Chapter 1
Cyber Crime:
hours:08
Topics
Definition and Origin of the Word
Salami technique Data
Cyber Crime and Information Diddling
Security Forgery
who are Cyber Criminals Newsgroup Spam
Classification of Cybercrimes Online Frauds
E-mail Spoofing
Pornographic Offenders
Email Bombing
Spamming Password Sniffing
Cyber Defamation Credit Card Frauds.
Internet Time Theft
Salami Attack
Cyber Security and Laws ....Chapter 4
Introduction to Cybercrime
In recent era phenomenal growth of the Internet.
Use of internet for E-Comm.
Business dependency on internet , increase use of computer
in daily life has open the door for cybercrime.
Like other developed and developing country, India is also
victim of cyber crime .
During year 2000 to 2002 , 780 times corporate &
government web site are attack or defaced.
In year 2009 ,3286 website were hacked just in 5 month.
Rapid growth of Cyber crime
Cybercrime
A crime conducted in which a computer was directly and
significantly instrumental.
Alternate definition of cybercrime
1. Any Illegal act where special knowledge of computer is
essential. ( Computer Vulnerability).
2. Traditional act has taken new dimension by using
technology/computer
3. Any financial dishonesty that take place in computer env.
4. Threats to computer like theft and damage of software
/hardware
Cybercrime Definition
Cybercrime means performing a criminal act using cyberspace as a
communication vehicle.
Cyberspace is the electronic medium of computer networks, in
which online communication takes place.
Example of cybercrime
1. Tampering computer source document ( loss of integrity.)
2. Tampering information over transit.
3. Hacking with computer system. (steal /damage of info.)
4. Unauthorized access of computer.
5. Obtain / illegal publish of digital signature (PKI).
Cybercrime…..
Internal /External cybercrime.
Cyberterrorism : It is defined as any persons, group or organization who,
with terrorist intent utilize access or aids in accessing computer or
computer network or electronics system or electronics device by any
available means ,and thereby knowingly engage in or attempts to engage
in a terrorist act.
Cyberterrorism is the use of Internet based attacks in terrorist activities,
including acts of deliberate, large-scale disruption of computer
networks, especially of personal computers attached to the Internet, by
the means of tools such as computer viruses.
Cybercrime and Information Security
Lack of information security gives rise to cybercrime.
Vulnerability in system / unprotected communication /security compromise
at sender and receiving end gives birth to cybercrime.
Cybersecurity : Cybersecurity means protection of information, equipments,
devices, computer ,computer resource , communication devices and
information stored therein from unauthorized access, use , disclosure,
disruption, modification or destruction.
Botnet : Group of compromised computers.
Types of Bots.
Cybercriminals
Cybercrime involves activities,
- child pornography
- credit card fraud
- defacing web site
- gaining unauth. access of computer ,online info.
- ignoring /breaking s/w licenses , stealing of
identity.
Types of cybercriminals
1. Cybercriminals -hungry for recognition.
2. Cybercriminals– gain financial benefits.
3. Cybercriminals– insider
Classification of cybercrime
Cybercrime against individual
- E mail spoofing and online fraud. : A spoofed E-mail is one that appear to
originate from one source but actually has been send from another source.
- Phishing
- Spamming : People who create electronics spam are called spammers. ( Bulk
mail )
- Cyber defamation (insult) : Computer is used for defamation. ( spoken
word , action, body language )
- Cyber Stalking and harassment : Cyber Stalking is the use of
the internet or other electronic means to harass an
individual, a group of individuals, or an organization.
Classification of cybercrime
- Computer Sabotage (disturb): To hamper the functionality of computer by
introducing virus, worms or logic bomb ,time bomb ,is refer to as
computer sabotage.
-Pornographic offenses .
-Password sniffing.
- Attacker will sniff credential (Password).
- Cybercrime against property
- Credit card fraud.
- Intellectual Property fraud.
- Illegal use of software /hardware.
- violation of copyright
Classification of cybercrime
Cybercrime against organization
- Unauthorized access of computer.
- Password sniffing.
- DoS. ( resource and service denial ) / DDoS
- Virus attack/ dissemination (broadcasting )of Virus.
- E-mail bombing / mail bomb.
- salami attack
- logic bomb - Trojan Horse
- Data diddling. – In this attack , data is changed just
before processing and change it back after the
processing is completed. ( airline reservation system)
Classification of cybercrime
Crime emanating from usenet newsgroup.
- This is one type of spamming ( Bulk mail).
- First widely recognized usenet spam titled “ Global Alert
for all : Jesus is coming soon” was posted on 18 Jan 1994
Industrial spying . ( To get business details )
Computer Network Intrusion : Attacker and hacker can
insert into computer system from remote location to
steal file and confidential information by planting
virus /bots/trojan in system. create backdoor, insert
trojan horse or change username and password.
Software piracy.
Classification of cybercrime
Cybercrime against society
- Forgery : Print/generate fake currency notes ,stamp
paper, revenue stamp using high quality computer,
printer , scanner.
- Cyber terrorism
- Web Jacking – Web Jacking occurs when some one
forcefully takes control of web site ( by creaking
password and later changing it). Website owner does not
have control on web site and contents which appearing
on it.
Credit Card Fraud
Online Environment for credit card transaction.
Debit/credit card fraud is committed when a person:
1) fraudulently obtains, takes, signs, uses, sells, buys, or forges
someone else’s credit or debit card or card information;
2) Uses his or her own card with the knowledge that it is revoked or
expired or that the account lacks enough money to pay for the items
charged; and
3) Sells goods or services to someone else with knowledge that the
credit or debit card being used was illegally obtained or is being
used without authorization.
Types of Credit Card Fraud
1. Lost or Stolen Cards
2. Account Takeover
3. Counterfeit Cards
4. Never Received
5. Fraudulent Application
6. Triangulation
7. Collusive Merchants
8. Mail Order/Telephone Order (MO/TO) Fraud
Triangulation
Original
User
Flipkart
Fake_FlipK
art
Tips To Prevent Credit Card Fraud
Do’s Don'ts
Store card no and PIN no
Put signature on back side of
together.
card.
Give your card to anyone.
Use Help line No.
Leave card or transaction
Change password regularly.
receipt laying around.
Ensure the legitimacy of the Don’t sign blank receipt.
website before using the
Write a card no /pin no on
card.
postcard or the outside
of an envelope.
Give out immediately your
number over phone.
Vishing
Vishing is combination of mobile phone and
VoIP.
Smart phone with VoIP s/w.
Vishing is used to steal credit card number or
other related data used in ID theft scheme.
Vishing attack includes
- ID theft.
- Purchasing money / funds.
- Transferring money /funds.
- Monitoring the victims’s bank account.
- making application for loan and credit card.
How Vishing works
Internet E mail.
Mobile Text Messaging.
Voicemail.
Direct phone call.
- Gathering contact no.
- Use war dialer to contact with victim.
- Use automatic answer m/c to alert to user about
the future financial fraud.
- User is provided with contact no.
- When user call on contact no., he is asked to provide a
financial details/credit card details.
- When user target provide financial details , he will be
targated by attacker.
How to protect from vishing attack
Be suspicious about all unknown callers.
Do not trust caller ID.
Ask cross question if somebody asking
financial information.
Call them back to ensure validity of call ID.
In case of fraud ID ,report to the nearest
cyber crime.
Smishing
SMS phishing.
Attacker send tempt message to victim.
Asking victim to either call on provided no or
connected with bogus website.
Using social engg. skill obtain all financial info.
How to protect from smishing attack.
- Do not answer a text message that you
have
received asking Personal Information.
- Avoid calling any phone no.
- Do not click on any link on mobile phone.
Man In Middle attack
https://www.youtube.com/watch?v=fTBmD2t3p90
SMS Phishing
https://www.youtube.com/watch?v=_dj_90TnVbo
Credit Card Fraud
https://www.youtube.com/watch?v=E3gxA5HD-nQ
Technical Support Phone Scam
https://www.youtube.com/watch?v=WhV6rIgyQ-s
Fake IRS Phone and Phishing Scams
https://www.youtube.com/watch?v=dq0TNFnc4nY
How to hack usernames and passwords
https://www.youtube.com/watch?v=js78vXfWX3s
Hacking Tip: Password Cracking with Cain & Abel
https://www.youtube.com/watch?v=RyQL9AdxHqY
Mishing
Mishing is a combination of mobile phone and phishing.
Online purchase of goods/service, online banking , online financial
trans, are vulnerable to mishing attack.
To launch this attack, attacker will pretended to be an employee
from victim organization , they collect sensitive information victim.
Smishing
SMS phishing.
Attacker send tempt message to victim.
Asking victim to either call on provided no or
connected with bogus website.
Using social engg. skill obtain all financial info.
How to protect from smishing attack.
- Do not answer a text message that you
have
received asking Personal Information.
- Avoid calling any phone no.
- Do not click on any link on mobile phone.
- Ex Visiting card , which contain message in the name field.
- If user could not recognize the message then he will add message
in the contact list. Later attacker contact with victim as a
legitimate user.
If attacker sends the message then user will open it bcz he may
treat it as a legitimate message.
Bluetooth hacking tool
BlueScanner :
1. Search for bluetooth device.
2. Extract the information from newly discover
device.
BlueSniff : It is use to discover and hidden
Bluetooth enable device.
Bluesnarfer : This tools makes it possible to
connect to phone without alerting owner and to
gain access to restricted portion /sensitive info.
( Bluetooth should be on)
BlueDriving : It is testing Bluetooth penetration.
Bluetooth Attack
Bluejacking : ( Bluetooth and
jacking :”hijack”).
- Attacker send unsolicited message to
bluetooth enable device.
Bluesnarfing : It is unauthorized access
from wireless device through Bluetooth
connection between cell phone,PDA and
computer.
- It allow attacker to access calender ,SMS
and E-mail as well as allow copy images.