Introduction to Cyber Security

Module 2
Gowtham R Naik
Dept. of CSE
The National Institute of Engineering
 • Cyberoffenses: How Criminals Plan
Them: How Criminals Plan the Attacks
• Social Engineering, Cyberstalking,
Topics Cybercafe and Cybercrimes
• Botnets: The Fuel for Cybercrime,
Attack, Vector.
Cyberoffenses: How Criminals Plan Them
• Technology is a “double-edged sword” can be used for both good and bad.
• Computer and tools, they are used either as target of offense or means of
committing an offense.
• Agencies collect information about the individuals (Aadhaar, Date of birth, Bank
account details, etc.)
• Attacker exploit vulnerabilities in the networks.
• Inadequate border protection.
• Remote access servers with weak access controls.
• Application servers with well-known exploits.
• Misconfigured systems and systems with default configuration.
 • Can be categorized based on
• The target of the crime.
• Whether the crime occurs as a single
event or a series of events.

Categories 1. Crimes targeted at individuals

• Exploit human weakness, financial frauds,
of sale of non-existent or stolen items, child
pornography, copyright violation,

Cybercrime harassment, etc.

• Tools to expand the pool of potential
victims.
2. Crimes targeted at property
• Stealing devices, transmitting harmful
programs, causing harm to devices.
 3. Crimes targeted at organizations
• Cyberterrorism, steal private information,
damage programs and files, plant
programs to get control of the
Categories network/system.
4. Single event of cybercrime
of • Single event from the perspective of the
victim.
Cybercrime • Open an attachment that may contain
virus.
(Continued) 5. Series of events
• Interacting with victims repeatedly.
• Chat via chat rooms, talk over phone, then
exploit victim.
 • Criminals use many methods and tools to locate
the vulnerabilities of their target.
• Target can be individual or organization.
How • Criminals can plan active or passive attacks.
• Active – usually used to alter the system.
Criminals • Passive – Attempts to gain information about
the target.
Plan the • Active – effects availability, integrity and
authenticity of the system.

Attacks • Passive – Breaches of confidentiality.

• Attacks can be either inside or outside.
• Inside – If originating from inside of security
perimeter of an organization.
• Outside – Outside the security perimeter of
the organization.
 The following phases are involved in
How planning cybercrime:

Criminals 1. Reconnaissance (info gathering) – First

phase and is treated as passive attack.
Plan the 2. Scanning and scrutinizing gathered
information for the validity of the
Attacks information and to identify existing
vulnerabilities.
(Continued) 3. Launching an attack (gaining and
maintaining the system access)
 How do I find your missing or stolen phone?

Activity
Google Find
https://www.google.com/android/find?u=0
Thank you
 Reconnaissance
• “Reconnaissance” is an act of reconnoitring –
explore, often with the goal of finding
something or somebody (especially to gain
How information about an enemy or potential
Criminals enemy).
• Reconnaissance begins with “Footprinting” –
Plan the this is the preparation toward pre-attack
phase.
Attacks • Involves accumulating data about the target’s
environment and computer architecture to
(Continued) find ways to intrude into that environment.
• Objective is to understand the system, its
networking ports and services and other
aspects of the security.
 Passive Attacks
• A passive attack involves gathering information about a
target without his/her (individual’s or company’s)
knowledge.
How • It can be as simple as watching when an employee enters
and leaves the company.
Criminals 1. It is usually done using Internet searches or by
Googling an individual or company to gain
information.
Plan the 2. Surfing social networking sites Facebook, etc.
3. Information provided on the company website
Attacks (Contact details).
4. Blogs, newsgroups, press releases to gain
(Continued) information.
5. Going through job opening can provide
information about the type of technology, servers,
infrastructure in the network.
• Network sniffing to find the IP address range, hidden
servers, other services in the network.
 Active Attacks
• An active attack involves probing the network to discover
individual hosts to confirm the information gathered in
the passive attack phase.
How • It involves the risk of detection and is also called
“Rattling the doorknobs” or “Active reconnaissance.”
Criminals • Active reconnaissance can provide confirmation to an
attacker about security measures in place.
Plan the Scanning and Scrutinizing Gathered Information
Attacks The objectives of scanning are:
(Continued) 1. Port scanning: Identify open/close ports and services.
2. Network scanning: Understand IP Addresses and related
information about the computer network systems.
3. Vulnerability scanning: Understand the existing
weaknesses in the system.
 Attack (Gaining and Maintaining the System
Access)
How • After the scanning and enumeration, the
Criminals attack is launched using the following steps:
Plan the 1. Crack the password;
2. exploit the privileges;
Attacks 3. execute the malicious commands/applications;
4. hide the files (if required);
(Continued)
5. cover the tracks – delete the access logs, so that
there is no trail illicit activity.
 • It is the “technique to influence” and
“persuasion to deceive” people to obtain the
information or perform some action.
• Social engineers exploit the natural tendency of
a person to trust social engineers’ word, rather
Social than exploiting computer security holes.
• Social engineering involves gaining sensitive
Engineering information or unauthorized access privileges by
building inappropriate trust relationships with
insiders.
• The sign of truly successful social engineers is
that they receive information without any
suspicion.
 Classification of Social Engineering
1. Human-Based Social Engineering
Human-based social engineering refers to
Social person-to-person interaction to get the
required/desired information.
Engineering 2. Computer-Based Social Engineering
(Continued) Computer-based social engineering refers to
an attempt made to get the required/desired
information by using computer
software/Internet.
 1. Human-Based Social Engineering
• Impersonating an employee or valid user.
• Posing as an important user.
• Using a third person.
Social • Calling technical support.
Engineering •
•
Shoulder surfing.
Dumpster diving.
(Continued) 2. Computer-Based Social Engineering
• Fake Emails.
• Email attachments.
• Pop-up windows.
 • It is defined as the use of information and
communications technology, particularly the
Internet, by an individual or group of individuals to
harass another individual, group of individuals, or
organization.
• Cyberstalking refers to the use of Internet and/or
other electronic communications devices to stalk
Cyberstalking another person.
• It involves harassing or threatening behaviour that
an individual will conduct repeatedly.
• As the Internet has become an integral part of our
personal and professional lives, cyberstalkers take
advantage of ease of communication and an
increased access to personal information available
with a few mouse clicks or keystrokes.
 Types of Stalkers
There are primarily two types of stalkers as
listed below:
• Online stalkers: They aim to start the
Cyberstalking interaction with the victim directly with the
(Continued) help of the Internet.
• Offline stalkers: The stalker may begin the
attack using traditional methods such as
following the victim, watching the daily
routine of the victim, etc.
 How Stalking Works?
1. Personal information gathering about the victim
2. Establish a contact with victim through telephone/cell phone. Once
the contact is established, the stalker may make calls to the victim to
threaten/harass.
3. Stalkers will almost always establish a contact with the victims
through E-Mail. The stalker may use multiple names while
contacting the victim.

Cyberstalking 4. Some stalkers keep on sending repeated E-Mails asking for various
kinds of favours or threaten the victim.
(Continued) 5. The stalker may post the victim’s personal information on any
website related to illicit services such as sex-workers’ services or
dating services, posing as if the victim has posted the information
and invite the people to call the victim on the given contact details
The stalker will use bad and/or offensive/attractive language to
invite the interested persons.
6. Whosoever comes across the information, start calling the victim on
the given contact details asking for sexual services or relationships.
7. Some stalkers subscribe/register the E-Mail account of the victim to
innumerable pornographic and sex sites, because of which victim
will start receiving such kind of unsolicited E-Mails.
 • Cybercrimes such as stealing of bank
passwords and subsequent fraudulent
withdrawal of money have also happened
through cybercafes.
• Cybercafes have also been used regularly for
Cybercafe sending obscene mails to harass people.
and • Indian Information Technology Act (ITA)
2000 interprets cybercafes as “network
Cybercrimes service providers” referred to under the
erstwhile Section 79, which imposed on
them a responsibility for “due diligence”
failing which they would be liable for the
offenses committed in their network.
 • Cybercriminals can either install malicious
programs such as keyloggers and/or Spyware
or launch an attack on the target.
• Here are a few tips for safety and security
while using the computer in a cybercafe:
Cybercafe 1. Always logout
and 2. Stay with the computer

Cybercrimes 3.
4.
Clear history and temporary files
Be alert
(Continued) 5. Avoid online financial transactions
6. Change passwords
7. Virtual keyboard
8. Security warnings
 • A Botnet (also called as zombie network) is a
network of computers infected with a
malicious program that allows
cybercriminals to control the infected
machines remotely without the users’
Botnets: knowledge.
The Fuel for • Your computer system maybe a part of a
Botnet even though it appears to be
Cybercrime operating normally.
• Botnets are often used to conduct a range of
activities, from distributing Spam and viruses
to conducting denial-of-service (DoS)
attacks.
 1. Use antivirus and anti-Spyware software and keep it
up-to-date.
2. Set the OS to download and install security patches
automatically.
3. Use a firewall to protect the system from hacking
attacks while it is connected on the Internet.
Botnets 4. Disconnect from the Internet when you are away from
(Continued) 5.
your computer.
Downloading the freeware only from websites that are
known and trustworthy
6. Check regularly the folders in the mail box – “sent
items” or “outgoing” – for those messages you did not
send.
7. Take an immediate action if your system is infected.
 Google has made our life
easy. Can we make it even
easier?
Activity
Yes, Google Dorks
Thank you.
 • An “attack vector” is a path or means by which an
attacker can gain access to a computer or to a
network server to deliver a payload or malicious
outcome.
• Attack vectors include viruses, E-Mail attachments,
webpages, pop-up windows, instant messages, chat
rooms, and deception.

Attack Vector • The most common malicious payloads are viruses,

Trojan Horses, worms, and Spyware.
• If an attack vector is thought of as a guided missile,
its payload can be compared to the warhead in the
tip of the missile.
• Payload means the malicious activity that the
attack performs.
• It is the bits that get delivered to the end-user at
the destination.
 • The attack vectors described here are how
most of them are launched:
• Attack by E-Mail
• Attachments (and other files)
Attack Vector •
•
Attack by deception
Hackers
(Continued) • Heedless guests (attack by webpage)
• Attack of the worms
• Malicious macros
• Foistware (sneakware)
• Viruses
 • Attack by E-Mail
• Content embedded in message or attachments.
• Attachments (and other files)
• Attachments install malicious code (Virus, trojan,
spyware)

Attack Vector • Attack by deception

• Vulnerable users, Frauds, scams, hoaxes, etc.
(Continued) • Hackers
• Flexible and improvise, install trojan to gain
control.
• Heedless guests (attack by webpage)
• Counterfeit sites, personal information, pop-ups
install trojan, spywares.
 • Attack of the worms
• Email attachments and network worms,
firewalls, zombie computers.
• Malicious macros
• Word and Excel to automate things, P2P
Attack Vector software.
(Continued) • Foistware (sneakware)
• Software that adds hidden component, bundled
with attractive software,
• Viruses
• Malicious code hitch a ride and make the
payload.
End of Module 2