Siksha Sarovar

Siksha Sarovar (sikshasarovar.com) is a free educational web application that helps students in India learn programming and prepare for academic and competitive exams. The platform offers structured coding courses (C, C++, Python, Java, HTML, CSS, PHP, Power BI, AI, Machine Learning, Data Science), complete university curriculum notes for BCA/MCA students with previous year question papers, Class 10 and Class 12 CBSE/HBSE school notes, and dedicated preparation material for SSC, UPSC, Banking, Railway and other government exams. Browsing the site is completely free and requires no account. Users may optionally sign in with Google solely to save their learning progress, quiz scores and personal preferences across devices.

Privacy Policy | Terms of Service | Contact Siksha Sarovar | About Siksha Sarovar

v4.0.9 · PWA
Siksha Sarovar logo
Siksha Sarovar
Your Learning Universe

Siksha Sarovar is a free e-learning platform for coding courses, BCA university notes and competitive exam preparation. Optional Google sign-in saves your learning progress across devices.

Initializing knowledge base…
Compiling modules 0%

Classification of Cybercrimes, Categories & Criminal Profiles

Lesson 3 of 15 in the free Cyber Security notes on Siksha Sarovar, written by Rohit Jangra.

Classification of Cybercrimes, Categories & Criminal Profiles

A cybercrime is any illegal act in which a computer or digital device is either the instrument of the crime, the target of the crime, or both. As digital life expands, cybercrimes have grown exponentially in frequency, sophistication, and scale. India's IT Act 2000 (amended by the IT Amendment Act 2008) is the primary legal framework governing cybercrimes in India.

---

Primary Classification: Target of the Crime

Cybercrimes are classified by who or what is the victim:

ClassificationTargetExamplesApplicable LawPunishment (India)
Against PersonIndividual human beingsCyberstalking, cyber harassment, identity theft, defamationIT Act Section 66C, 66E, IPC 509Up to 3 years imprisonment
Against PropertyDigital or physical propertyHacking, data theft, ransomware, IP theftIT Act Section 43, 66, 66BUp to 3 years + fine
Against OrganisationCorporations, governmentsCorporate espionage, DoS attack, insider threatIT Act Section 66, IPC 420Up to 3 years imprisonment
Against SocietyPublic order, social fabricCyberterrorism, CSAM, hate speech, fake newsIT Act Section 67, 69Up to 5–7 years
Against NationNational security, critical infrastructureCyberwarfare, SCADA attacks, grid attacksIT Act Section 66FLife imprisonment

---

Categories of Cybercrime by Method

Beyond classification by target, cybercrimes are grouped by the method used:

CategoryDescriptionSub-typesReal ExampleEstimated Annual Cost
Unauthorized AccessBreaking into systems without permissionHacking, cracking, war drivingAnonymous hacking US government$6 billion globally
Financial CrimesTheft or fraud involving moneyOnline banking fraud, credit card skimming, crypto theftBangladesh Bank SWIFT heist ($81M)$5 trillion globally
Data CrimesStealing or corrupting dataData breach, data diddling, salami attackAadhaar data leak (2018)$4.45M avg breach cost
Malware CrimesDeploying malicious softwareVirus, worm, ransomware, spywareWannaCry 2017$20 billion (ransomware)
Communication CrimesAbusing communication channelsPhishing, spam, vishing, smishingBEC email fraud$2.7 billion (FBI 2022)
Intellectual Property CrimesStealing creative or proprietary contentSoftware piracy, copyright infringement, trade secret theftSoftware piracy in developing nations$4.2 billion
Cyber-enabled CrimeTraditional crimes enabled by digital toolsCyberstalking, drug trafficking online, dark web marketsSilk Road marketplaceGrowing rapidly

---

Profiles of Cybercriminals

Not all cybercriminals are the same. Understanding adversary profiles helps in threat modeling:

ProfileMotivationSkill LevelTools UsedExamples
Script KiddieNotoriety, curiosityLowPre-built exploit kits, MetasploitDefacing websites
Hacker (Black Hat)Financial gain, thrillMedium–HighCustom exploits, zero-daysAccount theft, data breach
HacktivistPolitical/ideological agendaMediumDDoS tools, defacementAnonymous, LulzSec
Cybercriminal (Organized)Financial profit (business model)HighRaaS kits, botnets, phishing-as-a-serviceREvil ransomware gang
Insider ThreatDisgruntlement, financial pressureVariesAuthorized access, data exfiltration toolsEdward Snowden (case study)
Nation-State Actor (APT)Espionage, sabotage, influenceVery HighZero-days, custom malware, supply chainAPT29 (Cozy Bear), Lazarus Group
CyberterroristDisruption, fear, political violenceHighSCADA exploits, grid attacksAlleged attacks on power grids

---

Notable Types of Criminal Attacks

Hacking is gaining unauthorized access to computer systems. It can be:

  • White Hat (Ethical Hacking): Authorized testing to find vulnerabilities before criminals do
  • Grey Hat: Unauthorized access but without malicious intent; may disclose vulnerabilities publicly
  • Black Hat: Unauthorized access with malicious intent — theft, damage, disruption

Data Diddling: Altering data before or during entry into a computer system. Example: changing salary figures in payroll before processing — almost undetectable.

Salami Attack: Stealing tiny amounts from many sources (like slices of salami). In banking, rounding fractions of a cent from thousands of transactions into a criminal's account accumulates to large sums.

Logic Bomb: Malicious code that activates only when specific conditions are met (e.g., after a certain date, when a file is deleted). Commonly planted by disgruntled employees.

Exam Tip: Cybercrimes are classified as: (1) Against Persons, (2) Against Property, (3) Against Organizations, (4) Against Society, (5) Against the Nation. This classification appears directly in BCA exam questions. Also know that Section 66 of the IT Act 2000 covers computer-related offenses.

---

Study Deep: Cybercrime Classification

  1. The dark web fuels organized cybercrime: Criminal marketplaces on the dark web (accessed via Tor browser) sell stolen credit card numbers, ransomware-as-a-service kits, and hacking services. The RaaS (Ransomware-as-a-Service) model means criminals with no technical skills can launch ransomware attacks for a share of profits.
  1. Salami attacks are statistically invisible: Because each individual theft is below a detection threshold (a fraction of a rupee), salami attacks can run for years undetected. They require anomaly detection algorithms, not just threshold-based alerts.
  1. Insider threats cause 60% of data breaches (Ponemon): Organizations spend heavily on perimeter security but often neglect insider threat programs. Access control, user behavior analytics (UBA), and least privilege principle are critical countermeasures.
  1. Nation-state APTs operate like corporations: Advanced Persistent Threat (APT) groups have dedicated teams for reconnaissance, exploitation, persistence, and exfiltration. They often remain undetected for months or years (average dwell time: 207 days, IBM 2023). APT groups are named: APT1, APT28 (Fancy Bear), APT41, Lazarus Group (North Korea).
  1. Cybercrime reporting in India: India has the National Cyber Crime Reporting Portal (cybercrime.gov.in) managed by MHA. Victims can report financial fraud, cyberstalking, child pornography, and hacking. CERT-In (Indian Computer Emergency Response Team) handles national-level cyber incidents.
Exam Tip: Know Section numbers of the IT Act: Section 43 (unauthorized access), Section 66 (computer-related offenses), Section 66C (identity theft), Section 66E (privacy violation), Section 67 (publishing obscene material), Section 69 (government monitoring powers). These frequently appear in theory questions.