Intoroduction To Cyber Security Notes

Dayananda Sagar College of Engineering,
Bangalore
Dayananda Sagar College of Engineering
(An Autonomous Institute Affiliated to VTU, Belagavi)
Shavige Malleshwara Hills, Kumaraswamy Layout, Bengaluru-560078
DEPARTMENT OF INFORMATION SCIENCE
Course name: Introduction to Cyber Security

Course code for the stream: 22ETC15I
UNIT-01
Introduction to Cybercrime
2022-23
1
Bangalore
UNIT-01
Learning Objectives
End of this unit, you will be able to:

 Learn what cybercrime is and appreciate the importance of cybercrime as a topic.
 Understand the different types cybercrime.
 Understand the difference between cybercrime and cyberfraud.
 Learn about different types of cybercriminals and the motives behind them
 Get an overview of cybercrime scenario in India and global
 Understand legal perspective on cybercrime.
INTRODUCTION
 The internet in India is growing rapidly. It has given rise to new opportunities
in every field we can think of be it entertainment, business, sports or education.
 There’re two sides to a coin. Internet also has it’s own disadvantages is Cyber crime-
illegal activity committed on the internet.
DEFINING CYBER CRIME

 Crime committed using a computer and the internet to steal data or information.
 Illegal imports.
 Malicious programs
Cybercrime is not a new phenomena

The first recorded cybercrime took place in the year 1820.
In 1820, JosephMarie Jacquard, a textile manufacturer in France, produced the loom.
This device allowed the repetition of a series of steps in the weaving of special fabrics.
This resulted in a fear amongst Jacquard's employees that their traditional employment
and livelihood were being threatened. They committed acts of sabotage to discourage
Jacquard from further use of the new technology. This is the first recorded cyber crime!
Alternative definitions for cybercrime
⚫ Any illegal act where a special knowledge of computer technology is essential for its
perpetration, investigation or prosecution
Bangalore
⚫ Any traditional crime that has acquired a new dimension or order of magnitude
through the aid of a computer, and abuses that have come into being because of
computers
⚫ Any financial dishonesty that takes place in a computer environment.
⚫ Any threats to the computer itself, such as theft of hardware or software, sabotage
and demands for ransom
“Cybercrime (computer crime) is any illegal behavior, directed by means of electronic

operations, that target the security of computer systems and the data processed by
them”.
Hence cybercrime can sometimes be called as computer-related crime, computer
crime, E-crime, Internet crime, High-tech crime.
A crime committed using a computer and the internet to steal a person’s identity(identity
theft) or sell contraband or stalk victims or disrupt operations with malevolent programs.
Crimes completed either on or with a computer
Any illegal activity through the Internet or on the computer.
All criminal activities done using the medium of computers, the Internet, cyberspace and
the WWW.
Cybercrime refers to the act of performing a criminal act using cyberspace as

communication vehicle.
⚫ Two types of attacks are common:
⚫ Techno- crime: Active attack
⚫ Techno Crime is the term used by law enforcement agencies to denote
criminal activity which uses (computer) technology, not as a tool to
commit the crime, but as the subject of the crime itself. Techno Crime
is usually pre-meditated and results in the deletion, corruption,
alteration, theft or copying of data on an organization's systems.
⚫ Techno Criminals will usually probe their prey system for
weaknesses and will almost always leave an electronic 'calling card'
to ensure that their pseudonym identity is known.
⚫ Techno – vandalism: Passive attack
⚫ Techno Vandalism is a term used to describe a hacker or cracker who
breaks into a computer system with the sole intent of defacing and or
destroying its contents.
⚫ Techno Vandals can deploy 'sniffers' on the Internet to locate soft
(insecure) targets and then execute a range of commands using a
variety of protocols towards a range of ports. If this sounds complex - it
is! The best weapon against such attacks is a firewall which will hide
Bangalore and
Bangalore
disguise your organization's presence on the Internet.
Cybercrime and information security

⚫ Lack of information security give rise to cybercrime
⚫ Cybersecurity: means protecting information, equipment, devices, computer,
computer resource, communication device and information stored therein
from unauthorized access, use, disclosure, disruption, modification or
destruction.
Challenges for securing data in business perspective
⚫ Cybercrime occupy an important space in information security due to their impact.

⚫ Most organizations do not incorporate the cost of the vast majority of
computer security incidents into their accounting
⚫ The difficulty in attaching a quantifiable monetary value to the corporate data and
yet corporate data get stolen/lost
⚫ Financial loses may not be detected by the victimized organization in case of
Insider attacks : such as leaking customer data
Who are Cybercriminals?
⚫ Are those who conduct acts such as:

⚫ Child pornography
⚫ Credit card fraud
⚫ Cyberstalking
⚫ Defaming another online
⚫ Gaining unauthorized access to computer systems
⚫ Ignoring copyrights
⚫ Software licensing and trademark protection
⚫ Overriding encryption to make illegal copies
⚫ Software piracy
⚫ Stealing another’s identity to perform criminal
acts Categorization of Cybercriminals
⚫ Type 1: Cybercriminals- hungry for recognition

Bangalore
⚫ Hobby hackers
⚫ A person who enjoys exploring the limits of what is possible, in a spirit
of playful cleverness. May modify hardware/ software
⚫ IT professional(social engineering):
⚫ Ethical hacker
⚫ Politically motivated hackers :
⚫ promotes the objectives of individuals, groups or nations supporting a
variety of causes such as : Anti globalization, transnational conflicts and
protest
⚫ Terrorist organizations
⚫ Cyberterrorism
⚫ Use the internet attacks in terrorist activity
Large scale disruption of computer networks , personal computers attached to internet
via viruses.
Type 2: Cybercriminals- not interested in recognition

⚫ Psychological perverts
⚫ Express sexual desires, deviates from normal behavior
⚫ Financially motivated hackers
⚫ Make money from cyber attacks
⚫ Bots-for-hire: fraud through phishing, information theft, spam and
extortion
⚫ State-sponsored hacking
⚫ Hacktivists
⚫ Extremely professional groups working for governments
⚫ Have ability to worm into the networks of the media, major
corporations, defense departments
Type 3: Cybercriminals- the insiders

⚫ Disgruntled or former employees seeking revenge
⚫ Competing companies using employees to gain economic advantage through
damage and/ or theft.
Motives behind cybercrime
⚫ Greed
⚫ Desire to gain power
⚫ Publicity
Bangalore
⚫ Desire for revenge
⚫ A sense of adventure
⚫ Looking for thrill to access forbidden information
⚫ Destructive mindset
⚫ Desire to sell network security services
Classification of cybercrimes
1. Cybercrime against an individual
2. Cybercrime against property
3. Cybercrime against organization
4. Cybercrime against Society
5. Crimes emanating from Usenet newsgroup
1. Cybercrime against an individual
⚫ Electronic mail spoofing and other online frauds
⚫ Phishing, spear phishing
⚫ spamming
⚫ Cyber defamation
⚫ Cyberstalking and harassment
⚫ Computer sabotage
⚫ Pornographic offenses
⚫ Password sniffing
2. Cybercrime against property
⚫ Credit card frauds
⚫ Intellectual property( IP) crimes
⚫ Internet time theft
3. Cybercrime against organization
⚫ Unauthorized accessing of computer
⚫ Password sniffing
⚫ Denial-of-service attacks
⚫ Virus attack/dissemination of viruses
⚫ E-Mail bombing/mail bombs
⚫ Salami attack/ Salami technique
⚫ Logic bomb
⚫ Trojan Horse
⚫ Data diddling
Bangalore
⚫ Industrial spying/ industrial espionage
⚫ Computer network intrusions
⚫ Software piracy
4. Cybercrime against Society
⚫ Forgery
⚫ Cyberterrorism
⚫ Web jacking
5. Crimes emanating from Usenet newsgroup
⚫ Usenet groups may carry very offensive, harmful, inaccurate material
⚫ Postings that have been mislabeled or are deceptive in another way
⚫ Hence service at your own risk
E-Mail Spoofing
⚫ E-mail spoofing is the forgery of an e-mail header so that the message appears
to have originated from someone or somewhere other than the actual source.
⚫ To send spoofed e-mail, senders insert commands in headers that will alter
message information.
⚫ It is possible to send a message that appears to be from anyone, anywhere,
saying whatever the sender wants it to say.
⚫ Thus, someone could send spoofed e-mail that appears to be from you with a
message that you didn't write.
⚫ Sending an email to a person by impersonating another person’s email id is known
as email spoofing. In this method, even though the sender’s email id is visible as
[email protected], in reality, it belongs to [email protected]. For example, John has
a argument with his boss Henry and he lost his face in front of his colleagues. To
avenge his loss of reputation he sent emails with bad messages to other employees
and board of directors of the company by impersonating Henry.
Spamming
⚫ People who create electronic spam : spammers
⚫ Spam is abuse of electronic messaging systems to send unsolicited bulk
messages indiscriminately
⚫ Spamming may be
⚫ E-Mail Spam
⚫ Instant messaging spam
⚫ Usenet group spam
⚫ Web search engine spam
⚫ Spam in blogs, wiki spam
Bangalore
⚫ Online classified ads spam
⚫ Mobile phone messaging spam
⚫ Internet forum spam
⚫ Junk fax spam
⚫ Social networking spam
⚫ Spamming is difficult to control
⚫ Advertisers have no operating costs beyond the management of their mailing lists
⚫ It is difficult to hold senders accountable for their mass mailings
⚫ Spammers are numerous
Cyber defamation
⚫ The tort of cyber defamation is considered to be the act of defaming, insulting,
offending or otherwise causing harm through false statements pertaining to an
individual in cyberspace.
⚫ Example: someone publishes defamatory matter about someone on a website or sends
an E-mail containing defamatory information to all friends of that person.
It may amount to defamation when-
⚫ If imputation to a deceased person would harm the reputation of that person, and is
intended to be hurtful to the feelings of his family or other near relatives
⚫ An imputation is made concerning a company or an association or collection of
people as such.
⚫ An imputation in the form of an alternative or expressed ironically
⚫ An imputation that directly or indirectly, in the estimation of others, lowers the moral
or intellectual character of that person, or lowers the character of that person in
respect of his caste or of his calling, or lowers the credit of that person.
Types of defamation
⚫ Libel : written defamation
⚫ Slander: oral defamation
⚫ The plaintiff must have to show that the defamatory statements were unlawful and
would indeed injure the person’s or organization’s reputation.
⚫ When failed to prove, the person who made the allegations may still be held
responsible for defamation.
Cyber defamation cases
⚫ In first case of cyber defamation in India (14 dec 2009),
⚫ the employee of a corporate defamed its reputation was sending
derogatory and defamatory emails against the company and its managing
directors
⚫ In this case the Court(Delhi court) had restrained the defendant from
Bangalore
sending derogatory, defamatory, obscene, vulgar, humiliating and abusive
emails.
Bangalore
⚫ The court passed as important ex-parte injunction.
⚫ In another case, accused posted obscene, defamatory and annoying message about
a divorcee woman and also sent emails to the victim.
⚫ The offender was traced and was held guilty of offences under section 469,
509 IPC and 67 of IT Act, 2000.
⚫ Other defamation cases:
⚫ A malicious customer review by a competitor could destroy a small business.
⚫ A false accusation of adultery on a social networking site could destroy
a marriage.
⚫ An allegation that someone is a “crook” could be read by a potential
employer or business partner
Internet Time Theft

⚫ Occurs when an unauthorized person uses the Internet hours paid for by
another person
⚫ Comes under hacking
⚫ The person get access to someone else’s ISP user ID and password, either by
hacking or by gaining access to it by illegal means
⚫ And uses the internet without the other person’s knowledge
⚫ This theft can be identified when Internet time is recharged often, despite
infrequent usage.
⚫ This comes under “identity theft”
Salami attack/ salami technique

This attack is for committing financial fraud. The salami attack involves a malicious
developed or a hacker who has access to the code base of a target application. The code is
modified such that on every transaction a negligible amount (for example Rs. 2) is shaved
off from the consumer’s account. The individual consumer might not notice the amount
debited as it is negligible. But if we consider a large number of consumers or buyers, the
amount is huge and is a significant benefit to the developer or the hacker.
Data diddling
⚫ Data diddling involves changing data input in a computer.
⚫ In other words, information is changed from the way it should be entered by a
person typing in the data.
⚫ Usually, a virus that changes data or a programmer of the database or application
has pre-programmed it to be changed.
⚫ For example, a person entering accounting may change data to show their account,
or that or a friend or family member, is paid in full. By changing or failing to enter
Bangalore
the
Bangalore
information, they are able to steal from the company.
⚫ To deal with this type of crime, a company must implement policies and internal
controls.
⚫ This may include performing regular audits, using software with built-in features
to combat such problems, and supervising employees.
Forgery
⚫ The act of forging something, especially the unlawful act of counterfeiting
a document or object for the purposes of fraud or deception.
⚫ Something that has been forged, especially a document that has been copied
or remade to look like the original.
⚫ Counterfeit currency notes, postage, revenue stamps, mark sheets, etc., can be
forged using sophisticated computers, printers and scanners.
Web jacking
⚫ This term is derived from the term hi jacking.
⚫ In these kinds of offences the hacker gains access and control over the web site
of another.
⚫ He may even change the information on the site.
⚫ The first stage of this crime involves “password sniffing”.
⚫ The actual owner of the website does not have any more control over what appears
on that website
⚫ This may be done for fulfilling political objectives or for money
Industrial spying/ Industrial Espionage
⚫ Industrial espionage is the covert and sometimes illegal practice of
investigating competitors to gain a business advantage.
⚫ The target of investigation might be a trade secret such as a proprietary
product specification or formula, or information about business plans.
⚫ In many cases, industrial spies are simply seeking any data that their
organization can exploit to its advantage.
Hacking
Every act committed toward breaking into a computer and/ or network is hacking.
Purpose
⚫ Greed
⚫ Power
⚫ Publicity
⚫ Revenge
⚫ Adventure
Bangalore
⚫ Desire to access forbidden information
⚫ Destructive mindset
History of hacking
⚫ hacking is any technical effort to manipulate the normal behavior of
network connections and connected systems.
⚫ A hacker is any person engaged in hacking.
⚫ The term "hacking" historically referred to constructive, clever technical work
that was not necessarily related to computer systems.
⚫ M.I.T. engineers in the 1950s and 1960s first popularized the term and concept of
hacking.
⚫ the so-called "hacks" perpetrated by these hackers were intended to be harmless
technical experiments and fun learning activities.
⚫ Later, outside of M.I.T., others began applying the term to less honorable pursuits for
example, several hackers in the U.S. experimented with methods to modify
telephones for making free long-distance calls over the phone network illegally.
⚫ As computer networking and the Internet exploded in popularity, data networks
became by far the most common target of hackers and hacking.
Pornographic offenses: Child pornography
⚫ Means any visual depiction, including but not limited to the following:
1. Any photograph that can be considered obscene and/ or unsuitable for the
age of child viewer.
2. Film ,video, picture;
3. Obscene Computer generated image or
picture How do they Operate
1. Pedophiles use false identity to trap the children/teenagers
2. Pedophiles contact children/teens in various chat rooms which are used
by children/teen to interact with other children/teen.
3. Befriend the child/teen.
4. Extract personal information from the child/teen by winning his confidence.
5. Gets the e-mail address of the child/teen and starts making contacts on
the victims e-mail address as well.
6. Starts sending pornographic images/text to the victim including child
pornographic images in order to help child/teen shed his inhibitions so that
a feeling is created in the mind of the victim that what is being fed to him is
normal and that everybody does it.
7. Extract personal information from child/teen
Bangalore
8. At the end of it, the pedophile set up a meeting with the child/teen out of the
house and then drag him into the net to further sexually assault him or to
use him as a sex object.
Software Piracy
Cybercrime investigation cell of India defines “software piracy” as theft of software through
illegal copying of genuine programs or the counterfeiting and distribution of products
intended to pass for the original. Some of the examples for software piracy are:
 end user copying
 hard disk loading with illicit means (by hard disk vendors)
 counterfeiting (large-scale duplication and distribution)
 illegal downloads from the Internet
The consequences of buying or downloading pirated material are:
 getting untested software that is already copied thousands of times
 may potentially contain hard drive infecting virus
 no technical support in case of software failure
 no warranty protection
 no legal right to use the product
Buying Pirated software have a lot to
lose:
⚫ Getting untested software that may have been copied thousands of times.
⚫ Potentially contain hard-ware infecting viruses
⚫ No technical support in case of software failure
⚫ No warranty protection
⚫ No legal right to use the product
Computer Sabotage
Introducing virus, worms, Trojan horse, or logic bombs into a computer system through
Internet and making it non-operable is known as computer sabotage. Computer sabotage can
be performed for different reasons like gain economic advantage over a competitor, to
promote illegal activities, or to steal data or programs for extortion purposes.
E-mail bombing/mail bombs
⚫ In Internet usage, an email bomb is a form of net abuse consisting of sending huge
volumes of email to an address in an attempt to overflow the mailbox or
overwhelm the server where the email address is hosted in a denial-of-service
attack.
⚫ Construct a computer to repeatedly send E-mail to a specified person’s E-mail
address.
Bangalore
⚫ Can overwhelm the recipient’s personal account and potentially shut down the entire
Bangalore
system.
Computer network intrusions
⚫ An intrusion to computer network from anywhere in the world and steal data, plant
viruses, create backdoors, insert Trojan horse or change passwords and user
names.
⚫ An intrusion detection system (IDS) inspects all inbound and outbound
network activity and identifies suspicious patterns that may indicate a network
or system attack from someone attempting to break into or compromise a
system.
⚫ The practice of strong password
Password sniffing
⚫ Password sniffers are programs that monitor and record the name and password
of network users as they login, jeopardizing security at a site.
⚫ Through sniffers installed, anyone can impersonate an authorized user and login
to access restricted documents.
Credit card frauds
⚫ Credit card fraud is a wide-ranging term for theft and fraud committed using or
involving a payment card, such as a credit card or debit card, as a fraudulent source
of funds in a transaction.
⚫ The purpose may be to obtain goods without paying, or to obtain unauthorized
funds from an account.
⚫ Credit card fraud is also an adjunct to identity theft
Identity theft
⚫ Identity theft is a fraud involving another person’s identity for an illicit purpose.
⚫ The criminal uses someone else’s identity for his/ her own illegal purposes.
⚫ Phishing and identity theft are related offenses
⚫ Examples:
⚫ Fraudulently obtaining credit
⚫ Stealing money from victim’s bank account
⚫ Using victim’s credit card number
⚫ Establishing accounts with utility companies
⚫ Renting an apartment
⚫ Filing bankruptcy using the victim’s name
Cybercrime:
the legal perspective
⚫ Cybercrime possess a mammoth challenge
⚫ Computer crime: Criminal Justice Resource Manual(1979)
⚫ Any illegal act for which knowledge of computer technology is essential for
Bangalore
a successful prosecution.
Bangalore
⚫ International legal aspects of computer crimes were studied in 1983
⚫ Encompasses any illegal act for which the knowledge of computer
technology is essential for its prepetration
⚫ The network context of cyber crime makes it one of the most globalized offenses of
the present and most modernized threats of the future.
⚫ Solution:
⚫ Divide information system into segments bordered by state boundaries.
⚫ Not possible and unrealistic because of globalization
⚫ Or incorporate the legal system into an integrated entity obliterating these
state boundaries.
Cybercrimes: An Indian Perspective
⚫ India has the fourth highest number of internet users in the world.
⚫ 45 million internet users in India
⚫ 37% - in cybercafés
⚫ 57% are between 18 and 35 years
⚫ The Information Technology (IT) Act, 2000, specifies the acts which are
punishable. Since the primary objective of this Act is to create an enabling
environment for commercial use of I.T.
⚫ 217 cases were registered under IT Act during the year 2007 as compared to
142 cases during the previous year (2006)
⚫ There by reporting an increase of 52.8% in 2007 over 2006.
⚫ 22.3% cases (49out of 217 cases) were reported from Maharashtra followed
by Karnataka (40), Kerala (38) and Andhra Pradesh and Rajasthan (16 each).
The Indian Government is doing its best to control cybercrimes. For example Delhi
Police have now trained 100 of its officers in handling cybercrime and placed them in its
Economic Offences Wing.
Cybercrime and the Indian ITA 2000
In India, the ITA 2000 was enacted after the United Nation General Assembly Resolution
A/RES/51/162 in January 30,1997 by adopting the Model Law of Electronic Commerce
adopted by the United Nations Commission on International Trade Law.
Hacking and the Indian Law(s).
Cybercrimes are punishable under two categories: the ITA 2000 and IPC. A total of 207
cases of cybercrime were registered under the IT act in 2007 compared to 142 cases
registered in 2006. Under IPC too, 339 cases were recorded in 2007 compared to 311 cases
in 2006.
There are some noteworthy key provisions under the ITA 2000
Bangalore
A Global Perspective on Cybercrimes

In Australia, cybercrime has narrow statutory meaning as used in the Cyber Crime Act
2001, which details offenses against computer data and systems. In the Council of Europe’s
(CoE) Cyber Crime Treaty, cybercrime is used as an umbrella term to refer to an array of
criminal activity including offenses against computer data and systems, computer-related
offenses, content offenses and copy-right offenses.
The Spam legislation scenario mentions “none” about India as far as E-mail legislation in
India is concerned. The legislation refers to India as a “loose” legislation, although there is a
mention in Section 67 of ITA 2000. About 30 countries have enacted some form of anti-
spam legislation. There are also technical solutions by ISPs and end-users.
Inspite of this, so far there has been no significant impact on the volume of spam. Spam is
used to support fraudulent and criminal activities. As there are no national boundaries to
such crimes under cybercrime realm, it requires international cooperation between those
who seek to enforce anti-spam laws.
Bangalore
Unit 2
Cyber offences
How criminals plan them
Bangalore
Learning Objectives
⚫ Understand different types of cyberattacks.
⚫ Get an overview of the steps involved in planning cybercrime
⚫ Understand tools used for gathering information about the target
⚫ Get an overview on social engineering
⚫ Learn about the role of cybercafe in cybercrime
⚫ Understand what is cyberstalking
⚫ Learn about botnet and attack
vector Introduction
⚫ Cybercriminals use the World Wide Web and Internet to an optimal level for
an illegal activities.
⚫ These criminals take the advantage of the wide spread lack of awareness
about cybercrimes and cyberlaws among people who are constantly using the
IT infrastructure for official and personal purposes.
Few terminologies
⚫ Hacker: A hacker is a person with strong interest in computers who enjoys
learning and experimenting with them.
⚫ Hackers are usually very talented, smart people who understand computers
better than the others.
⚫ Brute force Hacking: it is a technique used to find passwords or encryption keys. It
involves trying every possible combination of letters, numbers, etc., until the code
is broken.
⚫ Cracker: a cracker is a person who breaks into computers. They are computer
criminals. Their act include vandalism, theft and snooping in unauthorized
areas.
⚫ Cracking: it is the act of breaking into computers.
Cracking is a popular, growing subject on the
internet.
Many sites are devoted to supplying crackers with programs that allow them to crack
computers (like guessing passwords)
⚫ Cracker tools: these are programs that break into computers. Like password
crackers, Trojans, viruses, war dialers and worms.
⚫ Phreaking: this is notorious art of breaking into phone or other
communication systems.
⚫ War dialer: it is program that automatically dials phone numbers looking for
computers on the other end. It catalogs numbers so that the hackers can call back
and try break in
Categories of vulnerabilities that hackers typically search for:
Bangalore
⚫ Inadequate border protection
Bangalore
⚫ Remote access servers(RASs) with weak access controls.
⚫ Application servers with well-known exploits.
⚫ Misconfigured systems and systems with default
configurations. What color is your Hat in the security world?
⚫ Black Hat - Just like in the old westerns, these are the bad guys. A black hat is a
cracker. To add insult to injury, black hats may also share information about the
“break in” with other black hat crackers so they can exploit the same vulnerabilities
before the victim becomes aware and takes appropriate measures.
⚫ White Hat – While black hats use their skill for malicious purposes, white hats are
ethical hackers. They use their knowledge and skill to thwart the black hats and
secure the integrity of computer systems or networks. If a black hat decides to target
you, it’s a great thing to have a white hat around.
⚫ Grey Hat – A gray hat, as you would imagine, is a bit of a white hat/black hat hybrid.
Thankfully, like white hats, their mission is not to do damage to a system or network,
but to expose flaws in system security. The black hat part of the mix is that they may
very well use illegal means to gain access to the targeted system or network, but not
for the purpose of damaging or destroying data: they want to expose the security
weaknesses of a particular system and then notify the “victim” of their success. Often
this is done with the intent of then selling their services to help correct the security
failure so black hats cannot gain entry and/or access for more devious and harmful
purposes.
⚫ A Brown hat is one who thinks before acting or committing a malice or non-
malice deed.
⚫ Often referred as Grey
hats Categories of Cybercrime
⚫ Target of the crime
⚫ Crimes targeted at individuals
⚫ Crimes targeted at property
⚫ Crimes targeted at organizations
⚫ Whether the crime occurs as a single event or as a series of events.
⚫ Single event cybercrime: hacking or fraud
⚫ Series of events: cyberstalking
How Cybercriminals Plan Attacks
Below are the three phases involved in planning a cyber-attack.
 Reconnaissance – this is the information gathering stage and is usually considered a
passive attack.
 Scanning and scrutinization of the collected data for validation and accurate
identification of existing vulnerabilities.
Bangalore
 Launching the attack – entails gaining and maintaining access to the system.
1. Reconnaissance
The first step in how cybercriminals plan attacks is always Reconnaissance. The literal
meaning of reconnaissance is an act of exploring with an aim or goal of finding someone or
something about the target. Concerning cyber security, it’s an exploration to gain
information about an enemy or a potential enemy. In cyber security, reconnaissance begins
with “Foot printing”, the initial preparation towards the preattack phase, and entails
collecting data about the target’s computer infrastructure as well as their cyber-environment.
Footprinting gives an overview of the victim’s weak points and suggestions on how they
can be exploited. The primary objective of this phase is to provide the attacker with an
understanding of the victim’s system infrastructure, the networking ports and services, and
any other aspect of security required for launching attacks.
Thus, an attacker attempts to source data from two different phases: passive
and active attacks.
Passive attacks
This is the second phase of the attack plan. In this phase, an attacker secretly gathers
information about their target; the aim is to acquire the relevant data without the victim
noticing. The process can be as simple as watching an organization to see when their CEO
reports to work or spying on a specific department to see when they down their tools.
Because most hackers prefer executing their duties remotely, most passive attacks are
conducted over the internet by googling. For example,
 one may use search engines such as dogpile to search for information about an
individual or organization.
 Yahoo or Google search: malicious individuals can use these search engines to gather
information about employees of the firm they are targeting to breach their system.
 Surfing online communities like Twitter, Facebook, Instagram can also prove useful
sources to gather information about an individual, their lifestyle, and probably a hint
to their weakness that can then be exploited.
 The organization’s website may also provide useful information about specific or key
individuals within the organization, such as the CEO, MD, head of the IT department,
etc. The website can be used to source personal details such as email addresses,
phone numbers, roles, etc. With the details, an attacker can then launch a social
engineering attack to breach their target.
 Press releases, blogs, newsgroups, and so on, are in some cases, used as the primary
channels to gather information about an entity or employees.
Going through job requirements for a specific position within a company can also help an
attacker identify the type of technology being used by a company and the level of
competency of their workforce. An attacker can then decide on what method to use when
breaching the targeted system from the data.
Bangalore
Active Attacks
An active attack involves closely examining the network to discover individual hosts and
verify the validity of the gathered information, such as the type of operating system in use,
IP address of the given gadget, and available services on the network, collected during the
passive attack. It involves the risk of detection and can also be referred to as “Active
reconnaissance” or “Rattling the doorknobs”.
Active reconnaissance can be used to confirm the security measures put in place by an
attacker, but at the same time, it can alert the victim if not well executed. The process may
raise suspicion or increase the attacker’s chance of being caught before they execute the full
attack.
Difference between active attack and passive attack?
Active Attack Passive Attack

In an active attack, Modification in While in passive attack, Modification in
information takes place. the information does not take place.
Active Attack is a danger to Integrity as Passive Attack is a danger to
well as availability. Confidentiality.
In an active attack, attention is on While in passive attack attention is on
prevention. detection.
While due to passive attack, there is
While due to passive attack, there is no harm to the system.
no harm to the system.
In an active attack, Victim While in a passive attack, Victim
gets informed about the attack. does not get informed about the
attack.
While in passive attack, System
In an active attack, System resources are not changing.
resources can be changed.
Active attack influences the services While in passive attack, information
of the system. . and messages in the system or network
are
acquired
In an active attack, information While passive attacks are performed by
collected through passive attacks collecting information such as
is used during executing. passwords, and messages by
themselves
Active attack is tough to restrict Passive Attack is easy to prohibited in
from entering systems or networks. comparison to active attack
Can be easily detected. Very difficult to detect.
2. Scrutinizing and Scanning the Gathered Information

Bangalore
Scanning is a key step to intelligently examine after as you collect information about the
network infrastructure.
The process has the following objectives;
⚫ Network scanning is executed to understand better the IP address and other related
information about the computer network system.
⚫ Port Scanning – to identify any closed or open ports and services
⚫ Vulnerability scanning – to identify existing weak links within the system.
In the hacking world, the scrutinizing phase is also referred to as enumeration.

The objective of scrutinizing includes:
⚫ To validate the authenticity of the user running the given account, be it an individual or
a group of persons.
⚫ To identify network resources and or shared resources
⚫ To verify the operating system and various applications that are running on the
computer OS.
3. Attack
The attack phase is the last step in the attack process. It involves the hacker gaining and
maintaining full control of the system access. It comes immediately after scanning and
enumeration, and it launched sequentially as listed in the below steps.
⚫ Brute force attack or any other relevant method to bypass the password.
⚫ Exploit the password.
⚫ Launch the malicious command or applications.
⚫ If requires, then hide the files.
⚫ Cover the tracks; don’t leave any trail that can lead back to you as the malicious third
party. This can be achieved by deleting logs so that there is no trail for your illicit
actions.
How does social engineering work?
In a typical social engineering attack, a cybercriminal will communicate with the intended
victim by saying they are from a trusted organization. In some cases, they will even
impersonate a person the victim knows.
If the manipulation works (the victim believes the attacker is who they say they are), the
attacker will encourage the victim to take further action. This could be giving away sensitive
information such as passwords, date of birth, or bank account details. Or they might
encourage the victim to visit a website where malware is installed that can cause disruptions
to the victim's computer. In worse case scenarios, the malicious website strips sensitive
information from the device or takes over the device entirely.
Why is social engineering so dangerous?
One of the greatest dangers of social engineering is that the attacks don't have to work against
everyone: A single successfully fooled victim can provide enough information to trigger an
attack that can affect an entire organization.
Bangalore
Over time, social engineering attacks have grown increasingly sophisticated. Not only do fake
websites or emails look realistic enough to fool victims into revealing data that can be used
for identity theft, social engineering has also become one of the most common ways for
attackers to breach an organization's initial defenses in order to cause further disruption and
harm.
Classification of Social Engineering

1. Human-Based Social Engineering
needs interaction with humans; it means person-to-person contact and then retrieving the
desired information. People use human based social engineering techniques in different
ways; the top popular methods are:
⚫ Impersonating an employee or valid user
⚫ Posing as an important user
⚫ Using a third person
⚫ Calling technical support
⚫ Shoulder surfing
⚫ Dumpster diving
2. Computer –Based Social Engineering
Computer-based social engineering uses computer software that attempts to retrieve the
desired information.
⚫ Fake E-mails
⚫ E-mail attachments
⚫ Pop-up windows
Impersonation
⚫ In this type of social-engineering attack, the hacker pretends to be an employee
or valid user on the system. A hacker can gain physical access by pretending to
be a janitor, employee, or contractor.
⚫ To attackers, sets of valid credentials are a coveted asset. An attacker who has
obtained valid user credentials through social engineering techniques has the
ability to roam the network with impunity searching for valuable data. In log data,
the
attacker’s activities are easily hidden due to the inability to see the subtle
differences in behaviors and access characteristics. Yet, this phase of the classic
attack chain often represents the lengthiest portion of the attack.
Posing as an important user
⚫ —In this type of attack, the hacker pretends to be a VIP or high-level manager
who has the authority to use computer systems or files.
Bangalore
⚫ Most of the time, low-level employees don’t ask any questions of someone who
Bangalore
appears in this position.
Being a third party
⚫ In this attack, the hacker pretends to have permission from an authorized person to
use the computer system. It works when the authorized person is unavailable for
some time.
Desktop support
⚫ Calling tech support for assistance is a classic social-engineering technique.
⚫ Help desk and technical support personnel are trained to help users, which makes
them good prey for social engineering attacks.
Shoulder surfing
⚫ Shoulder surfing—Shoulder surfing is the technique of gathering passwords by
watching over a person’s shoulder while they log in to the system.
⚫ A hacker can watch a valid user log in and then use that password to gain access to
the system
Dumpster diving
⚫ —Dumpster diving involves looking in the trash for information written on pieces of
paper or computer printouts.
⚫ The hacker can often find passwords, filenames, or other pieces of confidential
information like SSN, PAN, Credit card ID numbers etc
⚫ Also called dumpstering, binning, trashing, garbaging or garbage gleaning.
⚫ scavenging
Fake E-mails
⚫ Phishing involves false emails, chats, or websites designed to impersonate
real systems with the goal of capturing sensitive data.
⚫ A message might come from a bank or other well-known institution with the need
to “verify” your login information.
⚫ It will usually be a mocked-up login page with all the right logos to look
legitimate. E-Mail attachments:
E-Mail attachments are used to send malicious code to a victim’s system, which will
automatically get executed. Viruses, Trojans, and worms can be included cleverly into the
attachments to entice a victim to open the attachment
Pop-up windows:
Pop-up windows are also used, in a similar manner to E-Mail attachments. Pop-up windows
with special offers or free stuff can encourage a user to unintentionally install malicious
software.
Cyberstalking
⚫ Cyberstalking is the use of the Internet or other electronic means to stalk or harass an
individual, a group, or an organization.
Bangalore
⚫ It may include false accusations, defamation, slander and libel.
⚫ It may also include monitoring, identity theft, threats, vandalism, solicitation for sex,
or gathering information that may be used to threaten or harass.
⚫ Cyberstalking is sometimes referred to as Internet stalking, e-stalking or online
stalking.
⚫ Cyberstalking is a crime in which the attacker harasses a victim using electronic
communication, such as e-mail or instant messaging (IM), or messages posted to a
Web site or a discussion group.
⚫ A cyberstalker relies upon the anonymity afforded by the Internet to allow them to
stalk their victim without being detected.
⚫ Cyberstalking messages differ from ordinary spam in that a cyberstalker targets a
specific victim with often threatening messages, while the spammer targets a
multitude of recipients with simply annoying messages.
Types of Stalkers
⚫ online Stalkers
⚫ offline stalkers.
Both are criminal offenses. Both are motivated by a desire to control, intimidate or
influence a victim. A stalker may be an online stranger or a person whom the target
knows. He may be anonymous and solicit involvement of other people online who do not
even know the target.
How stalking works?
1. Personal information gathering about the victim.
2. Establish a contact with the victim through telephone/ cell phone. – start threatening
or harassing
3. Establish a contact with the victim through E-mail.
4. Keep sending repeated E-mails asking for various kinds of favors or threaten the
victim.
5. Post victim’s personal information on any website related to illicit services.
6. Whosoever comes across the information, start calling the victim on the given
contact details, asking for sexual services.
7. Some stalkers may subscribe/ register E-Mail account of the victim to innumerable
pornographic and sex sites, because of which victim start receiving such kind of
unsolicited E-Mails
Cybercafe and Cybercrimes
⚫ An Internet café or cybercafé is a place which provides Internet access to the public,
usually for a fee.
⚫ According to Nielsen Survey on the profile of cybercafes users in India:
1. 37% of the total population use cybercafes
Bangalore
2. 90% of this were males in age group 15-35 years
3. 52% graduates and post graduates
4. > 50% were students
Hence, it is extremely important to understand the IT security and governance practiced in
the cybercafes.
Role of Cybercafe
⚫ used for either real or false terrorist communication.
⚫ for stealing bank passwords, fraudulent withdrawal of money
⚫ Keyloggers or spywares
⚫ Shoulder surfing
⚫ For sending obscene mails to harass people.
⚫ They are not network service providers according to ITA2000
⚫ They are responsible for “due
diligence” Illegal activities observed in
Cybercafes
⚫ Pirated software: OS, browser, Office
⚫ Antivirus software not updated
⚫ Cybercafes have installed “deep freeze” software
⚫ This software clears details of all activities carried out, when one clicks
“restart” button.
⚫ Annual Maintenance Contract (AMC): not in place
⚫ Is a risk because a cybercriminal can install malicious code for criminal
activities without any interruption
⚫ Pornographic websites and similar websites are not blocked
⚫ Owners have less awareness about IT Security and IT Governance.
⚫ IT Governance guide lines are not provided by cyber cell wing
⚫ No periodic visits to cybercafes by Cyber cell wing (state police) or Cybercafe
association
Safety and security measures while using the computer in Cyber Café
1. Always Logout:
do not save login information through automatic login information
2. Stay with the computer
3. Clear History and temporary files
4. Be alert:
don’t be a victim of Shoulder surfing
5. Avoid Online Financial Transaction
Bangalore
6. Change passwords
7. Virtual Keyboards
8. Security warnings
Botnets: The fuel for Cybercrime`

⚫ Bot: “ an automated program for doing some particular task, often over a network”
⚫ A botnet (also known as a zombie army) is a number of Internet computers that,
although their owners are unaware of it, have been set up to forward transmissions
(including spam or viruses) to other computers on the Internet.
⚫ Any such computer is referred to as a zombie - in effect, a computer "robot" or "bot"
that serves the wishes of some master spam or virus originator.
⚫ Most computers compromised in this way are home-based.
⚫ According to a report from Russian-based Kaspersky Labs, botnets -- not spam,
viruses, or worms -- currently pose the biggest threat to the Internet
Botnet used for gainful purposes
Ways to secure the system

⚫ Use antivirus and anti-spyware
⚫ Install updates
Bangalore
⚫ Use firewall
⚫ Disconnect internet when not in use
⚫ Don’t trust free downloads
⚫ Check regularly inbox and sent items
⚫ Take immediate action if system is infected
⚫ An attack vector is a path or means by which a hacker (or cracker) can gain access to
a computer or network server in order to deliver a payload or malicious outcome.
⚫ Attack vectors enable hackers to exploit system vulnerabilities, including the human
element.
⚫ Attack vectors include viruses, e-mail attachments, Web pages, pop-up windows,
instant messages, chat rooms, and deception. All of these methods involve
programming (or, in a few cases, hardware), except deception, in which a human
operator is fooled into removing or weakening system defenses.
⚫ To some extent, firewalls and anti-virus software can block attack vectors.
⚫ But no protection method is totally attack-proof.
⚫ A defense method that is effective today may not remain so for long, because hackers
are constantly updating attack vectors, and seeking new ones, in their quest to gain
unauthorized access to computers and servers.
⚫ If vulnerabilities are the entry points, then attack vectors are the ways attackers can
launch their assaults or try to infiltrate the building.
⚫ In the broadest sense, the purpose of the attack vectors is to implant a piece of code
that makes use of a vulnerability. This code is called the payload, and attack vectors
vary in how a payload is implanted.
⚫ The most common malicious payloads are viruses (which can function as their own
attack vectors), Trojan horses, worms, and spyware.
⚫ If an attack vector is thought of as a guided missile, its payload can be compared to
Bangalore
the warhead in the tip of the missile.
Different ways to launch Attack
Vectors:
⚫ Attack b y E-Mail
⚫ Attachments
⚫ Attack b y deception: social engineering/ haoxes
⚫ Hackers
⚫ Heedless guests (attack by webpage)
⚫ Attack of the worms
⚫ Malicious macros
⚫ Foistware/ sneakware
⚫ viruses
A zero-day attack
⚫ A zero-day (or zero-hour or day zero) attack or threat is an attack that exploits a
previously unknown vulnerability in a computer application or operating system, one
that developers have not had time to address and patch.
⚫ Software vulnerabilities may be discovered by hackers, by security companies or
researchers, by the software vendors themselves, or by users.
⚫ If discovered by hackers, an exploit will be kept secret for as long as possible and
will circulate only through the ranks of hackers, until software or security companies
become aware of it or of the attacks targeting it.
⚫ ZERT
Bangalore

Intoroduction To Cyber Security Notes

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Intoroduction To Cyber Security Notes

Uploaded by

Copyright:

Available Formats

Dayananda Sagar College of Engineering,

DEPARTMENT OF INFORMATION SCIENCE

Course name: Introduction to Cyber Security

End of this unit, you will be able to:

DEFINING CYBER CRIME

Cybercrime is not a new phenomena

Alternative definitions for cybercrime

“Cybercrime (computer crime) is any illegal behavior, directed by means of electronic

Cybercrime refers to the act of performing a criminal act using cyberspace as

Cybercrime and information security

Challenges for securing data in business perspective

⚫ Cybercrime occupy an important space in information security due to their impact.

Who are Cybercriminals?

⚫ Are those who conduct acts such as:

acts Categorization of Cybercriminals

⚫ Type 1: Cybercriminals- hungry for recognition

Type 2: Cybercriminals- not interested in recognition

Type 3: Cybercriminals- the insiders

Internet Time Theft

Salami attack/ salami technique

A Global Perspective on Cybercrimes

Difference between active attack and passive attack?

Active Attack Passive Attack

Can be easily detected. Very difficult to detect.

2. Scrutinizing and Scanning the Gathered Information

In the hacking world, the scrutinizing phase is also referred to as enumeration.

How does social engineering work?

Why is social engineering so dangerous?

Classification of Social Engineering

Botnets: The fuel for Cybercrime`

Ways to secure the system

You might also like