Introduction to Cyber Security PDF

Introduction to Cyber Security (FCS) Uttarakhand Open University, Haldwani- 263139 Toll Free Number: 18001804025 Email: [email protected] http://uou.ac.in Title Introduction to Cyber Security Author Dr. Jeetendra Pande, Assistant Professor- School of CS & IT, Uttarakhand Open University, Haldwani ISBN: 978-93-84813-96-3 Uttarakhand Open University, 2017 © Uttarakhand Open University, 2017. This work by Uttarakhand Open University is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. It is attributed to the sources marked in the References, Article Sources and Contributors section. Published By: Uttarakhand Open University 3 Index 1.1 INTRODUCTION.......................................................................................................................................... 8 1.1.1 HISTORY OF INTERNET..................................................................................................................................... 8 1.1.1.1 Internet Addresses........................................................................................................................... 10 1.1.1.2 DNS.................................................................................................................................................. 12 1.1.1.3 Internet Infrastructure..................................................................................................................... 13 1.1.1.4 World Wide Web............................................................................................................................. 14 1.2 INTRODUCTION TO CYBER CRIME............................................................................................................. 15 1.2.1 CLASSIFICATION OF CYBER CRIMES................................................................................................................... 16 1.2.2 REASONS FOR COMMISSION OF CYBER CRIMES.................................................................................................. 18 1.3 MALWARE AND ITS TYPE.......................................................................................................................... 19 1.3.1 ADWARE..................................................................................................................................................... 19 1.3.2 SPYWARE.................................................................................................................................................... 19 1.3.3 BROWSER HIJACKING SOFTWARE...................................................................................................................... 19 1.3.4 VIRUS......................................................................................................................................................... 19 1.3.5 WORMS..................................................................................................................................................... 20 1.3.6 TROJAN HORSE............................................................................................................................................ 20 1.3.7 SCAREWARE................................................................................................................................................ 21 1.4 KINDS OF CYBER CRIME............................................................................................................................ 21 1.4.1 CYBER STALKING.......................................................................................................................................... 21 1.4.2 CHILD PORNOGRAPHY................................................................................................................................... 22 1.4.3 FORGERY AND COUNTERFEITING...................................................................................................................... 22 1.4.4 SOFTWARE PIRACY AND CRIME RELATED TO IPRS............................................................................................... 22 1.4.5 CYBER TERRORISM........................................................................................................................................ 22 1.4.6 PHISHING.................................................................................................................................................... 22 1.4.7 COMPUTER VANDALISM................................................................................................................................ 22 1.4.8 COMPUTER HACKING.................................................................................................................................... 22 1.4.9 CREATING AND DISTRIBUTING VIRUSES OVER INTERNET......................................................................................... 23 1.4.10 SPAMMING............................................................................................................................................... 23 1.4.11 CROSS SITE SCRIPTING................................................................................................................................. 23 1.4.12 ONLINE AUCTION FRAUD............................................................................................................................. 24 1.4.13 CYBER SQUATTING...................................................................................................................................... 24 1.4.14 LOGIC BOMBS............................................................................................................................................ 24 1.4.15 WEB JACKING............................................................................................................................................ 24 1.4.16 INTERNET TIME THEFTS............................................................................................................................... 24 4 1.4.17 DENIAL OF SERVICE ATTACK.......................................................................................................................... 24 1.4.18 SALAMI ATTACK......................................................................................................................................... 24 1.4.19 DATA DIDDLING......................................................................................................................................... 25 1.4.20 EMAIL SPOOFING........................................................................................................................................ 25 2.1 AUTHENTICATION.................................................................................................................................... 26 2.2 ENCRYPTION............................................................................................................................................. 27 2.3 DIGITAL SIGNATURES............................................................................................................................... 28 2.4 ANTIVIRUS................................................................................................................................................ 29 2.5 FIREWALL................................................................................................................................................. 30 2.6 STEGANOGRAPHY.................................................................................................................................... 31 3.1 COMPUTER FORENSICS............................................................................................................................ 33 3.2 WHY SHOULD WE REPORT CYBER CRIME?................................................................................................ 36 4.1 INTRODUCTION........................................................................................................................................ 40 4.2 SOME RECENT CYBER CRIME INCIDENTS.................................................................................................. 40 5.1 INTRODUCTION........................................................................................................................................ 47 5.2 COUNTER CYBER SECURITY INTIATIVES IN INDIA...................................................................................... 47 6.1 GENERATING SECURE PASSWORD............................................................................................................ 52 6.1.1 GUIDELINE FOR SETTING SECURE PASSWORD...................................................................................................... 52 6.2 USING PASSWORD MANAGER.................................................................................................................. 55 6.2.1 WHAT IS A PASSWORD MANAGER?.................................................................................................................. 56 6.2.2 WHY YOU SHOULD USE IT?............................................................................................................................. 56 6.2.3 HOW DOES IT WORK?.................................................................................................................................... 56 6.2.4 SOME POPULAR PASSWORD MANAGERS............................................................................................................ 56 6.3 ENABLING TWO-STEP VERIFICATION........................................................................................................ 62 6.4 SECURING COMPUTER USING FREE ANTIVIRUS........................................................................................ 72 7.1 CONFIGURING FIREWALL ON MAC COMPUTER........................................................................................ 75 7.1.1 TURNING ON AND CONFIGURING THE MAC OS X FIREWALL.................................................................................. 75 7.2 WORKING WITH WINDOWS FIREWALL IN WINDOWS.............................................................................. 78 7.2.1 FIREWALL IN WINDOWS 7.............................................................................................................................. 78 7.2.2 CONFIGURING WINDOWS FIREWALL................................................................................................................ 79 7.2.3 HOW TO START & USE THE WINDOWS FIREWALL WITH ADVANCED SECURITY.......................................................... 83 5 7.2.3.1 How to Access the Windows Firewall with Advanced Security........................................................ 83 7.2.3.2 What Are The Inbound & Outbound Rules?..................................................................................... 84 7.2.3.3 What Are The Connection Security Rules?....................................................................................... 86 7.2.3.4 What Does the Windows Firewall with Advanced Security Monitor?............................................. 87 8.1 FINDING THE BEST BROWSER ACCORDING TO THE USERS REQUIREMENT............................................... 89 9.1 SAFE BROWSING...................................................................................................................................... 94 9.1.1 HOW DO I KNOW IF A WEBSITE IS SECURE?........................................................................................................ 94 9.2 TIPS FOR BUYING ONLINE......................................................................................................................... 95 9.3 CLEARING CACHE FOR BROWSERS............................................................................................................ 96 9.3.1 CLEARING CACHE FOR CHROME BROWSERS ABOVE VERSION 10............................................................................. 96 9.3.2 CLEARING CACHE FOR CHROME BROWSERS FROM VERSION 1 TO 9......................................................................... 99 9.3.3 CLEARING CACHE FOR SAFARI FOR IOS, IPHONE AND IPAD.................................................................................. 102 9.3.4 CLEARING CACHE FOR SAFARI FOR MAC OS X................................................................................................... 103 9.3.5 CLEARING CACHE FOR SAFARI FOR WINDOWS................................................................................................... 104 9.3.6 CLEARING CACHE FOR INTERNET EXPLORER 9, 10 AND 11.................................................................................. 106 9.3.7 CLEARING CACHE FOR INTERNET EXPLORER 8.................................................................................................... 108 9.3.8 CLEARING CACHE FOR FIREFOX...................................................................................................................... 111 9.3.9 CLEARING CACHE FOR FIREFOX 33................................................................................................................. 112 9.3.10 CLEARING CACHE FOR OPERA...................................................................................................................... 114 9.3.11 CLEARING CACHE FOR CCLEANER................................................................................................................. 115 10.1 WHAT IS WIRELESS LAN?...................................................................................................................... 117 10.2 MAJOR ISSUES WITH WLAN.................................................................................................................. 118 10.2.1 SECURE WLAN........................................................................................................................................ 118 10.2.2 WI-FI AT HOME........................................................................................................................................ 118 11.1 SAFE BROWSING GUIDELINES FOR SOCIAL NETWORKING SITES........................................................... 123 11.1.1GENERAL TIPS ON USING SOCIAL NETWORKING PLATFORMS SAFELY.................................................................... 124 11.1.2 POSTING PERSONAL DETAILS...................................................................................................................... 125 11.1.3 FRIENDS, FOLLOWERS AND CONTACTS.......................................................................................................... 125 11.1.4 STATUS UPDATES..................................................................................................................................... 126 11.1.5 SHARING ONLINE CONTENT........................................................................................................................ 126 11.1.6 REVEALING YOUR LOCATION....................................................................................................................... 126 11.1.7 SHARING VIDEOS AND PHOTOS................................................................................................................... 127 11.1.8 INSTANT CHATS........................................................................................................................................ 127 11.1.9 JOINING AND CREATING GROUPS, EVENTS AND COMMUNITIES......................................................................... 127 6 11.2 EMAIL SECURITY TIPS........................................................................................................................... 128 12.1 INTRODUCTION.................................................................................................................................... 130 12.2 SMARTPHONE SECURITY GUIDELINES................................................................................................... 131 12.2.1 PURSES, WALLETS, SMARTPHONES.............................................................................................................. 131 12.2.2 PLATFORMS, SETUP AND INSTALLATION........................................................................................................ 132 12.2.2.1 Platforms and Operating Systems............................................................................................... 132 12.2.2.2 Feature Phones............................................................................................................................ 132 12.2.2.3 Branded and locked smartphones............................................................................................... 133 12.2.2.4 General Setup.............................................................................................................................. 133 12.2.2.5 Installing and updating applications........................................................................................... 133 12.2.3 COMMUNICATING SECURELY(THROUGH VOICE AND MESSAGES) WITH A SMARTPHONE......................................... 134 12.2.3.1 Secure Voice Communication...................................................................................................... 134 12.2.3.2 Sending Messages Securely......................................................................................................... 137 12.2.3.3 Storing Information on your Smartphone.................................................................................... 138 12.2.3.4 Sending Email from your Smartphone......................................................................................... 139 12.2.3.5 Capturing Media with your Smartphone..................................................................................... 139 12.2.3.6 Accessing the Internet Securely from your Smartphone.............................................................. 140 12.2.3.7Advanced Smart Phone Security................................................................................................... 141 REFERENCES....................................................................................................................................................... 144 7 INTRODUCTION TO CYBER SPACE 1.1 INTRODUCTION Internet is among the most important inventions of the 21st century which have affected our life. Today internet have crosses every barrier and have changed the way we use to talk, play games, work, shop, make friends, listen music, see movies, order food, pay bill, greet your friend on his birthday/ anniversary, etc. You name it, and we have an app in place for that. It has facilitated our life by making it comfortable. Gone are the days when we have to stand in a long queue for paying our telephone and electricity bills. Now we can pay it at a click of a button from our home or office. The technology have reached to an extent that we don‟t even require a computer for using internet. Now we have internet enabled smartphone, palmtops, etc. through which we can remain connected to our friends, family and office 24x7. Not only internet has simplified our life but also it has brought many things within the reach of the middle class by making them cost effective. It was not long back, while making an ISD or even a STD call, the eyes were stricken on the pulse meter. The calls were very costly. ISD and STD were used to pass on urgent messages only and the rest of the routine communication was done using letters since it was a relatively very cheap. Now internet have made it possible to not only talk but use video conference using popular applications like skype, gtalk etc. at a very low price to a level where a one hour video chat using internet is cheaper that the cost of sending a one page document from Delhi to Bangalore using speed- post or courier service. Not only this, internet has changed the use of the typical devices that were used by us. Television can be used not only for watching popular tv shows and movies but can be used for calling/ video chatting with friend using internet. Mobile phone is not only used for making a call but viewing a latest movie. We can remain connected to everyone, no matter what our location is. Working parents from office can keep eye on their children at home and help them in their homework. A businessman can keep eye on his staff, office, shop, etc with a click of a button. It has facilitated our life in more than one way. Have you ever wondered from where this internet came? Let us discuss the brief history of internet and learn how this internet was invented and how it evolved to an extent that now we cannot think of our lives without it. 1.1.1 History of Internet I don‟t know what the cold war between USA and Russia gave to the world, but defiantly the internet is one of those very useful inventions whose foundation was laid during cold war 8 days. Russia Launched the world‟s first satellite, SPUTNIK into the space on 4th October, 1957. This was clearly the victory of Russia over the cyber space and as a counter step, Advanced Research Projects Agency, the research arm of Department of Defence, United States, declared the launch of ARPANET(Advanced Research Projects Agency NETwork) in early 1960‟s. This was an experimental network and was designed to keep the computers connected to the this network to communicate with each other even if any of the node, due to the bomb attack, fails to respond. The first message was sent over the ARPANET, a packing switching network, by Leonard Kleinrock's laboratory at University of California, Los Angeles (UCLA). You will be surprised to know that the fist message that was sent over internet was “LO”. Actually they intended to send work “LOGIN” and only the first two letters reached its destination at second network node at Stanford Research Institute (SRI) and before the last three letters could reach the destination the network was down due to glitch. Soon the error was fixed and the message was resent and it The major task that ARPANET have to play is to develop rules for communication i.e. protocols for communicating over ARPANET. The ARPANET in particular led to the development of protocols for internetworking, in which multiple separate networks could be joined into a network of networks. It resulted in the development if TCP/IP protocol suite, which specifies the rules for joining and communicating over APRANET. Soon after, in 1986 NSF(national Science Foundation) backbone was created to and five US universities‟ computing centres were connected to form NSFnet. The participating Universities were:  Princeton University -- John von Neumann National Supercomputer Center, JvNC  Cornell University -- Cornell Theory Center, CTC  University of Illinois at Urbana-Champaign -- National Center for Supercomputing Applications, NCSA  Carnegie Mellon University -- Pittsburgh Supercomputer Center, PSC  General Atomics -- San Diego Supercomputer Center, SDSC NFSnet, the successor of ARPAnet, become popular by 1990 and ARPANET was decommissioned. There were many parallel networks developed by other Universities and other countries like United Kingdom. In 1965, National Physical Laboratory(NPL) proposed a packing switching network. Michigan Educational Research Information Triad formed MERIT network in 1966 which was funded and supported by State of Michigan and the 9 National Science Foundation (NSF). France also developed a packet swiching network, know as CYCLADES in 1973. Now there were many parallel systems working on different protocols and the scientist were looking for some common standard so that the networks could be interconnected. In 1978, TCP/IP protocol suits were ready and by 1983, the TCP/IP protocol were apopted by ARPANET. In 1981, the integration of two large network took place. NFS developed Computer Science Network(CSNET) and was connected to ARPANET using TCP/IP protocol suite. Now the network was not only popular among the research community but the private played also took interest in the network. Initially NFS supported speed of 56 kbit/s. It was upgraded to 1.5 Mbit/s in 1988 to facilitate the growth of network by involving merit network, IBM, MCA and the state of Michigan. After the copertates took realized the strength and merit of this network, they particepitaqted in the develoement of the network to ripe its benefits. By late 1980s many Internet Service Providers(ISPs) emerged to provide the backbone for carrying the network traffic. By 1991, NFSNET was expended and was upgraded to 45Mbit/s. Many commercial ISPs provided backbone serive and was popular among the corporate. To facilitate the commercial use of the network, NFSNET was decommissioned in 1995 and now the Internet could carry commercial traffic. Now more and more Universities and research centres throughout the world connected to it. Now this network was very popular amongs the research community and in 1991 National Research and Education Network (NREN) was founded and the World Wide Web was released. Initially the role of internet was only limited to file transfer. The credit of internet what we see it today goes to Tim Berners-Lee who introduced www.With the advent of www, there was a transformation on how the network was used. Now this web of information can be used to retrieve any information available over the internet. Software called, browser was developed to browse the internet. It was developed by researchers at University of Illinois in 1992 and named as Mosaic. This browser enables to browse the internet the way we browse it today. 1.1.1.1 Internet Addresses With so many devices connected to the internet, we require some mechanism to uniquely identify every device that is connected to the internet. Also we require some centralized 10 system which takes care of this mechanism so that the signs which are used to identify each device are not duplicate; else the whole purpose is defeated. To take care of this, we have a centralized authority known as Internet Assigned Numbers Authority (IANA), which is responsible for assigning a unique number known as IP(Internet Protocol) address. An IP address is a 32-bit binary number which is divided into four octets and each octet consists of 8 binary digits and these octet are separated by a dot(.). An example of an IP address is 11110110.01011010.10011100.1111100 Each 8-bits in an octet can have two binary values i.e. 0 and 1. Therefore, each octet can have minimum value 0. i.e. 00000000 to maximum value 256 i.e. 11111111 and in total have 28= 256 different combinations. Again to remember this 32-bit address in binary is bit difficult, so for the better understanding of the human being, it is expressed in a decimal format. But this decimal format is for human understanding only and the computer understands it in binary format only. In decimal, the above IP address is expressed as 123.45.78.125 These octets are used to create and separate different classes. An IP address consists of two parts viz. Network and Host. Network part identifies the network different network and the host part identifies a device of a particular network. This address uniquely identifies a devices connected to the internet similar to the postal system where we identify any house by fist identifying the county, then state, district, post office, cluster/block and finally the house number. These IP addresses are classified into five categories based on the availability of IP range. These categories/classes are: Table 1: IP Address Classes Class Address range Supports Class A 1.0.0.1 to 126.255.255.254 Supports 16 million hosts on each of 127 networks. Class B 128.1.0.1 to 191.255.255.254 Supports 65,000 hosts on each of 16,000 networks. Class C 192.0.1.1 to 223.255.254.254 Supports 254 hosts on each of 2 million networks Class D 224.0.0.0 to 239.255.255.255 Reserved for multicast groups Class E 240.0.0.0 to 254.255.255.254 Reserved for future use, or Research and Development Purposes. IANA decentralises that task of assigning the IP addresses by allocating the large chunk of IP addresses to five Regional Internet Registries (RIRs), which are further responsible to 11 allocate the IP addresses in their zone. These RIRs along with their area of operations are listed below:  APNIC- This RIR is responsible for serving the Asia Pacific region  AfriNIC- This RIR is responsible for serving the African region  ARIN- This RIR is responsible for serving North America and several Caribbean and North Atlantic islands  LACNIC- This RIR is responsible for serving Latin America and the Caribbean, and  RIPE NCC- This RIR is responsible for serving Europe, the Middle East, and parts of Central Asia For liaison and coordinating between these five RIRs, there is an organization called Number Resource Organization(NRO). These organizations are 1.1.1.2 DNS Whenever we browse any website in the internet, we type name something like www.uou.ac.in and we rarely deal with IP address like 104.28.2.92 but the fact is even if we type http:\\ 104.28.2.92 in the URL, it will land us to the same webpage. The fact is we are very comfortable using and remembering the names instead of a number. Moreover, these IP address changes over time and some of the sites have multiple IP address. Also, the transfer of the data over internet is only possible using IP addresses because the routing of the packet of data sent over internet is done using IP address. There is a server called Domain Name System(DNS) which take cares of this translation job to simplify and to save us from remembering these changing IP address numbers, the DNS. Whenever you type an address like http:\\www.uou.ac.in, there is a process called DNS name resolution, takes place in the background. The computer keeps the track of recently visited sites and locally maintains a database in DNS cache. In case, the IP address of the site you have requested for is not found in the DNS cache of your local computer, then the next probable place to find it is DNS server of your Internet Service Provider(ISP). These DNS servers of ISP also maintain the cache of the recently visited pages. Just in case, the information is not found here also, the DNS server of the ISP forward the query to the root nameservers. The root name servers publish the root zone file to other DNS servers and clients on the Internet. The root zone file describes where the authoritative servers for the DNS top-level domains (TLD) are located. There are currently 13 rootname servers. They are:  A - VeriSign Global Registry Services 12  B - University of Southern California - Information Sciences Institute  C - Cogent Communications  D - University of Maryland  E - NASA Ames Research Center  F - Internet Systems Consortium, Inc.  G - U.S. DOD Network Information Center  H - U.S. Army Research Lab  I - Autonomica/NORDUnet  J - VeriSign Global Registry Services  K - RIPE NCC  L - ICANN  M - WIDE Project These root nameservers directs the query to the appropriate Top-Level Domain(TLD) nameservers by reading the last part of the URL first. In our example the url was http:\\www.uou.ac.in. The last part is.in. Some of the examples of TLD name servers are.com,.biz,.org,.us,.in, etc. These TLD nameservers acts as a switchboard and direct the query to the appropriate authoritative nameserver maintained by each domain. These authoritative nameserver maintains DNS records along with other useful information. This address record is returned back to the requesting host computer via TLD nameservers, nameservers, ISP‟s DNS server. These intermediaty server keeps the recond of this IP address in their DNS cache, so that if the same request is encountered again , they don‟t have to go through this process again. If the same URL is requested again, the DNS cache of the local host computer will return the IP address of the URL. 1.1.1.3 Internet Infrastructure Internet, as the name suggests, in a network of network i.e. it is a collection of several small, medium and large networks. This clearly indicates to one fact, nobody is a single owner of the internet and it is one of the proven example of collaborative success. Now you must be surprised how such a large network which is spread across the continents can run without the any problem. Yes it is correct that to monitor such a large network, we require an international body which can frame the rules, regulation and protocols to join and use this network. Therefore, an international organization, known as “The Internet Society” was formed in 1992 to take care of such issues. 13 Let us now discuss, how this internet works? How the email you sent to your friend is received by your friend‟s computer located at another country/continent. When you are working in your laptop/desktop in your home without connecting to the internet, your computer is a standalone system. But, whenever you connect to the internet by dialling to your Internet Service Provider(ISP) using your modem, you become the part of the network. The ISP is the link between the internet backbone, through which the entire data route, and the user. The ISP connects to the internet backbone at Network Access Points(NAP). These NAPs are the provided by the large telecommunication companies at various regions. These large telecommunication companies connect the countries and the continents by building and maintaining the large backbone infrastructure to route data from NAP to NAP. ISPs are connected to this backbone at NAP and are responsible build and manage network locally. So when you dial internet through modem, you first become part of the local ISP, which in turn connects to the internet backbone through NAP. The data is routed through this backbone and sent to the destination NAP, where the ISP of your friend‟s network is located. As soon as your friend dials his modem to connect to the internet, the data is delivered to your friend‟s computer. 1.1.1.4 World Wide Web Sometimes we interchangeably use the term internet and world wide web or simply the web, as it is popularly known as. But web is only one of the several the utilities that internet provides. Some of the popular service that internet provides other then web is e-mail, usenet, messaging service, FTP, etc. The web use HTTP protocol to communicate over internet and to exchange information. The web was developed at CERN (Europeen de Reserches Nucleaires), Switzerland) by a UK scientist Tim Berners-Lee in 1989. It consists of all the public web sites and all the devices that access the web content. WWW is an information sharing model which is developed to exchange information over the internet. There are plenty of public websites, which is a collection of web pages, available over the internet. These web- pages contain plenty of information in a form of text, videos, audio and picture format. These web pages are access using a application software called a web browser. Some of the examples of the popular web browser are: Internet explorer, Chrome, Safari, Firefox, etc. So this was a little indroduction about internet and how it functions. Now let us discuss about cyber crime. 14 1.2 INTRODUCTION TO CYBER CRIME The internet was born around 1960‟s where its access was limited to few scientist, researchers and the defence only. Internet user base have evolved expontinanlty. Initially the computer crime was only confined to making a physical damage to the computer and related infrastructure. Around 1980‟s the trend changed from causing the physical damaging to computers to making a computer malfunction using a malicious code called virus. Till then the effect was not so widespread beacouse internet was only comfined to defence setups, large international companies and research communities. In 1996, when internet was launched for the public, it immeditly became populer among the masses and they slowly became dependent on it to an extent that it have changed their lifestyle. The GUIs were written so well that the user don‟t have to bother how the internet was functioning. They have to simply make few click over the hyber links or type the desired information at the desired place without bothering where this data is stored and how it is sent over the internet or wether the data can accessed by another person who is conneted to the internet or wether the data packet sent over the internet can be snoofed and tempered. The focus of the computer crime shifted from marely damaging the computer or destroying or manipulating data for personal benefit to financial crime. These computer attacks are incresing at a rapid pase. Every second around 25 computer became victim to cyber attack and around 800 million individuals are effected by it till 2013. CERT-India have reported around 308371 Indian websites to be hacked between 2011-2013. It is also estimated that around $160 million are lost per year due to cyber crime. This figure is very conservative as most of the cases are never reported. Accoring to the 2013-14 report of the standing committee on Information Technology to the 15th Lok Sabha by ministry of communication and information technology, India is a third largest number do Intrernet users throughout the world with an estimated 100 million internet users as on June, 2011 and the numbers are growing rapidly. There are around 22 million broadband connections in India till date operated by around 134 major Internet Service Providers(ISPs). Before discussing the matter further, let us know what the cyber crime is? The term cyber crime is used to describe a unlawful activity in which computer or computing devices such as smartphones, tablets, Personal Digital Assistants(PDAs), etc. which are stand alone or a part of a network are used as a tool or/and target of criminal acitivity. It is often 15 commited by the people of destructive and criminal mindset either for revenge, greed or adventure. 1.2.1 Classification of Cyber Crimes The cyber criminal could be internal or external to the organization facing the cyber attack. Based on this fact, the cyber crime could be categorized into two types:  Insider Attack: An attack to the network or the computer system by some person with authorized system access is known as insider attack. It is generally performed by dissatisfied or unhappy inside employees or contractors. The motive of the insider attack could be revenge or greed. It is comparitively easy for an insider to perform a cyber attack as he is well aware of the policies, processes, IT architecture and wealness of the security system. Moreover, the attacker have an access to the network. Therefore it is comparatively easy for a insider attacker to steel sensitive information, crash the network, etc. In most of the cases the reason for insider attack is when a employee is fired or assigned new roles in an organization, and the role is not reflected in the IT policies. This opens a vernability window for the attacker. The insider attack could be prevented by planning and installing an Internal intrusion detection systems (IDS) in the organization.  External Attack: When the attacker is either hired by an insider or an external entity to the organization, it is known as external attack. The organization which is a victim of cyber attack not only faces financial loss but also the loss of reputation. Since the attacker is external to the organization, so these attackers usually scan and gathering information.An expreicend network/security administrator keeps regual eye on the log generated by the firewalls as extertnal attacks can be traced out by carefully analysinig these firewall logs. Also, Intrusion Detection Systems are installed to keep an eye on external attacks. The cyber attacks can also be classified as structure attacks and unstructured attacks based on the level of maturity of the attacker. Some of the authors have classified these attacks as a form of external attacks but there is precedence of the cases when a structured attack was performed by an internal employee. This happens in the case when the competitor company wants the future strategy of an organization on certain points. The attacker may strategically gain access to the company as an employee and access the required information. 16  Unstructured attacks: These attacks are generally performed by amatures who don‟t have any predefined motives to perform the cyber attack. Usually these amatures try to test a tool readily available over the internet on the network of a random company.  Structure Attack: These types of attacks are performed by highly skilled and experienced people and the motives of these attacks are clear in their mind. They have access to sophisticated tools and technologies to gain access to other networks without being noticed by their Intrusion Detection Systems(IDSs). Moreover, these attacker have the necessary expertise to develop or modify the existing tools to satisfy their purpose. These types of attacks are usually performed by professional criminals, by a country on other rival countries, politicians to damage the image of the rival person or the country, terrorists, rival companies, etc. Cyber crimes have turned out to be a low-investment, low-risk business with huge returns. Now-a-days these structured crimes are performed are highly organized. There is a perfect hierarchical organizational setup like formal organizations and some of them have reached a level in technical capabilities at par with those of developed nation. They are targeting large financial organizations, defence and nuclear establishments and they are also into online drugs trading. Criminal Boss They are Trojan Provider and Manager. They are responsible for Under Boss trojen command and control. They are the attackers crimeware toolkit owner. They distribute Trojen Campaign Campaign Campaign in legtimate websites through their Manager Manager Manager affiliation network. Stolen Data Stolen Data Stolen Data Reseller Reseller Reseller Figure 1 : Hierarchical Organisational Structure 17 The role of all the people in the hierarchy reamin changing and it is based on the oppourtinity. If a hacker who have hacked sesetive data from an organization may use it for financially exploiting the organisation himself. In case, the hacker himself have the technical expertise for it, he will do it himself, otherwise he may find a buyer who is intrested in that data and have the technical expertize. There are some cyber criminals offers on-demand and service. The person, organization or a country may contact these cyber criminals for hacking an organization to gain access to some sensetive data , or create massive denial-of –service attack on their compititors. Based on the demand of the customer the hackers write malware, virus, etc to suit their requirements. An organizaiton effected by a cyber attack, not only faces finincial loss, but its repuration is also adversly affected, and the compitititor organization will definatly benefited by it. 1.2.2 Reasons for Commission of Cyber Crimes There are many reasons which act as a catalyst in the growth of cyber crime. Some of the prominent reasons are: a. Money: People are motivated towards committing cyber crime is to make quick and easy money. b. Revenge: Some people try to take revenge with other person/organization/society/ caste or religion by defaming its reputation or bringing economical or physical loss. This comes under the category of cyber terrorism. c. Fun: The amateur do cyber crime for fun. They just want to test the latest tool they have encountered. d. Recognition: It is considered to be pride if someone hack the highly secured networks like defense sites or networks. e. Anonymity- Many time the anonymity that a cyber space provide motivates the person to commit cyber crime as it is much easy to commit a cyber crime over the cyber space and remain anonymous as compared to real world. It is much easier to get away with criminal activity in a cyber world than in the real world. There is a strong sense of anonymity than can draw otherwise respectable citizens to abandon their ethics in pursuit personal gain. f. Cyber Espionage: At times the government itself is involved in cyber trespassing to keep eye on other person/network/country. The reason could be politically, economically socially motivated. 18 1.3 MALWARE AND ITS TYPE Malware stands for “Malicious Software” and it is designed to gain access or installed into the computer without the consent of the user. They perform unwanted tasks in the host computer for the benefit of a third party. There is a full range of malwares which can seriously degrade the performance of the host machine. There is a full range of malwares which are simply written to distract/annoy the user, to the complex ones which captures the sensitive data from the host machine and send it to remote servers. There are various types of malwares present in the Internet. Some of the popular ones are: 1.3.1 Adware It is a special type of malware which is used for forced advertising. They either redirect the page to some advertising page or pop-up an additional page which promotes some product or event. These adware are financially supported by the organizations whose products are advertised. 1.3.2 Spyware It is a special type of which is installed in the target computer with or without the user permission and is designed to steal sensitive information from the target machine. Mostly it gathers the browsing habits of the user and the send it to the remote server without the knowledge of the owner of the computer. Most of the time they are downloaded in to the host computer while downloading freeware i.e. free application programmes from the internet. Spywares may be of various types; It can keeps track of the cookies of the host computer, it can act as a keyloggers to sniff the banking passwords and sensitive information, etc. 1.3.3 Browser hijacking software There is some malicious software which are downloaded along with the free software offered over the internet and installed in the host computer without the knowledge of the user. This software modifies the browsers setting and redirect links to other unintentional sites. 1.3.4 Virus A virus is a malicious code written to damage/harm the host computer by deleting or appending a file, occupy memory space of the computer by replicating the copy of the code, slow down the performance of the computer, format the host machine, etc. It can be spread via email attachment, pen drives, digital images, e-greeting, audio or video clips, etc. A virus may be present in a computer but it cannot activate itself without the human intervention. 19 Until and unless the executable file(.exe) is execute, a virus cannot be activated in the host machine. 1.3.5 Worms They are a class of virus which can replicate themselves. They are different from the virus by the fact that they does not require human intervention to travel over the network and spread from the infected machine to the whole network. Worms can spread either through network, using the loopholes of the Operating System or via email. The replication and spreading of the worm over the network consumes the network resources like space and bandwidth and force the network to choke. 1.3.6 Trojan Horse Trojan horse is a malicious code that is installed in the host machine by pretending to be useful software. The user clicks on the link or download the file which pretends to be a useful file or software from legitimate source. It not only damages the host computer by manipulating the data but also it creates a backdoor in the host computer so that it could be controlled by a remote computer. It can become a part of botnet(robot-network), a network of computers which are infected by malicious code and controlled by central controller. The computers of this network which are infected by malicious code are known as zombies. Trojens neither infect the other computers in the network nor do they replicate. 20 Figure 2: A typical botnet 1.3.7 Scareware Internet has changed how we talk, shop, play etc. It has even changed the way how the criminal target the people for ransom. While surfing the Internet, suddenly a pop-up alert appears in the screen which warns the presence of dangerous virus, spywares, etc. in the user‟s computer. As a remedial measure, the message suggests the used download the full paid version of the software. As the user proceeds to download, a malicious code, known as scareware is downloaded into the host computer. It holds the host computer hostage until the ransom is paid. The malicious code can neither be uninstalled nor can the computer be used till the ransom is paid. A sample message alert of a scareware is shown below in Fig 31 Figure 3: Sample Warning Message of a Scareware1 1.4 KINDS OF CYBER CRIME Various types of cyber crimes are: 1.4.1 Cyber Stalking It is an act of stalking, harassing or threatening someone using Internet/computer as a medium. This is often done to defame a person and use email, social network, instant messenger, web-posting, etc. as a using Internet as a medium as it offers anonymity. The behaviour includes false accusations, threats, sexual exploitation to minors, monitoring, etc. 1 Image courtesy: https://www.flickr.com/photos/alamagordo/2372928527 21 1.4.2 Child Pornography It is an act of possessing image or video of a minor (under 18), engaged in sexual conduct. 1.4.3 Forgery and Counterfeiting It is a use of computer to forgery and counterfeiting is a document. With the advancement in the hardware and the software, it is possible to produce counterfeit which matches the original document to such an extent that it is not possible to judge the authenticity of the document without expert judgement. 1.4.4 Software Piracy and Crime related to IPRs Software piracy is an illegal reproduction and distribution for personal use or business. It comes under crime related to IPR infringement. Some of the other crimes under IPR infringement are: download of songs, downloading movies, etc. 1.4.5 Cyber Terrorism It is defined as the use of computer resources to intimidate or coerce government, the civilian population or any segment thereof in furtherance of political or social objectives. 1.4.6 Phishing It is a process of acquiring personal and sensitive information of an individual via email by disguising as a trustworthy entity in an electronic communication. The purpose of phishing is identity theft and the personal information like username, password, and credit card number etc. may be used to steal money from user account. If a telephone is used as a medium for identity theft, it is known as Vishing (voice phishing). Another form of phishing is Smishing, in which sms is used to lure customers. 1.4.7 Computer Vandalism It is an act of physical destroying computing resources using physical force or malicious code. 1.4.8 Computer Hacking It is a practice of modifying computer hardware and software to accomplish a goal outside the creator‟s original purpose. The purpose of hacking a computer system may vary from simply demonstrations of the technical ability, to sealing, modifying or destroying information for social, economic or political reasons. Now the corporate are hiring hackers, a person who is engaged in hacking computers, to intentionally hack the computer of an organization to find and fix security vulnerabilities. The hackers may be classified as: 22  White Hat: white hat hackers are the persons who hack the system to find the security vulnerabilities of a system and notify to the organizations so that a preventive action can be taken to protect the system from outside hackers. White hat hackers may be paid employee of an organization who is employed to find the security loop-holes, or may be a freelancer who just wants to prove his mantle in this field. They are popular known as ethical hackers.  Black Hat: in contrast to the white hat, the black hat hack the system with ill intentions. They may hack the system for social, political or economically motivated intentions. They find the security loopholes the system, and keep the information themselves and exploit the system for personal or organizational benefits till organization whose system is compromised is aware of this, and apply security patches. They are popularly known as crackers.  Grey Hat: Grey hat hackers find out the security vulnerabilities and report to the site administrators and offer the fix of the security bug for a consultancy fee.  Blue hat: A blue hat hacker is someone outside computer security consulting firms who is used to bug-test a system prior to its launch, looking for exploits so they can be closed. 1.4.9 Creating and distributing viruses over internet The spreading of an virus can cause business and financial loss to an organization. The loss includes the cost of repairing the system, cost associated with the loss of business during downtime and cost of loss of opportunity. The organization can sue the hacker, if found, for the sum of more than or equivalent to the loss borne by the organization. 1.4.10 Spamming Sending of unsolicited and commercial bulk message over the internet is known as spamming. An email can be classified as spam, if it meets following criteria: a. Mass mailing:- the email is not targeted to one particular person but to a large number of peoples. b. Anonymity:- The real identify of the person not known c. Unsolicited:- the email is neither expected nor requested for the recipient. These spams not only irritate the recipients and overload the network but also waste the time and occupy the valuable memory space of the mailbox. 1.4.11 Cross Site Scripting 23 It is an activity which involves injecting a malicious client side script into a trusted website. As soon as the browser executes the malicious script, the malicious script gets access to the cookies and other sensitive information and sent to remote servers. Now this information can be use to gain financial benefit or physical access to a system for personal interest. 1.4.12 Online Auction Fraud There are many genuine websites who offers online auction over internet. Taking the advantage of the reputation of these websites, some of the cyber criminals lure the customers to online auction fraud schemes which often lead to either overpayment of the product or the item is never delivered once the payment is made. 1.4.13 Cyber Squatting It is an act of reserving the domain names of someone else‟s trademark with intent to sell it afterwards to the organization who is the owner of the trademark at a higher price. 1.4.14 Logic Bombs These are malicious code inserted into legitimate software. The malicious action is triggered by some specific condition. If the conditions holds true in future, the malicious action begins and based on the action defined in the malicious code, they either destroy the information stored in the system or make system unusable. 1.4.15 Web Jacking The hacker gain access to a website of an organization and either blocks it or modify it to serve political, economical or social interest. The recent examples of web jacking are some of the websites of the educational institutes were hacked by Pakistani hackers and an animation which contains Pakistani flags were flashed in the homepage of these websites. Another example is Indian hackers hacked website of Pakistani railways and flashed Indian flag in the homepage for several hours on the occasion of Independence Day of India in 2014. 1.4.16 Internet Time Thefts Hacking the username and password of ISP of an individual and surfing the internet at his cost is Internet Time Theft. 1.4.17 Denial of Service Attack It is a cyber attack in which the network is chocked and often collapsed by flooding it with useless traffic and thus preventing the legitimate network traffic. 1.4.18 Salami Attack 24 It is an attack which proceeds with small increments and final add up to lead to a major attack. The increments are so small that they remain unnoticed. An example of salami attack is gaining access to online banking of an individual and withdrawing amount in such a small amounts that it remains unnoticed by the owner. Often there is default trigger set in the banking website and transactions below say, Rs. 1000 withdrawal are not reported to the owner of the account. Withdrawing amount of Rs. 1000 over a period of time will lead to total withdrawal of a large sum. 1.4.19 Data Diddling It is a practice of changing the data before its entry into the computer system. Often, the original data is retained after the execution on the data is done. For example, DA or the basic salary of the person is changed in the payroll data of an individual for pay calculation. Once the salary is calculated and transferred to his account, the total salary is replaced by his actual salary in the report. 1.4.20 Email Spoofing It is a process of changing the header information of an e-mail so that its original source is not identified and it appears to an individual at the receiving end that the email has been originated from source other than the original source. 25 CYBER SECURITY TECHNIQUES There are many cyber security techniques to combat the cyber security attacks. The next section discusses some of the popular techniques to counter the cyber attacks. 2.1 AUTHENTICATION It is a process of identifying an individual and ensuring that the individual is the same who he/she claims to be. A typical method for authentication over internet is via username and password. With the increase in the reported cases of cyber crime by identity theft over internet, the organizations have made some additional arrangements for authentication like One Time Password(OTP), as the name suggest it is a password which can be used one time only and is sent to the user as an SMS or an email at the mobile number/email address that he have specified during the registration process. It is known as two-factor authentication method and requires two type of evidence to authentication an individual to provide an extra layer of security for authentication. Some other popular techniques for two-way authentication are: biometric data, physical token, etc. which are used in conjunction with username and password. The authentication becomes more important in light of the fact that today the multinational organizations have changed the way the business was to be say, 15 years back. They have offices present around the Globe, and an employee may want an access which is present in a centralized sever. Or an employee is working from home and not using the office intranet and wants an access to some particular file present in the office network. The system needs to authenticate the user and based on the credentials of that user, may or may not provide access to the used to the information he requested. The process of giving access to an individual to certain resources based on the credentials of an individual is known as authorization and often this process is go hand-in-hand with authorization. Now, one can easily understand the role of strong password for authorization to ensure cyber security as an easy password can be a cause of security flaw and can bring the whole organization at high risk. Therefore, the password policy of an organization should be such that employees are forced to use strong passwords (more than 12 characters and combination of lowercase and uppercase alphabets along with numbers and special characters) and prompt user to change their password frequently. In some of the bigger organizations or an organization which deals in sensitive information like defence agencies, financial institutions, planning commissions, etc. a hybrid authentication 26 system is used which combines both the username and password along with hardware security measures like biometric system, etc. Some of the larger organizations also use VPN(Virtual Private Network), which is one of the method to provide secure access via hybrid security authentication to the company network over internet. 2.2 ENCRYPTION It is a technique to convert the data in unreadable form before transmitting it over the internet. Only the person who have the access to the key and convert it in the readable form and read it. Formally encryption can be defined as a technique to lock the data by converting it to complex codes using mathematical algorithms. The code is so complex that it even the most powerful computer will take several years to break the code. This secure code can safely be transmitted over internet to the destination. The receiver, after receiving the data can decode it using the key. The decoding of the complex code to original text using key is known as decryption. If the same key is used to lock and unlock the data, it is known as symmetric key encryption. Figure 4: Encryption2 In symmetric key encryption, the after coding of data, the key is sent to the destination user via some other medium like postal service, telephone, etc. because if the key obtained by the hacker, the security of the data is compromised. Key distribution is a complex task because the security of key while transmission is itself an issue. To avoid the transfer of key a method called asymmetric key encryption, also known as public key encryption, is used. In 2 Image courtesy: https://upload.wikimedia.org/wikipedia/commons/b/bc/Public_key_encryption_keys.png 27 asymmetric key encryption, the key used to encrypt and decrypt data are different. Every user posse‟s two keys viz. public key and private key. As the name suggest, the public key of every user is known to everyone but the private key is known to the particular user, who own the key, only. Suppose sender A wants to send a secret message to receiver B through internet. A will encrypt the message using B‟s public key, as the public key is known to everyone. Once the message is encrypted, the message can safely be send to B over internet. As soon as the message is received by B, he will use his private key to decrypt the message and regenerate the original message. 2.3 DIGITAL SIGNATURES It is a technique for validation of data. Validation is a process of certifying the content of a document. The digital signatures not only validate the data but also used for authentication. The digital signature is created by encrypting the data with the private key of the sender. The encrypted data is attached along with the original message and sent over the internet to the destination. The receiver can decrypt the signature with the public key of the sender. Now the decrypted message is compared with the original message. If both are same, it signifies that the data is not tempered and also the authenticity of the sender is verified as someone with the private key(which is known to the owner only) can encrypt the data which was then decrypted by his public key. If the data is tempered while transmission, it is easily detected by the receiver as the data will not be verified. Moreover, the massage cannot be re-encrypted after tempering as the private key, which is posses only by the original sender, is required for this purpose. As more and more documents are transmitted over internet, digital signatures are essential part of the legal as well as the financial transition. It not only provides the authentication of a person and the validation of the document, it also prevents the denial or agreement at a later stage. Suppose a shareholder instructs the broker via email to sell the share at the current price. After the completion of the transaction, by any chance, the shareholder reclaims the shares by claiming the email to be forge or bogus. To prevent these unpleasant situations, the digital signatures are used. 28 Figure 5: Digital signature3 2.4 ANTIVIRUS There are verities of malicious programs like virus, worms, trojan horse, etc that are spread over internet to compromise the security of a computer either to destroy data stored into the computer or gain financial benefits by sniffing passwords etc. To prevent these malicious codes to enter to your system, a special program called an anti-virus is used which is designed to protect the system against virus. It not only prevents the malicious code to enter the system but also detects and destroys the malicious code that is already installed into the system. There are lots of new viruses coming every day. The antivirus program regularly updates its database and provides immunity to the system against these new viruses, worms, etc. 3 Image courtesy: https://upload.wikimedia.org/wikipedia/commons/2/2b/Digital_Signature_diagram.svg 29 Figure 6: Different anvirus available on the market4 2.5 FIREWALL It is a hardware/software which acts as a shield between an organization‟s network and the internet and protects it from the threats like virus, malware, hackers, etc. It can be used to limit the persons who can have access to your network and send information to you. Figure 7: Firewall5 There are two type of traffic in an organization viz. inbound traffic and outbound traffic. Using firewall, it is possible to configure and monitor the traffic of the ports. Only the packets from trusted source address can enter the organization‟s network and the sources which are blacklisted and unauthorized address are denied access to the network. It is important to have firewalls to prevent the network from unauthorized access, but firewall does not guarantee this until and unless it is configured correctly. A firewall can be implemented using hardware as well as software or the combination of both. 4 Image courtesy: https://www.flickr.com/photos/thomasguest/3027199004 5 Image courtesy: https://upload.wikimedia.org/wikipedia/commons/5/5b/Firewall.png 30  Hardware Firewalls: example of hardware firewalls are routers through which the network is connected to the network outside the organization i.e. Internet.  Software Firewalls: These firewalls are installed and installed on the server and client machines and it acts as a gateway to the organizations‟ network. In the operating system like Windows 2003, Windows 2008 etc. it comes embedded with the operating system. The only thing a user need to do is to optimally configure the firewall according to their own requirement. The firewalls can be configured to follow “rules” and “policies” and based on these defined rules the firewalls can follow the following filtering mechanisms.  Proxy- all the outbound traffic is routed through proxies for monitoring and controlling the packet that are routed out of the organization.  Packet Filtering- based on the rules defined in the policies each packet is filtered by their type, port information, and source & destination information. The example of such characteristics is IP address, Domain names, port numbers, protocols etc. Basic packet filtering can be performed by routers.  Stateful Inspection: rather than going through all the field of a packet, key features are defined. The outgoing/incoming packets are judged based on those defined characteristics only. The firewalls are an essential component of the organizations‟ network. They not only protect the organization against the virus and other malicious code but also prevent the hackers to use your network infrastructure to launch DOS attacks. 2.6 STEGANOGRAPHY It is a technique of hiding secret messages in a document file, image file, and program or protocol etc. such that the embedded message is invisible and can be retrieved using special software. Only the sender and the receiver know about the existence of the secret message in the image. The advantage of this technique is that these files are not easily suspected. 31 Figure 8: Steganography6 There are many applications of steganography which includes sending secret messages without ringing the alarms, preventing secret files from unauthorized and accidental access and theft , digital watermarks for IPR issues, etc. Let us discuss how the data is secretly embeded inside the cover file( the medium like image, video, audio, etc which is used for embed secret data) without being noticed. Let us take an example of an image file which is used as a cover mediem. Each pixel of a high resolution image is represented by 3 bytes(24 bits). If the 3 least significant bits of this 24 bits are altered and used for hiding the data, the resultant image, after embeded the data into it, will have un- noticible change in the image quality and only a very experienced and tranined eyes can detect this change. In this way, evcery pixel can be used to hide 3 bits of information. Similerly, introducing a white noise in an audio file at regular or randon interval can be used to hide data in an audio or video files. There are various free softwares available for Steganography. Some of the popular ones are: QuickStego, Xiao, Tucows, OpenStego, etc. 6 Image courtesy: https://upload.wikimedia.org/wikipedia/commons/b/b8/Seformatbmp-embedding_full.png 32 INVESTIGATING CYBER CRIMES: INTRODUCTION TO CYBER FORENSIC In the precedding chapters, we have dicussed the prevention techniques for cyber attack. What if one have encounter cyber attack? What Next? The next step is to report the cyber crime. But if a person is exposed to cyber forensic principles, the chances that the person accidently distroy the vital cyber evidences are minimized. 3.1 COMPUTER FORENSICS Cyber forensic is a branch of science which deals with tools and techniques for investigation of digital data to find evidences against a crime which can be produced in the court of law. It is a practice of preserving, extracting, analyzing and documenting evidance from digital devices such as computers, digital storage media, smartphones, etc. so that they can be used to make expert opinion in legal/administrative matters. The computer forensic plays a vital role in an organization as the our dependency on computing devices and internet is increasing day-by-day. According to a survey conducted by University of California7, 93% of all the informaiton generated during 1999 was generated in digital form, on computers, only 7% of the remaining information was generated using other sources like paper etc. It not always easy to collect evidences as the data may be temperd, deleted, hidden or encrypted. Digital foransic investigation is a highly skilled task which needs the expose of various tools, techniques and guidelines for fininding and recovering the digital evidances from the crime scene or the digital equipments used in the crime. With digital equipments like smartphone, tablets, palmtops, smart tv, etc having increasing processing capabilities and computation speed, the possibility of use of these devices in cyber crime cannot be ruled out. A forancis investigator must not only have deep understanding of the working of these devices and also hands-on exposure to the tools for accurate data retrival so that the value and intrigity of the data is preserved. 7 http://www.isfs.org.hk/publications/ComputerForensics_part1.pdf 33 A computer can be used intentionally or unintentionally to cyber crime. The intentional use is to use your computer to send hate mails or installing cracked version of an otherwise licenced software into your computer. Unintentional use is the computer you are using contains virus and it is spread into the network and outside the network causing major loss to someone in financial terms. Simillerly a computer can be directly used to commit a digital crime. For example, your computer is used to access the sensitive and classified data and the data is sent someone inside/outside the network who can use this data for him own benefit. The indirect use of computer is when while downloading a crack of a software, a trozan horse is stored in the computer, while creates a backdoor in the network to facilitate hacker. Now the hacker logs into your computer and use it for committing cyber crime. An experienced computer forensic investigator plays a crucial role in distinguishing direct and indirect attack. Computer forensic experts are also useful for recovery of accidental data loss, to detect industrial espionage, counterfeiting, etc. In large organization, as soon as a cyber crime is detected by the incident handling team, which is responsible for monitoring and detection of security event on a computer or computer network, initial incident management processes are followed8. This is an in-house process. It follows following steps: 1. Preparation: The organization prepares guidelines for incident response and assigns roles and the responsibilities of each member of the incident response team. Most of the large organizations earn a reputation in the market and any negative sentiment may negatively affect the emotions of the shareholders. Therefore, an effective communication is required to declare the incident. Hence, assigning the roles based on the skill-set of a member is important. 2. Identification: based on the traits the incident response team verifies whether an event had actually occurred. One of the most common procedures to verify the event is examining the logs. Once the occurrence of the event is verified, the impact of the attack is to be assessed. 3. Containment: based on the feedback from the assessment team, the future course of action to respond to the incident is planned in this step. 8 http://countuponsecurity.com/2012/12/21/computer-security-incident-handling-6-steps/ 34 4. Eradication: In this step, the strategy for the eradication or mitigate of the cause of the threat is planned and executed. 5. Recovery: it is the process of returning to the normal operational state after eradication of the problem. 6. Lesson Learned: if a new type of incident is encounter, it is documented so that this knowledge can be used to handle such situations in future. The second step in the process is forensic investigation is carried out to find the evidence of the crime, which is mostly performed by 3rd party companies. The computer forensic investigation involves following steps: 1. Identify incident and evidence: this is the first step performed by the system administrator where he tries to gather as much information as possible about the incident. Based on this information the scope and severity of the attack is assessed. Once the evidence of the attack is discovered, the backup of the same is taken for the investigation purpose. The forensic investigation is never performed on the original machine but on the data that is restored from the backup. 2. Collect and preserve evidence: Various tools like Helix, WinHex, FKT Imager, etc. are used to capture the data. Once the backup of the data is obtained, the custody of the evidence and the backup is taken. MD5(message digest) hash of the backup is calculated and matched with the original one to check the integrity of the data. Other important sources of information like system log, network information, logs generated by Intrusion Detection Systems(IDS), port and process information are also captured. 3. Investigate: The image of the disk is restored from the backup and the investigation is performed by reviewing the logs, system files, deleted and updates files, CPU uses and process logs, temporary files, password protected and encrypted files, images, videos and data files for possible stegnographic message, etc. 4. Summarize and Presentation: The summery of the incident is presented in chronological order. Based on the investigation, conclusions are drawn and possible cause is explained. While carrying out the digital forensic investigation, rules and procedure must be applied. Specially while capturing the evidence. It should be ensured that the actions that are taken for capturing the data do not change the evidence. The integrity of the data should be maintained. It must be ensured that the devices used for capturing the backup are free from contamination. 35 Moreover, all the activities related to seizure, access, storage or transfer of digital evidence must be fully documented, preserved and available for review9. Prevention is always better than cure. It is always recommended to fine tune your intrusion detection system like firewall occasionally perform penetration tests on your network to avoid pray to hacker. Last but not the least, report the crime. 3.2 WHY SHOULD WE REPORT CYBER CRIME? Some of the companies do not report a cyber crime incident because they fear this will harm their reputation amongst its shareholders. Some of the data are very sensitive and its disclosure may impact their business negatively. But, the fact is until and unless a cyber crime incident is reported, the cyber criminals will never be crabbed by the law enforcement agencies. This will further worsen the conditions and encourage the criminals to repeat these types of incidents with the same or the other organizations. So it is very important to identify and prosecute them. This will help not only to identify the existing threats to the economy and the infrastructure but also new threats are identified. Depending on the scope of a cyber crime, the cyber crime should be reported to nearest cyber cell of your locality, state cyber cell, central investigating agencies like CBI, IB or the international bodies like Interpol. Some of the addresses of the cyber coordinating units are: Assam Haryana Address: CID HQ,Dy.SP., Assam Police Address: Cyber Crime and Technical Contact Details: Ph: +91-361-252-618, +91 Investigation Cell, Joint Commisioner of Police, 9435045242 Old S.P.Office complex,Civil Lines, Gurgaon E-mail id: [email protected] E-mail: [email protected] Mumbai Chennai Address: Cyber Crime Investigation Cell, Address: Asst. Commr. of Police, Cyber Crimes Office of Commissioner of Police Cell, office,Annex -3 Building, 1st floor, Near Vepery, Chennai 7 Crawford Market, Mumbai-01. Contact Details: 04423452348, 04423452350 9 http://www.isfs.org.hk/publications/011009/Collins-CIO&CeO.pdf 36 Contact Details: +91-22-22630829, +91-22- E-mail id: [email protected] 22641261 For Rest of Tamil Nadu, Web site: http://www.cybercellmumbai.com Address: A-Wing, III rd Floor, Rajaji Bhawan, E-mail id: [email protected] Besant Nagar, Thane Chennai-600090 Address: 3rd Floor, Police Commissioner Contact Details: 044-24461959, 24468889, Office, Near Court Naka, Thane West, Thane 24463888 400601. E-mail id: [email protected] Contact Details: +91-22-25424444 Web site: www.thanepolice.org E-Mail: [email protected] Bangalore (for whole of the Karnataka) Hyderabad Address: Cyber Crime Police Station, C.O.D Address: Headquarters, Cyber Crime Police Station, Crime Investigation Carlton House, # 1, Palace Road, Bangalore - Department, 560 001 3rd Floor, D.G.P. office, Lakdikapool, Hyderabad Contact Details: +91-80-2220 1026, +91-80- – 500004 2294 3050, +91-80-2238 7611 (FAX) Contact Details: +91-40-2324 0663, +91-40- Web site: 2785 2274, +91-40-2785 2040, +91-40- http://www.cyberpolicebangalore.nic.in 2329 7474 (Fax) Email-id: Website: [email protected], [email protected] http://www.cidap.gov.in/cybercrimes.aspx E-mailid: [email protected], [email protected], [email protected] Delhi Pune CBI Cyber Crime Cell: Superintendent of Address : Deputy Commissioner of Police, Police(Crime), Office of the Cyber Crime Investigation Cell, Central Commissioner Office, 2, Sadhu Vaswani Road, Bureau of Investigation, 5th Floor, Block Camp,Pune 411001 37 No.3, CGO Complex, Contact Details: +91-20-26123346, +91-20- Lodhi Road, New Delhi – 3 26127277 Contact Details: +91-11-4362203, 011- +91-20-2616 5396, +91-20-2612 8105 (Fax) 26851998 Website: www.punepolice.gov.in 011-26515229, +91-11-4392424 E-Mail: [email protected], Web site: http://cbi.nic.in [email protected] Asst. Commissioner of Police, Cyber Crime Cell, EOW, Crime Branch,2nd Floor, Police Training School, Malaviya Nagar, New Delhi-110 017 E-Mail: [email protected], dcp-eow- [email protected] Himachal Pradesh Gujarat Address : CID Office ,Dy.SP, Himachal DIG, CID, Crime and Railways. Fifth Floor, Pradesh Police Bhavan Sector 18, Gandhinagar 382 018 Contact Details: +91-94180 39449 Contact Details: +91-79-2325 4384, +91-79- E-mail:[email protected] 2325 0798, +91-79-2325 3917 (Fax) Jharkhand Kerala Address: IG-CID,Organized Crime, Rajarani Address : Hitech Cell, Police Head Quarters, Building, Doranda Ranchi – 834002 Thiruvananthapuram Contact Details:: +91-651-2400 737, +91- Contact Details: +91-471 272 1547, +91-471 272 651-2400 738 2768 E-mail: [email protected] E-mail: [email protected] Jammu Orissa Address: SSP-Crime, CPO Address: CID,Crime Branch, Orissa Complex,Panjtirthi, Jammu-180004 Contact Details: +91 94374 50370 Contact Details: +91-191-257-8901 E-mail: [email protected] 38 E-mail: [email protected] Meghalaya Punjab Address: SCRB,Superintendent of Police Address: Cyber Crime Police Station, DSP Meghalaya Cyber Crime, S.A.S Nagar,Patiala, Punjab Contact Details: +91 98630 64997 Contact Details: +91 172 2748 100 E-mail: [email protected] Bihar West Bengal Address: Cyber Crime Investigation Unit, Address: CID, Cyber Crime, West Bengal Dy.S.P.Kotwali Police Station, Patna Contact Details: +9133 24506163 Contact Details: +91 94318 18398 E-mail:[email protected] E-mail: [email protected] Uttar Pradesh UttaraKhand Address: Cyber Complaints Redressal Cell, Address: Special Task Force Office Nodal Officer Cyber Cell Agra, Agra Range Sub Inspector of Police, Dehradoon 7,Kutchery Road, Contact Details: +91 135 264098, +91 94123 Baluganj,Agra-232001, Uttar Pradesh 70272 Contact Details: +919410837559 E-mail:[email protected] E-mail: [email protected] 39 SOME RECENT CYBER SECURITY ATTACKS 4.1 INTRODUCTION The proliferation of Internet amongt the population is getting deep day-by-day. This not only increase the scope of e-governance and e-commerce in the area of healthcare, banking, power distribution, etc. but also expose these sectors to cyber threats like hacking, credential thefts, data tempering, account hijacking, etc. According to a report,there were around 62,189 cyber security incidents, originating mainly from Countries including US, Europe, Brazil, Turkey, China, Pakistan, Bangladesh, Algeria and the UAE, in the period from Jan-May, 2014. Also, aroung 10,000 Indian government sites were compromised in this period. India has a seroius sortage of IT Security professional to deal with such treats in effective manner. According to a report, India needs around one million cyber security professionals to deal with cyber threats effectively. 4.2 SOME RECENT CYBER CRIME INCIDENTS In the current section, we will discuss some of the common cyber crimes and fruads incidents over internet so that you could appriciate how these little ignorance could lead to a big digaster. 1. Paypal, an international online money transfer service, which allows you to safely transfer money through an Internet using various encryption techniques and provides an alternative to other traditional payment methods like cheques, money orders, etc. It have an active user base of over 100 million active users in 190 countries and performs over 9 million payments daily. It is one of the popular medium of payment over online auction sites like ebay etc. It is a convinient medium for trading particularly of the buyers and sellers are from differnet countries and have different currencies. Romanion Hacker TinKode aka Razvan Cernaianu, explioted a loophole in the code of the chargeback process of PayPal. Due to this, a user can double its money en every attempt. Suppose the user have Rs.1000, this using this loophole, the amount will be doubled to Rs.2000 in the first attempt. Now this Rs. 2000 will be doubled to Rs. 4000 in the second attempt. Further Rs. 4000 will be doubled to Rs. 8000. Like wise this process will continue endlessly. 40 2. In Australia, a website called MP3/WMA Land, which offers a large number of pirated songs, music video clips for free download to its users. This resulted in heavy financial losses to the artists and the producers of those songs. The complain was loudeged by an organizations called Music Industry Piracy Investigations. The owners of the website, Ng, Tran and Le, who were the students of Australian University, were framed for Australia‟s largest copyright infrigement case(Urbas, 2012). 3. One of the intresting case of online stalking was registered by Mrs. Ritu Kohli at Delhi Police (Kaur, 2013). She reported that someone is using her identity over the Internet in the website www.mirc.com for chatting, and distributed her address and phone number. As a result she received a large number of phone calls from all over including Dubai, Ahemdabad, Mumbai, etc. at odd hours. This caused a lot of mental frustration and she decided to report the case. Based on her complain, Delhi Police tracced the IP address and finally traced the address of accused, Manish Kathuria and arrested him. A Dubai based NRI was blackmailed, and by the time the case was reported, he had already approximatly 1.25 crore to the accused (Madhya Pradesh State Cyber Police, 2013). The NRI met a girl over Internet and after a series of long chatting sessions, the girl won the love and trust of the NRI. In the meantime, she introduces him with several of her friends. Due to some reasons, the relation could not last long. After some time, one of the girl‟s friend, who was introduced to him by the girl, reports him that due to the mental stress of the broken relationship, the girl have commited sucide and police is investigating the case. Many fake copies of the letters from CBI, High Court of Calcutta, New York police and Punjab University etc. were also sent to the NRI. The NRI seeked help from the girl‟s friend, who in turn introduced her with a law firm based at Kolkata. The owner of the law firm agreed to take this case. A huge some of money was demanded by the law firm and a total of more that 1.26 crore were transfered on different occassions and he still demamded more money. The NRI smell something fishy and reported the case to Mumbai Police. The NRI forwarded all the email that he recieved from the girl, her friend and the owner of the law firm. After the foransic invertigation for the email, the IP address of all the three persons were found to be originated from the same source. After investigation, it was found that the identity of the girl and her friends were all virtual i.e. they does not exist. The owner of the law firm was the mastermind who assumed false identity of all the persons and created this false story to blackmail the NRI. 41 4. Iran‟s necular facility at Natanz was attacked by virus, Stuxnet which is belived to be developed by US (Shubert, 2011). It was not possible to inject the virus though the Internet as the network of the the Iran‟s necluer facility is a private network and was isolated from rest of the world. The virus first infacted the third party utility which is used by Natanz facility and gained assess to the network. The virus was designed to attack a specfic system software which controls the operation of Siemens controllers. The virus speeds up or slow down the centrifuges and thus wearing them out prematurely. Moreover, it hijacked the system and send false signals about the health and status of the necluer plant. Therefore, by the time the effect of the virus was detected, it was too late and the virus have done much harm to the neculear facility. 5. A trojen mail was used to hack the user name and the password of the current account of Mumbai based firm RPG Group and siphoned off Rs. 2.41 crore by Real Time Gross Sattlement(RTGS) (Narayan, 2013). Th bank officials suspected when they notice the huge amount of money transfer. They confirmed they same from the companie‟s officials who denied the tranfer of the money to the designmated accounts. Based on the names and the address of the of the account holders who have received the money, the police came to know that the account holders have permitted the main accused to use their account in return of huge commission. 6. Chennai police cracked a case of credit card fraud, where two BPO employees with the help of the son of the accused, increased the credit card limt and the communication address of the credit card owner (Madhya Pradesh State Cyber Police, 2013). They illigally hacked into their company‟s computer to find out the details of the credit card owner. They credit card company was cheated for about 7 lakhs before the incident was noticed. Due to the chance of the communication address, the owner of credit card could not receive montly statements genrerated at the month‟s end. The case was register with the Chennai police. After the digital foransic investigation of the BPO‟s compute system, it was found that its two employees have illegally access to the computer to steel the customer record. 7. A case of copyright infringment was loudged in Andhra Pradesh (Nandanwar, 2013). A well known mobile serive operator company launched a promotional campain, in which it offered a mobile phone at a very low cost to its customers with a lock-in period of 3-years. The software of the phone was configured in such a way that, in the lock-in period the sim of any other company cannot working with the handset. A compititor of that company lured the existing customers of the company which gave 42 the mobile phone to “unlocked” the phone by cracking the software of the mobile so that any other sim can be used with the handset. The company reported the crime and the case were registered under copyright infringement u/s 63 of copyrights act. 8. A gang of criminals is active over the cyber space, which steels the credit card data of the cardholders from the POS at shopping malls, petrol pumps, resturents, hotels, etc. and use these cards to book air tickets online. According to the reports, over 15000 credit cards were fraudulently used by these criminals to book online tickets which account for approximatly Rs. 17 crore revenue loss. These criminals use public infrastructure like cyber cafe, etc. to book these tickets so that it is difficult to trace them. The fraud came to the notice when the customers who were charged for booking an airticket and these customers reported at the card issuing banks claming that these tickets were never booked by them. 9. In the year 2000, a worm known as Love Bug worm or VBS/Loveletter, which specially target Windows operating system based computer system, caused damage costing approx. Rs. 22,000 crore. An spam mail containing “ILOVEYOU” in the subject line and LOVE-LETTER-FOR-YOU.TXT.vbs as an attachment is received. If the used clicked the attachment, the machine gets infacted and the worm start searching all the drive of the computer and start currupting the files. It also start forwarding the copies of the email to all the outlook contacts added in the addressbook of the user. Nearly 10% machines connected to the Internet were infacted within no time (Madhya Pradesh State Cyber Police, 2013). Many large organizations which includes British parliament, Pentagon have to shut down the email system to stop this worm spreading into their network. 10. Online degree fraud are very popular these days over internet where accredited online degrees are offered by fake Universities (Gollin, 2003). These diploma mills offer to turn your work experience into a degree in exchange of money. The transcripts are also issued to the students on the basis of self evaluation. Its only when the students is rejected on account of fake degree, he realize that he fell pray to online fraud. 11. Can you belive a fake tweet

Introduction to Cyber Security PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue