Cyber Crime and You

IMED IQSPL JOINT CERTIFICATION COURSE ON CYBER SECURITY

Intelligent Quotient System Pvt. Ltd.

Some questions before we go ahead!

DO YOU USE COMPUTERS? DO YOU HAVE INTERNET CONNECTION? DO YOU HAVE EMAIL ACCOUNT? DO YOU HAVE PRESENCE ON SOCIAL NETWORKING SITES? DO YOU USE CELLPHONE/S?
Intelligent Quotient System Pvt. Ltd.

 If you spend more on coffee than on IT security, then

you will be hacked. What's more, you deserve to be hacked.

Richard Clarke, Special Adviser on cybersecurity to the US President.

Intelligent Quotient System Pvt. Ltd.

What is Cyber Crime?

An unlawful act wherein the Cyberspace is used either as:-

a tool or a target or both

Intelligent Quotient System Pvt. Ltd.

Cyberspace

Intelligent Quotient System Pvt. Ltd.

Do cyber crimes affect your life?

Intelligent Quotient System Pvt. Ltd.

Do cyber crime affect his life?

Intelligent Quotient System Pvt. Ltd.

Air Traffic Control

Intelligent Quotient System Pvt. Ltd.

Some statistics

Intelligent Quotient System Pvt. Ltd.

Cases registered under the IT Act

(NCRB report)

2011 - 1791
2010 966

2009 420
2008 288

2007 - 217
Intelligent Quotient System Pvt. Ltd.

Websites defaced in 2011 Approx. 15,300

Websites defaced in first 5 months of 2012 Approx. 11,000

Intelligent Quotient System Pvt. Ltd.

Wardriving stats

2011

Intelligent Quotient System Pvt. Ltd.

Case studies

Intelligent Quotient System Pvt. Ltd.

How a company was killed in 24 hrs

Directors / senior management in jail or absconding or applying for bail

Identify unsanitized code

File case with local police in a far off city

0000

0010

0600

1200

1800

2400

Upload child pornography on compromised server

Leak the news to the press

Company loses reputation, clients and employees

Intelligent Quotient System Pvt. Ltd.

Source code theft

Young System admin meets beautiful woman! Social engineering attack Crores worth of source code stolen Log analysis Interrogation of sys admin Testimony of waiter

Intelligent Quotient System Pvt. Ltd.

Trojan attack
Obscene photos of a lady reporter were published on

24hr live webcam sites Unknown chat friend Trojan through email Webcam Email tracing, Email tracking, Real time investigation

Intelligent Quotient System Pvt. Ltd.

Data Theft
iPods allowed to be carried into sensitive areas of

company
Employee copies files onto iPod and then deleted

them
Recovers them later using forensic software

Intelligent Quotient System Pvt. Ltd.

Social Networking related Crimes

Intelligent Quotient System Pvt. Ltd.

Russian Wife Scam

Intelligent Quotient System Pvt. Ltd.

Step 1
Target is selected from social networking sites

Intelligent Quotient System Pvt. Ltd.

Hello!!!

I liked your profile and would like to get to know you better. I will tell you more about myself below. First of all my name is Larisa I am single and have no any children. I live in city Novocheboksarsk, it is little city in Russia, my city, not so big, but it is very beautiful, it is located in the Volga river bank... ohhh, I know you are surprised, in my profile I wrote your country, I will not write a lot today and if you are still interesting I hope to hear from you soon, tell me more about yourself and send me your picture, here is a picture of me so you can see how I look like.
Have a good day, bye Larisa

Intelligent Quotient System Pvt. Ltd.

Hello my dear!!!
I would like to tell you that your letters bring me much joy and make me happier day by day! You are the dearest man to my heart, I am always looking forward to your letters. When I received your letter today, I was very happy.

Intelligent Quotient System Pvt. Ltd.

Hi honey, I wait for the day of our meeting more and more day by day and can't stop thinking about that. Me, as I told you before it would be not so easy to get a tourist visa for me, but in the travel agency they told me that they will help, but there is a one problem it

will cost me 300 USD, honey,

I see that I don't have enough money to pay.

Dear, I am little upset today, and not sure what to do honey, I

am not going ask you for any money or help.

Intelligent Quotient System Pvt. Ltd.

 Intelligent Quotient System Pvt. Ltd.

 Intelligent Quotient System Pvt. Ltd.

 Intelligent Quotient System Pvt. Ltd.

 Intelligent Quotient System Pvt. Ltd.

Email Frauds

Intelligent Quotient System Pvt. Ltd.

Credit Card frauds

Name

Card number
Expiry date

CVV number

Intelligent Quotient System Pvt. Ltd.

How do crooks get your information?

Social Networks Lost/stolen wallets / Laptops Theft from mailboxes Shoulder surfing at ATMs or AirPort Phishing / SPAM / Vishing Verbal - *Lose

lips sink ships* <period>

Intelligent Quotient System Pvt. Ltd.

Yes Maam, Im calling from your local utility store. To confirm some information could I have your date of birth, social security number and any credit card or bank accounts please?

31

Cyber Laws

The Information Technology Act, 2000 (amendment of 2008) Indian Penal Code Indian Evidence Act Bankers Books Evidence Act RBI Act

Intelligent Quotient System Pvt. Ltd.

Recent Rules under IT Act

The Information Technology (Electronic Service Delivery) Rules, 2011 The Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 The Information Technology (Guidelines for Cyber Cafe) Rules, 2011 The Information Technology (Intermediaries guidelines) Rules, 2011

Intelligent Quotient System Pvt. Ltd.

 Intelligent Quotient System Pvt. Ltd.

Cyber security

Offensive Security

Computer Forensics, Investigations & Law

Avenues open

Steps

-Ethical Hacker

-Networking Security -Cyber Forensics

-Information Security -Cyber Crime Investigation

-IT Auditing

-Forensics consultant
-Fraud Investigator

-Choose specialized area

-Penetration Testing -Cyber Law

-Learn related fields -Cyber Law consultant Good networking -Information Security Consultant

 "The modern thief can steal more with a computer

than with a gun. Tomorrow's terrorist may be able to do more damage with a keyboard than with a bomb - National Research Council, USA

@ - sagar.rahurkar@iqspl.com # - 09623444448

Course structure
Two semesters ONE BOOK +CD Two hours every week Theory + practicals (wherever necessary)

Periodic assessments

Course structure
Semester I

Introduction to cyber security Physical security Cryptography Steganography Virus attacks & security Email frauds & security Browser safety Security for online banking

Course structure
Semester II

Mobile security Ethical hacking Computer forensics ISO auditing

Cyber laws
Information system contingency planning (Risk management) Strategic management of technology

Course structure

Assessment pattern