
4. Spyware
5. Hacking
Cyber crimes can involve criminal activities that
are traditional in nature, such as theft, fraud,
forgery, defamation and mischief, all of which are
subject to the Indian Penal Code. The abuse of
computers has also given birth to a gamut of new
age crimes that are addressed by the Information
Technology Act, 2000.
We can categorize Cyber crimes in two ways
1. The Computer as a Target :-using a
computer to attack other computers. e.g.
Hacking, Virus/Worm attacks, DOS attack
etc.
2. The computer as a weapon :-using a
computer to commit real world crimes.
E.g. Cyber Terrorism, IPR violations,
Credit card frauds, EFT frauds,
Pornography etc.
RAMCHANDRA BHATE
Computer Science and engineering, Vishwabharati
Academy’s College of Engineering, Ahmednagar,
Email : ramchandra_bhate@yahoo.com
TECHNICAL ASPECTS
Technological advancements have created new
possibilities for criminal activity, in particular the
criminal misuse of information technologies such
as:
1. Unauthorized access & Hacking :- Access
means gaining entry into, instructing or
communicating with the logical, arithmetical, or
memory function resources of a computer,
computer system or computer network.
Unauthorized access would therefore mean any
kind of access without the permission of either the
rightful owner or the person in charge of a
computer, computer system or computer network.
Every act committed towards breaking into a
computer and/or network is hacking. Hackers write
or use ready-made computer programs to attack the
target computer. They possess the desire to destruct
and they get the kick out of such destruction. Some
hackers hack for personal monetary gains, such as
to stealing the credit card information, transferring
money from various bank accounts to their own
account followed by withdrawal of money. By
hacking web server taking control on another
persons website called as web hijacking
2.Trojan Attack:- The program that act like
something useful but do the things that are quiet
damping. The programs of this kind are called as
Trojans. The name Trojan Horse is popular.
Trojans come in two parts, a Client part and a
Server part. When the victim (unknowingly) runs
the server on its machine, the attacker will then use
the Client to connect to the Server and start using
the trojan. TCP/IP protocol is the usual protocol
type used for communications, but some functions
of the trojans use the UDP protocol as well.
3. Virus and Worm attack:- A program that has
capability to infect other programs and make copies
of itself and spread into other programs is called
virus. Programs that multiply like viruses but
spread from computer to computer are called as
worms.
4. Pornography:- The literal mining of the term
'Pornography' is “describing or showing sexual acts
in order to cause sexual excitement through books,
films, etc.” This would include pornographic
websites; pornographic material produced using
computers and use of internet to download and
transmit pornographic videos, pictures, photos,
writings etc. Adult entertainment is largest industry
on internet.There are more than 420 million
individual pornographic webpages today. Research
shows that 50% of the web-sites containing
potentially illegal contents relating to child abuse
were ‘Pay-Per-View’. This indicates that abusive
images of children over Internet have been highly
commercialized. Pornography delivered over
mobile phones is now a burgeoning business,
“driven by the increase in sophisticated services
that deliver video clips and streaming video, in
addition to text and images.”
5. Malware : Malware, short for malicious
software, is software designed to infiltrate a
computer system without the owner's informed
consent. The expression is a general term used by
computer professionals to mean a variety of forms
of hostile, intrusive, or annoying software or
program code. The term "computer virus" is
sometimes used as a catch-all phrase to include all
types of malware, including true viruses. Software
is considered malware based on the perceived
intent of the creator rather than any particular
features. Malware includes computer viruses,
worms, trojan horses, most rootkits, spyware,
dishonest adware, crimeware and other malicious
and unwanted software. In law, malware is
sometimes known as a computer contaminant, for
instance in the legal codes of several U. S. states,
including California and West Virginia. Malware is
not the same as defective software, that is, software
that has a legitimate purpose but contains harmful
bugs. Preliminary results from Symantec published
in 2008 suggested that "the release rate of
malicious code and other unwanted programs may
be exceeding that of legitimate software
applications." According to F-Secure, "As much
malware [was] produced in 2007 as in the previous
20 years altogether." Malware's most common
pathway from criminals to users is through the
Internet: primarily by e-mail and the World Wide
Web. The prevalence of malware as a vehicle for
organized Internet crime, along with the general
inability of traditional anti-malware protection
platforms to protect against the continuous stream
of unique and newly produced professional
malware, has seen the adoption of a new mindset
for businesses operating on the Internet - the
acknowledgment that some sizable percentage of
Internet customers will always be infected for some
reason or other, and that they need to continue
doing business with infected customers. The result
is a greater emphasis on back-office systems
designed to spot fraudulent activities associated
with advanced malware operating on customers'
computers.
HISTORY OF HACKING
The story of hacking actually goes back to the
1950s, when a group of phreaks (short for “phone
freaks”) began to hijack portions of the world’s
telephone networks, making unauthorized long-
distance calls and setting up special “party lines”
for fellow phreaks. With the proliferation of
computer bulletin board systems (BBSs) in the late
1970s, the informal phreaking culture began to
coalesce into quasi-organized groups of individuals
who graduated from the telephone network to
“hacking” corporate and government computer
network systems.
HACKING
In the broadest terms hacking is just a slang
expression for people that try to figure stuff out.
For example, your microwave breaks down, so you
buy a new one - but instead of throwing the old one
out, you take it apart and look at the parts for
interest sake to see if you can understand how it
worked. In computer terms, hacking can be used
in a mild way to describe simple looking for ways
to see things - like hidden code on a page, or it can
be used for strong meaning like a series of specific
actions done to allow someone to access a
password protected situation.
While breaching privacy to detect cybercrime
works well when the crimes involve the theft and
misuse of information, ranging from credit card
numbers and personal data to file sharing of
various commodities—music, video, or child
pornography.
Hacking mainly seen in developed cities. The main
system of the city can be hacked and the control
can be taken away by the hackers. This may create
a very severe effect on every aspect of a city and
can also destroy the city. As narrated in the Movie
Die-hard 4.0 is the best example of the above threat
which can create a big cyber crime.
THREATS OF HACKING
Most emails on the Internet are sent in the
plaintext from and hence can easily be recorded
and spied with the help of a sniffer. This email not
only puts the personal conversations at risk, but
even the sensitive business deals can be violated
with the help of sniffer tools. Its very easy for an
attacker to send out abusive E-mails to the victim
and remain completely anonymous at the same
time.
Another common problem with e-mail clients is
that while a user is being authenticated the
username and password pair is sent in plaintext to
the mail server. This makes it very easy for an
attacker to use a sniffer to sniff the password of a
victim and carry out malicious activities. Attackers
commonly use e-mail to carry out social
engineering attacks both human and computer
based. Spam has become an extremely big problem
for all e-mail users. A recent report revealed that
spam contributed more than 70% of all e-mail on
the internet. Spam e-mails not only clutters up your
inbox, but it also leads to a waste of time and
resources in the storing and reading of useless
information.
NEED FOR ETHICAL HACKING
Due to the threat and insecurity from the illegal
hackers need to be stopped. So a new concept of
ethical hacking has been introduced. The ethical
hacking works as a security agency which provides
security according to the needs. Ethical hacking is a
legal hacking process to prevent the cyber crime.
To catch a thief, think like a thief. That’s the basis
for ethical hacking. The law of averages works
against security. With the increased numbers and
expanding knowledge of hackers combined with
the growing number of system vulnerabilities and
other unknowns, the time will come when all
computer systems are hacked or compromised in
some way. Protecting your systems from the bad
guys — and not just the generic vulnerabilities that
everyone knows about — is absolutely critical.
ETHICAL HACKING
Ethical hacking also known as penetration testing
or white-hat hacking involves the same tools,
tricks, and techniques that hackers use, but with
one major difference: Ethical hacking is legal.
Ethical hacking is performed with the target’s
permission. The intent of ethical hacking is to
discover vulnerabilities from a hacker’s viewpoint
so systems can be better secured. It’s part of an
overall information risk management program that
allows for ongoing security improvements. Ethical
hacking can also ensure that vendors’ claims about
the security of their products are legitimate.
Hacking preys on weak security practices
and undisclosed vulnerabilities.Firewalls,
encryption, and virtual private networks
(VPNs) can create a false
feeling of safety. These security systems
often focus on high-level vulnerabilities,
such as viruses and traffic through a
firewall, without affecting how hackers
work. Attacking your own systems to
discover vulnerabilities is a step to making
them more secure. This is the only proven
method of greatly hardening your systems
from attack. If you don’t identify
weaknesses, it’s a matter of time before
the vulnerabilities are exploited. As
hackers expand their knowledge, so should
you. You must think like them to protect
your systems from them. You, as the
ethical hacker, must know activities
hackers carry out and how to stop their
efforts. You should know what to look for
and how to use that information to thwart
hackers’ efforts. You don’t have to protect
your systems from everything. You can’t.
The only protection against everything is
to unplug your computer systems and lock
them away so no one can touch them —
not even you. That’s not the best approach
to information security. What’s important
is to protect your systems from known
vulnerabilities and common hacker
attacks. It’s impossible to buttress all
possible vulnerabilities on all your systems.
You can’t plan for all possible attacks
especially the ones that are currently
unknown. However, the more combinations
you try the more you test whole systems
instead of individual units the better your
chances of discovering vulnerabilities that
affect everything as a whole. Don’t take
ethical hacking too far, though. It makes
little sense to harden your systems from
unlikely attacks. For instance, if you don’t
have a lot of foot traffic in your office and
no internal Web server running, you may
not have as much to worry about as an
Internet hosting provider would have.
However, don’t forget about insider threats
from malicious employees!
CONCLUSION
Hacking can be used in either of the two ways
In a good use to help the government for the
betterment of the people or it can also be a
major crime which can create a disaster. So its
our responsibilities for using the concept of
hacking for the betterment of the society. For
this ethical hacking concept has been
introduced so that the white hat hackers can
create a lot advancements in the security
system of a country.
REFERENCES
1. Foote D. (2002, March). Good Ethics at Work
Lie in the Hiring. Computerworld. Retrieved
July23, 2004 from
http://www.computerworld_.com/printthis/200
2/0, 4814,68719,00.html
2. Harvey B. (2004). Computer hacking and
ethics. University of California, Berkeley.
Retrieved July23, 2004 from
http://www.cs.berkeley.edu/~bh/hackers.html
3. Internet Stuff. (2004, May, 25). 2004 E-Crime
Watch Survey. Retrieved July23, 2004 from
http://www.cert.org/about/ecrime.html)
4. Internet Stuff. (2004). Threats and protection
by Homeland Security. Retrieved July23, 2004
from http://www.dhs.gov/dhspublic/display?
theme =30&content=3813
5. Internet stuff. (2004). What is cyber crime.
Retrieved July 23, 2004 from
http://www.cybercitizenship.org/crime/crime.h
tml
6. Khalid A. (2004, March 5). Cyber crime:
Business and the law on different pages. The
Star. Retrieved June 28, 2004 from
http://www.niser.org.my/news/2004_03_05_01
.html
7. Labuschagne L. (2000, July). Evaluation
criteria. Rand Afrikaans University. Retrieved
July23, 2004 from
http://csweb.rau.ac.za/staff/labuschagne/resear
ch/articles/eth_hac.pdf