Sunday, 6 June 2021

Unit IV. STUDENTS SAFETY ON THE NET

 

Unit IV. Students Safety on the net

*      Computer virus- (malwares, spywares,trojan)- preventive measures- (Firewall, antivirus software

*      Cyber privacy and password protection

*      Legal and ethical issues

v Copyright

v Creative Common Licence

v Plagiarism, Hacking, Netiquette, Phishing, Software privacy

*      Cyber law- IT Act 2000, IT Act 2008.

*      Role of teacher in conscientizing about

v  Child abuse over the net

v  Misuse of internet (morphing, pornography)

v  Health hazards of using computer

 

COMPUTER VIRUS

A computer virus is a type of malicious software  when executed, replicates itself by modifying other computer programs and inserting its own code. When this replication succeeds, the affected areas are then said to be "infected" with a computer virus. The vast majority of viruses target systems running Microsoft Windows, employing a variety of mechanisms to infect new hosts and often using complex anti-detection/stealth strategies to evade antivirus software

Motives for creating viruses can include seeking profit, desire to send a political message, personal amusement, to demonstrate that a vulnerability exists in software, or simply because they wish to explore cybersecurity issues, artificial life and evolutionary algorithms

Computer viruses currently cause economic damage each year, due to causing system failure, wasting computer resources, corrupting data, increasing maintenance costs, etc.

The term "virus" is also commonly, but erroneously, used to refer to other types of malware.

 

MALWARE

Malware is any software intentionally designed to cause damage to a computer, server or computer network. Malware does the damage after it is implanted or introduced in some way into a target’s computer and can take the form of executable code, scripts, active content, and other software.  Malware has a malicious intent, acting against the interest of the computer user—and so does not include software that causes unintentional harm due to some deficiency, which is typically described as a software bug.

Programs officially supplied by companies can be considered malware if they secretly act against the interests of the computer user.

For example, Sony sold the Sony rootkit, which contained a Trojan horse embedded into CDs that silently installed and concealed itself on purchasers' computers with the intention of preventing illicit copying.

"Malware" encompasses computer viruses along with many other forms of malicious software, such as computer "worms", ransomware, spyware, adware, trojan horses, keyloggers, rootkitsbootkits, malicious Browser Helper Object (BHOs) and other malicious software.

The majority of active malware threats are actually trojan horse programs or computer worms rather than computer viruses. The term computer virus, coined by Fred Cohen in 1985, is a misnomer.

Today, malware is used by both black hat hackers and governments, to steal personal, financial, or business information.

Malware is sometimes used broadly against government or corporate websites to gather guarded information, or to disrupt their operation in general. However, malware can be used against individuals to gain information such as personal identification numbers or details, bank or credit card numbers, and passwords.

 Viruses often perform some type of harmful activity such as

·         infected host computers, such as acquisition of hard diskspace or central processing unit (CPU),

·         accessing private information (e.g., credit card numbers),

·         corrupting data,

·         displaying political or humorous messages on the user's screen, 

·         spamming their e-mail contacts, logging their keystrokes, or even rendering the computer useless.

However, not all viruses carry a destructive "payload" and attempt to hide themselves—the defining characteristic of viruses is that they are self-replicating computer programs which modify other software without user consent.

 

 

SPYWARES

Programs designed to monitor users' web browsing, display unsolicited advertisements, or redirect affiliate marketing revenues are called spyware. Spyware programs do not spread like viruses; instead they are generally installed by exploiting security holes. They can also be hidden and packaged together with unrelated user-installed software
Operations and functions

Phases

This life cycle can be divided into four phases:

Dormant phase

The virus program is idle during this stage. The virus program has managed to access the target user's computer or software, but during this stage, the virus does not take any action. The virus will eventually be activated by the "trigger" which states which event will execute the virus, such as a date, the presence of another program or file, the capacity of the disk exceeding some limit or the user taking a certain action (e.g., double-clicking on a certain icon, opening an e-mail, etc.). Not all viruses have this stage.

Propagation phase

The virus starts propagating, that is multiplying and replicating itself. The virus places a copy of itself into other programs or into certain system areas on the disk. The copy may not be identical to the propagating version; viruses often "morph" or change to evade detection by IT professionals and anti-virus software. Each infected program will now contain a clone of the virus, which will itself enter a propagation phase.

Triggering phase

A dormant virus moves into this phase when it is activated, and will now perform the function for which it was intended. The triggering phase can be caused by a variety of system events, including a count of the number of times that this copy of the virus has made copies of itself.

Execution phase

This is the actual work of the virus, where the "payload" will be released. It can be destructive such as deleting files on disk, crashing the system, or corrupting files or relatively harmless such as popping up humorous or political messages on screen.

 

 

TROJAN HORSE

Trojan horse is a programme installed on a computer that appears harmless, but is, in fact, malicious. Unexpected changes to computer settings and unusual activity, even when the computer should be idle, are strong indications that a Trojan is residing on a computer. The Trojan horse is hidden in an innocent-looking email attachment or free download. When the user clicks on the email attachment or downloads the free program, the malware that is hidden inside is transferred to the user's computing device. Once inside, this can execute whatever task the attacker designed it to carry out.

How a Trojan horse works

Trojan horse developers frequently spamming techniques to send their emails to hundreds or thousands of people. As soon as the email has been opened and the attachment has been downloaded, the Trojan server will be installed and will run automatically each time the computer turns on.

It attacks Laptop, desktop computer, mobiles etc. The victim receives an official-looking email with an attachment. The attachment contains malicious code that is executed as soon as the victim clicks on the attachment. Because nothing bad happens and the computer continues to work as expected, the victim does not suspect that the attachment is actually a Trojan horse and his computing device is now infected.

The malicious code resides undetected until a specific date or until the victim carries out a specific action, such as visiting a banking website. At that time, the trigger activates the malicious code and carries out its intended action. Depending upon how the Trojan has been created, it may delete itself after it has carried out its intended function, it may return to a dormant state or it may continue to be active.

Uses of a Trojan horse

When a Trojan horse becomes active, it puts sensitive user data at risk and can negatively impact performance. Once a Trojan has been transferred, it can:

  • give the attacker backdoor control over the computing device;
  • record key strokes to steal the user's account data and browsing history;
  • download and install a virus or worm to exploit a vulnerability in another program;
  • install ransom ware to encrypt the user's data and extort money for the decryption key;
  • activate the computing device's camera and recording capabilities;
  • turn the computer into a zombie computer that can be used to carry out click fraud schemes or illegal actions and
  • legally capture information relevant to a criminal investigation for law enforcement.

·         A Trojan horse through unusual behaviors displayed by a computer.

·         The quirks could include:

  • A change in the computer's screen, including changing color and resolution or an unnecessary flip upside down.
  • Excessive amounts of pop-up ads will appear
  • The computer mouse may start moving by itself or freezing up completely and the functions of the mouse buttons may reverse.
  • The browser will consistently redirect the user to a different website than the one they are requesting. This redirected website will often contain an offer that users can click on or download which will, in turn, install more malware.
  • The computer's antivirus and anti malware programs will be disabled and the necessary steps to remove malware will be inaccessible.
  • Mysterious messages and abnormal graphic displays may start appearing.
  • Unrecognized programs will be running in the task manager
  • The taskbar will either change in appearance or completely disappear.
  • The computer's desktop wallpaper may change as well as the format of desktop icons and applications.

 

TYPES OF VIRUSES

RESIDENT Vs. NON-RESIDENT VIRUSES

memory-resident virus (or simply "resident virus") installs itself as part of the operating system when executed, after which it remains in RAM from the time the computer is booted up to when it is shut down.

Resident viruses overwrite interrupt handling code or other functions, and when the operating system attempts to access the target file or disk sector, the virus code intercepts the request and redirects the control flow to the replication module, infecting the target.

Non-memory-resident virus (or "non-resident virus"), when executed, scans the disk for targets, infects them, and then exits (i.e. it does not remain in memory after it is done executing).

MACRO VIRUSES

macro virus (or "document virus") is a virus that is written in a macro language, and embedded into these documents so that when users open the file, the virus code is executed, and can infect the user's computer. This is one of the reasons that it is dangerous to open unexpected or suspicious attachments in e-mails. While not opening attachments in e-mails from unknown persons or organizations can help to reduce the likelihood of contracting a virus, in some cases, the virus is designed so that the e-mail appears to be from a reputable organization (e.g., a major bank or credit card company).

BOOT SECTOR VIRUSES

Boot sector viruses specifically target the boot sector and/or the Master Boot Record of the host's hard drive or removable storage media (flash drivesfloppy disks, etc.).

E-MAIL VIRUS

Email virus – A virus that intentionally, rather than accidentally, uses the email system to spread. While virus infected files may be accidentally sent as email attachments, email viruses are aware of email system functions. They generally target a specific type of email system (Microsoft’s Outlook is the most commonly used), harvest email addresses from various sources, and may append copies of themselves to all email sent, or may generate email messages containing copies of themselves as attachments.

ANTIVIRUS SOFTWARE

Antivirus softwares are programmes that can detect and eliminate known viruses when the computer attempts to download or run the executable file. Some antivirus software blocks known malicious websites that attempt to install malware. Users must update their software regularly to patch security vulnerabilities.  Antivirus software also needs to be regularly updated in order to recognize the latest threats. This is because malicious hackers and other individuals are always creating new viruses. Examples of Microsoft Windows anti virus and anti-malware software include the optional Microsoft Security Essentials (for Windows XP, Vista and Windows 7) for real-time protection, the Windows Malicious Software Removal Tool.

 

Ransomware is a virus that posts a message on the user's screen saying that the screen or system will remain locked or unusable until a ransom payment is made. 

Phishing is a deception in which the malicious individual pretends to be a friend, computer security expert, or other benevolent individual, with the goal of convincing the targeted individual to reveal passwords or other personal information.

 

Recovery strategies and methods

·         timely operating system updates,

·         software updates,

·         careful Internet browsing (avoiding shady websites), and

·         installation of only trusted software.

·         regular backups of data (and the operating systems) on different media, that are either kept unconnected to the system (most of the time, as in a hard drive), 

·         if data is lost through a virus, one can start again using the backup.

      If a backup session on optical media like CD and DVD is closed, it becomes read-only and can no longer be affected by a virus (so long as a virus or infected file was not copied onto the CD/DVD). Likewise, an operating system on a bootable CD can be used to start the computer if the installed operating systems become unusable. Backups on removable media must be carefully inspected before restoration. The Gammima virus, for example, propagates via removable flash drives.

·         Operating system reinstallation

Definition of privacy

The term 'privacy' has been described as "the rightful claim of the individual to determine the extent to which he wishes to share of himself with others. It means his right to withdraw or to participate as he sees fit. It also means the individual's right to control dissemination of information about himself....

The concept of privacy is used to describe not only rights purely in the private domain between individuals but also constitutional rights against the State.

Though the whole world is yet to arrive at an agreed definition on privacy, the advocates of 'right to privacy' have agreed that the meaning of privacy is dependent on a nation's culture.

Today, we find four distinct common law torts that are available as remedy for breach of privacy. These are:

1. Intrusion upon seclusion: Intrusion was substantial and highly offensive to a reasonable person.

2. Appropriation of name or likeness: if somebody appropriates your name or picture, without any authorisation, then, he is violating your right to privacy.

     Eg. name or picture of a living person is used for commercial

3. Publicity given to private life:

4. Publicly placing a person in false light:

      It involves falsely implicating a person to an immoral, illegal, or embarrassing situation resulting in injury.

Internet Privacy 

Internet privacy is a broad term, which shows the right or mandate of personal privacy and security level of personal data published via the Internet. It refers to a variety of factors, techniques and technologies used to protect sensitive and private data, communications and preferences. It involves privacy concerning the storing, repurposing, provision to third parties, and displaying of information pertaining to oneself via the Internet

Internet privacy and anonymity are paramount to users, especially as e-commerce continues to gain traction. Privacy violations and threat risks are standard considerations for any website under development. Internet privacy is also known as online privacy.

Crimes Involving Cyber-Privacy

1.      Malware which can access a user's identity and/or information

2.      Denial of Service Attacks (block a user from accessing his or her information)

3.      Computer Viruses which takes user information as well as identity

4.      All of these crimes fall under the category or fraud, identity theft, phishing scams and or information warfare.

5.      Terrorism

6.      Tracking

Movements of individuals are tracked by websites, advertisers, etc and give ads according tour browsing results.

Cookie profiling and other techniques are used to track overall activities online and create a detailed profile of browsing habits. Some people may not mind having relevant ads being served up to them, but for others this is a serious invasion of privacy.

7.      Surveillance

Some governments spy on their citizens online to monitor the Internet usage of its citizens. Internet companies (ISPs), telcos, as well as other communication service providers are required to retain customers’ Internet connection records for a year, which can be obtained by government authorities and used in investigations – even if you’re not related to them in any way

8.      Theft

Cybercriminals use malware, spyware, and phishing techniques to break into your online accounts or device and steal personal information to engage in activities like identity theft which may result in losing most or all of their hard earned money

WHAT YOU SHOULD DO WHILE USING INTERNET

1.      Do not use the Same Credentials for Multiple Accounts

It becomes easy to a cybercriminal to gain access into your one account; they’ll most likely get into the other ones as well.

2.      Do not Stay Logged into Websites

Since websites leaves your online accounts and personal information vulnerable to anyone who uses or hacks into your device.

3.      Do not use Services without Reading their Terms & Conditions

Companies and service providers access to all kinds of data and then sell this information to the highest bidder

4.      Do not Open Suspicious Attachments or Download Malicious Files

WAYS TO PROTECT YOUR PRIVACY AND SECURITY ON THE INTERNET

1. Secure Your Web Browser

2. Use a Virtual Private Network (VPN)

Using Pure VPN is the best way to protect Internet privacy. It change your IP address and assign  new one based on the VPN server you’re connected to and protects incoming and outgoing traffic with military-grade encryption. As a result, your online activities and personal information stays secure and private from snoopers.

3. Keep Software Up-to-Date

Keep operating system, browser, as well as other software (like Adobe Flash and Java) up to date to ensure that you don’t miss out on new features and security fixes.

4. Install an Anti-virus Program & Activate Firewall

A strong anti-virus program will keep device free from all types of malware, such as spyware, viruses, Trojans, etc. It activate your firewall to keep unwanted network traffic at bay.

5. Delete Cookies at Browser Exit

You should delete cookies regularly as they’re used by websites, advertisers, and other third-parties to track online.

6. Adjust Your Settings on Google, Facebook, etc.

Big Internet companies such as Facebook and Google usually gives options to opt personalization and tracking. example, you can manage your ads preferences on Facebook while Google allows you to turn off ads personalization from, here.

PASSWORD PROTECTION

Password protection is used in documents, folders, and other data in computer's user to protect from other people who might have access to the device. Passwords are used commonly to gain entry to networks and into various Internet accounts in order to authenticate the user accessing the website. It is a security process that protects information accessible via computers that needs to be protected from certain users.

Password protection allows only those with an authorized password to gain access to certain information. Password protection policies should be in place at organizations so that personnel know how to create a password, how to store their password and how often to change it. Passwords are a first line of defense against many internet ills

HOW TO CREATE A STRONG PASSWORD

1.      Think them, as essentials

2.      Use a password manager.

A good password manager creates strong, unique passwords for all of your accounts. That means, if one of your passwords does get caught up in a data breach, criminals won't have the keys to the rest of your online services.

3.      Go long.

 Despite what all those prompts for unique characters and uppercase letters might have you believe, length matters more than complexity. Once you get into the 12-15 character range, it becomes way harder for a hacker to brute force, much less guess, your password. Eg."g0be@r$"

4.      Keep them separated. 

If you want to deploy special characters against a password manager lots of input fields will force you to bunch them all together at the beginning or end. That’s what everyone else does, which means that’s hackers are looking for. Instead, space them out throughout your password to make the guesswork extra tricky.

5.      Single-serve only. 

 Don’t reuse passwords across different accounts.

6.      Don’t trust your browser. 

Usually we let our browser to remember all those passwords, or getting a paid password manager.

7.      Add two-factor authentication

Two-factor authentication, or 2FA, is a method of verifying your identity that adds a second layer of security to your account password like

·      a PIN number, password, or pattern

·      an ATM or credit card, mobile phone, or security token. It combines your physical card and your PIN

·      a biometric form of authentication, such as your fingerprint, your voice, or your face

8.      Do not use personal information

·         Don’t use your name or names of family members or pets in your passwords.

·         Don’t use numbers like your address, phone number, or birthdays, either.

9.      Do not use real words

Password cracking tools help attackers to guess password. These programs can process every word in the dictionary, plus letter and number combinations, until a match is found. So don’t use clear, real words from the dictionary or proper nouns or names. Instead, use special characters by combining uppercase and lowercase letters with numbers and special characters, such as “&” or “$,” you can increase the complexity of your password and help decrease the chances of someone potentially hacking into your account.

10.  Don’t write them down

11.  Change passwords on a regular basis

12.  Never enter your password on another person’s computer.

13.  When using your devices on public Wi-Fi, you should avoid visiting websites that require you to log in to your account, such as online banking or shopping.

When you’re on an unsecured public network, your unencrypted data could be intercepted by a nearby hacker. To protect yourself from these threats, you should always use a virtual private network (VPN), like Norton Secure VPN, when on a public Wi-Fi connection.

Legal and Ethical Issues in Computer Security

1.      Privacy

2.      Digital Ownership

Digital mediums have allowed information to flow more freely than before. Things can be easily copied and pasted online, which makes intellectual property hard to control. Companies in the music and entertainment industries have pushed for greater legal protections for intellectual properties while other activists have sought to provide greater freedoms for the exchange of ideas in the digital realm.

3.      Data Gathering by service providers

4.      Security Liability

Security systems for digital networks are computerized in order to protect vital information and important assets. However, this increased security comes with increased surveillance. All security systems have inherent risks

5.      Access Costs

Proponents want the Internet to remain open to everyone while some businesses want to create tiered access for those who are willing to pay. The issue even extends to private Internet usage since the cost of service in some areas may be cost prohibitive. The larger ethical question is whether or not digital exchange is now a universal right. The cost of access can impede business growth, entrepreneurial spirit and individual expression.

 

The Copyright Act, 1957

The ‘Act’ came into effect from January 1958. The Act has been amended five times since then, i.e., in 1983, 1984, 1992, 1994, 1999 and 2012. The Copyright (Amendment) Act, 2012 is the most substantial.

Meaning of Copyright Section 14 of the Act provides the meaning of copyright in following words: For the purpose of this Act, “copyright” means the exclusive right subject to the provisions of this Act, to do or authorize the doing of any of the following acts in respect of a work or any substantial part thereof, namelya.

a. In the case of a literary, dramatic or musical work not being a computer programmme,- i. to reproduce the work in any material form including the storing of it in any medium by electronic means;

ii. to issue copies of the work to the public not being copies already in circulation;

iii.to perform the work in public, or communicate it to the public;

iv. to make any cinematograph film, or sound recording in respect of the work;

v. to make any translation of the work;

vi. to make any adaptation of the work;

vii. to do in relation to a translation or adaptation of work, any of the acts specified in relation to the work in sub-clause (i) to (iv).

b. In the case of a computer programme

 i. to do any of the acts specified in clause (a);

ii. to sell or give on hire, or offer for sale or hire any copy of the computer programme, regardless of whether such copy has been sold or given on hire on earlier occasions;

Section 51 along with the Section 14 of the Copyright Act, 1957 it becomes clear that reproducing any copyrighted work, issuing copies of the work to the public or communicating the work to the public would amount to the copyright violation under the Act.

Indian Copyright Act, 1957 protects “Databases” as ‘literary works’ under Section 13 (1) (a) of the Act which says that Copyright shall subsists throughout India in original literary, dramatic, musical and artistic works.

The definition of literary works “as defined under Section 2(o) of Copyright Act, 1957 includes computer programmes, tables and compilations including computer data basis.

 Section 63B of the Indian Copyright Act provides that any person who knowingly makes use on a computer of an infringing copy of computer program shall be punishable for a minimum period of six months and a maximum of three years in prison.

Section 43 of Information Technology Act, 2000 provides for compensation to the aggrieved party up to One Crore of Rupees from a person, who without the permission of the owner or the person who is in charge of computer, computer system or computer net-work secures, access to the system or down-loads data or down-loads, copies or extracts any data or data base or information from the said computer, computer system or computer network or secures access to the system or down-loads data or down loads, copies or extracts any data or data base or information from the said computer, computer system or computer network which includes the data hold or stored in any removable storage media. It covers instances of cracking the computer codes, computer trespass, digital copying, violation of privacy, data theft etc.

Section 66 of the Act provides for penal liabilities to the person, who with the intent to cause or knowingly that he is likely to cause wrongful or loss or damage to the public or any person, alters or destroys any information residing in the computer resource or diminishes its value or utility or affects it injuriously by any means, the term commonly used for such crimes is ‘hacking’.

CREATIVE COMMONS (CCLICENSE

 Creative Commons (CC) is an internationally active non-profit organisation that provides free licences for creators to use when making their work available to the public. These licences help the creator to give permission for others to use the work in advance under certain conditions. It is used when an author wants to give other people the right to share, use, and build upon a work that they (the author) have created. CC provides an author flexibility (for example, they might choose to allow only non-commercial uses of a given work) and protects the people who use or redistribute an author's work from concerns of copyright infringement as long as they abide by the conditions that are specified in the license by which the author distributes the work.  There are several types of Creative Commons licenses. The licenses differ by several combinations that condition the terms of distribution. They were initially released on December 16, 2002 by creative commons, a U.S. non profit  corporation founded in 2001. There have also been five versions of the suite of licenses, numbered 1.0 through 4.0. As of December 2018, the 4.0 license suite is the most current Every time a work is created, such as when a journal article is written or a photograph taken, that work is automatically protected by copyright. Copyright protection prevents others from using the work in certain ways, such as copying the work or putting the work online.

CC licences allow the creator of the work to select how they want others to use the work. When a creator releases their work under a CC licence, members of the public know what they can and can’t do with the work. This means that they only need to seek the creator’s permission when they want to use the work in a way not permitted by the licence. The great thing is that all CC licences allow works to be used for educational purposes. As a result, teachers and students can freely copy, share and sometimes modify and remix a CC work without having seeking the permission of the creator.

Every CC licence allows you to

  • Copy the work (eg. download, upload, photocopy and scan the work);
  • Distribute the work (eg. provide copies of the work to teachers, students, parents and the community);
  • Display or perform the work (eg. play a sound recording or film in class, or stage a play to parents);
  • Communicate the work (eg. make the work available online on the school intranet, learning management system or on a class blog); and
  • Format shift verbatim copies of the work (eg copy a MP3 version of music onto a CD or an MP4 version of a film onto a DVD to play in class).
  • always attribute the creator of the work
  • get permission from the creator to do anything that goes beyond the terms of the licence (e.g. making a commercial use of the work or creating a derivative work where the licence does not permit this);
  • keep any copyright notice attached to the work intact on all copies of the work;
  • indicate and link to the licence from any copies of the work; and

·                   where you make changes to the work, acknowledge the original work and indicate that changes have been made

In addition, when you use any CC material, you must not:

·         alter the terms of the licence;

·         use the work in any way that is prejudicial to the reputation of the creator of the work;

·         imply that the creator is endorsing or sponsoring you or your work; or

·         add any technologies (such as digital rights management) to the work that restrict other people from using it under the terms of the licence.

Why should Schools use CC?

·      Teachers can copy an entire work without limitation;

·      There is a lot of CC material that teachers can modify and remix;

·      Parents and the community can freely access the work; and

·      CC material is available for free and not subject to licence fees.

PLAGIARISM

Plagiarism is copying another's work or borrowing someone else's original ideas.

          According to the Merriam-Webster online dictionary, to "plagiarize" mean

  • to steal and pass off (the ideas or words of another) as one's own
  • to use (another's production) without crediting the source
  • to commit literary theft
  • to present as new and original an idea or product derived from an existing source
  • turning in someone else's work as your own
  • copying words or ideas from someone else without giving credit
  • failing to put a quotation in quotation marks
  • giving incorrect information about the source of a quotation
  • changing words but copying the sentence structure of a source without giving credit
  • copying so many words or ideas from a source that it makes up the majority of your work, whether you give credit or not (see our section on "fair use" rules)

HACKING

Hacking refers to activities that seek to compromise digital devices, such as computers, smart phones, tablets, and even entire networks. It is also identifying weakness in computer systems or networks to exploit its weaknesses to gain access. Hacking means using computers to commit fraudulent acts such as fraud, privacy invasion, stealing corporate/personal data, etc.

Example of Hacking: Using password cracking algorithm to gain access to a system

Hacker is a person who finds and exploits the weakness in computer systems and/or networks to gain access. Hackers are usually skilled computer programmers with knowledge of computer security.

·         Ethical Hacker (White hat): A hacker who gains access to systems with a view to fix the identified weaknesses. They may also perform penetration testing and vulnerability assessments.

·         Cracker (Black hat): A hacker who gains unauthorized access to computer systems for personal gain. The intent is usually to steal corporate data, violate privacy rights, transfer funds from bank accounts etc.

·         Grey hat: A hacker who is in between ethical and black hat hackers. He/she breaks into computer systems without authority with a view to identify weaknesses and reveal them to the system owner.

·         Script kiddies: A non-skilled person who gains access to computer systems using already made tools.

·         Hacktivist: A hacker who use hacking to send social, religious, and political, etc. messages. This is usually done by hijacking websites and leaving the message on the hijacked website.

·         Phreaker: A hacker who identifies and exploits weaknesses in telephones instead of computers.

Ethical Hacking

Ethical Hacking is identifying weakness in computer systems and/or computer networks and coming with countermeasures that protect the weaknesses. Ethical hackers must abide by the following rules. Information is one of the most valuable assets of an organization. Keeping information secure can protect an organization’s image and save an organization a lot of money. Hacking can lead to loss of business for organizations that deal in finance such as PayPal. Ethical hacking puts them a step ahead of the cyber criminals who would otherwise lead to loss of business.

  • Get written permission from the owner of the computer system and/or computer network before hacking.
  • Protect the privacy of the organization been hacked.
  • Transparently report all the identified weaknesses in the computer system to the organization.
  • Inform hardware and software vendors of the identified weaknesses.

Variety of techniques for hacking

  • Vulnerability scanner: checks computers on networks for known weaknesses
  • Password cracking: the process of recovering passwords from data stored or transmitted by computer systems
  • Packet sniffer: applications that capture data packets in order to view data and passwords in transit over networks
  • Spoofing attack: involves websites which falsify data by mimicking legitimate sites, and they are therefore treated as trusted sites by users or other programs
  • Root kit: represents a set of programs which work to subvert control of an operating system from legitimate operators
  • Trojan horse: serves as a back door in a computer system to allow an intruder to gain access to the system later
  • Viruses: self-replicating programs that spread by inserting copies of themselves into other executable code files or documents

·         Key loggers: tools designed to record every keystroke on the affected machine for later retry

NETIQUETTE

Netiquette is short for "Internet etiquette." It represents the importance of proper manners and behavior online.  Just like etiquette is a code of polite behavior in society, netiquette is a code of good behavior on the Internet. This includes several aspects of the Internet, such as emailsocial media, online chat, web forums, website comments, multiplayer gaming, and other types of online communication. While there is no official list of netiquette rules or guidelines, the general idea is to respect others online.

Below are ten examples of rules to follow for good netiquette:

ü  Avoid posting inflammatory or offensive comments online

ü  Respect others' privacy

ü  Never spam others by sending large amounts of unsolicited email.

ü  Show good sportsmanship when playing online games, whether you win or lose.

ü  Don't troll people in web forums or website

ü  Stick to the topic when posting in online forums or when commenting on photos or videos, such as YouTube or Facebook comments.

ü  Don't swear or use offensive language.

ü  Avoid replying to negative comments with more negative comments. Instead, break the cycle with a positive post.

ü  If someone asks a question and you know the answer, offer to help.

ü  Thank others who help you online.

 

PHISHING

Phishing is a homophone of fishing, and is so named because phishing scams use lures to catch unsuspecting victims, or fish. It is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.

The information is then used to access important accounts and can result in identity theft and financial loss.

Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication channels. The attacker uses phishing emails to distribute malicious links or attachments that can perform a variety of functions, including the extraction of login credentials or account information from victims. Phishing is popular with cybercriminals. Phishing attacks email or other electronic communication methods, including direct messages sent over social networks, SMS text messages and other instant messaging modes. It includes social networks like LinkedIn, Facebook and Twitter, to gather background information about the victim's personal and work history, his interests, and his activities.  The victim receives a message that appears to have been sent by a known contact or organization. The attack is carried out either through a malicious file attachment that contains phishing software, or through links connecting to malicious websites. In either case, the objective is to install malware on the user's device or direct the victim to a malicious website set up to trick them into divulging personal and financial information. Other than email and website phishing, there’s also 'vishing' (voice phishing), 'smishing' (SMS Phishing) and several other phishing techniques cybercriminals are constantly coming up with

Several clues that can indicate that a message is a phishing attempt.

These include:

  • The use of sub domains, misspelled URLs or otherwise suspicious URLs.
  • The recipient uses a Gmail or other public email address rather than a corporate email address.
  • The message is written to invoke fear or a sense of urgency.
  • The message includes a request to verify personal information, such as financial details or a password.
  • The message is poorly written and has spelling and grammatical errors.

 

The first phishing lawsuit was filed in 2004 against a Californian teenager who created the imitation of the website “America Online”. With this fake website, he was able to gain sensitive information from users and access the credit card details to withdraw money from their accounts. 

 

SOFTWARE PIRACY

Software piracy is the stealing of legally protected software. Software piracy penalties apply to users that illegally reproduce copyrighted works and /or users who are knowingly in possession of illegally reproduced works. Unknowingly accepting pirated software is another scenario, provided it can be proven. End users may notice red flags, which indicate pirated software, especially if the acquired digital media is encased in inconspicuous or generic containers, such as CD sleeves or unnamed disk packaging.

Types of Software Piracy

There are five main types of software piracy

1.      Softlifting

Softlifting is when someone purchases one version of the software and downloads it onto multiple computers, even though the software license states it should only be downloaded once. This often occurs in business or school environments and is usually done to save money. Softlifting is the most common type of software piracy.

2.      Client-server overuse

Client-server overuse is when too many people on a network use one main copy of the program at the same time. This often happens when businesses are on a local area network and download the software for all employees to use. This becomes a type of software piracy if the license doesn’t entitle you to use it multiple times.

3.      Hard disk loading

Hard disk loading is a type of commercial software piracy in which someone buys a legal version of the software and then reproduces, copies or installs it onto computer hard disks. The person then sells the product. This often happens at PC resale shops and buyers aren’t always aware that the additional software they are buying is illegal.

4.      Counterfeiting

Counterfeiting occurs when software programs are illegally duplicated and sold with the appearance of authenticity. Counterfeit software is usually sold at a discounted price in comparison to the legitimate software.

5.      Online Piracy

Online piracy, also known as Internet piracy, is when illegal software is sold, shared or acquired by means of the Internet. This is usually done through a peer-to-peer (P2P) file sharing system, which is usually found in the form of online auction sites and blogs.

Consequences of software piracy

  • Increased chances that the software will malfunction or fail
  • Forfeited access to support for the program such as training, upgrades, customer support and bug fixes
  • No warranty and the software can’t be updated
  • Increased risk of infecting your PC with malware, viruses or adware
  • Slowed down PC
  • Legal repercussions due to copyright infringement

Type of Cybercrime

  • The following list presents the common types of cybercrimes:
  • Computer Fraud: Intentional deception for personal gain via the use of computer systems.
  • Privacy violation: Exposing personal information such as email addresses, phone number, account details, etc. on social media, websites, etc.
  • Identity Theft: Stealing personal information from somebody and impersonating that person.
  • Sharing copyrighted files/information: This involves distributing copyright protected files such as eBooks and computer programs etc.
  • Electronic funds transfer: This involves gaining an un-authorized access to bank computer networks and making illegal fund transfers.
  • Electronic money laundering: This involves the use of the computer to launder money.
  • ATM Fraud: This involves intercepting ATM card details such as account number and PIN numbers. These details are then used to withdraw funds from the intercepted accounts.
  • Denial of Service Attacks: This involves the use of computers in multiple locations to attack servers with a view of shutting them down.
  • Spam: Sending unauthorized emails. These emails usually contain advertisements.

*      Cyber law- IT Act 2000, IT Act 2008

 

THE INFORMATION TECHNOLOGY ACT, 2000

 

In May 2000, both the houses of the Indian Parliament passed the Information Technology Bill. The Bill received the assent of the President in August 2000 and came to be known as the Information Technology Act, 2000. It  provides legal recognition to the transaction done via electronic exchange of data and other electronic means of communication or electronic commerce transactions. This also involves the use of alternatives to a paper-based method of communication and information storage to facilitate the electronic filing of documents with the Government agencies. Further, this act amended the Indian Penal Code 1860, the Indian Evidence Act 1872, the Bankers’ Books Evidence Act 1891, and the Reserve Bank of India Act 1934.

The objectives of the Act are as follows:

  • Grant legal recognition to all transactions done via electronic exchange of data or other electronic means of communication or e-commerce, in place of the earlier paper-based method of communication.
  • Give legal recognition to digital signatures for the authentication of any information or matters requiring legal authentication
  • Facilitate the electronic filing of documents with Government agencies and also departments
  • Facilitate the electronic storage of data
  • Give legal sanction and also facilitate the electronic transfer of funds between banks and financial institutions
  • Grant legal recognition to bankers under the Evidence Act, 1891 and the Reserve Bank of India Act, 1934, for keeping the books of accounts in electronic form.

Features of the Information Technology Act, 2000

a)      All electronic contracts made through secure electronic channels are legally valid.

b)      Legal recognition for digital signatures.

c)      Security measures for electronic records and also digital signatures are in place

d)     A procedure for the appointment of adjudicating officers for holding inquiries under the Act is finalized

e)      Provision for establishing a Cyber Regulatory Appellant Tribunal under the Act. Further, this tribunal will handle all appeals made against the order of the Controller or Adjudicating Officer.

f)       An appeal against the order of the Cyber Appellant Tribunal is possible only in the High Court

g)      Digital Signatures will use an asymmetric cryptosystem and also a hash function

h)      Provision for the appointment of the Controller of Certifying Authorities (CCA) to license and regulate the working of Certifying Authorities. The Controller to act as a repository of all digital signatures.

i)        The Act applies to offences or contraventions committed outside India

j)        Senior police officers and other officers can enter any public place and search and arrest without warrant

k)      Provisions for the constitution of a Cyber Regulations Advisory Committee to advise the Central Government and Controller.

Applicability of the Act

According to Section 1 (2),

a.       the Act extends to the entire country, which also includes Jammu and Kashmir.

b.      to any offence or contravention committed outside India as well. If the conduct of person constituting the offence involves a computer or a computerized system or network located in India, then irrespective of his/her nationality, the person is punishable under the Act.

c.       Lack of international cooperation is the only limitation of this provision.

 

Advantages of Cyber Laws

·         The IT Act 2000 attempts to change outdated laws and provides ways to deal with cyber crimes.

·         offers the much-needed legal framework so that information is not denied legal effect, validity or enforceability, solely on the ground that it is in the form of electronic records.

·         empower government departments to accept filing, creating and retention of official documents in the digital format.

·         proposed a legal framework for the authentication and origin of electronic records / communications through digital signature.

·         allows Government to issue notification on the web thus heralding e-governance.

·         enables the companies to file any form, application or any other document with any office, authority, body or agency owned or controlled by the appropriate Government in electronic form by means of such electronic form as may be prescribed by the appropriate Government.

·         addresses the important issues of security, which are so critical to the success of electronic transactions.

·         possible for corporates to have a statutory remedy in case if anyone breaks into their computer systems or network and causes damages or copies data. The remedy provided by the Act is in the form of monetary damages, not exceeding Rs. 1 crore.

 

IT AMENDMENT ACT (ITA-2008)

The Information Technology Amendment Act, 2008 (IT Act 2008) is a substantial addition to India's Information Technology Act (ITA-2000) by the Indian Parliament in October 2008 and came into force a year later. The Act is administered by the Indian Computer Emergency Response Team  The original Act was developed to promote the IT industry, regulate e-commerce, facilitate e-governance and prevent cybercrime. The Act also sought to foster security practices within India that would serve the country in a global context. The Amendment was created to address issues that the original bill failed to cover and to accommodate further development of IT and related security concerns since the original law was passed.

Salient features of the Information Technology (Amendment) Act, 2008

·         The term 'digital signature' has been replaced with 'electronic signature' to make the Act more technology neutral.

·         A new section has been inserted to define 'communication device' to mean cell phones, personal digital assistance or combination of both or any other device used to communicate, send or transmit any text video, audio or image.

·         A new section has been added to define cyber cafe as any facility from where the access to the internet is offered by any person in the ordinary course of business to the members of the public.

·          A new definition has been inserted for intermediary.

·          A new section 10A has been inserted to the effect that contracts concluded electronically shall not be deemed to be unenforceable solely on the ground that electronic form or means was used.

·         The damages of Rs. One Crore prescribed under section 43 of the earlier Act of 2000 for damage to computer, computer system etc. has been deleted and the relevant parts of the section have been substituted by the words, 'he shall be liable to pay damages by way of compensation to the person so affected'.

·         A new section 43A has been inserted to protect sensitive personal data or information possessed, dealt or handled by a body corporate in a computer resource which such body corporate owns, controls or operates.

·         Sections 66A to 66F has been added to Section 66 prescribing punishment for offences such as obscene electronic message transmissions, identity theft, cheating by impersonation using computer resource, violation of privacy and cyber terrorism.

·         Section 67 of the IT Act, 2000 has been amended to reduce the term of imprisonment for publishing or transmitting obscene material in electronic form to three years from five years and increase the fine thereof from Rs.100,000 to Rs. 500,000. Sections 67A to 67C have also been inserted. While Sections 67A and B deals with penal provisions in respect of offences of publishing or transmitting of material containing sexually explicit act and child pornography in electronic form, Section 67C deals with the obligation of an intermediary to preserve and retain such information as may be specified for such duration and in such manner and format as the central government may prescribe.

·         section 69 giving power to the state to issue directions for interception or monitoring of decryption of any information through any computer resource. Further, sections 69A and B, two new sections, grant power to the state to issue directions for blocking for public access of any information through any computer resource and to authorize to monitor and collect traffic data or information through any computer resource for cyber security.

·         Section 79 of the Act which exempted intermediaries has been modified to the effect that an intermediary shall not be liable for any third party information data or communication link made available or hosted by him

*       Role of teacher in conscientizing about

v  Child abuse over the net

v  Misuse of internet (morphing, pornography)

v  Health hazards of using computer

Over usage of  Computer

Many children use home computers for recreation rather than for homework or other productive research. Parents and teachers must understand the risks and pitfalls in order to ensure that students maximize their computer time. Some of the effects are

  1. Physical Development

Students can develop

  • repetitive strain injuries if their computer stations are incorrectly designed or sized for them.
  • staring at a computer screen for excessive amounts of time can harm children’s eyesight.
  • Students who spend too much time on a computer may not get enough exercise, so can lead to obesity.
  • There is little doubt that computers and the Internet provide numerous advantages to students.
  1. Socialization
  • may become isolated.
  • may experience less social involvement.
  •  Internet relationships that are not followed up with face-to-face meetings are weaker and shallower than traditional relationships. In most cases, this is because participants in chat rooms and other online venues rarely reveal their true selves. As a result, students who rely only on online relationships can feel lonely, which can lead to depression.
  • Virtual communities can also be unsafe or emotionally harmful for students.
  • Some show self-injury and eating disorders.
  • Online teens can also be easy prey for those who mean to harm them.
  1. Cyberbullying

·      when someone repeatedly harasses, mistreats or makes fun of another person online or with other electronic devices  it affects more and more young people each year.

·      Victims of cyberbullying feel depressed, sad, angry and frustrated. Some are afraid or embarrassed to attend school.

·      Cyberbullying also causes a loss of self-esteem, academic problems, increases in school violence, behavior difficulties and poor family relations.

·      Victims may feel suicidal, and tragically, some have acted on these feelings.

 

Posted by at No comments:
Subscribe to: Posts (Atom)