Chapter_2
Chapter_2
Happy Learning
Chapters 2
Cyber Offense and
Cyber Crime
CYBER SECURITY & LAW
Book Authors & Editorial Team Members
Devika Satare
Bhakti Bheda
Surbhi Desai
Dr. Nilakshi Jain Mr. Ramesh Menon
4
“
“If you spend more on
coffee than on IT security,
you will be hacked.
What’s more, you deserve
to be hacked .”
— Richard Clarke
5
Review Questions from Chapter 1
• Explain global perspectives of cybercrime [ME-IT, Dec 2019].
• Explain in detail cyberdefamation and various types of cybercriminals.
[ME-IT, Dec 2018]
• Give a classification of cybercrime and cybercriminals. [ME-IT, Dec 2017].
• Write a short note on Indian Information Technology Act, 2000. [BE-IT, Dec
2019; ME-IT, Dec 2017].
• Write brief note on cyberterrorism [BE-IT, Dec 2019].
• Classify the cybercrimes and explain any one briefly. [BE-IT, Dec 2019].
• Compare active attack versus passive attack. [BE-IT, Dec 2019]
Learning Objectives
• Describe different types of cybercrimes
• How criminals plan attack
• The steps involved in cybercrimes
Topic 1
8
Introduction
to
1
Cyber Offense
&
Cyber Crime
Lecture
Topics to be covered Learning Objective
No.
Introduction with Course Outcome and Program Outcome To Discuss criminal planning attacks on Social
5 with objectve of module, How criminal plan the attacks, Engg, Cyber Stalking, Cyber café and
Social Engg, Cyber stalking, Cyber café and Cybercrimes Cybercrimes
6 Bot nets, Attack vector, Cloud Computing To Classify different types of Attacks
To Understand various mobile and wireless
7 Proliferation of Mobile and Wireless Devices devices related cybercrime and idetify supported
law.
Trends in Mobility, Credit Card Frauds in Mobile and to Understand recent trends in mobiity wireless
8
Wireless Computing Era era
To Discuss Security Challenges Posed by Mobile
Security Challenges Posed by Mobile Devices, Registry
9 Devices and explore the knowledge of Registry
Settings for Mobile Devices.
Settings for Mobile Devices.
to Explain Authentication on Service Security
Authentication Service Security, Attacks on Mobile/Cell
10 and able to Group Attacks on Mobile/Cell
Phones.
Phones.
To Document Security Implications for
11 Mobile Devices: Security Implications for Organizations.
Organizations.
To Determine Organizational Measures for
Organizational Measures for Handling Mobile, Devices-
12 Handling Mobile, Devices-Related Security
Related Security Issues.
Issues.
Organizational Security Policies and Measures in Mobile To Interpret Organizational Security Policies and
13
Computing Era, Laptops. Measures in Mobile Computing Era, Laptops.
Cyber Crime As Per IT Act 2000
Computer
system
network.
CYBER OFFENSE
Any interference by an attacker that results in damage,
alteration or compression of computer data without the
owner's permission is called Cyber offense.
Offense
Offense against
Offense Offense
against unauthorized
against against
Private access of
government property computer
Contents
data
Chapter
2
Topic 2
13
How Do
2 Criminals Plan
The Attacks ?
HOW DO CRIMINALS PLAN THE ATTACKS ?
Scan
ning • Scanning and scrutinizing the gathered information for the validity
and
gathe of the information as well as to identify vulnerabilities .
ring
infor
matio
n
Lau
nchi
ng
•
Gaining and maintaining system access .
an
atta
ck
Let’s learn one by one?
17
PHASE 1 : RECONNAISSANCE
In the world of hacking , reconnaissance phase begins with foot printing .
Reconnaissance
• It involves the risk of detection and is also called “Rating the doorknobs” or “Active
Reconnaissance”.
Arphou
nd
.
Bing
Tools Arping
Dig
19
Passive Attack
Blogs
20
Phase 2 : Scanning and Scrutinizing
gathered information
• Scanning is the key step to examine intelligently while gathering information about the
target.
21
Scrutinizing phase
22
Phase 3: Launching an Attack
Topic 3
24
3 Social
Engineering
Social Engineering
Social engineering is a non technical strategy cyber attackers use that relies heavily
on human interaction and often involves tricking people into breaking standard
security policies.
.
26
Types of Social Engineering
• Impersonating an employee or valid user.
Human •
•
•
Posting as an important user.
Using a third person.
Based
Calling technical support.
• Shoulder surfing and Dumpster diving.
Topic 4
29
Cyber
4
Stalking
Cyber Stalking
Topic 5
32
Cyber Cafe
5
Cyber Crimes
Cyber Cafe and Cyber Crimes
• Cyber Cafe such as stealing of bank passwords and
illegally withdrawal of money have also happened through
cyber cafes.
Risks of Cyber
Cafe
• Cyber cafes have also been used regularly for sending
absence mail to harass people.
• We do not know
what programs are
• A recent survey conducted in one of the metropolitan cities installed on the
in India reveals the following facts :
Pirated software are installed in all the computers. computer like key
Antivirus was not updated with latest patch. loggers or spyware.
Several cybercafes has installed “Deep Freeze” to • Over the shoulder
protect computer which helps cyber criminals. peeping can enable
Annual Maintenance Contract (AMC) was not found for
servicing of the compute
others to find out
Pornographical websites were not blocked . your passwords
SECURITY TIPS FOR CYBER CAFE
Change
Stay with the Clear history
Avoid online Passwords /
computer and temporary
financial Be Alert Virtual
While surfing, files
transactions One have to be Keyboard
don’t leave the Before
One have to be alert for Keyboard–
system browsing
alert for snooping over Change
unattended for deselect AutoC
snooping over the shoulder.. password after
any period of omplete option.
the shoulder. completion of
time Delete Cookies
transaction.
Lab Experiment
To Enable Router
Encryption to
Protect Wi-Fi
36
Chapter
2
Topic 6
37
6 Bot nets
Bot net
A Botnet is a network of
compromised computers called
Zombie Computers or Bots, under
the control of a remote attacker.
Bots began as a useful tool. They
were originally developed as a
virtual individual that could sit on a
IRC channel and monitor network
traffic
Botnet
Terminology
Bot Herder(Bot Master)
Bots (Zombie
Computer)
IRC Server
Command and Control
Server
Ready to learn ??? Let’s start !!!
1. Bot Header
Bot Headers (Bot Master) are the hackers
who use automated techniques to scan
specific network ranges and find
vulnerable systems, on which they can
install their bot program.
To create an army of Zombies over
Internet, attacker typically infect
machines of home users, network
maintained by universities or small
enterprises, etc.
2. Bots (Zombie
Computers)
Bots (also called as Zombie Computers) are
the computers that contribute to the botnet
network.
They run using a hidden channel to
communicate to their C&C server.
They can auto scan their environments and
propagate themselves taking advantage of
vulnerabilities and weak passwords.
Generally , the more vulnerabilities a bot can
scan, the more valuable it becomes to the
botnet controller community .
The process of stealing computer resources
as a result of a system being joined to a
botnet is called Scrumping
3. IRC Server
Internet Relay Chat (IRC) is a form
of real-time Internet text messaging
(chat).
The server listen to connections from
IRC clients enabling people to talk to
each other via the internet.
IRC provides a simple, low latency,
widely available, and anonymous
command and control channel for
botnet communication.
4. Command and
Control Server
C&C Infrastructure allows a bot agent to receive new instructions, malicious
capabilities, update existing infections or to instruct the infected computer to carry
out specific task as dictated by remote controller.
The criminal actively controlling botnets must ensure that their C&C infrastructure
is sufficiently robust to manage tens-of-thousand of globally scattered bots as well
as resist attempts to hijack or shutdown the botnet.
Chapter
2
Topic 7
What is Attack
Vector??
Attack Vector
In cyber security, an attack vector is a
method or pathway used by a hacker Viruses
to access or penetrate the target Email
system. Pop up Attachmen
windows ts
Hackers steal information, data and
money from people and organizations Attack
vector
by investigating known attack
Instant
vectors and attempting to exploit Messaging Web
pages
vulnerabilities to gain access to the
Chat
desired system. Rooms
Attack vectors entitle attackers to
exploit system vulnerabilities,
including human components.
How Attack vector is
launched
Hacker
Attack by Attack
Webpage By Email
Attacks
Attack
Attack by
by
Deception
Worms
Viruses
Consequences of
Attack Vector
Bad use of your Reputation loss
Losing Your mobile resources
In case your Facebook Identity Theft
Data Which means that your
account or business email
network or mobile device There can be a case of
If your mobile device
can go in overload so you account is hacked, the identity theft such as
has been hacked, or a hacker can send fake photo, name, address,
are unable to access your
virus introduced, then
all your stored data is
genuine services. In messages to your friends, credit card, etc. and the
worse scenarios, to be business partners and same can be used for a
lost and taken by the crime.
used by the hacker to other contacts. This might
attacker.
attach another machine
or network.
damage your reputation.
Chapter
2
Topic 8
Cloud
Computing
Cloud
Computing
Cloud computing is a term which is used for storing Amazon
Web
& accessing data over the Internet. It doesn’t store Services
IBM
Cloud
Cloud Computing
Services
A public cloud offers services to anybody on the
Internet.
Services provided by
A private cloud resembles a restrictive network or
cloud computing are : data centre that provisions the hosted service to a
limited number of users
Public
Cloud
Computing
Services
Private
Cloud Computing
Services (continued)
Infrastructure-as-a-Service(IaaS) : It is
like Amazon Web service that provides
virtual servers with unique IP addresses
and blocks of storage on demand.
Platform-as-a-Service (Paas): It is a set
of Software development tools hosted on
the provided server. Developers can
Create applications using the provider's
API. Google apps is one of the most
famous Paas providers.
Software - as-a-Service (Saas) : In this
case the provider allows the customer
only to use its applications. The software
interacts with the user interface.
Security Issue
Lab Experiment
To Study Remote
Access Tool
(Study purpose
only)
57
Chapter
2
Topic 9
Proliferation of Mobile
and Wireless Devices
A simple hand held mobile phone
gives enough processing capacity to
run little applications, mess around and
music and make voice calls.
Topic 10
Have you ever
browsed about
Trends in mobility
wireless era ????
Trends in Mobility
Mobile computing is
moving into a new era
(2G,3G,4G and
beyond )where we have UsertheMobility
It refers to users who approach equivalent telecomm administrations
numerous applications, at better places. i.e users can be portable and administrations can follow
improved ease of use and him/her.
higher data rates.
The various types of
mobility and their
implications are as follows:
Device Mobility
It refers to the physical movement of the device. It can also be called
Device Portability.(small size, battery driven).
Service Mobilty
An user should be able to move from one service to another. E.g. A user
writes an email and to complete the email , the user needs to refer to some
other information.
Attacks on
Mobile Devices
Skull Trojan Mosquito Overbilling
Lasco worm Attack
Trojan
Overbilling involves
• It targets series 60 • It affects the • It targets PDA
an attacker hijacking a
phones equipped series 60 smart and mobile
with mobile OS. phones and is a phones running subscriber's IP address
cracked version the symbian OS. and then using it to
of mosquitos Lasco replicates initiate downloads or
mobile phone over Bluetooth use it for its own use.
game. connection. In this, the legitimate
user is charged for the
activity.
Chapter
2
Topic 11
Many people use
credit cards
nowadays
Have you ever wondered
How it works???
Is it safe ???
Let’s Have a look
Online Environment for Credit Card Transaction
The customer places an order and swipes the
card .
The card details are known through magnetic
strip data .
Magnetic strip also known as swipe card or
magstrip is a card capable of storing data
modifying the iron based magnetic particles on
band of magnetic material on card.
The security control module reads the magnetic
strip and acquires the pin.
The order is managed , accounting is done by
the merchant server .
Host security module checks pin inside
encrypted pin block with optional pin offset
data.
The transaction is then routed to the issuing
bank to request transaction authorization.
The transaction is accepted or declined by the
issuing bank.
The acquiring bank credits the merchant’s
account.
Closed loop Environment
for wireless
Merchant sends a transaction to the
bank.
The bank transmits the request to the
authorised card holder
The cardholder approval or rejects
(password protected)
The bank (if NO)/ merchant (if YES) is
notified.
The credit card transaction is
completed.
Types and Techniques of
Credit Card Fraud
Frauds Traditional
Modern
Types and Techniques of Credit Card Fraud
(Contd)
ID Theft is a term used to
Credit Card refer to fraud that involves
someone pretending to be
Frauds are someone else to steal
divided into two: money or get other
Sophisticated techniques
benefits.
enable criminals to produce
fake credit cards. Where an individual gives
false information about
his/her financial status to
acquire credit.
Skimming is where the
information held on either a Traditional
magnetic strip or back of a ID Theft
credit card or data stored on a
smart card on smart are copied
from one card to another.
Financial fraud
Site cloning and false merchant
site on internet are becoming a
popular method of fraud and to
Modern direct user to bogus fake sites is
called Phishing
Fraud
Chapter
2
Topic 12
Security Challenges Faced
By Mobile Phones
Different Attacks on Mobile Phones
• Loopholes in OS • Poor coding and
make inappropriate
vulnerabilities that advancement
are available to makes loopholes
attack. Merchants and bargains
attempt to tackle security.
these with
patches.
Mobile App
Os Attacks
attacks
Communicati
on Network Malware
Attack Attacks
• There has been a
• Communications
steady ascent in
for example, malware for cell
Bluetooth and Wi- phones. The
Fi associations attention is on
make gadgets erasing documents
powerless. and making chaos.
Security Challenges Faced by Mobile
Phones
• As easy as Bluetooth is to use, it can be just as easy for attackers to gain access to one’s phone
Blue and everything stored within. It’s fairly simple for a hacker to run a program to locate available
toot Bluetooth connections and Bingo – they’re in. It’s important to remember to disable the Bluetooth
h functionality when not in use.
Atta
cks
• Updates and patches designed to fix issues in mobile devices are not quite as cut and dry as with
Syst PCs. Mobile devices vendors often release updates and patches, but unfortunately carriers don’t
em always stream them due to commercial or bureaucratic reasons.
Upd
ates
• Mobile phones need good file encrypting for strong security. After all, who wants sensitive
Secu corporate data to end up in the wrong hands? Without the proper encryption, not only are personal
re documents up for grabs, but also passwords to bank, credit card and even business apps.
Data Encrypting sensitive data ensures would-be thieves gain a whole lot of nothing .
Stor
age
• Perhaps one of the best features of mobile devices is the ability to browse the web on the go, but
Mobi this also opens up the mobile phones to security risks. The problem is that users cannot see the
le whole URL or link, much less verify whether the link or URL is safe. That means that users could
Bro easily browse their way into a phishing-related attack.
wsin
g
Chapter
2
Topic 13
Registry Setting
For Mobile Logo For Windows Registry
Devices
Registry settings for mobile
devices: example
Microsoft Active Sync :
synchronize PCs and MS Outlook
Gateway between Windows-
Powered PC and Windows
mobile-Powered device
Enables transfer of Outlook
information, MS Office
documents, pictures, music,
videos and applications
Active sync can synchronize
directly with MS Exchange Sever
so that the user can keep their E-
Mails, calendar, notes and
contacts updated wirelessly.
Managing the registry setting and
configuration
If you use an Active Directory®
environment to administer the
computers in your network, Group
Policy provides a comprehensive set
of policy settings to manage
Windows® Internet Explorer® 8
after you have deployed it to your
users' computers.
Topic 14
Authentication
Service Security
Authentication
Service Security
Involves mutual authentication
between the device and the base
station/ servers. Components
Ensures that only authenticated Of Security
devices can be connected to the
network
Hence, no malicious code can
impersonate the service provider Security of Security in
to trick the device devices Network
Eminent kinds of attacks on
mobile devices
Topic 14
In Today’s World
Everyone is unaware how dangerous
Mobile Phones can be
Attacks on Mobile
Phones
Mobile
Mobile Hacking
Phone Mishing Vishing Smishing
Viruses Bluetooth
Theft
Enou
• SMS, MMS, Synchronization, bluetooth,
gh infrared(IR) and WLAN connections
conn
ectivi
ty
Mobile Viruses
40 virus families
300+ mobile viruses
identified
First mobile virus : june
2004
Spread through dominant
communication protocols
Bluetooth, MMS
Mishing
'Mishing' is a combination of the words
mobile phone and phishing.
Mishing is very similar to phishing—the
only difference is the technology.
Phishing involves the use of emails to trick
you into providing your personal details,
whereas mishing involves mobile phones.
If you use your mobile phone for
purchasing goods and services and
convenient banking, you could be more
vulnerable to a mishing scam.
Variants of
Mishing
• Mishing attacker
Smishing makes call for
phishing
• Mishing attacker
Vishing sends SMS for
phishing
Vishing
The term "vishing" is a socially
engineered technique for stealing
information or money from
consumers using the telephone
network.
Vishing is very similar to phishing—
the only difference is the technology. Voice
Vishing involves voice or telephone
services. If you use a Voice over
Internet Protocol (VoIP) phone
service, you are particularly
vulnerable to a vishing scam.
Vishing
Vishing is usually used to steal credit
card numbers or other related data
used in ID theft schemes from Phishing
individuals.
Smishing
Short for SMS Phishing, smishing is a variant of
phishing email scams that instead utilizes Short
Message Service (SMS) systems to send bogus
text messages.
Also written as Smishing, SMS phishing made
recent headlines when a vulnerability in the
iPhone's SMS text messaging system was
discovered that made smishing on the mobile
device possible.
SMS
Smishing
Phishing
Hacking
Bluetooth
Bluetooth hacking is a technique used to
get information from another Bluetooth
enabled device without any permissions
from the host.
This event takes place due to security
flaws in the Bluetooth technology.
It is also known as Bluesnarfing.
Bluetooth hacking is not limited to cell
phones, but is also used to hack PDAs,
Laptops and desktop computers.
Bluetooth hacking is illegal and can lead
to serious consequences.
Common Attacks
• Bluejacking is the sending of unsolicited messages over Bluetooth to
Bluebugging owner.
• Not only can a hacker receive calls intended for the target phone, he can
send messages, read phonebooks, and examine calendars
Topic 15
Security
Implications for
Organization
Security risks within an
organization
Processing of Physical Theft or
fraudulent damage of
transactions equipment
Unauthorized
access to data and
program files
Fraud
Fraud
Security
Risks
Unauthorized Sabotage
data access and theft
Most Common
Fraud Tactics
Entering fictitious(Fake)
transactions
Unauthorized changes to
program
Unauthorized
data access
Password protection is the most common
method of protecting corporate data .
Fraudulent transaction are often carried out by
unauthorized users who manage to gain
access to the corporate network by using the
login details of another user.
One way of achieving this is through a terminal
soof-a simple yet effective approach to finding
other user’s passwords.
Other dangers of which managers should be
aware include the Trojan horse in which code
is added to a program, which will activate
under certain condition.
Sabotage and
Theft
Another form of theft relates to
copying of programs and data in an
organization.
Theft of software is the major
problem in the pc world where
users often make illegal copies of
the programs rather than purchase
the package themselves –this
practice is known as software
piracy.
Chapter
2
Topic 16
Organizational measures for
handling Mobile, device related
security issues
Security features used to protect
mobile assets
• Whenever any cell phone is associated with an
Enforced Authentication organization’s network, user should enter
verification details.
Topic 16
Security Policy and
Measures in Mobile
Computing Era
3 Vectors of
Attacks
Damages
Microphone Tracking Taking Stealing
Recording Location Crack Stealing
Password Photos Emails Contact List
Mobile Device
Management
• Normal review ought to be done in the
Identify all mobile association to distinguish servers and
devices on the network other mobile systems to ensure that
there are no unapproved devices.