The History of Cybersecurity
About forty years ago, words like worms, viruses, trojan-horse, spyware, malware weren’t
even a part of conventional information technology (IT) vocabulary. Cybersecurity only came
into existence because of the development of viruses. But how did we get here?
The history of cybersecurity began as a research project. In the 1970s, Robert Thomas, a
researcher for BBN Technologies in Cambridge, Massachusetts, created the first computer
“worm.” It was called The Creeper. The Creeper, infected computers by hopping from
system to system with the message “I’M THE CREEPER: CATCH ME IF YOU CAN.” Ray
Tomlinson, the inventor of email, created a replicating program called The Reaper, the first
antivirus software, which would chase Creeper and delete it.
Late in 1988, a man named Robert Morris had an idea: he wanted to test the size of the
Internet. To do this, he wrote a program that went through networks, invaded Unix terminals,
and copied itself. The Morris worm was so aggressive that it slowed down computers to the
point of being unusable. He subsequently became the first person to be convicted under the
Computer Fraud and Abuse Act.
From that point forward, viruses became deadlier, more invasive, and harder to control. With
it came the advent of cybersecurity.
What Is Cybersecurity?
Cybersecurity is the body of technologies, processes, and practices designed to protect
networks, computers, programs, and data from attack, damage, or unauthorized access.
The term cybersecurity refers to techniques and practices designed to protect digital data —
the data that is stored, transmitted, or used on an information system. After all, that is what a
criminal wants: data. The network, servers, and computers are just mechanisms to get to the
data. Effective cybersecurity reduces the risk of cyber-attacks and protects organizations and
individuals from the unauthorized exploitation of systems, networks, and technologies.
Robust cybersecurity implementation is roughly based around three key terms: people,
processes, and technology. This three-pronged approach helps organizations defend
themselves from both highly organized attacks and common internal threats, such as
accidental breaches and human error.
The attacks evolve every day. As attackers become more inventive, it is critical to properly
define cybersecurity and understand cybersecurity fundamentals.
Why Is Cybersecurity Important?
Listed below are the reasons why cybersecurity is so important in what’s become a
predominantly digital world:
Cyber-attacks, these days, are becoming progressively destructive. Cybercriminals are
using more sophisticated ways to initiate cyber attacks.
Regulations such as GDPR are forcing organizations into taking better care of the
personal data they hold.
Because of the above reasons, cybersecurity has become an important part of the business,
and the focus, now, is on developing appropriate response plans that minimize the damage in
the event of a cyber attack. But, an organization or an individual can develop a proper
response plan only when he has a good grip on cybersecurity fundamentals.
Now that we know what cybersecurity is and why it is important, let’s take a look at
fundamental objectives of cybersecurity.
The CIA Triad
Confidentiality, integrity, and availability, also known as the CIA triad, is a model designed
to guide companies and organizations to form their security policies. Technically,
cybersecurity means protecting information from unauthorized access, unauthorized
modification, and unauthorized deletion in order to provide confidentiality, integrity, and
availability.
Let’s explore these components and some of the information security measures which are
designed to assure the safety of each component.
Confidentiality
Confidentiality is about preventing the disclosure of data to unauthorized parties. It also
means trying to keep the identity of authorized parties involved in sharing and holding data
private and anonymous. Often, confidentiality is compromised by cracking poorly encrypted
data, man-in-the-middle (MITM) attacks, and disclosing sensitive data.
Standard measures to establish confidentiality include:
Data encryption
Two-factor authentication
Biometric verification
Security tokens
Integrity
Integrity refers to protecting information from being modified by unauthorized parties. It is a
requirement that information and programs are changed only in a specified and authorized
manner. Challenges that could endanger integrity include turning a machine into a “zombie
computer,” embedding malware into web pages.
Standard measures to guarantee integrity include:
Cryptographic checksums
Using file permissions
Uninterrupted power supplies
Data backups
Availability
Availability is making sure that authorized parties are able to access the information when
needed. Data only has value if the right people can access it at the right time. Information
unavailability can occur due to security incidents such as DDoS attacks, hardware failures,
programming errors, and human errors.
Standard measures to guarantee availability include:
Backing up data to external drives
Implementing firewalls
Having backup power supplies
Data redundancy
All cyber attacks have the potential to threaten one or more of the three parts of the CIA triad.
Confidentiality, integrity, and availability all have to work together to keep your information
secure. So, it’s important to understand what the CIA Triad is and how it is used to plan and
implement a quality security policy, while understanding the various principles behind it.
Some important terms used in computer security are:
Vulnerability
Vulnerabilityis a weakness which allows an attacker to reduce a system's information
assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw,
attacker access to the flaw, and attacker capability to exploit the flaw. To exploit
vulnerability, an attacker must have at least one applicable tool or technique that can connect
to a system weakness. In this frame, vulnerability is also known as the attack
surface.Vulnerability management is the cyclical practice of identifying, classifying,
remediating, and mitigating vulnerabilities. This practice generally refers to software
vulnerabilities in computing systems.
Backdoors
Aback door in a computer system, is a method of bypassing normal authentication, securing
remote access to a computer, obtaining access to plaintext, and so on, while attempting to
remain undetected.
The backdoor may take the form of an installed program (e.g.,Back Orifice), or could be a
modification to an existing program or hardware device. It may also fake information about
disk and memory usage.
Denial-of-service attack
Unlike other exploits, denials of service attacks arenot used to gain unauthorized access or
control of a system. They are instead designed to render it unusable. Attackers can deny
service to individual victims, such as by deliberately entering a wrong password enough
consecutive times to cause the victim account to be locked, or they may overload the
capabilities of a machine or network and block all users at once. These types of attack are, in
practice, very hard to prevent, because the behaviour of wholenetworksneeds to be analyzed,
not only the behaviour of small pieces of code
.Distributed denial of service(DDoS) attacks are common, where a large number of
compromised hosts (commonly referred to as "zombie computers", used as part of
abotnetwith, for example; aworm, trojan horse, orbackdoor exploitto control them) are used
to flood a target system with network requests, thus attempting to render it unusable through
resource exhaustion. Direct-access attacksAn unauthorized user
Top 10 Cyber Crime Prevention Tips
1.Use Strong PasswordsUse different user ID / password combinations for different accounts
and avoid writing them down. Make the passwords more complicated by combining letters,
numbers, special characters (minimum 10 characters in total) and change them on a regular
basis.
2.Secure your computeroActivate your firewallFirewalls are the first line of cyber defence;
they block connections to unknown or bogus sites and will keep out some types of viruses
and hackers.oUse anti-virus/malware softwarePrevent viruses from infecting your computer
by installing and regularly updating anti-virus software.oBlock spyware attacksPrevent
spyware from infiltrating your computer by installing and updating anti-spyware software.
3.Be Social-Media SavvyMake sure your social networking profiles (e.g. Facebook, Twitter,
Youtube, MSN, etc.) are set to private. Check your security settings. Be careful what
information you post online.Once it is on the Internet, it is there forever!
4.Secure your Mobile DevicesBe aware that your mobile device is vulnerable to viruses and
hackers.Download applications from trusted sources.
5.Install the latest operating system updatesKeep your applications and operating system (e.g.
Windows, Mac, Linux) current with the latest system updates. Turn on automatic updates to
prevent potential attacks on older software.
6.Protect your DataUse encryption for your most sensitive files such as tax returns or
financial records, make regular back-ups of all your important data, and store it in another
location.
7.Secure your wireless networkWi-Fi (wireless) networks at home are vulnerable to intrusion
if they are not properly secured. Review and modify default settings. Public Wi-Fi, a.k.a.
“Hot Spots”, are also vulnerable. Avoid conducting financial or corporate transactions on
these networks.
8.Protect your e-identityBe cautious when giving out personal information such as your
name, address, phone number or financial information on the Internet. Make sure that
websites are secure (e.g. when making online purchases) or that you’ve enabled privacy
settings (e.g. when accessing/using social networking sites).
9.Avoid being scammedAlways think before you click on a link or file of unknown origin.
Don’t feel pressured by any emails. Check the source of the message. When in doubt, verify
the source. Never reply to emails that ask you to verify your information or confirm your user
ID or password.
10.Call the right person for helpDon’t panic! If you are a victim, if you encounter illegal
Internet content (e.g. child exploitation) or if you suspect a computer crime, identity theft or a
commercial scam, report this to your local police. If you need help with maintenance or
software installation on your computer, consult with your service provider or a certified
computer technician.
Cyber Security Investigation:
1. Computers are used as technology for enhancing the modern life in private,
educational, commercial and government organisations. This will increase the
productivity and efficiency of these entities. On the other hand, the use of technology
is the root cause of the criminals for doing unlawful and unethical activities by using
the computers. Collection of evidences from the computers and IT enabled devices is
a challenging job for the police and investigating agencies in India. Investigation and
collection of evidences from computers requires knowledge and computer skill is
lacking in most personnel in our country. This leads to our government to go with
agencies1.
1.1 Steps Involved in Cybercrime Investigation
In the era of digital India, a lot of technology and many developments are taken place
and many new inventions are still under process. With this increasing technology, the
crimes related to technology are also increasing. Many cases are registered under IT
Act 2008 and also got amended in 2010. Some of the cases registered are data theft,
hacking, unauthorized access, pornography, intellectual property theft, cyber
terrorism, viruses and many. Cybercrime becomes a large threat to the business,
national security and for the common man. The following are the process of
cybercrime investigation methodology.
1.2 Questioning
Trying to collect the information about the crime, why it has done who committed and
how to precede the investigations.
1.3 Gathering Information
By checking web cameras, wire taps etc., sometimes the evidence is collected from
the hacker’s computers also.
1.4 Computer Forensics
After the process of questioning and information gathering, e forensic tools are used
to collect the evidences. The collected evidences should be maintained carefully
because it has to be produced in court.
Techniques of cybercrime investigation:
Searching Who is •
Tracking IP address •
Analysis of webserver logs •
Tracking of email account •
Trying to recover deleted evidences •
Trying to crack the password •
Trying to find out hidden data
A computer forensic investigator should follow some of the investigation
methodologies in order to find out the truth. They have to follow some procedures to
find out the truth. One should gather the evidences without affecting the chain of
custody of the evidences. Once the evidence is gathered, one should maintain the
original data safely and should work on the duplicate data. Data integrity should be
maintained by the forensic investigator. Forensic investigator should follow the
following steps in investigating the cyber forensic cases. The process of investigation
should not ruin the reputation of the investigator and also the reputation of the
organization.
• For legal opinion the company should call for a legal advisor •
The First Response of Procedures (FRP) is prepared by the forensic
investigator.
The evidence from the crime scene is gathered by forensic investigator and it
is afterwards taken to the forensic lab.
• The collected evidences are prepared as bit stream images and it is converted
to MD5 hashing algorithm. •
Before concluding the investigation the forensic investigator should examine
the evidences and finally he should prepare the investigation report •
Finally the forensic investigator should hand over the investigation report to
the client.
1.5 Investigation of Cybercrimes Cases by Police Department
Emerging trends in cybercrimes includes identity theft, hacking, phishing, spamming
and cyber stalking. With these emerging types of crimes it is time for us to revamp
and reform the investigation methodology which will be useful for prosecution of
cyber crime cases. The police department has lacuna in this field of investigation.
There are several potholes are existing in the system for investigation which includes
the gap between the reporting of crimes, arresting the criminals and finally producing
the criminals for prosecution in cybercrime cases. According to the section 16of
criminal procedure code and section 2 of Indian penal code will be used in handling
the cases including territorial jurisdiction.A legal and law manual has been framed to
avoid the lack of operational manual which describes the methods of managing and
doing on investigation related to cybercrimes. A standard investigation procedure has
to be framed in order to investigate cybercrimes4. The cyber crime cells which are
operating now should be equipped with highly technical staff and also they should
have high technology crime and investigation infrastructure. In addition to the
technical experts should also be recruited for cyber crime cell. The police lack
experience and knowledge in handling cyber forensic tools like data transfer tools,
password cracking tools etc. The forensic laboratories in district level also scared to
handle the data due to lack of technical skills.
1.6 Handling of Cybercrimes Cases in Indian Judicial System With the coming of the
Internet, cyber law has become a newly-visible field. Computer law includes
computer crime, e-commerce and freedom of expression, copyright or patent rights,
intellectual property rights, and privacy rights. Computer crime involves activities like
illegally using credit cards (because of lying and tricking people), unauthorized access
to computer systems, child pornography, software piracy, Phishing and cyber stalking.
E-commerce includes with cryptography and data security. Freedom of expression
includes defamation, censorship and obscenity. Software licensing and trademark
protection are covered under intellectual property rights and copyright act. Privacy
rights addresses data protection and privacy on the Internet5. In criminal justice
system, investigation into the crime and collection of evidences yields little result
unless the prosecution secure conviction of the criminal. If the investigation agency is
unable to find out the criminal activity done by the criminal means it will create the
suspicious behaviour of the investigating agency. Securing the evidence in computer
crime is not easy. In some computer crimes, all the evidences may be electronic
evidence without anyfact-filled story or film evidence or human witness. Of course,
the computer forensic examiner will be the percipientwitness. The computer forensic
examiner must be able to convince the courts about theability to be used as evidence
in a trial, realnessand reliability of the electronic evidences, and that the evidence has
not been reduced with.
1.7 Jurisdiction issues in cyber crime cases
Jurisdiction is one of the major issues in the cyber crimes because of its universal
nature of the cyber crime. Cyber space eradicates the territorial concept it is different
from conventional crimes. Section 75 of IT Act gives special powers in handling the
cyber crime cases outside the jurisdiction and also getting help from outside the
jurisdiction for collecting the evidences and also help from the law enforcement
agencies in that jurisdiction6.