Welcome to

The World of Cyber Security

Happy Learning
 Chapters 2
Cyber Offense and
Cyber Crime
 “If you spend more on coffee
“ than on IT security, you will be
hacked. What’s more, you
deserve to be hacked .”
— Richard Clarke

3
 Review Questions from Chapter 1
• Explain global perspectives of cybercrime [ME-IT, Dec 2019].
• Explain in detail cyberdefamation and various types of cybercriminals.
[ME-IT, Dec 2018]
• Give a classification of cybercrime and cybercriminals. [ME-IT, Dec 2017].
• Write a short note on Indian Information Technology Act, 2000. [BE-IT,
Dec 2019; ME-IT, Dec 2017].
• Write brief note on cyberterrorism [BE-IT, Dec 2019].
• Classify the cybercrimes and explain any one briefly. [BE-IT, Dec 2019].
• Compare active attack versus passive attack. [BE-IT, Dec 2019]
Learning Objectives
• Describe different types of cybercrimes
• How criminals plan attack
• The steps involved in cybercrimes

• Describe the tools used for launching attacks

• Explain the role of botnet and attack vector in cybercrime
• Discuss challenges faced by mobile and wireless devices and
their security implications

• Describe the security threats and possible attacks on mobile

and wireless devices.
• Describe organisation security policies for mobile devices.
5
Chapter 2

Topic 1

6
 Introduction
to
1
Cyber Offense
&
Cyber Crime
Lecture
Topics to be covered Learning Objective
No.
Introduction with Course Outcome and Program Outcome To Discuss criminal planning attacks on Social
5 with objectve of module, How criminal plan the attacks, Engg, Cyber Stalking, Cyber café and
Social Engg, Cyber stalking, Cyber café and Cybercrimes Cybercrimes
6 Bot nets, Attack vector, Cloud Computing To Classify different types of Attacks
To Understand various mobile and wireless
7 Proliferation of Mobile and Wireless Devices devices related cybercrime and idetify supported
law.
Trends in Mobility, Credit Card Frauds in Mobile and to Understand recent trends in mobiity wireless
8
Wireless Computing Era era
To Discuss Security Challenges Posed by Mobile
Security Challenges Posed by Mobile Devices, Registry
9 Devices and explore the knowledge of Registry
Settings for Mobile Devices.
Settings for Mobile Devices.
Authentication Service Security, Attacks on Mobile/Cell to Explain Authentication on Service Security and
10
Phones. able to Group Attacks on Mobile/Cell Phones.
To Document Security Implications for
11 Mobile Devices: Security Implications for Organizations.
Organizations.
To Determine Organizational Measures for
Organizational Measures for Handling Mobile,
12 Handling Mobile, Devices-Related Security
Devices-Related Security Issues.
Issues.
Organizational Security Policies and Measures in Mobile To Interpret Organizational Security Policies and
13
Computing Era, Laptops. Measures in Mobile Computing Era, Laptops.
Cyber Crime As Per IT Act 2000

Any illegal behaviour committed

by means of, or in relation to, a
computer system or network, including
such crimes as illegal possession and
offering or distributing information
by means of a computer system or
network.
 CYBER OFFENSE
Any interference by an attacker that results in damage,
alteration or compression of computer data without the
owner's permission is called Cyber offense.
Chapter 2

Topic 2

11
 How Do
Criminals Plan
2
The Attacks ?
HOW DO CRIMINALS PLAN THE ATTACKS ?
Phases Involved
Let’s learn one by one?

15
 PHASE 1 : RECONNAISSANCE
In the world of hacking , reconnaissance phase begins with foot printing .

This involves accumulating (investigating) data about the target’s environment

and computer architecture.
 Active Phase
• An active attack involves probing the network to discover individual hosts to confirm the
information gathered in passive attack phase.

•It involves the risk of detection and is also called “Rating the doorknobs” or “Active
Reconnaissance”.

17
 Passive Attack

• A Passive attack involves gathering

information about a target without
his/her knowledge.

• It is usually done using Internet

searches or by Googling (i.e.
Searching the required information
with the help of search engine Google)
an individual or company to gain
information

18
 Phase 2 : Scanning and Scrutinizing
gathered information
• Scanning is the key step to examine intelligently while gathering information about
the target.

Port Scanning Network Sniffing Vulnerability

Scanning
Understand IP addresses
Identify open/close Understand the
and related information
ports or services existing weaknesses in
about computer network the system.
system

19
 Scrutinizing phase

Scrutinizing phase is always

called “enumeration”

(mentioning number of things

one by one) in the hacking
world .

20
 Phase 3: Launching an Attack
After Scanning and Enumeration , the Attack is launched in following
steps :
❖Crack the password.
❖Exploit the privileges
❖Execute malicious commands/applications.
❖Hide the file
❖Cover the tracks(delete access logs).
21
Chapter 2

Topic 3

22
 Social
3
Engineering
 Social Engineering
Social engineering is a non technical strategy cyber attackers use that relies heavily
on human interaction and often involves tricking people into breaking standard
security policies.
.

24
Types of Social Engineering
How Social Engineering Attack is performed?
Chapter 2

Topic 4

27
 Cyber
4
Stalking
Cyber Stalking
Chapter 2

Topic 5

30
 Cyber Cafe
5

Cyber Crimes
 Cyber Cafe and Cyber Crimes
• Cyber Cafe such as stealing of bank passwords and
illegally withdrawal of money have also happened through
cyber cafes.

• Cyber cafes have also been used regularly for sending

absence mail to harass people.

• A recent survey conducted in one of the metropolitan cities

in India reveals the following facts :
❑ Pirated software are installed in all the computers.
❑ Antivirus was not updated with latest patch.
❑ Several cybercafes has installed “Deep Freeze” to protect
computer which helps cyber criminals.
❑ Annual Maintenance Contract (AMC) was not found for
servicing of the compute
❑ Pornographical websites were not blocked.
SECURITY TIPS FOR CYBER CAFE
 Lab Experiment
To Enable Router
Encryption to Protect
Wi-Fi

34
Chapter 2

Topic 6

35
6 Bot nets
 Bot net
❖ A Botnet is a network of
compromised computers called
Zombie Computers or Bots, under
the control of a remote attacker.
❖ Bots began as a useful tool. They
were originally developed as a
virtual individual that could sit on a
IRC channel and monitor network
traffic
 Botnet
Terminology
❖ Bot Herder(Bot Master)
❖ Bots (Zombie
Computer)
❖ IRC Server
❖ Command and Control
Server
Ready to learn ??? Let’s start !!!
 1. Bot Header
❖ Bot Headers (Bot Master) are the hackers
who use automated techniques to scan
specific network ranges and find
vulnerable systems, on which they can
install their bot program.
❖ To create an army of Zombies over
Internet, attacker typically infect
machines of home users, network
maintained by universities or small
enterprises, etc.
 2. Bots (Zombie
Computers)
❖ Bots (also called as Zombie Computers) are
the computers that contribute to the botnet
network.
❖ They run using a hidden channel to
communicate to their C&C server.
❖ They can auto scan their environments and
propagate themselves taking advantage of
vulnerabilities and weak passwords.
❖ Generally , the more vulnerabilities a bot can
scan, the more valuable it becomes to the
botnet controller community .
❖ The process of stealing computer resources
as a result of a system being joined to a
botnet is called Scrumping
 3. IRC Server
❖ Internet Relay Chat (IRC) is a form
of real-time Internet text messaging
(chat).
❖ The server listen to connections from
IRC clients enabling people to talk to
each other via the internet.
❖ IRC provides a simple, low latency,
widely available, and anonymous
command and control channel for
botnet communication.
 4. Command and
Control Server
❖ C&C Infrastructure allows a bot agent to receive new instructions, malicious
capabilities, update existing infections or to instruct the infected computer to carry
out specific task as dictated by remote controller.
❖ The criminal actively controlling botnets must ensure that their C&C infrastructure
is sufficiently robust to manage tens-of-thousand of globally scattered bots as well
as resist attempts to hijack or shutdown the botnet.
Chapter 2

Topic 7
What is Attack
Vector??
 Attack Vector
❖ In cyber security, an attack vector is a
method or pathway used by a hacker
to access or penetrate the target
system.
❖ Hackers steal information, data and
money from people and organizations
by investigating known attack
vectors and attempting to exploit
vulnerabilities to gain access to the
desired system.
❖ Attack vectors entitle attackers to
exploit system vulnerabilities,
including human components.
How Attack vector is
launched
Consequences of
Attack Vector
Chapter 2

Topic 8
Cloud
Computing
 Cloud
Computing
❖ Cloud computing is a term which is used for storing
& accessing data over the Internet. It doesn’t store
any data on the HD of a PC. Cloud computing
helps you to access your data from remote
servers.

❖ Cloud Computing is using Internet to access

someone else’s software running on someone
else’s hardware in someone else’s data centre.
Cloud Computing
Services
 Cloud Computing
Services (continued)
❖ Infrastructure-as-a-Service(IaaS) : It is
like Amazon Web service that provides
virtual servers with unique IP addresses
and blocks of storage on demand.
❖ Platform-as-a-Service (Paas): It is a set of
Software development tools hosted on
the provided server. Developers can
Create applications using the provider's
API. Google apps is one of the most
famous Paas providers.
❖ Software - as-a-Service (Saas) : In this
case the provider allows the customer
only to use its applications. The software
interacts with the user interface.
Security Issue
 Lab Experiment
To Study Remote
Access Tool
(Study purpose only)

55
Chapter 2

Topic 9
 Proliferation of Mobile
and Wireless Devices
❖ A simple hand held mobile phone
gives enough processing capacity to
run little applications, mess around and
music and make voice calls.

❖ A smart phone is defined as a mobile

phone that performs many of the
functions of a computer ,typically
having a touch screen interface,
internet access and an operating
system capable of running downloaded
apps.
❖ MD – Mobile Device
❖ WD – Wireless Device
❖ HD – Handheld Device
❖ Portable Computer : General purpose computer
that can be easily moved starting from one spot
onto another.
❖ Tablet PC : It lacks a keyboard , shaped like
slate or paper journal and has highlights of a Types of Mobile Computers
touch screen with styles and handwriting
recognition software.
❖ Internet Tablet : Unlike Tablet, the internet
Tablet does not have much computing power
and its application suite is limited. The Internet
tablets typically feature on MP3 and video
player, a web browser, chat application and
picture viewer.
❖ Personal Digital Assistant(PDA): It is a small,
pocket sized computer with limited functionality.
It is intended to synchronize with desktop
computers, giving access to contacts, address,
books, notes, E-mail and other features.
❖ Ultra Mobile PC: It is a full featured,
PDA-sized computer running a general purpose
operating system(OS).
❖ Smart phone : It is a PDA with an integrated
cell phone functionality.
❖ Carputer : It is a computing device installed in
an automobile. It operates as a wireless
computer, sound system, GPS and DVD player.
It also contains word processing software and
Bluetooth compatible.
Chapter 2

Topic 10
 Have you ever
browsed about
Trends in mobility
wireless era ????
 Trends in Mobility
❖ Mobile computing is
moving into a new era
(2G,3G,4G and beyond
)where we have numerous
applications, improved
ease of use and higher
data rates.
❖ The various types of
mobility and their
implications are as follows:
Attacks on
Mobile Devices
Overbilling
Attack
Overbilling involves
an attacker hijacking a
subscriber's IP address
and then using it to
initiate downloads or
use it for its own use.
In this, the legitimate
user is charged for the
activity.
Chapter 2

Topic 11
Many people use
credit cards
nowadays
Have you ever wondered
How it works???
Is it safe ???
Let’s Have a look
 Online Environment for Credit Card Transaction
❖ The customer places an order and swipes the
card .
❖ The card details are known through magnetic
strip data .
❖ Magnetic strip also known as swipe card or
magstrip is a card capable of storing data
modifying the iron based magnetic particles on
band of magnetic material on card.
❖ The security control module reads the magnetic
strip and acquires the pin.
❖ The order is managed , accounting is done by
the merchant server .
❖ Host security module checks pin inside
encrypted pin block with optional pin offset
data.
❖ The transaction is then routed to the issuing
bank to request transaction authorization.
❖ The transaction is accepted or declined by the
issuing bank.
❖ The acquiring bank credits the merchant’s
account.
 Closed loop Environment
for wireless
❖ Merchant sends a transaction to the
bank.
❖ The bank transmits the request to the
authorised card holder
❖ The cardholder approval or rejects
(password protected)
❖ The bank (if NO)/ merchant (if YES) is
notified.
❖ The credit card transaction is completed.
Types and Techniques of
Credit Card Fraud
 Types and Techniques of Credit Card Fraud
(Contd)

Modern
Fraud
Chapter 2

Topic 12
Security Challenges Faced
By Mobile Phones
Different Attacks onMobile Phones
Security Challenges Faced by Mobile
Phones
Chapter 2

Topic 13
Registry Setting
For Mobile
Logo For Windows Registry

Devices
 Registry settings for
mobile devices: example
❖ Microsoft Active Sync :
synchronize PCs and MS Outlook
❖ Gateway between
Windows-Powered PC and
Windows mobile-Powered device
❖ Enables transfer of Outlook
information, MS Office
documents, pictures, music,
videos and applications
❖ Active sync can synchronize
directly with MS Exchange Sever
so that the user can keep their
E-Mails, calendar, notes and
contacts updated wirelessly.
 Managing the registry setting and
configuration
❖ If you use an Active Directory®
environment to administer the
computers in your network,
Group Policy provides a
comprehensive set of policy
settings to manage Windows®
Internet Explorer® 8 after you
have deployed it to your users'
computers.
❖ You can use the Administrative
Template policy settings to
establish and lock registry-based
policies for hundreds of Internet
Explorer 8 options, including
security options.
❖ 1700 settings in a standard
group policy
 Example
❖ When using Pick-IT ASP in Internet Explorer, the
SIP (software input panel, or virtual keyboard) will
pop up when a textbox is activated. We cannot
control this panel through Pick-IT.
❖ The method disables this SIP, depending on your
mobile device model and operating system.
Chapter 2

Topic 14
Authentication
Service Security
 Authentication
Service Security
❖ Involves mutual authentication
between the device and the base
station/ servers.
❖ Ensures that only authenticated
devices can be connected to the
network
❖ Hence, no malicious code can
impersonate the service provider to
trick the device
Eminent kinds of attacks on
mobile devices
Process Of Authentication
Server
Chapter 2

Topic 14
 In Today’s World
Everyone is unaware how dangerous
Mobile Phones can be
 Attacks on Mobile
Phones

Let’s learn One by One

Mobile Phone Theft
 Mobile Viruses
40 virus families
❖

300+ mobile viruses

❖

identified
First mobile virus : june
❖

2004
Spread through dominant
❖

communication protocols
❖ Bluetooth, MMS
 Mishing
❖ 'Mishing' is a combination of the words
mobile phone and phishing.
❖ Mishing is very similar to phishing—the
only difference is the technology.
❖ Phishing involves the use of emails to trick
you into providing your personal details,
whereas mishing involves mobile phones.
❖ If you use your mobile phone for
purchasing goods and services and
convenient banking, you could be more
vulnerable to a mishing scam.
Variants of
Mishing
 Vishing
❖ The term "vishing" is a socially
engineered technique for stealing
information or money from
consumers using the telephone
network.
❖ Vishing is very similar to
phishing—the only difference is the
technology.
❖ Vishing involves voice or telephone
services. If you use a Voice over
Internet Protocol (VoIP) phone
service, you are particularly
vulnerable to a vishing scam.
❖ Vishing is usually used to steal credit
card numbers or other related data
used in ID theft schemes from
individuals.
 Smishing
❖ Short for SMS Phishing, smishing is a variant of
phishing email scams that instead utilizes Short
Message Service (SMS) systems to send bogus
text messages.
❖ Also written as Smishing, SMS phishing made
recent headlines when a vulnerability in the
iPhone's SMS text messaging system was
discovered that made smishing on the mobile
device possible.
 Hacking
Bluetooth
❖ Bluetooth hacking is a technique used to
get information from another Bluetooth
enabled device without any permissions
from the host.
❖ This event takes place due to security
flaws in the Bluetooth technology.
❖ It is also known as Bluesnarfing.
❖ Bluetooth hacking is not limited to cell
phones, but is also used to hack PDAs,
Laptops and desktop computers.
❖ Bluetooth hacking is illegal and can lead
to serious consequences.
Common Attacks
Chapter 2

Topic 15
Security
Implications for
Organization
Security risks within an
organization
Fraud
Most Common
Fraud Tactics
 Unauthorized
data access
❖ Password protection is the most common
method of protecting corporate data .
❖ Fraudulent transaction are often carried out by
unauthorized users who manage to gain
access to the corporate network by using the
login details of another user.
❖ One way of achieving this is through a terminal
soof-a simple yet effective approach to finding
other user’s passwords.
❖ Other dangers of which managers should be
aware include the Trojan horse in which code
is added to a program, which will activate
under certain condition.
 Sabotage and
Theft
❖ Another form of theft relates to
copying of programs and data in an
organization.
❖ Theft of software is the major
problem in the pc world where
users often make illegal copies of
the programs rather than purchase
the package themselves –this
practice is known as software
piracy.
Chapter 2

Topic 16
Organizational measures for
handling Mobile, device related
security issues
Security features used to protect
mobile assets
 Key Enquires addressed when
building a mobile security strategy
Chapter 2

Topic 16
Security Policy and
Measures in Mobile
Computing Era
3 Vectors of
Attacks
 Damages
Microphone Tracking Taking Stealing
Recording Location Crack Stealing
Password Photos Emails Contact List
Mobile Device
Management
Security
Implications
for Laptops
Security Rules
Security Rules (Contd)