Book Chapters  

Introduction:
 

"The Internet is the first thing that humanity has built that humanity doesn't understand, the largest experiment in anarchy that we have ever had".
-    Eric Schmidt, Ex-executive chairman Google

Secure Your-self:

The book primarily deals with the best strategies to secure one-self in the digital world. It identifies the key resources and strategies to protect one-self from credit/debit card fraud, online stalking/ bullying, identity theft, pedophiles, malicious apps, scammers, reputational damage and many lesser known threats like Trojans, Zombies, spoofing, backdoor exploitation etc. 

In the chapter “Cyber Threats”, we have listed the most prevalent cyber-crimes in India and effective counter measures for them. This should be enough to protect an average Indian user from the crimes of the virtual world. 

Archive The Results:

Sometimes, locating the free information is not the end in itself. For example, a police officer or a private investigator might need to document his or her findings to present it in the Court of law. So, they must know the proper procedure to document the results obtained. More so, because the data may be removed from the specific resource e.g., website may be shut down. Keeping this in view, the chapter “Prepare Your Computer” deals with the free software solutions to archive and preserve the useful content located online.  

Get The Most!

We use Google products like Gmail, YouTube, Google Chrome etc, but we rarely understand their complexities to make the most from these products and services. Chapters, “How to Perform Best Google Searches”, “Alternatives to Google”, “Videos” etc discusses lesser known but highly useful Google products and their alternatives.

OSINT – Open Source Intelligence:

The book also lists the online resources used to locate personal information about one-self and others. From Facebook to intrusive Google searches, it is relatively easy to locate personal information about an individual online. The internet can identify one’s family details, address, telephone numbers, vehicle details, employment details, date of birth, education profile etc. Chapters , “Facebook”, “Email Address”, “User Name”, “People Search Engines” and “Telephone Numbers” deal with the tools and techniques to find personal information about anyone.  

Opt-Outs:

Personally Identifiable Information (PIIs) can be used by malicious elements to target potential victims. Many users never want these information to be in the public domain. The book identifies the effective ways to remove them.

Build The Basics:

To understand hacking, phishing, backdoor exploitation etc., one must understand the backbone of the internet – IP Address, MAC Address, programming etc. Chapters, “IP Address” and “MAC Address” clarify the basics, to build the superstructures of hacking, phishing etc. 

The ways to access online information is constantly changing. On the one hand, websites on the internet change or disappear, while on the other, some new tools and techniques constantly add up. Thus, our endeavor will be to keep the public aware of the most recent changes and advances. 

All the tools, techniques and resources listed here are 100 % free and open to the public. The resources have been explained in detail including the best ways around the tool. Real life case studies have been incorporated to demonstrate the possibilities with the different tools and gadgets. 

For the maximum benefit of the readers, the book focuses on global tools and techniques rather than limiting itself to local resources. All the tools were working as of February 2019 and shall hopefully continue to do so.  
 

Why Should You Care?

Identity Theft Victims: 

According to crime data, identity theft accounts for 77 % of the fraud cases registered in India. Another analysis suggests that, “one in every three Indian will be affected by identity theft at some point in their lives”. 

Unfortunately, for majority of us, it is relatively easy to gather personal information online. The techniques outlined in this book will make it difficult for cyber-criminals to obtain Personally Identifiable Information (PIIs). 

Targeted Subjects:

The nature of many professions make them softer targets or more targeted than others, such as law enforcement officers, judges, prosecutors, attorneys, public officials and other members of the government. In our opinion, they should put an extra effort to protect their information online from the malicious elements. 

Parents And Teachers:

In wake of recent incidents like Blue Whale game or Momos challenge targeting children, pedophiles abusing teenage group etc, parents and teachers should learn the techniques to monitor the activities of their children. 

In many families, children know more than their parents about the internet. They may use it to their advantage to hide activities or post inappropriate content online. Thus, parents and teachers can use the techniques outlined in this book to protect their children from various threats – breaking law of the land, pedophiles, stalkers, scammers, physical and sexual abusers etc.  

Courtesy: https://www.khaleejtimes.com/international/india/22-year-old-commits-suicide-after-taking-blue-whale-challenge/

A 22-year old engineer has allegedly committed suicide near Panrutti with the Blue Whale Challenge game suspected to be behind his death. Seshadri ended his life by hanging himself at his house on Tuesday night when his family members were away, the police said.

Police said they seized various books on ghosts and a mobile phone using which he had played the game. They suspect that the man, an employee of a private factory at Mettukuppam in neighbouring Puducherry, could have committed suicide under the influence of the game. 

The online game demands players to complete tasks given by an anonymous controller over 50 days with the final challenge to commit suicide. The game allegedly led to a spate of suicides in India and other countries last year.

Recently, there have been reports of another similar killer game "Momo" surfacing online in some states, including West Bengal and Odisha, cautioning schools and parents to ensure that children don’t fall prey to it.

Privacy Enthusiasts:

The book is also meant for those who care enough about their security and privacy. They already understand the dangers of the virtual world and need no convincing. They understand the risk to reputation, safety of their families, financial risks, physical danger etc. 

Law Enforcement Agencies:

Police officers can use the various techniques mentioned in the book, to investigate cases, for social media monitoring, to track law and order situation, to catch malicious elements like drug traffickers, pedophiles etc. 

Wealthy And The Celebrities:

Celebrities and wealthy are the most common targets of stalking, extortion, scams and sometimes even worse. The book will help them remove undesired personal information put into public domain by mistake or otherwise and thus recapture a private, personal life. 

Courtesy: https://www.theweek.co.uk/88099/cyber-attack-targets-instagram-celebrities/

Cyber attack targets Instagram celebrities:
Hackers have gained access to the personal data of celebrities on Instagram by using a "flaw" in its security systems, the BBC reports. The hack has revealed the phone numbers and email addresses of several public figures who use the service, according to the broadcaster. Passwords are not thought to have been stolen in the attack.

It's not known which accounts were affected by the hack, but the Daily Telegraph says "the breach emerged two days after Selena Gomez's Instagram was hacked and nude photos of her ex-boyfriend Justin Bieber were posted to the actress's 125 million followers. "Gomez's account was briefly taken offline. It re-emerged "moments later with the photos removed", the newspaper reports.

Instagram said in a statement to Time: "We recently discovered that one or more individuals obtained unlawful access to a number of high-profile Instagram users contact information, specifically email address and phone number, by exploiting a bug in an Instagram API".

The Facebook-owned social media site uses APIs (Application Programming Interface) to "communicate with other apps", says The Verge. It later fixed them to prevent a similar attack from happening again. Instagram has notified its verified account members, who are mostly public figures, about the leak and is urging them to be "cautious" if they receive unrecognised phone calls, text messages or emails.

Regardless of the category you fall into, the sooner you start the process, the greater the benefits will be and faster you will realise the effects. It’s easier to redeem the privacy back if most of the online information was never put in the first place. 

Finally, like any other domain knowledge, how much you benefit depends on creative thinking. After all, the richest person of the world today owes everything to the cyber world. So, if they can, so can you! 

The different chapters outlined in the book can be read in any order and referred to as and when needed.

Chapter 1: Current Scenario:

“The Internet is becoming the town square for the global village of tomorrow”. 
-    Bill Gates, founder, Microsoft

The first question that might arise in reader's mind is “What prompted us to write this book?” In the following sections, we will dedicate ourselves to explain the reasons for writing about cyber world, cyber-crimes and the necessity for the same. 

Is Our Curriculum Up-to Date?
During our school days, up-to 10th class, we were taught the history of the development of computers, crude understanding of the hardwares and softwares, the interface between them, the working knowledge of computer system and the peripherals, Java script, Flash, knowledge of basic softwares like MS Word, Photo-shop etc. 

In higher classes, some forms of coding be it C++, Java, Hyper Text Mark-up Language, Informatics Practices or similar derivative were taught. 

Neither of these courses really empowered a student to protect himself or herself from online adversaries. Even cyber-crimes of the lower order like stalking, bullying, vishing etc. cannot be tackled efficiently with the current syllabus we have in our schools. The computer knowledge being taught today is hardly practical as overwhelming majority of us never used the knowledge we acquired in our school days. Worse, it did not arm us with tools and techniques to protect ourselves from the malicious cyber elements, we will be facing for the rest of our lives. It’s no surprise that the cyber-crimes in India are increasing by leaps and bounds. 

With a dramatic reduction in the prices of smart-phones, the first point of contact with the internet has seen a sharp decline. Ten years before, a working salaried person may not have had a smart-phone. However today, children as young as ten years old are using smart-phones and perhaps even laptops/ desktops to connect to the virtual world. Activities like school projects, sometimes compel a student to reach out for online resources!

 
https://www.thehindu.com/news/cities/chennai/more-children-fall-prey-to-cyber-crime-as-web-users-get-younger/article3509863.ece

A hacker is most likely to target a less tech savvy user than anyone else. Thus, children are the most preferred target for a cyber-criminal especially for sexual abusers and pedophiles. 

However, the syllabus in our schools has remained the same or seen marginal improvements with regards to know-how to tackle the cyber-crimes. Thus, our most potential targets are the least prepared to tackle these threats. Recent reports suggest that the cyber-crimes against children and the population in general, have increased astronomically. Let’s take a look at the following suggestive data:  

 
https://www.vakilno1.com/legalviews/cyber-crime-child-abuse.html

Perhaps few Indian Penal Code crime in India has ever risen by 85% in a given year. It shows that the threat cyber-crimes possess is truly worrisome. Also, the threat is not only limited to becoming target of a cyber-criminal but also committing a cyber-crime unknowingly.  

In another article, experts expressed concerns that 90% of the cyber-crimes in India go un-reported. 

https://www.news18.com/news/india/ncrb-releases-data-on-cybercrime-rise-experts-fear-figures-do-not-reveal-real-picture-1597555.html 

One of the reasons for poor reporting is the inability to even detect the crime, leave aside the preparedness to counter them.  
 

Where India Stands Globally in Cyber Prepardness?

 

Between USA and Japan, the torch bearers in cyber technologies, lies India. We researched and compared the preparedness levels of students of India vis-à-vis USA and Japan, in their abilities to counter the cyber threats. The results were as follows. 

Various online articles and writings, suggested that an average American or Japanese student is far better equipped to deal with the potential cyber dangers than an Indian user. In fact, the Department of Homeland Security in USA is playing an active and crucial role in this regard. The excerpt below illustrates the same:  

https://niccs.us-cert.gov/formal-education/integrating-cybersecurity-classroom/

India too requires a conducive environment for the cyber education to penetrate the masses. The state and the schools shall have to play the most crucial role in this process. A properly designed curriculum coupled with hands-on practice will go a long way tackling these cyber-crimes. 

While some may argue that avoiding children access to smart-phones and similar devices will solve the problem, we find the following flaws with this line of thought. Firstly, cyber is a “genie” which cannot be now put back in the bottle, so at some point in their lives they will interact with the virtual world. So, better and long term solution lies in preparing them for the adversary rather than delaying the first point of contact, which only delays the problem but doesn’t address it. 

Secondly, it’s near impossible to ensure that a child never accesses a smart-phone. Thirdly, situations like a school project may require a child to use the internet.  

What are the Financial Prospects in the Cyber World?

 

Under this head we will discuss the financial and career prospects in the cyber field. Consider the following article below. 


https://cybersecurityventures.com/jobs/

The cyber field is an extremely emerging arena which has seen an incessant explosion since 1990s. In less than 30 years, it has come to control almost every discipline including defence, economy, finance, communication etc. In fact, the cyber economy has already surpassed the brick and mortar institutions. The data below may surprise you. 

https://ritholtz.com/wp-content/uploads/2016/09/virtually.png

The figure above suggests that the knowledge economy is getting more and more powerful with time. It’s very likely that the trends will continue, and IT Firms will continue to over-take other sectors of economy. Given the trends, by the end of 2026, all the top 10 companies in the world in terms of market capitalisation will be IT firms! 

So, one sector that holds the maximum potential is cyber. Also, this sector is not as crowded as others like engineering, medical, teaching, Chartered Accountants etc. 

The possible career options in cyber domain include:

  • Computer software engineer
  • Database administrator
  • Network system and web administrator
  • Cyber Law
  • Cyber Security Architect
  • Information Security Lead
  • Network Security
  • Compliance and Auditing
  • Cryptographer/ Crypto-analyst 
  • Security Consultant 
  • Vulnerability Researcher 
  • Web/ Mobile App Pen-tester 
  • Specialised Pen-tester
  • Red Teams
  • Information Security Crime Investigator/ Forensic Experts
  • Ethical hacker
  • Private investigator etc

In fact, this sector is so rapidly expanding that it’s near impossible to list down all the career options! The biggest employers of cyber professionals are:

  • Technology
  • Banking
  • Insurance
  • Retail 
  • Media

Recently, various posts have been created in the government sector also, including in e-governance, e-learning, DRDO, CERT-IN, as forensic experts, specialised pen-tester, cyber security architect, database administrator etc. So, government jobs are also being created in this field in large numbers. With the explosion of the virtual world, jobs creation in this sector in an inevitable phenomenon.  

The best cyber-experts capabilities include:

May 2017: WannaCry ransom-ware attack started on Friday, 12 May 2017, and has been described as unprecedented in scale, infecting more than 2,30,000 computers in over 150 countries.

June 2015: The records of 21.5 million people, including Social Security Numbers, dates of birth, addresses, fingerprints and security-clearance-related information, were stolen from the United States Office of Personnel Management. Most of the victims were employees of the United States government and unsuccessful applicants to it. The Wall Street Journal and the Washington Post reported that government sources believe the hacker is linked to the Government of China.

July 2015: The servers of extra-marital affairs website Ashley Madison were breached.

October 2014: The White House computer system was hacked. It was said that the FBI, the Secret Service and other U.S. intelligence agencies categorized the attacks as "among the most sophisticated attack ever launched against the U.S. government systems."

February 2014: The Bitcoin exchange, “Mt. Gox” filed for bankruptcy after $460 million was apparently stolen by hackers due to "weaknesses in their system" and another $27.4 million went missing from its bank accounts.

2013: The social networking website Tumblr was attacked by hackers. Consequently, 6,54,69,298 unique emails and passwords were leaked from Tumblr.

2012: A Saudi hacker 0XOMAR, published over 4,00,000 credit cards online, and threatened Israel to release 1 million credit cards in the future. 

June 2012: The social networking website LinkedIn was hacked and passwords for nearly 6.5 million user accounts were stolen by cyber-criminals.

September 2011: Bangladeshi hacker TiGER-M@TE made a world record in defacement history by hacking 700,000 websites in a single shot.

August 2007: United Nations website was hacked by Turkish Hacker Kerem125.

The list goes on! 

Chapter 2: Cyber Threats:

“The internet has been a boon and a curse for teenagers".
-    J. K. Rowling, author, Harry Potter series

To effectively protect ourselves, we should first clearly understand the nature and magnitude of various threats because only after the threats are known, we can take plausible steps to counter them. 

While some of the threats are pretty well known, others are not fully understood, though they may have potential for greater damages. For example, backdoor exploitation enables hacker to control a device remotely. But, the general awareness about backdoor exploitation or 'Man In The Middle' attacks is incredibly low in India. 

The sections below attempt to raise awareness about the various kinds of cyber-threats. They also discuss the effective counter-measures in a detailed manner.  

Cyber Stalking:

Has anyone ever tried to contact you repeatedly, despite you showing a clear disinterest to his or her advances? If yes, then that was “Stalking”! If not, consider this piece of news, a classic case of cyber stalking on Facebook and Instagram. 

Courtesy: https://www.thequint.com/neon/gender/news-anchor-stalked-by-youth-in-delhi/ 
Man Creates 15 FB and 10 Instagram Accounts to Stalk a News Anchor: 

Gulshan Kashyap, a 24-year-old BSc student from Gurgaon has been arrested for allegedly cyber stalking a media professional. 

According to The Times of India, the women had filed a complaint against Kashyap for creating fake social media profiles and stalking her. She is a news anchor in Delhi. 

When interrogated, Kashyap said that he had created 15 fake Facebook accounts and 10 fake Instagram accounts to stalk and harass her. He even used a friend’s Facebook account to contact her. The police has filed an FIR against Kashyap under Sections 354, 507 of the IPC. 

A cyber stalker often aims to take benefit of online anonymity to stalk the victim without being detected. 

How To Identify Cyber-stalking?

  • False accusations:A cyber-stalker often tries to damage the reputation of the victim by posting false information on social media, blogs etc. He or she may even create fake websites or social media accounts to spread false rumours and allegations. 
  • Gathering information about the victim:A cyber-stalker often tries to gather as much information as possible about the victim e.g., by hiring a private investigator. 
  • Monitoring victim’s activities:A stalker may attempt to trace victim’s IP address, phone number or hack social media accounts. 
  • Encourage others to harass the victim:The offender may encourage others to harass the victim. 
  • Fake victimization:Some cyber-stalker may in-fact claim the opposite that the victim is harassing him or her.     

How To Tackle Cyber Stalking?
Firstly, demand the stalker to stop all the contact and harassment. Additionally, to facilitate the conviction of the stalker, the victim should:

  • Save all the emails, messages and other communications for evidences: Also ensure they remain un-altered. The next chapter deals with such tools and techniques. 
  • Save all the records of threats against the victim’s safety or life: This includes any written or recorded threats with log of date, time and circumstances of threats.
  • Contact the perpetrator’s Internet Service Provider: Internet Service Providers (ISP) prohibit their users from harassing others. After contacting the ISP, it may disconnect the internet service, record and monitor the internet use.
  • Keep detailed records of contacts with the ISP and law enforcement officials: Victim should also obtain the official copies whenever available. 

Victims of cyber stalking are mostly Minors:
https://timesofindia.indiatimes.com/city/hyderabad/victims-of-cyber-stalking-mostly-minors/articleshow/64823238.cms

Cyber Bullying:

To understand: 

  • Cyber-bullying definition
  • Actions considered as bullying
  • Consequences of cyber-bullying
  • How to prevent cyber-bullying

Watch this all-in-one 2 minutes amazing YouTube video:
https://www.youtube.com/watch?v=peDosNN7l3w/

 

Now we have understood that: 

  • Cyber bullying is a form of bullying using electronic means e.g., on social media sites. Harmful bullying behaviour includes physical threats, defamation etc. 
  • Bullying is identified by repeated behaviour with an intention to harm. As a result, victims may become scared, frustrated, angry and depressed. They may also have lower self-esteem and even suicidal tendencies. 

Cyber Bullying Fact-Sheet: 

  • Most of the kids don’t realize what’s happening and the bullying continues. Often it’s difficult for children to convince their parents, so they keep quiet and suffer in silence. As a result, about 90% cases go un-reported in India. 
  • According to a survey conducted by a global research firm “Ipsos”, India has the highest number of child cyber bullying cases in the world at 32%, amongst children who have access to internet or mobile phones, compared to 15% in US and 11% in Great Britain. 
  • According to “The Journal of the American Medical Association” (JAMA)" “One in every four” Indian teenager is a victim of cyber bullying.

Courtesy: https://mynbc15.com/news/local/cyber-bullying-disguised-as-momo-challenge/
There’s a new form of cyber-bullying spreading across social media and cell phones, targeting young kids and teens.

Have you heard of the Momo Challenge?
It’s a game that’s alarming parents. The game threatens kids and teens with violence if they don’t commit potentially dangerous activities. This online bullying method has made its way through Facebook and What’s App.

The messages tell the user to do things, some simple, some more violent. They also ask for proof or kids are told that “Momo” will kill them. A couple of suicides in other countries have reportedly been linked to “Momo”, with the new avatar being very frightening.

Dr. Meghan Walls, Paediatric Psychologist suggests parents to gently ask their younger children if they know about the “Momo Challenge”. "Something like “you know there's some scary things that pop up on phones and tablets and if you ever see something like that come get me,”.

And for your older kids? Maybe get them to promise they’ll talk to you about the “Momo challenge” if it’s sent to them. Let them know this is cyber bullying, it’s potentially dangerous, and that you trust them to let you know what’s going on.

"Especially as kids get older and they are teenagers they want some of that autonomy, and they deserve it as long as they can show you they're responsible enough," said Dr. Walls.

Defamation:
 

To understand defamation, consider the following photo:

Cyber Defamation:

Defamation is as simple, as the name suggests: acts ruining the reputation of a person. And cyber-defamation has an electronic angle linked to it. 

However, cyber defamation is worse than other forms of defamation. For example, comments in paper and even on TV have short shelf life. However, those on the internet can remain online for years, especially when cached by search engines and web archives like “The Wayback Machine”. Also, they get perpetuated through websites, blogs etc. 

Elements in defamation:

  • Statement must be false and defamatory. 
  • Statement must be published.
  • Statement must have a reference of the victim in it. 

Chris Gayle vs Fairfax Media (Australia) Defamation case:

West Indies cricketer “Chris Gayle” had filed a defamation case against “Fairfax Media” for claiming that – “he had intentionally exposed himself to a female massager during 2015 Cricket World Cup in Syndey”. 

Chris Gayle won the defamation suit and Fairfax Media paid $ 3, 00, 000 in damages.

Cyber-fraud: 
 

Internet fraud is the use of internet services or softwares to defraud victims or otherwise take advantage of them. Several methods include: 

  • Business fraud
  • Credit card fraud
  • Internet auction fraud
  • Investment schemes 
  • Nigerian letter fraud

These cyber scams are commonly known as “Nigerian 419” scams as people believe they originate from Nigeria. The “Section 419” of the Nigerian Penal Codes deals with cheating like famous “Section 420” of the Indian Penal Code. The 419 letter scams originated in the early 1980s and subsequently gave way to the email scams.  

In 2007, Asian School of Cyber Laws conducted a 3 month investigation of the scam emails. The results were very surprising. Less than 10% of these emails had actually originated from Nigeria!  A majority of those emails (more than 60%) had originated from Israel, followed by Netherlands, UK and other European countries. 

Identity Theft:

Identity theft is when someone uses another person’s data fraudulently or deceptively. Let’s watch this video before we proceed:
https://www.youtube.com/watch?v=e_t-gZ-AUcA

Sadly, it’s very devastating in terms of consequences. Once the personal information is breached, it’s difficult to predict where it may end up. The victims of identity theft can even be held accountable for illegal/ criminal actions of the perpetrators!

Warning Signs Of Identity Theft:

Most victims realise the fraud, long after the actual incident. The warning signs include:

  • Unexpected verification call from a bank or a service provider
  • Receiving 2FA alerts
  • Getting suspicious phone calls
  • Noticing weird changes in the accounts
  • An explicable denial of credit
  • Unexplained entries in the “Credit card” report
  • Failing to receive bills or other emails

How To Prevent Identity Theft?

  • Don’t disclose personal details online or on social networks.
  • Don’t respond to suspicious emails asking for personal details and never disclose your bank, credit/ debit card details and PIN numbers to anybody online or offline.
  • Use updated anti-virus software.
  • Regularly check credit card and/or bank statements to detect suspicious transactions.
  • Use 2FA or Multi Factor Authentication. 

Key-loggers:
 

Key-loggers record the keys struck on a keyboard, typically covertly, so that the person using the keyboard is unaware. It can be a hardware or a software.

A hardware key-logger is a small battery-size plug that connects the user’s keyboard and the computer. The installer must later on physically remove the device to access the information stored. Since the device looks similar to an ordinary keyboard plug, it’s easy to hide. 

How To Detect An Installed Key-logger?

  • Go through the running processes:Even if the software program runs in the background, there must be a process running on the system. You can open the task manager and look at the processes running, to detect any key-logger.
  • Use Key-logger detector:Use a reliable key-logger detection tool.

How To Protect Ourself From Key-loggers?

  • Anti-virus:Especially if you use Torrents to download video games or softwares. 
  • Prevention:Don’t download suspicious files from unknown sources. 
  • Using the on screen Keyboard to type passwords:It bypasses the key-loggers by using the mouse to write the password. 
  • Use Linux:There are no Linux based key-loggers.

Read this article, to realise the magnitude of the threats of key-loggers: 

Courtesy: https://www.pcworld.com/article/3240998/laptop-computers/hp-laptops-keylogger.html
HP patches hundreds of laptops to remove hidden key-loggers:

If you have bought an HP laptop anytime in the last five years, it could be tracking your every keystroke. Over the weekend HP revealed that nearly 500 of its notebooks dating as far back as 2012 were shipped with a secret key-logger installed. Along-side the announcement, HP released driver updates to eradicate the software on the affected laptops.

Security researcher Michael Myng discovered the key-logger when probing the Synaptics touchpad software on an HP laptop. HP’s security bulletin says the “potential security vulnerability” affects all the laptops with “certain versions of Synaptics touchpad drivers”- not necessarily the HP models.