Unit -II

CYBER CRIME
 Mobile and Wireless Devices-Introduction

In this modern era, the rising importance of electronic gadgets (i.e., mobile hand-held
devices) – which became an integral part of business, providing connectivity with the
internet outside the office – brings many challenges to secure these devices from being
a victim of cybercrime.

In the recent years, the use of laptops, personal digital assistants (PDAs), and mobile
phones has grown from limited user communities to widespread desktop replacement
and broad deployment.
 Proliferation of Mobile and Wireless Devices

Today, incredible advances are being made for mobile devices. The rend is for smaller
devices and more processing power. A few years ago, the choice was between a
wireless phone and a simple PDA. Now the buyers have a choice between high end
PDAs with integrated wireless modems and small phones with wireless web-browsing
capabilities. A long list of options is available to the mobiles users. A simple hand held
mobile device provides enough computing power to run small applications, play game,
and music and make voice calls.
Proliferation of Mobile and Wireless Devices

Mobile Wireless Modems

ER Diagram
(Entity Relationship Diagram)
 Proliferation of Mobile and Wireless Devices

1. Portable Computer
2. Tablet PC
3. Internet Tablet
4. Personal Digital Assistant (PDA)
5. Ultramobile PC
6. Smartphone
7. Carputer
8. Fly Fusion Pentop Computer
 Proliferation of Mobile and Wireless Devices

1. Portable Computer
 Proliferation of Mobile and Wireless Devices

1. PDA
 Proliferation of Mobile and Wireless Devices

1. Ultamobile PC
 Proliferation of Mobile and Wireless Devices

1. Carputer

Sound System, Global positioning System

(GPS) and DVD player. Bluetooth
Compatible.
 Proliferation of Mobile and Wireless Devices

1. Fly Fusion Pentop Computer

It is a computer device with the size and

shape of a pen. It is Functions as a
writing utensil, MP3 player, language
translator, digital storage device and
calculator.
 Trends in Mobility

Mobile computing is moving into a new era, Fifth generation (5G), which promises
greater variety in applications and have highly improved usability as well as speedier
networking. “iPhone” from Apple and Google-led “android” phones are the best
example of this trend and there are plenty of other development the point in this
direction. This smart mobile technology is rapidly gaining popularity and the attackers
are among its biggest fans.
 Trends in Mobility
Types of Mobility and its implications
What is the Difference?

User Interaction Model

User Mobility
M
o Smaller, Battery-driven devices, multiple
heterogeneous network or often no network
b Device Mobility Position become parameter
i
l
i Issues in data distribution
Session Mobility
t
y
Service Mobility Distributed life cycle management
(Code Mobility) security is strong issue
 Popular types of attacks against 3G mobile networks

1. Malwares, viruses and worms

1. Skull Trojan: It Targets Series 60 Phones equipped with the Symbian Mobile OS.
2. Cabir Worm: It is the first dedicated Mobile-Phone Worm: infects phones running on Symbian OS and
scans other mobile devices to send a copy of itself to the first vulnerable phone it finds through Bluetooth
Wireless technology.
3. Mosquito Trojan: it affects the 60 Smartphones and is a cracked version of “Mosquitos” mobile phone
game.
4. Brador Trojan: It affects the windows CE OS by creating a svchost.exe file in the windows start up folder
which allows full control of the device. This file is conductive to traditional worm propagation vector such
as E-Mail file attachments.
 Popular types of attacks against 3G mobile networks

1. Malwares, viruses and worms

2. Denial of Services (DoS)

3. Overbilling Attack

4. Spoofed Policy development process (PDP)

5. Signaling level attacks

 Denial of Services (DoS)

The main objective behind this attack is to make the system unavailable to the intended users.
Virus attacks can be used to damage the system to make the system unavailable Presently,
one of the most common cyber-security threats to wired Internet service providers (ISPs) is a
distributed denial-of-service (DDoS) attack. DDoS attacks are used to flood the target system
with the data so that the response from the target system is either slowed or stopped.
Botnets/zombies are used to create enough traffic to impose that kind of damage.
 Overbilling Attack

Overbilling involves an attacker hijacking a subscriber's IP address and then using it (ie., the
connection) to initiate downloads that are not "Free downloads" or simply use it for his/her
own purposes. In either case, the legitimate user is charged for the activity which the user did
not conduct or authorize to conduct.
 Spoofed Policy development process (PDP)

These types of attacks exploit the vulnerabilities in the GTP (General Packet Radio Service
(GPRS) Tunneling Protocol].
 Signaling level attacks

The Session Initiation Protocol (SIP) is a signaling protocol used in IP multi-media

subsystem (IMS) networks to provide Voice Over Internet Protocol (VoIP) services. There are
several vulnerabilities with SIP-based VoIP systems.
 Credit Card Frauds in Mobile and Wireless Computing

These are new trends in cybercrime that are coming up with mobile computing mobile
commerce (M-Commerce) and mobile banking (M-Banking). Credit card frauds are now
becoming common place given the ever-increasing power and the ever-reducing prices of the
mobile hand-held devices, factors that result in easy availability of these gadgets to almost
anyone. Mobile credit card transactions are now very common; new technologies combine
low-cost mobile phone technologies with the capabilities of a point-of-sale (POS) terminal.
Today belongs to "mobile computing." that is, anywhere anytime computing. The
developments in wireless technology have fuelled this new mode of working for white collar
workers.
Online Environment for credit card transactions
Online Environment for credit card transactions
Closed-loop environment for wireless
 Tips to Prevent Credit card Frauds
Do's
1. Put your signature on the card immediately upon its receipt.
2. Make the photocopy of both the sides of your card and preserve it at a safe place to remember the card number, expiration date in case of loss of
card.
3. Change the default personal identification number (PIN) received from the bank before doing any transaction.
4. Always carry the details about contact numbers of your bank in case of loss of your card.
5. Carry your cards in a separate pouch/card holder than your wallet.
6. Keep an eye on your card during the transaction, and ensure to get it back immediately.
7. Preserve all the receipts to compare with credit card invoice.
8. Reconcile your monthly invoice/statement with your receipts.
9. Report immediately any discrepancy observed in the monthly invoice/statement.
10. Destroy all the receipts after reconciling it with the monthly invoice/statement.
11. Inform your bank in advance, about any change in your contact details such as home address, cell phone number and E-Mail address.
12. Ensure the legitimacy of the website before providing any of your card details.
13. Report the loss of the card immediately in your bank and at the police station, if necessary.
 Tips to Prevent Credit card Frauds

Dont's
1. Store your card number and PINs in your cell.
2. Lend your cards to anyone.
3. Leave cards or transaction receipts lying around.
4. Sign a blank receipt (if the transaction details are not legible, ask for another receipt to ensure the amount
instead of trusting the seller).
5. Write your card number/PIN on a postcard or the outside of an envelope.
6. Give out immediately your account number over the phone (unless you are calling to a com- pany/to your
bank).
7. Destroy credit card receipts by simply dropping into garbage box/dustbin.
 Types and Techniques of Credit Card Frauds

1. Traditional Techniques (Paper Based)

2. Modern Techniques (Paper Less)

 Registry Settings for Mobile Devices

1. Microsoft ActiveSync is meant for synchronization with Windows-powered personal computers (PCs) and
Microsoft Outlook.
2. ActiveSync acts as the gateway between Windows-powered PC and Windows mobile-powered device,
enabling the transfer of applications such as Outlook information, Microsoft Office documents, pictures,
music, videos and applications from a user’s desktop to his/her device.
3. In addition to synchronizing with a PC, ActiveSync can synchronize directly with the Microsoft exchange
server so that the users can keep their E-Mails, calendar, notes and contacts updated wirelessly when they
are away from their PCs.
4. In this context, registry setting becomes an important issue given the ease with which various applications
allow a free flow of information.
 Authentication Service Security
1. There are two components of security in mobile computing: security of devices and security in
networks.
2. A secure network access involves mutual authentication between the device and the base stations or
Web servers.
3. This is to ensure that only authenticated devices can be connected to the network for obtaining the
requested services.
4. No Malicious Code can impersonate (imitate) the service provider to trick the device into doing
something it does not mean to. Thus, the networks also play a crucial role in security of mobile
devices.
5. Some eminent kinds of attacks to which mobile devices are subjected to are: push attacks, pull
attacks and crash attacks.
6. Authentication services security is important given the typical attacks on mobile devices
through wireless networks: DoS attacks, traffic analysis, eavesdropping, man-in-the- middle
attacks and session hijacking.
 Cryptographic Security for mobile Devices

1. Cryptographically Generated Addresses (CGA) is Internet Protocol version 6 (IPv6) that addresses
up to 64 address bits that are generated by hashing owner’s public-key address.
2. Deployment of PKI provides many benefits for users to secure their financial transactions initiated
from mobile devices. 0000:0000:0000:0000:0000:0000:0000:0000
 LDAP (Lightweight Directory Access Protocol) Security for Hand-Held Mobile
Computing Devices

1. LDAP is a software protocol for enabling anyone to locate individuals, organizations and other
resources such as files and devices on the network (i.e., on the public Internet or on the
organizations’s Intranet).

2. In a network, a directory tells you where an entity is located in the network.

3. LDAP is a light weight (smaller Attacker Launches blended attack over rogue ad hoc network
(802.11, bluetooth, infrared) amount of code) version of Directory Access Protocol (DAP) because it
does not include security features in its initial version.
 RAS (Remote Access Server) Security for Mobile Devices

1. RAS (Remote Access Server) is an important consideration for protecting the business- sensitive
data that may reside on the employees’ mobile devices.

2. In terms of cybersecurity, mobile devices are sensitive. organization’s sensitive data can happen
through mobile hand-held devices carried by employees.
RAS (Remote Access Server) Security for Mobile Devices
 Attacks On Mobile/Cell Phones

1. Mobile Phone Theft

1. Many Insurance Companies have stopped offering Mobile Theft Insurance due to a large number of
false claims.
2. When anyone looses his/her mobile phone, more than anything “Contact List” and “Personally
Identifiable Information (PII)”, that really matter, are lost.

2. Enough target terminals

3. Enough functionality
1. Mobile devices are increasingly being equipped with office functionality and already carry critical
data & applications, which are often protected insufficiently or not at all. The expanded functionality
also increases the probability of malware.
 Attacks On Mobile/Cell Phones
4. Enough connectivity
1. Smartphones offer multiple communication options, such as SMS, MMS, synchronization,
Bluetooth, infrared (IR) and WLAN connections.
 Mobile Viruses

A mobile virus is similar to a computer virus that targets mobile phone data or
applications/software installed in it.
• In total, 40 mobile virus families and more than 300(+) mobile viruses have been identified.

• Mobile viruses get spread through two dominant communication protocols – Bluetooth and MMS.
• Bluetooth virus can easily spread within a distance of 10–30 m, through Bluetooth-activated phones

• MMS virus can send a copy of itself to all mobile users whose numbers are available in the infected mobile
phone’s address book.
 Mishing
Mishing is a combination of mobile and Phishing. Mishing attacks are attempted using mobile phone
technology.
1. M-Commerce is fast becoming a part of everyday life. If you use your mobile phone for purchasing
goods/services and for banking, you could be more vulnerable to a Mishing scam.
2. A typical Mishing attacker uses call termed as Vishing or message (SMS) known as Smishing.

3. Attacker will pretend to be an employee from your bank or another organization and will claim a need
for your personal details.
3. Attackers are very creative and they would try to convince you with different reasons why they need
this information from you.
 Vishing

Vishing is the criminal practice of using social engineering over the telephone system, most often using
features facilitated by VoIP, to gain access to personal and financial information from the public for the
purpose of financial reward. The term is a combination of V – Voice and Phishing. Vishing is usually
used to steal credit card numbers or other related data used in ID theft schemes from individuals.
The most profitable uses of the information gained through a Vishing attack include:
• ID theft
• Purchasing luxury goods and services
• Transferring money/funds
• Monitoring the victims’ bank accounts
• Making applications for loans and credit cards
 Vishing

How Vishing Works:

The criminal can initiate a Vishing attack using a variety of methods, each of which depends upon
information gathered by a criminal and criminal’s will to reach a particular audience.
1. Internet E-Mail: It is also called Phishing mail.
2. Mobile Text Messaging: Text is being messaged in Mobile.
3. Voicemail: Here, Victim is forced to call on the provided phone number, once he/she listens to
voice mail.
4. Direct phone Call: Following are the steps detailing on how direct phone call works.
 Smishing

• Smishing is a criminal offense conducted by using social engineering techniques similar to Phishing. The
name is derived from “SMs phISHING”. SMS – Short Message Service – is the text messages
communication component dominantly used into mobile phones. SMS can be abused by using different
methods and techniques other than information gathering under cybercrime.

• Smishing uses cell phone text messages to deliver a lure message to get the victim to reveal his/her PI. The
popular technique to “hook” the victim is either provide a phone number to force the victim to call or
provide a website URL to force the victim to access the URL, wherein, the victim gets connected with
bogus website (i.e., duplicate but fake site created by the criminal) and submits his/her PI. Smishing works
in the similar pattern as Vishing.
 Hacking Bluetooth

Bluetooth is an open wireless technology standard used for communication (i.e., exchanging data) over short
distances (i.e., using short length radio waves) between fixed and/or mobile device. Bluetooth is a short-range
wireless communication service/technology that uses the 2.4-GHz frequency range for its
transmission/communication. The older standard – Bluetooth 1.0 has a maximum transfer speed of 1 Mbps
(megabit per second) compared with 3 Mbps by Bluetooth 2.0. When Bluetooth is enabled on a device, it
essentially broadcasts “I’m here, and I’m able to connect” to any other Bluetooth-based device within range.
 Bluetooth Hacking Tools

1. Hciconfig
2. Hcitool
3. Sdptool

4. L2ping
 Mobile Devices: Security Implications for Organizations

Managing Diversity and Proliferation of Hand-Held Devices

• Cybersecurity is always a primary concern to Most organizations
• Most organizations fail to see the long-term significance of keeping track of who owns what kind of mobile
devices.
• Mobile devices of employees should be registered to the organization.

• When an employee leaves, it is important to remove logical and physical access to organization networks.
• Thus, mobile devices that belong to the company should be returned to the IT department and, at the very
least, should be deactivated and cleansed.
 Mobile Devices: Security Implications for Organizations

Unconventional/Stealth Storage Devices

• Compact disks (CDs) and Universal Serial Bus (USB) drives (also called zip drive, memory sticks) used by employees
are the key factors for cyber attacks.

• As the technology is advancing, the devices continue to decrease in size and emerge in new shapes and sizes –storage
devices available nowadays are difficult to detect and have become a prime challenge for organizational security.

• It is advisable to prohibit the employees in using these devices.

• Not only can viruses, worms and Trojans get into the organization network, but can also destroy valuable data in the
organization network.

• Organization has to have a policy in place to block these ports while issuing the asset to the employee.

• Employees can connect a USB/small digital camera/MP3 player to the USB port of any unattended computer and will
be able to download confidential data or upload harmful viruses.

• As the malicious attack is launched from within the organization, firewalls and antivirus software are not alerted.
 Mobile Devices: Security Implications for Organizations

Threats through Lost and Stolen Devices

• This is a new emerging issue for cybersecurity.
• Often mobile hand-held devices are lost while people are on the move.

• Lost mobile devices are becoming even a larger security risk to corporations.

• A report based on a survey of London’s 24,000 licensed cab drivers quotes that 2,900 laptops, 1,300 PDAs and
over 62,000 mobile phones were left in London in cabs in the year 2001 over the last 6-month period.

• Today this figure (lost mobile devices) could be far larger given the greatly increased sales and usage of
mobile devices.

• Most of these lost devices have wireless access to a corporate network and have potentially very little security,
making them a weak link and a major headache for security administrators.
 Mobile Devices: Security Implications for Organizations

Protecting Data on Lost Devices

• There are two reasons why cybersecurity needs to protect the data when device is lost:

1. data that are persistently stored on the device and

2. always running applications.

• For protecting data, there are two precautions to prevent disclosure of the data stored
on a mobile device:

1. encrypting sensitive data and

2. encrypting the entire file system.

 Organizational Measures for Handling Mobile

Encrypting Organizational Databases

• Critical and sensitive data reside on databases and with the advances in technology, access to these data is
possible through mobiles.
• Through encryption we can protect organization data.

• Two algorithms that are typically used to implement strong encryption of database files: Rijndael (pronounced
rain-dahl or Rhine-doll), a block encryption algorithm, chosen as the new Advanced Encryption Standard
(AES) for block ciphers by the National Institute of Standards and Technology (NIST).

• The other algorithm used to implement strong encryption of database files is the Multi- Dimensional Space
Rotation (MDSR) algorithm developed by Casio.

• The term “strong encryption” is used here to describe these technologies in contrast to the simple encryption.
 Organizational Measures for Handling Mobile

Including Mobile Devices in Security Strategy

• Organizational IT departments will have to take the accountability for cybersecurity threats that come through
inappropriate access to organizational data from mobile- device–user employees.
• Encryption of corporate databases is not the end of everything.

• There are technologies available to properly secure mobile devices. For example, there are ways to make
devices lock or destroy the lost data by sending the machine a special message.

• Also, some mobile devices have high-powered processors that will support 128-bit encryption.
• Implement strong asset management, virus checking, loss prevention and other controls for mobile systems
that will prohibit unauthorized access and the entry of corrupted data.

• Notify the appropriate law-enforcement agency and change passwords. User accounts are closely monitored
for any unusual activity for a period of time.
 Organizational Security Policies and Measures in Mobile Computing Era

Importance of Security Policies relating to Mobile Computing Devices

• Growth of mobile devices used makes the cybersecurity issue harder than what we would tend to think.
• People (especially, the youth) have grown so used to their mobiles that they are treating them like wallets!

• For example, people are storing more types of confidential information on mobile computing devices than
their employers or they themselves know; they listen to music using their hand-held devices

• One should think about not to keep credit card and bank account numbers, passwords, confidential E-Mails
and strategic information about organization.
• Imagine the business impact if mobile or laptop was lost or stolen, revealing sensitive customer data such as
credit reports, social security numbers (SSNs) and contact information.