CHAPTER 2

Cyber Offenses

Marks : Hours: 09
25
Introduction
 Technology is “double edge sword” ( Good/bad)
Fast exchange of information. (Good)
Easy down the work . (Good )
Threats of interception. (Bad)
Technology use for criminal activities. (Bad)
 Cybercriminal use the World Wide Web and Internet in
optimal to transfer and store information. ( Smart use of
resources )
 Cybercriminal are taking advantage about lack of
awareness about cybercrimes and cyber laws. ( Cyber
Threats ).
 Attacker exploit the network vulnerability.
 The categories of vulnerability that hacker typically
search for are as follows,
- Inadequate network boundary protection
- Remote Access Server
Categories of cybercrime
 Crime targeted at individuals.
- exploit human weakness such as greedy nature.
- financial fraud.
- Child pornography.
- copyright violation
- Harassment
 Crime targeted at property.
- stealing of Smartphone, Laptop, Tab, Ext HD,
pendrive
 Crime targeted at organization
- Attacker target specific group of computer or organization
using internet and attacking tools by stealing private information
and damaging programming file ,database and software.
 Single event cybercrime : Virus with attachment.
 Series of event : Attacker interact with victim using social engg
skill
Regularly telephonic conv .
Chat Room
How Criminal Plan the Attacks

The following phases are involved in

planning cybercrime:
1. Reconnaissance (information gathering) is
the first phase and is treated as passive
attacks.

2. Scanning and scrutinizing the gathered

information for the validity of the information
as well as to identify the existing
vulnerabilities.

3. Launching an attack (gaining and

maintaining the system access).
I. Reconnaissance
Passive attacks…gain information about target
…exploit confidential information
 Gathering information ( Passive Attack)
 - Google or Yahoo search (search info about employee)
 - Organization web site .
 - Surfing online community group like orkut/Facebook.
 - Blogs, newsletter and Press releases etc. are used as a
 medium to gain information about company or
 employee.
 - Job Posting sites.
Active Attacks
 Active attack help to collect information about system.

( IP Addresses , OS type , service on network )

 II. Scanning and Scrutinizing
Gathered Information
 The objectives of scanning are as follows:
1. Port scanning:
2. Network scanning:
3. Vulnerability scanning:

 The objectives of the scrutinizing phase

are to identify
1. The valid user accounts or groups;
2. Network resources and/or shared resources
3. OS and different applications that are
running on the OS.
III. Lunching and Attack
Steps for Lunching an attack are
1. Crack the password
2. Exploit he password
3. Execute the malicious
command/applications
4. Hide the files (if required);
5. Cover the tracks - delete the access logs, so
that there is no trail illicit activity.
Social Engineering
 Social engineering involves gathering secret
information as well as unauthorized access of
network.
 Activities in Social engineering
i. Foot printing
ii. Trust Establishment
iii. Psychological Manipulation \
iv. Clear Exit
Classification of Social Engineering
1. Human Based 2. Computer Based.
1. Human –Based social engineering.
- Impersonating an employee or valid user.
(organization having various branch)
-Projecting an important member of the
organization. (CEO/Manager)
- Using third person : An attacker pretends to have
permission from authorized
user to access the system.
- Calling technical support .(Technical Support staff)
- Shoulder surfing (login id/password)
- Dumpster Driving
Classification of Social
Engineering………
2. Computer Based Social Engineering.
- sensitive or confidential information is collected by
using computer
/Internet.
1. Fake E-mail : Attacker sends fake email to no of
user victim find it
legitimate mail.
2. E-mail Attachment. (malicious code is attached )
3. Pop up windows. – special offers.
4 . Dumpster Driving
Types of Social Engineering
1. Pretexting
2. Baiting
3. Role Playing
4. Dumpster Driving
5. Shoulder Surfing
6. Phishing
7. Surfing organization website and online
Forums
Prevention of Social Engineering
 Don’t open emails and attachments from
suspicious sources
Use multifactor authentication
Be wary of tempting offers
Keep your antivirus/antimalware software
updated
Cyberstalking
Stalking means “act or process of
following victim silently”
Cyberstalking is when someone uses the
internet to stalk, harass, or make repeated
threats.
The stalker might be a stranger or someone
you know
A cyberstalker relies upon the anonymity
afforded by the Internet to allow them to
stalk their victim without being detected.
Types of Cyber Stalking
1. Online Stalking :
 They interact with victim directly with the help
of Internet.
 Mode of Interaction : E-mail, chat room,
traditional PSTN, VoIP phones.
 Stalker can make use of third party to harass
victim.
2. Offline Stalker :
 Stalker may attack on victim by observing his
1. Daily routing.
2. Searching personal website /blogs
3. Visiting victim organization.
How Stalking is Done
1. Gathering personal info .( e.g.. Contact no and address)
2. Established contact with victim through telephone /cell phone.
3. Contact via E-mail.
4. Continues threaten mail to victim.
5. The stalker may post victim personal photo and information social site
or porn web site.
6. Place a GPS device on the victim’s car to track their movements.
7. Threaten the victim or their friends and family via emails.
8. Post personal details such as name, address, social security number, number,
etc. over the internet.
9. Gain access to emails, text messages and social media to blackmail or harass
a victim.
10. Hack into the victim’s social media account to post offensive material and
comments.
11. Hack into the victim’s computer to look for different things to exploit.
12. Release personal information to discredit you in your place of work.
13. Use your social media account or email to stalk others.
14. Create malicious websites, fake social media profiles, and blogs about victim
Case
Defense Against Cyber stalking
i. Understanding and learn how to use privacy setting of
social media platforms.
ii. Make use of the two-factor or double authentication
security option as and when available and possible
iii. Review and filter the personal information supplied on
public accounts
iv. Do not accept friend requests or follower from a person
who is not personally known
v. Tell friend not to post your personal information without
your permission
vi. Do not publicly share pictures or other identifying
information about your close family members and friends
vii. Do not share your personal information on online
surveys , quizzes and polls websites
viii. Always make use of strong and different password for
each online account
Cybercafe and Cybercrime
 Cybercafe : A cybercafe is a type of business where
computers are provided for accessing the internet,
playing games, chatting with friends or doing other
computer-related tasks.
 Charges on the basis of time
 Cybercafe is used by the cybercriminals to perform
crime as
 It easily hack visitor’s data because of a lack of awareness of
cybercrime in users.
 In addition it is very easy to cover the crime they are
committing as they are making use of public Internet
services.
Cybercafe hold two types of risks :
1. We do not know what programs are installed on the
computer like keyloggers or spyware.
2. Shoulder peeping can enable others to find out your
passwords
Facts Related to Cybercafé
 Pirated software(s) such as OS, browser, office
automation software(s) (e.g., Microsoft Office) are
installed in all the computers.
 Antivirus software are not updated
 Deep Freeze is installed on computer in Several
cybercafés
 Annual maintenance contract (AMC) found to be not
in a place for servicing the computers
 Pornographic websites and other similar websites
with indecent contents are not blocked.
 Cybercafe owners have very less awareness about
IT Security and IT Governance.
 No cyber audit was initiated by the cybercafé
association or cyber cell of the police in cybercafé
Cybercafe and Cybercrime
 Tips for safety and security while using the computer in a
cybercafe.
- Always logout.
- Stay with the computer.
- Clear history and temporary file.
- Be alert.
- Avoid online financial transaction.
- change password.
- Virtual keyboard ( icici bank provides it to enter secret
pin/3D secure code / credit card no.)
- Security warning : warning should consider during
accessing financial
/bankingCyber
National site. Crime Reporting Portal
Botnet
Bot is an automated program which are
responsible to perform specific task over
network.
The word ‘botnet’ is a combination of two words,
‘robot’ and ‘network.’
A botnet is a number of Internet-connected
devices, each of which is running one or more
bots.
he owner of botnet can control the it using
Command and Control (C&C) software.
Botnet can be used for performing DDoS Attack ,
Spam Attack ,Malware and Adware Installation
Stealing confidential information Phishing Attack
,Spamdexing { search engine poisoning } etc.
Botnet Architecture
1. Client-server Model
3. Hierarchical
Model

Figure. Client-Server model

2. Peer-to-Peer Model

Figure Hierarchical C&C

Topology

Figure. Peer-to-Peer Model

Types of Botnet Attacks
1. Distributed Denial of Operations Service
2. Spamming and Traffic Monitoring
3. Keylogging
4. Mass Identity Theft
5. Pay-per-click abuse
6. Botnet spread
7. Adware
Botnet Prevention Measures
 Use antivirus and anti-spyware and keep it up-to-date.
 Download security patches (OS)
 Use firewall to protect system from hacking attacks while
it is connected on the internet.
 Disconnect internet when you are away from your
computer.
 Download freeware from trusted website.
 Check regularly E mail folder.
 Take an immediate action if your system is inflected.
Attack Vector
 An attack vector is a path or means by which an attacker can
gain access to a computer or to network server to deliver a
payload. ( malicious code )
 Attacker vector include virus , E-mail attachment, web page,
pop up window, instant message , chat room .
 To some extend , attack vector can be block using firewalls and
antivirus.
 List of attack vector

1. Attack by email.
2. Attachment.
[Link] by deception (trick)
4. Hackers
5. Heedless guest (attack by webpage ) : attacker make fake
website to extract
personal information , such website look genuine .
 Attack Vector……

6. Attack of the worms.

Many worms are deliver as E mail attachment.
worms are using loopholes of network protocol
7. Malicious macros : MS word and MS excel.
8. Foistware : Foistware is the software that adds hidden
components to the system on the sly (smartly or
clever). It is bundle with attractive software.
9. Virus
Cloud Computing
Cloud Computing is a technology that uses
the internet and central remote servers to
maintain data and applications.
Businesses that cannot afford the same
amount of hardware and storage space as
a bigger company. Small companies can
store their information in the cloud,
removing the cost of purchasing and
storing memory devices
To access the cloud user should have
internet connection.
 Types of Cloud
There are different types of clouds that you can
subscribe to depending on your needs. As a
home user or small business owner, you will
most likely use public cloud services.
1. Public Cloud
2. Private Cloud
3. Community Cloud
4. Hybrid Cloud

 Cloud Computing service provider

Amazon , 3 Tera, [Link], Flexiscale,
Google-App Engine, Go grid.
 Cloud Computing
Advantage of Cloud computing.
1. Application and data can be access from
anywhere at any time.
2. It bring HW cost down. Resources can access
through internet.
3. Organization can save software license cost
4. Organization can save money on IT support.
Security challenges in Cloud computing
1. Cloud Computing is next target of
cybercriminals.
2. Cloud computing servers are outside of
organization security perimeter.