Introduction to Cyber Security

Module 2
Dept. of CSE
The National Institute of Engineering
 • Cyberoffenses: How, Criminals Plan
Them: How Criminals Plan the Attacks
• Social Engineering, Cyberstalking,
Topics Cybercafe and Cybercrimes
• Botnets: The Fuel for Cybercrime,
Attack, Vector.
Cyberoffenses: How Criminals Plan Them
• Technology is a “double-edged sword” can be used for both good and bad.
• Computer and tools, they are used either as target of offense or means of
committing an offense.
• Agencies collect information about the individuals (Aadhaar, Date of birth, Bank
account details, etc.)
• Attacker exploit vulnerabilities in the networks.
• Inadequate border protection.
• Remote access servers with weak access controls.
• Application servers with well-known exploits.
• Misconfigured systems and systems with default configuration.
 • Can be categorized based on
• The target of the crime.
• Whether the crime occurs as a single
event or a series of events.

Categories 1. Crimes targeted at individuals

• Exploit human weakness, financial frauds,
of sale of non-existent or stolen items, child
pornography, copyright violation,
harassment, etc.
Cybercrime • Tools to expand the pool of potential
victims.
2. Crimes targeted at property
• Stealing devices, transmitting harmful
programs, causing harm to devices.
 3. Crimes targeted at organizations
• Cyberterrorism, steal private information,
damage programs and files, plant
programs to get control of the
Categories network/system.
4. Single event of cybercrime
of • Single event from the perspective of the
victim.
Cybercrime • Open an attachment that may contain
virus.
(Continued) 5. Series of events
• Interacting with victims repeatedly.
• Chat via chat rooms, talk over phone, then
exploit victim.
 • Criminals use many methods and tools to locate
the vulnerabilities of their target.
• Target can be individual or organization.
How • Criminals can plan active or passive attacks.
• Active – usually used to alter the system.
Criminals • Passive – Attempts to gain information about
the target.
• Active – effects availability, integrity and
Plan the authenticity of the system.
• Passive – Breaches of confidentiality.
Attacks • Attacks can be either inside or outside.
• Inside – If originating from inside of security
perimeter of an organization.
• Outside – Outside the security perimeter of
the organization.
 The following phases are involved in
How planning cybercrime:
1. Reconnaissance (info gathering) – First
Criminals phase and is treated as passive attack.
Plan the 2. Scanning and scrutinizing gathered
information for the validity of the
Attacks information and to identify existing
vulnerabilities.
(Continued) 3. Launching an attack (gaining and
maintaining the system access)
 Reconnaissance
• “Reconnaissance” is an act of reconnoitring –
explore, often with the goal of finding
something or somebody (especially to gain
How information about an enemy or potential
enemy).
Criminals • Reconnaissance begins with “Footprinting” –
Plan the this is the preparation toward pre-attack
phase.
Attacks • Involves accumulating data about the target’s
environment and computer architecture to
(Continued) find ways to intrude into that environment.
• Objective is to understand the system, its
networking ports and services and other
aspects of the security.
 Passive Attacks
• A passive attack involves gathering information about a
target without his/her (individual’s or company’s)
knowledge.
• It can be as simple as watching when an employee enters
How and leaves the company.
1. It is usually done using Internet searches or by
Criminals Googling an individual or company to gain
information.
Plan the 2. Surfing social networking sites Facebook, etc.
3. Information provided on the company website
Attacks (Contact details).
4. Blogs, newsgroups, press releases to gain
information.
(Continued) 5. Going through job opening can provide
information about the type of technology, servers,
infrastructure in the network.
• Network sniffing to find the IP address range, hidden
servers, other services in the network.
 Active Attacks
• An active attack involves probing the network to discover
individual hosts to confirm the information gathered in
the passive attack phase.
How • It involves the risk of detection and is also called
“Rattling the doorknobs” or “Active reconnaissance.”
Criminals • Active reconnaissance can provide confirmation to an
attacker about security measures in place.
Plan the Scanning and Scrutinizing Gathered Information
Attacks The objectives of scanning are:
(Continued) 1. Port scanning: Identify open/close ports and services.
2. Network scanning: Understand IP Addresses and related
information about the computer network systems.
3. Vulnerability scanning: Understand the existing
weaknesses in the system.
 Attack (Gaining and Maintaining the System
Access)
How • After the scanning and enumeration, the
Criminals attack is launched using the following steps:
1. Crack the password;
Plan the 2. exploit the privileges;
Attacks 3. execute the malicious commands/applications;
4. hide the files (if required);
(Continued) 5. cover the tracks – delete the access logs, so that
there is no trail illicit activity.
 • It is the “technique to influence” and
“persuasion to deceive” people to obtain the
information or perform some action.
• Social engineers exploit the natural tendency of
a person to trust social engineers’ word, rather
than exploiting computer security holes.
Social
• Social engineering involves gaining sensitive
Engineering information or unauthorized access privileges by
building inappropriate trust relationships with
insiders.
• The sign of truly successful social engineers is
that they receive information without any
suspicion.
 Classification of Social Engineering
1. Human-Based Social Engineering
Human-based social engineering refers to
Social person-to-person interaction to get the
required/desired information.
Engineering 2. Computer-Based Social Engineering
(Continued) Computer-based social engineering refers to
an attempt made to get the required/desired
information by using computer
software/Internet.
 1. Human-Based Social Engineering
• Impersonating an employee or valid user.
• Posing as an important user.
• Using a third person.
Social • Calling technical support.
•
Engineering •
Shoulder surfing.
Dumpster diving.
(Continued) 2. Computer-Based Social Engineering
• Fake Emails.
• Email attachments.
• Pop-up windows.
• Social engineering is a common technique used in cyber crime cases in
India. Some examples of social engineering cyber crime cases in India include:
• Part-time job fraud
• A 23-year-old private employee was defrauded of ₹8.99 lakh in a part-time job
fraud. The victim was sent a fraudulent link and instructions on trading.
• Pensioner loses retirement benefits
• A pensioner lost all her retirement benefits to scammers posing as TRAI agents.
• Cyber attacks on banks
• Banks are increasingly targeted by cyber attacks due to the electronic mode of
operations. Criminals gain unauthorized access to customer data through social
engineering attacks
• Hyderabad Cyber Crime Police recover & return ₹1.05
crore to online scam victim
• The Hyderabad Cyber Crime Police recovered and returned ₹1.05
crore to a victim who was defrauded by online scammers. The 52-
year-old victim was convinced to transfer ₹1.22 crore in a trading
fraud.
 • It is defined as the use of information and
communications technology, particularly the
Internet, by an individual or group of individuals to
harass another individual, group of individuals, or
organization.
• Cyberstalking refers to the use of Internet and/or
other electronic communications devices to stalk
Cyberstalking another person.
• It involves harassing or threatening behaviour that
an individual will conduct repeatedly.
• As the Internet has become an integral part of our
personal and professional lives, cyberstalkers take
advantage of ease of communication and an
increased access to personal information available
with a few mouse clicks or keystrokes.
 Types of Stalkers
There are primarily two types of stalkers as
listed below:
• Online stalkers: They aim to start the
Cyberstalking interaction with the victim directly with the
(Continued) help of the Internet.
• Offline stalkers: The stalker may begin the
attack using traditional methods such as
following the victim, watching the daily
routine of the victim, etc.
• 2022
• In 2022, India reported 158 cases of cyber stalking and bullying against women and children. Maharashtra
had the highest number of cases with nearly 52, followed by Kerala with 30 cases.
• 2022 cybercrimes against children
• In 2022, India recorded 1,823 cases of cybercrimes against children, which was a 32% increase from the
previous year.
• First cyberstalking case
• India's first cyberstalking case was reported in 2001. The case involved Manish Kathuria stalking Ritu Kohli by
using her name to chat online, using obscene language, and sharing her phone number.
• Cyberstalking is defined as

• Cyberstalking is the act of persistent and unwanted contact from someone online. It can include threats,
libel, defamation, harassment, or other actions to control, influence, or intimidate the target.
• In India, cyberstalking is considered a criminal offense under the
Information Technology (IT) Act, 2000, specifically under Section
354D. According to this section, any person who stalks or
causes annoyance to another individual through electronic
communication can be punished with imprisonment for up
to three years for the first offense, along with a fine. For subsequent
offenses, the punishment can extend up to five years of
imprisonment, along with a fine.
 How Stalking Works?
1. Personal information gathering about the victim
2. Establish a contact with victim through telephone/cell phone. Once
the contact is established, the stalker may make calls to the victim to
threaten/harass.
3. Stalkers will almost always establish a contact with the victims
through E-Mail. The stalker may use multiple names while
contacting the victim.

Cyberstalking 4. Some stalkers keep on sending repeated E-Mails asking for various
kinds of favours or threaten the victim.
(Continued) 5. The stalker may post the victim’s personal information on any
website related to illicit services such as sex-workers’ services or
dating services, posing as if the victim has posted the information
and invite the people to call the victim on the given contact details
The stalker will use bad and/or offensive/attractive language to
invite the interested persons.
6. Whosoever comes across the information, start calling the victim on
the given contact details asking for sexual services or relationships.
7. Some stalkers subscribe/register the E-Mail account of the victim to
innumerable pornographic and sex sites, because of which victim
will start receiving such kind of unsolicited E-Mails.
 • Cybercrimes such as stealing of bank
passwords and subsequent fraudulent
withdrawal of money have also happened
through cybercafes.
• Cybercafes have also been used regularly for
Cybercafe sending obscene mails to harass people.
• Indian Information Technology Act (ITA)
and 2000 interprets cybercafes as “network
Cybercrimes service providers” referred to under the
erstwhile Section 79, which imposed on
them a responsibility for “due diligence”
failing which they would be liable for the
offenses committed in their network.
 • Cybercriminals can either install malicious
programs such as keyloggers and/or Spyware
or launch an attack on the target.
• Here are a few tips for safety and security
while using the computer in a cybercafe:
Cybercafe 1. Always logout
and 2. Stay with the computer
3. Clear history and temporary files
Cybercrimes 4. Be alert
(Continued) 5. Avoid online financial transactions
6. Change passwords
7. Virtual keyboard
8. Security warnings
 • A Botnet (also called as zombie network) is a
network of computers infected with a
malicious program that allows
cybercriminals to control the infected
machines remotely without the users’
Botnets: knowledge.
The Fuel for • Your computer system maybe a part of a
Botnet even though it appears to be
Cybercrime operating normally.
• Botnets are often used to conduct a range of
activities, from distributing Spam and viruses
to conducting denial-of-service (DoS)
attacks.
 1. Use antivirus and anti-Spyware software and keep it
up-to-date.
2. Set the OS to download and install security patches
automatically.
3. Use a firewall to protect the system from hacking
attacks while it is connected on the Internet.
Botnets 4. Disconnect from the Internet when you are away from
your computer.
(Continued) 5. Downloading the freeware only from websites that are
known and trustworthy
6. Check regularly the folders in the mail box – “sent
items” or “outgoing” – for those messages you did not
send.
7. Take an immediate action if your system is infected.
 • An “attack vector” is a path or means by which an
attacker can gain access to a computer or to a
network server to deliver a payload or malicious
outcome.
• Attack vectors include viruses, E-Mail attachments,
webpages, pop-up windows, instant messages, chat
rooms, and deception.
• The most common malicious payloads are viruses,
Attack Vector Trojan Horses, worms, and Spyware.
• If an attack vector is thought of as a guided missile,
its payload can be compared to the warhead in the
tip of the missile.
• Payload means the malicious activity that the
attack performs.
• It is the bits that get delivered to the end-user at
the destination.
 • The attack vectors described here are how
most of them are launched:
• Attack by E-Mail
• Attachments (and other files)
Attack Vector •
•
Attack by deception
Hackers
(Continued) • Heedless guests (attack by webpage)
• Attack of the worms
• Malicious macros
• Foistware (sneakware)
• Viruses
 • Attack by E-Mail
• Content embedded in message or attachments.
• Attachments (and other files)
• Attachments install malicious code (Virus, trojan,
spyware)

Attack Vector • Attack by deception

• Vulnerable users, Frauds, scams, hoaxes, etc.
(Continued) • Hackers
• Flexible and improvise, install trojan to gain
control.
• Heedless guests (attack by webpage)
• Counterfeit sites, personal information, pop-ups
install trojan, spywares.
 • Attack of the worms
• Email attachments and network worms,
firewalls, zombie computers.
• Malicious macros
• Word and Excel to automate things, P2P
Attack Vector software.
(Continued) • Foistware (sneakware)
• Software that adds hidden component, bundled
with attractive software,
• Viruses
• Malicious code hitch a ride and make the
payload.