Computer and Information Technology (Physics) Part-VII

A cracker or black hat hacker is a person who attempts to find computer security vulnerabilities and exploit them for personal financial gain or other malicious reasons.

He gains unauthorized access in a computer system or network, destroys vital data, denies legitimate user's service or causes problems for their targets.

This differs from white hat hackers, which are security specialists employed to use hacking methods to find security flaws that crackers or black hat hackers may exploit.

A virtual keyboard is a software component that allows the input of characters without the need for physical keys. The interaction with the virtual keyboard happens mostly via a touchscreen interface, but can also take place in a different form in virtual or augmented reality.

Virtual keyboards may be used to reduce the risk of keystroke logging. When entering private data (for example, your login and password for an online banking account) from a regular keyboard, there is always a risk of data interception by some spyware.

Such programs record the keys pressed on the keyboard and therefore capture the data entered from the regular keyboard to pass it to the malefactor. Thus, virtual keyboards may protect the computer against Password theft, Trojan programs and Spyware.

However, a virtual keyboard cannot protect your personal data if a site that requires entering such data was hacked. In this case, the information goes directly to the malefactors.

Hacking, stalking and denial of service attacks all are considered as a cybercrime. Hacking is the practice to crack into someone else's system or otherwise using a programming or expert knowledge to act maliciously.

Cyberstalking is the use of the internet or other electronic means to stalk or harass an individual, a group or an organization. Denial of service attack is an attempt to make a machine or network resource unavailable to its intended users.

Among the given options online chatting is not a cybercrime, while phishing (the fraudulent attempt to obtain sensitive information such as username, passwords and debit/credit card details by disguising oneself as a trustworthy entity in an electronic communication), cyber stalking and identity theft are considered as cybercrime.

Phishing is a type of cyber attack that involves tricking users into revealing sensitive informations such as username, passwords, debit/credit card details etc

In the context of information security, and especially network security, a spoofing attack is a situation in which a person or program successfully identifies as another by falsifying data, to gain an illegitimate advantage.

Spoofing is a type of scam in which a criminal disguises an email address, display name, phone number, text message, or website URL to convince a target that they are interacting with a known, trusted source.

Email spoofing is a technique used in spam and phishing attacks to trick users into thinking a message came from a person or entity they either know or can trust.

The cybercriminals are well skilled in computer and victims are totally ignorant relating to techniques of computer technology.

Compliance, defence against internal threats and threat prevention-all these are features of cyber security. The main essential features of cyber security are:

1. Coverage for external threats

2. Defence against internal threats

3. Regulatory compliance for security

4. Cloud-based security services

5. Threat detection, prevention, and response

6. Consolidated solutions

7. Proper security analytics

First cyber law which provides the legal infrastructure for e-commerce in India is the Information Technology Act, 2000, It was enacted on 9 June 2000 and commenced on 17 October 2000.

It provides a legal framework for electronic governance by giving recognition to electronic records and digital signatures. It also defines cybercrimes and prescribes penalties for them.

In India, section 70-B of the Information Technology Act, 2000 empowers Central Government to set up a government agency named 'Indian Computer Emergency Response Team' (CERT-in).

In pursuance of this provision, the Central Government has issued 'Information Technology Rules, 2013' in which the CERT-In work methods and places etc. are mentioned.

These rules impose the obligation to report cyber security incidents within reasonable time on service providers, intermediaries, data centers and corporate bodies, so that CERT-In can take immediate action on it.