A Classification of Cyber Offenses

Cyber attacks are deliberate attempts to exploit, damage, disrupt, or gain unauthorized access to computer systems, networks, or digital devices.

To better understand this diverse threat landscape, cyber crimes are classified based on their targets, nature, and methods of interaction.

Cyber Crimes Categorization

Cyber crimes can be grouped in several ways to clarify the target and the attacker's methodology.

Cybercrime Classification by Target

The most common classification method is based on the intended victim of the crime.

• Cyber Crimes Against Individuals: These crimes target personal vulnerabilities like greed or naivety. Examples include financial fraud, phishing, cyberstalking, identity theft, and online harassment.

• Cyber Crimes Against Property: These attacks target digital and physical property. This includes intellectual property violations like software piracy and copyright infringement, as well as the distribution of malware to damage or delete data.

• Cyber Crimes Against Organizations: These are attacks aimed at institutions, often with the goal of disrupting services, stealing classified data, or taking control of networks. Common examples are industrial espionage, Denial-of-Service (DoS) attacks, and unauthorized network intrusions.

• Cyber Crimes Against Society: These are broad attacks that undermine social trust and stability. This category includes acts of cyber terrorism, large-scale forgery, and web jacking to spread disinformation.

Classification by Nature

Crimes can also be distinguished by the attacker's intent and approach.

• Techno-Crime: This refers to deliberate, targeted attacks with a clear intent to copy, steal, block access to, or corrupt data and systems.

• Techno-Vandalism: These acts are often random or opportunistic, including defacing websites or publicizing sensitive files without a clear, strategic motive.

Classification by Interaction

The duration and type of contact between the attacker and victim also serve as a classification method.

• Single-Event Cyber Crimes: These are incidents that occur in a single moment from the victim's perspective, such as opening a malicious email attachment that instantly installs malware.

• Series-Based Cyber Crimes: These involve repeated interactions where the attacker grooms or manipulates the victim over time before the final exploitation occurs.

Common Cyber Attack Techniques

The following are specific methods and techniques used by criminals to execute cyber attacks.

Social Engineering and Deception Attacks

Social engineering is the art of manipulating people to reveal confidential information or perform actions that compromise security. It exploits human trust rather than technical vulnerabilities, often by building inappropriate trust relationships with insiders to gain unauthorized access.

These attacks are typically categorized based on the medium used: direct human interaction or technology-assisted deception.

Human-Based Social Engineering

These attacks involve direct, and often physical, interaction between the attacker and the victim.

Impersonation

Impersonation is a technique where an attacker pretends to be someone else to gain the victim's trust. This can take several forms:

• Posing as a valid user or employee to gain physical access to a restricted area.

• Assuming the role of an authority figure, such as a manager or executive, to pressure an employee into providing information or performing an action.

• Claiming third-party authorization, using phrases like, "Your manager asked me to get this from you," to bypass suspicion.

• Posing as technical support to trick a user into revealing their password or other credentials over the phone.

Shoulder Surfing

This is the direct, physical act of looking over a person's shoulder to observe their screen or keyboard as they enter sensitive information like passwords, PINs, or account numbers. It is most common in public spaces like cafes, airports, and open-plan offices.

Dumpster Diving

This is a low-tech but highly effective method where attackers sift through a target's trash. They search for discarded documents containing sensitive data, such as old bills, contact lists, internal memos, or notes with passwords, which can be used to facilitate a future attack.

Computer-Based Social Engineering

These technology-assisted attacks use digital tools to trick users into compromising their own security.

Phishing and Spoofing

Phishing is the most common form of computer-based social engineering, where deceptive emails, text messages, or websites that look legitimate are used to trick users into providing sensitive data like passwords or credit card numbers.

A key technique used in these attacks is email spoofing, where the sender's address is forged to make the message appear to come from a trusted source, such as a bank or a well-known company, greatly enhancing the deception's effectiveness.

Malicious Attachments and Downloads

In this vector, attackers convince a user to open an email attachment or download a file that contains malware. The malware can take many forms, including:

• Keyloggers, which secretly record everything the user types, including passwords and personal messages.

• Trojans, which are malicious programs disguised as legitimate software.

Deceptive Pop-ups

Attackers use fake pop-up windows on websites to carry out social engineering. These pop-ups often claim the user has won a prize, their computer is infected with a virus, or they need to install a critical software update. The goal is to encourage the user to click a link that initiates a malicious download or leads to a phishing website.

Recent Trends in India:

• Digital Arrest Scams: Criminals impersonate law enforcement officials to extort money through threats and fake video calls.

• UPI/BHIM Frauds: Social engineering tactics are used to trick users into authorizing payments or revealing access credentials.

Technical and Malicious Software Attacks

These attacks rely on malicious code and technical exploits to compromise systems.

• Malware Attacks: The use of malicious software like viruses, worms, and Trojans to damage, disrupt, or gain control of a system. It is often spread via infected downloads or USB drives.

• Ransomware Attacks: Malicious software that encrypts a victim's data, rendering it inaccessible until a ransom is paid. These attacks often target critical sectors like healthcare and government.

• Data Diddling: The unauthorized alteration of data before or during its input into a computer system for processing and restoring it afterwards to conceal manipulation. Often used in financial fraud in billing and payroll fraud.

• Salami Attacks: A financial crime that involves stealing money in extremely small quantities from many accounts, which accumulate into a significant sum over time.

• Password Hacking and Sniffing: Involves using software tools to monitor network traffic to intercept passwords (sniffing) or using techniques like brute-force attacks to crack them.

Business and Infrastructure Attacks

These attacks target the operations and digital assets of organizations.

• Denial-of-Service (DoS/DDoS) Attacks: An attempt to make an online service unavailable to legitimate users by overwhelming it with traffic from multiple sources (DDoS) or a single source (DoS).

• Web Jacking and Defacement: Web jacking is the act of taking control of a website by stealing its login credentials. Defacement involves altering the visual appearance of a website to send a message or cause disruption and damage reputation.

• Industrial Espionage (Cyber Spying): The unauthorized access and theft of proprietary data related to business strategies, financials, marketing plans or research and development. Often performed by competitors or state actors.

• Business Email Compromise (BEC): An attack where criminals use spoofed or hacked email accounts to deceive a company into transferring funds or revealing sensitive data.

• Data Breaches: Unauthorized access to large databases containing sensitive user or customer information.

Intellectual Property and Data Theft

These crimes focus on the theft and misuse of data and proprietary information.

• Software Piracy: The illegal copying, distribution, or use of software often through counterfeit products or cracked software, which is in violation of its license agreement.

• Identity Theft: The fraudulent acquisition and use of another person's personal information, typically for financial gain or criminal purpose.

• Spamming: The misuse of electronic messaging systems to send unsolicited bulk messages, often for advertising or phishing purposes.

Cyber Stalking

Cyberstalking is the persistent and deliberate use of electronic communication to stalk, harass, or threaten a person or group. Unlike general online harassment, cyberstalking is targeted and often escalates over time, causing significant fear or distress to the victim.

Cyberstalking manifests through a range of malicious behaviors, including:

• Making false accusations.
• Continuously monitoring or surveilling victims.
• Sending direct threats.
• Committing identity theft to damage the victim's reputation or finances.
• Damaging the victim's data or personal devices.
• Orchestrating coordinated harassment campaigns.

Stalkers exploit common digital platforms and personal information to carry out their attacks. The paths (Attack Vectors) or methods used to execute cyberstalking include:

• Social Media Platforms: Using sites like Facebook, Instagram, and Twitter to monitor and harass victims.

• Direct Communication: Sending threats via email and messaging apps.

• Tracking Technologies: Employing GPS tracking through the victim's devices or apps.

• Doxxing: Publishing a victim's private information online to incite wider harassment.

• Malware: Installing spyware on a victim's device to track keystrokes or location.

• Impersonation: Creating spoofed accounts to impersonate the victim and damage their reputation.

The potential entry points or targets for a cyberstalker include:

• Personal Devices: Gaining access to laptops, phones, and tablets.

• Online Profiles: Exploiting information on social media, dating apps, and forums.

• Public Information: Weaponizing data from job sites and public directories.

• Smart Home Devices: Hacking into devices with location tracking or audio/video feeds, such as smart speakers or security cameras.