Introduction to Cyber Security and Cybercrime PDF

Introduction to Cyber Security and Cybercrime - - - - - Definition of Cybercrime - - Other Definitions of Cybercrime - - - - Cybercrime and Information Security - - Who are Cybercriminals? - - - - - - - - - - - Types of Cybercriminals - - - - - - - - - - - - - E-mail Spoofing A Spoofed E-mail is one that appears to originate from one source but actually has been sent from another source. E-mail Spoofing Email spoofing is the fabrication of an email header in the hopes of duping the recipient into thinking the email originated from someone or somewhere other than the intended source. Because core email protocols do not have a built-in method of authentication, it is commonplace for spam and phishing emails to use said spoofing to trick the recipient into trusting the origin of the message. E-mail Spoofing How Email Spoofing Works Email spoofing is possible because the Simple Mail Transfer Protocol (SMTP) does not provide a mechanism for address authentication. Although email address authentication protocols and mechanisms have been developed to combat email spoofing, adoption of those mechanisms has been slow. E-mail Spoofing Case: A branch of the Global Trust Bank (GTB), India, experienced a run on the bank. Numerous customers decided to withdraw all their money and close their accounts. It was revealed that someone had sent out spoofed emails to many of the bank's customers stating that the bank was in very bad shape financially and could close operations at any time. Fake Mail Spamming People who create electronic spam are called spammers. Spam is the abuse of electronic messaging system to send unsolicited bulk messages indiscriminately. Spamming Spam is a crime against all users of the Internet since it wastes both the storage and network capacities of ISPs, as well as often simply being offensive. Yet, despite various attempts to legislate it out of existence, it remains unclear how spam can be eliminated without violating the freedom of speech in a liberal democratic polity. Cyber defamation As per IPC section 499 " Whenever, by word either spoken or intended to be read, or by signs or by visible representations, makes or publishes any imputation concerning any person intending to harm, or knowing or having reason to believe that such imputation will harm, the reputation of such person, is said, except in the cases hereinafter expected, to defame that person" Internet Time Theft This type of theft occurs when an unauthorized person uses the Internet hours paid by some other person. Internet Time Theft comes under hacking because the person who gets access to someone else's ISP user ID and password either by hacking or gaining access to it by illegal means, uses it to access the Internet without the other person's knowledge. Internet Time Theft Internet time/ bandwidth theft is a crime where the internet connection of one person (the victim) is used by an unauthorised person (the criminal). This is usually done by getting access to the user's internet account details, such as user name and password, provided by the service provider. This access can be given voluntarily by the user for a stipulated time period, or it can be gained fraudulently. Wireless internet has made this theft more prevalent. It is easy to commit this crime if the victim uses an open wi-fi connection (one without a password) for internet access. Salami Attack/Salami Technique These attacks are used for communicating financial crimes. The idea here is to make the alteration so insignificant that in single case it would go completely unnoticed. Salami Attack/Salami Technique an employee of a bank in USA was dismissed from his job. Disgruntled at having been supposedly mistreated by his employers the man first introduced a logic bomb into the bank's systems. Logic bombs are programmes, which get activated on the occurrence of a particular predefined event. The logic bomb was programmed to take ten cents from all the accounts in the bank and put them into the account of the person whose name was alphabetically the last in the bank's rosters. Then he went and opened an account in the name of Ziegler. The amount being withdrawn from each of the accounts in the bank was so insignificant that neither any of the account holders nor the bank officials noticed the fault. Data Diddling A data diddling attack involves altering raw data just before it is processed by a computer and then changing it back after the processing is completed. Electricity boards in India have been victims to data diddling programs inserted when parties computerize their systems. Data Diddling Data Diddling is unauthorized altering of data before or during entry into a computer system, and then changing it back after processing is done. Using this technique, the attacker may modify the expected output and is difficult to track. In other words, the original information to be entered is changed, either by a person typing in the data, a virus that's programmed to change the data, the programmer of the database or application, or anyone else involved in the process of creating, recording, encoding, examining, checking, converting or transmitting data. Forgery Counterfeit currency notes, postage and revenue stamps, mark sheets etc. can be forged using sophisticated computers, printers and scanners. When a perpetrator alters documents stored in computerized form, the crime committed may be forgery. In this instance, computer systems are the target of criminal activity. Computers, however, can also be used as instruments with which to commit forgery. A new generation of fraudulent alteration or counterfeiting emerged when computerized color laser copiers became available. Vishing Vishing is the criminal practice of using social engineering over the telephone. The term is combination of V- Voice and Phishing. The most profitable uses of the information gained through Vishing include: ID theft On line shopping Transferring Money Monitoring bank account details Vishing During a vishing phone call, a scammer uses social engineering to get you to share personal information and financial details, such as account numbers and passwords. The scammer might say your account has been compromised, claim to represent your bank or law enforcement, or offer to help you install software. Warning: It\'s probably malware. Vishing is just one form of phishing, which is any type of message --- such as an email, text, phone call or direct-chat message --- that appears to be from a trusted source, but isn't. The goal is to steal someone\'s identity or money. Vishing Common Vishing Scams: "Compromised" bank or credit card account Whether it's a person or a prerecorded message on the other end, you'll be told there's an issue with your account or a payment you made. You may be asked for your login credentials to fix the problem or asked to make a new payment. Instead of giving out your info, hang up and call your financial institution on their publicly available number. Vishing Common Vishing Scams: Unsolicited loan or investment offers Scammers will call with offers that are too good to be true. They\'ll say, for example, that you can earn millions of dollars on one small investment, pay off all your debt with one quick fix, or get all your student loans forgiven in one fell swoop. Typically, you must "act now" and will need to pay a small fee. Don\'t fall for it. Legitimate lenders and investors won\'t make these types of offers and won\'t initiate contact out of the blue. Vishing Common Vishing Scams: Medicare or Social Security scam Phone calls are the No. 1 method scammers use to reach older adults, according to the Federal Trade Commission. Crooks pose as Medicare reps --- often during Medicare open enrollment season --- and try to glean financial information from the victim, such as their Medicare number or bank account details. Then the scammer will either fraudulently use the victim\'s Medicare benefits or steal their money. Scammers may also claim to be from the Social Security Administration and threaten to suspend or cancel the victim's Social Security number. Industrial Spying/Industrial Espionage Corporations, like governments often spy on the enemies. The internet and privately networked system provides new and better opportunities for espionage. Spies can get information about product finances, research and development and marketing strategies, an activity know as industrial spying. Industrial Spying/Industrial Espionage The term industrial espionage refers to the illegal and unethical theft of business trade secrets for use by a competitor to achieve a competitive advantage. This activity is a covert practice often done by an insider or an employee who gains employment for the express purpose of spying and stealing information for a competitor. Industrial espionage is conducted by companies for commercial purposes rather than by governments for national security purposes. Hacking Hackers write or use ready-made computer programs to attack the target computer. The main purpose of hacking are: Greed Power Publicity Revenge Adventure Desire to access forbidden information Destructive mindset Types of Hacking White Hat Hacker Grey Hat Hacker Black Hat Hacker Types of Hacking Types of Hacking White Hat Hackers The term \"white hat\" in Internet slang refers to an ethical computer hacker, or a computer security expert, who specializes in penetration testing and in other testing methodologies to ensure the security of an organization\'s information systems. Types of Hacking Grey Hat Hackers The term \"grey hat\", \"greyhat\" or \"gray hat\" refers to a computer hacker or computer security expert who may sometimes violate laws or typical ethical standards, but does not have the malicious intent typical of a black hat hacker. Types of Hacking Black Hat Hackers A black hat hacker (or black-hat hacker) is a hacker who \"violates computer security for little reason beyond maliciousness or for personal gain\". Online Frauds Lottery frauds and E-mail spoofing comes under this category. In spoofing websites and E-mail security threats, fraudsters create authentic looking website that are actually nothing but a spoof. The purpose of these website is to make the user enter personal information which is then used to access business and bank accounts. Online Frauds The most common types of online fraud are called phishing and spoofing. Phishing is the process of collecting your personal information through e-mails or websites claiming to be legitimate. This information can include usernames, passwords, credit card numbers, social security numbers, etc. Often times the e-mails directs you to a website where you can update your personal information. Example Lottery Fraud Online Frauds Lottery frauds are typically letters or E-mail that inform the recipient that he/she has won a prize in lottery. To get the money the recipient has to reply, after which another mail is received asking for bank details so that the money can be directly transferred. Online Frauds Don't Become a Victim of Lottery Fraud :- These scams try to trick you into giving money upfront or your personal details in order to receive a prize from a lottery, sweepstake or competition that you never entered. Scammer claim that you need to pay advances fees or GST or income taxes before your 'winnings' or prize can be released. They will also tell you they need your personal details to prove you are the correct winner but then use this information to steal your identity or money from your bank account. Online Frauds You may also have to call or send a text to a phone number or fill-up an online form to claim your prize. Scammer email / telephonic conversations will provoke an emotional reaction which in turn will make you send your bank details, address, credit card or personal information. Sometimes these emails may also contain viruses or unwanted software which could harm your computer. Online Frauds Scratch scams involve getting mail containing glossy brochures and a number of scratch cards, one of which will be a winner. To make it more believable, it will often be second or third prize. When you call to claim your prize, the scammer will ask for fees or GST or income taxes to be paid before you can get your winnings. Lottery scams may use the names of real overseas lotteries to claim that you've won cash, even though you never entered into them. Online Frauds Scratch scams involve getting mail containing glossy brochures and a number of scratch cards, one of which will be a winner. To make it more believable, it will often be second or third prize. When you call to claim your prize, the scammer will ask for fees or GST or income taxes to be paid before you can get your winnings. Lottery scams may use the names of real overseas lotteries to claim that you've won cash, even though you never entered into them. Online Frauds Fake vouchers and gift cards involve scammer sending you an email or text message or a social media message claiming you have won a gift card for a well-known retailer but you need to provide some details before you can claim it. This is an attempt to get personal information which can be used for identity theft or to target you with another scam. Offers like these have also been known to deliver ransomware on your device. Online Frauds Travel prize scams involve scammer claiming you've won a free holiday or airfares. These travel vouchers often have hidden fees and conditions, or may be fake and worthless. Similarly, scammer may offer you amazing discounted holiday packages that just don't exist. Google Pay scratch card scam Software Piracy The unauthorized copying of software. By buying the software, you become a licensed user rather than an owner. You are allowed to make copies of the program for backup purposes, but it is against the law to give copies to friends and colleagues Software Piracy Top 20 Software License Misuse and Piracy Hotspots Software Piracy When you use Home License Software in Office its Piracy. If you copy a legal software meant for one Machine on another its Piracy. When you use 3 users license on 4rth Machine its Piracy. When you make duplicate CD or DVD of your own licensed software CD it\'s piracy. When you download or upload licensed software from free websites providing pirated software its piracy. Software Piracy When you have single user license software and you use 3 different login id and three different persons use same software its piracy. Piracy occurs when computer dealers install illegal copies of software onto computers prior to their sale. Software Piracy In India, the copyright of computer software is protected under the Indian Copyright Act of 1957. Copyright protection for software with an individual author lasts for the duration of the author\'s life and continues 60 years after the author\'s death. Government agencies such as the Ministry of Information Technology and the Ministry of Human Resource Development have played an active role in aiding the Indian law enforcement authorities in protecting software copyright. Software Piracy Under the Indian Copyright Act, a software pirate can be tried under both civil and criminal law. The minimum jail term for software copyright infringement is seven days, and the maximum jail term is three years. Statutory fines range from a minimum of 50,000 to a maximum of 200,000 rupees. Sections of The IT Act, 2000 can also be applied based on scenario of piracy. Computer Sabotage The use of computer to hinder the normal functioning of a computer system through the introduction of worms, viruses or logic bomb. It can be used to gain economic advantage over a competitor , to promote the illegal activities of terrorists or to steal data or programs for extortion purposes. Computer Sabotage Examples would include writing and releasing a virus, worm, or Trojan, sending out spam, initiating a denial of service attack, installing a \"back door\", altering or deleting data, damaging computer equipment, causing data on someone else\'s computer to become corrupted, encrypting someone\'s hard drive and holding it hostage until they pay a ransom for the decryption key, intercepting computer traffic and altering it before sending it along (a type of man-in-the middle attack), or causing physical damage to a computer system by deliberate malicious actions. E-Mail Bombing/Mail Bomb Mass mailing consists of sending numerous duplicate mails to the same email address. Similar to Spamming, the attacker instructs the botnet to send out millions or even billions of emails, but unlike normal botnet spamming, the emails are all addressed to only one or a few addresses the attacker wishes to flood. This form of email bombing is similar in purpose to other DDoS flooding attacks. E-Mail Bombing/Mail Bomb An email bombing is often a distraction used to bury an important email in your inbox and hide it from you. For example, an attacker may have gained access to one of your accounts on an online shopping website like Amazon and ordered expensive products for itself. The email bombing floods your email inbox with irrelevant emails, burying the purchase and shipping confirmation emails so you won't notice them. Man-in-the-Middle attack Man-in-the-Middle attack A man in the middle (MITM) attack is a general term for when a perpetrator positions himself in a conversation between a user and an application---either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway. The goal of an attack is to steal personal information, such as login credentials, account details and credit card numbers. Targets are typically the users of financial applications, SaaS businesses, e-commerce sites and other websites where logging in is required. Man-in-the-Middle attack Information obtained during an attack could be used for many purposes, including identity theft, unapproved fund transfers or an illicit password change. Broadly speaking, a MITM attack is the equivalent of a mailman opening your bank statement, writing down your account details and then resealing the envelope and delivering it to your door. Credit Card Frauds Credit card fraud is a wide-ranging term for theft and fraud committed using or involving a payment card, such as a credit card or debit card, as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account. Identity Theft Identity theft is a form of stealing someone\'s identity in which someone pretends to be someone else by assuming that person\'s identity, usually as a method to gain access to resources or obtain credit and other benefits in that person\'s name. It's a serious crime that can cause disturbance with your finances, credit history, reputation and can take time, money, and patience to resolve. It is stalking or harassment that takes place via online channels such as social media, forums or email. It is typically planned and sustained over a period of time. For example, if you've received a few negative comments on Facebook and Instagram, it may upset or annoy you, but this isn't cyberstalking yet. For some people, such as semi-celebrities looking for attention, negative comments are actually welcomed. Cyber Stalking and Harrasment Cyberstalking doesn't have to involve direct communication, and some victims may not even realize they are being stalked online. Perpetrators can monitor victims through various methods and use the information gathered for crimes like identity theft. Once you start receiving unwanted and annoying messages repeatedly and feel harassed, then the line has likely been crossed. Cyber Stalking and Harrasment DoS and DDoS attack DoS -- Denial of Service DDoS -- Distributed Denial of Service A DoS attack is a denial of service attack where a computer is used to flood a server with a lot of traffic. A DDoS attack is where multiple systems target a single system with a DoS attack. The targeted network is then bombarded with packets from multiple locations. DoS and DDoS attack Legitimate Clients Attacker an attack from one source DDoS -- an attack from multiple sources A Cyber attack on a specific server or network Flooding the target with a constant flood of traffic Web Server Cyberwarfare Cyberspace has become another important dimension of warfare, where nations can carry out conflicts without the clashes of traditional troops and machines. This allows countries with minimal military presence to be as strong as other nations in cyberspace. Cyberwarfare is an Internet-based conflict that involves the penetration of computer systems and networks of other nations. Cyberwarfare These attackers have the resources and expertise to launch massive Internet-based attacks against other nations to cause damage or disrupt services, such as shutting down a power grid. Example : Cyberwarfare An example of a state-sponsored attack involved the Stuxnet malware that was designed to damage Iran's nuclear enrichment plant in 2010. Stuxnet malware did not hijack targeted computers to steal information. It was designed to damage physical equipment that was controlled by computers. Types of Malware Short for Malicious Software, malware is any code that can be used to steal data, bypass access controls, or cause harm to, or compromise a system. Types of Malware Spyware -- This malware is design to track and spy on the user. Spyware often includes activity trackers, keystroke collection, and data capture. In an attempt to overcome security measures, spyware often modifies security settings. Spyware often bundles itself with legitimate software or with Trojan horses. Types of Malware Adware -- Advertising supported software is designed to automatically deliver advertisements. Adware is often installed with some versions of software. Some adware is designed to only deliver advertisements but it is also common for adware to come with spyware. Types of Malware Bot -- From the word robot, a bot is malware designed to automatically perform action, usually online. While most bots are harmless, one increasing use of malicious bots are botnets. Several computers are infected with bots which are programmed to quietly wait for commands provided by the attacker. Types of Malware Rootkit -- This malware is designed to modify the operating system to create a backdoor. Attackers then use the backdoor to access the computer remotely. Most rootkits take advantage of software vulnerabilities to perform privilege escalation and modify system files. It is also common for rootkits to modify system forensics and monitoring tools, making them very hard to detect. Often, a computer infected by a rootkit must be wiped and reinstalled. Types of Malware Virus - A virus is malicious executable code that is attached to other executable files, often legitimate programs. Most viruses require end-user activation and can activate at a specific time or date. Viruses can be harmless and simply display a picture or they can be destructive, such as those that modify or delete data. Viruses can also be programmed to mutate to avoid detection. Most viruses are now spread by USB drives, optical disks, network shares, or email. Types of Malware Trojan horse - A Trojan horse is malware that carries out malicious operations under the guise of a desired operation. This malicious code exploits the privileges of the user that runs it. Often, Trojans are found in image files, audio files or games. A Trojan horse differs from a virus because it binds itself to non-executable files. Types of Malware Worms -- Worms are malicious code that replicate themselves by independently exploiting vulnerabilities in networks. Worms usually slow down networks. Whereas a virus requires a host program to run, worms can run by themselves. Other than the initial infection, they no longer require user participation. After a host is infected, the worm is able to spread very quickly over the network. Worms share similar patterns. They all have an enabling vulnerability, a way to propagate themselves, and they all contain a payload. Difference between Virus and Worm Cyberoffenses: How Criminals Plan Them Categories of Cybercrime Cyber crimes can be categorized based on: The target of crime and Whether the crime occurs as a single event or as a series of events. Categories of Cybercrime The target of crime Crimes Targeted at Individuals: The goal is to exploit human weakness, these crimes include financial frauds, sale of non existent or stolen items, Copyright violation, harassment etc. Categories of Cybercrime Crimes targeted at property: This include stealing mobile devices such as cell phone, laptop and PDAs, Removable media etc. Crimes targeted at organization: Attackers use computer tools and the Internet to usually terrorize the citizens of a particular country by stealing the private information and also to damage the problems and files or plant programs to get control of the network and/or system. Categories of Cybercrime Single Event of Cybercrime: It is the single event from the perspective of the victim. Series of Events: This involves attacker interacting with the victims repetitively. For example attacker interacts with the victims on the phone and/or via chat rooms to establish relationship and then they exploit the relationship. How Criminals plan the attack How Criminals plan the attack Criminals use many tools to locate the vulnerabilities of their target. The target can be an individual or an organization. Criminals plan active or passive plan. In addition to active or passive categories attacks can be categorized as either inside or outside. Active Attack Active attacks are the type of attacks in which, The attacker efforts to change or modify the content of messages. Active Attack is dangerous to Integrity as well as availability. Passive Attack Passive Attacks are the type of attacks in which, The attacker observes the content of messages or copies the content of messages. Passive Attack is a danger to Confidentiality. Inside Attacker An attack originating and/or attempted within the security perimeter of an organization is an inside attack; it is usually attempted by an "insider" who gains access to more resources than expected. Outside Attack An outside attack is attempted by a source outside the security perimeter, maybe attempted by an insider and/or outsider, who is indirectly associated with the organization. It is attempted through the internet or a remote access connection. How Criminals Plan the Attack Following phases are involved in planning cybercrime: Reconnaissance (Investigation) Scanning and Scrutinizing (Examining) the gathered information for the validity of the information as well as to identify the existing vulnerabilities. Launching an attack. Reconnaissance The literal meaning of "Reconnaissance" is an act investigation often with the goal of finding something or somebody to gain information about an enemy. In the world of hacking reconnaissance phase begins with "Footprinting" -- this is the preparation toward preattack. Footprinting gives vulnerabilities and provides a judgments about possible exploitation of those vulnerabilities. An attacker attempts to gather the information in two phases: Passive and Active attack. Scanning and Scrutinizing Gathered Information Scanning is a key step to examine intelligently while gathering information about the target. The objective of scanning are as follows: Port Scanning: Identify open/close ports and services. Network Scanning: Understand IP address and related information about the computer network systems. Vulnerability Scanning: Understand the existing weaknesses in the system. Social Engineering Social Engineering is a "technique to influence" people to obtain the information or perform some action. A social engineer usually uses telecommunication or internet to do something that is against the security/ policies of the organization. Social engineering involves gaining sensitive information or unauthorized access privileges by building inappropriate trust relationship with insiders. Social Engineering The goal of a social engineer is to fool someone into providing valuable information or access to that information. Social engineer studies the human behavior so that people will help because of the desire to be helpful, the attitude to trust people, and the fear of getting into trouble. Social Engineering Example Maria, a customer service representative, receives a telephone call from someone claiming to be a client. This person has a thick accent that makes his speech hard to understand. Maria asks him to respond to a series of ID authentication questions to ensure that he is an approved client. However, when asked a question, the caller mumbles his response with an accent and the representative cannot understand him. Too embarrassed to keep asking him to repeat his answer, Maria finally provides him with the password. Social Engineering Example Natasha, a contract programmer at a financial institution, drives past a security guard who recognizes her and waves her into the building. However, the guard does not realize that Natasha's contract was terminated the previous week. Once inside, Natasha pretends that she is performing an audit and questions a new employee, who willingly gives her the information she requests. Natasha then uses that information to transfer over \$10 million to her foreign bank account Classification of Social Engineering Human-Based Social Engineering : Human-based social engineering refers to person-to-person interaction to get the required/desired information. Posing as an important user Using a third person Calling technical support Shoulder Surfing Dumpster Diving Shoulder Surfing Shoulder Surfing Shoulder surfing is using direct observation techniques, such as looking over someone\'s shoulder, to get information. Shoulder surfing is an effective way to get information in crowded places because it\'s relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone. Shoulder surfing can also be done long distance with the aid of binoculars or other vision-enhancing devices. Dumpster Diving Dumpster Diving In the IT world, dumpster diving refers to using various methods to get information about a technology user. In general, dumpster diving involves searching through trash or garbage looking for something useful. This is often done to uncover useful information that may help an individual get access to a particular network. So, while the term can literally refer to looking through trash, it is used more often in the context of any method (especially physical methods) by which a hacker might look for information about a computer network. Classification of Social Engineering Computer-Based Social Engineering: It refers to get the required/desired information using computer software/internet. For example sending a fake mail to a user and asking him/her to re-enter a password in a web page to confirm it. Fake E-mail E-mail attachment Pop-up Windows Example Pop-up Cyberstalking Cyberstalking Cyberstalking has been defined as the use of information and communications technology, particularly the internet, by and individual or group of individuals to harass another individual or group of individuals. Cyberstalking refers to use of internet and/or other electronic communication devices to stalk another person. It involves harassing or threatening behavior that an individual will conduct repeatedly for following a person, visiting a person's home and/or business place. Types of Stalkers Online Stalkers: Stalker aim to start the interaction with the victim directly with the help of the internet (E-mail and chat rooms). They makes sure that the victim recognizes the attack attempted on him/her. Stalker may use a third party person to harass the victim. Types of Stalkers Offline Stalkers: The stalkers may begin the attack using traditional methods such as following the victim, watching daily routine of victim, gather information of victim through internet etc. How Stalking Works Gathering Personal Information of the victim Establish a connection. Keep on sending repeated mail Posting personal information on web site Call victim (Harass/Blackmailing) Cybercafe and Cybercrimes In past several years, many instances have been reported in India, where cybercafés are known to be used for either real or false terrorist communication. Cybercrimes such as stealing of bank password and subsequent fraudulent withdrawal of money have also happened through cybercafés. Cybercafe and Cybercrimes Survey in one of the metropolitan cities in India Pirated Software are installed in computers Antivirus are not updated Several cafes have installed the software called "Deep Freeze" Unwanted stuff are not blocked Owners are not aware about cyber security/Law Government/State Police (Cyber Cell Wing) do not seem to provide IT Governance guidelines to café owners Guidelines for Café owner Maintain a register for Identity of the visitor. The Identity of the visitor/User shall be established through Voter card, identity card, driving license, passport or PAN card. If any activity of the visitor is suspicious the owner of the cybercafé should inform to the near by police station. Botnet Bot is an automated program for doing some particular task, often over a network. In simple word, a Bot is simply automated computer program through which one can gain control of your computer by infecting them with virus Your computer may be a part of botnet even though it seems working normally. Security Parameters Use antivirus and anti- spyware and keep it up to date Set the OS to download and install security patches automatically. Use a firewall to protect the system from hacking attacks while it is connected on the internet. Disconnect from the internet when you are away from your computer Check regularly the folder in your mailbox Take an immediate action if your system is infected. Zero-Day Attack A zero day is a computer threat which attempts to exploit computer application vulnerabilities that are unknown to anybody in the world (i.e. undisclosed to the software vendors and software users). A zero day attack is launched just on or before the first or "zeroth" day of vendor awareness. Zero Day Emergency Response Team (ZERT) This is a group of software engineers who work to release non-vendor patches for zero day exploits. Objectives Understand the security challenges presented by mobile devices and information systems access in the cybercrime world. Understand the challenges faced by the mobile workforce and their implications under cybercrime era Learn about security issues arising due to use of media players. Understand the organizational security implications with electronic gadgets and learn what organizational measures need to be implemented for protecting information systems from threats in mobile computing era. Understand smishing and mishing attack in the mobile world. Understand security issues due to daily used of removable media. Introduction In this modern world the rising importance of electronic gadgets -- which become an integral part of business, providing connectivity with the internet outside the office- brings many challenges to secure these devices from being a victim of cybercrime. Today's Smartphone\'s combine the best aspects of mobile and wireless technologies and blend them into a useful business tool. Credit Card Frauds in Mobile and Wireless Computing Era These are new cybercrime that are coming up with mobile computing- mobile commerce (M-Commerce) and mobile banking (M-banking) Today belongs to "mobile computing," that is anywhere anytime computing. The developments in wireless technology have fuelled this new mode of working for white collar workers. Wireless credit card processing is relatively a new service that allow a person to process credit card electronically, virtually anywhere. Tips to prevent Credit Card Frauds Put your signature on the card Make photocopy of both side of the card and preserve it at a safe place Change the default PIN Always carry the contact details of your bank. Carry your card in a separate pouch/ card holder than wallet. Keep an eye on your card while transaction. Report immediately if found any discrepancy. Inform to your bank if any change in your contact number. Report the loss of your card immediately in your bank and at police station. Do's Tips to prevent Credit Card Frauds Store your card number and PIN in your cell. Lend your card to someone. Sign a blank reciept Write your card number/PIN on any paper/phone. Give out immediately your account number on phone Don't's What are the Different Types of Online Fraud? Identity Theft where the cybercriminals steal the personal sensitive data and payment details and use it for online fraudulent payments. Friendly Fraud is not friendly in the real world. It is a trick used by the real cardholder to deceive the seller by the false claims of not receiving the purchased goods or damaged product report and asks for a refund. Triangulation Fraud, also known as phishing, is the type of fraud where the seller creates fake and malicious sites to entice customers with fake products and to collect their credit card details to make further fraudulent transactions in the future. Techniques used for Credit Card Frauds Traditional Technique Modern Techniques Traditional Techniques Paper-based Fraud -- Paper-based fraud is whereby a criminal makes use of stolen or faux files such as utility payments and financial institution statements that can construct up beneficial Personally Identifiable Information (PII) to open an account in anybody else's name. Application Fraud -- ID Theft: Where a person pretends to be anybody else. Financial Fraud: Where a person offers false data about his or her monetary reputation to gather credit. Modern Techniques Skimming to Commit Fraud Credit card skimming is a type of credit card fraud in which credit card information is stolen using a small electronic device known as a \'skimmer.\' A card is swiped through the 'skimmer,\' which captures and stores data from the magnetic strip on the credit card. This information can then be duplicated onto a blank credit card magnetic strip. Phishing Phishing is a credit card fraud in which the cardholder receives an email from a supposedly reputable financial organisation or bank familiar to them. On clicking a link in the email, the cardholder will be taken to a bogus website, where they will be asked for personal information. Most people fall for this scam because the URL they receive in the mail appears legitimate. Banks do not send emails requesting private information online. Modern Techniques (Cont.) Keystroke capturing Keystroke capturing is a credit card fraud in which people are tricked into downloading malicious software. Identity thieves or hackers can record the cardholder\'s keystrokes as they type in their credit card information. They use these details to make online purchases with the stolen credit card information. Sim swap In the event of a sim swap fraud, the cybercriminal would call a mobile operator pretending to be a cardholder. The scammer will then request a duplicate SIM card, with the cell operator deactivating the original cardholders\' genuine number. The scammer would use the SIM to create an OTP and execute transactions online. Attacks on Mobile Cell Phone Mobile Phone Theft Mobile Viruses Mishing Vishing Smishing Hacking Bluetooth Mobile Phone Theft Mobile phones are becoming expensive hence increasingly liable to theft. Criminals are interested in accessing wireless service and seek potential possibility to steal the ID Keep the following details of your phone Phone number Make and Model Color and appearance PIN and security lock code IMEI (International Mobile Equipment Identity ) number Mishing Mishing is a combination of mobile phone and phishing. Mishing attacks are attempted using mobile phone technology. If you use your mobile phone for purchasing goods/services and for banking, you could be more vulnerable to a Mishing scam. A typical Mishing attacker uses call termed as Vishing or message known as Smishing. Attackers pretend to be an employee from your bank and claim a need for personal details. Vishing Vishing is the criminal practice of using social engineering over the telephone. The term is combination of V- Voice and Phishing. The most profitable uses of the information gained through Vishing include: ID theft On line shopping Transferring Money Monitoring bank account details Example Vishing 1\. Thank you for calling (Local Bank name). Your business is important to us. To help you reach the correct representative and answer your query fully, please press the appropriate number on your handset after listening to options: Press1 if you need to check your banking details and current balance. Press2 if you wish to transfer funds Press3 to unlock your online profile Press0 for any other query Cont. 2\. Regardless of what user enters the automated system prompts him to authenticate himself: "The security of each customer is important to us, to proceed further we require that you authenticate your ID before proceeding. Please type your bank account number, followed by hash key". Cont. 3\. The victim enters his/her bank account details and hears the next prompt: "Thank you. Now please type your D.O.B". 4\. The caller enters his/her date of birth and again receives a prompt from the automated system: "Thank you, now please enter your PIN followed by hash.\" 5\. Now customer hears last prompt from system, "Thank you." Now we will transfer you to appropriate representative. How to Protect from Vishing attack Be suspicious about all unknown callers. Do not trust caller ID, it does not guarantee whether the call is really coming from that number, that is from the individual and/or company. Be aware and ask questions, in case someone is asking you for personal or financial information, tell them you will call back immediately to verify if the company is legitimate or not. Cont. Report vishing calls to the nearest cyber police cell with the number and name that appeared on the caller ID as well as the time of day and the information talked about or heard in a recorded message. Smishing Smishing is the criminal offense conducted by using social engineering techniques similar to phishing. The name is derived from SMS Phishing Physical security Cables and hardwired locks Laptop Safes Motion sensor and alarms Warning labels and alarms Physical Security Laptop Safes: Safes made of polycarbonate- the same material that is used in bulletproof windows, can be used to carry and safeguard the laptop. Motion sensor and alarms: They can be used to track missing laptops in crowded area, also owing to their loud nature they help in deterring thieves. The owner of the laptop device has a key ring device with a battery that keep the powered on even when the system is shutdown. Physical Security Warning labels and stamps: Warning labels containing tracking information and identification details can fixed onto the laptop to deter aspiring thieves. These labels have an identification number that is stored in a universal database for verification, which in turn makes the resale of stolen laptops a difficult process. Such labels are highly recommended for the laptops issued to top executives. Security issues due to Removable Media With the advancement in technology devices continue to decrease and emerge in new shape and sizes, hence unable to detect and have become a prime challenge for organizational security. Their small size allows for easy concealment anywhere in a bag or on the body. Security issues due to Removable Media Organization has to have a policy in place to block the USB ports while issuing the asset to the employee. Using Device lock software one can have control over unauthorized access to plug and play devices. Thanks Tools and Methods Used in Cybercrime Objectives Overview of steps involved in planning cybercrime. Understand about Proxy Server and anonymizers Understand different types of attack Learn about Password Cracking What is purpose of a keylogger and spyware Overview of Virus and Worms Trojan Horse and backdoors What is steganography DoS and DDoS attack SQL Injection Understand buffer overflow Overview of wireless network hacking Trace Vulnerabilities Criminals use many tools to locate the vulnerabilities of their target. The target can be an individual or an organization. Criminals plan active or passive plan. In addition to active or passive categories attacks can be categorized as either inside or outside. Inside Attacker An attack originating and/or attempted within the security perimeter of an organization is an inside attack; it is usually attempted by an "insider" who gains access to more resources than expected. Outside Attack An outside attack is attempted by a source outside the security perimeter, maybe attempted by an insider and/or outsider, who is indirectly associated with the organization. It is attempted through the internet or a remote access connection. Following phases are involved in planning cybecrime: Reconnaissance (Investigation) Scanning and Scrutinizing (Examining) the gathered information for the validity of the information as well as to identify the existing vulnerabilities. Launching an attack. Proxy Server Proxy Server is a computer on a network which acts as an intermediary for connections other computers on that network. Proxy Server Proxy server A computer system (or an application program) that intercepts internal user requests and then processes that request on behalf of the user Goal is to hide the IP address of client systems inside the secure network Proxy Server Purpose of a Proxy Server Keep the system behind the curtain Speed up access to a resource IP address multiplexer Annonymizers An Anonymizer or anonymous proxy is a tool that attempts to make activity on the Internet untraceable. The first anonymizer software tool was created in 1997 by Lance Cottrell, developed by Anonymizer.com. The anonymizer hides/removes all the identifying information from a user computer while the user surfs on the internet. Phishing It is believed that "Phishing" is an alternative spelling of "Fishing" as in "to fish for information" Phishing Web sites are well known for suddenly appearing and then disappearing to reduce the risk of being traced. Phishing One of the most common forms of social engineering is phishing, or sending an e-mail or displaying a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information. The user is asked to respond to an e-mail or is directed to a Web site where he is to update personal information. However, the Web site is actually a fake and is set up to steal the user's information. Fake Web Page Steganography The word Steganography comes from two Greek words: steganos meaning "covered" and graphein meaning "to write" that means "concealed writing". The term "cover" or "cover medium" is used to describe the original, innocent message, data, audio, still, video and so on. Definition Steganogrphy is the art of science of writing hidden messages in such a way that no one apart from the intended recipient knows the existence of the message. In October 2001, the New York Times published an article claiming that al-Qaeda had used steganography technique to prepare and execute the 11 September 2001 Terrorist attack Steganography Null Cipher One common, almost obvious, form of steganography is called a null cipher. In this type of stego, the hidden message is formed by taking the first (or other fixed) letter of each word in the cover message. Consider this cablegram that might have been sent by a journalist/spy from the U.S. to Europe during World War I: PRESIDENT\'S EMBARGO RULING SHOULD HAVE IMMEDIATE NOTICE. GRAVE SITUATION AFFECTING INTERNATIONAL LAW. STATEMENT FORESHADOWS RUIN OF MANY NEUTRALS. YELLOW JOURNALS UNIFYING NATIONAL EXCITEMENT IMMENSELY. The first letters of each word form the character string: PERSHINGSAILSFROMNYJUNEI. A little imagination and some spaces yields the real message: PERSHING SAILS FROM NY JUNE I. Steganalysis Steganalysis is the art and science of detecting messages that are hidden in images, audio/video files using steganography. Password Password The password is like a key to get an entry into computerized system like a lock. Sometimes referred to as a logical token A secret combination of letters and numbers that only the user knows A password should never be written down Must also be of a sufficient length and complexity so that an attacker cannot easily guess it (password paradox) Weak Password Blank (None) The words like "password", "passcode" or "admin". Series of letter from QWERTY keyboard, for example qwerty, asdf or qwertyuiop. User's name or login name. Name of user's friend, relative or pet User's birth place or date of birth User's vehicle number, residence number or mobile number. Name of celebrity who is consdidered to be an idol by the user. Strong Password A strong password is long enough, random or otherwise difficult to guess- producible by the user who chooses it. For example jnm\@357\$ 4pRte!ai\@3...cont Attacks on passwords Brute force attack Simply trying to guess a password through combining a random combination of characters Passwords typically are stored in an encrypted form called a "hash" Attackers try to steal the file of hashed passwords and then break the hashed passwords offline DoS and DDoS Attack Denial of service (DoS) attack Attempts to consume network resources so that the network or its devices cannot respond to legitimate requests. Distributed denial of service (DDoS) attack A variant of the DoS May use hundreds or thousands of zombie computers in a botnet to flood a device with requests DoS and DDoS Attack Legitimate Clients Attacker an attack from one source DDoS -- an attack from multiple sources A Cyber attack on a specific server or network An intended purpose of disrupting normal operation Flooding the target with a constant flood of traffic Web Server Example Wireless DoS attack How to protect from DoS Implement router filter Disable any unused or inessential network service Observe your system performance Routinely examine the physical security Establish and maintain regular backups Establish and maintain appropriate password policies. Buffer Overflow Buffer overflow Occurs when a process attempts to store data in random access memory (RAM) beyond the boundaries of a fixed-length storage buffer Extra data overflows into the adjacent memory locations and under certain conditions may cause the computer to stop functioning Attackers also use a buffer overflow in order to compromise a computer SQL Injection SQL Injection Structured Query Language is a database computer language designed for managing data in RDBMS. SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. Attacker uses SQL injection to fetch the database used by organization to store confidential data of employees, such as credit card number, social security number or password etc. How it works Whenever a user logs in with username and password, a SQL query is sent to the database to check if a user has valid name and password. With SQL injection, it is possible for an attacker to send crafted username and or password field that will change the SQL query. Step for SQL injection attack The attacker looks for the web pages that allow submitting data, that is, login page, search page, feedback etc. The attacker also look for the webpages that display HTML command such as POST or GET by checking source code. Attacker looks for a FORM tag in a source code. Step for SQL injection attack Attacker looks for a single quote under the text box provided on the webpage to accept the user name and password. The attacker use SQL commands such as SELECT command to retrieve data from the database or INSERT statement to add information to the database. How to Prevent SQL Injection Attack Input Validation: Numeric values should be checked while accepting a query string value. Function IsNumeric() may be used for this purpose. Keep all text boxes and form fields as short as possible to limit the length of user input....cont. Modify error reports: SQL errors report should not displayed to outside user, this error sometime display full query pointing to the syntax error involved and the attacker can use it for further attacks...cont. Other Prevention: The default system account should never be used. Isolate database server and web server, both should be on different machines. Key logger Keylogger A small hardware device or a program that monitors each keystroke a user types on the computer's keyboard As the user types, the keystrokes are collected and saved as text As a hardware device, a keylogger is a small device inserted between the keyboard connector and computer keyboard port Hardware Key logger/grabber Virtual Keyboard (QWERTY) Key logger Software keyloggers Programs that silently capture all keystrokes, including passwords and sensitive information Hide themselves so that they cannot be easily detected even if a user is searching for them Spyware Spyware is a type of malware that secretly monitor the users and collects information about users without their knowledge. The presence of spyware is typically hidden from user. Attacks on Wireless Networks Wireless technology have become increasingly popular in day to day business and personal lives. Handheld devices such as Mobile Phones allows individuals to access data anywhere anytime. Different Types of Mobile Workers Tethered/Remote Workers: Employee who generally remains at a single point of work. Roaming User: Employees who work in multiple areas. Traditional techniques of attacks on wireless network Sniffing: Sniffing is the simple process of intercepting wireless data that is being broadcasted on an unsecured network. It gathers about the active/available Wi-Fi networks. The attacker usually installs the sniffers on the wireless network and conduct activities such as: Detection of SSID Collecting the MAC address Collecting frame to crack WEP...cont. Spoofing: The attacker often launches an attack on wireless network by simply creating a new network with stronger wireless signal and a copied SSID in the spoofed network instead of the real one. The attacker can conduct this activity easily because while setting up a wireless network the computers no longer need to be informed to access the network....cont. Man in Middle: It refers to the scenario wherein an attacker on host A inserts a computer between X an Y, without there knowledge. The objective behind this attack is to merely observe the communication or modify it before sending it out. DoS: How to Secure Wireless Network Change the default settings of all the equipments/ components of wireless networks. Enable WPA/WEP encryption. Change the default SSID Enable Mac address filtering Disable remote login Disable SSID broadcast Disable the features that are not used in the AP Connect only to secured wireless network Upgrade router's firmware periodically. Computer Forensics What is Computer Forensics?? Computer forensics involves the preservation, identification, extraction, documentation, and interpretation of computer media for evidentiary and/or root cause analysis. Evidence might be required for a wide range of computer crimes and misuses Multiple methods of Discovering data on computer system Recovering deleted, encrypted, or damaged file information Monitoring live activity Detecting violations of corporate policy Information collected assists in arrests, prosecution, termination of employment, and preventing future illegal activity Who use Computer Forensics? Criminal Prosecutors Rely on evidence obtained from a computer to prosecute suspects and use as evidence Civil Litigations Personal and business data discovered on a computer can be used in fraud, divorce, harassment, or discrimination cases Insurance Companies Evidence discovered on computer can be\ used to mollify costs (fraud, worker's\ compensation, arson, etc) Private Corporations Obtained evidence from employee computers can\ be used as evidence in harassment, fraud, and embezzlement cases Thanks Cybersecurity: Tips for using social networking sites safely & IPR Tips for safer social Networking Use a strong, unique password (don't use the same password on multiple sites; don't use same ID password on social networking sites) Provide as little personal information as possible -- avoid revealing birth date, address, etc. Tips for safer social Networking 3.Understand and customize the privacy settings in all of your social networking accounts 4\. Don't allow 3rd party applications to access your information (if possible) 5\. Be careful about what you post Photos of self or others Opinions on controversial topics Don't rip classmates, professors, coworkers,\ employers, etc. -- it WILL come back to haunt you Tips for safer social Networking 6\. Don't post anything related to your\ employer (unless you're authorized) 7\. Supervise your kids' use of social\ networking sites. 8\. Be suspicious of friend/follow requests, ads, 3rd party applications, chat messages, etc. 9\. Minimize exploration -- don't carelessly click on lots of ads, videos, games, etc. Tips for safer social Networking 10\. Use built-in and add-on features in web browsers to warn you of malicious sites Anti-phishing filters in IE and Firefox Web of Trust Adblock Plus 11\. Think before you click IPR Why Should I Protect My IP? Can I Benefit from It? Intellectual property (IP) refers to creations of the mind, such as inventions; literary and artistic works; designs; and symbols, names and images used in commerce. Importance of protecting Intellectual Property protection to an invention for the exclusive use of it by its inventor leverage business legal recognition to the invention enables its enforcement in the court of law incentive for further development public use huge source of information source for further developmental work by third party encourage fair trading contribute to social and economic development Classification of IPR Intellectual Property Rights are generally classified as follows: Invention: Patents Letters, numbers, words, colors, phrase, sound, smell, logo, shape, picture, or combination of these: Trademark Art, literature, music, broadcast and computer programs: Copyright 2D/3D product design: Design Registration New plant varieties: Plant Breeder's right Confidential information: Trade secret Copyright vs. Patent vs. Trademark

Introduction to Cyber Security and Cybercrime PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue