CSL Module-3

Download as pdf or txt
Download as pdf or txt
You are on page 1of 23

Handouts by Dr.

Bhavin Shah

Cyber Security & Laws (CSL)

Module - 3

- Dr. Bhavin Shah

Subject Code ILO7016

Subject Name Cyber Security & Laws (CSL)

Faculty Dr. Bhavin Shah (HOD & Assistant Professor - ECS/ETRX Dept.), Atharva College of
Coordinator Engineering, Mumbai

● To understand and identify different types cyber crime and cyber law
Course
● To recognized Indian IT Act 2008 and its latest amendments
Objectives
● To learn various types of security standards compliances

Student will be able to…


Course 1. Understand the concept of cyber crime and its effect on outside world
Outcomes 2. Interpret and apply IT law in various legal issues
3. Distinguish different aspects of cyber law
4. Apply Information Security Standards compliance during software design and development

Handouts by Dr. Bhavin Shah 1


Handouts by Dr. Bhavin Shah

Module Contents Hours


Tools and Methods Used in Cyberline: Phishing, Password Cracking, Keyloggers
and Spywares, Virus and Worms, Steganography, DoS and DDoS Attacks, SQL
3 6
Injection, Buffer Over Flow, Attacks on Wireless Networks, Phishing, Identity Theft
(ID Theft)

Reference Books:
1. Nina Godbole, Sunit Belapure, Cyber Security, Wiley India, New Delhi
2. The Indian Cyber Law by Suresh T. Vishwanathan; Bharat Law House New Delhi
3. The Information technology Act, 2000; Bare Act- Professional Book Publishers, New Delhi
4. Cyber Law & Cyber Crimes By Advocate Prashant Mali; Snow White Publications, Mumbai
5. Nina Godbole, Information Systems Security, Wiley India, New Delhi
6. Kennetch J. Knapp, Cyber Security & Global Information Assurance Information Science Publishing
7. William Stallings, Cryptography and Network Security, Pearson Publication
8. Websites for more information is available on : The Information Technology ACT, 2008- TIFR : https://www.tifrh.res.in
9. Website for more information , A Compliance Primer for IT professional:
https://www.sans.org/readingroom/whitepapers/compliance/compliance-primer-professionals- 33538

Assessment:

Internal Assessment consists of two tests out of which; one should be compulsory class test (on minimum 02 Modules) and the other is
either a class test or assignment on live problems or course project

Theory Examination:

1. Question paper will comprise of 6 questions, each carrying 20 marks.


2. Total four questions need to be solved.
3. Q.1 will be compulsory, based on entire syllabus wherein sub questions of 2 to 5 marks will be asked.
4. Remaining question will be randomly selected from all the modules.

Handouts by Dr. Bhavin Shah 2


Handouts by Dr. Bhavin Shah

Tools & Methods used in Cyberline

Cyber Crime Tools: There are many types of Digital forensic tools:-

• Kali Linux: Kali Linux is an open-source software that is maintained and funded by Offensive Security. It is a
specially designed program for digital forensics and penetration testing.

• Ophcrack: This tool is mainly used for cracking the hashes, which are generated by the same files of windows. It
offers a secure GUI system and allows you to runs on multiple platforms.

• EnCase: This software allows an investigator to image and examine data from hard disks and removable disks.

• SafeBack: SafeBack is mainly using for imaging the hard disks of Intel-based computer systems and restoring these
images to some other hard disks.

• Data dumper: This is a command-line computer forensic tool. It is freely available for the UNIX Operating system,
which can make exact copies of disks suitable for digital forensic analysis.

• Md5sum: A tool to check helps you to check data is copied to another storage successfully or not.

Tools & Methods used in Cyberline


Tools and methods used in Cyber Crime Network attack incidents reveal that
attackers are often very systematic in launching their attacks. The basic stages of an
attack are described here to understand how an attacker can compromise a network
here

1. Initial Uncovering: Two steps are involved here. In the first step called as
reconnaissance, the attacker gathers information, as much as possible, about the
target by legitimate means – searching the information about the target on the
Internet by Googling social networking websites and people finder websites.

2. Network probe: At the network probe stage, the attacker uses more invasive
techniques to scan the information. Usually, a “ping sweep” of the network IP
addresses is performed to seek out potential targets, and then a “port scanning” tool.

3. Crossing the line toward electronic crime (E-crime): Now the attacker is toward
committing what is technically a “computer crime.” He/she does this by exploiting
possible holes on the target system.

Handouts by Dr. Bhavin Shah 3


Handouts by Dr. Bhavin Shah

Tools & Methods used in Cyberline


4. Capturing the network: At this stage, the attacker attempts to “own”the
network.The attacker gains a foothold in the internal network quickly and easily, by
compromising low-priority target systems. The next step is to remove any evidence
of the attack.

5. Grab the data: Now That the attacker has “captured the network” he/she takes
advantage of his/her position steal confidential data, customer credit card
information, defacewebpages, alter processes and even launch attacks at other sites
from your network, causing a potentially expensive and embarrassing situation for an
individual and/or for an organization.

6. Covering tracks: This is the last step in any cyber-attack, which refers to the
activities undertaken by the attacker to extend misuse of the system without being
detected.

Tools & Methods used in Cyberline


Proxy Servers and Anonymizers: Proxy server is a computer on a network which acts as an intermediary for connections
with other computers on that network. The attacker first connects to a proxy server and establishes a connection with the
target system through existing connection with proxy. A proxy server has following purposes:

1. Keep the systems behind the curtain (mainly for security reasons)
2. Speed up access to a resource (through “caching”). It is usually used to cache the web pages from a web server.
3. Specialized proxy servers are used to filter unwanted content such as advertisements.
4. Proxy Server can be used as IP address multiplexer to enable to connect number of computers on the Internet, whenever
one has only one IP address.

One of the advantages of a proxy server is that its cache memory can serve all users. If one or more websites are requested
frequently, may be by diff erent users, it is likely to be in the proxy’s cache memory, which will improve user response
time. In fact there are special servers available known as cache servers? A proxy can also do logging.

Handouts by Dr. Bhavin Shah 4


Handouts by Dr. Bhavin Shah

Tools & Methods used in Cyberline


Listed are few websites where free proxy servers can be found:
1. http://www.proxy4free.com
2. http://www.publicproxyservers.com
3. http://www.proxz.com
4. http://www.anonymitychecker.com
5. http://www.surf24h.com
6. http://www.hidemyass.com

An Anonymizers or an anonymous proxy is a tool that attempts to make activity on the Internet
untraceable. It accesses the Internet on the user’s behalf, protecting personal information by
hiding the source computer’s identifying information.

Listed are few websites where more information about Anonymizers can be found:
1. http://www.anonymizer.com
2. http://www.browzar.com
3. http://www.anonymize.net
4. http://www.anonymouse.ws
5. http://www.anonymousindex.com

Tools & Methods used in Cyberline


Phishing Password Cracking While checking electronic mail (E-Mail) one day a user finds a message from the bank
threatening him/her to close bank account if he/she does not reply immediately. Although The message seems to be
suspicious from the contents of the message, it is difficult to conclude that it is a fake/false EMail. It is believed that
Phishing is an alternative spelling of “fishing,” as in “to fish for information.” The first documented use of the word
“Phishing” was in 1996.

I. How Phishing Works?

Phishers work in the following ways:-


1. Planning: Criminals, usually called as phishers, decide the target and determine how to get EMail address of that target
or customers of that business. Phishers often use mass mailing and address collection techniques as spammers.

2. Setup: Once phishers know which business/business house to spoof and who their victims are, they will create methods
for delivering the message and to collect the data about the target. Most often this involves E-Mail addresses and a
webpage.

3. Attack: This is the step people are most familiar with the phisher sends a phony message that appears to be from a
reputable source.

Handouts by Dr. Bhavin Shah 5


Handouts by Dr. Bhavin Shah

Tools & Methods used in Cyberline

4. Collection: Phishers Record the information of victims entering into web pages or pop-up windows.

5. Identity theft and fraud: Phishers use the information that they have gathered to make illegal purchases or commit
fraud. Phishing started off as being part of popular hacking culture. Nowadays, more and more organizations/institutes
provide greater online access for their customers and hence criminals are successfully using Phishing techniques to steal
personal information and conduct ID theft at a global level. We have explained Phishing and Identity theft.

II. Password Cracking Password: is like a key to get an entry into computerized systems like a lock. Password cracking
is a process of recovering passwords from data that have been stored in or transmitted by a computer system. The purpose
of password cracking is as follows:

1. To recover a forgotten password.


2. As a preventive measure by system administrators to check for easily crackable passwords.
3. To gain unauthorized access to a system. Manual Password cracking isto attempt to login with different passwords.

Tools & Methods used in Cyberline

The attacker follows the following steps:


1. Find a valid user account such as an administrator or guest
2. Create a list of possible passwords
3. Rank the passwords from high to low probability
4. Key-in each password
5. Try again until a successful password is found

Passwords can be guessed sometimes with knowledge of the user’s personal information:
1. Blank (none)
2. The words like “password,” “passcode” and “admin”
3. Series of letters from the “qwerty” keyboard, for example, qwerty, asdf or qwertyuiop
4. User’s name or login name
5. Name of user's friend/relative/pet
6. User’s birthplace or date of birth, or a relative’s or afriend’s
7. User’s vehicle number, office number, residence number or mobile number
8. Name of a celebrity who is considered to be an idol by the user
9. Simple modification of one of the preceding,such as suffixing a digit, particularly 1, or reversing the order of letters

Handouts by Dr. Bhavin Shah 6


Handouts by Dr. Bhavin Shah

Tools & Methods used in Cyberline


Online Attacks: An attacker can create a script file (i.e., automated program) that will be executed to try each password in a list and when
matches, an attacker can gain the access to the system. The most popular online attack is man-in-the middle (MITM) attack, also termed as
“bucket-brigade attack” or sometimes “Janus attack.”

Offline Attacks: Mostly offline attacks are performed from a location other than the target (i.e., either a computer system or while on the
network) where these passwords reside or are used.

Strong, Weak and Random Passwords: A weak password is one, which could be easily guessed, short, common and a system default
password that could be easily found by executing a brute force attack and by using a subset of all possible passwords. Here are some of the
examples of “weak passwords”:
1. Susan: Common personal name
2. aaaa: repeated letters, can be guessed
3. rover: common name for a pet, also a dictionary word
4. abc123: can be easily guessed
5. admin: can be easily guessed
6. 1234: can be easily guessed
7. QWERTY: a sequence of adjacent letters on many keyboards
8. 12/3/75: date, possibly of personal importance
9. nbusr123: probably a username, and if so, can be very easily guessed
10. p@$$\/\/0rd: simple letter substitutions are preprogrammed into password cracking tools
11. password: used very often – trivially guessed
12. December12: using the date of a forced password change is very common

Tools & Methods used in Cyberline


Here are some examples of strong passwords:
1. Convert_£100 to Euros!: Such phrases are long, memorable and contain an extended symbol to increase the strength of the password
2. 382465304H: It is mix of numbers and a letter at the end, usually used on mass user accounts and such passwords can be generated
randomly
3. 4pRte!ai@3: It is not a dictionary word; however it has cases of alpha along with numeric and punctuation characters
4. MoOoOfIn245679: It is long with both alphabets and numerals
5. t3wahSetyeT4: It is not a dictionary word; however, it has both alphabets and numerals

Random Passwords: Password is stronger if it includes a mix of upper and lower case letters, numbers and other symbols, when allowed, for
the same number of characters
The general guidelines applicable to the password policies, which can be implemented organization-wide, are as follows:
1. Passwords and user logon identities (IDs) should be unique to each authorized user
2. Passwords should consist of a minimum of eight alphanumeric characters
3. There should be computer-controlled lists of prescribed password rules and periodic testing to identify any password weaknesses
4. Passwords Should be kept private, that is, not shared with friends, colleagues
5. Passwords shall be changed every 30/45 days or less
6. User accounts should be frozen after five failed logon attempts
7. Sessions should be suspended after 15 minutes (or other specified period) of inactivity and require the passwords to be re-entered
8. Successful logons should display the date and time of the last logon and logoff
9. Logon IDs and passwords should be suspended after a specified period of non-use
10. For high-risk systems, after excessive violations, the system should generate an alarm and be able to simulate a continuing session (with
dummy data) for the failed user

Handouts by Dr. Bhavin Shah 7


Handouts by Dr. Bhavin Shah

Tools & Methods used in Cyberline


Keyloggers and Spywares: Keystroke logging, often called keylogging, is the practice of noting (or logging) the keys struck on a keyboard,
typically in a covert manner so that the person using the keyboard is unaware that such actions are being monitored.

1. Software Keyloggers: Software keyloggers are software programs installed on the computer systems which usually are located between the
OS and keyboard hardware, and every keystrokes recorded.

SC-KeyLog PRO: It allows to secretly record computer user activities such as E-Mails, chat conversations, visited websites, clipboard usage,
etc. in a protected log file.

Spytech SpyAgent Stealth: It provides a large variety of essential computer monitoring features as well as website and application filtering,
chat blocking and remote delivery of logs via E-Mail or FTP.

All in one Keylogger: It is an invisible keystrokes recorder and a spy software tool that registers every activity on the PC to encrypted logs.
Stealth Keylogger
Perfect Keylogger
KGB Spy
Spy Buddy
Elite Keylogger
CyberSpy
Powered Keylogger

Tools & Methods used in Cyberline


2. Hardware Keyloggers To install these keyloggers, physical access to the computer system is required. Hardware keyloggers are small
hardware devices. Listed are few websites where more information about hardware keyloggers can be found:
1. http://www.keyghost.com
2. http://www.keelog.com
3. http://www.keydevil.com
4. http://www.keykatcher.com

3. Anti Keylogger: is a tool that can detect the keylogger installed on the computer system and also can remove the tool. Visit
http://www.anti-keyloggers.com for more information. Advantages of using Anti Keylogger are as follows:
1. Firewalls cannot detect the installations of keyloggers on the systems; hence, Anti Keylogger can detect installations of keylogger
2. Thissoftwaredoesnotrequireregularupdatesofsignaturebasestoworkeff ectivelysuchas other antivirus and antispyprograms
3. Prevents Internet banking frauds. Passwords can be easily gained with the help of installing keyloggers
4. It prevents ID theft
5. It secures E-Mail and instant messaging/chatting.

Handouts by Dr. Bhavin Shah 8


Handouts by Dr. Bhavin Shah

Tools & Methods used in Cyberline


Spywares: Spyware is a type of malware that is installed on computers which collects information about users without their knowledge.

The features and functions of such Spywares are beyond simple monitoring.
1. 007 Spy: It has following key features:
● Capability of overriding “antispy” programs like “ad-aware”
● Record all websites url visited in internet
● Powerful keylogger engine to capture all passwords
● View logs remotely from anywhere at any time
● Export log report in html format to view it in the browser
● Automatically clean-up on outdated logs
● Password protection

2. Spector Pro: It has following key features:


● Captures and reviews all chats and instant messages
● captures E-Mails (read, sent and received)
● captures websites visited
● captures activities performed on social networking sites such as MySpace and Facebook
● enables to block any particular website and/or chatting with anyone
● acts as a keylogger to capture every single keystroke (including usernames and passwords)

Tools & Methods used in Cyberline


3. eBlaster: Besides keylogger and website watcher, it also records EMails sent and received, files uploaded/downloaded, logging users’
activities, record online searches, recording Myspace and Facebook activities and any other program activity.

4. Remotespy: Besides remote computer monitoring, silently and invisibly, it also monitors and records users PC without any need for
physical access. Moreover, it records keystrokes(keylogger),screenshots, E-Mail, passwords, chats, instant messenger conversations and
websites visited.

5. Stealth Recorder Pro: It is a new type of utility that enables to record a variety of sounds and transfer them automatically through Internet
without being notified by original location or source. It has following features:
● Real-time mp3 recording via microphone, cd, line-in and stereo mixer as mp3, wma or wav formatted files
● Transferring via e-mail or ftp, the recorded files to a user-defined e-mail address or ftp automatically
● Controlling from a remote location
● Voice mail, records and sends the voice messages

6. Stealth Website Logger: It records all accessed websites and a detailed report can be available on a specified E-Mail address. It has
following key features:
● Monitor visited websites
● Reports sent to an E-Mail address
● Daily log & Global log for a specified period
● Log deletion after a specified period
● Hotkey and password protection
● Not visible in add/remove programs or task manager

Handouts by Dr. Bhavin Shah 9


Handouts by Dr. Bhavin Shah

Tools & Methods used in Cyberline


7. Flexispy: It is a tool that can be installed on a cell/mobile phone. After installation, Flexispy secretly records conversation that happens on
the phone and sends this information to a specified E-Mail address.

8. Wiretap Professional: It is an application for monitoring and capturing all activities on the system. It can capture the entire Internet
activity. ftis spy software can monitor and record EMail, chat messages and websites visited. In addition, it helps in monitoring and recording
of keystrokes, passwords entered and all documents, pictures and folders viewed.

9. PC Phone Home: It is a software that tracks and locates lost or stolen laptop and desktop computers. Every time a computer system on
which PC Phone Home has been installed, connected to the Internet, a stealth E-Mail is sent to a specified E-Mail address of the user’s choice.

10. SpyArsenal Print Monitor Pro: It has following features:


Keep track on a printer/plotter usage
record every document printed
find out who and when certain paper printed with your hardware

Tools & Methods used in Cyberline


Virus and Worms: Computer virus is a program that can “infect” legitimate programs by modifying them to include a possibly “evolved”
copy of itself. Viruses spread themselves, without the knowledge or permission of the users, to potentially large numbers of programs on many
machines. Viruses can take some typical actions:
1. Display a message to prompt an action which may set of the virus
2. Delete files inside the system into which viruses enter
3. Scramble data on a hard disk
4. Cause erratic screen behavior
5. Halt the system (PC)
6. Just replicate themselves to propagate further harm.

Virus spreads:
(a) Through the internet
(b) Through a stand-alone computer system
(c) Through local networks

Handouts by Dr. Bhavin Shah 10


Handouts by Dr. Bhavin Shah

Tools & Methods used in Cyberline

Tools & Methods used in Cyberline

Handouts by Dr. Bhavin Shah 11


Handouts by Dr. Bhavin Shah

Tools & Methods used in Cyberline


Types of Viruses Computer viruses can be categorized based on attacks on various elements of the system and can put the system and
personal data on the system in danger.

1. Boot sector viruses: It infects the storage media on which OS is stored (e.g., floppy diskettes and hard drives) and which is used to start the
computer system. The entire data/programs are stored on the floppy disks and hard drives in smaller sections called sectors.

2. Program viruses: These viruses become active when the program file (usually with extensions.bin, .com, .exe, .ovl, .drv) is executed (i.e.,
opened – program is started). Once these program files get infected, the virus makes copies of itself and infects the other programs on the
computer system.

3. Multipartite viruses: It is a hybrid of a boot sector and program viruses. It infects program files along with the boot record when the
infected program is active.

4. Stealth viruses: It camouflages and/or masks itself and so detecting this type of virus is very difficult. It can disguise itself such a way that
antivirus software also cannot detect it thereby preventing spreading into the computer system.

5. Polymorphic Viruses: It acts like a “chameleon” that changes its virus signature (i.e., binary pattern) everytime it spreads through the
system(i.e., multiplies and infects a new file).

Tools & Methods used in Cyberline


6. Macro viruses: Many Applications,such as Microsoft Word and Microsoft Excel,support MACROs (i.e., macro languages). These macros
are programmed as a macro embedded in a document.

7. Activex And Java Control: All The web browsers have settings about Activex and Java Controls. Little awareness is needed about
managing and controlling these settings of a web browser. A typical definition of computer virus/worms might have various aspects such as:

1. A virus attacks specific file types (or files)


2. A virus manipulates a program to execute tasks unintentionally
3. An infected program produces more viruses
4. An infected program may run without error for a long time
5. Viruses can modify themselves and may possibly escape detection this way

Handouts by Dr. Bhavin Shah 12


Handouts by Dr. Bhavin Shah

Tools & Methods used in Cyberline


Trojan Horses and Backdoors: Trojan Horse is a program in which malicious or harmful code is contained inside
apparently harmless programming or data in such a way that it can get control and cause harm, for example, ruining the
file allocation table on the hard disk. Trojan Horse may get widely distributed as part of a computer virus. The term Trojan
Horse comes from Greek mythology about the Trojan War. Some typical examples of threats by Trojans are as follows:

1. They erase, overwrite or corrupt data on a computer


2. They help to spread other malware such as viruses (by a dropper Trojan)
3. They deactivate or interfere with antivirus and firewall programs
4. They allow remote access to your computer (by a remote access Trojan)
5. They upload and download files without your knowledge
6. They gather EMail addresses and use them for Spam
7. They log keystrokes to steal information such as passwords and credit card numbers
8. They copy fake links to false websites, display porno sites, play sounds/videos and display images
9. They slow down, restart or shutdown the system
10. They reinstall themselves after being disabled
11. They disable the task manager
12. They Disable The Control panel

Tools & Methods used in Cyberline


Backdoor: A backdoor is a means of access to a computer program that bypasses security mechanisms. A programmer may sometimes install
a backdoor so that the program can be accessed for troubleshooting or other purposes. Following are a few examples of backdoor Trojans:

1. Back Orifice: It is a well-known example of backdoor Trojan designed for remote system administration.
It enables a user to control a computer running the Microsoft Windows OS from a remote location.The name is a word play on Microsoft
BackOffice Server software. Readers may visit http://www.cultdeadcow.com/tools/bo.html to know more about backdoor

2. Bifrost: It is another backdoor Trojan that can infect Windows 95 through Vista. It uses the typical server, server builder and client
backdoor program configuration to allow a remote attacker, who uses client, to execute arbitrary code on the compromised machine.

3. SAP backdoors: SAP is an Enterprise Resource Planning (ERP) system and nowadays ERP is the heart of the business technological
platform. These systems handle the key business processes of the organization, such as procurement, invoicing, human resources management,
billing, stock management and financial planning.

4. Onapsis Bizploit: It is the open-source ERP penetration testing framework developed by the Onapsis Research Labs. Bizploit assists
security professionals in the discovery, exploration, vulnerability assessment and exploitation phases of specialized ERP penetration tests.
Readers may visit http://www.onapsis.com/research.html to know more about this tool.

Handouts by Dr. Bhavin Shah 13


Handouts by Dr. Bhavin Shah

Tools & Methods used in Cyberline


How to Protect from Trojan Horses and Backdoor: Follow the following steps to protect your systems from Trojan Horses and backdoors

1. Stay away from suspect websites/weblinks: Avoid downloading free/pirated softwares that often get infected by Trojans, worms, viruses
and other things
2. Surf on the Web cautiously: Avoid connecting with and/or downloading any information from peer-to-peer (P2P) networks, which are most
dangerous networks to spread Trojan Horses and other threats
3. It may be experienced that, after downloading the file, it never works and here is a threat that although the file has not worked, something
must have happened to the system the malicious software deploys its gizmos and the system is at serious health risk
4. Install antivirus/Trojan remover software: Nowadays antivirus software(s) have built-in feature for protecting the system not only from
viruses and worms but also from malware such as Trojan Horses

Peer-to-Peer (P2P) Networks Peer-to-peer, commonly abbreviated as P2P, is any distributed network architecture composed of participants
that make a portion of their resources

1. Hybrid P2P: There is a central server that keeps information about the network. The peers are responsible for storing the information

2. Pure P2P: There is absolutely no central server or router. Each peer acts as both client and server at the same time. This is also sometimes
referred to as “serverless” P2P

3. Mixed P2P: It is between “hybrid” and “pure” P2P networks. An example of such a network is Gnutella that has no central server but
clusters its nodes around so-called “supernodes”

Tools & Methods used in Cyberline


Steganography: is a Greek word that means “sheltered writing.” It is a method that attempts to hide the existence of a message or
communication. The word “steganography” comes from the two Greek words: steganos meaning “covered” and graphein meaning “to write”
that means “concealed writing.”

Handouts by Dr. Bhavin Shah 14


Handouts by Dr. Bhavin Shah

Tools & Methods used in Cyberline


1. Steganography tools DiSi-Steganograph It is a very small, DOS-based steganographic program that embeds data in PCX images. Invisible
Folders It has the ability to make any file or folder invisible to anyone using your PC even on a network.

Invisible Secrets: It not only encrypts the data and files for safe-keeping or for secure transfer across the Net but also hides them in places
such as picture or sound files or webpages. These types of files are a perfect disguise for sensitive information.

Stealth Files: It hides any type of file in almost any other type of file. Using steganography technique, Stealth Files compresses, encrypts and
then hides any type of file inside various types of files (including EXE, DLL, OCX, COM, JPG, GIF, ART, MP3, AVI, WAV, DOC, and
BMP) and other types of video, image and executable files.

2. Steganalysis: Steganalysis is the art and science of detecting messages that are hidden in images, audio/video files using steganography.
The goal of steganalysis is to identify suspected packages and to determine whether or not they have a payload encoded into them, and if
possible recover it. Automated tools are used to detect such steganographed data/information hidden in the image and audio and/or video files.

Denial of Service (DoS) Attacks


• Denial-of-Service (DoS) attacks are a type of network attack.
A DoS attack results in some sort of interruption of network
service to users, devices, or applications. There are two major
types of DoS attacks:
1. Overwhelming Quantity of Traffic - This is when a
network, host, or application is sent an enormous quantity
of data at a rate which it cannot handle. This causes a
slowdown in transmission or response, or a crash of a
device or service.
2. Maliciously Formatted Packets - This is when a
maliciously formatted packet is sent to a host or
application and the receiver is unable to handle it. For
example, an attacker forwards packets containing errors
that cannot be identified by the application, or forwards
improperly formatted packets. This causes the receiving
device to run very slowly or crash.
• DoS attacks are considered a major risk because they can easily
interrupt communication and cause significant loss of time and
money. These attacks are relatively simple to conduct, even by
an unskilled attacker.

Handouts by Dr. Bhavin Shah 15


Handouts by Dr. Bhavin Shah

Distributed DoS Attack (DDoS)


• A Distributed DoS Attack (DDoS) is similar to a DoS
attack but originates from multiple, coordinated
sources. As an example, a DDoS attack could proceed
as follows:
1. An attacker builds a network of infected hosts,
called a botnet. The infected hosts are called
zombies. The zombies are controlled by handler
systems.
2. The zombie computers constantly scan and infect
more hosts, creating more zombies. When ready,
the hacker instructs handler systems to make the
botnet of zombies carry out a DDoS attack.

Tools & Methods used in Cyberline


SQL Injection: Structured Query Language (SQL) is a database computer language designed for managing data in relational database
management systems (RDBMS). SQL injection is a code injection technique that exploits a security vulnerability occurring in the database
layer of an application. The vulnerability is present when user input is either filtered incorrectly for string literal escape characters embedded
in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of
vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also
known as SQL insertion attacks

1. Steps for SQL Injection Attack: Following are some steps for SQL injection attack:
1. The attacker looks for the web pages that allow submitting data, that is, login page, search page, feedback, etc…
2. To check the source code of any website, right click on the webpage and click on “view source” (if you are using IE – Internet Explorer) –
source code is displayed in the notepad. The attacker checks the source code of the HTML, and look for “FORM” tag in the HTML code.
Everything between the <FORM< and </FORM> have potential parameters that might be useful to find the vulnerabilities.
<FORM action=Search/search.asp method=post>
<input type=hidden name=A value=C></FORM>
3. The attacker inputs a single quote under the text box provided on the web page to accept the user-name and password. This checks whether
the user-input variable is sanitized or interpreted literally by the server.
4. The attacker uses SQL commands such as SELECT statement command to retrieve data from the database or INSERT statement to add
information to the database

Handouts by Dr. Bhavin Shah 16


Handouts by Dr. Bhavin Shah

Tools & Methods used in Cyberline


2. Blind SQL Injection: Blind SQL injection is used when a web application is vulnerable to an SQL injection but the results of the injection
are not visible to the attacker. The page with the vulnerability may not be the one that displays data. Using SQL injections, attackers can:
1. Obtain some basic information if the purpose of the attack is reconnaissance
2. May gain access to the database by obtaining username and their password
3. Add new data to the database. 4. Modify data currently in the database

3. Tools used for SQL Server penetration


1. AppDetectivePro
2. DbProtect
3. Database Scanner
4. SQLPoke
5. NGSSQLCrack
6. Microsoft SQL Server Fingerprint (MSSQLFP) Tool

4. How to Prevent SQL Injection Attacks: SQL injection attacks occur due to poor website administration and coding. The following steps
can be taken to prevent SQL injection.
1. Input validation
2. Modify error reports
3. Other preventions

Tools & Methods used in Cyberline


Buffer Overflow: Buffer overflow, or buffer overrun, is an anomaly where a process stores data in a buffer outside the memory the
programmer has set aside for it. The extra data overwrites adjacent memory, which may contain other data, including program variables and
program flow control data. This may result in erratic program behavior, including memory access errors, incorrect results, program
termination (a crash) or a breach of system security.
In C and C++, there are no automatic bounds checking on the buff er – which means a user can write past a buffer. For example,
int main ()
{ int buffer[10]; buffer[20] = 10;
}

Types of Buffer Overflow

1. Stack-Based Buffer Overflow


1. Stack buffer overflow occurs when a program writes to a memory address on the program’s call stack out-side the intended data structure
usually a fixed length buffer
2. “Stack” is a memory space in which automatic variables are allocated
3. Function parameters are allocated on the stack and are not automatically initialized by the system, so they usually have garbage in them
until they are initialized
4. Once a function has completed its cycle, the reference to the variable in the stack is removed.

Handouts by Dr. Bhavin Shah 17


Handouts by Dr. Bhavin Shah

Tools & Methods used in Cyberline


The attacker may exploit stack-based buffer overflows to manipulate the program in various ways by overwriting:
1. A local variable that is near the buffer in memory on the stack to change the behavior of the program that may benefit the attacker.
2. The return address in a stack frame. Once the function returns, execution will resume at the return address as specified by the attacker, usually a user
input-filled buffer.
3. A function pointer, or exception handler, which is subsequently executed. The factors that contribute to overcome the exploits are
a. Null bytes in addresses
b. Variability in the location of shell code
c. Differences between environments.

2. NOPs: NOP or NOOP (short form of no operation or no operation performed) is an assembly language instruction/ command that effectively does
nothing at all.

3. Heap Buffer Overflow: Heap buffer overflow occurs in the heap data area and may be introduced accidentally by an application programmer, or it may
result from a deliberate exploit. In either case, the overflow occurs when an application copies more data into a buffer than the buff er was designed to
contain. The characteristics of stack-based and heap-based programming are as follows:
1. “Heap” is a “free store” that is a memory space, where dynamic objects are allocated
2. The heap is the memory space that is dynamically allocated new(), malloc() and calloc() functions
3. Dynamically created variables are created on the heap before the execution program is initialized to zeros and are stored in the memory until the life cycle
of the object has completed. How to Minimize Buffer Overflow Although it is difficult to prevent all possible attacks, the following methods will definitely
help to minimize such attacks:
1. Assessment of secure code manually
2. Disable stack execution
3. Compiler Tools

Tools & Methods used in Cyberline


Attacks on Wireless Networks Even when people travel, they still need to work. Thus, work seems to be moving out of the traditional offices
into homes, hotels, airport lounges and taxis. The following are diff erent types of “mobile workers”:
1. Tethered/remote worker: This is considered to be an employee who generally remains at a single point of work, but is remote to the
central company systems
2. Roaming user: This is either an employee who works in an environment (e.g., warehousing, shop floor, etc.) or in multiple areas (e.g.,
meeting rooms)
3. Nomad: This category covers employees requiring solutions in hotel rooms and other semi tethered environments where modem use is still
prevalent, along with the increasing use of multiple wireless technologies and devices
4. Road warrior: This is the ultimate mobile user and spends little time in the office; however, he/she requires regular access to data and
collaborative functionality while on the move, in transit or in hotels.

Handouts by Dr. Bhavin Shah 18


Handouts by Dr. Bhavin Shah

Tools & Methods used in Cyberline


Wireless technology is no more buzzword in today’s world. Let us understand important components of wireless network, apart from components such as
modems, routers, hubs and firewall, which are integral part of any wired network as well as wireless network.
1. 802.11 networking standards: Institute of Electrical and Electronics Engineers (IEEE)-802.11 is a family of standards for wireless local area network
(WLAN), stating the specifications and/or requirements for computer communication in the 2.4, 3.6 and 5 GHz frequency bands.
2. Access points: It is also termed as AP. It is a hardware device and/or a software that acts as a central transmitter and receiver of WLAN radio signals.
a. Free Wifi Hotspots
b. Commercial hotspots.
3. Service Set Identifier (SSID)
4. Wired Equivalent Privacy (WEP)
5. Wi-Fi Protected Access (WPA AND WPA2)
6. Media Access Control (MAC)

Traditional Techniques of Attacks on Wireless Networks


1. Sniffing: It is eavesdropping on the network and is the simplest of all attacks. Sniffing is the simple process of intercepting wireless data that is being
broadcasted on an unsecured network
2. Spoofing: The primary objective of this attack is to successfully masquerade the identity by falsifying data and thereby gaining an illegitimate advantage.
a. MAC address Spoofing
b. IP Spoofing
c. Frame Spoofing
3. Denial of service (DoS)
4. Man-In-The-Middle Attack (MITM)
5. Encryption Cracking

Identity Theft
• Identity theft is the act of wrongfully obtaining
someone’s personal information (that defines
one’s identity) without their permission.
• The personal information may include their
name, phone number, address, bank account
number, Aadhaar number or credit/debit card
number etc.

Handouts by Dr. Bhavin Shah 19


Handouts by Dr. Bhavin Shah

Identity Theft
Hacking or gaining Misuse of photo Credit/Debit
access to Social Media copies of identity Card Skimming
Accounts proofs

Case 1: Hacking or
gaining access to
Social Media Accounts

Handouts by Dr. Bhavin Shah 20


Handouts by Dr. Bhavin Shah

Case 1: Hacking or
gaining access to
Social Media Accounts
Contd…

Handouts by Dr. Bhavin Shah 21


Handouts by Dr. Bhavin Shah

Case 2: Credit / Debit


Card Skimming

Case 2: Credit / Debit


Card Skimming
Contd…

Handouts by Dr. Bhavin Shah 22


Handouts by Dr. Bhavin Shah

Thank You…!!!

Handouts by Dr. Bhavin Shah 23

You might also like