Short notes ( Important Points for Prevention of cyber fraud & crime exam point of view)
l 3 aspects of crime fraud triangle are 1.Need 2. Opportunity 3. Rationalization( Criminal commits the crime himself)
l cyber-crime is not defined in IT act 2000 and amendment 2008 also
l Crimes comes under Indian penal code 1860
l Script kiddies means hacker who is having lacks of any serious technical expertise like child –like manner
l Spammers ..spam like keep sending advertisement and discount offer mails
l Vulnerabilities are the opportunities provided by system itself
l Threat vector to understand the modes of operandi
l In case of copy right infringement to the actual offender Vitim can apply for John doe order
l Which is legal remedy to obtained untraced offender
Import acts Information Technology (Amendment) Act, 2008 (hereinafter referred to as ‘Amendment Act’), has been passed by the Lok Sabha on 22nd December 2008 and by Rajya Sabha on 23rd December 2008 and received the assent of the President on 5th February 2009. The Act came into force with effect from 27th October 2009. By the Amendment Act, various provisions of Information Technology Act, 2000 (hereinafter IT Act or ‘the Act’) have been amended and the major amendments are described hereunder.
l Tampering with computer source Documents Sec.65
l Hacking with computer systems , Data Alteration Sec.66
l Sending offensive messages through communication service, etc Sec.66A
l Dishonestly receiving stolen computer resource or communication device Sec.66B
l Identity theft Sec.66C
l Cheating by personation by using computer resource Sec.66D
l Violation of privacy Sec.66E
l Cyber terrorism Sec.66F
l Publishing or transmitting obscene material in electronic form Sec .67
l Hackers scans the computer pre attack to identify - Vulnerability in the systemPunishment for publishing or transmitting of material depicting children in sexually explicit act, etc.
l in electronic form Sec.67B
l Preservation and Retention of information by intermediaries Sec.67C
l Powers to issue directions for interception or monitoring or decryption of any information through
l any computer resource Sec.69
l Power to issue directions for blocking for public access of any information through any computer
l resource Sec.69A
l Power to authorize to monitor and collect traffic data or information through any computer resource
l for Cyber Security Sec.69B
l Un-authorized access to protected system Sec.70
l Penalty for misrepresentation Sec.71
l Breach of confidentiality and privacy Sec.72
l Publishing False digital signature certificates Sec.73
l Publication for fraudulent purpose Sec.74
l Fast flux is a networking technique changing IP address in very fast and frequent intervals
l Hackers scans the computer pre attack to identify due to Vulnerability in the system
l Cyber stalking simple personal harassment
l Cyber squatting means occupying the space in a Internet domain name or registing domain. Simply by trademark issues
l ICANN international organisation IPAddres space, NIXI for india
l Cyber extortion Threatening someone by force in digital world. Recently happen Ransomware attack
l In Cyber warfare supervisory control will take place..SCADA
l CIA Triad
“Confidentiality” means information is accessible only to those authorized to have access.
- “Integrity” means safeguarding the accuracy and completeness of information and processing methods
- “Availability” means ensuring that authorized users have access to information and associated assets as per commitment when required
l Non repudiation will tell creator ,sender,receiver& network providers has own responsibilty to send message to next stage properly.
l Authorisation will confirm the authorized user access
l Authentication will authenticated the type of transaction by the user
l 1 factor Authentification 1FA.. simply PIN access
l 2FA …. OTP & PIN
l 3FA….2FA+ Biometric access
l Electronic Signature As per Section 2(ta) of the IT Act, as inserted by the Amendment Act, ‘Electronic Signature’ means the authentication of any electronic record by a subscriber by means of the electronic techniques specified in the Second Schedule to the IT Act and includes digital signature.‘Electronic Signature Certificate’ has been defined as an Electronic Signature Certificate issued under Section 35 and includes Digital SignatureCertificate [Section 2(tb)]. (As per Section 35, any person can make an application to the Certifying Authority for the issue of a Electronic Signature Certificate, by paying the prescribed fee and giving such other details) A new Section has been inserted as Section 3A, wherein it is stated that notwithstanding anything in respect of the authentication of an electronic record by affixing digital signature (under Section 3), a subscriber may authenticate any electronic record by such electronic signature or electronic authentication technique which is considered reliable and may be specified in the Second Schedule. For this purpose, an electronic signature or electronic authentication technique shall be considered reliable, if –
(i) the signature creation data or the authentication data are, withinthe context in which they are used, linked to the signatory or, as the case may be, the authenticator and no other person;
(ii) the signature creation data or the authentication data were, at the time of signing, under the control of the signatory or, as the case may be, the authenticator and of no other person;
(iii) any alteration to the electronic signature made after affixing such signature is detectable;
(iv) any alteration to the information made after its authentication by
electronic signature is delectable; and
(v) electronic signature should also fulfil such other conditions which may be prescribed under the rules.
l Trapdoors..Disabling access controls intentionally
l Trespassing.. gaining access to hardware resource
l Masquerading using fake ID getting access
l CRYPTOGRAPHY
There are two basic types of Encryption algorithms:
(i) Symmetric encryption
(ii) Asymmetric Encryption
Symmetric Encryption: In this encryption technique the sender and receiver encrypts and decrypts the message with the same key. Examples are Twofish, Serpent, AES (Rijndael), Blowfish, CAST5, Kuznyechik, RC4, 3DES, Skipjack etc.
Asymmetric encryption: In this encryption technique the sender encrypts the message with the receiver’s public key and the receiver decrypts the information with recipient’s private key. Hence this technique is called public key encryption. Examples are: Diffie-Hellman, RSA, ECC, ElGamal, DSA etc.
Among the various models of symmetric cipher analyzed the Rijndael is the best. Actually it is the role model of DES and AES. This model is adopted by different information security agencies like NSA, NIST and FIPS.
Among the various asymmetric ciphers, RSA is a moderate and most useful cipher for small data encryption like digital signature, ATM Pin etc.
But as discussed above, RSA (asymmetric technique) is much slower than Rijndael (symmetric technique) and other symmetric cipher techniques. But the scalability of asymmetric cryptosystem is far higher than the symmetric cryptosystem. Thus where the number of users is huge and required keys are very high, asymmetric cryptosystem proves to be superior.
l A few more kinds of attacks
l Phishing: Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. Phishing has become rampant now a days and entities worldwide have lost their sensitive data and money.
l Spoofing: In the context of computer security, a spoofing attack is a situation in which one person or program successfully pretending as another by falsifying data, thereby gaining an illegitimate advantage. Spoofing is of two types. (1) Email spoofing is the creation of email messages with a forged sender address. Because the core email protocols do not have any mechanism for authentication, it is common for spam and phishing emails to use such spoofing to mislead the recipient about the origin of the message. (2) Network spoofing-in computer networking, IP address spoofing or IP spoofing is the creation of Internet Protocol (IP) packets with a false source IP address, for the purpose of hiding the identity of the sender or impersonating another computing system.
l Sniffing: Sniffing is the act of intercepting and inspecting data packets using sniffers (software or hardware devices) over the network. On the other hand, Spoofing is the act of identity
l impersonation. Packet sniffing allows individuals to capture data as it is transmitted over a network and is used by network professionals to diagnose network issues, and by malicious users to capture unencrypted data, like passwords and usernames.
l Spamming: Electronic spamming is the use of electronic messaging systems to send an unsolicited message (spam), especially advertising, as well as sending messages repeatedly on the same site. While the most widely recognized form of spam is email spam, the term is applied to similar abuses in other media too. Spam can also be used to spread computer viruses, Trojan or other malicious software. The objective may be identity theft, or worse (e.g., advance fee fraud). Some spam attempts to capitalize on human greed, while some attempts to take advantage of the victims' inexperience with computer technology to trick them (e.g., phishing).
l Ransomware: Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. Simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse. More advanced malware encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. The ransomware may also encrypt the computer's Master File Table (MFT) or the entire hard drive. Thus, ransomware is a denial-of-access attack that prevents computer users from accessing files since it is intractable to decrypt the files without the decryption key.
Some examples of ransomware are Reveton, Cryptolocker, Cryptowall, Fusob and WannaCry. Wide-ranging attacks involving encryption-based ransomware began to increase through Trojans such as CryptoLocker, which had procured an estimated US$3 million before it was taken down by authorities, and CryptoWall, which was estimated by the US Federal Bureau of Investigation (FBI) to have accrued over $18m as ransom money by the attackers by June 2015.
In May 2017, the WannaCry ransomware attack spread through the Internet, using an exploit vector that Microsoft had issued a "Critical" patch for (MS17-010) two months before on March 14, 2017. The ransomware attack infected lakhs of users in over 150 countries, using 20 different languages to demand money from users.
Measures against attacks
Against Phishing attacks, obviously there cannot be an antivirus tool for checking. Only appropriate user education and generating awareness can prevent or reduce phishing menace
Spoofing attacks which take advantage of TCP/IP suite protocols may be mitigated with the use of firewalls capable of deep packet inspection or by taking measures to verify the identity of the sender or recipient of a message
To protect against sniffing, we need to encrypt all important data we send or receive, scan our networks for any issues or dangers and use only trusted Wi-Fi networks.
To prevent spamming, most of the email services, viz., Gmail, Yahoo, Hotmail etc. provide filtering facilities and also enable users to categorize certain messages as spam.
Best measures for protection against ransomware are taking regular backups of data, applying OS patches regularly and using latest anti-malware solution.
l Types of Computer Frauds
1. Sending hoax emails to scare people
2. Illegally using someone else’s computer or “posing” as someone else on the internet
3. Using spyware to gather information about people
4. Emails requesting money in return for “small deposits”
5. Pyramid schemes or investment schemes via computer with the intent to take and use someone else’s money
6. Emails attempting to gather personal information used to access and use credit cards or social security numbers
7. Using the computer to solicit minors into sexual alliances
8. Violating copyright laws by coping information with the intent to sell it
9. Hacking into computer systems to gather large amounts of information for illegal purposes
10. Hacking into or illegally using a computer to change information such as grades, work, reports, etc.
11. Sending computer viruses or worms with the internet to destroy or ruin someone else’s computer
Precautions
Refrain from opening e-mail and e-mail attachments from individuals you do not know. Have ALL external storage devices scanned by virus-scanning software before inserted on your PC. Secure your Internet Web browsing.
l Compensation for Failure to Protect Data
A new Section 43A has been inserted to protect sensitive personal data or information possessed, dealt or handled by a body corporate in a computer resource which such body corporate owns, controls or operates. If such body corporate is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gains to any person, such body corporate shall be liable to pay damages by way of compensation to the person so affected. The explanation to Section 43A defines ‘body corporate’ as any company including a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities. Further, ‘reasonable security practices and procedures’ means security practices and procedures designed to protect such information from unauthorised access, damage, use, modification, disclosure or impairment, as may be specified in an agreement between the parties or as may be specified in any law for thetime being in force and in the absence of such agreement or any law, suchreasonable security practices and procedures as may be prescribed by theCentral Government in consultation with such professional bodies rassociations as it may deem fit. ‘Sensitive personal data or information’means such personal information as may be prescribed by the Central Government in consultation with such professional bodies or association as it may deem fit
l Computer related Offences
Section 66 of the IT Act prior to its amendment, dealing with ‘Hacking
with Computer System’ has been substituted with a new Section titled as
‘Computer related Offences’. As per the new Section, if any person
dishonestly or fraudulently does any act for damage to computer system, etc.
as stated in Section 43, he shall be punishable with imprisonment for a term
which may extend to three years or with fine which may extend to Rs.5 lacs or
with both. For the purpose of this Section, the words ‘dishonestly’ and
‘fraudulently’ shall have the meanings assigned to it in Section 24 and 25 of
Indian Penal Code respectively.A host of new Sections have been added after Section 66 as Sections
66A to 66F prescribing punishment for offences such as, obscene electronic
message transmissions, identity theft, cheating by impersonation using
computer resources, violation of privacy and cyber terrorism. The details of
such offences are given below.
Section 66A deals with punishment for sending offensive messages
through communication services, etc. As per this section, any person who
sends by means of a computer resource or a communication device, -
(i) any information that is grossly offensive or has menacing
character; or
(ii) any information which he knows to be false, but for the purpose
of causing annoyance, inconvenience, danger, obstruction,
insult, injury, criminal intimidation, enmity, hatred or ill-will,
persistently by making use of such computer resources or a
communication device; or
(iii) any electronic mail message for the purpose of causing
annoyance or inconvenience or to deceive or to mislead the
addressee or recipient about the origin of such messages,
shall be punishable with imprisonment for a term, this may
extend to three years and with fine.
For the purpose of above stated Section, terms ‘electronic mail’ and
‘electronic mail message’ means a message or information created or
transmitted or received on a computer or a computer system, computer
resources or communication device including attachments in text, image,
audio, video and any other electronic record, which may be transmitted with
the message.
Section 66B deals with the punishment for dishonestly receiving stolen
computer resource or communication device. As per this Section, whoever
dishonestly receives or retains any stolen computer resource or
communication device knowing or having reason to believe, the same to be
stolen computer resource or communication device shall be punished withimprisonment of either description for a term which may extend to three years
or with fine which may extend to one lac rupees or with both.
Section 66C deals with the punishment for identity, theft. As per this
Section, whoever fraudulently or dishonestly makes use of the electronic
signature, password or any other unique identification feature of any other
person shall be punished with imprisonment of either description for a term
which may extend to three years and shall also be liable to fine which may
extend to one lac rupees.
Section 66D deals with the punishment for cheating by personation by
using computer resource. As per this Section, whoever by means for any
communication device or computer resource, cheats by personating, shall be
punished with the imprisonment of either description for a term which may
extend to three years and shall also be liable to fine which may extend to one
lac rupees.
Section 66E deals with the punishment for violation of privacy. As per
this Section, whoever intentionally or knowingly captures, publishes or
transmits the image of a private area of any person without his or her consent
under circumstances violating the privacy of that person, shall be punished
with imprisonment which may extend to three years or with fine not exceeding
Rs.2 lacs or with both.
Section 66F deals with the punishment for cyber terrorism. As per this
Section, whoever commits or conspires to commit cyber terrorism shall be
punishable with imprisonment which may extend imprisonment for life. The
offence of cyber terrorism has been defined as whoever, with intent to
threaten the unity, integrity, security or sovereignty of India or to strike terror in
the people or any section of the people by –
(i) denying or cause the denial of access to any person authorised
to access computer resources; or(ii) attempting to penetrate or access a computer resource without
authorisation or exceeding authorised access; or
(iii) introducing or causing to introduce any computer contaminant;
and by means of such conduct causes or is likely to cause death or
injuries to persons or damage to or destruction of property or disrupts or
knowing that it is likely to cause damage or disruption of supplies or services
essential to the life of the community or adversely affect the critical
information, infrastructure specified under the Section 70 dealing with protected system.
l And more points exam point of view
1. Who Coordinates with Interpol in India ? - CBI
2. Which department was designated as Nodal Agency for Cyber Crime prevention - CERT-IN
3. What is the difference between Virus and Worm - Virus need human intervention to activate or multiply whereas worm automatically get multiplied
4. Worms are mainly used by hackers to - Occupy more space in the system/heavy usage of bandwidth in the network
5. One of the employee carefully watching the password entered by the Manager. What type of threat it is - Shoulder Surfing
6. Leaving a Logged in Computer by an employee - is human negligence
7. Hackers scans the computer pre attack to identify - Vulnerability in the system
8. Hackers inject worms/virus into the network to reach the target system and it - exploits the Vulnerability
9. Non updation of antivirus is - one of the major vunerability
10. One customer recieved a call in his mobile phone and the person posing himself as a bank manager collected the card credentials from him.This type is called - Phising
11. Online Banking sites are borne to what risk - Phising/IP spoofing
12. Data transfer between systems vide Network can be secured by - PKI
13. Customers can make sure that they deal with the authenticated website - by checking the Lock icon near the address bar
14.In https, S denotes - Secured/Security
15.This kind of worms directly attacks the root directory - Rootkits
16. This worms are really hard to detuct and delete - Rootkits
17. The compromised systems in the network are commonly termes as - Zombies
18. Customer security credentials were compromised by way of fraudulent SMS is called - smishing
19. The employees who try to hack their own company's site/find the vulnerabilities are called - White hat hackers
20.DDos - Distributed Denial of Service
21.Ransomware which blocks the access to the website demanding ransom for the same is - Denial of Service attack
22. Using same method for both encryption and decryption is called - symmetric encryption
23. Providing Last Login detail in Internet banking site is to - to detect any unauthorised usage earlier
24.Limits for retrying the passwords is - to avoid the unauthorised access
25. To safeguard from the Key Loggers attack - Use Virtual Key board to enter passwords
26.UTM stands for - Unified Threat Management
27.Setting up smoke detectors in the branch is - Detective Method
28.Placing Security guard in system room to avoid - Physical damage/attack on systems
29. Following the authorised person to enter into system room and making entry into the room is - Tailgatting
30.Dumbster Driving is a method - Searching for vulnerability in deleted files and data
31.FIrewall is - Intrusion Detection System
32.Authentication of electronic data/document can be assertained by - Digital Signature
33. When two or more persons illegally tries to enter into a critical room with single id/same id - Masquerading
34.Detection is normally - Post incedent
35. Post incident study mainly for the purpose of - study the impact of the attack and lessons for future prevention
36. Indian Agency working on Digital Forensics and Cyber security - C-DAC
37. OLTP refers to - On line Transaction Processing
38. OLTP is also termed as - Payment Gateway
39. Payment Gateway the Acquiring Bank to - Issuing bank through the Card Scheme to complete the transaction
40.Security Concerns arise in Payment Gateways are - At the User Level, Bank level and Merchant POS
41. Credit Card data theft through POS is falls under - Merchant PoS Security
42.Data encrypted using Private key can be decrypted by the public key available with - the Receiver
43. Cross verifying the Signature on the Slip against the Signature in the back side of the ATM card is doen by - the Merchant
44.Data should be secured in the following stages - Saved, Transit and Retrival
45.Intruder software in a network which attacks the data while in trnasit and thus commits data theft - Man in the Middle Attack
46. Captures a widows sessio for the purpose of data theft before it reaches the recipient is - Session Hijacking
47. Limits set for retrying of password is to avoid - Brute Force attack
48. ISSP stands for - Information System Security Policy
49.ICANN stands for - International Corporation for Assigned Names and Numbers
50.TLD stands for - Top Level Domain
51.Globally recognized set of rules defined for electronic records is - e-UCP
52.Technique used to redirect traffic from the infected device is called - Sinkholding
53. The technique which can intercept unencrypted data transit of mobile apps is called - Wi FI Snifing
54. This is one type of malware which doesnot affect the system/network - Ad-ware
55. This usually comes as a Pop up/add on screen which carries link for dubious websites - Ad-ware
56.EMV cards follow standard of - ISO/IEC No 7816
57. EMV cards follow this standard for Contactless card - ISO/IEC 14443
58. NFC is the technique used in contactless cards - Near Field Communication
59.PCI - DSS stands for - Plastic Card Industries - Data Security Standards
60. NFC cards works under - RFID Technology
61. Providing Access controls to employess based on roles/need is - Risk based Authentication
62. Seeking PIN to complete a transaction in PoS is - 2FA
63.SSL - Secure Socket Layering
64.SSL ensures - Encrypted link between a web server and a browser
65. Sending annoying messages to a person causing irritation/nuisance - Cyber Stalking
66. Black mailing a person using Computer/or network is - Cyber Extortion
67. Ransomware is type of - Cyber Extortion
68. Disputes on Domain names and protest are redressed globally by - UDRP
69. Phising/Vishing is type of - Cyber Cheating
70. Group of people attacks a Computer/ group of computers for propagating a objective - Cyber Terrorists
71. Hackers with common interest attack rival government's department site and database are - Cyber terrorists
72. ____ refers to the quality of secrecy associated with the data and the state of keeping an information asset secret - Confidentiality
73.____ refers to the state of remaining in the same format and not allowing for any tampering/manipulation - Integrity
74. ____ refers to the state o confirmation that the user has the authority to issue the command to the system - Authorisation
75. Quality of non denial, the stake holders are not permitted to denythe particular act of doing the act is - Non-repudiation
76. CAPTCHA refers to - Completely Automated Public Turing test to Tell Computers and Humans Apart
77. Placing letters in different sizes and styles which is hard to read by systems/robots is called - CAPTCHA
78. _______ is an important component for study and analysis to under the modus operandi of a Cyber Attack - Threat Vector
79. In cyber Crime, Threat landscape is denoted as - Study of entire overview of the network which was attacked
80. Conventional Crimes are - Physical crimes that involve thet of systems and hardware devices
81.Cyber Crimes are - System Crimes that involves data theft or tampering
82.Insider Attack Threat is - attack on the system/network by own employee without any permission/authentication
83.______ is the most dangerous attack in cyber crimes - Insider Attack
84. An employee copied and sold the sensitive information to a competitor concern is an example of - Insider Attack
85. Hackers scan the port/system and develop worm or codes to attack the same based on this - Vulnerability
86. ____ doesnot wait for any executable file to run for getting activated in the target system - Worm
87.____ refers to small piece of programs injected into the target system to spy on the activities - Spyware
88. Drones are classified as - Spying Devices
89. UAV stands for - Unmanned Aerial Vehicle
90. Most of the UAV used by the polic/defence authorities for - Survelliance purposes
91.The persons who are hired by companies to hack their own website/to identify the Vulnerability are - Blue Hat Hackers
92. System of effectively taking care of URL filterig, web-filtering, anti-virus, as all in one solution is referred as - Unified Threat Management
93. Force Log out option in Internet banking after certain time of Idleness is to guard the system against - Session Hijacking
94. Installing anti virus into the system is - Preventive Method
95.A statement used to create, alter, drop objects in a database is called - Data Definition Language
96. Fault Detection, isolation nad recovery are closely associated wiht - Detection Control
97. Installing Bio Metric devices to check unauthorised entry is - Physical Control
98. Unless properly logged, straightaway accessing the database through a SQL is termed as - Back end Access
99.IT Act 2008 describes the activity of hacking as a criminal activity in section no 66
100. IT Act 2000 came in force on - 17 October 2000
101. IT Amendment Act came into force on - 27 October 2009
101. IT Act consists of - 13 Chapters and 90 Sections
102. The Section which deals with cyber crimes as civil offence - Section 43
103. The Section deals with cyber crimes as Criminal Offences - Section 66
104. IT Amendment Act included the following which is not in the IT Act 2000 - Electronic Signature
105. Electronic Signature has been dealt in - Section 15
106. Under Section 43A, if any body corporate handling any sensitive personal data is negligent in implementing and maintaining reasonable security the compensation may go upto - five crore rupees
107. Under Section 43, if one found guilty on Data theft/alters/destroys the same the penalty/compensation may go upto - One Crore rupees
108. Tampering with Computer Source Documents - Section 65
109. Punishment under Section 65 may go upto - Three years imprisonment and extend upto Two Lakhs Fine
110. Computer Related offences which were dealt under section 43 can also be dealt as criminal offence under section - 66
111. Punishment under Section 66 may go upto - two three years and/or fine upto five lakhs rupees
112. Crime of Cyber Stalking ( sending electronic messages for the purpose of causing annoyance/inconvenience/decieve/mislead the recipient) may lead to - two three years imprisonment
113. Identity Theft is dealt under Section - 66c
114. Punishment of Identity Theft - may extend to three years term and/or fine upto One lakhs rupees
115. Puishment for Cyber Cheating - may extend to three years term and/or fine upto One lakhs rupees
116. Cyber Cheating is dealt under - Section 66D
117. Punishment for Cyber Terrorism may extend upto - Life time Imprisonment
118. Cyber Terrorism is dealt under - Section 66F
119. Publishing obscene material in electronic form dealt under - Section 67
120. Punishment under Section 67 may extend upto - two three years term and/or five lakhs fine
121. Punishment for Sudsequent conviction of the same crime under section 67 is - 5 years term and/or ten lakhs rupees fine
122. Sexually explicit content in electronic form dealt under - Section 67A
123. Punishment under Section 67A is - Five years term with fine
124.Punishment for Sudsequent conviction of the same crime under section 67A is - 7 years term and/or ten lakhs rupees fine
125. CERT-IN has been designated as Nodal agency for Critical Information Infrastructure Protection under Section - 70B
126. Mispresentation/Suppression of material Fact dealt under - Section 71
127. Penalty under Section 71 - Two years term and/or fine upto One lakh rupees
128. Breach of confidentiality and Privacy dealt under Section - 72
129. Analysing the style of writing or the langauage style for the purpose of Crime Investigation is - Stylometry
130. RBI issues licenses for Payment Banks in India based on approval from - BPSS
131. NTRO stands for - National Technical Research Organisation
132. Netra, the light weight UAV was developed by - DRDO
133.NCIIPC stands for - National Critical Information Infrastructure Protection Centre
134. DSCI - Data Security Council of India
135. Digital Forensic tools used by our Police Department were developed by - C-DAC
136. C-DAC stands for - Centre for Development of ADvanced Computig
137. NTRO works under - Prime Minister's Office
138. Two acts which are mainly handled by ED - FEMA and PMLA
139. Money laundering using banking systems/Internet banking is - Conventional Crime
140. Obtaining an IP address similar to some other and demanding a ransom for forego the same is - Cyber Squatting
141. Data Protection while in transit using non repudiation techniques can be achieved through - Public Key Infrastructure
142. Card Skimming is a technique mostly used th steal the card details and it mostly placed on - ATM manchines
143. Card Skimming Data Theft can be avoided using - Contactless Cards/NFC Cards
144. To avoid the Card Credentials in Online sites these cards were introduced - Virtual Cards
145. Smart Cards which are loaded with Money prior to issue is called - Prepaid Cards
146. Virtual Cards normally comes with a validity of - 24 hours to 48 hours
147. Maximum loading permitted in a Prepaid as per RBI instruction is - 50000/-
148. Hackers try to capture the login credentials by analysing the keys pressed in the Key boards. the worms captures such data is called as - Key Loggers
149. By clicking unauthenticated link, customers may diverted to fake websites to capture the sensitive personal. This is type of - Website spoofing/IP Spoofing
150. Ad wares are used not to harm the computers but to - make a catch by making the user to click on the dubious link to fake websites
No comments:
Post a Comment