Tools and Methods

used in Cybercrime
Mrs. Prajakta Gadre
Proxy Server

A proxy server is a system or router that provides a gateway between users and the internet. Therefore, it
helps prevent cyber attackers from entering a private network.

It is a server, referred to as an “intermediary” because it goes between end-users and the web pages they
visit online.

When a computer connects to the internet, it uses an IP address. This is similar to your home’s street
address, telling incoming data where to go and marking outgoing data with a return address for other
devices to authenticate.
Anonymizers

An anonymizer is a proxy server that makes Internet activity untraceable. An anonymizer protects personally
identifying information by hiding private information on the user’s behalf.

When users anonymize their personal electronic identification information it can enable:

● Risk minimization
● Taboo electronic communications
● Identity theft prevention
● Protection of search history
● Avoidance of legal and/or social consequences

An anonymizer may also be known as anonymous proxy.

Phishing

● Phishing-1996
● Phishing is an attack using mail programs to cheat internet users
and disclosing confidential information that can be used for illegal
purpose.
● Phishing is the most common type of social engineering, which is a general
term describing attempts to manipulate or trick computer users.
● Social engineering is an increasingly common threat vector used in almost all
security incidents.
● Social engineering attacks, like phishing, are often combined with other
threats, such as malware, code injection, and network attacks.
How does phishing work?

● Planning
● Setup
● Attack
● Collection
● Identity theft and fraud
Phishing Techniques
Spear Phishing: Spear phishing attacks are targeted to a particular individual or
small group.
Vishing: Vishing or “voice phishing” is a phishing attack performed over the phone. I
Smishing: Smishing is a phishing attack performed using SMS text messages.
Whaling: Whaling attacks are a particular type of spear phishing attack focused on
high-level executives.
Clone Phishing: Clone phishing involves sending a user a phishing email that mimics
an email that they have previously received.
SEO Poisoning: Some phishing attacks direct users to malicious websites by
manipulating the output of common searches.
Business Email Compromise (BEC): BEC attacks — also known as CEO fraud —
involve the attacker impersonating the CEO or a high-level executive. The attacker
then instructs another employee to take some action, such as sending money to
the attacker’s bank account.
Spam: Spam includes unwanted emails that are designed to steal money or sensitive
data from their target.
Password cracking

● Password cracking (also called password hacking) is an attack vector that

involves hackers attempting to crack or determine a password for
unauthorized authentication. Password hacking uses a variety of
programmatic techniques, manual steps, and automation using specialized
tools to compromise a password.

● A password can refer to any string of characters or secret used to

authenticate an authorized user to a resource. Passwords are typically paired
with a username or other mechanism to provide proof of identity. This
combination is referred to as credentials.
Password cracking attacks
● Active online attack
○ Dictionary attack
○ Brute forcing attack
○ Rule based attack
○ Password guessing
○ Trojan
● Passive online attacks
○ Wire sniffing
○ Man in the Middle
○ replay
● Offline attacks
○ Pre computed Hashes- Rainbow Table
○ Distributed network
● Non electronic attacks
○ Shoulder surfing
○ Social engineering
○ Dumpster Diving
Password Guidelines

At least 8 characters—the longer, the better

A mixture of both uppercase and lowercase letters
A mixture of letters and numbers
Inclusion of at least one special character, e.g., ! @ # ? ]
Change it regularly—once every three to six months
Change it if you have the slightest suspicion that your password has become known by a human or a machine
Never reuse it for accounts on other websites
Never save it in a web form on a computer that you do not control or that is used by more than one person
Never share it with anyone
Never write it down
Examples:In the dog house becomes !nTh3dawgHs
Let’s have dinner at 8:00 p.m. becomes Lhd@800pm
Keyloggers

A keylogger or keystroke logger/keyboard capturing is a form of malware or hardware that keeps

track of and records your keystrokes as you type.

It takes the information and sends it to a hacker using a command-and-control (C&C) server.

The hacker then analyzes the keystrokes to locate usernames and passwords and uses them to
hack into otherwise secure systems.

It’s important to protect yourself from keylogger attacks used by malicious users. Because
keyloggers can record and quickly identify sensitive information, they are a significant threat to
cybersecurity.
 Methods of Keyloggers
Software keyloggers
Software keyloggers consist of applications that have to be
installed on a computer to steal keystroke data. They are the
most common method hackers use to access a user’s
keystrokes.

Hardware keyloggers
A hardware keylogger works much like its software
counterpart. The biggest difference is hardware keyloggers
have to be physically connected to the target computer to
record the user's keystrokes.
Anti Keylogger

● An anti keylogger is a type of software specifically designed to

detect keylogger installed on the system.
● It will delete or disable hidden keystroke logger software
● Advantages:
○ Firewall cannot detect
○ Does not require regular updates
○ Prevents internet banking frauds
○ It secures Email and instant messaging
Spywares

Spyware is a type of software that unethically without proper permissions or

authorization steals a user’s personal or business information and sends it to a third
party

Spywares perform the function of maliciously tracking a user’s activity, having access
to data, or even resulting in the crashing of the computer/ laptop system. Spyware in
many cases runs as a background process and slows down the normal functioning of
the computer system.
Types of spyware
● Adware: It is a type of Spyware that keeps track of the user’s activity and gives advertisements based
on the tracked activity of the user.
● Tracking Cookies: It is a type of Spyware that tracks a user’s activity and supplies the same to third
parties.
● Trojans: It is a type of Spyware that is the most dangerous. It aims to steal confidential user
information such as bank details, passwords and transfers it to a third party to perform illegal
transactions or frauds.
● Keyloggers: It is a type of Spyware that keeps a track of all the keystrokes that the user enters
through the keyboard. It is dangerous as it contributes bro cyber fraud where sensitive passwords can
be stolen by keeping an eye on the user who entered the information.
● Stalkerware: It is a type of Spyware that is installed on mobile phones to stalk the user. It tracks the
movement of the user and sends the same to the third party.
● System Monitor: It is a type of Spyware that monitors and keep a track of the entire system including
Prevention

● Installing Antivirus/ Antispyware

● Beware of Cookie Settings
● Beware of the Pop-ups on Websites
● Never Install Free Software
● Always read Terms & Conditions
Virus

A computer virus is a program that spreads by first infecting files or the system areas of
a computer or network router's hard drive and then making copies of itself. Some
viruses are harmless, others may damage data files, and some may destroy files.

A virus is simply a computer program--it can do anything that any other program you run on
your computer can do. Some viruses are designed to deliberately damage files, and others
may just spread to other computers.
Types of Viruses
Worms

A worm virus refers to a malicious program that replicates itself, automatically spreading through a
network.

The worm virus exploits vulnerabilities in your security software to steal sensitive information, install
backdoors that can be used to access the system, corrupt files, and do other kinds of harm.

● Classification of worms
○ Email-Worm
○ IM-Worm-Instant Messenger
○ IRC-Worm-Internet Relay Chat (IRC)
○ Net-Worm
○ P2P-Worm
Difference
Trojan Horses

It is a code that is malicious in nature and has the capacity to take control of the computer. It is designed to steal, damage, or do
some harmful actions on the computer.
Features of Trojan Horse
● It steals information like a password and more.
● It can be used to allow remote access to a computer.
● It can be used to delete data and more on the user’s computers.
The most basic prevention method: –

● Do not download anything like the images, and audios from an unsecured website.
● Do not click on the ads that pop up on the page with advertisements for online games.
● Do not open any attachment that has been sent from an unknown use.
● The user has to install the anti-virus program. This anti-virus program has the capacity to detect those files which are
affected by a virus.
Some Examples

● erase, overwrite or corrupt data

● Spread another malware
● Deactivate anti virus
● Displays fake websites
● Disable the control panel
● Slow down, restart or shutdown the system
Backdoors

Backdoors allow the attackers to quietly get into the system by deceiving the security
protocols and gain administrative access.

It is similar to the real-life robbery in which burglars take advantage of the loopholes in a
house and get a 'backdoor' entry for conducting the theft.

the cyber attackers could perform various horrendous tasks like injecting spyware, gaining remote
access, hack the device, steal sensitive information, encrypt the system through ransomware, and
many more.

Backdoors are originally meant for helping software developers and testers, so they are not
always bad.
Prevention

1. Change the Default Password

2. Monitor Network
3. Keep Firewall ON
4. Stay away from malicious website
Steganography

Steganography is the practice of concealing information within another message or physical

object to avoid detection. Steganography can be used to hide virtually any type of digital
content, including text, image, video, or audio content. That hidden data is then extracted at its
destination.

Steganography can involve the use of any medium to hide messages.

Data hiding, information hiding and digital watermarking.

Digital watermarking is the process of possibly irreversibly embedding information into a digital
signal.
Types of Steganography
Types of Steganography

Text steganography − It includes hiding data within the text files. In this approach, the secret information is
hidden behind each nth letter of each words of text message. Numbers of approaches are available for hiding
information in text file.

Image steganography − It can hiding the information by taking the cover object as image is defined as image
steganography. In image steganography, pixel intensities are used to conceal the data.

Audio steganography − Audio Steganography is the technology of embedding information in an audio channel. It
can be used for digital copyright security.

Watermarking is an approach which hides one piece of information [message] in another element of information
[carrier]. It is generally used for applications including audio clip etc.
Types of Steganography

Video steganography − It is an approach of concealing some kind of documents or information into computer
video format. In this method, video (set of pictures) can be used as carrier for hiding the information.

Generally discrete cosine transform (DCT) insert the values (such as 8.667 to 9) which can be utilized to conceal the
data in each of the images in the video, which is unnoticeable by the human eye. H.264, Mp4, MPEG, AVI are the
layout used by video steganography.

Network or protocol steganography − It includes hiding the information by creating the network protocol
including TCP, UDP, ICMP, IP etc. as cover object. In the OSI layer network model there happen covert channels where
steganography can be utilized.
Stagnanalysis

Steganalysis is the technology that tries to

defeat steganography by detecting the
hidden data and extracting or destroying
it.

Steganalysis is the procedure of detecting

steganography by viewing at variances
between bit patterns and unusually high
file sizes.

It is the art of finding and rendering

meaningless covert messages.
DoS Attacks

● A denial-of-service (DoS) attack is a type of cyber attack in which a malicious

actor aims to render a computer or other device unavailable to its intended
users by interrupting the device's normal functioning.
● In this an attack, where a computer sends a massive amount of traffic to a
victim’s computer.
● The attacker spoofs the IP address and floods the network of the victim with
repeated requests.
● In a DoS attack, rapid and continuous online requests are sent to a target server
to overload the server’s bandwidth.
Levels of Dos attacks

● Buffer overflow attack

● Flood attack
● Ping of Death attacks
● SYN attack
● Teardrop Attack
Classification of DoS Attacks

● Bandwidth attacks
● Logic attacks
● Protocol attacks
● Unintentional attacks
DDoS

A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the

normal traffic of a targeted server, service or network by overwhelming the target or
its surrounding infrastructure with a flood of Internet traffic.

a DDoS attack is like an unexpected traffic jam clogging up the highway, preventing
regular traffic from arriving at its destination.
Botnet

A botnet refers to a group of

computers which have been
infected by malware and have
come under the control of a
malicious actor.
Types of DDoS attacks
Protection from Dos/DDoS

● Router filters
● Disable unused network services
● Examine physical security
● Use tool to detect configuration change
● Regular backup schedule
● Password policies
SQL Injection

SQL injection (SQLi) is a web security vulnerability that allows an attacker to interfere with the
queries that an application makes to its database. This can allow an attacker to view data that
they are not normally able to retrieve.

A successful SQL injection attack can result in unauthorized access to sensitive data,
such as:

● Passwords.
● Credit card details.
● Personal user information.
Prevention from SQL Injection

1. Use prepared queries

2. Escape all user input
3. Use stored procedures
4. Apply least privilege
5. Isolate database server with web server.
Questions

1. Define Denial of Service(DoS)attack.

2. Define Virus. Explain its types
3. How can be keyloggers used to commit a cybercrime?
4. What is proxy server? Also mention purpose of proxy server.
5. Explain the functions of backdoor.
6. What is SQL Injection?
7. Explain difference between Trojan Horse and Backdoors.
8. What is Steganography and explain its types.
9. What is Phishing?
10.What is Distributed Denial of Service attack(DDoS)?
Questions

Define :

1. Rainbow table
2. Anti Keylogger
3. Stagnanalysis
4. Anonymizers
5. spyware