Cyber Security & Forensics

UNIT I: Introduction to Cybercrime

 1.1 Cybercrime: Definition and Origins of the Word

1.2 Cybercrime and Information Security

TOPICS 1.3 Cybercriminals

1.4 Classifications of Cybercrime

1.5 Cyberstalking

20XX
 1.6 Cybercafe and Cybercrimes

1.7 Botnets

TOPICS 1.8 Attack Vector

1.9 Proliferation of Mobile and Wireless

Devices

1.10 Security Challenges Posed by

Mobile Devices
20XX
1.1 Definition and Origins
of the Word
Cybercrime (computer crime) is any
illegal behavior, directed by means of
Cybercri
electronic operations, that targets
the security of computer systems
me
and the data processed by them.
 Two types of attack are prevalent

A premeditated act against a system or

systems, with the intent to copy, steal, prevent
Techno-Crime access, corrupt or otherwise deface or damage
parts of or the complete computer system.

Techno-Vandalism These acts of “brainless” defacement of

websites and/or other activities, such as
copying files and publicizing their contents
publicly, are usually opportunistic in nature.
 1.2 Cybercrime and Information Security
Lack of information security leads to cybercrimes.
Indian government amended ITA 2000 to focus on information
security.
Cybersecurity protects information and devices from
unauthorized access and use.
Cybercrimes have a significant impact on information security.
Estimating financial losses from insider crimes is challenging.
Many organizations don't disclose security incident details to
avoid negative publicity.
Data privacy awareness is low in most organizations.
Online gambling is illegal in some countries, including India.
 1.3 Cybercriminals
Type I: Cybercriminals – Type II: Cybercriminals – not Type III: Cybercriminals – the
hungry for recognition ​ interested in recognition insiders

• Hobby hackers • Disgruntled or

• Psychological former employees
• IT professionals
perverts seeking revenge
• politically
• financially • competing
motivated companies using
motivated
hackers employees to gain
hackers
• terrorist economic advantage
organizations. through damage
and/or theft.
 1.4 Classifications of Cybercrime

1. 3. 5.
Cybercrime Cybercrime Crimes
against against emanating
individual organization from Usenet
newsgroup

2. Cybercrime 4. Cybercrime
against against
property Society
 Classifications of Cybercrime

1. Cybercrime against 2. Cybercrime against 3. Cybercrime against

individual property organization

• Electronic mail (E- • Credit card • Password

Mail) Spoofing and
frauds sniffing
other online frauds.
• DOS attacks
• Phishing, Spear • Intellectual
Phishing and its • Virus attack of
various other forms property (IP)
viruses
such as Vishing and crimes • E-Mail bombing
Smishing.
• Spamming
• Internet time • Logic bomb
• Cyberdefamation theft • Trojan Horse
 Classifications of Cybercrime

4. Cybercrime against Society 5. Crimes emanating from Usenet

newsgroup

• Forgery • Usenet groups may have

• Cyberterrorism offensive or
• Web jacking inappropriate material.
• Exercise caution and use
common sense when using
Usenet.
• Use the service at your own
risk.
 1.5 Cyberstalking

Cyberstalking is the repeated use of electronic communication to

harass, threaten, or intimidate someone, causing fear or
distress.
Cyberstalking includes false accusations, threats, and identity
theft.
It involves damaging data or equipment and soliciting minors
for sexual purposes.
Cyberstalkers gather information for harassment purposes.
Offline actions like following, visiting homes or businesses,
making calls, and leaving messages may accompany online
harassment.
The Internet's accessibility and ease of communication make
cyberstalking prevalent.
 Types of Stalkers

Cyberstalkers use the Internet to interact with

the victim via email and chat rooms, ensuring
1. Online stalkers the victim recognizes the harassment. They may
also involve third parties in the harassment.

2. Offline stalkers The cyberstalker may start the attack offline, following
the victim's routine. They then gather information
about the victim online through message boards,
personal websites, and people finding services.
 1.6 Cybercafe and Cybercrimes

90% of cybercafe users in India are male, aged 15-35, with

over 50% being students and 52% graduates/postgraduates.
Cybercafes have been used for terrorist communication and
cybercrimes like bank password theft.
Cybercafes are used for sending harassing obscene emails.
Public computers in cybercafes pose risks of malicious
programs and over-the-shoulder peeping.
It is crucial to understand IT security and governance in
cybercafes.
Indian IT Act (ITA) 2000 interprets cybercafes as "network
service providers" with "due diligence" responsibilities.
Cybercriminals prefer cybercafes for their activities, targeting
 1.7 Botnets: The Fuel for Cybercrime

Botnet: The dictionary meaning of Bot is “(computing) an

automated program for doing some particular tasks, often
over a network.”
Can refer to both malicious software and computers using
distributed computing software.
Bots are automated computer programs that can control your
system if infected with a virus or Malicious Code.
Your seemingly normal computer may be part of a Botnet.
Botnets used for distributing spam, viruses, and conducting
DoS attacks.
Botnet also refers to a group of compromised computers
under hacker control (zombie computers).
 Preventive measures from Bot
1. Use antivirus and anti-Spyware software and
keep it up-to-date
2. Set the OS to download and install security
patches automatically
3. Use a firewall to protect the system from hacking
attacks while it is connected on the Internet:
4. Disconnect from the Internet when you are away
from your computer
5. Downloading the freeware only from websites
that are known and trustworthy
6. Check regularly the folders in the mail box – “sent
items” or “outgoing” – for those messages you did
not send:
7. Take an immediate action if your system is
infected:
 1.8 Attack Vector

Attack vector: Path or means for attackers to gain

access and deliver a malicious outcome.
Attack vectors exploit system vulnerabilities,
including viruses, email attachments, webpages,
pop-ups, instant messages, chat rooms, and
deception.
Firewalls and antivirus software can partially block
attack vectors, but no method is completely attack-
proof.
Attackers constantly update and seek new attack
vectors to gain unauthorized access.
 How the attack vectors are launched?

1. Attack by E-Mail: 2. Attachments: 3. Attack by deception:

• Hostile content in • Malicious attachments • Deception targets

messages can be install harmful computer vulnerable
embedded or linked. code.
users/operators.
• Spam often carries • Opening them triggers
• It includes fraud,
the installation of the
scams, fraud, or scams, hoaxes.
harmful payload.
malicious actions. • Attackers rely on
• Opening them triggers
• Suspicious links the unwitting
the installation of the
offering "free" or harmful payload. cooperation of the
tempting items computer's operator
should be avoided. to succeed.
 How the attack vectors are launched?

4. Hackers: 5. Heedless guests: 6. Attack of the worms:

• Hackers/crackers • Counterfeit • Worms spread

are flexible and websites mimic through email
improvise. attachments or
genuine ones to
• They use hacking network protocols.
extract personal • Remote access
tools, heuristics, and
social engineering to
information. services are
access computers • Often used in vulnerable to network
conjunction with worms.
and accounts.
• Firewalls can block
Spam to lure users.
system worms.
 How the attack vectors are launched?

7. Malicious macros: 8. Foistware (sneakware): 9. Viruses:

• Microsoft Word and Excel • Viruses are

allow macros, which can be • Foistware adds
used maliciously. malicious computer
hidden components
• Internet services like codes that carry a
to the system
instant messaging, IRC, and harmful payload.
P2P file-sharing create cozy secretly.
connections with other • Spyware is a • Virus vectors
computers, increasing common form of include E-Mail
vulnerability. foistware. attachments,
• P2P software can make a
• Foistware is downloaded files,
system more susceptible to
hostile exploits. bundled with worms, and more.
attractive software.
 1.9 Proliferation of Mobile and Wireless Devices
Incredible advances in mobile devices,
with a trend towards smaller size and more
processing power.
Previously, choices were between wireless
phones and simple PDAs, but now options
include high-end PDAs with wireless
modems and small phones with web-
browsing capabilities.
Mobile users have a long list of options
available.
Hand-held mobile devices offer computing
power for applications, games, music, and
voice calls.
Growth of business solutions in hand-held
 Mobile and Wireless Devices

1. Portable 2. Tablet 3. 4. Personal

computer PC Internet digital
tablet assistant

5. 6. 7. 8. Fly
Ultramobil Smartphone Carputer Fusion
e PC Pentop
computer
 1.10 Security Challenges Posed by Mobile Devices

Mobility brings two main challenges to

cybersecurity:
✓ first, on the hand-held devices, information is being
taken outside the physically controlled environment.
✓ second remote access back to the protected
environment is being granted.
Perceptions of the organizations to these
cybersecurity challenges are important in devising
appropriate security operating procedure.
As the number of mobile device users increases, two
challenges are presented:
 1.11 Attacks on Mobile/Cell Phones

Mobile Phone Theft

Mobile Viruses
Mishing
Vishing
Smishing
Hacking Bluetooth
 Attacks on Mobile/Cell Phones

1. Mobile Phone Theft: 2. Mobile Viruses: 3. Mishing:

• Mobile phone theft has • Mobile viruses • Mishing: Mobile

surged in recent years.
• Major theft locations: bus
target phone data and phone + Phishing
stops, railway stations, applications. attacks.
traffic signals in India. • Over 300 mobile
viruses identified
• M-Commerce
• Insurance companies
face false claims and since 2004. users vulnerable
stopped offering mobile • Spread through to Mishing scams.
theft insurance. Bluetooth and MMS
• Losing a phone means
• Attacker uses
communication
losing crucial data like Vishing or
protocols.
contact lists and PII. Smishing
 Attacks on Mobile/Cell Phones

4. Vishing: 5. Smishing: 6. Hacking Bluetooth:

• Vishing: Social • Attackers use

• Smishing: Social
engineering over the software and antenna
engineering via SMS,
phone, often using VoIP, to hack vulnerable
like Phishing.
to gain personal and • Text messages used Bluetooth phones.
financial information for to lure victims into • Hacking tools like
financial gain. revealing personal BlueScanner,
• Combination of Voice information. BlueSniff, BlueBugger,
and Phishing. • Techniques include Bluesnarfer, and
• Vishing targets credit providing phone
card numbers and data BlueDiving exploit
numbers or fake
for ID theft schemes. vulnerabilities.
website URLs..
 1.12 Network and Computer Attacks

1. Malware:
- Designed to disrupt, damage, or gain unauthorized
access to computer systems.
- Self-replicating, spreads rapidly through infected
hosts.
2. Virus:
- Requires user interaction to infect devices, often
through malicious email attachments.
3. Worm:
- Can enter devices without user interaction through
vulnerable network applications.
 1.12 Network and Computer Attacks

4. Botnet:
- Network of infected computers controlled by
attackers for malicious purposes like spamming.
5. DoS (Denial of Service):
- Renders network or host unusable for legitimate
users through various attack methods.
6. DDoS (Distributed DoS):
- Multiple compromised systems attack a single
system to cause a DoS.
 1.12 Network and Computer Attacks
7. Packet sniffer:
- Passive receiver recording every packet passing by,
used for sensitive data interception.
8. IP Spoofing:
- Injecting packets into the Internet with false source
addresses to masquerade as someone else.
9. Man-in-the-Middle Attack:
- Monitoring, capturing, and controlling
communication between two parties.
10. Compromised-Key Attack:
- Attacker obtains a secret key to gain access to
 1.12 Network and Computer Attacks

11. Phishing:
- Fraudulent emails from reputable companies to
trick users into revealing personal information.
12. DNS spoofing:
- Introducing corrupt DNS data into the cache to
return incorrect IP addresses.
13. Rootkit:
- Stealthy packages granting hackers complete
access and control over a system.
Cybercrime is a significant
challenge in the digital world,
with various threats like
malware, phishing, and data
breaches. Prioritizing cybersecurity,
staying informed, and
Summar
implementing strong measures
are essential for safeguarding
y
our systems and creating a safer
digital environment.