Scribd
Upload
25 views46 pages

Unit 5 Part 1

Uploaded by

akkaruppusamy123kanesh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
25 views46 pages

Unit 5 Part 1

Uploaded by

akkaruppusamy123kanesh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 46

Unit 5

https://www.scribd.com/document/661638611/WILEY-INDIA-Cyber-Security-Understanding-Cy
ber-Crimes-Computer-Forensics-and-Legal-Perspectives-Nina-Godbole-Sunit-Belapure-Kamles
h-Bajaj-2011
Cyber Crime
Key Points

● Cybercrime is criminal activity that either targets or uses a computer, a


computer network or a networked device.
● Most cybercrime is committed by cybercriminals or hackers who want to
make money. However, occasionally cybercrime aims to damage
computers or networks for reasons other than profit. These could be
political or personal.
● Cybercrime can be carried out by individuals or organizations. Some
cybercriminals are organized, use advanced techniques and are highly
technically skilled. Others are novice hackers.
Classification of Cyber Crimes 3. Cybercrime against Organization

a. Unauthorized Computer Access


1. Cybercrime against
b. Password Sniffing
Individual c. Denial of Service attacks
a. Email Spoofing d. Virus Attack
b. Phishing e. Email Bombing
c. Spamming f. Salami Attack
d. Cyber Defamation g. Logic Bomb
e. Cyberstalking and h. Trojan Horse
harassment i. Data Diddling
f. Computer Sabotage j. Crimes from usenet group
g. Pornographic Offences k. Industrial Spying
h. Password Sniffing l. Computer Network Intrusion
m. Software Piracy
2. Cybercrime against Property
4. Cybercrime against society
a. Credit card fraud
b. Intellectual Property Crime a. Forgery
c. Internet Time Theft b. Cyber Terrorism
c. Web Jacking
1. Email Spoofing
2. Phishing
3. Spamming
3. Spamming - Search Engine

1. Repeating Keywords
2. Use of non-related keywords
3. REdirection
4. Use of colored Text
5. Hidden Links
6. Duplication of pages with different URLS
7. Use of different pages that direct to same URL
4. Cyber Defamation
5. Cyber Stalking and Harassment
Password Cracking - to recover the password from
data that has been stored or transmitted
Why it is needed?
1. To recover forgotten password
2. To check for security of passwords at organization level.
3. To gain unauthorized access into someone’s else account
How manual cracking is tried?
1. Choose a random account.
2. Create list of possible passwords
3. Try logging in with each passwords until the login is successful
Very easy guesses:
1. DOB
2. Place of birth
3. Mobile Number
4. Fathers name
5. Vehicle number
6. Simple words like password, open etc.
General Rules for Password Confidentiality

1. Each user should have unique login credentials.


2. Password should be strong. Rules must be enforced by website to
ensure strong passwords.
3. Passwords should not be shared with anyone
4. Passwords should be changed regularly.
5. User accounts inactive for specific time frame should be suspended.
6. User accounts after specific session duration should ask for re-login.
7. Continuous wrong password tries should lock the account.
8. Passwords should not be shared with anyone.
9. For high risk system, any violation should be reported to concerned
person.
How Keystroke Logging Works

● Keystroke logging is an act of tracking and recording every keystroke entry


made on a computer, often without the permission or knowledge of the
user. A “keystroke” is just any interaction you make with a button on your
keyboard.
● Keystrokes are how you “speak” to your computers. Each keystroke
transmits a signal that tells your computer programs what you want them to
do.
● These commands may include:
○ Length of the keypress
○ Time of keypress
○ Velocity of keypress
○ Name of the key used
Software Key logger
Anti Key Logger

● An anti-keylogger is a type of software or security tool designed to


detect and prevent the activity of keyloggers on a computer or
device.
● The primary purpose of anti-keyloggers is to protect sensitive
information such as passwords, usernames, credit card numbers,
and other confidential data from being captured and recorded by
malicious keylogging software.
Spywares

● Spyware is malicious software that enters a user’s computer, gathers data from the
device and user, and sends it to third parties without their consent. A commonly accepted
spyware definition is a strand of malware designed to access and damage a device
without the user’s consent.
● Spyware collects personal and sensitive information that it sends to advertisers, data
collection firms, or malicious actors for a profit. Attackers use it to track, steal, and sell
user data, such as internet usage, credit card, and bank account details, or steal user
credentials to spoof their identities.
● Spyware is one of the most commonly used cyberattack methods that can be difficult for
users and businesses to identify and can do serious harm to networks. It also leaves
businesses vulnerable to data breaches and data misuse, often affects device and
network performance, and slows down user activity.
How spyware works?
Types of Impact
SQL Injection Attack

● SQL Injection (SQLi) is a type of an injection attack that makes it


possible to execute malicious SQL statements. These statements
control a database server behind a web application.
● Attackers can use SQL Injection vulnerabilities to bypass application
security measures. They can go around authentication and
authorization of a web page or web application and retrieve the content
of the entire SQL database.
● They can also use SQL Injection to add, modify, and delete records in
the database.
● An SQL Injection vulnerability may affect any website or web
application that uses an SQL database such as MySQL, Oracle etc
Steps

1. The attacker looks for the webpages that allow submitting data, that is, login page,
search page, feedback, etc. The attacker also looks for the webpages that display the
HTML commands such as POST or GET by checking the site's source code.
2. To check the source code of any website, right click on the webpage and click on "view
source" ,source code is displayed in the notepad. The attacker checks the source code
of the HTML, and look for "FORM" tag in the HTML code. Everything between the
<FORM> and </FORM> have potential parameters that might be useful to find the
vulnerabilities.
3. The attacker inputs a single quote under the text box provided on the webpage to accept
the username and password. This checks whether the user-input variable is sanitized or
interpreted literally by the server. If the response is an error message such as use
"a"="a" (or something similar) then the website is found to be susceptible to an SQL
injection attack.
4. The attacker uses SQL commands such as SELECT statement command to retrieve
data from the database or INSERT statement to add information to the database.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy