Unit-4

Lesson-4
Tools and Methods
Used in Cybercrime
 Chapter 4
Tools and Methods Used in
Cybercrime
Introduction
As the Internet and computer networks are integral parts of information systems, attackers have
in-depth knowledge about the technology and/or they gain thorough knowledge about it.

The basic stages of an attack are:

1. Initial uncovering:
i. In the first step called as reconnaissance, the attacker gathers information, as much as
possible, about the target by legitimate means.
ii. In the second step, the attacker uncovers as much information as possible on the
company’s internal network.
2. Network probe: A “ping sweep” of the network IP addresses is performed to seek out potential
targets, and then a “port scanning” tool is used to discover exactly which services are running on
the target system.
3. Crossing the line toward electronic crime (E-crime): Now the attacker is toward committing
what is technically a “computer crime” by exploiting possible holes on the target system.
4. Capturing the network: At this stage, the attacker attempts to “own” the network. The attacker
gains a foothold in the internal network quickly and easily.
5. Grab the data: Now that the attacker has “captured the network,” he/she takes advantage of
his/her position to steal confidential data, customer credit card information, deface webpages,
alter processes and even launch attacks at other sites from your network.
6. Covering tracks: This is the last step in any cyberattack, which refers to the activities undertaken
by the attacker to extend misuse of the system without being detected.

Electromagnetic Field Theory and Transmission Lines by Gottapu Sasibhushana Rao

Copyright © 2013 Wiley India Pvt. Ltd. All rights reserved.
Proxy Servers and Anonymizers
⮚ Proxy server is a computer on a network which acts as an intermediary for connections with
other computers on that network.
⮚ A proxy server has following purposes:
1. Keep the systems behind the curtain.
2. Speed up access to a resource (through “caching”).
3. Specialized proxy servers are used to filter unwanted content such as advertisements.
4. Proxy server can be used as IP address multiplexer to enable to connect number of computers on
the Internet, whenever one has only one IP address.
⮚ An anonymizer or an anonymous proxy is a tool that attempts to make activity on the Internet
untraceable.
⮚ It accesses the Internet on the user’s behalf, protecting personal information by hiding the
source computer’s identifying information.
Phishing
Phishing is a fake or false e-mail which can infect systems with in addition to stealing personal and
financial data.
How Phishing Works?
<

Phishers work in the following ways: (1) Planning (decide the target), (2) Setup (create methods for
delivering the message and to collect the data about the target), (3) Attack (phisher sends a phony
message), (4) Collection (record the information of victims), (5) Identity theft and fraud (use the
information that they have gathered to make illegal purchases or commit fraud).

Cyber Security by Nina Godbole/Sunit Belapure

Copyright © 2011 Wiley India Pvt. Ltd. All rights reserved.
Password Cracking

Purpose of password cracking

to recover a forgotten password
as a preventive measure by system administrations to check for
easily crackable passwords
to gain unauthorized access to a system

Refer text book to know the steps to follow the Attacker

Password Cracking
Password cracking is a process of recovering passwords from data that have been stored in or
transmitted by a computer system. Examples of guessable passwords include:
1. Blank (none);
2. the words like “password,” “passcode” and “admin”;
3. series of letters from the “QWERTY” keyboard, for example, qwerty, asdf or qwertyuiop;
4. user’s name or login name;
5. name of user’s friend/relative/pet;
6. user’s birthplace or date of birth, or a relative’s or a friend’s;
7. user’s vehicle number, office number, residence number or mobile number;
8. name of a celebrity who is considered to be an idol (e.g., actors, actress, spiritual gurus) by the
user;
9. simple modification of one of the preceding, such as suffixing a digit, particularly 1, or reversing
the order of letters.

Password cracking attacks can be classified under three categories as follows:

1. Online attacks;
2. offline attacks;
3. non-electronic attacks (e.g., social engineering, shoulder surfing and dumpster diving).

Cyber Security by Nina Godbole/Sunit Belapure

Copyright © 2011 Wiley India Pvt. Ltd. All rights reserved.
Online Attacks
⮚ The most popular online attack is man-in-the middle (MITM) attack, also termed as “bucket-brigade
attack” or sometimes “Janus attack.”
⮚ It is a form of active eavesdropping in which the attacker establishes a connection between a victim
and the server to which a victim is connected.
Offline Attacks
⮚ Offline attacks usually require physical access to the computer and copying the password file from
the system onto removable media.
Strong, Weak and Random Passwords
⮚ A weak password is one, which could be easily guessed, short, common and a system default
password that could be easily found by executing a brute force attack and by using a subset of all
possible passwords.
⮚ A strong password is long enough, random or otherwise difficult to guess – producible only by
the user who chooses it.
Random Passwords
⮚ Password is stronger if it includes a mix of upper and lower case letters, numbers and other
symbols, when allowed, for the same number of characters.
⮚ The general guidelines applicable to the password policies are:
Keyloggers and Spywares
⮚ Keystroke logging- practice of noting (or logging) the keys struck on a keyboard.
⮚ Keystroke logger or keylogger is quicker and easier way of capturing the passwords and
monitoring the victims’ IT savvy behavior.
⮚ It can be classified as software keylogger and hardware keylogger.
Cyber Security by Nina Godbole/Sunit Belapure
Copyright © 2011 Wiley India Pvt. Ltd. All rights reserved.
Software Keyloggers
⮚ Software keyloggers are software programs installed on the computer systems which usually are
located between the OS and the keyboard hardware, and every keystroke is recorded.
⮚ A keylogger usually consists of two files that get installed in the same directory: a dynamic link
library (DLL) file and an EXEcutable (EXE) file that installs the DLL file and triggers it to work.
Hardware Keyloggers
⮚ Hardware keyloggers are small hardware devices connected to the PC and/or to the keyboard
and save every keystroke into a file or in the memory of the hardware device.
⮚ These keyloggers look like an integrated part of such systems; hence, bank customers are
unaware of their presence.
Anti Keylogger
⮚ Anti Keylogger is a tool that can detect the keylogger installed on the computer system and also
can remove the tool.
1. Firewalls cannot detect the installations of keyloggers on the systems; hence, anti
keyloggers can detect installations of keylogger.
2. This software does not require regular updates of signature bases to work effectively such
as other antivirus and anti spy programs.
3. Prevents Internet banking frauds.
4. It prevents ID theft.
5. It secures E-Mail and instant messaging/chatting.
Spywares
⮚ Spyware is malicious software secretly installed on the user’s personal computer.
⮚ Spywares such as keyloggers are installed by the owner of a shared, corporate or public
computer on purpose to secretly monitor other users.
Cyber Security by Nina Godbole/Sunit Belapure
Copyright © 2011 Wiley India Pvt. Ltd. All rights reserved.
Virus and Worms
Computer virus is a program that can “infect” legitimate programs by modifying them to include
a possibly “evolved” copy of itself.
Viruses can take some typical actions:
1. Display a message to prompt an action which may set of the virus;
2. delete files inside the system into which viruses enter;
3. scramble data on a hard disk;
4. cause erratic screen behavior;
5. halt the system (PC);
6. just replicate themselves to propagate further harm.
Types of Viruses
Computer viruses can be categorized based on attacks on various elements of the system and
can put the system and personal data on the system in danger.
1. Boot sector viruses
2. Program viruses
3. Multipartite viruses
4. Stealth viruses
5. Polymorphic viruses
6. Macro Viruses
7. Activex and Java Control
⮚ A computer worm is a self-replicating malware computer program which uses a computer
network to send copies of itself to
⮚ other nodes (computers on the network) and it may do so without any user intervention
Cyber Security by Nina Godbole/Sunit Belapure
Copyright © 2011 Wiley India Pvt. Ltd. All rights reserved.
Trojan Horse
⮚ Trojan Horse is a program in which malicious or harmful code is contained inside apparently
harmless programming or data in such a way that it can get control and cause harm.
⮚ Trojans can get into the system in a number of ways, including from a web browser, via E-Mail
or in a bundle with other software downloaded from the Internet.
o Unlike viruses or worms, Trojans do not replicate themselves but they can be equally
destructive.
o On the surface, Trojans appear benign and harmless, but once the infected code is
executed, Trojans kick in and perform malicious functions to harm the computer system
without the user’s knowledge.
Backdoor
⮚ A backdoor is a means of access to a computer program that bypasses security mechanisms.
⮚ A programmer may sometimes install a backdoor so that the program can be accessed for
troubleshooting or other purposes.
⮚ An attackers often use backdoors that they detect or install themselves as part of an exploit.
⮚ In some cases, a worm is designed to take advantage of a backdoor created by an earlier
attack.

How to Protect from Trojan Horses and Backdoors

1. Stay away from suspect websites/weblinks
2. Surf on the Web cautiously
3. Install antivirus/Trojan remover software

Cyber Security by Nina Godbole/Sunit Belapure

Copyright © 2011 Wiley India Pvt. Ltd. All rights reserved.
Steganography
⮚ It is a method that attempts to hide the existence of a message or communication.
⮚ The word “steganography” comes from the two Greek words: steganos meaning “covered”
and graphein meaning “to write” that means “concealed writing.”
Steganalysis
⮚ Steganalysis is the art and science of detecting messages that are hidden in images,
audio/video files using steganography.
⮚ Automated tools are used to detect such steganography data/information hidden in the image
and audio and/or video files.
DoS and DDoS Attacks
⮚ A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is
an attempt to make a computer resource unavailable to its intended users.
DoS Attacks
⮚ The attacker floods the bandwidth of the victim’s network or fills his E-Mail box with Spam mail
depriving him of the services he is entitled to access or provide.
⮚ The goal of DoS is not to gain unauthorized access to systems or data, but to prevent intended
users (i.e., legitimate users) of a service from using it.
1. Flood a network with traffic, thereby preventing legitimate network traffic.
2. Disrupt connections between two systems, thereby preventing access to a service.
3. Prevent a particular individual from accessing a service.
4. Disrupt service to a specific system or person.

Cyber Security by Nina Godbole/Sunit Belapure

Copyright © 2011 Wiley India Pvt. Ltd. All rights reserved.
Attacks on Wireless Networks
Wireless working environment
Types of mobile networkers
1. Tethered/remote worker:At single point of work
2. Roaming User: An employee works in an environment
or in multiple areas
3. Road Warriors: More on mobile. Spend little time in
office.