CYBEROFFENSES :

HOW CRIMINALS PLAN

THEM

DAYANANDA SAGAR ACADEMY OF TECHNOLOGY AND MANGEMENT

 How Criminal Plan
offenses
⚫ Cybercriminal use the internet for illegal
activities to store data, contacts, account
information, etc.
⚫ People who commit cybercrimes are
known as “Crackers”.

DAYANANDA SAGAR ACADEMY OF TECHNOLOGY AND MANGEMENT

 Hackers, Crackers and
Phreakers

⚫ A hacker is a person with strong interest in

computers who enjoys learning and
experimenting with them.
⚫ Hackers are usually very talented, smart
people who understand computers better
than others.

DAYANANDA SAGAR ACADEMY OF TECHNOLOGY AND MANGEMENT

 Brute force hacking

⚫ It is a technique used to find passwords or

encryption keys. Brute force hacking
involves trying every possible
combination of letters, numbers, etc until
the code is broken.

DAYANANDA SAGAR ACADEMY OF TECHNOLOGY AND MANGEMENT

 Cracker

⚫ A cracker is a person who breaks into

computers. Crackers should not be
confused with hackers.
⚫ The term cracker is usually connected to
computer criminals.

DAYANANDA SAGAR ACADEMY OF TECHNOLOGY AND MANGEMENT

 Cracking

⚫ It is the act of breaking into computers.

Cracking is popular, growing subject on the
internet. Many sites are devoted to
supplying crackers with programs that
allow them to crack computers.
 Phreaking

⚫ This is the notorious art of breaking

into communication system.
Phreaking sites are popular among
crackers and other criminals.
 How Criminals plan the
attacks
⚫ Criminals use many methods and tools
to locate weakness(vulnerability) of
their target.
⚫ Criminals plan passive and active
attacks.
⚫ Active attacks are usually used to alter
the system whereas passive attacks
attempt to gain information about the
target.
⚫ In addition to the active and passive
categories, attacks can be categorized
 Inside Attack

⚫ An attack originating and/or attempted

within the security perimeter of an
organization is an inside attack.

⚫ It is usually attempted by an “insider”

who gains access to more resources than
expected.
 Outside
Attack
⚫ An outside attack is attempted by a source
outside the security perimeter.
⚫ It may be attempted by an insider
and/or an outsider.
⚫ It is attempted through the Internet or a
remote access connection.
 Phases involved in planning
cybercrime

1. Reconnaissance (information gathering)

is the first phase and is treated as
passive attacks.
2. Scanning the gathered information for
the validity of the information as well as
to identify the existing weakness.
3. Launching an attack.
 Phase
1
⚫ The meaning of Reconnaissance is an
act of reconnoitering – explore, often
with the goal of finding something or
somebody.
⚫ Reconnaissance phase begins with
“Footprinting”.
⚫ Footprinting is the preparation toward
preattack phase.
 Continue
…
⚫ Footprinting gives an overview about
system weakness and provides a judgment
about “How to break this?”.
⚫ The objective of this phase is to
understand the system, its networking
ports and services, and any other aspects
of its security.
 ⚫Passive Attack :

 In computer security, attempt to steal information

stored in a system by electronic wiretapping or
similar means.
 Although, in contrast to active attack, passive
attack does not attempt to interfere with the
stored data, it may still constitute a criminal
offense.
A passive attack involves gathering
information about a target without
his/her knowledge. Information can be
gathered from :
⯍ It is usually done using Internet
searches or by Googling. They use
Google Earth to locate information about
employees.
⯍ Surfing online community groups like
orkut/facebook will prove useful to gain
the information about an individual.
 Continue
…
⯍Organization’s website may provide a personnel
directory or
information about key employees.
⯍ Bolgs, newgroups, press releases, etc. are
generally used as the mediums to gain
information about the company or employee.
⯍ Going through the job postings in particular job
profiles for
technical persons.
 Network sniffing is another means of passive

attack to yield useful information such as IP,

hidden servers or networks.
 Tools used for Passive Attack

⚫ Google Earth
⚫ WHOIS
⚫ Nslookup (name server lookup)
⚫ Dnsstuff
⚫ eMailTrackerPro
⚫ Website Watcher
 ⚫Active Attack

 Incomputer security, persistent

attempt to introduce invalid data
into a system, and/or to damage or
destroy data already stored in it. In
many countries, it is a criminal
offense to attempt any such action.
 Port Scanning
⚫ A port is place where information goes
into and out of a computer.
⚫ Ports are entry/exit points that any
computer has, to be able to
communicate with external machines.
⚫ Each computer is enabled with three
or more external ports.
⚫ Port scanning is an act of
systematically scanning a
computer’s ports.
 Phase – 2 : Scanning and
Scrutinizing gathered
information
⚫ Scanning is a key step to examine
intelligently while gathering information
about the target. The objectives of scanning
are as follows :
 Port Scanning :
⯍ Identify open/close ports and services.
 Network scanning :
⯍ Understand IP addresses and related information about
the computer network system.
 Vulnerability scanning :
⯍ Understand the existing weaknesses in the system.
⚫ The scrutinizing (inspecting) phase is
called “enumeration” (listing) in the
hacking world.

⚫ The objective behind this step is to

identify :
 The valid user accounts or groups;
 Network resources and/or shared resources;
 OS and different applications that are running on
the OS.
⚫ Note : Usually most of the attackers
consume 90% of the time in scanning,
scrutinizing and gathering information on a
target and 10% of the time in launching
 Phase 3 : Attack

⚫ The attack is launched using the following

steps :
 Crack the password;
 Exploit the privileges;
 Execute the malicious command/applications;
 Hide the files (if required);
 Cover the tracks – delete the access logs, so that
there is no trail illicit activity.
 Social Engineering
⚫ Social engineering is the “technique to
influence” people to obtain the information.
⚫ It is generally observed that people are the
weak link in security and this principle
makes social engineering possible.
⚫ Social engineering involves gaining
sensitive information or unauthorized
access privileges by building inappropriate
trust relationships with insiders.
Classification of Social
Engineering
⚫ Human Based Social
Engineering

⚫ Computer Based Social

Engineering
Human Based Social
Engineering
⚫ Human based social engineering refers
to person-to-person interaction to get
information.
 Impersonating an employee or valid user
 Posing as an important user
 Using a third person
 Calling technical support
 Shoulder surfing
 Dumpster diving
Computer Based Social
Engineering

⚫ Computer based social engineering

refers to an attempt made to get the
required information by using computer
software/internet.

 Fake E-mail
 E-mail attachments
 Pop-up windows
 Cyberstalking

⚫ Stalking is an “act or process of following

victim silently – trying to approach
somebody or something”
⚫ Cyberstalking has been defined as the
use of information and communications
technology of individuals to harass
another individual.
 Types of
Stalkers
⚫ There are primarily two types of stalkers.
 Online stalkers

 Offline stalkers

⚫ Online stalkers :
 They aim to start the interaction with the victim

directly with the help of the internet (email/Chat

Room).
 The stalker makes sure that the victim recognizes

the attack attempted on him/her.

 The stalker can make use of a third party to harass

the victim.
⚫ Offline stalkers :
 The stalker may begin the attack using traditional

methods such as following victim, watching the

daily routine of the victim, etc.
 For ex. Use of community sites, newsgroups, social

websites,
personal websites.
 The victim is not aware that the Internet has

been used to achieve an attack against them.

 Cases reported on
Cyberstalking
⚫ The majority of cyberstalking are men
and the majority of their victims are
women.
⚫ In many cases, the cyberstalker is ex-
lover, ex- spouse, boss/subordinate, and
neighbor.
⚫ There also have been cases about strangers
who are cyberstalkers.
 How Stalking works?
⚫ Personal information gathering about the
victim;
⚫ Establish a contact with victim through
telephone/cell phone. Once the contact is
established, the stalker may make calls to
the victim to harass.
⚫ Stalkers always establish a contact with
victim through e-mail.
⚫ The stalker may post the victim’s personal
information as sex workers’ service or dating

service. The stalker will use bad/attractive

language to invite the interested persons.
⚫ Whosoever comes across the information,
starts calling victim and asking for sexual
services or relationship.
⚫ Some stalkers subscribe the e-mail account of
the victim to innumerable pornographic and
sex sites.
 Real Life Example

⚫ The indian police have registered first

case of cyberstalking in Delhi.
⚫ Mrs. Joshi received almost 40 calls in
3 days mostly at odd hours.
⚫ Mrs. Joshi decided to register a
complaint with Delhi police.
⚫ A person was using her ID to chat
over the Internet at the website
www.mirc.com.
 Cybercafe and
Cybercrimes

⚫ In February 2009 survey, 90% of the

audience across eight cities and 3500
cafes were male and in the age group
of 15-35 years;
⚫ 52% were graduates and postgraduates
⚫ Almost 50% were students.
⚫ In India, cybercafes are known to be
used for either real or false terrorist
communication.
⚫ Cybercafe hold two types of risks :
1. We do not know what programs are installed on
the
computer like keyloggers or spyware.

2. Over the shoulder peeping can enable others to

find out your passwords.
⚫ Cybercriminals prefer cybercafes to carry
out their activities.
⚫ A recent survey conducted in one of
the metropolitan cities in India
reveals the following facts :
1. Pirated softwares are installed in
all the computers.
2. Antivirus was not updated with
latest patch.
3. Several cybercafes has installed “Deep
Freeze” to protect computer which
helps cybercriminals.
4. Annual Maintenance Contract (AMC)
was not found for servicing of the
computer.
5. Pornographical websites were not
blocked.
6. Cybercafe owner have very less
awareness about IT security.

7. Cybercafe association or State Police

do not seem to conduct periodic visits
to cybercafe.
 Security tips for
cybercafe
⚫ Always Logout
 While checking email or logging in for chatting,

always click
logout/sign out.
⚫ Stay with the computer
 While surfing, don’t leave the system unatteneded

for any period of time.

⚫ Clear history and temporary files
 Before browsing deselect AutoComplete option.

Browser -
> Tools -> Internet options -> Content tab.
 Tools -> Internet Option -> General Tab ->

Temporary Internet Files -> Delete files and

⚫ Be alert
 One have to be alert for snooping over the shoulder.

⚫ Avoid online financial transactions

 One should avoid online banking, shopping, etc.

 Don’t provide sensitive information such as credit

card
number or bank account details.
⚫ Change Passwords / Virtual Keyboard
 Change password after completion of transaction.

 Almost every bank websites provide virtual keyboard.

⚫ Security Warnings
 Follow security warning while accessing any bank

websites.
 Botnet
⚫ The meaning of botnet is “an
automated program for doing some
particular task, over a network”.
⚫ Botnet term is used for collection of
software that run autonomously and
automatically.
⚫ Botnets are exploited for various
purposes, including denial-of-service
attacks, creation or misuse of SMTP mail
relays for spam, click fraud, and financial
information such as credit card numbers.
⚫ In short, a botnet is a network of
computers infected with a malicious
program that allows cybercriminals to
control the infected machines remotely
without the users’ knowledge.
⚫ A Botnet is also called a zombie
network.
 How a botnet is created and
used
⚫ A botnet operator sends out viruses or
worms, infecting ordinary users' computers,
whose payload is a malicious application—
the bot.
⚫ The bot on the infected PC logs into a
particular C&C server (often an IRC server,
but, in some cases a web server).
⚫ A spammer purchases the services of the
botnet from the operator.

⚫ The spammer provides the spam messages to

the operator, who instructs the compromised
machines via the IRC server, causing them to
send out spam messages.
 Use of Botnet

⚫ If someone wants to start a business and has

no programming skills, there are plenty of
“Bot for Sale” offers on forums.
⚫ Encryption of these program’s code can also
be ordered to protect them from detection by
antivirus.
 Botne
t
creatio
n

Botne
Botnet
t
rentin selling
g

Malware Stealing
Phishin
Ddos Spam and confidenti Spamdexi
g
attacks attacks Adware al ng
attack
installation informatio
s
n

Selling
Selling Selling
internet
credit card personal
services
and bank identity
and shops
account informatio
account
details n
 Points to secure the
system :
⚫ Use antivirus and anti-Spyware software and
keep it up-to-date.
⚫ Set the OS to download and install security
patches automatically.
⚫ Use a firewall to protect the system from
hacking attacks while it is connected on the
internet.
⚫ Disconnected from the internet when you are
away from your computer.
⚫ Downloading the freeware only from
websites that are known and trustworthy.
⚫ Check regularly the folders in the mail
box for those messages you did not
send.
⚫ Take an immediate action if your
system is infected.
 Attack Vector
⚫ An attack vector is a path by which an
attacker can gain access to a computer or
to a network server to deliver a payload.
⚫ Attack vectors enable attackers to exploit
system vulnerability.
⚫ Attack vectors include viruses, e-mail
attachments, webpages, pop-up windows,
instant messages, and chat rooms.
⚫ The most common malicious payloads are
viruses, trojan horses, worms and spyware.

⚫ Payload means the malicious activity that the

attack performs.
⚫ How attack launched ?
 Attack by e-mail
 Attachment
 Attack by deception
 Hackers
 Heedless guests
 Attack of worms
 Malicious macros
 Virues
 Cybercrime and Cloud
Computing
⚫ Prime area of the risk in cloud
computing is protection of user data.
⚫ Risk associated with cloud computing
environment are :
WHY CLOUD
COMPUTING
TYPES OF CLOUD SERVICES
 Risk How to Remediate the
Risk?
Any data processed
outside the organization Customer should obtain as
brings with it an much information as he/she
inherent level of risk. can about the service
provider.
Cloud computing
service providers are The organization is entirely
not able and/or not responsible for the
willing to undergo security and integrity of
external assessments. their own data, even when
The organizations that are it is held by ashould
Organization serviceensure
obtaining cloud computing provider.
that the service provider is
services may not be aware committed to obey local
about where the data is privacy requirements on
hosted and may not even behalf of the organization
know in which country it to store and process the
is hosted. data in the specific
 Organization should be
As the data will be aware of the
stored under stored arrangements made
environment, by the service
encryption mechanism provider about
should be strong segregation of the
enough to segregate data. The service
(separate) the data provider should display
from another encryption schemes.
Service provider
organization, whose have to provide
data are also stored complete restoration
under the same server. of data within
Business continuity in minimum timeframe.
case of any disaster.
 Due to complex IT
environment and Organization should
several customer enforce the provider
logging out
in and to provide security
logging of the violation
hosts, it becomes logs at frequent
difficult to trace intervals.
inappropriate and
illegal activity.
In case of any major Organization should
change in the cloud ensure
getting their data in
computing service case of such major
provider, the service event.
provided is at the
stake.
 Question
s

⚫ Explain difference between passive and

active attack.
⚫ What is social engineering? Explain each
type of social engineering in detail.
⚫ What is cyberstalking?
⚫ What is botnet? How it works?
• OR

⚫ How do viruses get disseminated? Explain

with diagram.
⚫ What is Attack Vector? How different
attacks launched with attack vector.
⚫ What is cloud computing? List and explain
type of services of cloud computing?
⚫ What is cloud computing? Explain types
of cloud and also list the advantages of
cloud computing.
⚫ Explain cloud computing and cybercrime.