CYBER CRIMES AND

HACKING
Unit 2
Types of Threats
Malware
Denial of Service
Man in the Middle
Phishing
SQL Injection
Password Attacks
Types of Cyber Crime

Cyber crime can be defined as the

exploitation of computer networks, systems,
and technology-dependent enterprises
intentionally.

There are different types of cyber crimes that

use malicious code to modify data and gain
unauthorized access.
 Categories of Cyber Crime?
cyber stalking
Forgery
software piracy
cyber terrorism
phishing,
computer hacking
 creating and distributing viruses over internet
 spamming
 cross site scripting
 online auction fraud
 cyber-squatting
 logic bombs
 web jacking
 internet time thefts
 DoS attack, salami attack, data diddling, email spoofing.
Cyber Stalking

This kind of cybercrime involves online harassment

where the user is subjected to a pool of online

messages
and emails.
 Typically cyberstalkers use social media, websites
and search engines to intimidate a user and instill
fear.
Usually, the cyberstalker knows their victim and
makes the person feel afraid or concerned for their
safety.
Cross Site Scripting
Cross-site Scripting (XSS) is a client-side code injection
attack.
The attacker aims to execute malicious scripts in a web
browser of the victim by including malicious code in a
legitimate web page or web application.
The actual attack occurs when the victim visits the web
page or web application that executes the malicious
code.
The web page or web application becomes a vehicle to
deliver the malicious script to the user’s browser.
Vulnerable vehicles that are commonly used for Cross-
site Scripting attacks are forums, message boards, and
web pages that allow comments.
Do research on cross site scripting and submit me
assignment as a case study
Online Auction Fraud-
 Auction fraud is defined by the Internet Crime Complaint
Center as “fraud attributable to the misrepresentation of a
product advertised for sale through an Internet auction site
or the non- delivery of products purchased through an
Internet auction site.”

 Types of Internet Auction Fraud

 Overpayment fraud: The scam involves sending the seller
a counterfeit check or money order for a larger amount
than the item’s sale price.
 Non-delivery or failure to ship merchandise – This is
the simplest type of eBay fraud. A seller lists an item on
eBay or other auction site and receives payment for the
item, but then never sends it to the buyer.

 Similarly we have other types of fraud ..

 List all fraud in Assignment No:2
Cyber-Squatting
Cybersquatting, also known as domain
squatting, is the practice of registering a
domain name that resembles a well-known
organization or person without their
authorization.

 Domain registrant buys the domain in bad

faith, typically with the goal of making a
profit from the person or organization’s
goodwill or causing reputational harm to
them.

Types of cyber squatting-Assignment no 3

Logic Bombs
A logic bomb is a malicious piece of code that’s
secretly inserted into a computer network, operating
system, or software application.
It lies dormant until a specific condition occurs.
When this condition is met, the logic bomb is
triggered - devastating a system by corrupting data,
deleting files, or clearing hard drives.
Unlike viruses and worms, which can infect a system
on their own, a logic bomb is often inserted by
someone with inside knowledge of the system —
such as when a disgruntled employee embeds a logic
bomb in their company’s network.
And since they’re activated by a specific condition,
logic bombs can go undetected for long periods of
time, until they’re triggered by the coded condition.
Logic bomb examples
logic bomb example took place inside the
Siemens Corporation.
A contract employee named David Tinley
provided software to one of Siemens’s offices.
Working for Siemens for nearly a decade, he
was a trusted asset to the company, providing
spreadsheet software to manage equipment.
But at some point, Tinley planted a logic
bomb in one of the spreadsheets.
Web
 Jacking
Web jacking attack method is another type of social
engineering phishing attack where an attacker
create a fake web page of victim website and send
it to the victim.
When a victim click on that link, a message display
on the browser “the site abc.com has move on
another address, click here to go to the new
location” and if a victim does click on the link,
he/she will redirect on the fake website page where
an attacker can ask for any sensitive data such as
credit card number, username, password etc.
Web jacking attack method is one kind of trap
which is spread by the attacker to steal the
sensitive data of any people, and those people got
trapped who are not aware about cyber security.
Web Jacking Attack Method:
The first step of web jacking attack method is
to create a fake page of victim website for
example www.anywebsite.com/login.php.
The second step is to host it either on your
local computer or shared hosting.
The third step is to send the link of a fake
page to the victim.
The fourth step victim will open the link and
enter their details and submit.
Last step, you will get all the details
submitted by victim.
Internet Time Thefts
This is when employees use the internet for non-
work purposes.

They could be using it for browsing the internet,

online shopping, playing games, or spending bulks
of time on social media.

Internet time/ bandwidth theft is a crime where the

internet connection of one person (the victim) is
used by an unauthorized person (the criminal).

With the addition of smart phones and tablets, this

creates unique challenges for the employer and
often makes it difficult to detect.
A subscriber is generally billed based on the
amount of bandwidth consumed.
A criminal may be using the victims’ internet
account for free internet access, which
unknowingly is paid for by the victim.
An illegal or distasteful activities conducted
by this freeloader will now be traced back to
the victim, since his account or IP address
will be found in the activity logs.
Salami Attack, Data Diddling, Email
Spoofing.
 Salami slicing attack-
 A “salami slicing attack” or “salami fraud” is a technique by
which cyber-criminals steal money or resources a bit at a time so
that there’s no noticeable difference in overall size.
 The perpetrator gets away with these little pieces from a large
number of resources and thus accumulates a considerable
amount over a period of time
 Stealing money electronically is the most common use of the
salami slicing technique, but it’s not restricted to money
laundering.
 The salami technique can also be applied to gather little bits of
information over a period of time to deduce an overall picture of
an organisation.
 Data can be collected from web sites, advertisements, documents
collected from trash cans, and the like, gradually building up a
whole database of factual intelligence about the target.
Data Diddling
Data Diddling is unauthorized altering of data before or
during entry into a computer system, and then changing it
back after processing is done.

Using this technique, the attacker may modify the expected

output and is difficult to track.

 In it, the original information to be entered is changed,

either by a person typing in the data, a virus that’s
programmed to change the data, the programmer of the
database or application, or anyone else involved in the
process of creating, recording, encoding, examining,
checking, converting or transmitting data.
examples include forging or counterfeiting documents and
exchanging valid computer tapes or cards with prepared
replacements.
Email Spoofing
Email spoofing is a technique used in spam and phishing
attacks to trick users into thinking a message came from
a person or entity they either know or can trust.

In spoofing attacks, the sender forges email headers so

that client software displays the fraudulent sender
address

Unless user inspect the header more closely, users see

the forged sender in a message.

If it’s a name they recognize, they’re more likely to trust

it. So they’ll click malicious links, open malware
attachments, send sensitive data and even wire
corporate funds.
For example, an attacker might create an email
that looks like it comes from PayPal.
The message tells the user that their account will
be suspended if they don’t click a link,
authenticate into the site and change the
account’s password.
 If the user is successfully tricked and types in
credentials, the attacker now has credentials to
authenticate into the targeted user’s PayPal
account, potentially stealing money from the user.
Consider the following statistics:
3.1 billion domain spoofing emails are sent
per day.
More than 90% of cyber-attacks start with an
email message.
Email spoofing and phishing have had a
worldwide impact costing an estimated $26
billion since 2016.
In 2019, the FBI reported that 467,000 cyber-
attacks were successful, and 24% of them
were email-based.
The average scam tricked users out of
$75,000.