"The Internet is the first thing that humanity has built that humanity doesn't understand, the largest experiment in anarchy that we have ever had".
- Eric Schmidt, Ex-executive chairman Google
The book primarily deals with the best strategies to secure one-self in the digital world. It identifies the key resources and strategies to protect one-self from credit/debit card fraud, online stalking/ bullying, identity theft, pedophiles, malicious apps, scammers, reputational damage and many lesser known threats like Trojans, Zombies, spoofing, backdoor exploitation etc.
In the chapter “Cyber Threats”, we have listed the most prevalent cyber-crimes in India and effective counter measures for them. This should be enough to protect an average Indian user from the crimes of the virtual world.
Archive The Results:
Sometimes, locating the free information is not the end in itself. For example, a police officer or a private investigator might need to document his or her findings to present it in the Court of law. So, they must know the proper procedure to document the results obtained. More so, because the data may be removed from the specific resource e.g., website may be shut down. Keeping this in view, the chapter “Prepare Your Computer” deals with the free software solutions to archive and preserve the useful content located online.
Get The Most!
We use Google products like Gmail, YouTube, Google Chrome etc, but we rarely understand their complexities to make the most from these products and services. Chapters, “How to Perform Best Google Searches”, “Alternatives to Google”, “Videos” etc discusses lesser known but highly useful Google products and their alternatives.
OSINT – Open Source Intelligence:
The book also lists the online resources used to locate personal information about one-self and others. From Facebook to intrusive Google searches, it is relatively easy to locate personal information about an individual online. The internet can identify one’s family details, address, telephone numbers, vehicle details, employment details, date of birth, education profile etc. Chapters , “Facebook”, “Email Address”, “User Name”, “People Search Engines” and “Telephone Numbers” deal with the tools and techniques to find personal information about anyone.
Personally Identifiable Information (PIIs) can be used by malicious elements to target potential victims. Many users never want these information to be in the public domain. The book identifies the effective ways to remove them.
Build The Basics:
To understand hacking, phishing, backdoor exploitation etc., one must understand the backbone of the internet – IP Address, MAC Address, programming etc. Chapters, “IP Address” and “MAC Address” clarify the basics, to build the superstructures of hacking, phishing etc.
The ways to access online information is constantly changing. On the one hand, websites on the internet change or disappear, while on the other, some new tools and techniques constantly add up. Thus, our endeavor will be to keep the public aware of the most recent changes and advances.
All the tools, techniques and resources listed here are 100 % free and open to the public. The resources have been explained in detail including the best ways around the tool. Real life case studies have been incorporated to demonstrate the possibilities with the different tools and gadgets.
For the maximum benefit of the readers, the book focuses on global tools and techniques rather than limiting itself to local resources. All the tools were working as of February 2019 and shall hopefully continue to do so.
Identity Theft Victims:
According to crime data, identity theft accounts for 77 % of the fraud cases registered in India. Another analysis suggests that, “one in every three Indian will be affected by identity theft at some point in their lives”.
Unfortunately, for majority of us, it is relatively easy to gather personal information online. The techniques outlined in this book will make it difficult for cyber-criminals to obtain Personally Identifiable Information (PIIs).
The nature of many professions make them softer targets or more targeted than others, such as law enforcement officers, judges, prosecutors, attorneys, public officials and other members of the government. In our opinion, they should put an extra effort to protect their information online from the malicious elements.
Parents And Teachers:
In wake of recent incidents like Blue Whale game or Momos challenge targeting children, pedophiles abusing teenage group etc, parents and teachers should learn the techniques to monitor the activities of their children.
In many families, children know more than their parents about the internet. They may use it to their advantage to hide activities or post inappropriate content online. Thus, parents and teachers can use the techniques outlined in this book to protect their children from various threats – breaking law of the land, pedophiles, stalkers, scammers, physical and sexual abusers etc.
A 22-year old engineer has allegedly committed suicide near Panrutti with the Blue Whale Challenge game suspected to be behind his death. Seshadri ended his life by hanging himself at his house on Tuesday night when his family members were away, the police said.
Police said they seized various books on ghosts and a mobile phone using which he had played the game. They suspect that the man, an employee of a private factory at Mettukuppam in neighbouring Puducherry, could have committed suicide under the influence of the game.
The online game demands players to complete tasks given by an anonymous controller over 50 days with the final challenge to commit suicide. The game allegedly led to a spate of suicides in India and other countries last year.
Recently, there have been reports of another similar killer game "Momo" surfacing online in some states, including West Bengal and Odisha, cautioning schools and parents to ensure that children don’t fall prey to it.
The book is also meant for those who care enough about their security and privacy. They already understand the dangers of the virtual world and need no convincing. They understand the risk to reputation, safety of their families, financial risks, physical danger etc.
Law Enforcement Agencies:
Police officers can use the various techniques mentioned in the book, to investigate cases, for social media monitoring, to track law and order situation, to catch malicious elements like drug traffickers, pedophiles etc.
Wealthy And The Celebrities:
Celebrities and wealthy are the most common targets of stalking, extortion, scams and sometimes even worse. The book will help them remove undesired personal information put into public domain by mistake or otherwise and thus recapture a private, personal life.
Cyber attack targets Instagram celebrities:
It's not known which accounts were affected by the hack, but the Daily Telegraph says "the breach emerged two days after Selena Gomez's Instagram was hacked and nude photos of her ex-boyfriend Justin Bieber were posted to the actress's 125 million followers. "Gomez's account was briefly taken offline. It re-emerged "moments later with the photos removed", the newspaper reports.
Instagram said in a statement to Time: "We recently discovered that one or more individuals obtained unlawful access to a number of high-profile Instagram users contact information, specifically email address and phone number, by exploiting a bug in an Instagram API".
The Facebook-owned social media site uses APIs (Application Programming Interface) to "communicate with other apps", says The Verge. It later fixed them to prevent a similar attack from happening again. Instagram has notified its verified account members, who are mostly public figures, about the leak and is urging them to be "cautious" if they receive unrecognised phone calls, text messages or emails.
Regardless of the category you fall into, the sooner you start the process, the greater the benefits will be and faster you will realise the effects. It’s easier to redeem the privacy back if most of the online information was never put in the first place.
Finally, like any other domain knowledge, how much you benefit depends on creative thinking. After all, the richest person of the world today owes everything to the cyber world. So, if they can, so can you!
The different chapters outlined in the book can be read in any order and referred to as and when needed.
“The Internet is becoming the town square for the global village of tomorrow”.
- Bill Gates, founder, Microsoft
The first question that might arise in reader's mind is “What prompted us to write this book?” In the following sections, we will dedicate ourselves to explain the reasons for writing about cyber world, cyber-crimes and the necessity for the same.
Is Our Curriculum Up-to Date?
During our school days, up-to 10th class, we were taught the history of the development of computers, crude understanding of the hardwares and softwares, the interface between them, the working knowledge of computer system and the peripherals, Java script, Flash, knowledge of basic softwares like MS Word, Photo-shop etc.
In higher classes, some forms of coding be it C++, Java, Hyper Text Mark-up Language, Informatics Practices or similar derivative were taught.
Neither of these courses really empowered a student to protect himself or herself from online adversaries. Even cyber-crimes of the lower order like stalking, bullying, vishing etc. cannot be tackled efficiently with the current syllabus we have in our schools. The computer knowledge being taught today is hardly practical as overwhelming majority of us never used the knowledge we acquired in our school days. Worse, it did not arm us with tools and techniques to protect ourselves from the malicious cyber elements, we will be facing for the rest of our lives. It’s no surprise that the cyber-crimes in India are increasing by leaps and bounds.
With a dramatic reduction in the prices of smart-phones, the first point of contact with the internet has seen a sharp decline. Ten years before, a working salaried person may not have had a smart-phone. However today, children as young as ten years old are using smart-phones and perhaps even laptops/ desktops to connect to the virtual world. Activities like school projects, sometimes compel a student to reach out for online resources!
A hacker is most likely to target a less tech savvy user than anyone else. Thus, children are the most preferred target for a cyber-criminal especially for sexual abusers and pedophiles.
However, the syllabus in our schools has remained the same or seen marginal improvements with regards to know-how to tackle the cyber-crimes. Thus, our most potential targets are the least prepared to tackle these threats. Recent reports suggest that the cyber-crimes against children and the population in general, have increased astronomically. Let’s take a look at the following suggestive data:
Perhaps few Indian Penal Code crime in India has ever risen by 85% in a given year. It shows that the threat cyber-crimes possess is truly worrisome. Also, the threat is not only limited to becoming target of a cyber-criminal but also committing a cyber-crime unknowingly.
In another article, experts expressed concerns that 90% of the cyber-crimes in India go un-reported.
One of the reasons for poor reporting is the inability to even detect the crime, leave aside the preparedness to counter them.
Between USA and Japan, the torch bearers in cyber technologies, lies India. We researched and compared the preparedness levels of students of India vis-à-vis USA and Japan, in their abilities to counter the cyber threats. The results were as follows.
Various online articles and writings, suggested that an average American or Japanese student is far better equipped to deal with the potential cyber dangers than an Indian user. In fact, the Department of Homeland Security in USA is playing an active and crucial role in this regard. The excerpt below illustrates the same:
India too requires a conducive environment for the cyber education to penetrate the masses. The state and the schools shall have to play the most crucial role in this process. A properly designed curriculum coupled with hands-on practice will go a long way tackling these cyber-crimes.
While some may argue that avoiding children access to smart-phones and similar devices will solve the problem, we find the following flaws with this line of thought. Firstly, cyber is a “genie” which cannot be now put back in the bottle, so at some point in their lives they will interact with the virtual world. So, better and long term solution lies in preparing them for the adversary rather than delaying the first point of contact, which only delays the problem but doesn’t address it.
Secondly, it’s near impossible to ensure that a child never accesses a smart-phone. Thirdly, situations like a school project may require a child to use the internet.
Under this head we will discuss the financial and career prospects in the cyber field. Consider the following article below.
The cyber field is an extremely emerging arena which has seen an incessant explosion since 1990s. In less than 30 years, it has come to control almost every discipline including defence, economy, finance, communication etc. In fact, the cyber economy has already surpassed the brick and mortar institutions. The data below may surprise you.
The figure above suggests that the knowledge economy is getting more and more powerful with time. It’s very likely that the trends will continue, and IT Firms will continue to over-take other sectors of economy. Given the trends, by the end of 2026, all the top 10 companies in the world in terms of market capitalisation will be IT firms!
So, one sector that holds the maximum potential is cyber. Also, this sector is not as crowded as others like engineering, medical, teaching, Chartered Accountants etc.
The possible career options in cyber domain include:
In fact, this sector is so rapidly expanding that it’s near impossible to list down all the career options! The biggest employers of cyber professionals are:
Recently, various posts have been created in the government sector also, including in e-governance, e-learning, DRDO, CERT-IN, as forensic experts, specialised pen-tester, cyber security architect, database administrator etc. So, government jobs are also being created in this field in large numbers. With the explosion of the virtual world, jobs creation in this sector in an inevitable phenomenon.
The best cyber-experts capabilities include:
May 2017: WannaCry ransom-ware attack started on Friday, 12 May 2017, and has been described as unprecedented in scale, infecting more than 2,30,000 computers in over 150 countries.
June 2015: The records of 21.5 million people, including Social Security Numbers, dates of birth, addresses, fingerprints and security-clearance-related information, were stolen from the United States Office of Personnel Management. Most of the victims were employees of the United States government and unsuccessful applicants to it. The Wall Street Journal and the Washington Post reported that government sources believe the hacker is linked to the Government of China.
July 2015: The servers of extra-marital affairs website Ashley Madison were breached.
October 2014: The White House computer system was hacked. It was said that the FBI, the Secret Service and other U.S. intelligence agencies categorized the attacks as "among the most sophisticated attack ever launched against the U.S. government systems."
February 2014: The Bitcoin exchange, “Mt. Gox” filed for bankruptcy after $460 million was apparently stolen by hackers due to "weaknesses in their system" and another $27.4 million went missing from its bank accounts.
2013: The social networking website Tumblr was attacked by hackers. Consequently, 6,54,69,298 unique emails and passwords were leaked from Tumblr.
2012: A Saudi hacker 0XOMAR, published over 4,00,000 credit cards online, and threatened Israel to release 1 million credit cards in the future.
June 2012: The social networking website LinkedIn was hacked and passwords for nearly 6.5 million user accounts were stolen by cyber-criminals.
September 2011: Bangladeshi hacker TiGER-M@TE made a world record in defacement history by hacking 700,000 websites in a single shot.
August 2007: United Nations website was hacked by Turkish Hacker Kerem125.
The list goes on!
“The internet has been a boon and a curse for teenagers".
- J. K. Rowling, author, Harry Potter series
To effectively protect ourselves, we should first clearly understand the nature and magnitude of various threats because only after the threats are known, we can take plausible steps to counter them.
While some of the threats are pretty well known, others are not fully understood, though they may have potential for greater damages. For example, backdoor exploitation enables hacker to control a device remotely. But, the general awareness about backdoor exploitation or 'Man In The Middle' attacks is incredibly low in India.
The sections below attempt to raise awareness about the various kinds of cyber-threats. They also discuss the effective counter-measures in a detailed manner.
Has anyone ever tried to contact you repeatedly, despite you showing a clear disinterest to his or her advances? If yes, then that was “Stalking”! If not, consider this piece of news, a classic case of cyber stalking on Facebook and Instagram.
Gulshan Kashyap, a 24-year-old BSc student from Gurgaon has been arrested for allegedly cyber stalking a media professional.
According to The Times of India, the women had filed a complaint against Kashyap for creating fake social media profiles and stalking her. She is a news anchor in Delhi.
When interrogated, Kashyap said that he had created 15 fake Facebook accounts and 10 fake Instagram accounts to stalk and harass her. He even used a friend’s Facebook account to contact her. The police has filed an FIR against Kashyap under Sections 354, 507 of the IPC.
A cyber stalker often aims to take benefit of online anonymity to stalk the victim without being detected.
How To Identify Cyber-stalking?
How To Tackle Cyber Stalking?
Firstly, demand the stalker to stop all the contact and harassment. Additionally, to facilitate the conviction of the stalker, the victim should:
Victims of cyber stalking are mostly Minors:
Watch this all-in-one 2 minutes amazing YouTube video:
Now we have understood that:
Cyber Bullying Fact-Sheet:
Have you heard of the Momo Challenge?
The messages tell the user to do things, some simple, some more violent. They also ask for proof or kids are told that “Momo” will kill them. A couple of suicides in other countries have reportedly been linked to “Momo”, with the new avatar being very frightening.
Dr. Meghan Walls, Paediatric Psychologist suggests parents to gently ask their younger children if they know about the “Momo Challenge”. "Something like “you know there's some scary things that pop up on phones and tablets and if you ever see something like that come get me,”.
And for your older kids? Maybe get them to promise they’ll talk to you about the “Momo challenge” if it’s sent to them. Let them know this is cyber bullying, it’s potentially dangerous, and that you trust them to let you know what’s going on.
"Especially as kids get older and they are teenagers they want some of that autonomy, and they deserve it as long as they can show you they're responsible enough," said Dr. Walls.
To understand defamation, consider the following photo:
Defamation is as simple, as the name suggests: acts ruining the reputation of a person. And cyber-defamation has an electronic angle linked to it.
However, cyber defamation is worse than other forms of defamation. For example, comments in paper and even on TV have short shelf life. However, those on the internet can remain online for years, especially when cached by search engines and web archives like “The Wayback Machine”. Also, they get perpetuated through websites, blogs etc.
Elements in defamation:
Chris Gayle vs Fairfax Media (Australia) Defamation case:
West Indies cricketer “Chris Gayle” had filed a defamation case against “Fairfax Media” for claiming that – “he had intentionally exposed himself to a female massager during 2015 Cricket World Cup in Syndey”.
Chris Gayle won the defamation suit and Fairfax Media paid $ 3, 00, 000 in damages.
Internet fraud is the use of internet services or softwares to defraud victims or otherwise take advantage of them. Several methods include:
These cyber scams are commonly known as “Nigerian 419” scams as people believe they originate from Nigeria. The “Section 419” of the Nigerian Penal Codes deals with cheating like famous “Section 420” of the Indian Penal Code. The 419 letter scams originated in the early 1980s and subsequently gave way to the email scams.
In 2007, Asian School of Cyber Laws conducted a 3 month investigation of the scam emails. The results were very surprising. Less than 10% of these emails had actually originated from Nigeria! A majority of those emails (more than 60%) had originated from Israel, followed by Netherlands, UK and other European countries.
Identity theft is when someone uses another person’s data fraudulently or deceptively. Let’s watch this video before we proceed:
Sadly, it’s very devastating in terms of consequences. Once the personal information is breached, it’s difficult to predict where it may end up. The victims of identity theft can even be held accountable for illegal/ criminal actions of the perpetrators!
Warning Signs Of Identity Theft:
Most victims realise the fraud, long after the actual incident. The warning signs include:
How To Prevent Identity Theft?
Key-loggers record the keys struck on a keyboard, typically covertly, so that the person using the keyboard is unaware. It can be a hardware or a software.
A hardware key-logger is a small battery-size plug that connects the user’s keyboard and the computer. The installer must later on physically remove the device to access the information stored. Since the device looks similar to an ordinary keyboard plug, it’s easy to hide.
How To Detect An Installed Key-logger?
How To Protect Ourself From Key-loggers?
Read this article, to realise the magnitude of the threats of key-loggers:
If you have bought an HP laptop anytime in the last five years, it could be tracking your every keystroke. Over the weekend HP revealed that nearly 500 of its notebooks dating as far back as 2012 were shipped with a secret key-logger installed. Along-side the announcement, HP released driver updates to eradicate the software on the affected laptops.
Security researcher Michael Myng discovered the key-logger when probing the Synaptics touchpad software on an HP laptop. HP’s security bulletin says the “potential security vulnerability” affects all the laptops with “certain versions of Synaptics touchpad drivers”- not necessarily the HP models.
In simple words, Smishing is “phishing” with a text message. It has greater success ratio, as people trust text messages more than emails. Most people are aware of the potential threats on clicking links in an email, but not so for text messages. Smishing generally leverages social engineering to gather personal information.
How to Protect Ourselves from Smishing?
Watch this video made by HSBC bank for its consumers:
A computer virus is a malicious code or program which alters a computer negatively. It may attach itself to a legitimate program or document and execute itself remotely.
They travel as an attachment to an e-mail message, and usually replicate by automatically mailing themselves to the contacts in the victim's e-mail address book. Some e-mail viruses don't even require a double click to launch themselves. They can also spread through downloads and social media links.
What Damage Viruses may Cause?
In the spring of 1999, a man named David L. Smith created a computer virus based on Microsoft Word macro. He built a virus that could spread through e-mail messages. Smith named the virus "Melissa," saying that he named it after an exotic dancer from Florida [source: CNN].
Rather than shaking its money-maker, the Melissa computer virus tempts recipients into opening a document with an e-mail message like "Here is that document you asked for, don't show it to anybody else." Once activated, the virus replicates itself and sends itself out to the top 50 people in the recipient's e-mail address book.
The virus spread rapidly after Smith unleashed it to the world. The United States federal government became very interested in Smith's work - according to statements made by FBI officials to Congress, the Melissa virus "wreaked havoc on government and private sector networks" [source: FBI]. The increase in the e-mail traffic forced some companies to discontinue their e-mail programs until the virus was contained.
What are the Signs of a Computer Virus?
A computer virus attack can produce a variety of symptoms including:
How to Prevent Email Viruses?