Cyber

crime
and
Ethical
Hacki
ng
MODULE – 01
 At the end of this module, you
will be able to:
 Learn what is cybercrime?
 Understand types of
Learning cybercrime and categories.
 Learn role of computer in
Objectives cybercrime.
 Learn about cybercriminals.
 Learn about hacking and
ethical hacking.
 Understand phases of hacking.
 Introduction to
Cybercrime
Cybercrime:
• The term cybercrime refers to crimes committed using
computer.

• Cybercrime refers to the crime involving computer and

computer network.

• A crime conducted in which a computer was

directly and significantly instrumental.
 Cybercrime
• “Cybercrime (computer crime) is any illegal behavior,
directed by means of electronic operations, that target
the security of computer systems and the data
processed by them”.

• Hence cybercrime can sometimes be called as

computer-related crime, computer crime, E-crime,
Internet crime, High-tech crime….
 • Any illegal act where a special
knowledge of computer technology is
essential for its perpetration,
investigation or prosecution.

• Any traditional crime that has acquired a

new dimension or order of magnitude
Cybercrim through the aid of a computer, and abuses
that have come into being because of
e computers.

• Any financial dishonesty that takes place in

a computer environment.

• Any threats to the computer itself, such as

theft of hardware or software, sabotage and
demands for ransom.
Categories
of
Cybercrim
es
Categories of
Cybercrimes
Cyber porn,

Transmission of
child
Cybercrimes against pornography,
People Harassment of an
individual through
email,

False legal
agreement scams,
etc.
Categories of
Cybercrimes
Computer devilry,

Cybercrimes Against Destruction of others

Property : property or parts

Transmission of
harmful viruses,
worms, or programs.
 Categories of
Cybercrimes
3. Cybercrimes Against Government
 Cyber terrorism is a distinct crime in this category.
 The spread of internet has shown that this medium is
used by people and teams to threaten the international
governments conjointly to terrorize the voters of a rustic.
 Attacks on government or military maintained websites.
 Cybercrimes can be broadly divided as;
A.Violent or potentially violent
cybercrimes: Violent or potentially violent
cybercrimes are those that pose a
physical risk to some character or people.
They can be further divided as;
• Cyber terrorism
• Cyber stalking
• Assaults by threat
Types of • Child pornography
Cybercrim
es B.Non-violent cybercrimes: Non-violent
cybercrimes are those that do not directly
pose a physical risk to some character or
persons, but indirectly they do pose a risk.
They can be;
• Cyber theft
• Cyber trespass
• Cyber fraud
• Destructive Cybercrimes
 Types of
Cybercrimes
1.Hacking :
Do not hack, but when you do, it should be ethical!

2. Denial-of-Service Attacks :
A Denial-of-Service (DoS) attack is a trial to make an online
service unavailable by overloading the network traffic from multiple
sources. DoS targets a large variety of resources.

3. Trojan Attacks :
Trojans are small particles of malware that allow the hacker to
either gain or obtain remote access to any computer.
The first faults are theirs that commit them; the second faults are theirs that permit them..
 Types of
Cybercrimes
4. Credit Card Frauds :
Credit card frauds usually occur when an individual discloses
his/her confidential data such as credit card number, CVV
number, secret code for transaction, expiry date, etc.

5. Cyber Pornography :
Cyber pornography refers to distributing pornography over the
internet. People create and distribute porn or obscene materials
over the internet.
 Types of
Cybercrimes
6. Online Betting :
Online betting is also called online gambling or internet gambling
and takes place over the internet. Online gambling is the basic term
used for gambling over the internet.

7. Software Piracy :
Software piracy refers to the act of distributing licensed or
paid or
copyrighted software for free or at a minimal cost over the
internet.

8. E-mail Spoofing :
Email spoofing refers to sending emails from an unknown or
false source. Spoofing means that the hacker sends an email from
 Types of
Cybercrimes
9. Forgery/Falsification :
Forgery refers to the action of forging a copy or imitation of a
document, signature, or banknote. It is done to earn a huge profit by
selling the forged resource.
10. Phishing :
Phishing is a fraud type wherein the hacker tries to get personal
information, including login credentials or any bank account
information, by pretending to be a genuine entity in email, messages, or
other communication channels.
11. Cyber Terrorism :
Cyber terrorism is a planned activity in the cyber space via
computer networks. It includes the use of email as a communication
medium.
 Types of
Cybercrimes
12. Salami Attacks :
Salami attack is a combination of many small attacks that can
go undetected due to the nature of cybercrime.
13. Defamation :
Internet is an integral part of our life. It acts as a medium for
interacting with people across the globe. Defamation implies
causing harm to a reputed individual in front of others.
14. Cyber Stalking :
Cyber stalking refers to the use of an electronic medium
to threaten someone or an individual or a group of people or certain
organization.
 Who are
Cybercriminals?
Are those who conduct acts such as:
 Credit card fraud
 Cyberstalking
 Defaming another online
 Gaining unauthorized access to
computer systems
 Ignoring copyrights
 Software licensing and trademark
protection
 Overriding encryption to make illegal
copies
 Software piracy
 Stealing another’s identity to perform
criminal acts
Worms Versus Viruses :

Worms and viruses are malicious programs that

can cause harm to our system. However, both
these terms
are very different.

1. Worms : A worm (write once read many) is

similar to a computer virus by design. It is
considered to be a secondary category of virus.
A worm spreads from computer to computer,
but unlike virus it has the capability to travel
without any human action.

2. Viruses : A virus (vital information resources

under siege) is a software that is designed to
duplicate itself. This is
done by replicating itself into various programs
that are stored in the computer.
 Role of computer in Cybercrime

Computers can play a vital role in crimes as

shown
 They can extract evidences,
instrumentality, illegal imports, or the
fruit of a crime.
Role of
computer 1. They can act as a communication
tool.
in
Cybercrim 2. They can be the target of the
e attacker for criminal activity.

3. They can also be tangential to

crime.
 Prevention of
Cybercrime
Prevention is always better than cure.

It is always better to take certain precautions while working on

the internet.
The 5P’s mantra for online security are as follows:

1. Precaution
2. Prevention
3. Protection
4. Preservation
5. Perseverance
 Hacking
• Hacking is the act of detecting and exploiting weaknesses in
a computer system or network, usually to gain unauthorized
access to personal or organizational data.

• Gaining access to a computer system that is not supposed

allowed to access, considered as hacking.
• eg:
• Login into an email account that is not supposed to
have access,.
• Gaining access to a remote computer that you are
not supposed to have access.
 Ethical Hacking
• Ethical hacking is an authorized practice of detecting
vulnerabilities in web application, computer system,
or
organization’s IT infrastructure and breaching system security
to identify threats in a network.

• Ethical Hacking is defined as any form of hacking that

is authorized by the owner of the target system.

• Ethical hacking is also known as White hat Hacking or

Penetration Testing.
 Goals of Ethical
Hacking
• Find weaknesses and vulnerabilities in security
through penetration testing.

• Find areas where sensitive data could be compromised in

a cyber attack.

• Attempt to exploit vulnerabilities as a malicious hacker

would.

• Give recommendations for protection.

• Retest after recommendations are in place to ensure

Ref: https://www.roundtabletechnology.com/blog/what-are-the-goals-of-ethical-hacking
security.
 Phases of Ethical
Hacking
• There are mainly 5 phases in hacking.

• Not necessarily a hacker has to follow these 5 steps in a

sequential manner.

• It’s a stepwise process and when followed yields a better result.

 Phases of Ethical
Hacking
• There are mainly 5 phases in hacking.
• Not necessarily a hacker has to follow these 5 steps in a
sequential manner.
• It’s a stepwise process and when followed yields a better result.

Fig:https://www.greycampus.com/opencampus/ethical-hacking/phases-of-hacking
 Phases of Ethical
Hacking
1. Reconnaissance:
• This is the first step of Hacking.

• It is also called as Footprinting and information gathering

phase.

• This is the preparatory phase where we collect as

much information as possible about the target.
 Phases of Ethical
Hacking
1. Reconnaissance:

• There are two types of Footprinting:

• Active: Directly interacting with the target to
gather information about the target. Eg Using Nmap tool
to scan the target

• Passive: Trying to collect the information

about the target without directly accessing the target. This
involves collecting information from social media, public
websites etc.
 Phases of Ethical
Hacking
1. Reconnaissance:

• We usually collect information about three groups,

1. Network
2. Host
3. People involved
 Phases of Ethical
Hacking
2. Scanning:
• Port scanning: This phase involves scanning the target for
the information like open ports, Live systems, various services
running on the host.
• Vulnerability Scanning: Checking the target for weaknesses
or vulnerabilities which can be exploited. Usually done with
help of automated tools
• Network Mapping: Finding the topology of network, routers,
firewalls servers if any, and host information and drawing a
network diagram with the available information. This map
may serve as a valuable piece of information throughout the
hacking process.
 Phases of Ethical
Hacking
3. Gaining Access:

• This phase is where an attacker breaks into the system/network

using various tools or methods.

• After entering into a system, he has to increase his privilege

to administrator level so he can install an application he
needs or modify data or hide data.
 Phases of Ethical
Hacking
4. Maintaining Access:

• Hacker may just hack the system to show it was vulnerable or

he can be so mischievous that he wants to maintain or persist the
connection in the background without the knowledge of the
user.

• This can be done using Trojans, Rootkits or other malicious

files.

• The aim is to maintain the access to the target until he finishes

the tasks he planned to accomplish in that target.
 Phases of Ethical
Hacking
5. Clearing Track:

• No thief wants to get caught.

• An intelligent hacker always clears all evidence so that in the

later point of time, no one will find any traces leading to him.

• This involves modifying/corrupting/deleting the values of Logs,

modifying registry values and uninstalling all applications he
used and deleting all folders he created.
 Tools for Ethical
Hacking
1. NMAP.
2. Metasploit.
3. Burp Suit.
4. Angry IP Scanner. ...
5. Cain & Abel. ...
6. Ettercap. ...
7. EtherPeek. ...
8. SuperScan.
Ref: https://www.tutorialspoint.com/ethical_hacking/ethical_hacking_tools.htm
 NMAP
• Nmap stands for Network Mapper. It is an open source tool that is
used widely for network discovery and security auditing.
• Nmap was originally designed to scan large networks, but it can
work equally well for single hosts.
• Network administrators also find it useful for tasks such as
network inventory, managing service upgrade schedules, and
monitoring host or service uptime.
• Nmap uses raw IP packets to determine −
o what hosts are available on the network,
o what services those hosts are offering,
o what operating systems they are running on,
owhat type of firewalls are in use, and other such characteristics.
Nmap runs on all major computer operating systems such as Windows,
Mac OS X, and Linux.
 Metasploit
• Metasploit is one of the most powerful exploit tools.
• It’s a product of Rapid7 and most of its resources can be found
at: www.metasploit.com.
• It comes in two versions − commercial and free edition.
• Matasploit can be used with command prompt or with Web UI.

• With Metasploit, you can perform the following operations −

o Conduct basic penetration tests on small networks
o Run spot checks on the exploitability of vulnerabilities
o Discover the network or import scan data
o Browse exploit modules and run individual
exploits on hosts
 Burp Suite
• Burp Suite is a popular platform that is widely used
for performing security testing of web applications.
• It has various tools that work in collaboration to support the
entire testing process, from initial mapping and analysis of
an application's attack surface, through to finding and
exploiting security vulnerabilities.
• Burp is easy to use and provides the administrators full
control to combine advanced manual techniques with
automation for efficient testing.
• Burp can be easily configured and it contains features to
assist even the most experienced testers with their work.
 Maltego
• Maltego is proprietary software used for open-source
intelligence and forensics, developed by Paterva.

• Maltego focuses on providing a library of transforms for

discovery of data from open sources, and visualizing that
information in a graph format, suitable for link analysis
and data mining
 Scanning Tools
Top Vulnerability Assessment Scanning Tools
• Comodo HackerProof. Comodo's HackerProof is considered to
be a revolutionary vulnerability scanning and trust
building tool that enables overcoming the security concerns
of your visitors. ...
• OpenVAS. ...
• Nexpose Community. ...
• Nikto. ...
• Tripwire IP360. ...
• Wireshark. ...
• Aircrack. ...
• Nessus Professional.
Ref: https://cwatch.comodo.com/blog/website.../top-10-vulnerability-assessment-scanning-too...
 Hacker
• The one who is curious about the workings of any computer
software is termed a hacker. Very often, the hackers are a unit of
smart programmers.

• Hackers have advanced knowledge of operative systems

and programming languages.
 Cracker
• People who break into different systems with
malicious intentions are referred to as crackers.

• Crackers cause issues to victims by an unauthorized access,

destroying necessary information, stopping services
provided by the server, and more.
Difference between Hackers & Crackers
 Phreakers
• Phreaker is the one who gains illegal access to the
telephone system.

• Phreakers are considered the original computer hackers and

they are those who break into the telephone network illegally,
typically to make free long distance phone calls or to tap
phone lines.

• Phreakers are people who specialize in attacks on the

telephone system.
 Rules of Ethical
Hacking
• Even certified ethical hackers need to understand some
rules before practicing white hat hacking.

Ref: https://www.knowledgehut.com/blog/security/learning-ethical-hacking-can-be-a-disaster-if-you-neglect-these-7-rules
 Rules of Ethical
Hacking
• You are a white hat hacker but you still need permission
before hacking into a user’s system:
• White hat hacking may be ethical but hacking into a user’s
system without explicit permission from them will land
you in trouble.
• In fact hacking, even for ethical purposes without
explicit permission from the owners is a criminal
offence in most countries.
 Rules of Ethical
Hacking
• You are a white hat hacker but you still need permission
before hacking into a user’s system:
• Understand your client’s business and organizational
set up:
• Before you start off on ethical hacking it is important
that you understand your client organization's business
and system.
• This will give you a background on the sensitivities of
their network and how you need to handle any sensitive
information that you might encounter.
 Rules of Ethical
Hacking
• You are a white hat hacker but you still need permission
before hacking into a user’s system:
• Understand your client’s business and organizational
set up:
• Do not exceed limits imposed by the client:
• Even if your client has given you full access to their
network, there might still be a limit to how much you can
dig.
• Do not dig deeper than you have been told to as you might
be breaching client trust.
 Rules of Ethical
Hacking
• You are a white hat hacker but you still need permission
before hacking into a user’s system:
• Understand your client’s business and organizational
set up:
• Do not exceed limits imposed by the client:
• Make sure you do your job properly so that you do not
compromise the client’s defense systems:
• Your job is to sniff out holes and ensure that those holes are
fixed to strengthen the IT security system.
• Give a detailed report of your findings and ensure that you
do not overstep any limits or violate any laws or regulations.
 Rules of Ethical
Hacking
• You are a white hat hacker but you still need permission
before hacking into a user’s system:
• Understand your client’s business and organizational
set up:
• Do not exceed limits imposed by the client:
• Make sure you do your job properly so that you do not
compromise the client’s defense systems:
• Be transparent with your clients:
• Open communication with your client will not only
help your
client but also you, by increasing your
trustworthiness.
• You must disclose all discoveries that you have made to your
client so that they can take necessary precautions to
 Rules of Ethical
Hacking
• You are a white hat hacker but you still need permission
before hacking into a user’s system:
• Understand your client’s business and organizational
set up:
• Do not exceed limits imposed by the client:
• Make sure you do your job properly so that you do not
compromise the client’s defense systems:
• Be transparent with your clients:
• Be confidential and ethical:
• You should maintain confidentiality during and even after the
job is done.
• You are an ethical hacker and work ethics come topmost for
you and this includes client confidentiality.
• Disclosing secrets of your clients to third parties will
 Rules of Ethical
Hacking
• You are a white hat hacker but you still need permission
before hacking into a user’s system:
• Understand your client’s business and organizational
set up:
• Do not exceed limits imposed by the client:
• Make sure you do your job properly so that you do not
compromise the client’s defense systems:
• Be transparent with your clients:
• Be confidential and ethical:
• Cover your tracks:
• You have penetrated the systems and you have suggested
detailed clean-ups.
• But as you exit, you must ensure that you do not leave
any
footprints and thus protect the system from future
 Rules of Ethical
Hacking
• You are a white hat hacker but you still need permission
before hacking into a user’s system:
• Understand your client’s business and organizational
set up:
• Do not exceed limits imposed by the client:
• Make sure you do your job properly so that you do not
compromise the client’s defense systems:
• Be transparent with your clients:
• Be confidential and ethical:
• Cover your tracks:
 What to do if Been
Hacked ?
1.Cut-off your internet connection: If you think that you simply
are being hacked, the primary factor to try to do is to cut-off internet
from your system so as to prevent any more intrusion.

2.Turn on firewall: Typically, we have a tendency to close up

windows firewall so as to put in some package. From a security
purpose of read , forever we must always activate firewalls.
Hardware firewall is another smart choice to install. It acts as an
associate isolator between external network and your internal
systems.

3.Contact your internet service supplier: It’s a decent apply to

contact your ISP within the case of hacking as a result of they need
their own policy and pointers for any malicious intrusion.