StudyWithMeenakshi

Search Your Topic Here

Saturday, August 04, 2018

Short notes: prevention of cyber crime


Short notes ( Important Points for Prevention of cyber fraud & crime exam point of view)

l  3 aspects of crime fraud triangle are 1.Need 2. Opportunity 3. Rationalization( Criminal commits the crime himself)

l  cyber-crime is not defined in IT act 2000 and amendment 2008 also

l  Crimes comes under Indian penal code 1860



l  Script kiddies means hacker who is having lacks of any serious technical expertise like child –like manner

l  Spammers ..spam like keep sending advertisement and discount offer  mails

l  Vulnerabilities are the opportunities provided by system itself

l  Threat vector to understand the modes of operandi

l   In case of copy right  infringement  to the actual offender  Vitim can apply for John doe order

l  Which is legal remedy to obtained untraced offender

 Import acts Information Technology (Amendment) Act, 2008 (hereinafter referred to as ‘Amendment Act’), has been passed by the Lok Sabha on 22nd December 2008 and by Rajya Sabha on 23rd December 2008 and received the assent of the President on 5th February 2009. The Act came into force with effect from 27th October 2009. By the Amendment Act, various provisions of Information Technology Act, 2000 (hereinafter IT Act or ‘the Act’) have been amended and the major amendments are described hereunder.

l  Tampering with computer source Documents Sec.65

l  Hacking with computer systems , Data Alteration Sec.66

l  Sending offensive messages through communication service, etc Sec.66A

l  Dishonestly receiving stolen computer resource or communication device Sec.66B

l  Identity theft Sec.66C

l  Cheating by personation by using computer resource Sec.66D

l  Violation of privacy Sec.66E

l  Cyber terrorism Sec.66F

l  Publishing or transmitting obscene material in electronic form Sec .67

l  Hackers scans the computer pre attack to identify - Vulnerability in the systemPunishment for publishing or transmitting of material depicting children in sexually explicit act, etc.

l  in electronic form Sec.67B

l  Preservation and Retention of information by intermediaries Sec.67C

l  Powers to issue directions for interception or monitoring or decryption of any information through

l  any computer resource Sec.69

l  Power to issue directions for blocking for public access of any information through any computer

l  resource Sec.69A

l  Power to authorize to monitor and collect traffic data or information through any computer resource

l  for Cyber Security Sec.69B

l  Un-authorized access to protected system Sec.70

l  Penalty for misrepresentation Sec.71

l  Breach of confidentiality and privacy Sec.72

l  Publishing False digital signature certificates Sec.73

l  Publication for fraudulent purpose Sec.74

l  Fast flux is a networking technique changing IP address in very fast and frequent intervals

l  Hackers scans the computer pre attack to identify  due to Vulnerability in the system

l  Cyber stalking simple personal harassment

l  Cyber squatting means occupying the space in a Internet domain name or registing domain. Simply by trademark issues

l  ICANN international organisation IPAddres space, NIXI for india

l  Cyber extortion Threatening someone by force in digital world. Recently happen Ransomware attack

l  In Cyber warfare  supervisory control will take place..SCADA

l  CIA Triad

“Confidentiality” means information is accessible only to those authorized to  have access.

- “Integrity” means safeguarding the accuracy and completeness of information and processing methods

- “Availability” means ensuring that authorized users have access to information and associated assets as per commitment when required

l  Non repudiation will tell creator ,sender,receiver& network providers has own responsibilty to send message to next stage properly.

l  Authorisation will confirm the authorized user  access

l  Authentication will authenticated the type of transaction by the user

l  1 factor Authentification 1FA.. simply PIN access

l  2FA …. OTP & PIN

l  3FA….2FA+ Biometric access

l  Electronic Signature  As per Section 2(ta) of the IT A

ct, as inserted by the Amendment Act, ‘Electronic Signature’ means the authentication of any electronic record by a subscriber by means of the electronic techniques specified in the Second Schedule to the IT Act and includes digital signature.‘Electronic Signature Certificate’ has been defined as an Electronic Signature Certificate issued under Section 35 and includes Digital SignatureCertificate [Section 2(tb)]. (As per Section 35, any person can make an application to the Certifying Authority for the issue of a Electronic Signature Certificate, by paying the prescribed fee and giving such other details) A new Section has been inserted as Section 3A, wherein it is stated that notwithstanding anything in respect of the authentication of an electronic record by affixing digital signature (under Section 3), a subscriber may authenticate any electronic record by such electronic signature or electronic authentication technique which is considered reliable and may be specified in the Second Schedule. For this purpose, an electronic signature or electronic authentication technique shall be considered reliable, if –

(i) the signature creation data or the authentication data are, withinthe context in which they are used, linked to the signatory or, as the case may be, the authenticator and no other person;

(ii) the signature creation data or the authentication data were, at the time of signing, under the control of the signatory or, as the case may be, the authenticator and of no other person;

(iii) any alteration to the electronic signature made after affixing such signature is detectable;

(iv) any alteration to the information made after its authentication by

electronic signature is delectable; and

(v) electronic signature should also fulfil such other conditions which may be prescribed under the rules.

l  Trapdoors..Disabling access controls intentionally

l  Trespassing.. gaining access to hardware resource

l  Masquerading using fake ID getting access

l   CRYPTOGRAPHY

There are two basic types of Encryption algorithms:

(i)    Symmetric encryption

(ii)     Asymmetric Encryption

Symmetric Encryption: In this encryption technique the sender and receiver encrypts and decrypts the message with the same key. Examples are Twofish, Serpent, AES (Rijndael), Blowfish, CAST5, Kuznyechik, RC4, 3DES, Skipjack etc.

Asymmetric encryption: In this encryption technique the sender encrypts the message with the receiver’s public key and the receiver decrypts the information with recipient’s private key. Hence this technique is called public key encryption. Examples are: Diffie-Hellman, RSA, ECC, ElGamal, DSA etc.

Among the various models of symmetric cipher analyzed the Rijndael is the best. Actually it is the role model of DES and AES. This model is adopted by different information security agencies like NSA, NIST and FIPS.

Among the various asymmetric ciphers, RSA is a moderate and most useful cipher for small data encryption like digital signature, ATM Pin etc.

But as discussed above, RSA (asymmetric technique) is much slower than Rijndael (symmetric technique) and other symmetric cipher techniques. But the scalability of asymmetric cryptosystem is far higher than the symmetric cryptosystem. Thus where the number of users is huge and required keys are very high, asymmetric cryptosystem proves to be superior.

l  A few more kinds of attacks

l  Phishing: Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. Phishing has become rampant now a days and entities worldwide have lost their sensitive data and money.

l  Spoofing: In the context of computer security, a spoofing attack is a situation in which one person or program successfully pretending as another by falsifying data, thereby gaining an illegitimate advantage. Spoofing is of two types. (1) Email spoofing is the creation of email messages with a forged sender address. Because the core email protocols do not have any mechan

ism for authentication, it is common for spam and phishing emails to use such spoofing to mislead the recipient about the origin of the message. (2) Network spoofing-in computer networking, IP address spoofing or IP spoofing is the creation of Internet Protocol (IP) packets with a false source IP address, for the purpose of hiding the identity of the sender or impersonating another computing system.

l  Sniffing: Sniffing is the act of intercepting and inspecting data packets using sniffers (software or hardware devices) over the network. On the other hand, Spoofing is the act of identity

l  impersonation. Packet sniffing allows individuals to capture data as it is transmitted over a network and is used by network professionals to diagnose network issues, and by malicious users to capture unencrypted data, like passwords and usernames.

l  Spamming: Electronic spamming is the use of electronic messaging systems to send an unsolicited message (spam), especially advertising, as well as sending messages repeatedly on the same site. While the most widely recognized form of spam is email spam, the term is applied to similar abuses in other media too. Spam can also be used to spread computer viruses, Trojan or other malicious software. The objective may be identity theft, or worse (e.g., advance fee fraud). Some spam attempts to capitalize on human greed, while some attempts to take advantage of the victims' inexperience with computer technology to trick them (e.g., phishing).

l  Ransomware: Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. Simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse. More advanced malware encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. The ransomware may also encrypt the computer's Master File Table (MFT) or the entire hard drive. Thus, ransomware is a denial-of-access attack that prevents computer users from accessing files since it is intractable to decrypt the files without the decryption key.

Some examples of ransomware are Reveton, Cryptolocker, Cryptowall, Fusob and WannaCry. Wide-ranging attacks involving encryption-based ransomware began to increase through Trojans such as CryptoLocker, which had procured an estimated US$3 million before it was taken down by authorities, and CryptoWall, which was estimated by the US Federal Bureau of Investigation (FBI) to have accrued over $18m as ransom money by the attackers by June 2015.

In May 2017, the WannaCry ransomware attack spread through the Internet, using an exploit vector that Microsoft had issued a "Critical" patch for (MS17-010) two months before on March 14, 2017. The ransomware attack infected lakhs of users in over 150 countries, using 20 different languages to demand money from users.

Measures against attacks

Against Phishing attacks, obviously there cannot be an antivirus tool for checking. Only appropriate user education and generating awareness can prevent or reduce phishing menace

Spoofing attacks which take advantage of TCP/IP suite protocols may be mitigated with the use of firewalls capable of deep packet inspection or by taking measures to verify the identity of the sender or recipient of a message

To protect against sniffing, we need to encrypt all important data we send or receive, scan our networks for any issues or dangers and use only trusted Wi-Fi networks.

To prevent spamming, most of the email services, viz., Gmail, Yahoo, Hotmail etc. provide filtering facilities and also enable users to categorize certain messages as spam.

Best measures for protection against ransomware are taking regular backups of data, applying OS patches regularly and using latest anti-malware solution.

l  Types of Computer Frauds

1.     Sending hoax emails to scare people

2.     Illegally using someone else’s computer or “posing” as someone else on the internet

3.     Using spyware to gather information about people

4.     Emails requesting money in return for

“small deposits”

5.     Pyramid schemes or investment schemes via computer with the intent to take and use someone else’s money

6.     Emails attempting to gather personal information used to access and use credit cards or social security numbers

7.     Using the computer to solicit minors into sexual alliances

8.     Violating copyright laws by coping information with the intent to sell it

9.     Hacking into computer systems to gather large amounts of information for illegal purposes

10.  Hacking into or illegally using a computer to change information such as grades, work, reports, etc.

11.  Sending computer viruses or worms with the internet to destroy or ruin someone else’s computer

Precautions

Refrain from opening e-mail and e-mail attachments from individuals you do not know. Have ALL external storage devices scanned by virus-scanning software before inserted on your PC. Secure your Internet Web browsing.

l  Compensation for Failure to Protect Data

A new Section 43A has been inserted to protect sensitive personal data or information possessed, dealt or handled by a body corporate in a computer resource which such body corporate owns, controls or operates. If such body corporate is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gains to any person, such body corporate shall be liable to pay damages by way of compensation to the person so affected. The explanation to Section 43A defines ‘body corporate’ as any company including a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities. Further, ‘reasonable security practices and procedures’ means security practices and procedures designed to protect such information from unauthorised access, damage, use, modification, disclosure or impairment, as may be specified in an agreement between the parties or as may be specified in any law for thetime being in force and in the absence of such agreement or any law, suchreasonable security practices and procedures as may be prescribed by theCentral Government in consultation with such professional bodies rassociations as it may deem fit. ‘Sensitive personal data or information’means such personal information as may be prescribed by the Central Government in consultation with such professional bodies or association as it may deem fit

l  Computer related Offences

Section 66 of the IT Act prior to its amendment, dealing with ‘Hacking

with Computer System’ has been substituted with a new Section titled as

‘Computer related Offences’. As per the new Section, if any person

dishonestly or fraudulently does any act for damage to computer system, etc.

as stated in Section 43, he shall be punishable with imprisonment for a term

which may extend to three years or with fine which may extend to Rs.5 lacs or

with both. For the purpose of this Section, the words ‘dishonestly’ and

‘fraudulently’ shall have the meanings assigned to it in Section 24 and 25 of

Indian Penal Code respectively.A host of new Sections have been added after Section 66 as Sections

66A to 66F prescribing punishment for offences such as, obscene electronic

message transmissions, identity theft, cheating by impersonation using

computer resources, violation of privacy and cyber terrorism. The details of

such offences are given below.

Section 66A deals with punishment for sending offensive messages

through communication services, etc. As per this section, any person who

sends by means of a computer resource or a communication device, -

(i) any information that is grossly offensive or has menacing

character; or

(ii) any information which he knows to be false, but for the purpose

of causing annoyance, inconvenience, danger, obstruction,

insult, injury, criminal intimidation, enmity, hatred or ill-will,

persistently by making use of such computer resources or a

communication device; or

(iii) any electronic mail message for the purpose of causing

annoyance or inconvenience or to deceive or to mislead th

e

addressee or recipient about the origin of such messages,

shall be punishable with imprisonment for a term, this may

extend to three years and with fine.

For the purpose of above stated Section, terms ‘electronic mail’ and

‘electronic mail message’ means a message or information created or

transmitted or received on a computer or a computer system, computer

resources or communication device including attachments in text, image,

audio, video and any other electronic record, which may be transmitted with

the message.

Section 66B deals with the punishment for dishonestly receiving stolen

computer resource or communication device. As per this Section, whoever

dishonestly receives or retains any stolen computer resource or

communication device knowing or having reason to believe, the same to be

stolen computer resource or communication device shall be punished withimprisonment of either description for a term which may extend to three years

or with fine which may extend to one lac rupees or with both.

Section 66C deals with the punishment for identity, theft. As per this

Section, whoever fraudulently or dishonestly makes use of the electronic

signature, password or any other unique identification feature of any other

person shall be punished with imprisonment of either description for a term

which may extend to three years and shall also be liable to fine which may

extend to one lac rupees.

Section 66D deals with the punishment for cheating by personation by

using computer resource. As per this Section, whoever by means for any

communication device or computer resource, cheats by personating, shall be

punished with the imprisonment of either description for a term which may

extend to three years and shall also be liable to fine which may extend to one

lac rupees.

Section 66E deals with the punishment for violation of privacy. As per

this Section, whoever intentionally or knowingly captures, publishes or

transmits the image of a private area of any person without his or her consent

under circumstances violating the privacy of that person, shall be punished

with imprisonment which may extend to three years or with fine not exceeding

Rs.2 lacs or with both.

Section 66F deals with the punishment for cyber terrorism. As per this

Section, whoever commits or conspires to commit cyber terrorism shall be

punishable with imprisonment which may extend imprisonment for life. The

offence of cyber terrorism has been defined as whoever, with intent to

threaten the unity, integrity, security or sovereignty of India or to strike terror in

the people or any section of the people by –

(i) denying or cause the denial of access to any person authorised

to access computer resources; or(ii) attempting to penetrate or access a computer resource without

authorisation or exceeding authorised access; or

(iii) introducing or causing to introduce any computer contaminant;

and by means of such conduct causes or is likely to cause death or

injuries to persons or damage to or destruction of property or disrupts or

knowing that it is likely to cause damage or disruption of supplies or services

essential to the life of the community or adversely affect the critical

information, infrastructure specified under the Section 70 dealing with protected system.

l  And more points exam point of view

1. Who Coordinates with Interpol in India ? - CBI

2. Which department was designated as Nodal Agency for Cyber Crime prevention - CERT-IN

3. What is the difference between Virus and Worm - Virus need human intervention to activate or multiply whereas worm automatically get multiplied

4. Worms are mainly used by hackers to - Occupy more space in the system/heavy usage of bandwidth in the network

5. One of the employee carefully watching the password entered by the Manager. What type of threat it is - Shoulder Surfing

6. Leaving a Logged in Computer by an employee - is human negligence

7. Hackers scans the computer pre attack to identify - Vulnerability in the system

8. Hackers inject worms/virus into the network to

reach the target system and it - exploits the Vulnerability

9. Non updation of antivirus is - one of the major vunerability

10. One customer recieved a call in his mobile phone and the person posing himself as a bank manager collected the card credentials from him.This type is called - Phising

11. Online Banking sites are borne to what risk - Phising/IP spoofing

12. Data transfer between systems vide Network can be secured by - PKI

13. Customers can make sure that they deal with the authenticated website - by checking the Lock icon near the address bar

14.In https, S denotes - Secured/Security

15.This kind of worms directly attacks the root directory - Rootkits

16. This worms are really hard to detuct and delete - Rootkits

17. The compromised systems in the network are commonly termes as - Zombies

18. Customer security credentials were compromised by way of fraudulent SMS is called - smishing

19. The employees who try to hack their own company's site/find the vulnerabilities are called - White hat hackers

20.DDos - Distributed Denial of Service

21.Ransomware which blocks the access to the website demanding ransom for the same is - Denial of Service attack

22. Using same method for both encryption and decryption is called - symmetric encryption

23. Providing Last Login detail in Internet banking site is to - to detect any unauthorised usage earlier

24.Limits for retrying the passwords is - to avoid the unauthorised access

25. To safeguard from the Key Loggers attack - Use Virtual Key board to enter passwords

26.UTM stands for - Unified Threat Management

27.Setting up smoke detectors in the branch is - Detective Method

28.Placing Security guard in system room to avoid - Physical damage/attack on systems

29. Following the authorised person to enter into system room and making entry into the room is - Tailgatting

30.Dumbster Driving is a method - Searching for vulnerability in deleted files and data

31.FIrewall is - Intrusion Detection System

32.Authentication of electronic data/document can be assertained by - Digital Signature

33. When two or more persons illegally tries to enter into a critical room with single id/same id - Masquerading

34.Detection is normally - Post incedent

35. Post incident study mainly for the purpose of - study the impact of the attack and lessons for future prevention

36. Indian Agency working on Digital Forensics and Cyber security - C-DAC

37. OLTP refers to - On line Transaction Processing

38. OLTP is also termed as - Payment Gateway

39. Payment Gateway the Acquiring Bank to - Issuing bank through the Card Scheme to complete the transaction

40.Security Concerns arise in Payment Gateways are - At the User Level, Bank level and Merchant POS

41. Credit Card data theft through POS is falls under - Merchant PoS Security

42.Data encrypted using Private key can be decrypted by the public key available with - the Receiver

43. Cross verifying the Signature on the Slip against the Signature in the back side of the ATM card is doen by - the Merchant

44.Data should be secured in the following stages - Saved, Transit and Retrival

45.Intruder software in a network which attacks the data while in trnasit and thus commits data theft - Man in the Middle Attack

46. Captures a widows sessio for the purpose of data theft before it reaches the recipient is - Session Hijacking

47. Limits set for retrying of password is to avoid - Brute Force attack

48. ISSP stands for - Information System Security Policy

49.ICANN stands for - International Corporation for Assigned Names and Numbers

50.TLD stands for - Top Level Domain

51.Globally recognized set of rules defined for electronic records is - e-UCP

52.Technique used to redirect traffic from the infected device is called - Sinkholding

53. The technique which can intercept unencrypted data transit of mobile apps is called - Wi FI Snifing

54. This is one type of malware which doesnot affect the system/network - Ad-ware

55. This usually comes as a Pop up/add on screen which carries link for dubious websites - Ad-ware

56.EMV card

s follow standard of - ISO/IEC No 7816

57. EMV cards follow this standard for Contactless card - ISO/IEC 14443

58. NFC is the technique used in contactless cards - Near Field Communication

59.PCI - DSS stands for - Plastic Card Industries - Data Security Standards

60. NFC cards works under - RFID Technology

61. Providing Access controls to employess based on roles/need is - Risk based Authentication

62. Seeking PIN to complete a transaction in PoS is - 2FA

63.SSL - Secure Socket Layering

64.SSL ensures - Encrypted link between a web server and a browser

65. Sending annoying messages to a person causing irritation/nuisance - Cyber Stalking

66. Black mailing a person using Computer/or network is - Cyber Extortion

67. Ransomware is type of - Cyber Extortion

68. Disputes on Domain names and protest are redressed globally by - UDRP

69. Phising/Vishing is type of - Cyber Cheating

70. Group of people attacks a Computer/ group of computers for propagating a objective - Cyber Terrorists

71. Hackers with common interest attack rival government's department site and database are - Cyber terrorists

72. ____ refers to the quality of secrecy associated with the data and the state of keeping an information asset secret - Confidentiality

73.____ refers to the state of remaining in the same format and not allowing for any tampering/manipulation - Integrity

74. ____ refers to the state o confirmation that the user has the authority to issue the command to the system - Authorisation

75. Quality of non denial, the stake holders are not permitted to denythe particular act of doing the act is - Non-repudiation

76. CAPTCHA refers to - Completely Automated Public Turing test to Tell Computers and Humans Apart

77. Placing letters in different sizes and styles which is hard to read by systems/robots is called - CAPTCHA

78. ___ is an important component for study and analysis to under the modus operandi of a Cyber Attack - Threat Vector

79. In cyber Crime, Threat landscape is denoted as - Study of entire overview of the network which was attacked

80. Conventional Crimes are - Physical crimes that involve thet of systems and hardware devices

81.Cyber Crimes are - System Crimes that involves data theft or tampering

82.Insider Attack Threat is - attack on the system/network by own employee without any permission/authentication

83.______ is the most dangerous attack in cyber crimes - Insider Attack

84. An employee copied and sold the sensitive information to a competitor concern is an example of - Insider Attack

85. Hackers scan the port/system and develop worm or codes to attack the same based on this - Vulnerability

86. ____ doesnot wait for any executable file to run for getting activated in the target system - Worm

87.____ refers to small piece of programs injected into the target system to spy on the activities - Spyware

88. Drones are classified as - Spying Devices

89. UAV stands for - Unmanned Aerial Vehicle

90. Most of the UAV used by the polic/defence authorities for - Survelliance purposes

91.The persons who are hired by companies to hack their own website/to identify the Vulnerability are - Blue Hat Hackers

92. System of effectively taking care of URL filterig, web-filtering, anti-virus, as all in one solution is referred as - Unified Threat Management

93. Force Log out option in Internet banking after certain time of Idleness is to guard the system against - Session Hijacking

94. Installing anti virus into the system is - Preventive Method

95.A statement used to create, alter, drop objects in a database is called - Data Definition Language

96. Fault Detection, isolation nad recovery are closely associated wiht - Detection Control

97. Installing Bio Metric devices to check unauthorised entry is - Physical Control

98. Unless properly logged, straightaway accessing the database through a SQL is termed as - Back end Access

99.IT Act 2008 describes the activity of hacking as a criminal activity in section no 66

100. IT Act 2000 came in force on - 17 October 2000

101. IT Amendment Act came into fo

ly comes with a validity of - 24 hours to 48 hours

147. Maximum loading permitted in a Prepaid as per RBI instruction is - 50000/-

148. Hackers try to capture the login credentials by analysing the keys pressed in the Key boards. the worms captures such data is called as - Key Loggers

149. By clicking unauthenticated link, customers may diverted to fake websites to capture the sensitive personal. This is type of - Website spoofing/IP Spoofing

150. Ad wares are used not to harm the computers but to - make a catch by making the user to click on the dubious link to fake websites

rce on - 27 October 2009

101. IT Act consists of - 13 Chapters and 90 Sections

102. The Section which deals with cyber crimes as civil offence - Section 43

103. The Section deals with cyber crimes as Criminal Offences - Section 66

104. IT Amendment Act included the following which is not in the IT Act 2000 - Electronic Signature

105. Electronic Signature has been dealt in - Section 15

106. Under Section 43A, if any body corporate handling any sensitive personal data is negligent in implementing and maintaining reasonable security the compensation may go upto - five crore rupees

107. Under Section 43, if one found guilty on Data theft/alters/destroys the same the penalty/compensation may go upto - One Crore rupees

108. Tampering with Computer Source Documents - Section 65

109. Punishment under Section 65 may go upto - Three years imprisonment and extend upto Two Lakhs Fine

110. Computer Related offences which were dealt under section 43 can also be dealt as criminal offence under section - 66

111. Punishment under Section 66 may go upto - two three years and/or fine upto five lakhs rupees

112. Crime of Cyber Stalking ( sending electronic messages for the purpose of causing annoyance/inconvenience/decieve/mislead the recipient) may lead to - two three years imprisonment

113. Identity Theft is dealt under Section - 66c

114. Punishment of Identity Theft - may extend to three years term and/or fine upto One lakhs rupees

115. Puishment for Cyber Cheating - may extend to three years term and/or fine upto One lakhs rupees

116. Cyber Cheating is dealt under - Section 66D

117. Punishment for Cyber Terrorism may extend upto - Life time Imprisonment

118. Cyber Terrorism is dealt under - Section 66F

119. Publishing obscene material in electronic form dealt under - Section 67

120. Punishment under Section 67 may extend upto - two three years term and/or five lakhs fine

121. Punishment for Sudsequent conviction of the same crime under section 67 is - 5 years term and/or ten lakhs rupees fine

122. Sexually explicit content in electronic form dealt under - Section 67A

123. Punishment under Section 67A is - Five years term with fine

124.Punishment for Sudsequent conviction of the same crime under section 67A is - 7 years term and/or ten lakhs rupees fine

125. CERT-IN has been designated as Nodal agency for Critical Information Infrastructure Protection under Section - 70B

126. Mispresentation/Suppression of material Fact dealt under - Section 71

127. Penalty under Section 71 - Two years term and/or fine upto One lakh rupees

128. Breach of confidentiality and Privacy dealt under Section - 72

129. Analysing the style of writing or the langauage style for the purpose of Crime Investigation is - Stylometry

130. RBI issues licenses for Payment Banks in India based on approval from - BPSS

131. NTRO stands for - National Technical Research Organisation

132. Netra, the light weight UAV was developed by - DRDO

133.NCIIPC stands for - National Critical Information Infrastructure Protection Centre

134. DSCI - Data Security Council of India

135. Digital Forensic tools used by our Police Department were developed by - C-DAC

136. C-DAC stands for - Centre for Development of ADvanced Computig

137. NTRO works under - Prime Minister's Office

138. Two acts which are mainly handled by ED - FEMA and PMLA

139. Money laundering using banking systems/Internet banking is - Conventional Crime

140. Obtaining an IP address similar to some other and demanding a ransom for forego the same is - Cyber Squatting

141. Data Protection while in transit using non repudiation techniques can be achieved through - Public Key Infrastructure

142. Card Skimming is a technique mostly used th steal the card details and it mostly placed on - ATM manchines

143. Card Skimming Data Theft can be avoided using - Contactless Cards/NFC Cards

144. To avoid the Card Credentials in Online sites these cards were introduced - Virtual Cards

145. Smart Cards which are loaded with Money prior to issue is called - Prepaid Cards

146. Virtual Cards normally comes with a validity of - 24 hours to 48 hours

147. Maximum loading permitted in a Prepaid as per RBI instruction is - 50000/-

148. Hackers try to capture the login credentials by analysing the keys pressed in the Key boards. the worms captures such data is called as - Key Loggers

149. By clicking unauthenticated link, customers may diverted to fake websites to capture the sensitive personal. This is type of - Website spoofing/IP Spoofing

150. Ad wares are used not to harm the computers but to - make a catch by making the user to click on the dubious link to fake websites

shared by :Aravind s

No comments:

Post a Comment