EMAIL HACKING AND SNOOPING NAINCY KUMARI
AUTHORED BY - NAINCY KUMARI
The World Wide Web allows us to easily access a wide range of activities. In reality, our use of the internet is essential for the successful completion of our daily tasks and activities. However, accessing the internet can also lead to a number of online crimes, such as breach of data and account hacking. A number of cybercrime cases including phishing, identity theft, and fraud, have surged in recent years. In the previous year alone, India saw a 16% increase in the number of cyberattacks throughout the Country. Cybercrime infiltration is anticipated to increase further. This emphasises the significance of creating more effective and deterrent legal structures, as well as stricter legislations, to combat cybercrime. In this situation, it becomes important to examine the country’s existing cybersecurity legislation to see if they provide adequate protection against these crimes. In this article I focused on two cyber crimes which is Email hacking and snooping. Both of them are the fastest growing cyber crime Nowadays. The actual extent of cyber crime is hard to determine. Because of the significant danger of data loss, the consequences of cyber crime may be disastrous. To combat the threat posed by cybercriminals, the government created the Information Technology Act of 2000, the primary goal of which is to provide an enabling environment for successful internet use as well as to report cyber crime in India. The Information Technology Act (IT Act), which was enacted in 2000, governs Indian cyber legislation.
Keywords; Internet, Cyber Attacks, Phishing, Identity theft, Cyber Security, Information technology act, Cyber legislation.
Cybercrime is defined as any criminal misconduct carried out through a network, technical gadgets, or the internet. Although some cybercrimes are intended to cause harm to the victim, the vast majority are committed for financial gain. Individuals and corporations are both targets. Individuals are typically part of a bigger assault in which the hacker tries to distribute malware across machines for-profit motive. Business assaults, on the other hand, are usually a one-shot deal. The introduction of email in the 1980s brought with it phishing schemes and viruses sent via attachments. Web browsers, like computer viruses, had grown prevalent by the 1990s.Because of the nature of these platforms, the broad use of social media in the 2000s only exacerbated cyber crime, particularly data theft. Malware infections and data theft have surged rapidly over the last 10 years and show no indications of slowing down anytime soon. With the evolution of the internet, hackers now have a plethora of novel attack vectors at their disposal. As more and more ordinary devices — refrigerators, washing machines, heating systems, light bulbs, and so on — go online, cybercriminals gain new weaknesses and possibilities. Now one by one I will discuss about both the cyber crime that is Email hacking and Snooping.
Email hacking is one of the most common instances of cybercrime these days, and it is one of the most severely penalized. Email is a very widely used communication method. If an email account is hacked, it can allow the attacker access to the personal, sensitive or confidential information in the mail storage; as well as allowing them to read new incoming and outgoing email - and to send and receive as the legitimate owner. On some email platforms, it may also allow them to setup automated email processing rules. All of these could be very harmful for the legitimate user. There are a number of ways in which a hacker can illegally gain access to an email account. A virus or other malware can be sent via email, and if executed may be able to capture the user's password and send it to an attacker. The most common way email gets hacked are through phishing schemes. Phishing is the most widely used technique because it's simple, affordable, and attacks the weakest link in any security system – people. Phishing is usually done by sending out an email that looks legitimate and sends the recipient to a fake website and has them enter credentials to “verify” information, which is then stolen. The emails may also ask a recipient to download something that looks legitimate but ends up being malicious malware.
The most common way email gets hacked are through phishing schemes. Phishing is the most widely used technique because it’s simple, affordable, and attacks the weakest link in any security system – people. Phishing is usually done by sending out an email that looks legitimate and sends the recipient to a fake website and has them enter credentials to “verify” information, which is then stolen. The emails may also ask a recipient to download something that looks legitimate but ends up being malicious malware. The Anthem breach is suspected to have originated through the use of a phishing scheme.
A MITM attack is when a hacker secretly relays communication between two parties who believe they are communicating directly. Unless both parties use encryption the message is open and can be read by anyone who intercepts it. A quick way to know if an email is particularly vulnerable to MITM is if you receive an email from someone and it is in clear text. Consider emails sent to and received from mailboxes that only send clear text emails as security liabilities.
Good old guessing is another way a hacker can gain access to email. Personal information on social media makes it easier for a hacker to find information often used as passwords and security questions.
Email on the internet is sent by the Simple Mail Transfer Protocol (SMTP). While mail can be encrypted between mail servers, this is not typically enforced, but instead Opportunistic TLS is used - where mail servers negotiate for each email connection whether it will be encrypted, and to what standard. Where a mail flow between servers is not encrypted, it could be intercepted by an ISP or government agency and the contents can be read by passive monitoring. For higher security, email administrators can configure servers to require encryption to specified servers or domains. Email spoofing and similar issues which facilitate phishing are addressed by the 'stack' of Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting and Conformance (DMARC). Setting all these in place is technically challenging, and not visible to the end user, so implementation progress has been slow. A further layer, Authenticated Received Chain (ARC), allows mail flow through intermediate mail servers such as mailing lists or forwarding services to be better handled - a common objection to implementation. Businesses typically have advanced firewalls, anti-virus software and intrusion detection systems (IDS) to prevent or detect improper network access. They may also have security specialists perform an audit on the company and hire a Certified Ethical Hacker to perform a simulated attack or "pen test" in order to find any gaps in security. Although companies may secure its internal networks, vulnerabilities can also occur through home networking. Email may be protected by methods, such as, creating a strong password, encrypting its contents, or using a digital signature. If passwords are leaked or otherwise become known to an attacker, having two-factor authentication enabled may prevent improper access. There are also specialist encrypted email services such as Proton mail or Mail fence.
With approximately 658 million internet users as of February 2022, India has the world’s second-largest internet population. Cybercrime in India cost Rs.1.25 lakh crore in 2019, putting India in second place among nations hit by cyber-attacks between 2016 and 2018. Ransomware assaults are becoming more common, and many cybercriminals operate from their homes. In other words, cybercrime in India may be described as unlawful access to a computer system without the consent of the legitimate owner or location of criminal activity and can range from online cracking to denial of service assaults. Hackers have devised a number of methods for acquiring user passwords by leveraging the inadequate IT infrastructure at employees’ residences. Indeed, the frequency of cyber assaults is growing, with 7 lakh documented intrusions through August of this year—a stunning 175 percent rise over the same period last year. There are several vulnerabilities in devices such as mobile phones that individuals use to access services. An examination of the attack vector in a mobile phone found that other than the programs, there are 15 distinct points through which a hacker might gain access to it. Bluetooth, communication modules, microchips, operating systems, CPUs, and Wi-Fi are all examples Now we will discuss about other cyber crime that is Snooping.
Snooping, in a security context, is unauthorized access to another person's or company's data. The practice is similar to eavesdropping but is not necessarily limited to gaining access to data during its transmission. Snooping is a broad term that can include casual observance of an email that appears on another person's computer screen or watching what someone else is typing. More sophisticated snooping uses software to remotely monitor activity on a computer or as communications data traverses a network. An example of electronic snooping is a key logger, a program that monitors and captures keystrokes, including passwords and login information, and can intercept email and other private communications and data transmissions. Key loggers are commonly installed on endpoint devices, such as PCs and laptops, and operate without the user knowing. The key logger creates a text file that captures every keyboard command issued. Later, hackers who installed the key logger retrieve the keystroke file and analyze it to find information they can use for other malicious purposes, including accessing other protected resources, bribery or identity theft. It should also be pointed out that corporations sometimes snoop on employees legitimately to monitor their use of business computers and track internet usage and productivity. The latest trend of employees working from home rather than in the office has further fostered the use of remote snooping tools.
Although snooping has a negative connotation in general, in computer technology, snooping can refer to any program or utility that performs a monitoring function. Thus, the types of snooping methods and tools can vary widely, including the following:
The terms snooping and spoofing are often used interchangeably. However, this is incorrect. Snooping is a form of eavesdropping with the purpose of learning information that is not intended to be visible or shared. Spoofing, on the other hand, is a method used to make an electronic device or network look like it is a trusted source. A spoofed device is used to gain the trust of a remote device, user or service so that it can freely share information. While the two terms are used to refer to activities to gain unauthorized access to information, they use different tactics to accomplish that goal.
The Act criminalises the sending of offensive messages through a computer or other communication devices. The provision also made it punishable for a person to send information that they believed to be false. Section 66A had prescribed three years’ imprisonment if a social media message caused “annoyance” or was found “grossly offensive”. Even sending emails for causing annoyance, inconvenience, or to deceive or mislead the recipient about the origin of the message was punishable under this section. Cyber criminal may use the Email services to commit such offences by Hacking the Email of victim. However, The court struck down the provision as unconstitutional and a violation of free speech in 2015 in the Shreya Singhal Case. The section relating to restrictions on online speech was declared unconstitutional on grounds of violating the freedom of speech guaranteed under Article 19(1)(a) of the Constitution of India.
Identity theft is when a fraudster acquires personal, critical, and essential information of another individual, typically comprising personal and/or financial data, and then uses this information to indulge in any irregular activity, which is more often than not a fraud. When someone makes unauthorised or fraudulent use of your personal or financial details, it is known as identity theft. It can pertain to your bank account, credit card, email ID, Aadhaar, PAN, or even your social media account. The offence of Identity theft can be correlated with the concept of snooping where fraudulent ways are being used to acquire sensitive or critical information of the victim. Phishing, smishing, spoofing and vishing are some of the techniques used by fraudsters for identity theft. “Fake websites are used for online shopping scams that use the logo of a trusted retailer and a similar URL of the company and such person shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to rupees one lakh.
There are several methods users can practice to help reduce the chance of electronic snooping. Some common examples are the following:
As people’s reliance on technology grows, cyber laws in India and throughout the world must be constantly updated and refined. The epidemic has also driven a large portion of the workforce into a remote working mode, heightening the need for app security. Legislators must go above and beyond to keep ahead of the impostors and stop them in their tracks. cyber crime can be managed, but it takes the combined efforts of governments, Internet or network providers, intermediaries such as banks and shopping sites, and most crucially, consumers. We should take various prevention steps that is discussed above to prevent email hacking and snooping. As with the evolution of the internet, hackers now have a plethora of novel attack vectors at their disposal. As more and more ordinary devices — refrigerators, washing machines, heating systems, light bulbs, and so on — go online, cybercriminals gain new weaknesses and possibilities. Because of the nature of these platforms, the broad use of social media in the 2000s only exacerbated cyber crime, particularly Email hacking. Snooping and email hacking have surged rapidly over the last 10 years and show no indications of slowing down anytime soon. Thus at last as said by Ervine Cybersecurity starts with prevention. Follow the Six Principles of Cyber Security to keep your computer and network safe. When it comes to data protection, use strong encryption and keep copies off-site. Be suspicious of unsolicited email offers and don’t open attachments from people you don’t know. Regularly back up your files to be in a good position in case of an emergency. Finally, use common sense when online.