Articles by Abhishek
Articles by Aseem Kumar
Articles by Vivek
Other Articles
Research Papers / Documents / FAQs
Introduction
Someone has rightly said that every good thing has its own blue side
and internet also is not an exception. The freedom of time and space
granted by internet has appeared as Frankenstein monster to the
present generation. It is not required to mention here that the
advent of internet has changed the face of trade and commerce.
Everything is going online be it ordering a pizza or booking a
flight or railway ticket or else doing a banking transaction. Life
has been made simpler by internet at one hand but at the other hand
it has also posed some of serious security thefts like virus,
Trojan, malware, identity theft, hacking, cyber stalking, cyber
squatting, spamming, email-bombing, email-spoofing, cyber
defamation, web defacement, Data Diddling, Web jacking, Denial of
Service attack, Key Logging and Internet Time Theft. These are mere
some of the examples, list is too long to produce here. Furthermore,
the problem does not end here; it is aggravated due to its complex
and intricate nature of transaction. Henceforth, the task of
avoiding and rectifying the threat has become a Herculean task.
Now before moving to identify security thefts one by one, one may
ask what is cyberspace. So let me put it this way for a vanilla
understanding. “Cyberspace is basically a world of computers and the
society gathered around it.” First of all the term “Cyberspace” was
used by Mr. William Gibson in a science fiction called “Neromancer”
to refer a three dimensional virtual world created by computers and
internet. Therefore, we may call it as a virtual society created by
human intervention so as to form a Global Network of interconnected
computers and communications system. Having a brief idea of
cyberspace now let us understand some of the security threats which
has been encountered by us.
Threat of Cyber crime
“Cybercrime” in layman’s understanding is a use of a computer to
facilitate or carry out criminal offenses which can be done through
catena of ways. First and simple way of cyber crime is using a
computer to attack another computer electronically by unauthorized
access to computer files and programs, or there might be
unauthorized disruption of those files and programs, or else it
might be theft of an electronic identity. A common example may be of
ILoveYou Worm which caused more than $11 billion of loss.
However another way of attack may be in the form of using a computer
to facilitate or carry out a traditional offense. For example, a
computer might be used to distribute child pornography over the
internet or it might be used to create a massive number of copies of
a popular and copyrighted song. Complicated insurance fraud, large
check-kiting operations, and other sophisticated forms of white
collar crime rely on computers to run the criminal operation. In
these cases, computers make it easier to carry out a crime in real
space. In these circumstances, computers are tools that expedite
traditional offenses. Having a brief idea of how cyber crimes are
committed it would be pertinent at this juncture to identify some of
the cyber threats.
Unauthorized access
The crime of unauthorized access is simply invading another's
electronic workspace and causing harm to the files or programs or
using the data improperly. Such unauthorized access by the
perpetrator maybe achieved either by stealing password, Personal
Identification Number (PIN) or using a “Trap Door” to enter a secure
area. Trap door is basically a method of bypassing the security
protocol inbuilt in any programme. Programmers use certain malicious
code to alter the security system and making it possible to enter
into secure area without having any password or PIN.
Passwords may be stolen deploying the use of "sniffer" programs.
These programs monitor a user's keystrokes, and transmit the
information back to the host computer that initiated the sniffer
program. The electronic thief then has a full transcript of the
passwords necessary to achieve entry into a system. In 1994 as many
as 100,000 sites were affected by sniffer attacks. Another famous
example is intrusion by German agent in the University of California
at Berkeley's computers.
Such unauthorized access are generally motivated by the object of
obtaining financial benefits, theft of copyrighted materials, trade
secret, benefiting a foreign enemy, exacting ransom etc. Imagine a
situation when the trade secrets of Pepsi is leaked and passed over
to business rivals or else information pertaining to patent is
revealed before the procurement of actual patent protection.
Similarly you can take the example of certain sensitive military
information regarding positioning of enemy’s troop or armory. No
wonder the unauthorized access of such information will have
devastating results.
Viruses
The term virus signifies a situation of vital information resources
under seize which is achieved by a malicious programme tending to
modify other computer programs commonly known as target. The object
of such modification is to ensure that the target program replicates
the virus. In other words, the virus gets control over the target
program so as to elicit desired information from the infected
system. Once infected the virus may replicate or spread to another
computer, either through the internet, Floppy drive, Pen drive etc.
It would be pertinent to remember that a virus is not inherently
harmful. Its harmfulness depends on the additional codes which have
been placed into the virus so as to achieve desired result. Such
additional code may be used to close a programme wantonly or to shut
down a system abruptly. Codes may even be used to send vital
information over internet.
Worm
A worm unlike a virus is a standalone programme having the capacity
of self-replication without human intervention. The distinction
between the two lies in the fact of method of replication. A virus
requires human intervention to multiply while a worm is independent
of such intervention and uses a computer network to reproduce
itself. An example may be cited of ILOVE YOU virus which caused
damages to AT & T, ford Motor, Pentagon, CIA, NASA, Danish
Parliament, Swiss Government and lacks of other computer systems
around the world.
Trojan
It is a kind of software which appears to be an authorized programme
and keeps doing it malicious activities in the target system under
the garb of being an authorized programme. Keeping a vigil on such
programme becomes difficult due the fact that it wear a cloth of
authenticated programme due to which many anti-virus software do not
recognize them as harmful.
Data diddling
It is commonly known as illegal or unauthorized alteration of data.
It may happen either during or before data input or output. Such
alterations are generally found in banking and financial system to
affect credit-debit record, pay roll or any other form of data.
Growing instances of data diddling are found in BPO sector which are
involved in handling and processing of clients data like credit card
detail, mobile bill details. A recent example of Mphasis employee
involved in altering credit card details of customer is an alarm to
wake-up to such security threats.
Email Spoofing
Spoofing is a practice of sending emails from an account which
appears to have originated from the original sender’s account. An
illustration will be helpful to understand. Let’s suppose Mr. Rocky
wants to send mail to Jack but appearing to be coming from Jackson.
Such practice will amount to Spamming. In one of the case the
perpetrator sent many mails appearing to be sent from a bank and
stating that the financial conditions of bank is weak and could be
closed down at any time. This resulted in closure of many bank
accounts.
Email Bombing
It refers to sending of large number of emails to a particular
account or a mail server forcing it to crash unexpectedly. However,
it should be distinguished with DOS (Denial of Service) attack
wherein, instead of email information is sent continuously. In one
of the case, a teenager sent almost 5 million emails to his
ex-employers causing the crash of company’s server. However he was
not held liable because such practices were not covered by the UK
Computer Misuse Act.
Denial of Service Attack
It is a practice of flooding a web server from a large volume of
requests more than the capacity to handle. Such large volume of
request forces the web server to crash and allows unauthorized
access to outsiders. When such DOS is done simultaneously from
different geographical locations then it known as Distributed Denial
of Service Attack. A recent example of DOS attack is in early 2010,
when the website twitter.com crashed for some time. Similar attacks
were done in February 2000 on yahoo.com, amazon.com, etc.
Web defacing
As the name itself is self explanatory, it suggests defacement,
change or substitution of the outer look of a particular website.
Since the outer look of any website is dependent upon the home page.
Therefore, the hackers generally substitute the home page with any
other web page generally by some pornographic or defamatory content.
Generally such practices are done for thrill. A recent example of
web defacement is TCS website where the home page was replaced with
a message “This domain name is available for sale”. This situation
is really embarrassing and brand tarnishing for a company like TCS
which handles many mega projects related to online security.
Web Jacking
This is a situation of losing control over a particular website by
its owner. This happens due to unauthorised access to the login
details of administrator’s account. Generally a website is provided
with Domain control panel and FTP control panel from where the owner
can control and transfer files from a remote location to the web
server where his website is hosted. For a better understanding it is
something like hijacking of aeroplane or helicopter. Such jacking
results into posting of unwanted and unauthorised contents on the
web pages, which might appear to be posted by the original owner.
Login detail may be procured physically or cracked by using password
decoder software which uses a combination of user name and passwords
to access the control panel of websites.
Key Logging
It is basically a malicious programme installed on the target system
so as to capture the impression of each key-stroke made by using the
key board. Such logging or capturing the key impression is generally
done while typing user names and passwords. After capturing the
details such information are sent to the perpetrators who can use
the login details to obtain unauthorized access.
Internet Time Theft
This basically connotes the idea of using internet access service by
some unauthorised users who might have obtained the user login
detail by illegal means.
Legal Framework and security threat
We will discuss with the legal framework in the next issues
--
This Article is written by Mr. Aseem Kumar, who is Student Member of
Legal Literacy Programme at Indian SEO, Bangalore India
currently he is a final year student of BA LL.B (Hons.) at Gujarat
National Law University.
Besides being student, Mr. Aseem Kumar already holds many positions
of responsibilities like Member of Center for Environmental Law,
Gujarat State Foreign Relation Committee, Member of Health Review
Committee at GNLU, Responsible for Re-Drafting and Re-Evaluation of
Gujarat Health Bill 2009, Member of Organizing Committee for
Mediation Training Programme conducted by AMLED Arbitration Center
Ahmedabad, Organizing Committee Member of Advocate's Training
Programme, conducted by Bar Council of Gujarat, Member of Computer
Committee at GNLU.
Author has also received fellowship and scholarship from Oxford
University, UK and University of Pan Americana, Mexico, USA.
Along with above responsibilities, author has several publications
and articles in national and international journals.
Author has also presented many research papers in different
conferences and seminars at various places like University of East
London, University of Krakow Poland, University of Pune, India,
Singhad University Pune India, NIT Calicut, IBS (Indian Business
School) Ahmedabad.
Author has developed keen interest in Cyber Law, Business Law and
Environmental Law.
For any enquiries, comments write to info@indian-seo.com
Indian SEO, SEO
Company based in Bangalore, India
SEO
Articles: Menu
This Article is written by Mr. Aseem Kumar, who is Student Member of
Legal Literacy Programme at Indian SEO, Bangalore India
currently he is a final year student of BA LL.B (Hons.) at Gujarat
National Law University.
