UNIT 2
Cyber offenses & Cybercrimes
Cyber Security & Digital Forensics
Prof.Reeta Singh
�• How criminal plan the attacks,
Content
• Industrial Spying/Industrial Espionage,
• Hacking,
• Online Frauds,
• Pornographic Offenses,
• E-Mail Spoofing,
Covered in Ethical Hacking
• Spamming,
• data diddling ,
UNIT 1 – Classification of
• salami attack, cyber crime
• Cyber defamation,
• Internet Time Theft,
• SocialEngg,
• Cyber stalking,
• Cyber café and Cybercrimes,
• Botnets, Attack vector,
• Cloud computing,
• Trends in Mobility,
• Proliferation of Mobile and Wireless Devices,
• Credit Card Frauds in Mobile and WirelessProf.Reeta
Computing Singh
Era.
� Are Cyber Cafe Safe???
• In February 2009 , Nielsen survey on the profile of cybercafes users in India, it was found that
90% of the audience, across eight cities and 5000 cafes, were male and in the age group
of 15−35 years; 52% were of graduates and postgraduates, though almost over 50% were
students. Hence, it is extremely important to understand the IT security and governance
practiced in the cybercafes.
• In the past several years, many instances have been reported in India, where cybercafes are
known to be used for either real or false terrorist communication. Cybercrimes such as
stealing of bank passwords and subsequent fraudulent withdrawal of money have also
happened through cybercafes. Cybercafes have also been used regularly for sending
obscene mails to harass people.
Prof.Reeta Singh
� Risk in Public computer
• Public computers, usually referred to the systems, available in cybercafes, hold two types of
risks.
• First, we do not know what programs are installed on the computer - that is, risk of
malicious programs such as keyloggers or Spyware, which maybe running at the background
that can capture the keystrokes to know the passwords and other confidential information
and/or monitor the browsing behavior.
• Second, over-the-shoulder peeping (i.e., shoulder surfing) can enable others to find out
your passwords. Therefore, one has to be extremely careful about protecting his/her privacy
on such systems, as one does not know who will use computer after him/her.
Prof.Reeta Singh
� Loopholes in cyber cafe
A recent survey conducted in one of the metropolitan cities in India reveals the following facts,
• Pirated software(s) such as OS, browser, office automation software(s) (e.g., Microsoft
Office) are installed in all the computers.
• Antivirus software is found to be not updated to the latest patch and/or antivirus signature.
• Several cybercafes had installed the software called "Deep Freeze" for protecting the
computers from prospective malware attacks.
• Annual maintenance contract (AMC) found to be not in a place for servicing the
computers; hence, hard disks for all the computers are not formatted unless the computer is
down. Not having the AMC is a risk from cybercrime perspective because a cybercriminal
can install a Malicious Code on a computer and conduct criminal activities without any
interruption.
Prof.Reeta Singh
� Loopholes in cyber cafe
• Pornographic websites and other similar websites with indecent contents are not blocked.
• Cybercafe owners have very less awareness about IT Security and IT Governance.
• Government/ISPs/State Police (cyber cell wing) do not seem to provide IT Governance
guidelines to cybercafe owners.
• Cybercafe association or State Police (cyber cell wing) do not seem to conduct periodic
visits to cybercafes - one of the cybercafe owners whom we interviewed expressed a view
that the police will not visit a cybercafe unless criminal activity is registered by fling an
First Information Report (FIR). Cybercafe owners feel that police either have a very little
knowledge about the technical aspects. involved in cybercrimes and/or about conceptual
understanding of IT security.
Prof.Reeta Singh
�Botnet
Prof.Reeta Singh
� Botnets
• A botnet (derived from 'robot network') is a large group of
malware-infected internet-connected devices and
computers controlled by a single operator. Attackers use
these compromised devices to launch large-scale attacks
to disrupt services, steal credentials and gain unauthorized
access to critical systems.
Prof.Reeta Singh
� How Botnet work?
Botnets can also be centralized (where computers are connected in a single direction to the control
center) or decentralized (where computers are connected from bot to bot).
• 1. Bot Master :
Bot Master or Botnet Herder is a centralized Botnet which several PCs under control through an
an individual server. Each botnet server maintains a communication between each other under the
control of Bot Master and maintains the network. Symptoms of being affected by Bot Master
includes : sudden system shut down, strange emails appearing in your mailbox, corrupted files and
unknown error messages.
• 2. Zombies :
The malware-infected-systems form a network called “Zombies”. Spreading through email spam
and running secretly in the background, these Zombies generate fake clicks. Zombies also
downloads malicious programs to steal passwords.
Prof.Reeta Singh
� What does a botnet do?
• Reading and writing system data
• Gathering the user’s personal data
• Sending files and other data
• Monitoring the user’s activities
• Searching for vulnerabilities in other devices
• Installing and running any applications
Prof.Reeta Singh
� What Are Botnets Used For?
• Botnet creators always have something to gain, whether for money or
personal satisfaction.
• Financial theft — by extorting or directly stealing money
• Information theft — for access to sensitive or confidential accounts
• Sabotage of services — by taking services and websites offline, etc.
• Cryptocurrency scams — using users’ processing power to mine for
cryptocurrency
• Selling access to other criminals — to permit further scams on unsuspecting
users
Prof.Reeta Singh
� Types of Botnet
• Distributed Denial-of-Service Attacks
• Spamming Already Covered
• Sniffing Traffic
• Spreading new malware
• Installing Advertisement Addons and Browser Helper Objects (BHOs[3])
• Google AdSense abuse
• Attacking IRC Chat Networks
• Manipulating online polls/games
• Mass identity theft
Prof.Reeta Singh
� Installing Advertisement Addons and Browser
Helper Objects (BHOs[3])
• Botnets can also be used to gain financial advantages. This works by setting
up a fake website with some advertisements: The operator of this website
negotiates a deal with some hosting companies that pay for clicks on ads.
With the help of a botnet, these clicks can be “automated” so that instantly a
few thousand bots click on the pop-ups. This process can be further enhanced
if the bot hijacks the start-page of a compromised machine so that the “clicks”
are executed each time the victim uses the browser.
Prof.Reeta Singh
� Google AdSense abuse
• A similar abuse is also possible with Google’s AdSense program: AdSense
offers companies the possibility to display Google advertisements on their
own website and earn money this way. The company earns money due to
clicks on these ads, for example per 10.000 clicks in one month. An attacker
can abuse this program by leveraging his botnet to click on these
advertisements in an automated fashion and thus artificially increments the
click counter. This kind of usage for botnets is relatively uncommon, but not a
bad idea from an attacker’s perspective.
Prof.Reeta Singh
� Attacking IRC Chat Networks
• Botnets are also used for attacks against Internet Relay Chat (IRC)
networks. Popular among attackers is especially the so called
“clone attack”: In this kind of attack, the controller orders each
bot to connect a large number of clones to the victim IRC
network. The victim is flooded by service request from thousands
of bots or thousands of channel-joins by these cloned bots. In this
way, the victim IRC network is brought down - similar to a DDoS
attack.
Prof.Reeta Singh
� Manipulating online polls/games
• Online polls/games are getting more and more attention and it is
rather easy to manipulate them with botnets. Since every bot has a
distinct IP address, every vote will have the same credibility as a
vote cast by a real person. Online games can be manipulated in a
similar way.
Prof.Reeta Singh
� Mass identity theft
• Often the combination of different functionality described above can be used
for large scale identity theft, one of the fastest growing crimes on the Internet.
Bogus emails (“phishing mails”) that pretend to be legitimate (such as fake
PayPal or banking emails) ask their intended victims to go online and submit
their private information. These fake emails are generated and sent by bots via
their spamming mechanism. These same bots can also host multiple fake
websites pretending to be Ebay, PayPal, or a bank, and harvest personal
information. Just as quickly as one of these fake sites is shut down, another
one can pop up. In addition, keylogging and sniffing of traffic can also be
used for identity theft.
Prof.Reeta Singh
�Attack Vector
Prof.Reeta Singh
� Attack vector
• In cybersecurity, an attack vector is a method of achieving unauthorized
network access to launch a cyber attack.
• Attack vectors allow cybercriminals to exploit system vulnerabilities to gain
access to sensitive data, personally identifiable information (PII), and other
valuable information accessible after a data breach.
• With the average cost of a data breach at $4.24 million, it pays to think
through how to minimize potential attack vectors and prevent data breaches.
Prof.Reeta Singh
� What is the Difference Between an Attack Vector,
Attack Surface and Data Breach?
• An attack vector is a method of gaining unauthorized access to a
network or computer system.
• An Attack Surface is the total number of attack vectors an attacker
can use to manipulate a network or computer system or extract data.
• A Data breach is any security incident where sensitive, protected, or
confidential data is accessed or stolen by an unauthorized party.
Prof.Reeta Singh
� What are the most common attack vectors?
The most common attack vectors are:
• Phishing emails
• Malware
• Brute force attacks
• Ransomware
• Missing or Poor Encryption
• Ransomware
• Weak credentials
• Third-party vendors
Prof.Reeta Singh
� Brute Force
• B
rute force attacks are based on trial and error. Attackers may
continuously try to gain access to your organization until one
attack works. This could be by attacking weak passwords or
encryption, phishing emails or sending infected email attachments
containing a type of malware. Read our full post on brute force
attacks.
Prof.Reeta Singh
� Ransomware
• Ransomware is a form of extortion where data is deleted or encrypted unless a
ransom is paid, such as WannaCry.
• WannaCry is a ransomware cryptoworm, which targeted computers running
the Microsoft Windows operating system by encrypting (locking) data and
demanding ransom.
• Minimize the impact of ransomware attacks by keeping your systems patched
and backing up important data.
Prof.Reeta Singh
� Missing or Poor Encryption
• C
ommon encryption methods like SSL
certificates and cryptography can prevent man-in-the-middle
attacks and protect the confidentiality of data being transmitted.
Missing or poor encryption for data at rest can mean that sensitive
data or credentials are exposed in the event of a data breach or data
leak.
Prof.Reeta Singh
� Weak Credentials
• W
eak passwords and reused passwords mean one data breach can
result in many more. Teach your organization how to create a
secure password, invest in a password manager or a single sign-on
tool, and educate staff on their benefits.
Prof.Reeta Singh
�Cloud Computing
Prof.Reeta Singh
� What is Cloud?
The term Cloud refers to a Network or Internet. In other words, we can say that
Cloud is something, which is present at remote location. Cloud can provide services
over network, i.e. on public networks or on private networks, i.e., WAN, LAN or
VPN. Applications such as e-mail, web conferencing, customer relationship
management (CRM), all run in cloud.
Prof.Reeta Singh
�Cloud Computing network
Prof.Reeta Singh
� Cloud computing
• Cloud computing continues to transform the way organizations use, store, and
share data, applications, and workloads. It has also introduced a host of new
security threats and challenges. With so much data going into the cloud—and
into public cloud services in particular—these resources become natural
targets for bad actors.
• More data and applications are moving to the cloud, which creates unique
infosecurity challenges.
Prof.Reeta Singh
� Types of Attacks on Cloud Computing
• Cloud malware injection attacks
• Abuse of cloud services
• Account or service hijacking
• Insider attacks
• Man-in-the-cloud attacks
• Wrapping attacks
• Denial of service attacks
Prof.Reeta Singh
� Abuse of cloud services
• Hackers can use cheap cloud services to arrange DoS and brute force attacks
on target users, companies, and even other cloud providers. Both customers
and cloud services providers might be affected by the fast spreading and
hosting capacity of the cloud. Hackers and users are both allowed to use the
unprecedented storage capacity of the cloud to host and spread a huge amount
of data as well as malware, illegal software and different digital properties.
Prof.Reeta Singh
� Account or service hijacking
• Account or service hijacking is achieved after gaining access to a
user’s credentials. There are various techniques for achieving this,
from fishing to spyware to cookie poisoning. Once a cloud account
has been hacked, attackers can obtain a user’s personal information
or corporate data and compromise cloud computing services.
Prof.Reeta Singh
� Insider attacks
• An insider attack is initiated by a legitimate user who is
purposefully violating the security policy. In a cloud environment,
an attacker can be a cloud provider administrator or an employee
of a client company with extensive privileges. To prevent
malicious activity of this type, cloud developers should design
secure architectures with different levels of access to cloud
services.
Prof.Reeta Singh
� Man-in-the-cloud attacks
• During this type of attack, hackers intercept and reconfigure cloud services by
exploiting vulnerabilities in the synchronization token system so that during
the next synchronization with the cloud, the synchronization token will be
replaced with a new one that provides access to the attackers. Users may
never know that their accounts have been hacked, as an attacker can put back
the original synchronization tokens at any time. Moreover, there’s a risk that
compromised accounts will never be recovered.
Prof.Reeta Singh
� Wrapping attacks
• A wrapping attack is an example of a man-in-the-middle attack in
the cloud environment. Cloud computing is vulnerable to wrapping
attacks because cloud users typically connect to services via a web
browser.
Prof.Reeta Singh
�Proliferation of Mobile and Wireless
Prof.Reeta Singh
� Proliferation of Mobile and Wireless
• Most of us don’t protect ourDevices
smartphones or tablets—and the private
information they contain—anywhere near as well as we do our wallets and
PCs (even though most us would rather lose our wallets vs. our smartphones).
• Even the simple safeguard of a four-digit password is too much work for 62%
of smartphone users, and 32% of users save their login information on their
device.
• * It’s a simple formula for crime: no password + instant access to online
accounts = fraud, identity theft and privacy loss. Maybe that’s why mobile
phones were targeted in more than 40% of all robberies in New York City and
38% of all robberies in Washington, last year.
Prof.Reeta Singh
� Proliferation of Mobile and Wireless Devices
• Even without getting their hands on your device, hackers can get into and
remotely control almost any mobile device, and it is frighteningly easy.
Malicious software can be disguised as a picture or audio clip. When you
click a link or open an attachment, malware installs on your device. Unlike
early PC malware, it doesn’t ask your permission, and your device is
figuratively in their hands.
Prof.Reeta Singh
� Types of mobile Computing
• Portable Computer
• Tablet PC
• Personal digital assistant(PDA)
• Ultramobile PC
• Smartphone
• Carputer
• Fly Fusion Pentop Computer
Prof.Reeta Singh
� Risk on Mobile Computing
1. Insecure Data Storage
2. Weak Server Side Controls
3. Insufficient Transport Layer Protection
4. Client Side Injection
5. Poor Authentication and Authorization
6. Security Decisions via Untrusted Inputs
7. Side Channel Data Leakage
8. Broken Cryptography
9. Sensitive Information Disclosure
Prof.Reeta Singh
� Trends In Mobility
Network Mobility
Bearer Mobility
Device Mobility
Service Mobility
Host Mobility
User Mobility
Prof.Reeta Singh
� Network Mobility
User should be able to move from one network to another network
and use the same service.
Example: User moves from Hong Kong to Singapore and uses the
same GSM (Global System for Mobile) phone to access the
application.
Prof.Reeta Singh
� Bearer Mobility
User should be able to move from one bearer to another while using the same
service.
Example: User is unable to access the WAP ( Wireless Application Protocol)
bearer due to some problem in the GSM (Global System for Mobile) network then
he should be able to use voice or SMS bearer to access that same corporate
application.
Prof.Reeta Singh
� Device Mobility
User should be able to move from one device to another and use the
same service.
Example: User is using a PC to do his work. During the day, while he
is on the street he would like to use his Device to access the
application.
Prof.Reeta Singh
� Service Mobility
User should be able to move from one service to another.
Example: User is writing a mail. Suddenly, he needs to refer to
something else. In a PC, user simply opens another service and moves
between them. User should be able to do the same in small footprint
wireless devices.
Prof.Reeta Singh
� Host Mobility
User should be able to move while the device is a host computer.
Example: The laptop computer of a user is a host for grid computing
network. It is connected to a LAN port. Suddenly, the user realizes that he
needs to leave for an offsite meeting. He disconnects from the LAN and
should get connected to wireless LAN while his laptop being the host for
grid computing network.
Prof.Reeta Singh
� User Mobility
User should be able to move from one physical location to another
location and use the same service.
Example: User moves from London to New York and uses the
Internet in either place to access the application.
Prof.Reeta Singh
� Types of Attack against 3G/4G mobile
Network
• Denial Of Service (DOS): This is probably the most potent attack that can
bring down the entire network infrastructure. This is caused by sending
excessive data to the network, more than the network can handle, resulting
in users being unable to access network resources.
• Distributed Denial Of Service (DDOS): It might be difficult to launch a
large scale DOS attack from a single host. A number of hosts can be used to
launch an attack.
• Channel Jamming: Channel jamming is a technique used by attackers to
jam the wireless channel and therefore deny access to any legitimate users
in the network.
• Unauthorized Access: If a proper method of authentication is not deployed
then an attacker can gain free access to a network and then can use it for
services that he might not be authorized for.
Prof.Reeta Singh
� Types of Attack against 3G/4G mobile
Network
• Eavesdropping: If the traffic on the wireless link is not encrypted then an
attacker can eavesdrop and intercept sensitive communication such as
confidential calls, sensitive documents etc.
• Message Forgery: If the communication channel is not secure, then an
attacker can intercept messages in both directions and change the content
without the users ever knowing.
• Man In The Middle Attack: An attacker can sit in between a cell phone
and an access station and intercept messages in between them and change
them.
Prof.Reeta Singh
�Credit Card Frauds in Mobile and Wireless
Computing Era.
Prof.Reeta Singh
� Credit Card Frauds in Mobile and Wireless
Computing Era.
• In this modern era, the rising importance of electronic gadgets – which
became an integral part of business, providing connectivity with the internet
outside the office – brings many challenges to secure these devices from
being a victim of cyber crime. These Credit card frauds and all are the new
trends in cybercrime that are coming up with mobile computing – mobile
commerce (M- COMMERCE) and mobile banking ( M-Banking).
• Today belongs to ” Mobile computing” that is anywhere any time computing.
The developments in wireless technology have fuelled this new mode of
working for white collar workers. This is true for credit card processing
too. Credit card (or debit card) fraud is a form of identity theft that involves
an unauthorized taking of another’s credit card information for the purpose of
charging purchases to the account or removing funds from it.
Prof.Reeta Singh
� Elements of Credit Card Fraud
Debit/credit card fraud is thus committed when a person
• 1) fraudulently obtains, takes, signs, uses, sells, buys, or forges someone
else’s credit or debit card or card information;
• 2) uses his or her own card with the knowledge that it is revoked or expired or
that the account lacks enough money to pay for the items charged; and
• 3) sells goods or services to someone else with knowledge that the credit or
debit card being used was illegally obtained or is being used without
authorization.
Prof.Reeta Singh
� Types of Credit Card Fraud:
• The first category, lost or stolen cards, is a relatively common one, and
should be reported immediately to minimize any damages.
• The second is called “account takeover” — when a cardholder unwittingly
gives personal information (such as home address, mother’s maiden name,
etc.) to a fraudster, who then contacts the cardholder’s bank, reports a lost
card and change of address, and obtains a new card in the soon-to-be victim’s
name.
Prof.Reeta Singh
� Types of Credit Card Fraud:
• The third is counterfeit cards — when a card is “cloned” from another and
then used to make purchases. In Asia Pacific, 10% to 15% of fraud results
from malpractices such as card skimming but this number has significantly
dropped from what it was a couple of years prior, largely due to the many
safety features put in place for payment cards, such as EMV chip.
• The fourth is called “never received” — when a new or replacement card is
stolen from the mail, never reaching its rightful owner.
Prof.Reeta Singh
� Types of Credit Card Fraud:
• The fifth is fraudulent application— when a fraudster uses another person’s
name and information to apply for and obtain a credit card.
• The sixth is called “multiple imprint”— when a single transaction is
recorded multiple times on old-fashioned credit card imprint machines known
as “knuckle busters”.
Prof.Reeta Singh
�• Write Short Note on : University Questions
1. Industrial Spying/Industrial Espionage,
2. Hacking
3. Online Frauds,
4. Pornographic Offenses,
5. E-Mail Spoofing,
6. Spamming
7. data diddling
8. salami attack
9. Cyber defamation,
10. Internet Time Theft
11. SocialEngg
12. Cyber stalking
13. Cyber café and Cybercrimes
14. Botnets, Attack vector
15. Cloud computing
16. Trends in Mobility
• Explain Proliferation of Mobile and Wireless Devices,
• Explain in detail Credit Card Frauds
Prof.Reetain Mobile and Wireless Computing Era.
Singh
