Cyber Security and Cyber Law

Module 3:
Tools and Methods used in Cybercrime
Phishing and Identity Theft

Gowtham R Naik
The National Institute of Engineering
 Topics

Tools and Methods Used in Cybercrime

• Introduction
• Proxy Servers and Anonymizers
• Phishing, Password Cracking
• Keyloggers and Spywares
• Virus and Worms
• Trojan Horses and Backdoors
• DoS and DDoS Attacks
• Attacks on Wireless Networks
 • As the Internet and computer networks are
integral parts of information systems,
attackers have in-depth knowledge about
the technology and/or they gain thorough
Introduction knowledge about it.
• Various tools and techniques and complex
methodologies used to launch attacks.
• Network attack incidents reveal that
attackers are often very systematic in
launching their attacks.
 • The basic stages of an attack are:
1. Initial uncovering
2. Network probe
Introduction 3. Crossing the line toward electronic
(Continued) crime (E-crime)
4. Capturing the network
5. Grab the data
6. Covering tracks
 1. Initial uncovering
• In the first step called as reconnaissance, the
attacker gathers information, as much as
possible, about the target by legitimate means.
• Googling, public websites, news articles, press
Introduction releases are used.
(Continued) • In the second step, the attacker uncovers as
much information as possible on the company’s
internal network.
• Internet domain, machine names, IP ranges are
identified.
 2. Network probe
• Invasive technique to find more information.
• A “ping sweep” of the network IP addresses
Introduction is performed to seek out potential targets,
and then a “port scanning” tool is used to
(Continued) discover exactly which services are running
on the target system.
• Attacker has done nothing that is considered
as abnormal activity/intrusion on network.
 3. Crossing the line toward electronic crime
(E-crime)
• Now the attacker is toward committing what
is technically a “computer crime” by
exploiting possible holes on the target
Introduction system.
• Exploit possible holes in the system.
(Continued)
• Programming errors can be exploited. CGI
and Buffer overflow attacks.
• Default logins, and attempt for admin/root
access after gaining access.
 4. Capturing the network:
• At this stage, the attacker attempts to “own”
the network. The attacker gains a foothold in
the internal network quickly and easily.
Introduction • Tools to replace system files with Trojan files
and services that have a backdoor password.
(Continued) • Hacking tools to remove log files and trace of
intrusion.
• Using backdoor, hackers can access the
system later and carry out attacks on the
entire network, next level attacks.
 5. Grab the data
• Now that the attacker has “captured the
network,” he/she takes advantage of his/her
position to steal confidential data, customer
Introduction credit card information, deface webpages,
(Continued) alter processes and even launch attacks at
other sites from your network.
 6. Covering tracks
• This is the last step in any cyberattack, which
refers to the activities undertaken by the
Introduction attacker to extend misuse of the system
(Continued) without being detected.
• Attacker can go undetected for long periods.
 • Proxy server is a computer on a network which acts as
an intermediary for connections with other computers
on that network.
• Attacker first connects to a proxy server and
establishes a connection with target system. This helps
attacker to browse anonymously.
Proxy Servers • A proxy server has following purposes:
and 1. Keep the systems behind the curtain.

Anonymizers 2. Speed up access to a resource (through

“caching”).
3. Specialized proxy servers are used to filter
unwanted content such as advertisements.
4. Proxy server can be used as IP address multiplexer
to enable to connect number of computers on the
Internet, whenever one has only one IP address.
 • Advantage of proxy server is that its cache memory
can serve all users. Same website being requested
by different users, this will improve response time.
Cache servers.
• An anonymizer or an anonymous proxy is a tool that
Proxy Servers attempts to make activity on the Internet
and untraceable.
• It accesses the Internet on the user’s behalf,
Anonymizers protecting personal information by hiding the
source computer’s identifying information.
(Continued) • Web surfing through website which acts as a proxy
server for web client.
• Anonymizer hides/removes all the identifying
information from a user’s computer, ensures privacy
of the user.
 • Phishing is a fake or false e-mail which can
infect systems within addition to stealing
personal and financial data.
• How Phishing Works? Phishers work in the
following ways:
1. Planning (decide the target)
Phishing 2. Setup (create methods for delivering the
message and to collect the data about the
target),
3. Attack (phisher sends a phony message),
4. Collection (record the information of victims)
5. Identity theft and fraud (use the information
that they have gathered to make illegal
purchases or commit fraud)
 • Password cracking is a process of recovering
passwords from data that have been stored in or
transmitted by a computer system.
• Purpose of password cracking
• To recover a forgotten password.
• To check password strength by system
Password administrators.
• To gain unauthorized access.
Cracking • Manual password cracking
• Find a valid user account (admin, guest)
• Create a list of possible passwords.
• Rank the passwords from high to low probability.
• Key-in each password.
• Try again until successful.
 • Examples of guessable passwords include:
1. Blank (none);
2. the words like “password,” “passcode” and
“admin”;
3. series of letters from the “QWERTY” keyboard,
for example, qwerty, asdf or qwertyuiop;
Password 4. user’s name or login name;
5. name of user’s friend/relative/pet;
Cracking 6. user’s birthplace or date of birth, or a relative’s
or a friend’s;
(Continued) 7. user’s vehicle number, office number, residence
number or mobile number;
8. name of a celebrity who is an idol (e.g., actors,
actress, spiritual gurus) by the user;
9. simple modification of one of the preceding,
such as suffixing a digit, particularly 1, or reversing
the order of letters.
 • Attackers create script file which will be
executed to try each password in a list. Even
this is time consuming.
• Passwords are stored in a DB and password
verification is done when user attempts to
Password access.
Cracking • To maintain confidentiality, passwords are not
stored in clear text. Hashing/Encryption.
(Continued) • Password cracking attacks can be classified
under three categories as follows:
1. Online attacks;
2. offline attacks;
3. non-electronic attacks (e.g., social engineering,
shoulder surfing and dumpster diving).
Thank you.
 • Online Attacks
• Automated scripts to try all password.
• The most popular online attack is man-in-
Password the middle (MITM) attack, also termed as
“bucket-brigade attack” or sometimes
Cracking “Janus attack.”
(Continued) • It is a form of active eavesdropping in
which the attacker establishes a
connection between a victim and the
server to which a victim is connected.
 • Offline Attacks
• Location is other than the target location.
• Offline attacks usually require physical
Password access to the computer and copying the
password file from the system onto
Cracking removable media.
(Continued) • Types of offline attacks
• Dictionary attack (Admin)
• Hybrid attack (Adm1n)
• Brute force attack (Admin@09)
Password Cracking
Strong, Weak and Random Passwords
Weak password
• A weak password is one, which could be
easily guessed, short, common and a
system default password that could be
easily found by executing a brute force
attack and by using a subset of all possible
passwords.
• Can each one of you give at least one
sample weak password?
Password Cracking
Strong, Weak and Random Passwords

Strong password
• A strong password is long
enough, random or otherwise
difficult to guess – producible
only by the user who chooses it.
• Can each one of you give at least
one sample strong password?
Password Cracking
Strong, Weak and Random Passwords

• Random Password
• Password is stronger if it includes a mix of upper and
lower case letters, numbers and other symbols, when
allowed, for the same number of characters.
• The difficulty of the password will make the user to
write it down somewhere which the password
vulnerable.
• Pseudorandom passwords – It follows some pattern.
• System generated password and password aging.
 Password Cracking
Strong, Weak and Random Passwords
• Random Password - The general guidelines applicable to the password policies are:
1. Passwords and user IDs must be unique to each user.
2. Minimum of 8 alphanumeric characters.
3. Password rules and periodic testing to identify password weakness.
4. Private and must not be shared with anyone, not to be coded or written
anywhere.
5. Must be changed in 30/45 days, automatic expiration, prevent reusing
password.
6. Freezing accounts after 5 failed logins, record in log, audit log and take action.
7. Session must be suspended after 15 minutes of inactivity.
8. Display date and time of last login.
9. Accounts must be suspended if not used for a long duration.
10. High risk systems, alarm for excessive violations, let the personal continue
with the session while personnel investigate alarm.
 Password Cracking
Strong, Weak and Random Passwords
• Netizens should follow password guidelines:
1. Password for business, personal, banking account must be different.
2. Should be minimum 8 alphanumeric characters.
3. Should be changed every 30/45 days.
4. Should not be shared with anyone.
5. While renewing passwords, old passwords should not be used.
6. Passwords must be changed using secure systems if accessed using public
systems.
7. Should not be stored on mobile devices etc, which are vulnerable to cyber
attacks.
8. Check legitimacy of the email before clicking on the hyperlinks (Bank email)
9. Check legitimacy of the SMS before following the instructions.
10. If hacked, respective agencies must be informed immediately.
Keyloggers and Spywares

• Keystroke logging- practice of

noting (or logging) the keys struck
on a keyboard.
• Keystroke logger or keylogger is
quicker and easier way of
capturing the passwords and
monitoring the victims’ IT savvy
behaviour.
• It can be classified as software
keylogger and hardware
keylogger.
Keyloggers and Spywares (Continued)

Software Keyloggers
• Software keyloggers are software programs installed on the computer
systems which usually are located between the OS and the keyboard
hardware, and every keystroke is recorded.
• They are installed by Trojans and viruses without the knowledge of the
user.
• Insecure computers systems in public places.
• A keylogger usually consists of two files in a directory: a dynamic link
library (DLL) file and an Executable (EXE) file that installs the DLL file and
triggers it to work.
Keyloggers and Spywares (Continued)

Hardware Keyloggers
• Hardware keyloggers are small hardware
devices connected to the PC and/or to
the keyboard and save every keystroke
into a file or in the memory of the
hardware device.
• These keyloggers look like an integrated
part of such systems; hence, bank
customers are unaware of their
presence.
• Keyloggers in ATM.
Keyloggers and Spywares (Continued)

• Anti-keylogger
• Anti-keylogger is a tool that can detect the keylogger installed on the computer
system and also can remove the tool.
• Advantages are:
1. Firewalls cannot detect the installations of keyloggers on the systems; hence,
anti-keyloggers can detect installations of keylogger.
2. This software does not require regular updates of signature bases to work
effectively such as other antivirus and anti-spy programs.
3. Prevents Internet banking frauds.
4. It prevents ID theft.
5. It secures E-Mail and instant messaging/chatting.
 Keyloggers and Spywares
(Continued)
• Spywares
• Spyware is malicious software secretly
installed on the user’s personal computer.
• Spywares such as keyloggers are installed by
the owner of a shared, corporate or public
computer on purpose to secretly monitor
other users.
• Collect personal information, internet
browsing data and redirect browsing data.
• Change settings resulting in slow Internet
speed.
• Anti-spyware software are available in the
market.
Viruses and Worms
• Computer virus is a program that can “infect” legitimate
programs by modifying them to include a possibly “evolved”
copy of itself.
• Spreads like biological viruses spread from one person to
another.
• Viruses may contain malicious instructions (cause damage,
annoyance) and can spread without visible symptoms.
• It can start event-driven effects, time-driven effects, or
could be random.
Viruses and Worms (Continued)
• Viruses can take some typical actions:
1. Display a message to prompt an action which may set of the
virus;
2. delete files inside the system into which viruses enter;
3. scramble data on a hard disk;
4. cause erratic screen behaviour;
5. halt the system (PC);
6. just replicate themselves to propagate further harm.
Viruses and Worms (Continued)
• The term virus is erroneously used to refer to other types of
malware, adware, spyware that may not spread.
• A true virus can spread from one system to another.
• A worm spread itself automatically to other computers
through networks by exploiting security vulnerabilities.
• Trojan is a code/program that appears to be harmless but
hides malicious functions.
Thank you.
 • Computer viruses can be categorized based on attacks
on various elements of the system and can put the
system and personal data on the system in danger.
Viruses and 1. Boot sector viruses

Worms • Infects storage media where OS is stored. First

sector is BOOT and it carries Master Boot Record
(Types of (MBR).
• MBR reads and loads OS, enables system to start
Viruses) through OS.
• Spreads through shared infected disks and pirated
software.
2. Program viruses
• Becomes active when program file (.bin, .com,
.exe, .ovl, .drv) is executed.
• Makes copies of itself and infects other programs.
 3. Multipartite viruses
Viruses and • Hybrid of boot sector and program
virus.
Worms - • Infects program files and boot files
Types of when infected.
Viruses 4. Stealth viruses
• It camouflages or masks itself and
(Continued) detecting this type of virus is difficult.
• Anti virus cannot detect it.
• Alters file size and conceals itself to be
hidden in the system.
• Good anti-virus can detect these kind
of viruses.
 5. Polymorphic viruses
Viruses and • Acts like chameleon and changes virus
signature every time it spreads through
Worms - the system.
Types of • Polymorphic generators – Routines that
can be linked with existing viruses, they
Viruses are not viruses but they hide actual
viruses.
(Continued) 6. Macroviruses
• Microsoft word and excel support macros.
• Macros are embedded in a document.
• Macroviruses infect every document
opened by the user.
• Updated anti-virus can detect these.
 7. Active X and Java Control
Viruses and • Web browsers have Active X and Java Control
options.
Worms - • Enabling and disabling pop-ups, downloading
files and sound which invites threats for
Types of computer system.
Viruses • Viruses have various aspects:
• Attacks specific file types.
(Continued) • Manipulates a program to execute tasks
unintentionally.
• Infected program produces more viruses.
• Infected program may run without error for a
long time.
• Modify themselves and may escape
detection.
 • Trojan Horse is a program in which malicious or
harmful code is contained inside apparently
harmless programming or data in such a way that
it can get control and cause harm.
• Trojans can get into the system in a number of
Trojan Horses ways, including from a web browser, via E-Mail or
and Backdoors in a bundle with other software downloaded
from the Internet.
(Continued) • Unlike viruses or worms, Trojans do not replicate
themselves but they can be equally destructive.
• On the surface, Trojans appear benign and
harmless, but once the infected code is executed,
Trojans kick in and perform malicious functions to
harm the computer system without the user’s
knowledge.
 • Waterfalls.scr is a waterfalls screensaver can contain
hidden malware and infect PCs.
• Threats by Trojan are
1. Erase, overwrite or corrupt data on a computer.
2. Help to spread other malware.
Trojan Horses 3. Deactivate or interfere with anti-virus software.
4. Allow remote access to your computer.
and Backdoors 5. Upload and download files without your
knowledge.
(Continued) 6. Gather email addresses and use them for spam.
7. Log keystrokes to steal information.
8. Copy fake links to false websites, display porno
sites, play sounds/videos.
9. Slow down, restart or shutdown the system.
10. Reinstall themselves after being disabled.
11. Disable task manager.
12. Disable control panel.
 Backdoor
• A backdoor is a means of access to a
computer program that bypasses security
mechanisms.
Trojan Horses • A programmer may sometimes install a
backdoor so that the program can be
and Backdoors accessed for troubleshooting or other
(Continued) purposes.
• An attackers often use backdoors that
they detect or install themselves as part of
an exploit.
• In some cases, a worm is designed to take
advantage of a backdoor created by an
earlier attack.
 Backdoor (Continued)
• They are hidden and work in background.
• What a Backdoor does? Its function are:
1. Allows an attacker to create, delete,
rename, copy or edit any file, execute
Trojan Horses commands, change settings, alter registry,
and Backdoors run, control and terminate programs.
2. Allows attacker to take control of the
(Continued) hardware devices, shutdown and restart
computers.
3. Steal sensitive information, credentials, log
user activity and tracks browsing data.
4. Records keystrokes and captures
screenshots.
5. Sends all the gathered information to
predefined email address, uploads data to
FTP server.
 Backdoor (Continued)
6. Infects files, corrupts applications and
damages entire system.
Trojan Horses 7. Distributes infected files to computer with
vulnerabilities.
and Backdoors 8. Installs hidden FTP servers for illegal
activities.
(Continued) 9. Degrades internet connection speed and
overall system performance.
10. Provides no uninstall feature and hides
processes, files to complicate removal
process.
 How to Protect from Trojan Horses and
Backdoors
1. Stay away from suspect websites/weblinks
Trojan Horses • Avoid downloading from free / pirated software.
and Backdoors 2. Surf on the Web cautiously
(Continued) • Avoid downloading from peer-to-peer networks.
• Enable spam filters.
3. Install antivirus/Trojan remover software
• Anti-virus work against viruses, trojans, malware, etc.
• Free trojan remover programs are available.
 Activity
• Hide a secret
information in a
image using
Steganography
technique.
Thank you.
 • A denial-of-service attack (DoS attack) or
distributed denial-of-service attack (DDoS
attack) is an attempt to make a computer
resource unavailable to its intended users.
• DoS Attacks
DoS and • The attacker floods the bandwidth of the
DDoS Attacks victim’s network or fills his E-Mail box with
Spam mail depriving him of the services he is
entitled to access or provide.
• Targets high-profile sites such as banks,
payment gateways, mobile phone networks,
name servers, etc.
 • DoS Attacks (Continued)
• IP address is spoofed – source IP address is
DoS and changed to hide the actual IP or to impersonate
DDoS Attacks other system.
• Victim keeps waiting for response for each
request.
 • DoS Attacks (Continued)
• US Computer Emergency Response Team
defined symptoms of DoS attacks
DoS and • Unusually slow network performance.
DDoS Attacks • Unavailability of a particular website.
• Inability to access any website.
• Dramatic increase in the number of Spam Emails
received.
 • DoS Attacks (Continued)
• The goal of DoS is not to gain unauthorized
access to systems or data, but to prevent
intended users (i.e., legitimate users) of a
service from using it.
DoS and 1. Flood a network with traffic, thereby preventing
DDoS Attacks legitimate network traffic.
2. Disrupt connections between two systems,
thereby preventing access to a service.
3. Prevent a particular individual from accessing a
service.
4. Disrupt service to a specific system or person.
 Classification of DoS Attacks
1. Bandwidth Attacks
• Each website is given a limited bandwidth (say
50 Gb), users load 100 pages of the site and
reload it to consume all the available bandwidth.

DoS and 2. Logic Attacks

• Vulnerabilities in network software such as web
DDoS Attacks server or TCP/IP stack.
3. Protocol Attacks
• Exploit specific features or implementation bug
of some protocol.
4. Unintentional DoS attack
• Sudden spike in the popularity.
 Types or Levels of DoS Attacks
1. Flood attack
• Ping flood.
• Uses PING command.
• Attacker must have faster connection than
DoS and victim.
DDoS Attacks • Complete prevention is difficult.
2. Ping of death attack
• Oversized ICMP packets.
• Max size is 65,536 octets.
• Upon receiving system may crash, freeze and
reboot – unavailable.
 Types or Levels of DoS Attacks (Continued)
3. SYN attack
• TCP SYN Flooding.
• Client to server – SYN, Server to client – SYN-
DoS and ACK, client should respond to this but
intentionally ignores this.
DDoS Attacks • Server reserves memory for client’s pending
connection and waits.
• This fills buffer preventing access to legitimate
clients.
 Types or Levels of DoS Attacks (Continued)
4. Teardrop attack
• TCP/IP fragmentation reassembly code bug.
• Fragmented packets are forged to overlap each
other when the receiving host tries to
reassemble them.
DoS and • Older versions of windows and Linux were
vulnerable to this attack.
DDoS Attacks 5. Smurf Attack
• Generate significant computer network traffic
on a victim’s network.
• Host sends a ICMP request to a network
broadcast address.
• All devices respond to this and the target
network/node receives response from all the
devices creating huge traffic.
 Types or Levels of DoS Attacks (Continued)
6. Nuke
DoS and • Fragmented or corrupt ICMP packets to target.

DDoS Attacks • A string of out-of-band data was sent to TCP

port 139 causing blue screen of death.
• Target machine slows down and eventually shuts
down.
 Tools used to Launch DoS Attack
• Jolt2 – Processing illegal packets.
• Nemesy – random packets of spoofed source
DoS and IP address.
DDoS Attacks • Targa – 8 different types of DoS attacks.
• Crazy pinger – Large number of ICMP
packets to a remote target network.
• SomeTrouble – Remote flooder and bomber.
 DDoS Attacks
• In a DDoS attack, an attacker may use your
computer to attack another computer.
• By taking advantage of security vulnerabilities or
weaknesses, an attacker could take control of
your computer.
DoS and • He/she could then force your computer to send
DDoS Attacks huge amounts of data to a website or send
Spam to particular E-Mail addresses.
• A DDoS attack is a distributed DoS wherein a
large number of zombie systems are
synchronized to attack a particular system. The
zombie systems are called “secondary victims”
and the main target is called “primary victim.”
 DDoS Attacks (Continued)
• DDoS attacks involves hardcoding the target
IP address prior to release of the malware,
DoS and hence no further interaction is necessary to
DDoS Attacks launch the attack.
• A system may also be compromised with a
Trojan, allowing the attacker to download a
zombie agent.
 How to protect from DoS/DDoS attacks
1. Implement router filters.
2. If such filters are available for your system,
install patches to guard against TCP SYN
flooding.
DoS and 3. Disable any unused or inessential network
service.
DDoS Attacks 4. Enable quota systems on your OS if they are
available.
5. Observe your system’s performance and
establish baselines for ordinary activity
6. Routinely examine your physical security
with regard to your current needs.
 How to protect from DoS/DDoS attacks
(Continued)
7. Use Tripwire or a similar tool to detect changes
in configuration information or other files.
8. Invest in and maintain “hot spares” – machines
that can be placed into service quickly if a similar
machine is disabled.
DoS and 9. Invest in redundant and fault-tolerant network
DDoS Attacks configurations.
10. Establish and maintain regular backup
schedules and policies, particularly for important
configuration information.
11. Establish and maintain appropriate password
policies, especially access to highly privileged
accounts such as Unix root or Microsoft Windows
NT Administrator.
 How did FBI trick criminals into
Additional using an app?

Reading https://www.bbc.com/news/world-
57394831
Thank you.
 • Even when people travel, they still need to
work.
• The employee is no longer tied to an office
Attacks on location and is, in effect, “boundaryless.”
Wireless • The following are different types of “mobile
workers”:
Networks 1. Tethered/remote worker
2. Roaming user
3. Nomad
4. Road warrior
 1. Tethered/remote worker
• Remains at a single point of work but is
remote to the central company systems.
Attacks on 2. Roaming user
Wireless • Who works in an environment or in
Networks multiple areas.
(Continued) 3. Nomad
• Employees in hotel rooms and other semi-
tethered environments.
4. Road warrior
• Ultimate mobile user, spends little time in
office. Needs regular access to data and
function on the move.
 • Wireless networks extend the range
of traditional wired networks by
Attacks on using radio waves to transmit data to
wireless-enabled devices such as
Wireless laptops and PDAs.
Networks • Wireless networks are generally
(Continued) composed of two basic elements:
a) access points (APs)
b) other wireless-enabled devices,
such as laptops radio transmitters
and receivers to communicate or
“connect” with each other.
Attacks on Wireless Networks (Continued)
Thank you.
Attacks on Wireless Networks (Continued)
• Important Components of wireless network (other than routers, hubs and
firewalls)
1. 802.11 networking standard
• Family of WLANs.
• 802.11a – 54 Mbps in 5 GHz band uses orthogonal frequency division
multiplexing (OFDM).
• 802.11b - 11 Mbps in 2.4 GHz band – “Wi-Fi Standard”.
• 802.11g – 54 Mbps in 2.4 GHz band using OFDM.
• 802.11n – Multiple-input multiple-output (MIMO), 140 Mbps.
• 802.15 – Bluetooth technology.
• 802.16 – WiMax, Wireless Metropolitan Area Networks.
Attacks on Wireless Networks (Continued)
2. Access points
• Hardware/Software that acts as transmitter and receiver of WLAN radio
signals.
• Connects to wired LAN.
3. Wi-Fi hotspots
• Free Wi-Fi hotspots – Public places, free of cost, click and connect, no
authentication, Vulnerable to cyber attacks.
• Commercial hotspots – Authentication, payment to avail services, Airports,
Business hotels, VPNs for secure access.
4. Service set identifier (SSID)
• Name of the 802.11i WLAN and all wireless devices must use same name
to communicate.
• Administrator/User sets a SSID (can be 32 characters long).
• Turn off SSID broadcast, force manual entering of SSID.
Attacks on Wireless Networks (Continued)

5. Wired equivalence privacy (WEP)

• Safety matching the Ethernet standard, 802.11i in 1997.
6. Wi-Fi protected access (WPA and WPA2)
• In 2001, serious vulnerabilities were found in WEP.
• WPA was introduced as a interim standard to replace WEP.
• WPA2 – approved Wi-Fi alliance interoperable implementation of
802.11i.
• WPA2- uses AES.
Attacks on Wireless Networks (Continued)

7. Media access control (MAC)

• Unique identifier of each node of the network and is assigned by
manufacturer of NIC.
• MAC filtering – Only matching devices gets access – done through
Router.
• MAC address Spoofing.
• New device – MAC address must added manually.
Attacks on Wireless Networks (Continued)
• Traditional Techniques of Attacks on Wireless Networks
• Penetration of a wireless network through unauthorized access is
termed as wireless cracking.
• There are various methods that demand high level of technological
skill and knowledge, and availability of numerous software tools
made it less sophisticated with minimal technological skill to crack
WLANs.
• Sniffing
• Spoofing
• Denial of service (DoS)
• Man-in-the-middle attack (MITM)
• Encryption cracking
Attacks on Wireless Networks (Continued)
• Traditional Techniques of Attacks on Wireless Networks
1. Sniffing
• Eavesdropping on network.
• Intercept wireless data in unsecured network.
• Attacker installs sniffers to conduct following activities.
• Passive scanning of wireless network.
• Detection of SSID.
• Collecting the MAC address.
• Collecting the frames to crack WEP.
Attacks on Wireless Networks (Continued)
2. Spoofing
• Masquerade the identity by falsifying data.
• Create a new network, with same SSID in the same area.
• Computers automatically connect to this new strong network.
• MAC address spoofing – Change the assigned MAC address to a different
one, by-passes ACL by impersonating others.
• IP Spoofing – Process of creating IP packets with a forged IP address, to
conceal identity or impersonate other user.
• Frame spoofing – Injects frames whose content is carefully spoofed and are
valid as per 802.11 specifications, these are not authenticated in 802.11
networks .
3. Denial of service (DoS)
Attacks on Wireless Networks (Continued)
4. Man-in-the-middle attack (MITM)
• Attacker A inserts between the communication of X and Y with the knowledge of
X and Y.
• All messages between X and Y goes through A.
• Can simply observe or can even make modifications to messages.
5. Encryption cracking
• WPA encryption for protection.
• Older encryption techniques are vulnerable and may be exploited.
• Long and highly randomized encryption key making it extremely difficult to crack.
Attacks on Wireless Networks (Continued)
• Theft of Internet Hours and Wi-Fi-based Frauds and Misuses
• Wireless network into homes enables the Internet on the finger
tip of home users.
• Plug and play features of wireless networks.
• In case, unfortunately, he/she visits a malicious webpage, the
router is exposed for an attack.
• As the networks become stronger and more prevalent, more of
the signals are available outside the home of the subscriber,
spilling over into neighbor’s apartments, hallways and the
street.
Attacks on Wireless Networks (Continued)
• Theft of Internet Hours and Wi-Fi-based Frauds and Misuses
• Is stealing wireless network illegal?
• Connecting to a wireless network among the different available
networks is not illegal.
• Making efforts to intentionally move to a particular location, connect
to a network and carry out unwanted activities in illegal.
• Be careful with use of WAPs; when you are using a WAP to gain access to
computer on a network
• be aware of the local laws/legislations where you are doing it because
things can become dangerous from security and privacy as well legal
perspective.
Attacks on Wireless Networks (Continued)
• How to Secure the Wireless Networks
• Following summarized steps will help to improve and strengthen
the security of wireless network:
1. Change the default settings of all the equipment /components of
wireless network (e.g., IP address/ user IDs/administrator passwords,
etc.).
2. Enable WPA/WEP encryption.
3. Change the default SSID.
4. Enable MAC address filtering.
5. Disable remote login.
6. Disable SSID broadcast.
7. Disable the features that are not used in the AP (e.g.,
printing/music support).
Attacks on Wireless Networks (Continued)
8. Avoid providing the network a name which can be easily identified
(e.g., My_Home_Wifi ).
9. Connect only to secured wireless network (i.e., do not auto
connect to open Wi-Fi hotspots).
10. Upgrade router’s firmware periodically.
11. Assign static addresses to devices.
12. Enable firewalls on each computer and the router.
13. Position the router or AP safely.
14. Turn off the network when not in use.
15. Monitor wireless network security periodically.
Chapter 2: • Introduction
• Phishing
• Identity Theft (ID Theft)
• PII
Phishing and • Methods of Phishing • Types of Identity Theft
• Techniques of ID Theft
Identity • Phishing techniques
• Spear phishing • Countermeasures
Theft • Types of phishing scams
• Phishing toolkits and spy
• How to efface online
identity
phishing
• Phishing
countermeasures
Thank you.
 • Phishing is one of the methods of enticing users
to reveal their personal information - Identify.
• Identity theft involves unauthorized access to
Phishing and personal data.
• Indian IT Act Section 66C – Misuse of identity - 3
Identity Theft years of imprisonment or one lakh fine.
- • Indian IT Act Section 66D – Cheating using
communication device - 3 years of
Introduction imprisonment or one lakh fine.
• Phishing is the use of social engineering attacks
to trick users into revealing confidential
information.
 • Phishing attacks are on the rise in Asia,
Europe and North America.
• Europe is the dominant source of Phishing E-
Phishing and mails.
Identity Theft • US, India and China are the most targeted
countries.
- • Financial organizations, payment services
Introduction and auction websites were the most
targeted industry.
• Port 80, 443 and 8080 are the most popular
ports among the phishing attacks.
 • Definitions
• Criminally fraudulent process of attempting to
acquire sensitive information such as usernames,
passwords, and credit card details by masquerading
as trustworthy entity in an electronic
communication.
• Act of sending an email to a user falsely claiming to
be an established legitimate enterprise in an attempt
Phishing to scam the user into surrendering private
information that will be used for ID theft.
• Scam to steal valuable information such as credit
card and social security numbers, user IDs and
password. Brand spoofing.
• In summary, Phishing is a type of deception to steal
your identity.
• Emails is the popular medium used in the phishing
attack. These are known as spam emails.
 • Junk E-mails – Nearly identical emails sent to numerous
recipients.
• Botnets are used for sending spams and they account to
80% of spams.
• Types of Spam are: UBE and UCE.

Phishing • Unsolicited bulk E-Mail – unsolicited emails sent in large

quantities.
(Spam E- • Unsolicited commercial E-Mail - unsolicited emails sent
in large quantities from commercial perspective.
Mails) • Spam E-Mails forge organizations such as:
• HSBC, Common Wealth Bank – International banks
having large customer base.
• eBay – Auction site.
• Amazon – Top brands.
• Facebook – Social networking sites.
 • Tactics used by a phisher
• Names of legitimate organizations (Create phony
company, use company’s name, look and feel of
company site in Spam)
• “From” a real employee (Real name of an
official, if users check official company website,
Phishing they will find the same name)
• URLs that “look right” (Spoofed sites, selected
(Spam E- pages of legitimate site)
• Urgent messages (Fear to trigger a response,
Mails) “No longer be able to access account”)
• Phrases used to entice the user
• “Verify your account”
• “You have won the lottery”
• “If you don’t respond within 48 hours, your
account will be closed”
 • Ways to reduce the amount of Spam E-mails:
1. Share personal email id with limited people on public
websites, more it is exposed, more spam will be sent.
2. Never reply or open spam email.
3. Disguise the email address on public website spelling
“@” and “.”
Phishing narenderATnieDOTacDOTin instead of

(Spam E- [email protected]
4. Use alternate email ids for personal work, don’t use
Mails) business email addresses everywhere.
5. Do not forward any emails from unknown recipients.
6. Preview an email before opening it.
7. Never use email addresses as screen names in chat
groups or rooms.
8. Never respond to a spam email asking to remove
your email address from the mailing list.
 • Deliberate attempt to deceive or trick user
into believing or accepting that something is
real, when it is actually false.
Phishing • It may or may not be spam.
(Hoax E- • Difficult to recognize whether an email is a
spam or hoax.
Mails)
• Websites to check if it is hoax.
• Breakthechain.org
• Hoaxbusters.org
 1. Dragnet
Methods of 2. Rod-and-reel
Phishing 3. Lobsterpot
4. Gillnet
 1. Dragnet
• Use of spammed emails, bearing falsified corporate
identification, addressed to a large group of people
to websites or pop-up windows.
• Phishers do not identify victims in advance and rely
on the false information included in the email.
• Requested to enter bank or credit card account data
Methods of or other personal data.

Phishing 2. Rod and reel

• Identify specific prospective victims in advance, and
convey false information to them to prompt their
disclosure of personal and financial data.
• Phony webpages for an item for which the user may
be searching for. Attract them by giving better deals.
• Victim’s visit these sites and provide personal and
financial information.
 3. Lobsterpot
• Focuses on spoofed websites similar to corporate
ones, targeting a narrowly defined class of victims.
• Phisher places a weblink in the email which takes to
a phony website or a pop-up window that looks
exactly like the legitimate website.
• Users enter their personal and financial information
Methods of and hackers use to make purchases and steal
identity.
Phishing 4. Gillnet
• Relies less on social engineering and more on the
malicious code embedded in the emails and
websites.
• Visiting these sites might install trojan horse.
• Malicious code may redirect legitimate request to
look alike fake sites.
• It might record key strokes and transmit to phishers.
 1. URL (weblink) manipulation
2. Filter evasion
3. Website forgery
Phishing 4. Flash Phishing
5. Social Phishing
Techniques
6. Phone Phishing
• Phishers usually send millions of E-Mail
messages, pop-up windows, etc., that
appear to be looking official and legitimate.
 Have you heard of and used -
Activity Temporary email accounts?
Thank you.
 1. URL (weblink) manipulation
• Instead of abcbank.com, abcbank1.com.
• Difference of 1 or 2 characters in the URL.
• Homograph attack – www.google.com
Phishing and www.g00gle.com
Techniques 2. Filter evasion
• Use images instead of text to bypass anti
phishing filters.
• Build in features in browsers, enable it if
it is disabled by default.
 3. Website forgery
• Redirect users to website designed and
developed by phisher.
• When users login, their credentials are
received by phisher.
Phishing • Cloaked URL – domain forwarding,
inserting control characters in the URL.
Techniques 4. Flash Phishing
• Anti-phishing tools do not check flash
objects.
• Phishers use flash to emulate real
websites and users enter data in spite of
anti-phishing tools installed.
 5. Social Phishing – Entice users to reveal
information in a systematic manner.
• Phisher sends a mail as if it is sent from a bank
asking to call them because of security issue.
• Victim’s call the number displayed in the email.
Phishing • Fake number, and is redirected to phisher.
• Phisher speaks like bank employee.
Techniques • Gets the sensitive details.
6. Phone Phishing
• Mishing, Vishing, Smishing.
• Fake caller id to make it appear that the call is
coming from a legitimate organization.
• Users reveal personal information.
 • Traditional phishing involves sending emails
to large number of people.
• A method of sending a Phishing message to
a particular organization / group of people to
Spear gain organizational information for more
targeted social engineering.
Phishing
• Spear phishers send E-Mail that appears
genuine to all.
• It aims to gain access to a company’s entire
computer network.
 • The message might look like as if it has come
from your employer, or from a colleague
Spear who might send an E-Mail message to
everyone in the company (such as the
Phishing person who manages the computer
systems); it could include requests for
usernames or passwords.
 • A specific form of “Phishing” and/or “Spear
Phishing” – targeting executives from the
top management in the organizations,
usually from private companies.
Spear • The objective is to swindle the executives
Phishing into revealing confidential information.
(Whaling) • Whaling targets C-level executives
sometimes with the help of information
gleaned through Spear Phishing, aimed at
installing malware for keylogging or other
backdoor access mechanisms.
 • E-Mails sent in the whaling scams are
designed to masquerade as a critical
business E-Mail sent from a legitimate
business body and/or business authority.
Spear • Whaling phishers have also forged official
Phishing looking FBI subpoena E-Mails and claimed
that the manager needs to click a link and
(Whaling) install special software to view the
subpoena.
• Whaling involves more extensive
reconnaissance about the target.
 1. Deceptive Phishing
2. Malware-based Phishing
3. Keyloggers
4. Session hijacking
5. In-session Phishing
Types of 6. Web Trojans
Phishing 7. Pharming

Scams 8.
9.
System reconfiguration attacks
Data theft
10. Content-injection Phishing
11. Man-in-the-middle Phishing
12. Search engine Phishing
13. SSL certificate Phishing
 1. Deceptive Phishing
• Broadcast deceptive emails with the objective to
steal identity.
• Verify bank account / system failure / account
changes / new free services / quick action.
Types of • Netizens enter information and fall prey.
Phishing 2. Malware-based Phishing
• Malicious code is used, email-attachment /
Scams downloadable file / exploiting security feature.
• OS and anti-virus update.
3. Keyloggers
• Malware embed keyloggers to track user input.
• It can be a small browser entity like a plugin.
 4. Session hijacking
• After connection is established using credential,
malicious code takes control of the connection
and perform transactions.
Types of 5. In-session Phishing
Phishing • One-browsing session opening interfering and
misusing another session say banking session.
Scams • Users feel that it is a Pop-up from bank session.
6. Web Trojans
• Invisible pop-ups which gather information
when user tries to login using browser.
• Gather information and transmit to phisher.
 7. Pharming
• Attacker exploits vulnerability in ISP DNS server
and hijacks domain name.
• Host file poisoning – Windows host file, poison
and redirect the traffic to fake website
Types of (developed by phisher) which looks like real
website.
Phishing • DNS –based poisoning – Tampers with DNS so
that he responds with fake address when a DNS
Scams request is sent to it. DNS hijacking.
8. System reconfiguration attacks
• Modify setting in user’s computer for malicious
purposes.
• URL saved in bookmarks can be changed.
• xyzbank.com to xyzbanc.com
 9. Data theft
• Critical and confidential data is stolen.
• Corporate servers and web are easy targets.
• Unsecured systems are most vulnerable.
• Widely used business espionage approach.
• Sell the data and cause economic damage.
Types of 10. Content-injection Phishing
Phishing • Replace part of content in a legitimate website with false
content to mislead users into revealing personal

Scams information.
• Malicious code to collect information from a legitimate
website and send it to phisher.
11. Man-in-the-middle Phishing
• Phishers positions himself between user and legitimate
website/system.
• Collect information transmitted between the systems and
sell /misuse the data.
 12. Search engine Phishing
• Create websites with attractive offers and have
them indexed legitimately with search engine.
• Mobile phones for less price, low interest
credits, etc.
Types of • Search engine optimization – Maximizing traffic
to a website so that the search engine places
Phishing this website on the top.
13. SSL certificate Phishing
Scams • Targets web servers with SSL certificates to
create a duplicitous website displaying similar
lock icon.
• SSL certificates are valid and belong to
legitimate website and these are misused by
phishers.
Thank you.
 Distributed Phishing Attack (DPA)
• An advanced form of phishing attack that
works as per victim’s personalization of the
location of sites collecting credentials and a
Types of covert transmission of credentials to a
Phishing hidden coordination center run by the
phisher.
Scams • A large number of fraudulent web hosts are
used for each set of lured E-Mails.
• Each server collects only a tiny percentage of
the victim’s personal information.
 • Toolkit is a set of scripts/programs that allows a
phisher to automatically set up phishing websites
that looks like legitimate site.
• Sold in the dark web.
Phishing • Free phishing tools are do it yourself tools. These
Toolkits and may contain backdoor to send phished information
to someone other than the tool user.
Spy Phishing • Rock Phish – Allows a single website with multiple DNS
names to host variety of phished pages.
• Xrenoder Trojan Spyware – Resets homepage/search
settings to other sites.
• Cpanel Google – Modifies DNS entry in host’s file to point
to its own website.
 • The countermeasures prevent malicious attacks that phisher
may target to gain the unauthorized access to the system to
steal the relevant personal information about the victim, from
the system.
• It is always challenging to recognize/judge the legitimacy of a
website while Googling.
1. Keep antivirus up to date
2. Do not click on hyperlinks in E-Mails
3. Take advantage of anti-Spam software
Phishing 4. Verify https (SSL)
Countermeasures 5. Use anti-spyware software
6. Get educated
7. Use Microsoft Baseline Security Analyzer
8. Firewall
9. Use backup system images
10. Do not enter sensitive or financial information into
pop-up windows
11. Secure the hosts file
12. Protect against DNS Pharming attacks
 • With Sanitizing Proxy System (SPS), web Phishing attack
can be immunized by removing part of the content that
entices the netizens into entering their personal
information.
• SPS sanitizes all HTTP responses from suspicious URLs
with warning messages.
• Phishing attack comprises two phases:
Phishing • Attraction
Countermeasures • Acquisition
(SPS Algorithm) • Characteristics of SPS
1. Two-level filtering
2. Flexibility of the rule set
3. Simplicity of the filtering algorithm
4. Accountability of HTTP response sanitizing
5. Robustness against both misbehavior of novice
users and evasion techniques
 • Characteristics of SPS
1. Two-level filtering
• Strict URL filtering and HTTP response sanitizing.
2. Flexibility of the rule set
• Rule set as defined by the operator of SPS.
3. Simplicity of the filtering algorithm
Phishing • 20 steps for implementation in existing browsers,
plugins or firewalls.
Countermeasures 4. Accountability of HTTP response sanitizing
(SPS Algorithm) • Removes malicious HTTP headers/tags from HTTP
responses.
• Alert users.
5. Robustness against both misbehavior of novice users
and evasion techniques
• Built-in proxy can protect from all deceit cases of web
spoofing.
 • Fraud that involves someone pretending to
be someone else to steal money or get other
benefits.
• The person whose identity is used can suffer
various consequences when he/she is held
Identity responsible for the perpetrator’s actions.
• Statistics as per Federal Trade Commission
Theft (FTC)
1. Credit card fraud (26%)
2. Bank fraud (17%)
3. Employment fraud (12%)
4. Government fraud (9%)
5. Loan fraud (5%)
 • 4 variants: Personal, Personally, Identifiable,
Identifying
• Fraudsters attempts to steal the elements
mentioned below:
Personally 1. Full name
2. National identification number (e.g., SSN)
Identifiable 3. Telephone and mobile phone numbers
Information 4. Driver’s license number
5. Credit card numbers
(PII) 6. Digital identity (e.g., E-Mail address, online
account ID and password)
7. Birth date and Place name
8. birthplace
9. Face and fingerprints
 • A fraudster generally searches the
following about an individual:
1. First or last name
Personally 2. age
Identifiable 3. country, state or city of residence
Information 4. gender
(PII) 5. name of the
school/college/workplace
6. job position, grades and/or salary
7. criminal record
 • Types of Identity Theft
1. Financial identity theft
Personally 2. Criminal identity theft
Identifiable 3. Identity cloning
Information 4. Business identity theft
(PII) 5. Medical identity theft
6. Synthetic identity theft
7. Child identity theft
 • Types of Identity Theft
1. Financial identity theft
• 25 types - Bank, credit card, tax
refund, mail fraud.
Personally • Name, SSN, bank account.
• Recovery is expensive, time-
Identifiable consuming, psychologically painful.
Information 2. Criminal identity theft
• Taking over someone’s identity and
(PII) committing crime.
• Computer & cybercrimes, organized
crimes, trafficking, money laundering.
• Employer conducts a criminal
background verification.
 • Types of Identity Theft
3. Identity cloning
• Clones compromise victim’s life by actually
living and working as the victim at a different
location.
Personally • May pay bills, get engaged, married and start
a family.
Identifiable 4. Business identity theft
• Fraudster rents a space in the same building
Information as victim’s office.
• Applies for corporate credit cards using
(PII) victim firm’s name.
• Business sensitive information (BSI) is info
about the business, privileged in nature or
proprietary information, if compromised,
could cause serious damage. (Sensitive
asset)
• Masquerading business goods, IP theft.
 • Types of Identity Theft
5. Medical identity theft
Personally • Medical records of patients get created who
avail medical facility.
Identifiable • Protected health information (PHI) changing
Information hands when multiple agencies are involved.
(Medical representatives, health officers,
(PII) doctors, medical insurance organizations,
hospitals)
• A man received medical services bill who
had no health issues.
 • Types of Identity Theft
6. Synthetic identity theft
• Fraudster will take parts of personal
Personally information from many victims and
combine them.
Identifiable • Not specific to any particular victim
but can affect all victims.
Information 7. Child identity theft
(PII) • Parents using children’s identity to
open credit card accounts, utility
accounts, bank accounts, take loans
because their credit history is
insufficient.
 1. Human-based methods – Techniques used by
attacker without or minimum use of technology
• Direct access to information (who have gained trust
and have access to buildings– House cleaners,
babysitters, nurses, friends)
• Dumpster diving (retrieving documents from trash
bins)
Techniques • Theft of a purse or wallet (credit cards, debit cards,
DL, Insurance ID card)
of ID Theft • Mail theft and rerouting (Steal postal mails from
mailboxes)
• Shoulder surfing (People in public loitering around
near ATM, cybercafes)
• False or disguised ATMs (Miniaturized equipment on
a valid ATM)
• Dishonest or mistreated employee (Access to
personal files, salary info, confidential info)
• Telemarketing and fake telephone calls (Vishing)
 2. Computer-based technique
• Backup theft (Steal equipment from private
buildings, public facilities)
• Hacking, unauthorized access to systems and
database theft (compromise information
systems)
Techniques • Phishing
of ID Theft • Pharming (websites looking similar to legit
site and domain is altered slightly,
www.xyzbank.com to www.xyzbanc.com )
• Redirectors (Redirect users traffic to
locations they did not intend to visit,
infecting DNS server)
• Hardware (Keystroke recording device)
 1. Monitor your credit closely.
2. Keep records of your financial data and
transactions.
3. Install security software.
4. Use an updated web browser.
Identity Theft:
5. Be wary of e-mail attachments and links in
Countermeasures both email and instant messages.
6. Store sensitive data securely.
7. Shred documents.
8. Protect your PII.
9. Stay alert to the latest scams.
 Tools that users can use to remove their usage
footprints.
How to 1. Anti tracks
efface your 2. Privacy eraser pro.
online 3. MyPrivacy
identity 4. Web 2.0 suicide machine
5. Seppukoo
Thank you.