Cyber Terrorism:

Definition:

 Cyber Terrorism is the use of computers and internet technology to carry out terrorist
activities.

 It targets networks, systems, and data to create fear, destruction, or disruption.

Characteristics of Cyber Terrorism (Simple Language)

1. Inspiration (Motivation):

 Cyber terrorists are often driven by political, religious, or financial reasons.

 They want to spread fear, create confusion, or support their own beliefs or goals.

 Example: A group may attack a government website to protest against its policies.

2. Targets (Who or What They Attack):

 Cyber terrorists mostly attack important and sensitive places, such as:

o Electricity systems

o Water supply systems

o Banks and financial institutions

o Government websites

o Big companies

 Their aim is to stop services, cause damage, or steal important information.

3. Strategies (Methods They Use):

 Cyber terrorists use different computer tricks to harm people or systems:

o Hacking: Breaking into systems without permission.

o Malware: Sending harmful software to destroy or steal data.

o Denial of Service (DoS) Attacks: Making websites or services stop working by

overloading them with fake traffic.

o Phishing: Sending fake emails or links to trick people into giving personal
information.

3. Working/Techniques Used:

 Viruses & Malware: Used to destroy or steal data.

 Denial of Service (DoS): Makes systems unavailable to real users.

 Ransomware: Data is locked and ransom is demanded.

  Phishing: Fake emails used to steal personal information.

 Advanced Persistent Threats (APT): Long-term undetected hacking to steal secret data.

 Spyware: Used for spying on people or governments.

4. Types of Cyber Terrorism Attacks:

 Unauthorized Access: Hackers break into systems without permission.

 Disruption of Services: Attack websites or networks to stop services.

 Cyber Espionage: Spying on rival nations to gather secret info.

 Economic Attacks: Causing system failures to damage the economy.

5. Examples of Common Targets:

 Banks and financial institutions.

 Military and defense systems.

 Air traffic and transport control.

 Power grids and water supply systems.

 Government and research organizations.

6. Prevention Methods:

 Strong Laws: Governments should create strict cyber laws.

 Public Awareness: Teach people about cyber threats and safety.

 Use of VPNs: Protects private networks from hackers.

 Strong Passwords & 2FA: Use complex passwords and two-factor authentication.

 Avoid Suspicious Links: Don’t open unknown emails or websites.

 Cybersecurity Practices: Regular software updates, firewalls, antivirus, etc.

7. Conclusion:

 Cyber Terrorism is a modern threat using digital tools to harm people, systems, and nations.

 It can be more dangerous than normal crimes as it targets critical infrastructure.

 To stay protected, we need strong cybersecurity, public awareness, and international

cooperation.
Q.Information Security LifeCycle:
The Information Security Life Cycle is a continuous process that helps protect data, systems, and
networks from threats. It consists of several stages that ensure the planning, implementation,
monitoring, and improvement of security measures.

Security Life Cycle (Simple Explanation)

1. Planning

Planning is the first and most important step in building a secure system. It starts by identifying what
needs protection, such as sensitive data, software systems, hardware, and network infrastructure.
You also need to know who uses these systems and what kind of threats they might face.

Once you know what to protect, you set your security goals. These goals may include preventing
unauthorized access, protecting against data loss, or avoiding service interruptions. Based on these
goals, you develop a clear strategy that outlines how you will keep your system safe from possible
risks.

2. Policy Implementation

After making a plan, the next step is to put it into action by creating security policies. These are rules
that tell users what they can and cannot do on the system—for example, using strong passwords,
locking screens when away, or not sharing login information.

Besides user rules, you also set system-level rules, such as enabling firewalls, restricting access to
certain files, or limiting system changes to admins only. These policies help everyone follow the same
safe behavior and reduce the chance of accidental or intentional security problems.

3. Monitor

Monitoring means keeping a constant watch over your systems and networks. You track activity like
login attempts, file access, software updates, and data movement. This helps you notice if something
strange or unexpected is happening.

Good monitoring helps catch issues early, like spotting a hacker trying to log in, or a virus spreading
in the system. It acts as your "eyes and ears," helping you stay one step ahead of threats before they
cause major damage.

4. Intrusion Detection

Intrusion detection is about using special tools or software to identify if someone is trying to break
into your system. These tools scan for suspicious actions, like too many login attempts, unknown
devices connecting to the network, or unusual data transfers.

When something suspicious is detected, the system sends an alert so you can take quick action. This
helps stop attackers early and prevent them from stealing information or damaging your system.
5. Security Assessment

Security assessment means checking how strong your security really is. You look for weak areas by
running tests—these could be simple checks or advanced “ethical hacking” where someone tries to
break in to see what’s vulnerable.

These assessments help you understand what’s working and what needs improvement. By regularly
testing your system, you can fix problems before real hackers find them.

6. Risk Analysis

Risk analysis is about understanding what could go wrong. You make a list of possible threats—like
viruses, hacking, data leaks, or system crashes—and think about how likely they are to happen and
how bad the results would be.

Once you know the risks, you can decide which ones to focus on first. This helps you use your time
and resources wisely, fixing the biggest threats before they become real problems.

7. Policy Creation

After doing risk analysis and security assessments, you may find that your old security rules are
outdated or missing important points. That’s when you create or update your policies to better
match current threats.

Good policy creation is based on real experiences and findings. By learning from past mistakes or
weak areas, you write stronger, clearer rules that protect your system better and guide users to stay
safe.

Q. Write short notes on keyloggers and spyware? Also explain the severity

of the incident?

Severity of the Incident (Explained Simply)

When keyloggers or spyware infect a device, the consequences can be very serious. Here's why:

1. Loss of Personal Information

 Keyloggers can record everything you type — like passwords, bank account numbers, or
private messages.

 Spyware can watch what websites you visit, take screenshots, or even turn on your camera
and microphone without your knowledge.

 This is like someone secretly watching everything you do on your computer or phone.

2. Financial Theft

 If attackers get your banking or credit card details, they can steal your money.
  Online shopping accounts or digital wallets can also be hacked and misused.

3. Identity Theft

 Cybercriminals can use your stolen information to pretend to be you.

 They might open fake accounts, apply for loans, or perform illegal activities in your name.

4. Company Data Leaks

 In a workplace, spyware or keyloggers can be used to steal business secrets, customer data,
or employee records.

 This can damage the company’s reputation and lead to huge financial losses.

5. Hard to Detect

 These programs often run silently in the background. You may not know your device is
infected until it's too late.

 This makes it harder to stop the damage early.

6. Spread of More Malware

 Some spyware opens the door for other harmful software, like ransomware or viruses, to
enter your system.

Spyware is a type of malicious software (malware) that secretly gets installed on your device — like a
computer or phone — without your permission. Its main job is to spy on you and collect your
personal information, often without you even knowing it's there.

🧠 How Spyware Works

 Spyware usually comes hidden inside other software or files, such as free downloads, email
attachments, or infected websites.

 Once installed, it runs silently in the background and starts collecting information.

 The collected data is then sent to a remote hacker or cybercriminal.

What Spyware Can Do

Here are some common things spyware can do on your device:

1. Track Your Online Activity

o Records which websites you visit, what you click, and what you search for.

o This data is often used to show you unwanted ads or sell your browsing habits to
advertisers.

2. Steal Sensitive Information

 o Captures your usernames, passwords, credit card numbers, and other private data.

o Can take screenshots or log keystrokes to see what you're typing.

3. Monitor Your Device

o Some spyware can access your microphone or webcam.

o Can track your physical location (especially on smartphones).

4. Slow Down Your System

o Spyware uses system resources, which can make your device slow, crash, or
overheat.

5. Change System Settings

o Alters your homepage, search engine, or installs unwanted toolbars without your
consent.

📌 Types of Spyware

 Adware: Shows pop-up ads or redirects you to advertising websites.

 Trojan Spyware: Pretends to be useful software but actually spies on you.

 Keyloggers: Record everything you type.

 Tracking Cookies: Monitor your web browsing (some are harmless, but malicious ones
invade privacy).

🚨 Why Spyware is Dangerous

 Privacy Invasion: It collects personal and sensitive data without your knowledge.

 Financial Risk: Can lead to identity theft, online fraud, or money loss.

 Hard to Detect: Many spyware programs are hidden and don’t show obvious signs.

 Spreads Easily: May install other malware and create a bigger security problem.

✅ How to Protect Yourself from Spyware

 Install a reliable antivirus or anti-spyware program.

 Avoid downloading software or files from untrusted sources.

 Be cautious with email attachments and links.

 Keep your system and applications up to date.

 Use a firewall and secure your internet connection.

Here is a simple explanation of each cyber crime example mentioned in the image:

a. Online banking fraud – Stealing money or personal information by accessing someone’s bank
account without permission.

b. Fake antivirus – Tricking users into installing fake software that either steals data or demands
money to remove fake threats.

c. ‘Stranded traveler’ scams – Pretending to be a friend stuck in a foreign place and asking for urgent
money help.

d. ‘Fake escrow’ scams – Creating fake websites that promise to hold money securely for online deals
but actually steal it.

e. Advanced fee fraud – Asking people to pay a small fee upfront to receive a larger reward later,
which never comes.

f. Infringing pharmaceuticals – Selling fake or unauthorized medicines online that may be harmful or
illegal.

g. Copyright-infringing software – Sharing or downloading pirated software without the creator’s

permission.

h. Copyright-infringing music and video – Illegally downloading or distributing songs and movies
without paying or licensing.

i. Online payment card fraud – Using someone’s card information online to make unauthorized
purchases.

j. In-person payment card fraud – Physically stealing or copying card details and using them to steal
money.

k. Industrial cyber-espionage and extortion – Spying on companies to steal secrets or demanding

ransom by threatening to leak data.

l. Welfare fraud – Lying to get government benefits online that the person isn’t actually eligible for.

• Obscene content distribution – Sharing illegal adult or harmful content online is a major
cybercrime.

• Hacking and cracking – Illegally breaking into computer systems to steal sensitive information like
account or credit card details.