OROMIA POLICE COLLEGE

Higher Education & Training Directorate

MA in Peace & Security Management

Technology in Policing and Security Intelligence (PLMG 632)

CHAPTER TWO
CYBER SECURITY AND CYBER CRIME
 Introduction
• Today ICT is affecting our life in many ways. The
technology have changed the way we use to talk, play
games, work, shop, make friends, listen music, watch
movies, order food, pay bill, greet friend on his
birthday/ anniversary, etc.
 -

• These changes brought by technology have

‘double-effect’;
 facilitated easy, comfortable …etc life.
 connected to our friends, family and office
24x7.
simplified & cost effective
Also made our live vulnerable in many ways.
E.g. exposure to new forms of crime
 What is cyber/cyberspace?

Cyber/ cyberspace is commonly used jargon to describe

computers, networks, the Internet and its associated
“virtual” environments/ the realm of computer
networks and users behind them.
 -

It connotes the fusion of all communication

networks, databases and sources of
information into a vast, tangled and diverse
blanket of electronic interchange.
Thus, a ‘network ecosystem’ is created, a place
that is not part of the normal, physical world.
• It is virtual & immaterial, a ‘bio-electronic’
environment that is literally universal (exists
everywhere).
• Its made up of servers, cables, computers,
satellites, etc.
 2.2 Cyber Security
 a set of activities and measures, technical and non-
technical, intended to protect the ‘real geography’ of
cyberspace, devices, software, and the
information/data they contain and communicate, from
all possible threats.
 -

• The International Telecommunications Union

(ITU) defines cyber security as the collection
of tools, policies, security concepts, security
safeguards, guidelines, risk management
approaches, actions, training, best practices,
assurance and technologies that can be used to
protect the cyber environment, and
organization and user’s assets.
 Key terms/Concepts

• Vulnerability: weakness or gaps in one’s digital

defense
• Threat: anything with the potential to disrupt,
damage, corrupt, or carryout any malicious action on
a data or system.
• Risk/impact: harms or effects of something
happening
• Fix/patch: updates to strengthen weak points
 Activity

In a given bank robbery identity;

• Vulnerabilities
• Threats
• Risks
• Fix/patch
 -

• Threats that could potentially damage cyber are

categorized as ‘failures’, ‘accidents’ and ‘attacks’.
 Failures are caused by deficiencies in the system or in
an external element on which the system depends;
(e.g. software design errors, hardware degradation,
human error or corrupted data.)
 Accidents include the entire range of randomly
occurring & potentially damaging events, like natural
disasters.
 -

• Usually, accidents are externally generated events

(i.e. originate from outside the system), whereas
failures are internally generated events.
 Attacks are orchestrated by an adversary. This
category, even though not necessarily the most
prominent one in terms of frequency of occurrence or
impact, is of prime importance in the cyber-threats
debate because of the actor dimension.
 System intrusion can be seen as the main goal of
attacks and are also to be considered the most
‘dangerous’ occurrence.
 Goal of Cyber-security

Cyber-security measures have three goals:

confidentiality, integrity & availability (CIA).
 -

• Confidentiality refers to the

protection of the information
from disclosure to unauthorized
parties/bodies.

• Integrity refers to the protection

of information from being
changed by unauthorized parties.

• Availability means the

information should be available
to authorized parties when
requested anytime.
 The Elements of Cyber security

• The Cyber security is broad

issue that includes various
types of securities. Among
others it includes;
 Cont…….. Elements of Cyber security

a. Application Security
• to make applications more
secure by finding, fixing, and
enhancing the security of
applications, to prevent data or
code within the application from
being compromised, corrupted,
stolen or hijacked.
b. Computer Security -

• Protection from harm, theft, &

unauthorized use as well as from
disruption or misdirection of
services they provide.

c. Data Security
Set of standards and technologies to
prevent unauthorized access to
computer systems, databases,
websites, and others to protect
data from intentional or accidental
destruction, data corruption,
modification or disclosure.
 -
d. Network Security
Term network security covers a
multitude of technologies, devices
and processes to secure networks.
It’s the practice preventing and
protecting against intrusion
incidents into corporate public and
private networks.
2.4. Interplay B/n Cyber Security & National Security

Cyber-security and national security do not differ in

their core: both connote a condition that is free of
(real or imagined) danger. Both are even concerned
with the same threat subjects ranging from terrorists
to enemy states.
However, cyber-security and national security differ
most decisively in scope, in terms of the actors
involved, and in their so-called ‘referent object’, or
the thing they aim to protect.
 -

• They differ in scope, because national security entails

quite a different league in terms of resources
(monetary, personnel, etc.) and mobilization of
emotions.
• They also differ in terms of the actors involved in the
two securities are: computer experts on the one hand
and ‘professionals of (in) security’ on the other.
 -

However, with the advent of cyber-security on the

security policy agenda, the two notions begin to
merge in strange ways.
National security today is also concerned with attempts
to create resilience and redundancy in national
infrastructure through cyber-security measures and
cyber-security is included as a top priority on the
national security agenda.
This means that measures that are generally regarded as
being within the purview of cyber security may now
also be included among measures to ensure national
security and vice versa.
 2.5 Cyber Crime
• Cyber crime = unlawful activity
in which computer or computing
devices (e.g. smart phones,
tablets, etc) which are stand
alone or a part of a network are
used as a tool or/and target of
criminal activity.
• It is often committed by the
people of destructive & criminal
mindset.
 Reasons for Commission of Cyber Crimes
a. Money: People are motivated towards committing
cyber crime to make quick and easy money.
b. Revenge: Some people try to take revenge with other
person/organization/society/ caste or religion by
defaming its reputation or bringing economical or
physical loss. This comes under the category of cyber
terrorism.
c. Fun: The amateur do cyber crime for fun. They just
want to test the latest tool they have encountered.
d. Recognition: It is considered to be pride if someone
hack the highly secured networks like defense sites or
networks
 -
e. Cyber Espionage: At times the government itself is
involved in cyber trespassing to keep eye on other
person/network/country. The reason could be
politically, economically socially motivated.
 Forms of Cyber Crime
• There are various forms of cyber crimes. The most
popular ones are:
Cyber Stalking
• It is an act of stalking, harassing or threatening
someone using Internet/computer as a medium.
• This is often done to defame a person using email,
social network, instant messenger, web-posting, etc.
• The behavior includes false accusations, threats,
sexual exploitation to minors, monitoring, etc.
 Forgery and Counterfeiting
-

• It is a use of computer to forgery and counterfeit a

document.
Software Piracy and Related Crime
• Software piracy is an illegal reproduction &
distribution of software for personal use or business. It
comes under crime related to intellectual property right.
E.g. download of soft wares, songs, movies, books, etc.
Cyber Terrorism
• It is defined as the use of computer resources to
intimidate or coerce government, the civilian
population or any segment thereof in furtherance of
political or social objectives.
 -

Phishing (social engineering)

• It is a process of acquiring
personal & sensitive information
of an individual by disguising as
a trustworthy entity in an
electronic communication.
• The purpose of phishing is
identity theft & the personal
information like username,
password, and credit card number
etc.
 -
Computer Hacking
• It is a practice of modifying
computer hardware & software
to accomplish a goal outside the
creator’s original purpose.
• The purpose of hacking a
computer system may vary from
simply demonstrations of the
technical ability, to sealing,
modifying or destroying
information for social,
economic or political reasons.
 -
The hackers may be classified as:
 White Hat: are the persons who hack the system to
find the security vulnerabilities of a system and notify
to the organizations so that a preventive action can be
taken to protect the system from outside hackers.
 Can be employee of an organization who is employed
to find the security loop-holes, or may be a freelancer
who just wants to prove his mantle in this field.
 They are popular known as ethical hackers.
 -
 Black Hat: hack the system with ill intentions. They
may hack the system for social, political or
economically motivated intentions.
 They find the security loopholes of the system, and
keep the information themselves and exploit the
system for personal or organizational benefits till
organization whose system is compromised is aware
of this, and apply security patches.
 They are popularly known as crackers.
 -
 Grey hat: Grey hat hackers find out the security
vulnerabilities and report to the site administrators
and offer the fix of the security bug for a consultancy
fee.
 Blue hat: A blue hat hacker is someone outside
computer security consulting firms who is used to
bug-test a system prior to its launch, looking for
exploits so they can be closed.
 -

Creating and distributing viruses over internet

• The spreading of a virus can cause business and
financial loss to an organization.
• The loss includes the cost of repairing the system,
cost associated with the loss of business during
downtime and cost of loss of opportunity.
Computer Vandalism
• It is an act of physically destroying computing
resources using physical force or malicious code.
 -
Spamming
Sending of unsolicited and commercial bulk message over
the internet is known as spamming. An email can be
classified as spam, if it meets following criteria:
• Mass mailing: The email is not targeted to one
particular person but to a large number of peoples.
• Anonymity: The real identify of the person not known
• Unsolicited: The email is neither expected nor
requested for the recipient.
Spams: irritate the recipients, overload the network, waste
the time and occupy the valuable memory space of the
mailbox.
 -
Online sale Fraud
• There are many genuine websites who offers online
sale over internet.
• Taking the advantage of the reputation of these
websites, some of the cyber criminals lure the
customers to online auction fraud schemes which
often lead to either overpayment of the product or the
item is never delivered once the payment is made.
 -
Internet Time Thefts
• Hacking the username and password of Internet
service provider (ISP) of an individual and surfing
the internet at his cost.
 -
Web Jacking
• The hacker gain access to a website of an
organization and either blocks it or modify it to serve
political, economical or social interest.
The recent examples of web jacking are some of the
websites of the educational institutes were hacked by
Pakistani hackers and an animation which contains
Pakistani flags were flashed in the homepage of these
websites
Denial of Service Attack
• It is a cyber attack in which the network is chocked
and often collapsed by flooding it with useless traffic
and thus preventing the legitimate network traffic.
 -

Salami Attack
• It is an attack which proceeds with small increments
& final add up to lead to a major attack.
• The increments are so small that they remain
unnoticed.
E.g. gaining access to online banking of an individual &
withdrawing amount in such a small amounts that it
remains unnoticed by the owner.
 -

Data Diddling
• It is a practice of changing the data before its entry
into the computer system. Often, the original data is
retained after the execution on the data is done. E.g.
the basic salary of the person is changed in the
payroll data of an individual for pay calculation.
Email Spoofing
• It is a process of changing the header information of
an e-mail so that its original source is not identified
and it appears to an individual at the receiving end
that the email has been originated from source other
than the original source.
 -
Activity
From among the above kinds of cyber crimes which one
you or your office or even someone close to you have
encountered?
 Impact of Cyber Attack
The impact of cyber attack is multidimensional
including social, psychological, economic and
political on individuals, nations and international
peace and order.
Social impact: social disruption caused to people’s
daily lives, and widespread issues such as anxiety
or loss of confidence in cyber or technology.
Psychological impact: can be informed by social
impact, and can include more personal aspects
such as an individual’s anxiety, worry, anger,
outrage, depression and so on.
 -
Economic impacts:
• The loss of intellectual property and business
confidential information
• The loss of sensitive business information, including
possible stock market manipulation
• Opportunity costs, including service and employment
disruptions, and reduced trust for online activities
• The additional cost of securing networks, insurance,
and recovery from cyber attacks
• Reputational damage to the hacked company
 Example of one recent attack

• In 2017 computer worm known as WannaCry

infected over 200,000 victims in at least 150
countries.
• The victims included members of the public, but also
healthcare organizations, car manufacturers, telecoms
companies, delivery services and the education sector.
• Due to the nature of the attack, the disruption it
caused at the social level was quite significant:
Organizations closed, production stopped and many
businesses were unaware of how best to restore
services.
 -
• Overall, people felt a loss of control as the threat was
so pervasive and the only option for recovery –
assuming no recent backups were made – was to pay
the ransom. In total, these disruptions led to an
estimated $8 billion in economic costs globally. The
psychological impact of WannaCry was also
significant. For many it resulted in worry, anguish,
disbelief, and a sense of helplessness.
 2.7. Actors in Cyberspace and Cyber security

For an actorhood in cyberspace, the following

qualifications of actorhood should be met:
a. Structural Elements: These include the pieces of
cyber systems that provide a robust service.
Structural element for actorhood include;
 human resources such as developer & administrator
governing the service.
 skills to identify vulnerabilities either for defensive
or offensive potential.
 Access to equipment and infrastructure
 -
b. Population Elements: The population includes all
system users. More users mean that more information
(and therefore power) is available to the actor.
c. Territorial Elements: This includes ownership and
access rights to user information, user-contributed
content, and all types of core data, both collected and
embedded. The level of access to user data defines
the size of an actor’s cyber territory.
 -

Private companies and skilled individuals, rather than

states and their citizens, are the primary actors in
cyberspace.
The strongest actors in terms of cyberpower may not be
state actors but private companies such as Google,
Apple, and Microsoft.
A highly skilled individual may also become an actor in
cyberspace if he or she knows system vulnerabilities
and has administrative access to a critical system,
thus having power to inflict catastrophic damages to
the system.
 -

• There is no state monopoly on violence in cyberspace and

nation states may not be able to stage cyber wars.
• Governments can hire hackers for offensive cyber warfare,
but superiority in numbers (more engineers and more
computers) does not guarantee a series of victories in cyber
conflicts.
• There is no reliable standard to measure cyber-power.
Nonetheless, being a superior actor in cyberspace requires
either large amounts of collected user data or the software
engineering know-how to design, build, and maintain cyber
systems.
• Therefore cyber superiority can rest with any actor, even
individuals, based on data acquisition capabilities and
technological leadership.
 State Actors in Cyberspace

• State actors’ attempts to control cyberspace will likely

fail because state jurisdiction borders are not
applicable. Cyber governance by state actors should
instead cover global public safety in cyberspace since
most users lack actorhood and therefore are largely
indefensible due to the technical complexity of the
cyber domain.
• The established cyber structure does not assume the
presence of state governance. State actors reside
outside of the cyber structure.
• Cyberspace is supranational but multiple state actors
attempt to control cyberspace with conventional
domestic frameworks and regulations.
 -
• States, therefore, have an important role to play as
cyberspace watchdogs. In the physical realm, civil
society, the private sector, and media scrutinize the
activities of democratic governments.
• In cyberspace, governments serve a public safety role
for cybercitizens; however, these citizens differ from
today’s legal definitions of citizens.
• There is no nationality-based citizenship in
cyberspace. Cybercitizens are, however, real elements
of cyberspace.
 Individuals in Cyberspace
• Individuals generally have limited power in cyberspace with
the exception of individuals who have ample knowledge
about computer networks. There are a limited number of
educated and trained individuals who understand
vulnerabilities at both the individual and organizational
level. Individual level players can be categorized as follows:
• Consumers (Users): most individuals are passive consumers
in cyberspace. This group has no significant cyberpower.
• Power Users: individuals from the private sector (for
instance Google and Apple engineers), from the public
sector (for instance cyber professionals in the US military),
or a combination of the two (Government contractors).
 -

Power users have technical skills, knowledge of

programming, security capability, and database access
skills.
In terms of cyber security power users are those who can
find, exploit, or repair vulnerabilities.
Power users fall into two subsets:
• System developers or architects: system creators who
design cyber security without supervision using
proprietary techniques such as the creation of a backdoor.
• System administrators: a person with administrative
privileges for a system. For a large-scale or critical
system, system administrators have unlimited access to
the system and override management oversight.
 -
• From the individual user’s perspective, cyberspace is the
land of opportunity where innovative users can become
power users.
• However, this does not mean that everyone can become a
cyberspace actor.
• Most of the users in cyberspace are not actors but passive
consumers.
• There are nevertheless a few individual actors who can
inflict preferred outcomes.
• The frequency, scale, sophistication, and severity of small
threats by flawed actors continue to increase.
• Threats are nonetheless real, so understanding the types of
offensive cyberspace operators merits further attention.
 Types of Actors in Offensive Cyberspace
• Threats to cyber security come from flawed actors who
benefit from using the offense-superior aspect of
cyberspace. An offensive operation may originate from a
state actor, an agent, or an individual.
• Offensive cyber operations fall into four categories:
Type 1: A state actor attacks another state. Rogue regimes
use their offensive cyber capabilities to attack government
entities and the critical infrastructure of another state.
This might take the form of Advanced Persistent Threats
(APTs) by intelligence agencies.
An example is an attack designed to disable the target state’s
nuclear program or traditional signal intelligence
(SIGINT).
 -
Type 2: State-sponsored cyber espionage targeting foreign
companies. This type includes state sponsored industrial
espionage and exploitation of private sector information.
Type 3: Self-inspired cyber terrorism against a target
government. A civilian acts against a nation state. This
type includes non-official nationalist groups and
politically motivated civilians.
Type 4: The great majority of cyber attacks can be
characterized as type 4 including theft of personal data
for financial purposes, industrial espionage for trade
secrets, obtaining pecuniary advantages from
intellectual property, identity theft, credit card access, or
bank account breaches.
 Cyber Security Techniques
• There are many cyber security techniques to combat the cyber
attacks. Some of the popular techniques to counter the cyber
attacks are;
• Authentication
• It is a process of identifying an individual and ensuring that the
individual is the same who he/she claims to be. Can be done
by;
a. username and password: typical method for authentication
over internet.
b. One Time Password (OTP): a password which can be used one
time only and is sent to the user as an SMS or an email at the
mobile number/email address that he has specified during the
registration process.
c. biometric data (e.g., a fingerprint or selfie), physical token, etc.
which are used in conjunction with username and password
 Encryption
• It is a technique to convert the data into unreadable
form before transmitting it over the internet.
• Only the person who has the access to the key can
convert it in the readable form and read it.
• Formally encryption can be defined as a technique to
lock the data by converting it to complex codes using
mathematical algorithms.
• This secure code can safely be transmitted over
internet to the destination. The receiver, after
receiving the data can decode it using the key.
 -

• The decoding of the complex code to original text

using key is known as decryption. If the same key is
used to lock and unlock the data, it is known as
symmetric key encryption.
• In symmetric key encryption, the after coding of data,
the key is sent to the destination user via some other
medium like postal service, telephone, etc. because if
the key obtained by the hacker, the security of the
data is compromised.
• Encryption can be done by using codes & ciphers.
 -

Codes and Ciphers

• Codes consist of words, numbers, or symbols that are
used to replace the actual or plain text of a
communication. A code value of ‘3579’ could be used
to stand for whatever has been agreed on, from a
word, to a phrase, or even a sentence.
• In a cipher, another letter usually replaces each letter
in a text. For instance, “major” might be enciphered
as “lzinq.”
• Obviously, in either a code or a cipher, the recipient
of the communication needs to be working from the
same “book” as the sender. The discipline of making
and breaking codes and ciphers is called cryptology.
 Digital Signatures
• A digital signature is a mathematical technique used to
validate the authenticity and integrity of a message,
software or digital document. It's the digital equivalent of a
handwritten signature or stamped seal, but it offers far more
inherent security. A digital signature is intended to solve the
problem of tampering and impersonation in digital
communications.
• Digital signatures can provide evidence of origin, identity
and status of electronic documents, transactions or digital
messages. Signers can also use them to acknowledge
informed consent.
• In many countries digital signatures are considered legally
binding in the same way as traditional handwritten
document signatures.
 Antivirus
• Viruses are verities of malicious programs like virus, worms,
Trojan horse, etc that are spread over internet to compromise
the security of a computer either to destroy data stored into
the computer or gain financial benefits by sniffing passwords
etc.
• To prevent these malicious codes to enter to your system, a
special program called an anti-virus is used which is
designed to protect the system against virus.
• It not only prevents the malicious code to enter the system
but also detects and destroys the malicious code that is
already installed into the system.
• There are lots of new viruses coming every day. The antivirus
program regularly updates its database and provides
immunity to the system against these new viruses, worms,
etc.
 Firewall
It is a hardware/software which acts as a shield between an
organization’s network and the internet and protects it from
the threats like virus, malware, hackers, etc. Firewall can be
based on IP address, Domain names, Protocols, Programs,
Ports or keywords
It can be used to limit the persons who can have access to your
network and send information to you.
 -
• Firewall can be based on IP address, Domain names,
Protocols, Programs, Ports or keywords
 Steganography
It is a technique of hiding secret messages in a
document file, image file, and program or protocol
etc such that the embedded message is invisible and
can be retrieved using special software.
Only the sender and the receiver know about the
existence of the secret message in the image.
The advantage of this technique is that these files are
not easily suspected.
 Investigating Cyber Crimes (Cyber Forensic)

• Cyber forensic is a branch of science which deals

with tools and techniques for investigation of digital
data to find evidences against a crime which can be
produced in the court of law.
• It is a practice of preserving, extracting, analyzing
and documenting evidence from digital devices such
as computers, digital storage media, smart phones,
etc. so that they can be used to make expert opinion
in legal/administrative matters.
 -

• The computer forensic plays a vital role in an

organization as our dependency on computing
devices and internet is increasing day-by-day.
• According to a survey conducted by University of
California, 93% of all the information generated
during 1999 was generated in digital form, on
computers; only 7% of the remaining information
was generated using other sources like paper etc.
• It is not always easy to collect evidences as the data
may be tempered, deleted, hidden or encrypted.
 -
• Digital forensic investigation is a highly skilled task
which needs the expose of various tools, techniques
and guidelines for finding and recovering the digital
evidences from the crime scene or the digital
equipments used in the crime.
• With digital equipments like smartphone, tablets,
palmtops, smart TV, etc having increasing processing
capabilities and computation speed, the possibility of
use of these devices in cyber crime cannot be ruled out.
• A forensics investigator must not only have deep
understanding of the working of these devices and also
hands-on exposure to the tools for accurate data
retrieval so that the value and integrity of the data is
preserved.
 -
• Digital forensic investigation is a highly skilled task
which needs the expose of various tools, techniques
and guidelines for finding and recovering the digital
evidences from the crime scene or the digital
equipments used in the crime.
• With digital equipments like smartphone, tablets,
palmtops, smart TV, etc having increasing processing
capabilities and computation speed, the possibility of
use of these devices in cyber crime cannot be ruled out.
• A forensics investigator must not only have deep
understanding of the working of these devices and also
hands-on exposure to the tools for accurate data
retrieval so that the value and integrity of the data is
preserved.
 -
• An experienced computer forensic investigator plays
a crucial role in distinguishing direct and indirect
attack.
• Computer forensic experts are also useful for
recovery of accidental data loss, to detect industrial
espionage, counterfeiting, etc.
• In large organization, as soon as a cyber crime is
detected by the incident handling team, which is
responsible for monitoring and detection of security
event on a computer or computer network, initial
incident management processes are followed.
 -

Initial incident management processes involves the

following steps (incident handling team):
1. Preparation: prepare guidelines for incident
response and assigns roles and the responsibilities of
each member of the incident response team.
2. Identification: response team verifies whether an
event had actually occurred. One of the most
common procedures to verify the event is examining
the logs.
3. Containment: based on the feedback from the
assessment team, the future course of action to
respond to the incident is planned in this step.
 -

4. Eradication: In this step, the strategy for the

eradication or mitigate of the cause of the threat is
planned and executed.
5. Recovery: it is the process of returning to the normal
operational state after eradication of the problem.
6. Lesson Learned: if a new type of incident is
encounter, it needs to be documented so that this
knowledge can be used to handle such situations in
future.
 -
• The second step in the process is forensic investigation is
carried out to find the evidence of the crime, which is
mostly performed by 3rd party companies. The computer
forensic investigation involves following steps:
1. Identify incident and evidence: this is the first step
performed by the system administrator where he tries to
gather as much information as possible about the incident.
 Based on this information the scope and severity of the
attack is assessed. Once the evidence of the attack is
discovered, the backup of the same is taken for the
investigation purpose.
 The forensic investigation is never performed on the original
machine but on the data that is restored from the backup.
 -

2. Collect and preserve evidence: Various tools like

Helix, WinHex, FKT Imager, etc. are used to capture
the data. Once the backup of the data is obtained, the
custody of the evidence and the backup is taken.
MD5 (message digest) hash of the backup is calculated
and matched with the original one to check the
integrity of the data.
Other important sources of information like system log,
network information, logs generated by Intrusion
Detection Systems (IDS), port and process
information are also captured.
 -
3. Investigate: The image of the disk is restored from
the backup and the investigation is performed by
reviewing the logs, system files, deleted and updates
files, CPU uses and process logs, temporary files,
password protected and encrypted files, images,
videos and data files for possible stegnographic
message, etc.
4. Summarize and Presentation: The summery of the
incident is presented in chronological order. Based on
the investigation, conclusions are drawn and possible
cause is explained.
 -
• While carrying out the digital forensic investigation,
rules and procedure must be applied. Specially while
capturing the evidence.
• It should be ensured that the actions that are taken for
capturing the data do not change the evidence.
• The integrity of the data should be maintained. It
must be ensured that the devices used for capturing
the backup are free from contamination.
• Moreover, all the activities related to seizure, access,
storage or transfer of digital evidence must be fully
documented, preserved and available for review.
 -

• Prevention is always better than cure. It is always

recommended to fine tune your intrusion detection
system like firewall, occasionally perform penetration
tests on your network to avoid pray to hacker.
• Last but not the least, report the crime.
 Why Should Cyber Crime/Attack be Reported?
• Some of the companies do not report a cyber crime
incident because they fear this will harm their
reputation amongst its shareholders.
• Some of the data are very sensitive and its disclosure
may impact their business negatively.
• But, the fact is until and unless a cyber crime incident
is reported, the cyber criminals will never be crabbed
by the law enforcement agencies.
• This will further worsen the conditions and encourage
the criminals to repeat these types of incidents with the
same or the other organizations.
 -
So it is very important to identify and prosecute them.
This will help not only to identify the existing threats
to the economy and the infrastructure but also new
threats are identified.
Depending on the scope of a cyber crime, the cyber
crime should be reported to nearest police office,
Information Network Security Agency (INSA),
National Intelligence and Security Service (NISS) or
the international bodies like Interpol.
-