Unit-4

Tools and Methods used in

cybercrime:
 Methods used in cybercrime:
 Social Engineering
1. Phishing
2. Spear Phishing
3. Pretexting
4. Baiting
 Malware and Ransomware
1. Trojans
2. Spyware
3. Ransomware
4. Keyloggers
 Network Exploitation:
1. SQL Injection
2. Cross-Site Scripting (XSS)
3. Cross-Site Request Forgery (CSRF)
4. Denial of Service (DoS) and Distributed Denial of Service (DDoS)
 Cryptographic Attacks:
1. Brute Force Attacks
2. Dictionary Attacks
3. Man-in-the-Middle (MitM) Attacks
 Physical Attacks
1. Insider Threats
2. Dumpster Diving
3. Physical Theft

 Other Methods:
1. Business Email Compromise (BEC)
2. CEO Fraud
3. Watering Hole Attacks
 Cybercrime tools:
 Malware and Ransomware Tools
1. Ransomware kits
2. Malware builders
3. Exploit kits
 Network Exploitation Tools:
1. Nmap
2. Metasploit
3. Burp Suite
 Password Cracking and Credential Theft Tools:
1. John the Ripper
2. Aircrack-ng
3. Keylogger software

 Social Engineering and Phishing Tools:

1. Phishing kits
2. Email spoofing tools
3. Social engineering frameworks
 Cryptographic and Steganography Tools:
1. Encryption software
2. Steganography tools
3. Cryptocurrencies

 Other Tools:
1. Virtual Private Networks (VPNs)
2. Tor Browser
3. Dark web marketplaces
 Proxy server:
A proxy server is a computer system or software that acts as an intermediary
between a client device (such as a computer or smartphone) and a server on the
internet.
Types of Proxy Servers:
 Forward Proxy
 Reverse Proxy
 Transparent Proxy
 Caching Proxy
 Anonymizing Proxy
 How Proxy Servers Work:
 1. Client Request: A client sends a request to the proxy server.
 2. Proxy Server Processing: The proxy server receives the request, modifies it if
necessary, and forwards it to the destination server.
 3. Server Response: The destination server processes the request and sends a
response back to the proxy server.
 4. Proxy Server Response: The proxy server receives the response, modifies it if
necessary, and forwards it back to the client.
 Benefits of Proxy Servers:
1. Anonymity
2. Security
3. Caching
4. Content Filtering
5. Load Balancing
 Anonymizers:
 An anonymizer is a tool or service designed to conceal a user's identity, location, and online
activities from third parties, including governments, corporations, and hackers.
 Types of Anonymizers:
1. Web Anonymizers
2. Proxy Anonymizers
3. VPN Anonymizers
4. Tor Anonymizers

How Anonymizers Work:

 1. IP Address Masking: Anonymizers conceal a user's IP address, making it difficult to track
their online activities.
 2. Encryption: Anonymizers encrypt internet traffic, protecting user data from interception and
eavesdropping.
 3. Routing: Anonymizers route internet traffic through multiple servers or nodes, making it
difficult to track the user's location.
 Benefits of Anonymizers:
 1. Improved Privacy: Anonymizers protect user data and online activities from third-
party surveillance.
 2. Enhanced Security: Anonymizers encrypt internet traffic, protecting user data from
interception and eavesdropping.
 3. Access to Restricted Content: Anonymizers can bypass geo-restrictions and
censorship, allowing users to access restricted content.

 Limitations and Risks of Anonymizers:

 1. Speed and Performance: Anonymizers can slow down internet speeds and affect
performance.
 2. Security Risks: Anonymizers can introduce security risks if not properly configured
or maintained.
 3. Law Enforcement: Anonymizers can be used for illicit activities, and law
enforcement may target anonymizer users.
Popular Anonymizer Tools and Services:
 1. Tor Browser: A free, open-source browser that anonymizes internet traffic.
 2. VPN Services: Commercial VPN services like ExpressVPN, NordVPN, and
ProtonVPN.
 3. Proxy Servers: Public proxy servers like HideMyAss and (link unavailable)
 4. Anonymizer Websites: Web-based anonymizers like Anonymouse and
HideMyAss.
Password Cracking

 Objective of Password Cracking

 Discover the original password from its hashed representation.
 Common in penetration testing, digital forensics, and recovering lost
credentials.
 Why It’s Relevant
 Understanding password cracking helps in securing systems and
applications.
 Ethical hacking and improving defense mechanisms.
Basic Concepts in Password
Security
 Hashing
 Cryptographic function that converts a password into a fixed-length string.
 Popular algorithms: SHA-256, MD5, bcrypt, Argon2.
 Salting
 Adding random data before hashing to prevent identical passwords from
having the same hash.
 Increases the computational difficulty of attacks.
 Encryption vs. Hashing
 Hashing is one-way (irreversible), while encryption can be decrypted with
the correct key.
 Key Derivation Functions
 PBKDF2, scrypt, bcrypt to slow down brute force attacks.
Methods of Password
Cracking
 Brute Force Attack
 How It Works: Try every possible character combination.
 Time Complexity: Depends on password length and character set
size.
 Efficiency Considerations: Requires massive computational power
for longer passwords.
 Dictionary Attack
 How It Works: Use precompiled lists of common passwords and
variations.
 Dictionary Files: Can contain millions of common words, phrases,
and combinations.
 Performance: Much faster than brute force for weak passwords.
Rainbow Table Attacks

 What Are Rainbow Tables?

 Precomputed tables of hashed passwords for faster lookup.
 Effectively reduce the time complexity of cracking passwords by
trading off storage space.
 How They Work:
 Compare the target password hash with hashes in a precomputed
table.
 Can be avoided by salting the hashes.
 Limitations and Countermeasures:
 Salting makes rainbow tables ineffective.
 Tables can be very large, requiring substantial storage.
Advanced Cracking
Techniques
 Hybrid Attacks
 Combination of Dictionary and Brute Force.
 How It Works: Starts with dictionary words and then adds
permutations (e.g., appending numbers, symbols).
 Use Case: Cracking passwords with common patterns, such as
"password123" or "admin2023."
 Markov Chains
 Model-Based Cracking: Uses statistical analysis to model the
likelihood of character sequences.
 Benefit: More efficient than brute force when cracking passwords
with common patterns or common letter combinations.
Cracking Password Hashes

 Hashing Algorithms Overview

 MD5/SHA-1: Fast but insecure, vulnerable to collision and pre-image attacks.
 SHA-256: More secure, widely used, but still vulnerable to brute force without
salt.
 bcrypt/Argon2: Slower algorithms intentionally designed to thwart brute-force
attacks by using memory and time resources.
 Cracking Process:
 Step 1: Capture the hashed password (often through network sniffing or
database dumps).
 Step 2: Compare the hash against known hashes in a rainbow table or attempt
brute force with tools like Hashcat.
 Example:
 Hashcat and John the Ripper can exploit algorithms like bcrypt with GPU
acceleration for better performance.
Tools for Password Cracking

 Hashcat
 GPU-accelerated cracking tool.
 Supported Attacks: Brute force, dictionary, combinator, mask, and rule-
based attacks.
 Strengths: Extremely efficient, handles complex password hashes.
 John the Ripper
 Supports multiple attack modes (dictionary, brute force, hybrid).
 Feature: Cracks different types of hashes (e.g., DES, MD5, SHA1).
 Other Tools:
 Cain and Abel: Windows-based, supports network sniffing, cracking and
decoding passwords.
 Hydra: Used for brute force attacks on various network protocols (SSH, HTTP,
FTP, etc.).
Multi-Factor Authentication (MFA)
and Password Cracking Defense
 Why MFA is Critical:
 Even if passwords are cracked, MFA (e.g., OTP, biometric, or hardware
keys) adds another layer of security.
 Examples of MFA mechanisms:
 SMS/Email codes, Google Authenticator, or hardware tokens (YubiKey).
 Defending Against Password Cracking:
 Enforce Strong Password Policies: Minimum length, character
diversity, disallowing common passwords.
 Salted Password Hashes: Prevents precomputation attacks.
 Rate Limiting: Throttle or block multiple login attempts.
 Account Lockout: Temporarily lock accounts after a set number of
failed login attempts.
Password Cracking and
Ethical Hacking
 Ethical Hacking:
 Legitimate penetration testers use password cracking tools to test
the strength of an organization's defenses.
 Legal Considerations: Always ensure written permission before
conducting any password cracking activities.
 Real-World Use Cases:
 Security audits for organizations.
 Examples: Cracking weak passwords in encrypted archives (ZIP,
RAR) or testing password policies in enterprise environments.
Countermeasures & Best
Practices
 Strong Password Creation:
 Use at least 12 characters, mix upper/lowercase letters, numbers, and
symbols.
 Avoid using easily guessable information (e.g., names, dates).
 Password Managers:
 Safely store and generate strong passwords for each account.
 Regularly Update Passwords:
 Enforce policies for periodic password changes.
 Encryption and HMAC:
 Use encryption to protect stored passwords and sensitive data. Use
HMAC (Hash-based Message Authentication Code) for integrity
verification.
Keyloggers: Understanding and
Protecting Against Them
 A keylogger is a type of malicious software or hardware device
that records every keystroke made on a computer or mobile
device, often without the user’s knowledge. Keyloggers can be
used for both legitimate and illegitimate purposes. In this section,
we'll dive into what keyloggers are, how they work, how they're
used, and how to protect against them.
What is a Keylogger?

 Definition:
A keylogger is a type of surveillance software or hardware that
records all keystrokes typed on a device, typically without the
user’s knowledge.
 Types of Keyloggers:
 Software Keyloggers: Malicious programs installed on the device.
 Hardware Keyloggers: Physical devices that capture keyboard
inputs.
 Cloud-Based Keyloggers: Can record keystrokes remotely and
upload data to an attacker’s server.
How Keyloggers Work

 Software Keyloggers:
 Operate in the background of an infected system.
 Capture every keystroke typed, including passwords, emails, and personal data.
 Recording Methods:
 Monitoring system-level APIs that capture keystrokes.
 Recording inputs from hardware devices like keyboards or touchscreen events.
 Hardware Keyloggers:
 Attached between the keyboard and the computer, they intercept data as it's typed.
 Some models are small and undetectable, while others store the captured keystrokes
for later retrieval.
 Example:
 A software keylogger might run in the background on your computer without your
knowledge, silently logging everything you type, including sensitive information like
passwords or credit card numbers.
Types of Keyloggers

 Software Keyloggers:
 Rootkit-Based Keyloggers:
These hide themselves within the operating system, making detection more difficult.
 Trojan Horse Keyloggers:
Often bundled with malicious software, these keyloggers are delivered through phishing
attacks or software downloads.
 Spyware Keyloggers:
Sometimes installed alongside other spyware programs that track online activity, monitor
social media use, and log personal information.
 Keylogging Malware:
Designed specifically to capture and transmit keystrokes to a remote attacker.
 Hardware Keyloggers:
 USB Keyloggers:
Plugged in between the keyboard and the computer, these loggers capture keystrokes, even
on secure systems.
 Wireless Keyloggers:
Used on wireless keyboards, these devices capture input without a physical connection.
How Keyloggers Are Installed

•Phishing and Social Engineering:

•Attackers trick users into downloading malicious attachments or clicking on links that
lead to keylogger installation.
•Drive-by Downloads:
•Malicious websites or compromised ads can exploit vulnerabilities in browsers to
silently install keyloggers.
•Exploiting Software Vulnerabilities:
•Keyloggers can be embedded within insecure software or system vulnerabilities to
gain access without the user’s knowledge.
•Physical Installation (Hardware):
•Someone with physical access to the device can install a hardware keylogger
between the keyboard and the computer
Real-World Use Cases for
Keyloggers
 Cybercrime:
 Identity Theft: Capture sensitive data (banking details, login
credentials) for illegal use.
 Corporate Espionage: Steal trade secrets or confidential data from
a company.
 Parental Control/Employee Monitoring (Legitimate Use):
 Monitoring children’s or employees' online activities, though this
should be done transparently and ethically.
 Surveillance and Espionage:
 Governments or organizations may use keyloggers for intelligence
gathering or surveillance (often under legal frameworks).
Keylogger Detection Techniques

 Anti-virus/Anti-malware Software:
 Good antivirus tools can detect known keyloggers by checking for their signatures or suspicious
behaviors.
 Example: Kaspersky, Malwarebytes, or Windows Defender.
 Behavioral Analysis:
 Detecting unusual system activity, like excessive CPU usage, network activity, or unknown
processes running.
 Task Manager and System Monitoring:
 Review active processes in the Task Manager (Windows) or Activity Monitor (Mac) for suspicious
entries.
 Look for hidden or unrecognized applications running in the background.
 Rootkit Detection Tools:
 Use specialized tools like GMER or RootkitRevealer to check for hidden keyloggers and rootkits.
 Physical Inspection (for Hardware Keyloggers):
 Check the keyboard’s physical connection for unexpected devices or cables between the keyboard
and computer.
 Keylogger Mitigation Techniques
•Update and Patch Software Regularly:
•Ensure that your operating system and software applications are up-to-date to prevent
exploiting known vulnerabilities.
•Use Comprehensive Security Software:
•Keep antivirus software up-to-date with real-time protection enabled.
•Secure Your Network (VPN/Encryption):
•Use encryption to protect sensitive data in transit. For example, using a VPN (Virtual Private Network) will
ensure that even if a keylogger is recording your keystrokes, the data sent over the internet is encrypted.
•Hardware-Based Security (Smartcards, Key Fobs):
•Use physical authentication devices such as smartcards or USB security tokens (e.g., Yubikey) to add an
extra layer of security.
•Avoid Public Wi-Fi for Sensitive Transactions:
•Man-in-the-Middle (MITM) attacks are a risk on unsecured networks. Avoid accessing sensitive
information over public Wi-Fi.
•Use On-Screen Keyboards (for Specific Tasks):
•For extremely sensitive actions (e.g., entering banking information), use an on-screen keyboard to avoid
hardware keyloggers.
Real-Time Example of Keylogger
Detection
 Example:
 Demonstrating how a keylogger can be detected using tools like
Wireshark to track outgoing traffic or Procmon to analyze system
calls made by a suspicious process.
 Case Study:
 How an organization detected a keylogger through unusual network
traffic and behavioral analysis.
Keylogger Protection Best
Practices
 Multi-Factor Authentication (MFA):
 Even if an attacker captures your password through a keylogger, MFA
can prevent unauthorized access.
 Use Strong, Unique Passwords:
 Use long and complex passwords that are difficult for attackers to guess,
and avoid reusing passwords across multiple sites.
 Monitor Your Accounts Regularly:
 Frequently check your bank accounts, social media, and other important
services for unauthorized activity.
 Educate Users:
 Regularly train employees or family members on how to identify phishing
attacks and suspicious activity that might lead to keylogger infections.
Spyware: Understanding,
Detecting, and Preventing It
 Spyware is a type of malicious software designed to secretly
gather information about a user or organization without their
consent. It can track your browsing habits, record keystrokes,
steal sensitive data like login credentials or financial details, and
even alter system settings.
 For an advanced audience (e.g., graduate students), the focus
will be on the technical aspects of how spyware works, its impact,
methods of detection, and strategies for prevention. Here's a
structured PowerPoint outline for teaching about spyware:
What is Spyware?

 Definition:
Spyware is a type of malware that secretly collects information from a user's
device without their consent.
 Types of Data Collected:
 Personal Information: Passwords, usernames, credit card details.
 Browsing History: Websites visited, search terms, etc.
 Keystrokes: Capturing what the user types (keylogging).
 System Information: Device details, software installed, IP addresses.
 Common Examples:
 Adware: Often bundled with other software, tracking user behavior to display ads.
 Trojan Horse Spyware: Disguised as legitimate software or files.
 Browser Hijackers: Altering browser settings, redirecting searches to malicious
websites.
How Spyware Works

 Installation:
 Bundled Software: Spyware is often included in free software downloads, disguising itself as a
legitimate program.
 Phishing Attacks: Users are tricked into downloading spyware through social engineering
techniques.
 Exploiting Vulnerabilities: Spyware can be installed via security flaws in software or browsers
(drive-by downloads).
 Data Collection:
 Keyboard Monitoring (Keylogging): Logs keystrokes to capture passwords and sensitive data.
 Screen Scraping: Captures screenshots or video footage of the user’s screen.
 Tracking User Behavior: Monitors browsing activity, search queries, and even location data.
 Communication with Attacker:
 Command-and-Control Servers: Spyware sends the gathered data back to a remote server
controlled by the attacker.
 Persistence: Spyware often installs itself as a persistent background process that is difficult to
detect or remove.
Types of Spyware

 Adware:
 Displays unwanted advertisements based on browsing history and usage patterns.
 Often bundled with free software or downloads.
 Trojans/Backdoor Spyware:
 Disguised as legitimate software, allowing attackers to gain remote control and collect data.
 Often used for espionage or corporate spying.
 Browser Hijackers:
 Changes browser settings, redirects searches, and alters homepage settings to display
malicious content.
 Keyloggers:
 Records every keystroke typed, including sensitive information such as passwords and credit
card numbers.
 System Monitors:
 Monitor system activity and send information like hardware/software configurations, device
details, and network activity.
Common Infection Vectors

 Malicious Downloads:
 Downloading software, files, or applications from untrusted websites can lead to
spyware infections.
 Example: Downloading a "free" video player that comes bundled with spyware.
 Phishing Emails:
 Users are tricked into clicking on malicious links or downloading attachments
that install spyware.
 Drive-By Downloads:
 Visiting compromised or malicious websites that automatically download and
install spyware without the user’s knowledge.
 Malvertising:
 Ads on legitimate websites can contain embedded malicious scripts that install
spyware when clicked.
Real-World Examples of Spyware

 Example 1: The FinFisher Spyware

 Overview: A government-grade spyware used by law enforcement agencies for surveillance.
Targets desktops, mobile devices, and even encrypted communications.
 Usage: Often deployed through malicious email attachments or physical access.
 Impact: Extensive surveillance, tracking keystrokes, emails, and microphone activity.
 Example 2: The Gator Adware
 Overview: A notorious adware program that collects users’ browsing data to display targeted ads.
 Usage: Bundled with free software, often without clear user consent.
 Impact: Privacy violations, system slowdowns, and unwanted advertising.
 Example 3: Pegasus Spyware
 Overview: A sophisticated spyware developed by the Israeli company NSO Group, primarily
targeted at government officials, journalists, and activists.
 Usage: Often delivered through zero-click exploits in messaging apps like WhatsApp and iMessage.
 Impact: Surveillance on a device without the user’s knowledge, including reading messages,
emails, and tracking location.
Spyware Detection Methods

•Antivirus and Anti-malware Software:

•Traditional software such as Malwarebytes, Avast, Kaspersky, and Bitdefender can help detect and
remove spyware.
•Signature-Based Detection: Compares files against known spyware signatures.
•Heuristic Analysis: Identifies suspicious behavior patterns associated with spyware.
•System Monitoring Tools:
•Process Explorer: To check running processes and detect unusual activity.
•Wireshark: To monitor network traffic for data being sent to unknown remote servers.
•Manual Detection:
•Checking for suspicious processes or unknown applications in the task manager.
•Reviewing installed programs for any unfamiliar software.
•Behavioral Analysis:
•Tracking unexpected system performance drops, such as slower processing speeds or abnormal network
traffic.
Anti-Spyware Tools and
Techniques
 Antivirus Programs:
 Common Examples: Malwarebytes, Avast, Norton, McAfee.
 Best Practice: Keep these tools up-to-date for real-time protection and
scheduled scans.
 Ad-blockers and Privacy Tools:
 Browser Extensions: uBlock Origin, Privacy Badger, and Ghostery to block
adware and malicious tracking.
 Behavior-Based Detection:
 Tools like Spybot Search & Destroy or HitmanPro specialize in detecting
spyware by analyzing suspicious behavior rather than relying on signatures.
 Security Patches:
 Regularly updating operating systems, browsers, and software to patch
vulnerabilities exploited by spyware.
Preventing Spyware Infections

 Download Software from Trusted Sources:

 Always download software from official websites or trusted stores like the Apple App Store or Google Play Store.
 Be Cautious with Email Attachments and Links:
 Avoid clicking on links or downloading files from unknown or suspicious emails.
 Use tools like SpamAssassin or Gmail’s built-in filters to detect phishing attempts.
 Regularly Update Software:
 Install security patches as soon as they are available to minimize vulnerabilities.
 Use Windows Update, macOS Software Updates, or Linux’s package manager to apply patches.
 Use Firewalls and Security Software:
 Activate firewalls and use comprehensive security tools to detect and block spyware before it infects the system.
 Privacy Settings and Permissions:
 Limit the permissions granted to apps and websites.
 Disable unnecessary permissions for apps to access your camera, microphone, or location.
 Educate Users:
 Training users on safe browsing habits, recognizing phishing attempts, and the risks of downloading software from
unreliable sources.
Case Study: Spyware Attack
on a Corporation
 Scenario:
 A corporate network was infected with spyware through a phishing
email that appeared to be from a trusted vendor.
 Impact:
 Sensitive emails, internal communications, and client information were
stolen.
 The attackers used the spyware to monitor employee activities and access
financial data.
 Solution:
 Immediate isolation of affected systems, deployment of antivirus scans,
and resetting of all passwords.
 A full review of email filters and user training to prevent future phishing
attacks.