SlideShare a Scribd company logo

M1-02-HowCriminalsPlan.pdf

Shylesh BC, profile picture
Shylesh BC

Criminals carefully plan cyberattacks by first gathering information through passive reconnaissance like online searches. They then actively scan systems to confirm details and identify vulnerabilities. Next, criminals scrutinize the information to enumerate valid user accounts and network resources. Finally, they launch attacks by cracking passwords, exploiting systems, installing malware, and hiding their activities. Cybercafes present risks as criminals frequently use their computers that often have outdated security, allowing attacks without detection. Regulations and monitoring of cybercafes are needed to reduce their potential for cybercrimes.

Engineering
1 of 48
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
Most read
14
15
16
Most read
17
Most read
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
Introduction to Cybercrime and Laws Module 1 Chapter 2
How Criminals Plan Them ● Introduction ● How Criminals Plan the Attacks ● Cybercafé and Cybercrimes ● Botnets ● Attack Vector
Introduction ● Criminals use many methods and tools to locate the vulnerabilities of their target. ● The target can be an individual and/or an organization. ● Criminals plan passive and active attacks. – Active attacks are usually used to alter the system, whereas passive attacks attempt to gain information about the target. – Active attacks may affect the availability, integrity and authenticity of data whereas passive attacks lead to breaches of confidentiality.
Introduction ● In addition to the active and passive categories, attacks can be categorized as either inside or outside. ● An attack originating and/or attempted within the security, perimeter of an organization is an inside attack. – it is usually attempted by an "insider" who gains access to more resources. than expected. ● An outside attack is attempted by a source outside the security perimeter, – maybe attempted by an insider and/or an outsider, who is indirectly associated with the organization, – it is attempted through the Internet or a remote access connection.
Categories of Cybercrime ● Cyber crime or Cyber attacks are categorized into five types, it can be categorized based on some factors. – Target of the crime – Whether crime require series of events or perform in single events. ● Cyber Attack Meaning : Attack in which Cyber criminals can be targeted against person, property or organization include government, business and social.
Categories of Cybercrime ● Crime Targeted to Person (individual) ● Crime Targeted at Assets ● Cyber Crime Against Organization ● Cyber attacks using single event ● Cyber attacks considering series of event
Crime Targeted to Person (individual) ● The cyber criminals exploit human weakness such as avidity and innocence. ● This kind of cyber-attack include financial frauds, copyright violation, harassment, sale of stolen or non–existing items etc. ● Latest technology development and growth of internet, cyber criminals have a new attacking tools that make them to expand group of potential victim.
Crime Targeted at Assets ● In this kind of crime include stealing property such as mobile devices, laptop, pen drive, CD, DVD, iPad etc. ● Sometime attacker may insert harmful program such as Trojan virus and disturbed function of hard disk and pen drive. ● Shortcut virus is one type of Trojan used to steal information from computer.
Cyber Crime Against Organization ● Cyber attacks perform against organization is also called as Cyber terrorism. ● Cyber attackers use computer and internet to perform Cyber terrorism, by stealing private information or destroying valuable files, damaging programs file or taking control of network system. ● It’s like cyber attacks on banks.
Cyber attacks using single event ● This type of Cyber attacks perform in single event from victim point of view. ● For example, mistakenly open email may contain virus. ● Representation of incorrect website called as phishing and steal valuable financial information. ● This kind of attack is also called as hacking or online fraud.
Cyber attacks considering series of event ● Sometime attacker perform series of event to track victim, interacting with victim. ● For example attacker perform communication with victim using phone or chat room establish connection with victim and then explore or steel valuable information. ● Nowadays this kind of attack getting viral so be aware before accepting friend request in Facebook or Whatsapp.
How Criminals Plan the Attacks
The following phases are involved in planning cybercrime ● Reconnaissance (information gathering) is the first phase and is treated as passive attacks. ● Scanning and scrutinizing the gathered information for the validity of the information as well as to identify the existing vulnerabilities. ● Launching an attack (gaining and maintaining the system access).
Reconnaissance ● The literal meaning of "Reconnaissance" is an act of reconnoitering- explore, often with the goal of finding something or somebody (especially to gain information about an enemy or potential enemy). ● In the world of "hacking," reconnaissance phase begins with "Footprinting" - this is the preparation toward preattack phase, and involves accumulating data about the target's environment and computer architecture to find ways to intrude into that environment. ● Footprinting gives an overview about system vulnerabilities and provides a judgment about possible exploitation of those vulnerabilities.
Reconnaissance ● The objective of this preparatory phase is to understand the system, its networking ports and services, and any other aspects of its security that are needful for launching the attack. ● Thus, an attacker attempts to gather information in two phases: passive and active attacks.
Passive Attacks ● A passive attack involves gathering information about a target without his/her (individual's or company's) knowledge. ● It can be as simple as watching a building to identify what time employees enter the building's premises. ● However, it is usually done using Internet searches or by Googling (i,e., searching the required information with the help of search engine Google) an individual or company to gain information.
Passive Attacks ● Google or Yahoo search: People search to locate information about employees. ● Surfing online community groups like Orkut/Facebook will prove useful to gain the information about an individual. ● Organization's website may provide a personnel directory or information about key employees, for example, contact details, E- Mail address, etc. These can be used in a social engineering attack to reach the target. ● Blogs, newsgroups, press releases, etc. are generally used as the mediums to gain information about the company or employees. ● Going through the job postings in particular job profiles for technical persons can provide information about type of technology, that is, servers or infrastructure devices a company maybe using on its network. ●
Active Attacks ● An active attack involves probing the network to discover individual hosts to confirm the information (IP addresses, operating system type and version, and services on the network) gathered in the passive attack, phase. ● It involves the risk of detection and is also called "Rattling the doorknobs" or "Active reconnaissance." ● Active reconnaissance can provide confirmation to an attacker about security measures in place, but the process can also increase the chance of being caught or raise suspicion.
Scanning and Scrutinizing Gathered Information ● Scanning is a key step to examine intelligently while gathering information about the target. The objectives of scanning are as follows: – Port scanning: Identify open/close ports and services. – Network scanning: Understand IP Addresses and related information about the computer network systems. – Vulnerability scanning: Understand the existing weaknesses in the system.
Scanning and Scrutinizing Gathered Information ● The scrutinizing phase is always called "enumeration" in the hacking world. The objective behind this step is to identify: – The valid user accounts or groups; – Network resources and/or shared resources – OS and different applications that are running on the OS.
Attack (Gaining and Maintaining the System Access) ● After the scanning and enumeration, the attack is launched using the following steps: – Crack the password – Exploit the password – Execute the malicious command/applications – Hide the files (if required) – Cover the tracks - delete the access logs, so that there is no trail illicit activity. ●
Cybercafe and Cybercrimes ● Cybercriminals prefer cybercafes to carry out their activities. ● The criminals tend to identify one particular personal computer PC to prepare it for their use. ● Cybercriminals will visit these cafes at a particular time and on the prescribed frequency, maybe alternate day or twice a week.
A recent survey conducted in one of the metropolitan cities in India reveals the following facts, ● Pirated software(s) such as OS, browser, office automation software(s) (e.g., Microsoft Office) are installed in all the computers. ● Antivirus software is found to be not updated to the latest patch and/or antivirus signature. ● Several cybercafes had installed the software called "Deep Freeze" for protecting the computers from prospective malware attacks. ● Annual maintenance contract (AMC) found to be not in a place for servicing the computers; hence, hard disks for all the computers are not formatted unless the computer is down. ● Not having the AMC is a risk from cybercrime perspective because a cybercriminal can install a Malicious Code on a computer and conduct criminal activities without any interruption.
A recent survey conducted in one of the metropolitan cities in India reveals the following facts, ● Pornographic websites and other similar websites with indecent contents are not blocked. ● Cybercafe owners have very less awareness about IT Security and IT Governance. ● Government/ISPs/State Police (cyber cell wing) do not seem to provide IT Governance guidelines to cybercafe owners. ● Cybercafe association or State Police (cyber cell wing) do not seem to conduct periodic visits to cybercafes - one of the cybercafe owners whom we interviewed expressed a view that the police will not visit a cybercafe unless criminal activity is registered by fling an First Information Report (FIR). ● Cybercafe owners feel that police either have a very little knowledge about the technical aspects, involved in cybercrimes and/or about conceptual understanding of IT security. ●
● There are thousands of cybercafes across India. ● In the event that a central agency takes up the responsibility for monitoring cybercafes, an individual should take care while visiting and/or operating from cybercafe.
Here are a few tips for safety and security while using the computer in a cybercafe: ● Always logout: While checking E-Mails or logging into chatting services such as instant messaging or using any other service that requires a username and a password, always click "logout" or sign out" before leaving the system. – Simply closing the browser window is not enough, because if somebody uses the same service after you then one can get an easy access to your account. – However, do not save your login information through options that allow automatic login. Disable such options before logon. ● Stay with the computer: While surfing/browsing, one should not leave the system unattended for any period of time. – If one has to go out, logout and close all browser windows.
Here are a few tips for safety and security while using the computer in a cybercafe: ● Clear history and temporary files: Internet Explorer saves pages that you have visited in the history folder and in temporary Internet files. Your passwords may also be stored in the browser if that option has been enabled on the computer that you have used.Therefore, before you begin browsing, do the following in case of the browser Internet Explorer: – Go to Tools →Internet options → click the Content tab → click Auto Complete. If the checkboxes for passwords are selected, deselect them. Click OK twice. – After you have finished browsing, you should clear the history and temporary Internet files folders. For this, go to Tools →Internet options again → click the General tab → go to Temporary Internet Files →click Delete Files and then click Delete Cookies. – Then, under history, click clear history. Wait for the process to finish before leaving the computer.
Here are a few tips for safety and security while using the computer in a cybercafe: ● Be alert: One should have to stay alert and aware of the surroundings while using a public computer. Snooping over the shoulder is an easy way of getting your username and password. ● Avoid online financial transactions: Ideally one should avoid online banking, shopping or other transactions that require one to provide personal, confidential and sensitive information such as credit card or bank account details. In case of urgency one has to do it; however, one should take the precaution of changing all the passwords as soon as possible. One should change the passwords using a more trusted computer, such as at home and/or in office. ● Change password ● Virtual keyboard: Nowadays almost every bank has provided the virtual keyboard on their website. ● Security warnings: One should take utmost care while accessing the websites of any banks/financial institution.
How to be safe ● Individual should take care while accessing computers in public places, that is, accessing the Internet in public places such as hotels, libraries and holiday resorts. ● Moreover, one should not forget that whatever is applicable for cybercafes (i.e., from information security perspective) is also true in the case of all other all public places where the Internet is made available. ● Hence, one should follow all tips about safety and security while operating the systems from these facilities.
Botnets: The Fuel for Cybercrime ● The dictionary meaning of Bot is (computing) an automated program for doing some particular task, often over a network. ● Botnet is a term used for collection of software robots, or Bots, that run autonomously and automatically. ● The term is often associated with malicious software but can also refer to the network of computers using distributed computing software.
Botnets: The Fuel for Cybercrime ● In simple terms, a Bot is simply an automated computer program. One can gain the control of your computer by infecting them with a virus or other Malicious Code that gives the access. ● Your computer system maybe a part of a Botnet even though it appears to be operating normally. ● Botnets are often used to conduct a range of activities, from distributing Spam and viruses to conducting denial-of-service (DoS) attacks.
Botnets: The Fuel for Cybercrime ● A Botnet (also called as zombie network) is a network of computers infected with a malicious program that allows cybercriminals to control the infected machines remotely without the users' knowledge. "Zombie networks" have become of income for entire groups of cybercriminals. ● The invariably low cost of maintaining a Botnet and the ever diminishing degree of knowledge require to manage one are conducive to the growth in popularity and, consequently, the number of Botnets.
Botnets: The Fuel for Cybercrime ● If someone wants to start a "business" and has no programming skills, there are plenty of "Bot for sale” offers on forums. ● Obfuscation and encryption of these programs' code can also be ordered in the same way to protect them from detection by antivirus tools. Another option is to steal an existing Botnet.
Figure below explains how Botnets create business.
One can reduce the chances of becoming part of a Bot by limiting access into the system. Leaving your Internet connection ON and unprotected is just like leaving the front door of the house wide open. ● One can ensure following to secure the system: – Use antivirus and anti-Spyware software and keep it up-to-date. – Set the OS to download and install security patches automatically. – Use a firewall to protect the system, from hacking attacks while it is connected on the Internet. – Disconnect from the Internet. when you are away from your computer. – Downloading the freeware only from websites that are known and trustworthy. – Check regularly the folders in the mail box- "sent items" or "outgoing"-for those messages, you did not send. – Take an immediate action if your system is infected.
● Use antivirus and anti-Spyware software and keep it up-to-date: It is important to remove and/or quarantine the viruses. The settings of these softwares should be done during the installations so that these softwares get updated automatically on a daily basis. ● Set the OS to download and install security patches automatically: OS companies issue the security patches for flaws that are found in these systems.
● Use a firewall to protect the system, from hacking attacks while it is connected on the Internet: A firewall is a software and/or hardware that is designed to block unauthorized access while permitting authorized communications. – It is a device or set of devices configured to permit, deny, encrypt, decrypt, or proxy all (in and out) computer traffic between different security domains based upon a set of rules and other criteria. – A firewall is different from antivirus protection. – Antivirus software scans incoming communications and files for troublesome viruses vis-a-vis properly configured firewall that helps to block all incoming communications from unauthorized sources.
● Disconnect from the Internet. when you are away from your computer: Attackers cannot get into the system when the system is disconnected from the Internet. – Firewall, antivirus, and anti-Spyware softwares are not foolproof mechanisms to get access to the system. ● Downloading the freeware only from websites that are known and trustworthy: It is always appealing to download free software(s) such as games, file- sharing programs, customized toolbars, etc. – However, one should remember that many free software(s) contain other software, which may include Spyware.
● Check regularly the folders in the mail box- "sent items" or "outgoing"-for those messages, you did not send: If you do find such messages in your outbox, it is a sign that your system may have infected with Spyware, and maybe a part of a Botnet. – This is not foolproof; many spammers have learned to hide their unauthorized access. ● Take an immediate action if your system is infected: If your system is found to be infected by a virus, disconnect it from the Internet immediately. – Then scan the entire system with fully updated antivirus, and anti- Spyware software. Report the unauthorized accesses to ISP and to the legal authorities. – There is a possibility that your passwords may have been compromised in such cases, so change all the passwords immediately.
Attack Vector ● An "attack vector" is a path or means by which an attacker can gain access to a computer or to a network server to deliver a payload or malicious outcome. ● Attack vectors enable attackers to exploit system vulnerabilities, including the human element. ● Attack vectors include viruses, E-Mail attachments, webpages, pop-up windows, instant messages, chat rooms, and deception.
Attack Vector ● All of these methods involve programming (or, in a few cases, hardware), except deception, in which a human operator is fooled into removing or weakening system defenses. ● To some extent, firewalls and antivirus software can block attack vectors. However, no protection method is totally attack-proof. ● A defense method that is effective today may not remain so for long because attackers are constantly updating attack vectors, and seeking new ones, in their quest to gain unauthorized access to computers and servers.
Attack Vector ● The most common malicious payloads are viruses (which can function as their own attack vectors), Trojan Horses, worms, and Spyware. ● If an attack vector is thought of as a guided missile, its payload can be compared to the warhead in the tip of the missile. ● In the technical terms, payload is the necessary data being carried within a packet or other transmission unit - in this scenario (i.e., attack vector) payload means the malicious activity that the attack performs.
Attack Vector ● From the technical perspective, payload does not include the "overhead" "data required to get the packet to its destination. ● Payload may depend on the following point of view: "What constitutes it?" To a communications layer that needs some of the overhead data to do its job, the payload is sometimes considered to include that part of the overhead data that this layer handles. ● However, in more general usage, the payload is the bits that get delivered to the end-user at the destination.
How attack vectors are launched The attack vectors described here are how most of them are launched. – Attack by E-Mail – Attachments (and other files) – Attack by deception – Hackers – Heedless guests (attack by webpage) – Attack of the worms – Malicious macros – Foistware (sneakware): – Viruses
● Attack by E-Mail: The hostile content is either embedded in the message or linked to by the message. Sometimes attacks combine the two vectors, so that if the message does not get you, the attachment will. Spam is almost always carrier for scams, fraud, dirty tricks, or malicious action of some kind. Any link that offers something "free" or tempting is a suspect. ● Attachments (and other files): Malicious attachments install malicious computer code. The code could be a virus, Trojan Horse, Spyware, or any other kind of malware. Attachments attempt to install their payload as soon as you open them. ● Attack by deception: Deception is aimed at the user/operator as a vulnerable entry point, It is not just malicious computer code that one needs to monitor. Fraud, scams, hoaxes, and to some extent Spam, not to mention viruses, worms and such require the unwitting cooperation of the computer's operator to succeed. Social engineering and hoaxes are other forms of deception that are often an attack vector too.
● Hackers: Hackers/crackers are a formidable attack vector because, unlike ordinary Malicious Code, people are flexible and they can improvise. Hackers/crackers use a variety of hacking tools, heuristics,and social engineering to gain access to computers and online accounts. They often install a Trojan Horse to commandeer the computer for their own use. ● Heedless guests (attack by webpage): Counterfeit websites are used to extract personal information. Such websites look very, much like genuine websites they imitate. One may think he/she is doing business with someone you trust. However, he/she is really giving their personal information, like address, credit card number, and expiration date. They are often used in conjunction with Spam, which gets you there in the first place. Pop-up webpages may install Spyware, Adware or Trojans. ● Attack of the worms: Many worms are delivered as E-Mail attachments, but Network worms use holes in network protocols directly. Any remote access service, like file sharing, is likely to be vulnerable to this sort of worm. In most cases, a firewall will block system worms. Many of these system worms install Trojan Horses. Next they begin scanning the Internet from the computer they have just infected, and start looking for other computers to infect. If the worm is successful, it propagates rapidly. The worm owner soon has thousands of "zombie" computers to use for more mischief.
● Malicious macros: Microsoft Word and Microsoft Excel are some of the examples that allow macros. A macro does something like automating a spreadsheet, for example. Macros can also be used for malicious purposes. All Internet services like instant messaging, Internet Relay Chart (IRC), and P2P file-sharing networks rely on cozy connections between the computer and the other computers on the Internet. If one is using P2P software then his/her system is more vulnerable to hostile exploits. ● Foistware (sneakware): Foistware is the software that adds hidden components to the system on the sly. Spyware is the most common form of foistware. Foistware is quasi-legal software bundled with some attractive software. Sneak software often hijacks your browser and diverts you to some "revenue opportunity" that the foistware has set up. ● Viruses: These are malicious computer codes that hitch a ride and make the payload. Nowadays, virus vectors include E-Mail attachments, downloaded files, worms, etc.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License. It makes use of the works of Kelly Loves Whales and Nick Merritt.

More Related Content

PPTX
Chapter 1_Cyber Security.pptx
PrinceKumar851167
 
PPTX
Different types of attacks in internet
Rohan Bharadwaj
 
PPTX
CS_UNIT 2(P3).pptx
GaytriDhingra1
 
PPTX
E mail Investigation
Dr Raghu Khimani
 
PPTX
Computer Virus ppt.pptx
PragatiKachhi1
 
PPTX
Denial of service attack
Ahmed Ghazey
 
PPTX
Penetration testing
PTC
 
PPT
Computer Worms
sadique_ghitm
 
Chapter 1_Cyber Security.pptx
PrinceKumar851167
 
Different types of attacks in internet
Rohan Bharadwaj
 
CS_UNIT 2(P3).pptx
GaytriDhingra1
 
E mail Investigation
Dr Raghu Khimani
 
Computer Virus ppt.pptx
PragatiKachhi1
 
Denial of service attack
Ahmed Ghazey
 
Penetration testing
PTC
 
Computer Worms
sadique_ghitm
 

What's hot (20)

PPT
Cybercrime and security
Shishupal Nagar
 
PPTX
Chapter 3_Cyber Security-ccdf.pptx
1SI19IS064TEJASS
 
PDF
Network Security Fundamentals
Rahmat Suhatman
 
DOCX
Computer security and privacy
eiramespi07
 
PPT
Cryptography
Suhepi Saputri
 
PPTX
Cyber Crime
Avinash Rajput
 
PPTX
Network security
quest university nawabshah
 
PPTX
Cybercrime
SERCOD
 
PPTX
Denial of service
garishma bhatia
 
PPTX
computer forensic tools-Hardware & Software tools
N.Jagadish Kumar
 
PDF
Web Application Penetration Testing
Priyanka Aash
 
PPT
Malware Detection using Machine Learning
Cysinfo Cyber Security Community
 
PPTX
Man in The Middle Attack
Deepak Upadhyay
 
PPTX
Types of cyber attacks
krishh sivakrishna
 
PPTX
ETHICAL HACKING.pptx
ethicalhackerhub
 
PPTX
MALWARE
Anupam Das
 
PDF
Hunting for Credentials Dumping in Windows Environment
Teymur Kheirkhabarov
 
PPTX
Cyber security
Komal Samdariya
 
PPTX
Password Cracking
Sina Manavi
 
PPT
Web Hacking
Information Technology
 
Cybercrime and security
Shishupal Nagar
 
Chapter 3_Cyber Security-ccdf.pptx
1SI19IS064TEJASS
 
Network Security Fundamentals
Rahmat Suhatman
 
Computer security and privacy
eiramespi07
 
Cryptography
Suhepi Saputri
 
Cyber Crime
Avinash Rajput
 
Network security
quest university nawabshah
 
Cybercrime
SERCOD
 
Denial of service
garishma bhatia
 
computer forensic tools-Hardware & Software tools
N.Jagadish Kumar
 
Web Application Penetration Testing
Priyanka Aash
 
Malware Detection using Machine Learning
Cysinfo Cyber Security Community
 
Man in The Middle Attack
Deepak Upadhyay
 
Types of cyber attacks
krishh sivakrishna
 
ETHICAL HACKING.pptx
ethicalhackerhub
 
MALWARE
Anupam Das
 
Hunting for Credentials Dumping in Windows Environment
Teymur Kheirkhabarov
 
Cyber security
Komal Samdariya
 
Password Cracking
Sina Manavi
 
Web Hacking
Information Technology
 
Ad

Similar to M1-02-HowCriminalsPlan.pdf (20)

PDF
Unit 5_Social Engineering and Cyberstalking.pdf
KanchanPatil34
 
ODP
Ethical hacking ppt
himanshujoshi238
 
PPTX
Module 2_ Cyber offenses & Cybercrimes(Updated).pptx
placementstwc
 
PPTX
Information Security
UmangThakkar26
 
PPTX
Web hacking 1.0
Q Fadlan
 
PPT
unit 2. cyber offences_how criminals plan them.ppt
Dimple Relekar
 
PPTX
cyber ppt all topic are covered.pptx
VeerKumar57
 
PPTX
Access Control - Week 4
jemtallon
 
PDF
Hacking and protecting yourself from hackers .
Preethi T G
 
PPTX
cyber security module 2 ppt of first year
MayuraD1
 
PPTX
Introduction ethical hacking
Vishal Kumar
 
PPTX
Module 1- Introduction to Cybercrime.pptx
nikshaikh786
 
PPTX
UNIT-II Footprinting.pptx • Web applications can be exploited to gain unautho...
ssuserf8636d
 
PPTX
chp .4.Ethics and Safety in computing
VanitaGuntuka
 
PPT
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
Kaukau9
 
PDF
What is Penetration & Penetration test ?
Bhavin Shah
 
PDF
13.02 Network Security
Anjan Mahanta
 
PPT
Types of attack -Part3 (Malware Part -2)
SHUBHA CHATURVEDI
 
PPTX
FCL-Introduction.pptx
aratibhavsar
 
PPTX
Cyber crime and security (1)
Tanikella Sai Abhijyan
 
Unit 5_Social Engineering and Cyberstalking.pdf
KanchanPatil34
 
Ethical hacking ppt
himanshujoshi238
 
Module 2_ Cyber offenses & Cybercrimes(Updated).pptx
placementstwc
 
Information Security
UmangThakkar26
 
Web hacking 1.0
Q Fadlan
 
unit 2. cyber offences_how criminals plan them.ppt
Dimple Relekar
 
cyber ppt all topic are covered.pptx
VeerKumar57
 
Access Control - Week 4
jemtallon
 
Hacking and protecting yourself from hackers .
Preethi T G
 
cyber security module 2 ppt of first year
MayuraD1
 
Introduction ethical hacking
Vishal Kumar
 
Module 1- Introduction to Cybercrime.pptx
nikshaikh786
 
UNIT-II Footprinting.pptx • Web applications can be exploited to gain unautho...
ssuserf8636d
 
chp .4.Ethics and Safety in computing
VanitaGuntuka
 
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
Kaukau9
 
What is Penetration & Penetration test ?
Bhavin Shah
 
13.02 Network Security
Anjan Mahanta
 
Types of attack -Part3 (Malware Part -2)
SHUBHA CHATURVEDI
 
FCL-Introduction.pptx
aratibhavsar
 
Cyber crime and security (1)
Tanikella Sai Abhijyan
 
Ad

Recently uploaded (20)

PPTX
UNIT - 3 Total quality Management .pptx
gokuld13012005
 
PPTX
CURRICULAM DESIGN engineering FOR CSE 2025.pptx
Amuda3
 
PDF
Abrasive, erosive and cavitation wear.pdf
nfandraden
 
PPTX
communication and presentation skills 01
CdtAfrazAttaullah
 
PDF
Artificial Superintelligence (ASI) Alliance Vision Paper.pdf
SonaliPatil325517
 
PDF
Visual Aids for Exploratory Data Analysis.pdf
Ashutosh Satapathy
 
PPTX
Fundamentals of Mechanical Engineering.pptx
MdMowdudAhmed
 
PPTX
Safety Seminar civil to be ensured for safe working.
DILJEETKUMAR8
 
PDF
Soil Improvement Techniques Note - Rabbi
rahmatideal000
 
PPT
Occupational Health and Safety Management System
Akshay Kant Mishra
 
PDF
Enhancing Cyber Defense Against Zero-Day Attacks using Ensemble Neural Networks
IJCNCJournal
 
PDF
null (2) bgfbg bfgb bfgb fbfg bfbgf b.pdf
Ramez Hosny
 
PPT
A5_DistSysCh1.ppt_INTRODUCTION TO DISTRIBUTED SYSTEMS
rameshwarchintamani
 
PDF
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
PPT
introduction to datamining and warehousing
ssuser4ab3a2
 
PDF
COURSE DESCRIPTOR OF SURVEYING R24 SYLLABUS
MNANDITHACIVILSTAFF
 
PDF
Automation-in-Manufacturing-Chapter-Introduction.pdf
pcmth867
 
PDF
III.4.1.2_The_Space_Environment.p pdffdf
sittiporn2
 
PDF
The CXO Playbook 2025 – Future-Ready Strategies for C-Suite Leaders Cerebrai...
Cerebraix Technologies
 
PDF
Categorization of Factors Affecting Classification Algorithms Selection
IJDKP
 
UNIT - 3 Total quality Management .pptx
gokuld13012005
 
CURRICULAM DESIGN engineering FOR CSE 2025.pptx
Amuda3
 
Abrasive, erosive and cavitation wear.pdf
nfandraden
 
communication and presentation skills 01
CdtAfrazAttaullah
 
Artificial Superintelligence (ASI) Alliance Vision Paper.pdf
SonaliPatil325517
 
Visual Aids for Exploratory Data Analysis.pdf
Ashutosh Satapathy
 
Fundamentals of Mechanical Engineering.pptx
MdMowdudAhmed
 
Safety Seminar civil to be ensured for safe working.
DILJEETKUMAR8
 
Soil Improvement Techniques Note - Rabbi
rahmatideal000
 
Occupational Health and Safety Management System
Akshay Kant Mishra
 
Enhancing Cyber Defense Against Zero-Day Attacks using Ensemble Neural Networks
IJCNCJournal
 
null (2) bgfbg bfgb bfgb fbfg bfbgf b.pdf
Ramez Hosny
 
A5_DistSysCh1.ppt_INTRODUCTION TO DISTRIBUTED SYSTEMS
rameshwarchintamani
 
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
introduction to datamining and warehousing
ssuser4ab3a2
 
COURSE DESCRIPTOR OF SURVEYING R24 SYLLABUS
MNANDITHACIVILSTAFF
 
Automation-in-Manufacturing-Chapter-Introduction.pdf
pcmth867
 
III.4.1.2_The_Space_Environment.p pdffdf
sittiporn2
 
The CXO Playbook 2025 – Future-Ready Strategies for C-Suite Leaders Cerebrai...
Cerebraix Technologies
 
Categorization of Factors Affecting Classification Algorithms Selection
IJDKP
 

M1-02-HowCriminalsPlan.pdf

  • 1. Introduction to Cybercrime and Laws Module 1 Chapter 2
  • 2. How Criminals Plan Them ● Introduction ● How Criminals Plan the Attacks ● Cybercafé and Cybercrimes ● Botnets ● Attack Vector
  • 3. Introduction ● Criminals use many methods and tools to locate the vulnerabilities of their target. ● The target can be an individual and/or an organization. ● Criminals plan passive and active attacks. – Active attacks are usually used to alter the system, whereas passive attacks attempt to gain information about the target. – Active attacks may affect the availability, integrity and authenticity of data whereas passive attacks lead to breaches of confidentiality.
  • 4. Introduction ● In addition to the active and passive categories, attacks can be categorized as either inside or outside. ● An attack originating and/or attempted within the security, perimeter of an organization is an inside attack. – it is usually attempted by an "insider" who gains access to more resources. than expected. ● An outside attack is attempted by a source outside the security perimeter, – maybe attempted by an insider and/or an outsider, who is indirectly associated with the organization, – it is attempted through the Internet or a remote access connection.
  • 5. Categories of Cybercrime ● Cyber crime or Cyber attacks are categorized into five types, it can be categorized based on some factors. – Target of the crime – Whether crime require series of events or perform in single events. ● Cyber Attack Meaning : Attack in which Cyber criminals can be targeted against person, property or organization include government, business and social.
  • 6. Categories of Cybercrime ● Crime Targeted to Person (individual) ● Crime Targeted at Assets ● Cyber Crime Against Organization ● Cyber attacks using single event ● Cyber attacks considering series of event
  • 7. Crime Targeted to Person (individual) ● The cyber criminals exploit human weakness such as avidity and innocence. ● This kind of cyber-attack include financial frauds, copyright violation, harassment, sale of stolen or non–existing items etc. ● Latest technology development and growth of internet, cyber criminals have a new attacking tools that make them to expand group of potential victim.
  • 8. Crime Targeted at Assets ● In this kind of crime include stealing property such as mobile devices, laptop, pen drive, CD, DVD, iPad etc. ● Sometime attacker may insert harmful program such as Trojan virus and disturbed function of hard disk and pen drive. ● Shortcut virus is one type of Trojan used to steal information from computer.
  • 9. Cyber Crime Against Organization ● Cyber attacks perform against organization is also called as Cyber terrorism. ● Cyber attackers use computer and internet to perform Cyber terrorism, by stealing private information or destroying valuable files, damaging programs file or taking control of network system. ● It’s like cyber attacks on banks.
  • 10. Cyber attacks using single event ● This type of Cyber attacks perform in single event from victim point of view. ● For example, mistakenly open email may contain virus. ● Representation of incorrect website called as phishing and steal valuable financial information. ● This kind of attack is also called as hacking or online fraud.
  • 11. Cyber attacks considering series of event ● Sometime attacker perform series of event to track victim, interacting with victim. ● For example attacker perform communication with victim using phone or chat room establish connection with victim and then explore or steel valuable information. ● Nowadays this kind of attack getting viral so be aware before accepting friend request in Facebook or Whatsapp.
  • 12. How Criminals Plan the Attacks
  • 13. The following phases are involved in planning cybercrime ● Reconnaissance (information gathering) is the first phase and is treated as passive attacks. ● Scanning and scrutinizing the gathered information for the validity of the information as well as to identify the existing vulnerabilities. ● Launching an attack (gaining and maintaining the system access).
  • 14. Reconnaissance ● The literal meaning of "Reconnaissance" is an act of reconnoitering- explore, often with the goal of finding something or somebody (especially to gain information about an enemy or potential enemy). ● In the world of "hacking," reconnaissance phase begins with "Footprinting" - this is the preparation toward preattack phase, and involves accumulating data about the target's environment and computer architecture to find ways to intrude into that environment. ● Footprinting gives an overview about system vulnerabilities and provides a judgment about possible exploitation of those vulnerabilities.
  • 15. Reconnaissance ● The objective of this preparatory phase is to understand the system, its networking ports and services, and any other aspects of its security that are needful for launching the attack. ● Thus, an attacker attempts to gather information in two phases: passive and active attacks.
  • 16. Passive Attacks ● A passive attack involves gathering information about a target without his/her (individual's or company's) knowledge. ● It can be as simple as watching a building to identify what time employees enter the building's premises. ● However, it is usually done using Internet searches or by Googling (i,e., searching the required information with the help of search engine Google) an individual or company to gain information.
  • 17. Passive Attacks ● Google or Yahoo search: People search to locate information about employees. ● Surfing online community groups like Orkut/Facebook will prove useful to gain the information about an individual. ● Organization's website may provide a personnel directory or information about key employees, for example, contact details, E- Mail address, etc. These can be used in a social engineering attack to reach the target. ● Blogs, newsgroups, press releases, etc. are generally used as the mediums to gain information about the company or employees. ● Going through the job postings in particular job profiles for technical persons can provide information about type of technology, that is, servers or infrastructure devices a company maybe using on its network. ●
  • 18. Active Attacks ● An active attack involves probing the network to discover individual hosts to confirm the information (IP addresses, operating system type and version, and services on the network) gathered in the passive attack, phase. ● It involves the risk of detection and is also called "Rattling the doorknobs" or "Active reconnaissance." ● Active reconnaissance can provide confirmation to an attacker about security measures in place, but the process can also increase the chance of being caught or raise suspicion.
  • 19. Scanning and Scrutinizing Gathered Information ● Scanning is a key step to examine intelligently while gathering information about the target. The objectives of scanning are as follows: – Port scanning: Identify open/close ports and services. – Network scanning: Understand IP Addresses and related information about the computer network systems. – Vulnerability scanning: Understand the existing weaknesses in the system.
  • 20. Scanning and Scrutinizing Gathered Information ● The scrutinizing phase is always called "enumeration" in the hacking world. The objective behind this step is to identify: – The valid user accounts or groups; – Network resources and/or shared resources – OS and different applications that are running on the OS.
  • 21. Attack (Gaining and Maintaining the System Access) ● After the scanning and enumeration, the attack is launched using the following steps: – Crack the password – Exploit the password – Execute the malicious command/applications – Hide the files (if required) – Cover the tracks - delete the access logs, so that there is no trail illicit activity. ●
  • 22. Cybercafe and Cybercrimes ● Cybercriminals prefer cybercafes to carry out their activities. ● The criminals tend to identify one particular personal computer PC to prepare it for their use. ● Cybercriminals will visit these cafes at a particular time and on the prescribed frequency, maybe alternate day or twice a week.
  • 23. A recent survey conducted in one of the metropolitan cities in India reveals the following facts, ● Pirated software(s) such as OS, browser, office automation software(s) (e.g., Microsoft Office) are installed in all the computers. ● Antivirus software is found to be not updated to the latest patch and/or antivirus signature. ● Several cybercafes had installed the software called "Deep Freeze" for protecting the computers from prospective malware attacks. ● Annual maintenance contract (AMC) found to be not in a place for servicing the computers; hence, hard disks for all the computers are not formatted unless the computer is down. ● Not having the AMC is a risk from cybercrime perspective because a cybercriminal can install a Malicious Code on a computer and conduct criminal activities without any interruption.
  • 24. A recent survey conducted in one of the metropolitan cities in India reveals the following facts, ● Pornographic websites and other similar websites with indecent contents are not blocked. ● Cybercafe owners have very less awareness about IT Security and IT Governance. ● Government/ISPs/State Police (cyber cell wing) do not seem to provide IT Governance guidelines to cybercafe owners. ● Cybercafe association or State Police (cyber cell wing) do not seem to conduct periodic visits to cybercafes - one of the cybercafe owners whom we interviewed expressed a view that the police will not visit a cybercafe unless criminal activity is registered by fling an First Information Report (FIR). ● Cybercafe owners feel that police either have a very little knowledge about the technical aspects, involved in cybercrimes and/or about conceptual understanding of IT security. ●
  • 25. ● There are thousands of cybercafes across India. ● In the event that a central agency takes up the responsibility for monitoring cybercafes, an individual should take care while visiting and/or operating from cybercafe.
  • 26. Here are a few tips for safety and security while using the computer in a cybercafe: ● Always logout: While checking E-Mails or logging into chatting services such as instant messaging or using any other service that requires a username and a password, always click "logout" or sign out" before leaving the system. – Simply closing the browser window is not enough, because if somebody uses the same service after you then one can get an easy access to your account. – However, do not save your login information through options that allow automatic login. Disable such options before logon. ● Stay with the computer: While surfing/browsing, one should not leave the system unattended for any period of time. – If one has to go out, logout and close all browser windows.
  • 27. Here are a few tips for safety and security while using the computer in a cybercafe: ● Clear history and temporary files: Internet Explorer saves pages that you have visited in the history folder and in temporary Internet files. Your passwords may also be stored in the browser if that option has been enabled on the computer that you have used.Therefore, before you begin browsing, do the following in case of the browser Internet Explorer: – Go to Tools →Internet options → click the Content tab → click Auto Complete. If the checkboxes for passwords are selected, deselect them. Click OK twice. – After you have finished browsing, you should clear the history and temporary Internet files folders. For this, go to Tools →Internet options again → click the General tab → go to Temporary Internet Files →click Delete Files and then click Delete Cookies. – Then, under history, click clear history. Wait for the process to finish before leaving the computer.
  • 28. Here are a few tips for safety and security while using the computer in a cybercafe: ● Be alert: One should have to stay alert and aware of the surroundings while using a public computer. Snooping over the shoulder is an easy way of getting your username and password. ● Avoid online financial transactions: Ideally one should avoid online banking, shopping or other transactions that require one to provide personal, confidential and sensitive information such as credit card or bank account details. In case of urgency one has to do it; however, one should take the precaution of changing all the passwords as soon as possible. One should change the passwords using a more trusted computer, such as at home and/or in office. ● Change password ● Virtual keyboard: Nowadays almost every bank has provided the virtual keyboard on their website. ● Security warnings: One should take utmost care while accessing the websites of any banks/financial institution.
  • 29. How to be safe ● Individual should take care while accessing computers in public places, that is, accessing the Internet in public places such as hotels, libraries and holiday resorts. ● Moreover, one should not forget that whatever is applicable for cybercafes (i.e., from information security perspective) is also true in the case of all other all public places where the Internet is made available. ● Hence, one should follow all tips about safety and security while operating the systems from these facilities.
  • 30. Botnets: The Fuel for Cybercrime ● The dictionary meaning of Bot is (computing) an automated program for doing some particular task, often over a network. ● Botnet is a term used for collection of software robots, or Bots, that run autonomously and automatically. ● The term is often associated with malicious software but can also refer to the network of computers using distributed computing software.
  • 31. Botnets: The Fuel for Cybercrime ● In simple terms, a Bot is simply an automated computer program. One can gain the control of your computer by infecting them with a virus or other Malicious Code that gives the access. ● Your computer system maybe a part of a Botnet even though it appears to be operating normally. ● Botnets are often used to conduct a range of activities, from distributing Spam and viruses to conducting denial-of-service (DoS) attacks.
  • 32. Botnets: The Fuel for Cybercrime ● A Botnet (also called as zombie network) is a network of computers infected with a malicious program that allows cybercriminals to control the infected machines remotely without the users' knowledge. "Zombie networks" have become of income for entire groups of cybercriminals. ● The invariably low cost of maintaining a Botnet and the ever diminishing degree of knowledge require to manage one are conducive to the growth in popularity and, consequently, the number of Botnets.
  • 33. Botnets: The Fuel for Cybercrime ● If someone wants to start a "business" and has no programming skills, there are plenty of "Bot for sale” offers on forums. ● Obfuscation and encryption of these programs' code can also be ordered in the same way to protect them from detection by antivirus tools. Another option is to steal an existing Botnet.
  • 34. Figure below explains how Botnets create business.
  • 35. One can reduce the chances of becoming part of a Bot by limiting access into the system. Leaving your Internet connection ON and unprotected is just like leaving the front door of the house wide open. ● One can ensure following to secure the system: – Use antivirus and anti-Spyware software and keep it up-to-date. – Set the OS to download and install security patches automatically. – Use a firewall to protect the system, from hacking attacks while it is connected on the Internet. – Disconnect from the Internet. when you are away from your computer. – Downloading the freeware only from websites that are known and trustworthy. – Check regularly the folders in the mail box- "sent items" or "outgoing"-for those messages, you did not send. – Take an immediate action if your system is infected.
  • 36. ● Use antivirus and anti-Spyware software and keep it up-to-date: It is important to remove and/or quarantine the viruses. The settings of these softwares should be done during the installations so that these softwares get updated automatically on a daily basis. ● Set the OS to download and install security patches automatically: OS companies issue the security patches for flaws that are found in these systems.
  • 37. ● Use a firewall to protect the system, from hacking attacks while it is connected on the Internet: A firewall is a software and/or hardware that is designed to block unauthorized access while permitting authorized communications. – It is a device or set of devices configured to permit, deny, encrypt, decrypt, or proxy all (in and out) computer traffic between different security domains based upon a set of rules and other criteria. – A firewall is different from antivirus protection. – Antivirus software scans incoming communications and files for troublesome viruses vis-a-vis properly configured firewall that helps to block all incoming communications from unauthorized sources.
  • 38. ● Disconnect from the Internet. when you are away from your computer: Attackers cannot get into the system when the system is disconnected from the Internet. – Firewall, antivirus, and anti-Spyware softwares are not foolproof mechanisms to get access to the system. ● Downloading the freeware only from websites that are known and trustworthy: It is always appealing to download free software(s) such as games, file- sharing programs, customized toolbars, etc. – However, one should remember that many free software(s) contain other software, which may include Spyware.
  • 39. ● Check regularly the folders in the mail box- "sent items" or "outgoing"-for those messages, you did not send: If you do find such messages in your outbox, it is a sign that your system may have infected with Spyware, and maybe a part of a Botnet. – This is not foolproof; many spammers have learned to hide their unauthorized access. ● Take an immediate action if your system is infected: If your system is found to be infected by a virus, disconnect it from the Internet immediately. – Then scan the entire system with fully updated antivirus, and anti- Spyware software. Report the unauthorized accesses to ISP and to the legal authorities. – There is a possibility that your passwords may have been compromised in such cases, so change all the passwords immediately.
  • 40. Attack Vector ● An "attack vector" is a path or means by which an attacker can gain access to a computer or to a network server to deliver a payload or malicious outcome. ● Attack vectors enable attackers to exploit system vulnerabilities, including the human element. ● Attack vectors include viruses, E-Mail attachments, webpages, pop-up windows, instant messages, chat rooms, and deception.
  • 41. Attack Vector ● All of these methods involve programming (or, in a few cases, hardware), except deception, in which a human operator is fooled into removing or weakening system defenses. ● To some extent, firewalls and antivirus software can block attack vectors. However, no protection method is totally attack-proof. ● A defense method that is effective today may not remain so for long because attackers are constantly updating attack vectors, and seeking new ones, in their quest to gain unauthorized access to computers and servers.
  • 42. Attack Vector ● The most common malicious payloads are viruses (which can function as their own attack vectors), Trojan Horses, worms, and Spyware. ● If an attack vector is thought of as a guided missile, its payload can be compared to the warhead in the tip of the missile. ● In the technical terms, payload is the necessary data being carried within a packet or other transmission unit - in this scenario (i.e., attack vector) payload means the malicious activity that the attack performs.
  • 43. Attack Vector ● From the technical perspective, payload does not include the "overhead" "data required to get the packet to its destination. ● Payload may depend on the following point of view: "What constitutes it?" To a communications layer that needs some of the overhead data to do its job, the payload is sometimes considered to include that part of the overhead data that this layer handles. ● However, in more general usage, the payload is the bits that get delivered to the end-user at the destination.
  • 44. How attack vectors are launched The attack vectors described here are how most of them are launched. – Attack by E-Mail – Attachments (and other files) – Attack by deception – Hackers – Heedless guests (attack by webpage) – Attack of the worms – Malicious macros – Foistware (sneakware): – Viruses
  • 45. ● Attack by E-Mail: The hostile content is either embedded in the message or linked to by the message. Sometimes attacks combine the two vectors, so that if the message does not get you, the attachment will. Spam is almost always carrier for scams, fraud, dirty tricks, or malicious action of some kind. Any link that offers something "free" or tempting is a suspect. ● Attachments (and other files): Malicious attachments install malicious computer code. The code could be a virus, Trojan Horse, Spyware, or any other kind of malware. Attachments attempt to install their payload as soon as you open them. ● Attack by deception: Deception is aimed at the user/operator as a vulnerable entry point, It is not just malicious computer code that one needs to monitor. Fraud, scams, hoaxes, and to some extent Spam, not to mention viruses, worms and such require the unwitting cooperation of the computer's operator to succeed. Social engineering and hoaxes are other forms of deception that are often an attack vector too.
  • 46. ● Hackers: Hackers/crackers are a formidable attack vector because, unlike ordinary Malicious Code, people are flexible and they can improvise. Hackers/crackers use a variety of hacking tools, heuristics,and social engineering to gain access to computers and online accounts. They often install a Trojan Horse to commandeer the computer for their own use. ● Heedless guests (attack by webpage): Counterfeit websites are used to extract personal information. Such websites look very, much like genuine websites they imitate. One may think he/she is doing business with someone you trust. However, he/she is really giving their personal information, like address, credit card number, and expiration date. They are often used in conjunction with Spam, which gets you there in the first place. Pop-up webpages may install Spyware, Adware or Trojans. ● Attack of the worms: Many worms are delivered as E-Mail attachments, but Network worms use holes in network protocols directly. Any remote access service, like file sharing, is likely to be vulnerable to this sort of worm. In most cases, a firewall will block system worms. Many of these system worms install Trojan Horses. Next they begin scanning the Internet from the computer they have just infected, and start looking for other computers to infect. If the worm is successful, it propagates rapidly. The worm owner soon has thousands of "zombie" computers to use for more mischief.
  • 47. ● Malicious macros: Microsoft Word and Microsoft Excel are some of the examples that allow macros. A macro does something like automating a spreadsheet, for example. Macros can also be used for malicious purposes. All Internet services like instant messaging, Internet Relay Chart (IRC), and P2P file-sharing networks rely on cozy connections between the computer and the other computers on the Internet. If one is using P2P software then his/her system is more vulnerable to hostile exploits. ● Foistware (sneakware): Foistware is the software that adds hidden components to the system on the sly. Spyware is the most common form of foistware. Foistware is quasi-legal software bundled with some attractive software. Sneak software often hijacks your browser and diverts you to some "revenue opportunity" that the foistware has set up. ● Viruses: These are malicious computer codes that hitch a ride and make the payload. Nowadays, virus vectors include E-Mail attachments, downloaded files, worms, etc.
  • 48. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License. It makes use of the works of Kelly Loves Whales and Nick Merritt.