Unit-II: Cyber Offenses

How Criminals PlanThem–Introduction

• Technology is a “double-edged sword” as it can be used for both good and bad purposes.
• People with the tendency to cause damages or carrying out illegal activities will use it for
bad purpose.
• Computers and tools available in IT are also used as either target of offense.
• In today’s world of Internet and computer networks, a criminal activity can be carried
out across national borders.
• Cybercriminal use the World Wide Web and Internet to an optimum level for all illegal
activities to store data, contacts, account information, etc.
• The criminals take advantage of the widespread lack of awareness about cybercrimes
and cybe rlaws among the people who are constantly using the IT infrastructure for
official and personal purposes.
• People who commit cybercrimes are known as “Crackers”.
Hackers, Crackers and
Phreakers
• Hacker: A hacker is a person with a strong interest in computers who
enjoys learning and experimenting with them.
• Hackers are usually very talented, smart people who understand computers
better than others.
• The term is often confused with cracker that defines someone who Breaks
into computers
• Brute force hacking: It is a technique used to find passwords or
encryption keys.
• Brute force Hacking involves trying every possible combination of letters,
numbers, etc., until the code is broken.
• Cracker: A cracker is a person who breaks into computers.
• Crackers should not be confused with hackers.
• The term “cracker” is usually connected to computer criminals.
• Some of their Crimes include vandalism, theft and snooping in unauthorized
areas.
• Cracking: It is the act of breaking into computers. Cracking is a
popular, growing subject on the Internet.
• Many sites are devoted to supplying crackers with programs that
allow them to crack computers.
• Some of these programs contain dictionaries for guessing passwords.
• Others are used to break into phonelines (called “phreaking”).
• These sites usually display warnings such as “These files are illegal; we
are not responsible for what you do with them.”
• Cracker tools: These are programs used to break into computers.
• Cracker tools are widely distributed on the Internet.
• They include password crackers, Trojans, viruses, war dialers and
worms
• Phreaking: This is the notorious art of breaking into phone or other
communication systems.
• Phreaking sites on the Internet are popular among crackers and other
criminals.
• Wardialer: It is program that automatically dials phonenumbers
looking for computers on the other end.
• It catalogs numbers so that the hackers can call back and try to
breakin.
Fig1. Network vulnerabilities-Sample network
Categories of vulnerabilities that hackers typically search for are
1. Inadequate border protection (border as in the sense of network periphery);

Many workstations are connected together and employee instals the PC without a password. Poor password allows the
guessing of password easily.
2. Remote Access Servers (RASs) with weak access controls

These are connected to all the network. A Firewall will protect the PC, by reporting suspicious activity, when administarator
fails to monitor the IDS alters.
IDS is a Intrusion Detection system, It is a system that monitors network traffic for suspicious activity and alters when such
activity is discovered.
3. Application servers with well-known exploits;

Administrator fails to install patch to fix the BIND Vulnerability.

Web administarator fails to install patch to fix IIS Unicode vulnerability
4. Misconfigured systems and systems with default configurations.

The router which is misconfigured highly vulnerable to DoS attack

How criminals plan the attacks
• Phases involved in planning Cybercrime:
1. Reconnaissance
2. Information gathering, first phase passive attack
3. Scanning and scrutinizing the gathered information
4. For validity of the information as well as to identify the existing
vulnerabilities
5. Launching an attack and Gaining and maintaining the system access.
Phase 1: Reconnaissance
• It is an act of reconnoitering- explore, often with the goal of finding
something or somebody (gain information about enemy (potential
enemy)
• In the world of "hacking," reconnaissance phase begins with foot
printing - this is the preparation toward pre attack phase, and involves
accumulating data about the target environment and computer
architecture to find ways to intrude into that environment.
• The objective of this preparatory phase is to understand the system, its
networking ports and services, and any other aspects of its security that
are needful for launching the attack.
• Two phases: passive and active attacks.
Phase 2: Information gathering,
first phase passive attack
1. Google or Yahoo search locate information about employees
2. Surfing online community groups Facebook to gain information
about an individual
3. Organizations website for personal directly or information about the
key employees used in social engineering attack to reach the target.
4. Blogs news groups press releases etc.,
5. Going through job posting
6. Network sniffing information on internet protocol address ranges
hidden server or network or service on the system.
Active Attacks:
• It involves probing the network to discover individual host to confirm
the information (IP address, operating system type and version, and
services on the network) gathered in the passive attack phase
• Also called as Rattling the Doorknobs or Active Reconnaissance
• Can provide confirmation to an attacker about security measures in
place (Whether front door is locked?)
Phase 3: Scanning and scrutinizing
the gathered information
• Is a key to examine intelligently while gathering information about the
target
• The objectives are:
1. Port scanning
2. Network scanning
3. Vulnerability scanning
• Phase 4: For validity of the information as well as to identify the
existing vulnerabilities. After collecting the data on the victim, validate
the acquired information and also identify the vulnerabilities.
Phase 5: Launching an attack and gaining and
maintaining the system access
• After scanning and scrutinizing (enumeration) the attack is launched
using the following steps.
1. Crack the password
2. Exploit the privileges
3. Execute the malicious command or application
4. Hide the files
5. Cover the tracks- delete access logs, so that there is no trial illicit
activity
• We have the following types of Ports scans namely
• Vanilla: the scanner attempts to connect all 65,535 ports.
• Probe: Amore focus scan looking only for non-services to exploit
• Fragmented packets: the scanner since packets fragments that get through simple
packet filters in a Firewall.
• UDP the scanner Looks for open UDP ports
• sweep the scanner connects to a same port on more than one machine
• FTP Bounce the scanner goes through FTP server in order to disguise the sources
of the scan
• Stealth scanner the scanner blocks the scanned computer from recording the
port can activities
Social Engineering
• Social engineering Is a Technique to influence and persuasion to device people to
obtain the information or perform some action.
• A social engineer uses telecommunications or internet to get them to do something
that is against the security practices and/or policies of the organization.
• SE involves gaining sensitive information or unauthorized access privileges by
building inappropriate trust relationship with insiders.
• It is an art of exploiting the trust of people.
• The goal of SE is to fool someone into providing valuable information or access to
that information.
• SE studies human behavior so that people will help because of the desire to be
helpful, the attitude to trust people, and fear of getting into trouble.
• An example is calling a user and pretending to be someone from the
service desk working on a network issue; the attacker then proceeds
to ask question about what the user is working on, what files shares
he/she uses, what his/her password is and so on..,
Types
• Human based Social Engineering
• It refers to person to person interaction to get the required/desired information.
• Impersonating an employee or valid user
• Posing as an important user
• Using a third person
• Calling technical support
• Shoulder surfing
• Dumpster diving
• Computer based Social Engineering
• Fake E-Mails
• E-Mail attachment
• Pop-up windows
Cyber Stalking
• Cyber stalking is the use of Internet or other electronics means to
stalk or harass an individual, a group or an organization.
• It may include false accusation, defamation, slander and liable.
• Cyber stalking is sometimes referred to as Internet stalking, e-stalking
or online stalking.
• It refers to the use of Internet or electronic communication such as e-
mail or instant messages to harass the individual.
• As per Law Cyber Stalking is a punishable offence and attracts section
354 (D), 509 IPC, and section 67 under I.T. Amendment Act 2008.
Information Technology Act, 2000 (amended in 2008).
Types of Stalkers
• Online Stalkers
• Offline Stalkers
Steps of how stalking works
1. Personal information gathering about the victim.
2. Established a contact with the victim through telephone or cell phone start
threatening or Harass.
3. Establish a contact with the victim through email
4. Keep sending repeated emails asking for various kinds of favors or threaten the
victim
5. Post victim's personal information's on any website related to illicit services
6. Who so ever comes across the information start calling the victim on the given
contact details asking for sexual services
7. Some stalkers may Subscribe/Register email account of the victim to innumerable
pornographic and sex sites, because of which victim will start receiving such kinds of
unsolicited e-mails.
Cybercafé & cybercrimes
• An Internet café or Cybercafé is a place which provides internet
access to the public usually for a fee.
• According to Nielsen Survey on the profile of Cybercafe users in India:
1. 37% of the total population uses cyber cafes
2. 90% of this word male in the age group of 15 to 35 years
3. 52% graduates and post graduates
4. > than 50% were students
• Cyber café are Used for either real or falls terrorist communication.
• They are not network service providers (NSP) according to IT act 2000
Illegal activities observed in cyber cafes.

1. Pirated software's operating system Browser office.

2. Anti-virus software not updated
3. Cybercafés have installed deep freeze software to protect computer
from prospective malware attacks.
4. Annual Maintenance Contract (AMC) found to be not in place for
serving computer
5. Pornographic websites and similar websites with indecent contents are
not blocked
6. No periodic visits to Cyber Cafe by cyber-Cell wing (state Police) or
Cybercafe Association.
Safety and security measures while
using the computer in a cybercafé
• Always logout do not save login information through automatic
login information.
• Stay with the computer
• Clear history and temporary files
• Be alert don't be a victim of Shoulder Surfing
• Avoid online financial transaction
• Change password
• Virtual Keyboard
• Security warnings
END