2.1. Introduction the world.

The ce It is typically carried out ard

cyber by e-mail
used in all
walks of
life throughout
of people. However. sa system enter details at awebsite. PayPal,
or instant messaging and often directs users to
The Internet
is being
to a
wider spectrum
contains criminal inal oe eople are common targets.
eBay, online banks and social
networking sites are
providing a way
to
communicate
committing
offences.
Cybercrime
offences in four 3. Spamming
rd N
power for
exploiting its
different categories: availability of computer data-an Spamming involves the use of electronic messaging
1. Offence against
confidentiality,
integrity and system messages, usually by broadcast. In systems to send unwanted bulk
layman's terms, it can be defined as the
2. Computer-related offences
of the Internet with unsolicited and flooding
unwanted messages.
to unsolicited bulk Cybersecurity
messages that are sent through e-mail, instant
spam refers
3. Content-related offences
rights
messaging
digital communication tools. It is generally used by advertisers because
or other iot
of copyright and other related there are no
to the infringement
4. Offences related
system occurs when an
operating costs involved beyond that of managing e-mailing lists.
access to a computer attacker
related to illegal 4. Cyber Defamation
Cyber offence without access rights. Intero
accesses an entire
or any part
of a computer system erception The term defamation is used to define the
access rights is treated as cyber offence" injury that is caused to the
of computer data in
transmission without Any person in the eyes of a third person.
reputation of a
attacker that results in damage,
deletion, deterioration, alteratior
tion
interference by an
Cyber defamation refers to the publishing of defamatory material, which
without access rights, is also called a cyber offence. Such spoils
compression of computer data, someone's reputation, with the help of computers or the Internet. If
of computer systems as well as underlying networks. someone publishes
cyber offences hamper the functioning some defamatory statement about some other person on a website or sends e-mails
containing defamatory material to other persons with the intention to defame, the person
2.2. Categories of Cybercrimne about whom the defamatory material has been made, then that would
amount to cyber
on the target and defamation. The harm caused to the person against whom the
There are many types of cybercrime that prevail in the system depending defamatory statements
nature of the crime. The cybercrimes can be broadly classified into four major categories have been made is ireparable as the information is available to the entire world.
5. Cyber-Stalking and Harassment
described as follows:
Cyberstalking is a criminal practice whereby a person uses the Internet, cell phone, and/
2.2.1. Cybercrime AgainstIndividual or any other electronic communication device to stalk another
person. The perpetrators
ins are involved in the destruction of data or equipment, solicitation of minors for sexual
Cybercrimes against an individual involve actions that are taken to harm an individual.
category consists of various crimes: purposes, threats, or any other form of offensive behaviour committed repeatedly. The
offenders make use of e-mail, social media, chat rooms, instant messaging or any
1. E-mail Spoofing and Online Frauds
other online media to harass their victims. Forbes defines online harassment or cyber
A spoofed e-mail is one that appears to come from actually
a legitimate source but has a .com harassment as repeated online expression amounting to a "course of conduct' targeted
been sent from an
illegitimate source.
Suppose your e-mail id, say, snena at a particular person that causes the targeted individual substantial emotional distress
has been spoofed by an re
Since the e-mails
attacker who sends obscene e-mailstto all your acquainta and/or the fear of bodily harm. Onine harassment includes public actions or threats
and
appear to originate from your e-mail id, your friends think t i false accusations of defamatory nature, hacking or vandalising of sites belonging to the
might take offence. victim, sexual remarks, published materials defaming a person, personal targeting of
2 Phishing the victim and ridicule or humiliation of the victim in order to gang up against him.
Phishing is an attempt to criminally and 6. Computer Sabotage
sitive information, su
as
usernames, passwords, and fraudulently acquire sensit Sabotage can be defined as a deliberate and malicious act that resuits in the disruption
credit card trustwort
entity in an electronic
communication.
details, by masquerading as
oa of normal processes and functions or the destruction or damage of equipment
information.

or
Cyber Offences (2
24
 intended to disable
to disable co
computers
attacks
tor.
sabotage
involves
deliberate

commerce,
education
and r e c r e a t i o n
pers
de.ona
2.2.3. Cybercrime Against Organisation
Computer such as

n e t w o r k s for
the p u r p o s e ofdisrupting criminal
conspiracies,

and Cybercrimes that target an organisation are of various kinds discussed as follows:
or
facilitating
of
Investigation, it ccosts
Investigation,
oste
billions
committing
espionage:
Federal
Bureau
1. Unauthorised Access
to the identity theft and repair
gain: and to r

human trafficking.
According
damages
such as vital Unauthorised access is when someone gains access to a website,
recover

in legal fees to
and 911
services. program, server,
of dollars
hospitals,
banks service, or some other system using someone else's account or other methods.
serves
that
infrastructure
Unauthorised access could also occur if a user
Pornographic Offences of using cvberen attempts to access an area of a system
defined as
the act to he/she should not be accessing. Computer information
is, in simple
words,
materials
systems are vulnerable to
Cyber pornography pornography
or obscene
With information invasion by unauthorised users.
or publish
distribute. import, has now been larool
create, display,
traditional pornographic
content
ely 2. Password Sniffing
cyberspace,
the advent of content. Password sniffing is atechnique used to gain knowledge about
by online/digital
pornographic passwords by monitoring
replaced traffic on a network. Tools like password sniffers can be installed on host machines to
8. Password Sniffing the Internet scan all incoming and outgoing network traffic.
usernames and passwords from a
steal
that is used to
This is an attack usernames and passwards
rds 3. DOS Attacks
network packets. Then,
utilised to capture
sniffer program is A Denial-of-Service attack is meant to shut down the target machine
those packets by making it
are stolen by analysing inaccessible to its intended users.This attack involves flooding the target with traffic.
2.2.2. Cybercrime Against Property 4. Virus Attacks
are credit card frauds, intellectual property A virus is a piece of code which is
Some of the popular crimes against property capable of copying itself and/or attaching itself to
other pieces of code. It typically has a detrimental effect, such as corrupting the system
crimes and Internet time theft.
1. Credit Card Frauds
or destroying data. Details about virus types and their countermeasures will be dealt
with in Chapter 4.
credit card as a fraudulent source of
A theft or fraud committed using or involving a
5. E-mail Bombing
funds in a transaction.
In Internet usage, an e-mail bomb is a form of net abuse
consisting of sending large
2 Intellectual Property Crimes
volumes of e-mails to an address in an attempt to overflow a mailbox.
Cyber theft of intellectual property (IP) means stealing of copyrights, trade secreis
6. Salami Attack
patents. etc. using the Internet and computers. Frequently stolen forms of
t is anattack which merges bits of seemingly inconsequential data to yield
or a unique recipe powerful
copyrights and trade secrets. For example, stealing ofsoftware For example, a bank calculates interest on accounts. A programmer slices off a
well-known dish is a kind of IP crime results.
fraction of a cent and puts it in his/her own account. No one notices the missing partial
3. Internet Time Theft
cent. Over a period of time, the programmer makes lots of money.
n is
Internettime/bandwidth theft is a crime where the Internet connection o To cite an example, an employee of a bank in the USA had his employment
Used by a criminal who gains access to the
a m e

Angered by the supposed mistreatment by his employers, the man introduced a logic
terminated
victim's account details lIke oel
and password by fraudulent means. Internet

bomb into the bank's servers. The logic bomb was programmed to debit ten cents
The criminal can, thus, use the
account for free Internet access, the victim victim.

from all the accounts registered in the bank and transfer them into the account of the
cost of which will have to be borne Dy u
person whose name was alphabetically the last in the bank's records. Later he opened
an account in the name of Ziegler. The amount transferred was so litle that nobody
noticed the fault. However, it was brought to light when a person by the name of Zygler
opened his account in the same bank. He was surprised to find a large amount of
 the
the

account every
week. He reported

'mistake' to the
money
being
transferred
into his

employee
was
prosecuted.
2.2.5. Cybercrime AgainstSociety
the
former The following classes of cybercrime come under crime against society.
bank and
tly incorn
incorporated
7. Logic Bomb
bomb is a set of
instructions secretly

the instructions will be

into 1. Forgery

As per
Wikipedia,
a logic
particular
condition is satisfied,
caried Forgery is the act of making an ilegal copy or imitation of a document, signature,
such that if a banknote, or work of art. When the object forged is a record or document, it is often
program
with
harmful effects called a false document.
out, usually
8. Trojan Horse
malware which
malware
which misleads users
users regardinn For example, if you painted a copy of the Mona Lisa and sold it to a museum, claiming
Trojan is any it was the original, your painting would be called a forgery and the crime committed by
horse or of the decenti. deceptive wooden
a Trojan Ancient Greek story
In computing. derived from the you would also be referred to as a forgery.
The term is is piece ofcode or program
codeOr
Simply put, it
a
its true intent.
that led to
the fall city
of the of Troy. malicious component.
Unexpected chana
nges t 2. Cyberterrorism
horse
first but has a result in threaten,
comoita Cyberterrorism is the use of the Internet to conduct violent acts that
or
harmless at are not using your
that appears even when you uter, terrorism where terrorist
and unusual activity, saci loss of life. It is also sometimes considered an act of Internet
Attackers use ocial
computer settings
somewhere.
horse is residing of computer networks,
indications that a Trojan
the Trojan. The Trojan delver activities include acts of deliberate, large-scale disruption
are strong into executing means of tools such
tactics to trick
the end-user especially of personal computers attached to the Internet, by
attachment or through
a free download
engineering e-mail and other malicious software and
an innocent-looking as computer viruses, computer phishing.
worms,
malware code in downloads the free program, the
attachment or hardware methods and programming scripts.
clicks on the e-mail
When the user
is transfered to the user's computing device.
hidden inside the Trojan 3. Web Jacking
task the attacker designed it
malware that is to
whatever
can execute This method is used in social
Once inside, the malicious code This term has been derived from the term hi-jacking.
attackers create a fake website. When this website opens. it redirects
carry out. media where the
website. It
then, gains control of the other
the user to another website. The attacker,
9. Data Diddling such as phishing or hacking:
into the computer system. is not rampant compared to other forms of cybercrime
of data before or during entry
Data didding is the changing for data entry
and
it is a cybercrimethat one must be wary of.
of forged or counterfeited
documents
however
Examples include the use

with modified replacements. Attacks?

exchanging valid disks and tapes
2.3. How Do Criminals Plan to locate the vulnerability of
their
2.2.4. Crimes Emanating from Usenet Newsgroup under Cybercriminals make of many tools and techniques
use
a computer system or a group
piracy come
u be an individual, an organisation,
network intrusions or software
can
target/victim. The target mode. They try to
Acts such as industrial spying, computer attacks in either passive or active
of computer systems. Attackers plan active attacks, they
this category of crime. in a passive attack.
Whereas. through
gain information about the target
1. Industrial Spying or the
try to alter computer systems. outside attacks. Attacks performed
of business trade secrets from competito inside attacks and
is the illegal and unethical theft
It
advantage.
Attacks canalso be categorised as
whereas attacker get information from
outside

practice of investigating competitors to gain a business called inside attacks

within organisations are more dangerous than
outside attacks
Inside attacks are always
2. Computer Network Intrusions is called outside attack. outsider attackers
resources than
an have more
result of because inside attackers
Any unauthorisedactivity computer network may be the
on a

Details about this are dealt with in the next chapter.

3 Software Piracy tion/sale

Ihe unauthorised or illegal copying or duplication of software or illegal al

of copyrighted software is termed as software piracy.
 of a cybercrime
planning
involved in the

are
three major
phases
Table 1 shows some of the farnous tools used for launching passive attacks.
The following "Reconnaissance"
ce' mean an
Table 1: Tools Used for Launching Passive Attacks
1 . R e c o n n a i s s a n c e

towards
cybercrime.

and gain every acd

explore .
It is the
first step
of
phase,
attackers

an
attacker
tries to
es
or services on the victim' possible CheckUserNames: It is an online tool used to find usernames across over 170 social

of
In this
reconnoitring.
resources,
vulnerabilities,

vides informati
provide
sltarget's networks. This is useful for the investigation to determine the usage of the same username
not
aboutsystem Foot printing
abo on different social networks. It can aiso be used to check for brand company names,
"foot printing'".
of those loonhol
information
referred as just for individuals.
This is also and exploration he goal
system. loopholes

the overall system

structure,
understand
personal information about
the system, BuiltWith: BuiltWith detects technologies used at particular websites on the Internet. It
any otha
is to
this phase ports and anv
ports other related
attacker in running those
on those
includes ful detailed information about CMS, JavaScript and CSS libraries, web server
ofthe networking ports
and services
and
active and passive
passive phases
the target, information is
gathered in type, SSL provider as well as web hosting provider used.
reconnaissance,
information. In is the
WHOIS: It is a domain registration lookup tooi. The WHOIS database of a domain
Passive Attacks duals
about individua or organisations publicly displayed information about a domain's ownership. billing, technical, administrative
information They the domain up
Passive attacks
are used
to gain data about a target withouts and nameserver information. Running a WHOIS on your domain will look
Such attacks involve gaining information. Ali domains have WHOIS information. WHOIS
information. at the registrar for the domain
confidential
exploit become much easier for an attack
acker to
Intermet era, it has e-mail
In today's database can be queried to obtain administrative contact details, including names,
knowledge of the target. about a target. to the target
addresses, telephone numbers, mailing addresses for office locations relating
information
launch a passive attack to gather follows:
information about the target are given as
organisation and details of authoritative name servers for each given domai.
Some of the simple ways to gather
Gather information about the target by searching Nslookup: The Nslookup command is used to query Internet
name servers interactively

Use Google or other search engines:

about a named domain.
for information. It is a useful tool for finding out information
on Google.
Facebook, Twitter, and Linkedin. Traceroute: The traceroute command is used to discover the routes
that packets actually
social media websites like
Social media: Search on
route information that
take when travelling to their destination. It prints the complete
in social media to avoid
Use properly privacy setting packets take to reach the network host.
attacker may get detailed employee information usingan
Organisation website: An eMailtrackerPro: eMailtrackerPro is an e-mail header analyser
tool which gives detail
organisational website. sender's details.
e-mail tracing information and discloses the original
sources where an attacker can easily get
press release: These
are new local directory by building
Blog or
HTTrack: HTTrack allows the download of a website to a
or individual information. and other files from the server
company
The job proie recursively all directories, and by getting HTML, images,
an existing mirrored site and
person. about a resume
valuable information to the user's computer. HTTrack can also update
Job posting: A job profile provides
the of technology, that is, software, sere
of a technical person can give data about type interrupted downloads.
database or network devices, a company is using on
its network.
work

Network sniffing: This attack is used to gather

information such as IP
address, new
and other valuable services on the network.
range, hidden server
Active Attacks
or alter a
system. They may ay havo
have an
used to
manipulate
m a t i o n from the
passie
effecl qn Filesnarf: Filesnarf saves files sniffed from NFS traffic in the current working directory
Active attacks
are mostly
authenticity
of data.
and availability
I n f o r
phase acts
verifies and gathers inforn
verifies Fping: Fping is a program like ping which uses the Internet Controi Message Protocol
the integnity. the attacker on (P
In this phase, personal informationi
on echo request to determinge if a target host is responding. in fping. you can specify any
to the active phase. hidden server, his is aso
as input network range, number of targets on the command line, or specify a fiie containing the lists of targets to
system, complete picture
about the security
abo
address, operating
active
reconnaissance.
It gives a
used for launchi
c o m m o n tools used
measurer ping, Instead of sending to one target until it times out or replies. fping will send out a ping
referred as
system.
Table 2 shows
some
acive packet and move on to the next target in a round-robin fashion. Unlike ping. fping is meant
enforced at the target to be used in scripts so its output is designed to be easy to parse.

attacks Active Attacks Fragroute: Fragroute intercepts, modifies and rewrites egress traffic destined for the
Used for Launching
Table 2: Tools and. Specified host. In simple words, fragroute fragments packets originating from our (attacker)
trafic on a network interface
is a tool that
listens to all reports It is used by security personnel or hackers for evading
Arphound: Arphound IP conflict,, IP changes, IP addresses with system to the destination system.
events such as IDS/IPS detections and alets, etc. Also, pen testers use it to gather
no RDNS, variouspairsas well as
ARP spoofing and packets not using the expected gateway. Reno. ed b firewalls, avoiding
IP/MAC address
information from a highly secured remote host.
in a format that can be easilv nare
to syslog number of
to a specified file or
Hmap: Hmap is a tool for fingerprinting web servers. Basically, it collects a
is done to stdout,
closest match. The
characteristics and compares them with known profiles to find the
scripts
attached network link by sending link Layer ftamae
nes
closest match is its best guess for the identity of the
server.
hosts on the
Arping: Arping probes request method
addressed to a host identified
and analyser for the TCP/IP protocol. It is one of
Resolution Protocol (ARP) Hping: Hping is a free packet assembler
using the Address and testing of firewalls and networks. It
was used to
address of the network interface the de facto tools for security auditing
Scanner.
by its MAC is now implemented in the Nmap Security
a point-to-point link by sending
ICMP ECHO exploit the idle scanning technique. It
determines bandwidth on the Tcl language. It implements
Bing: Bing different packet sizes on each The new version of hping, hping3, is scriptable using
their roundtrip times for human-readable description of TCP/IP packets
so that the
REQUEST packets and measuring while Host2 is the other an engine for string based,
to be the nearest end
of the link, and analysis
related to low-level TCP/IP packet manipulation
end of the link. Host1 is supposed programmer can write scripts
in a very short time.
end.
a network
administration command URL will take to connect, send a request
and retrieve
Groper. It is
Dig: Dig stands for
Domain Information
It is useful for verifying Httping: It shows how long the given the latency of
servers. the latency of the web server plus
Domain Name System (DNS)
name It measures
the a reply (only the headers).
line tool for querying DNS lookups. It displays
DNS problems and also for performing the network.
and troubleshooting the dsniff package of
network security
servers that were queried. of the tools included in
answers that are
returned from the name Mailsnarf: Mailsnarf is one
network
gets is to and from an Ethernet
Domain Name Server (DNS)
transferred
of reading e-mails
determines where a given know ne auditing tools. It is capable the computer running
mailsnarf is on,
DNStracer: DNStracer which is limited to the LAN
chain of DNS servers
back to the servers device. The use of mailsnarf
information from. It follows the the name. with arpspoof.
non-recursive request for unless it is used in conjunction
name-server a HTTP traffic in CLF (Common
data. It sends the specified Control Messag requested URLs sniffed from
(Internet Urlsnarf: Urlsnarf outputs all offline post-processing with your
line tool to send ICMP ich suitable for
almost all web servers)
small command
Fping: Fping is a as in ping. However,
fping performs m Log Format used by
to network hosts, just tool.
Protocol) echo request
differs from ping in that you
can
de favourite weblog analysis
networks for NetBIOS
name information.
hosts. Fping totaly for scanning IP
better when pinging multiple with the list of IP addresses NBTscan: NBTscan is a program and lists received
command line or specify
a file each address in a supplied range
number hosts on the
of NetBIOS status query to lists IP address, NetBIOS
any t sends it
each responded host,
a
human-readable form. For
hosts to ping. penetration te
information in
and MAC address.
network auditing and ey username

collection of tools for computer name,

logged-in
Dsniff: Dsniff is a protocol and uses bi
each application
detects and minimally parses CyberOffences 33
automaticaly authentication attempts.
logging unique
DB as its output file format, only
 writi. Doard Nc
for reading
from and writing to nelwork
Netcat:
Netcat is a
computer

UDP This
networking

command
tility
is designed
to be a
nandable back end
dependa
and scripts. At th.
XProbe2: XProbe2 is an active operating system fingerprinting tool with a different
therboard No
using
TCP or
driven by other
programs

it
same time approach to operating system fingerprinting. It relies on fuzzy signature matching.
tool since
connections
Dre
easily can

that can be used

directly or
and
investigation

capahi amo probabilistic guesses, Simultaneous multiple matches, and a signature database.
network
debugging number of built-in
feature-rich
need and has a 2. Scanning and Scrutinizing
it is a could
nd it ecan
port istening, and
user e
its and be
phase, the attacker collects the validity of information as well as finds out the existing
connection

any kind of
scanning,
file transterring,
used In this
port
of features
include
vulnerability. This phase is also referred as "enumeration". The objectives of this phase are hoard Not
on a computer
network. th
as a backdoor.
hosts and
services
Creat to:
discover crafted pact
is used to it sends specially to he 1. Validate user accounts and groups
Nmap: Nmap accomplish its goal,
network. To extend its discovenv
a
of the
"map It is able to 2. Explore lists of network resources and shared network devices
and then analyses
the responses.
and which ports are on
target host host is up or down and 3. Find diferent types of operating systems and applications running on the target system.
figuring out
whethera
of tne target,
names and versions
of the o
beyond simply operating system t is a key phase before the actual attack takes place.
determine the presence of a firewall.
closed; it can device and
type of
estimated uptime, Various scanning techniques used by attackers are stated as follows.
listening services, server a s s e s s m e n t
tool to find potenk
tial those
scanning: Identify all ports, port status (open/closed), services running
use web on
popular and easy to Port
Nikto: Nikto is a very ports, etc.
vulnerabilities very quickly.
problems and and networks for onen the IP address of the target and related
of a list of addresses open Network scanning: Understand and verify
ScanSSH: ScanSSH
supports the scanning possible, ScanSSH network information before launching an attack.
servers. Wherever
servers, Web,
and SMTP
proxies, SSH protocol services. ScansSH protocol
scanner supports
Vulnerability scanning: Check and understand loopholes in the target system.
version number of
the running
displays the network ranges. It is useful for gathering
addresses from large 3. Launching an Attack
selection of IP or the Internet as a
the random s e r v e r s in a company to launch the attack to gain system
the deployment of
SSH protocol Once step two is completed, the cyberattacker is ready
statistics on him/her listed as foilows:
information. The steps that will be followed by are

whole. used to guess

SMTP server version detector. It can be Crack the password
SMTPscan is a remote
SMTPscan: SMTP banner.
on a remote server that may hide its Exploit the privilege
which is used
the mail software
used command-line packet sniffer Execute maliciouscommands
the most powerful and widely
TCPdump: TCPdump is filter TCP/IP packets
that are received
which is used to capture or Hide files
or package analyser
tool under most of the
interface. It is available track
a network on a specific Final but most important step-cOver the
or transferred over
the option to save captured
Linux/Unix based operating systems.
TCPdump also gives us

packets in a file for

future analysis. 2.4. SocialEngineering
editing and replaying
humans
utilities for social engineering targets the unwitting
is a suite of free open-source Unlike other threats in information security,
TCPreplay: TCPreplay traffic patterms and even protecting the information systems.
network traffic. Originally designed to repilay malicious who are operating, maintaining. overseeing
sensitive to
captured
previously including capaou attacker tries to gain the trust of the victim so as get
evolutions In social engineering, an
systems, it has seen many a very high level of
intrusion detection/prevention access to the system. It does not require
information required to gain tricks to
to web uses psychological
social skills. A social engineer
servers.
to replay on
gven

technical expertise but needs

tool for determining what application is listening a in organisations in order to gain
access to computer

THCAmap: THCAmap is
a followed
obtain the policies and practices
port systems.

Cvber Ctenues
 someone,
in er
person, o v e r the phone or
ofsecurit
either persOnaby
deceiving

is the
practice
of
breaching
s o m e level y company by wearing a uniform and being present at the location to help the victims. By
intent of
engineering
the trustrust of legitimate
Social
computer,
with the
express
social skills
to gain people. Onte gaining their trust, the attacker later gets confidential information. Pretexting is one of
using a engineers
use
skills to obtain i informaon ah the aspects of social engineering that is almost
Social and
non-technical

an abou entirely psychological

in nature.
technical

activities lilke fog

professional.

they try
or comprises
established, Social engineering 2. Baiting
the trust is systems.
exit
its computer and clear
organisation
or manipulation It is a technique in which the attacker places a "baie" for the victim to take on his/her own
an psychological

printing,
trust
establishment,

engineer
tries to accumulate
ation
information regarding initiative. One of the typical exampies of baiting is leaving one or more USB flash drives
a social
It gives the list of individuals with containing a malicious executable at a place where the victim is likely to notice them.
In this,
Foot printing:surrounding environment.

victim and its improve the

chances of attacks. The : attacks. The informati The victim would take it out of curiosity or greed and unintentionally help the attacker to
relationship to
establish a onal details of the cross the malicious payload over the security
attacker can
includes personal
and professiona boundary that the attacker himself/herself
gathered during this stage location information, etc. ofa cannot physically break with adequate access control.
organisation chart, paricula
department information, social engineers to gather such information ar 3. Role Playing
organisation.
Tools used by reepy This is one of the important weapons used by sociai engineers. Generally. it involves
SET and Matgo. requesting or gathering information through e-mails, phone, online chat sessians
After getting the possible list of targets, the attacker tris
Trust establishment: other methods that legitimate companies use for online interaction with the public.
an employee or some other persar
develop a relationship with the target, usually, Sonnel Social engineers pretend to be a helpdesk employee or technician with helpless or
rapport with them. Once the trust is establishad
linked to the victim and develop good
a
important users to get confidential information.
confidential and sensitive information which can cause severe
it can be later used to gain 4. Dumpster Diving
or a business.
harm to an individual, an organisation,
t involves examining of trash for any kind of sensitive/confidential information leaks.
a social engineer starts manipulating
Psychological manipulation: Using social skills, Most of the organisations dump items like organisation phone diary. system
the trust he/she has gained to extract as much confidential/sensitive information related manuals
organisation chart, policy manuals, old documents containing sensitive data or login
to target as possible so as to penetrate into the system with ease. On the collection of names and passwords, etc. An attacker can find huge amounts of information about
the required information, the social engineer can start manipulating other people whose
the organisation and its employees from these dumpsters. This method of searching
information was obtained from the previous target or move towards exploiting the system through the dumpster to get personal, sensitive and confidential and potentially useful
Clear exit: After extracting confidential/sensitive information, the attacker has to make a information is known as dumpster diving. Many organisations are adopting document
clear exit so that nobody suspects anything. The attacker has to make sure that no trace disposal/shredding policies to get rid of such social engineering attacks.
is left which will reveal his/her real identity or link him/her with any kind of unauthorised 5. Shoulder Surfing
access into the target system. Shoulder surfing is an extremely simple sociai engineering method. It is carried out
by simply looking over a victim's shoulder to observe and get sensitive/confidential
2.4.1.Types of Social Engineering Attacks information (e.g. password, PIN, etc.) that is being typed by the victim. This can be
1. Pretexting performed from a dlose range as well as from a long range using binoculars or other
tis one ofthe common social engineering methods wherein the attacker tries to creae vision-enhancing devices.
convincing fictitiousscenarios using e-mail or phone to extract personal tion.
6. Phishing
The victim easily believes the into
pretext assuming that the attacker is a legitimate pei In this technique, the attacker designs and uses websites and e-mails which look
and submits sensitive information as a of
favour to the attacker. Typical examp like those of well-known and legitimate businesses, government agencies, financial
pretext are asking to participate in a survey, research ction
organisations, etc., to deceive users into disclosing their personal and confidential
activities initiated by the attacker
projects,
h
Such
or similar data
information. The attacker falsely claims to be an established legitimate enterprise to
impersonating as legitimate agencies. tion on
requests, the victim starts giving valuable information or scam the user into submitting private information which will be further used for identity
performing the asked
behalf of the attacker. In some cases, the attacker can claim to be working a a utilty theft.
o
Cyber Offences
36
 Forums
Online
Websites
and enary information about
primary
informatin
Social Engineering Cal (3)
to gather
s, ph0n
ids, phone numbers
O r g a n i s a t i o n
approach
this e-mail
7. Surfing
generally
use organisation, A call is made to the main switch board of the organisation.
engineers about a n website and
and other
other o
open
p e n forums
meeting had
Sam: Hi, I'm calling from Agency Group and l wonder if you could help me. I
Social a
to identify This
information website
Lots of 's
the attacker to th
organisation
the crashed
by
with some of your HR people about a month ago but unfortunately my computer
victim/target.
on used
available
refined
and
are openly further
etc., be
gathered
information
can
and I have totally lost their narnes.
Have you any idea at all of
victim and
attack policy. Reception: Sure, no problem. Let me look up that department?
Engineering Case Study their names?
in the meeting
2.4.2. Social Social
Engineering
Call (1) Sam:I know that one of them was the head of HR. There were many people
from a social ene
board of an
organisation
though. number is
main switch here we are. The head of HR is Mary Killmister. Her phone
made to the Reception: ...ok,
A call is through to
meone
san.
me
(Sam) mobile phone. phone can you put 0207 xxxxxxx.
with my desk HR?
a problem bell. What are the of other people in
Sam: Hi, I'm having
names
out for me?
Sam: Yes, that rings a
to sort this
who might be able In HR, there are Jane Ross, Emma Jones... <list of names.>
Reception: Connecting you. Reception:
numbers. please?
Phone services: Hi! here. Is there any wa Sam: Yes, Jane and Emma. Could I have their
Sorry, Im new way
with my desk phone. Jones is Would you like me to
Reception: Sure, Jane Ross is xooox and Emma
xxooox.
a problem
Sam: Hi, I'm havingis there a caller ID?
calling me? Is
Ican find out who
no. Because we
use hot desks here and
because people usually put you through to any ofthem?
Phone services: Not really, for you? to Emma.
related to a name. Is this a problem Sam: Yes, could you please put me through
caller ID isn't often
use their mobile phones, the
No, it's fine now. I
understand. Thanks, bye. Sam now knows the names of3 people in HR includingthe name of its head.
Sam: uses hot desks and
that phone caller ID is
Sam now knows that the company Social Engineering Call (4)
and therefore not an issue if a
call is made from outside the
not always expected anyway. HR: Hello, Emma here.
company. Ifitwas expected,then Sam could work around it Sam: Hi Emma, this is Eric from facilities security in building
3. I wonder if you can help
It crashed last
Social Engineering Call (2) me. We have had a problem here with the access card database computer.
starters has been deleted. Do you know
who would
A call is made to the main switch board of the organisation. night and some ofthe data for the new weeks? The
starters who have joined within the last 2
Sam: Hi, could you put me through to the building security. be able to tell the names ofthe new them and
have stopped working? We need to contact
Reception: OK. access cards of those people would
Building security: Hello, how can I help you? let them know ASAP
Sam: Hi, I don't knowifyou will be interested but I found an access card outSI your and e-mail them to you if that's ok.
Emma: I can help you with this. I'l look up the
names
building which I think someone must have dropped.
For the last 2 weeks, right?
Building security: Just return it to us. We are in building 3. thanks but would it be possible to fax it to me
Sam: For the last 2 weeks, yes. That's great
Sam: Ok, no problems. Could I ask whom l'm speaking to?
as we share one computer for by the computer crash too.
e-mail and that was affected
Building security: My name is Eric Wood, and if l'm not here give it to Neil. again?
number? And what's your
name
Emma: Yes, ok. What is your fax
Sam: Ok, that's great. I will do that. Are you the head of the building security? call
have to find out the fax number for you and
Sam: Mark it for the attention of Eric. I'l
Building security: I's actually called facilities security and the head is Peter Reeu
Sam: Ok. Thanks a lot. Bye. youback.
This conversation told Sam the name of a number of people in security,
name of the department, the name of the head of the security. He also go know
that they are the ones who deal with physical access
cards.
 out the
information.

Sam:I don't know. How can he send it to me then? Could he zip it or something?
take to find
Emma: Ok. will
know
how long it minutes.
IT Support: Zip files are allowed, Sir.
Sam:
Do you
me
more
than 30
as it's quite urge
gent. Sam: Ok. One more thing. I can'tseemto see my Norton anti-virus icon in my system tray
away
shouldn 1 take on it straight
It working the The last place I worked, there was a little icon.
afterno
names.
Emma: have
to start should
be able but
to ca
moming
Sam: Wil you this
IT Support: We run McAfee here. It's just a different icon, the blue one.
to do would you be able
few things done,
a
you re
Emma: Ihave Emma,
thanks.
When
Sam: That explains it then. Thanks, bye.
Sam: That's
great,
reactivating
their
cards?

Sam now knows that to send an executable file via e-mail, the
file will have to be
start
away so I
can
number?
zipped first and be less than 5 MB. He also knows that the organisation
is using
What is your to get m
get me. It's
07970
guaranteed

way you're
sure.
Emma: Yes,
mobile
number
that McAfee anti-virus.
1'1 give you my
Sam: Social Engineering Call (6)
xxoxox. I have the list. call from Emma in HR.
sure. I'll call you
when
A few hours later, a
Emma: Ok,
appreciate this. Emma: Hi, is that Eric?
thanks.Really
Sam: Excellent, Call (5) Sam: Yes, hi.
Social Engineering
starters list for you. Do you want me to fax it?
switch board of the organisation. Emma: I have the new
the main
call is made to That would be great. How many are there?
A Support? Sam: Yes, please.
through to the IT
Sam: Could you put
me
Emma: About 10 people.
There is a long wait in the queue. here. Could you please read them out to
Reception: Connecting you... reference? Sam: I'm not sure if the fax is working properly
number or your case
I have your LS
IT support: Hello,
can
me.I think that will be quicker?
question. Is that ok? Emma: Ok. Do you have a pen?
Sam:/'vejust got a quick
it? Sam: Yes, go ahead.
IT support: What is presentation and is asking
me what the name is Roger Weaks. <lists names>..
from Reuters is trying to send me a Emma: Sarah Jones, sales; her manager's
Sam: A guy
is. help. Bye. real
maximum size for attachments Sam: Ok, thanks. You have been a 2 weeks. He also
now has a list of new starters
who have joined within the last
Its 5 MB, Sir. Sam
IT support He said it's an exe file and sometimes they belong to and their manager's name. The new starters are
thanks. Ow, one more thing. has the departments
Sam: That's great,
engineering than long term employees.
those get blocked orsomething. many times more susceptible to social
the virus scanners will stoplt Social Engineering Call (7)
an executable file as
IT Support: He won't be able to send
switch board of the organisation.
Why does it need to be an exe file? A call is made to the main
what the format of your e-mail
I'm not sure
I am trying to e-mail Sarah Jones but
Sam: Hi,
addresses is? Do you know?
[email protected]
Reception: Yes, it would be

Sam: Thanks.

Cyber Offences4
 E-mail (1)
Engineering
Social
Sam: Yes. And it's always dificuft to remember everyone's name. Has Roger introduced
sent.
e-mail is |you around?

a
spoofed
later,
Minutes
from: [email protected] ... much small talk to build up a rapport.
t o : [email protected]
Sam:..Emma Jones is very nice in HR if you need any help with that side of things.
Sarah: Yes, Emma did my HR interview for the job.
subject: IT Security

made aware of the com Sam: Well, I better run through the security presentation with you. Do you have your e-mail
Sarah, will need to
be ompany
As a new starter
to the company,
you
specifically the employees
aptable leYSI
"Acceptable Use Policy open? l'll send you the security presentation now and talk you through it.
procedures and Sarah: Ok. I see the e-mail.
securitypolicies and acceptable u s e of
computer en
to outline the
The purpose of this policy is
These rules are
in place to protect the employee and the son Sam: Ok. Just double clickon the "Security Presentation.zip" attachment.
<Company Name. N a m e to risks including virus atto Sarah: It has come up with WinZip.
Name>. Inappropriate
use exposes
<Company attacks,
and services, and legal
systems
issues. Sam: Just click extract and double click on "Security Presentation"
compromise of network
This policy applies to employees, contractors, consultants, temporaries, and otherwo.
kers Sarah: ok ..
all personnel affiliated with third parties. This policy plies The executable that she has run is, in fact, a cleverty packaged series of scripts and tools
at <Company Name>, including
to all equipment that is
owned or leased by <Company
Name>.
Created by a wrapper program, including within it the RAT (Remate Access Tool), a rootkit
discuss this with you. and keyloggers.
Someone will contact you shortly to When she dlicks on the file, the presentation immediately starts. This is just a branded
Regards, series of PowerPoint slides telling her not to run executables that she is sent, etc. etc., and
IT Security other good security practices
Social Engineering Call (8) |Afew seconds later .
|Acouple of hours later, a call is made to the main switch board of the
organisation. The scripts within the package start to disable McAfee and any other PC security that might
Sam: Hi, could you put me through to Sarah Jones, please? be found and try to protect the user. Then, the rootkit installs itself, hiding all future actions
from the operating system or anybody to do a forensic investigation.
Reception: Connecting you.
Sarah: Hello, Sales, how can I help you? Next, the RAT is hidden and installed. The RAT is made to start every time the
machine
Sam: Hi reboots and these actions are all rootkitted and hidden.
Sarah, Im calling from IT Security to brief you on the best practices to
security. You must have
got an e-mail about it. ensure The RAT then looks up any proxy
settings and other useful information and tries to make |
|Sarah: Yes, Igot an e-mail about it today. itsway out of the network and onto the Internet, ready to get its commands from its master.
Sam OK. EXcellent. It's All processes and TCP connections are hidden and even running things like netstat and
just a standard
procedure for all new starters and only takes task manager will not reveal them.
|5 minutes. How are you finding things here? ab0u
Sarah: Yes, thanks, it's beengreat. It's a bit Everybody being helpful? The RAT connects to the master. Sam now owns the PC and it is time to start looking
daunting starting somewhere aroundand really start hacking! Job done.
neW tnoug
 2.5. Cyberstalking
E n g i n e e r i n g

way to
way
protect againg
r
person. It
directed at a specific
Social effective

is no the form of online harassment

ikelhood o an escalated The action is to
Against there

Cyberstalking is
reduce
Defence
factor, to elashog
purpose.
distress and serves no legitimate
human ways
certain

2.4.3. involves
the
there
are
o r g a n i s a t i o n s
to
establish
clear and strong causes
substantial emotional
abuse another person.
Perpetrators
utilise social
media

emotionally information to
engineering However,

As
social attack.
important
for engineering. rhe following ane
The
annoy,
alarm, and
sometimes illegaly
accessed
accessible information and
social
engineering
also of misinformation
It is accounts, publicly and
threat
social attacks:
the rumours
perpetrators may also spread
a attacks.
reduce

about their targets. The

engineering
such
of to social
reduce the learn more
chances
s U c c e s s

processes

and against to
policies protection training intimidate them.
to discredit
or
home address, phone
be instrut
security a w a r e n e s s

(e.g.,
ensure

to victims
steps security must information about their
some
of the
must be
given The
employees
epor Cyberstalker may
obtain personal
meet their victims in person.
utilise this information to
information.

employee
Every sensitive/confidential from the Internet and
ch number)
leaking behaviour
to
authorities.

important
a s there may be a
chance tha
Works?
any
suspicious

of
employees
is very information about the organis 2.5.1. How It anonymity and
relative
verification
insider thoon that takes advantage
of the
to gather but also to form of harassment list
Background
organisation employees vendors Cyberstalking is a use the following
a t t a c k e r joins
the
only the regular
o r g a n i s a t i o n and
acco from law enforcement. Cyberstaikers
to not
the he the Internet provides intimidate or harm
an
be applied part of protection actions are repeated to
should
they
become
victims. The following
to abuse their
Verification
whenever

contractual
workers of actions
and web blog. or
organisation's network. to allow only authorised ople
Deont
people: online post. publication,
control
on an individual's
physical
access
Leaving messages or
comments distress.
be appropriate or cause emotional
There should to threaten, harass,
organisation. website with the intent
parts of the
an about organisation om unwanted.
restricted
is to be kept inappropriate and
access
information correspondence that is
policy on what irregularities are found, the Sending online that person's
name or
be a and if any materials oniline using
There should reviewed
another person and posting
other forums.
It must be Impersonating
websites and
team so as to likeness. with the
must be taken
care of. the security and social media pages)
activities should
be performed by
online materials (including websites, blogs. and defamatory
Creating disseminate false
Mock social
engineering
another person in
order to
organisation. and/or likeness of
in an
organisation's
name
keep track of security control policies for accessing an information or pictures. means to
access
person as a
T h e r e should
be strict and layered viruses to a specific
malware or computer
Purposefully sending
data. should be done his/her computer's security
and e-mail filters harass him/her or compromise order to
electronic devices in
anti-viruses
Installation and maintenance offirewalls, on an
individual's computer
or other
interact with
Employing spyware access, and whom they
regularly. the information they
strategy in the
organisation. track his/her movements,
There should be a proper incident response shoula e
discussion forums, etc., online.
public domain, blogs,
Usage of corporate IDs
on
Hacking an individual's computer an individual's
friends, family,
messages to
restricted. and/or harassing members
should not be accessed
in public places, a Sending defamatory teachers, or other community
students,
Confidential and critical online
resources
co-workers, neighbours,
employer,
or the
victim's name.
hotels, etc.
o n d e d

name
either in their
not be resp
financial information should
E-mail solicitations requesting personal or
unless
to.
be shared to anyon
Personal information or organisational details should never

the employee is certain of the person's authority to have that information.

Documents containing sensitive data should always be shred. Cyber Offences 4

 2.6. Cybercafe and Cybercrimes
C y b e r s t a l k i n g

Against
for youngsters for public
cyberstalking

Defence against media

platforms
ns. cybercafes have become the favourite place
2.5.2. In recent years,
defend social
of e a s e of use to
help to settings Even though it gives
access point and online game playing zone.
The
following
points
can

how to use
privacy
security
option a sand when availabla
and w h e n
Internet
is also the most loved place of cybercriminals.
this public access point
access the Internet,
learn authentication

and
double lack of awareness of cybercrime
U n d e r s t a n d

or
can easily hack visitors' data because of a
Make u s e
of the
two-factor

accounts.
cybercriminals the crime they are committing
as they
users. In addition, it is very easy to cover
on public
supplied
in cybercafe lack of a w a r e n e s s of cybersecurity.
and possible.
personal
infomation

from a
person who is not personally
not

are making use of public

Internet services. Because of
and filter
the requests devices or conventions,
follower commit errors suchas use of decoded
numerous cybercafe visitors
Review
or
requests watchword for
friend secret word, same
Do not accept after work is finished, straightforward
(even pictures) without your rmission not logging out browsing history., putting away
information
information left on the hard drive, not clearing
known.
about your childrs
your various locales, public machine
to post yourpersonal information
about
or not checking for illicit software
before utilising
Tell friends not
or
other
identitying
of data on public hard circle,
pictures misfortune to the visitors.
which brings about
share
Do not publicly u n a w a r e of the programs
installed
quizzes and polls
bsites
h .

hold two types of risks. Users are

members.

other close family online s u v e y s ,

Most of the cybercafes
information
on
in cybercafes. Some malicious programs like keyloggers, spywares
not share your personal on the computers placed collecting confidential
installed and running in the background
Do

rootkits, etc. might be

events.
RSVP to shoulder
for each online
account.
Do not publicly the Secondly. there are chances of
different passwords activities performed by user.
and information and be monitored.
Always
make use ofstrong which the user activities and confidential
information can

surfing through figured

following facts were
Case Study conducted in various cybercafes
in India. the
2.5.3. Cyberstalkingthree months in jail for sending obscene pictures and videos via In a recent survey
will s e r v e out:
A 35-year-old
man
social networking
site. software are installed in al computer systems
woman he met on a
fined Rs. 10,000 for 1. In most of the cybercafes, pirated antiviruses
e-mail to a imprisonment and found that
not installed. Aiso, it
was
months simple antiviruses are
sentenced three insult the modesty of a 2. In many cybercafes,
Prabhu has been intended to most of the cybercafes.
or act
were not updated with
the latest patch in
section 509 (word, gesture of the Information
the offence under for violation of privacy) Freeze" to protect computer systems
66 (E) (punishment have installed "Deep
of the IPC and section of a w o m a n . The 3. Several cybercafes the attack launched using those
woman) to insult the modesty cybercriminais to cover
and Rs. 5,000 for intending However, this also helps
Technology Act,
2008
his behaviour suspicious
chatted with him, but
she said she started finding lst. computer systems.
woman initially
removed him from her friend's found for servicing of computers.
This
to his messages. She
even Contract (AMC) was not
responding the woman 4. Annual Maintenance the launch of an
and stopped turned sour after have malicious programs to
make
their relationship could to install and use
helps cybercriminals
According to the police sources,
is a year older than Pradnu
toget married. As the woman
attack easier.
turned down Prabhu's proposal
The woman then stopped
communicating wu websites and some websites with offensive
contents were not blocked
opposed to the marriage. 5. Pornographic
security and cyber laws
her parents were
her profile and her whereabots. awareness about IT
on do not have
him. Prabhu, however, continued to keep
an eye owners
ne
6. Most of the cybercafe in
unknown ID. The mails
contained o0s te a the cybercafe
association or cyber cell of the police
The following month, the woman got mails
from an
7. No cyber audit was initiated by
not stop, she
they did Wo
videos. She initially ignored them. But when
images and cybercafes. r e c o m m e n d a t i o n s were given.
Now, the
various
complaint to the Crime Investigation Cell.
Cyber 200 these eye-opening facts, and record users
After reviewing of persons
cyber cell TiE The are required
to maintain log registers
The Internet Protocol (IP) address ofthe computer was traced.
witnesses, "hen
Juding
Owners of cybercafes
restricted from using cybercafes. Cybercafes
are instructed

which the trial began. Eight Identity details. Also,

minors are
was given to
the cyber
page charge sheet in September 2009 after officials were exa nable software with regular
updates. special training
A
and police to installlicenced
Ihe woman, Prabhu's colleagues, cyber experts case beyond
a
court convicted Prabhu, it said the prosecution had proved the
he C

doubt.
 at cybercafes.
Some the tips
of the tips utlined
regular security
audits
tor botmaster
conduct
cell police to follows:
cybercafe
users are stated
as
always click
in for chatting, always click logout/sign
l.
e-mail or logging
While checking
1. Always Logout:
C&C C&C
out. the system unattended for
do not leave
the computer:
While surfing. any
2. Stay with
period of time. deselect the AutoCompleto.
files: Before
browsing, o
temporary Internet Option s n
Clear history and
->
3. tab-Tools
Browser-> Tools-> Internet options-> Contentand then Delete Cookies.

Tab-> Temporary
Internet Files-> Delete files at
online banking, shoppina
One should avoid bot
accountdefa
transactions:
Avoid online financial card number or bank
4.
sensitive information
suchas credit details.
not provide
password after the completion.of bot ot
passwords/use virtual
keyboard: Change a
5. Change
C&C Botnet Architecture
transaction. Figure 1:
their shoulder. horse. The strategy
over botnets onto computers through a Trojan
alert about others snooping The Botmaster often deploys
6. Be alert: One has to be e-mail attachments,
the users to infect their own systems by opening
typically requires software from a website. After
or downioading dangerous
clicking on malicious pop-up ads,
2.7. Botnets malware. One of them is botnet. infecting devices, botnets are then free
to access and modify personal
information, attack
threat from various
Currently, cyberspace is facing
a huge and commit other crimes. Some of the botnets can even self-propagate
called bots. The term bot, derived other computers, seek-and-infect
of compromised computer systems Such autonomous bots carry out
a collection
A botnet is
or a program designed to perform finding and infecting devices automatically.
but a script, a set of scripts, vuinerable Internet-connected devices lacking
from Ro-Bot, is nothing missions, constantly searching the web for
and automatically after being triggered intentionally or software.
predefined functions repeatedly operating system updates or antivirus
malware, such as virus and worm, bots focus to
through a system infection. Unlike the existing use only a small amount of computing power
execute a task once they are It is very difficult to detect botnets. They
on attacking the infecting
host. Bots may run automatically or the user. Advanced botnets are even
Botmaster or Botherder. Itis avoid disrupting normal device functions and alerting
called the
given a precise input. They are
controlled by an agent detection by cybersecurity software. Users
botnet. Bots receive commands from
the designed to update their behaviour to prevent
who remote bots and controiled by cybercriminais. Botnets grow
a group of persons manage are unaware that their connected device is being
Botmaster and these are used in a distributed attack platform. in time. Many botnets can lay dormant within devices, waiting
for the botmaster's trigger to

can also use the command and control

channel (C&C) to control the botnet. Figure launch an attack. Most of the well-known and large botnets used for launching cyberattacks
A botnet
the
1 shows the C&C botnet architecture. In C&C, all the
bots present are connected to are Conficker, TDL-4, MegaD, Kraken, and Srizbi.
Anier
communicate with all the bots at the same time. fraud schemes by commanding
servers, hence the Botmaster can A botnet can be used by the Botmaster to build advertisement
Command and conuo on advertisements placed
communicating with the bots, the Botmaster issues commands. thousands of infected devices to visit fraudulent websites and ciick
hidden behinu fees. Also
infrastructure is considered the most essential part of a botnet. C&C traffic is there. For every click, the hacker then gets a percentage of the advertising
normal web trafic to evade the mechanisms of detection. the Internet. The buyers of botnets use them to carry out
botnets can be sold or rented on

cyberattacks, spread ransomware, or steal personal information.

Case Study on Botnet
Dyn. The attack used a
In 2016, a large DDoS attack hit the Internet infrastructure company
DDoS disrupted the Internet service
botnet that comprised security cameras and DVRs. The
websites like Twitter and
of large sections of the country, creating problems for many popular

Amazon.
Cyber Offences 49

()
2.7.1. Botnet Prevention

but one can

reduce it with good surfino
habis Installation: Security of the target system gets broken and malicious software
planted is
guidelines to prevent hot
infection

It is not easy
to prevent
botnet
the following et and Exploiting: Once the system is breached, attackers try to exploit the collected information
ensure
Users should (sensitive data) to obtain the intended benefits
antivirus protection.
system 3: Attacks and
U p d a t e your operating is to keep the operating system Table Corresponding Attack Vector Examples
One of the
malware preventative
measures

know early on when threraleg

updat Attack Attack Vector erdoarg1
combat malware. They
Software developers
actively make sure you are
se
Set your operating system
to update
automatically and
running the sQL Injection
The attacker uses leaks or faws in the authentication or session
management functions (e.g. exposed accounts. passwords.
latest version.
unknown sources session ID) to impersonate
Avoid e-mail
attachments from suspicious or users
of infection for many types of maln. The attacker sends text-based attack
favourite source vare. Do scripts that exploit the
E-mail attachments are a Cross Site Scripting interpreter in the browser Aimost any source of data can be an
source. Bots regularly use contact
tact lists to
from an unknown
not open an attachment attack vector, including internal sources such as data from the
and infected e-mails.
compose and send spam database.
and file sharing networks
Avoid downloads from P2P Cross Site Request The attacker creates
file sharing services to intect computers. Scan.al
forged HTTP requests and tricks a victim
Botnets use P2P networks and Forgery into submitting them via
or find the safest alternatives for transferring files. fiee image tags. XSS. or numerous other
downloads before executing the files techniques. If the user is authenticated, the attack succeeds.
Do not click on suspicious links The attacker identifies a weak component
Links to malicious websites are common infection points, so avoid clicking them withou
through canning or
APPs with Known manual analysis. Helshe customises the expioit as needed and
a thorough examination. Hover your cursor over the hypertext and check to see where
Vulnerability executes the attack. It gets more difficuit if the used component is
the URL actually goes. deep in the application.

Get antivirus software

Getting antivirus software is the best way to avoid and eliminate botnets. Look for Various attack vectors can be used to expose us to potential vulnerabilities resulting in
antivirus protection which is designed to cover all devices connected to your computer. attacks. One needs to debug the network to explore various attack vectors. The following
guidelines can shield the networks and remove any attack vectors.

2.8. Attack Vector Keep your networks and servers free of redundant software.
Update and apply all security patches to remove vuinerabities discovered over time.
A path or means by which an attacker can gain access to a computer or network senver n
order to deliver a payload or malicious outcome is called an attack vector. It enables hacker Frame security policies and enforce them to be foilowed by each and every user of the
system. Make campaigns and regular meetings about updating security policies.
to exploit system vuinerabilities, including the human element. Table 3 shows some wel
known attacks and their corresponding attack vectors. Use firewalls to monitor and control trafic between private and public networks.

Attackers always try to devise Make periodic backups of sensitive data so that recovery can aiways be possible in case
new attack vectors in the cyberspace. The methodology ti
follow includes: of failure or system attacks.

Keep an eye on the latest trends in digital security through specialised magazines or
Analysis and inspection ofthe potential target: Attackers can perform inspecion a
analysis on selected targets with the help of sniffing, e-mails, malware or
OCial
technology websites
U s e constantly updated antivirus.
engineering.
it the
Encoding: On primany inspection, attackers select the best tools to expo
vulnerabilities found at the application, system and network levels.

50
 a9.2. Threats Associated with Cloud Computing
2 . 9 . CloudComputing e s s e n t i a l
part of
everydavi
ife in priva network is accessible to users and multiple other networks. This makes
it vulnerable
has
become
an
to
access your data ane
data anylime ang A cloud
from computers that follow similar or different architecture. Therefore
it
services
possible
of almost everything
almostn
to threats originating
is a part threat that are posed and take necessary precautions
now
computing
is the kinds of ne
ofcloud important to be aware of
cloud
context. the
ications and othe is
use
The business Nowadays, applications.
it is very important to choose the
in the device. system,
we are ready to face these threats. In this regard,
as
well a s computing
with your
operating
later oon s0 that
using any integrated
and n
share the of cloud service provider.
right kind
applications
anywhere,
It is
theinten
cloud
system. using
using o n e
ofthe integrated dloud their computers and this
computer
files
online
a lot of personal information and sensitive data on
on your your
s i m u l t a n e o u s l y
Users store
You can
save
together stored on the dloud. The data stored on the cloud valuableto is
services.
choose to work information is now being to find out and
users or
their mind. Therefore, it is important for the users
with other
individuals with crime
on
Additionally, users
measures that their cloud provider has place. in
evaluate the security
services.
Services
Computing the Internet T the safety checklist and take precautions to
secure their data.
must adhere to
over
Cloud users
2.9.1. demand to
on follows.
described as
provided unlike companies
that Use threat associated with cloud computing
are
The types of
service
s e r v i c e s are this
Cloud computing to provide which may or may stored localy or on the cloud.
can happen when data is
servers
theirown breach
services
service providers
use
different types of
cloud
Tho Data breach: Data consequences. In order
cloud data is compromised, it has far-reaching
There are software developers,
servers. use to most However, if the the
their on-premise of significant software and platform network is highly secure and
for end
users but are
storage, to prevent this,
the cloud providers ensure that their
infrastructure,
done to remain ahead
is regularly updated. This is
be necessary
related to
cloud
services are
commonly
used cloud service. It incltdas security protocol that is implemented cloud data breach places
prominent
is the most organisati threats that are evolving. A
as a
Service (1AAS): This a basic
structure to an of the newer and more severe
prefer to attack
Infrastructure
and provides
thal data at risk. Therefore, cybercriminais
their
multiple enterprises and
user
and networks use the storage space
virtual servers, storage disks a c c e s s and
Customers can rather than standalone systems.
and flexible. to store data, inclucin a cloud system
which is manageable as smartphones, breach become significantly higher
devices, such control: The chances of a data
their handheld
Data ownership and the cloud is outsourced
is provided using is stored on
the cloud. organisation's data that
and music on
designed for if the management of your
pictures, videos doud-based development platform issues such as geographical
location, backup processes
Service (PaaS): This is
a
PaaS infrastructure to a third-party provider. Many control exercised by
Platform as a the Internet. The now outside the
are
over ensure data protection
run and manage
applications
software and hardware and the steps taken to
developers to build, who provides the
the cloud service provider t y o u r organisation. is
is built and managed by service. The platform gives
developers of permanent data loss
development as a the data is stored, the impact
tools required for application The cloud . D a t a loss: No matter where legally and operationaly
are running on
the cloud services. affect an organisation financially,
on the application they run such huge. It has the potential to
the flexibility to focus the infrastructure to abuse a cloud storage for conducting
complexities of maintaining
and building can attack and
provider deals with the Malicious attacks: Cybercriminals
illegal activities or for monetary gains.
applications. different software from within an organisation is also
that the users can a c c e s s of an attack originating
Software as a Service (SaaS): SaaS means
licences Insider threat: The possibility negilect in revoking
access
useful service as software leveis to users or
use basis. This is a very incorrect access
present on the cloud on a pay per where Saad possible. Assigning to people who are not authorised
software. This is can result in data getting
exposed
are exorbitantly priced and
it is not possible to licence all privileges to users
the
multitude of software which provide
more or less sai to access it.
comes in. It provides access to a share and store data
a shared space,
muitiple users
the cloud is
functionality as their licenced counterparts. or ese S h a r e d space: Since
to the data of
another user using the same
responsible for the efficient management
and availability e on a single server. One user getting access
Cloud providers are
out
be totally ruled
programs. technology cannot
be rfences
2.9.3. Safety Measures Against Threats to Cloud Computing
and are governed by differen:
Data of cloud providers are scattered all over the world
servers ent
is no single law that governs these data
privacy and cyber laws in different countries. There
to decide which countiee
centres. Therefore, in the event of data loss, it would be impossible
locations. Some of the genera
laws are applicable if your data is stored across multiple general
as follows:
precautionary measures to protect cloud data are listed

.Backing up data
Understanding the cloud provider's service agreement
Updating the backups created
Password protection
Two-step authentication

Encryption and decryption

Disciplined online behaviour

Not storing sensitive information on cloud servers

2.10.Summary
used by attackers to launch
In thischapter, we have discussed the systematic approach
cyberattacks by gathering information about targets using some passive attacks like social
the common approaches followed by attackers to
engineering. Cyberstalking is one of
threaten targets. A cybercafe is a boon for attackers; they are cleverly using it to gather
information on a target as well as to launch attacks on a remote network or an individua
target. The Internet has become an integral part of our life and we are making use of online
shared resources for storage and computation, which can be easily exploited by an attacker
to launch an attack. BotnetS are sold or rented over the Internet, which is a maior threat to

connected resources in a network.

 cellular
today's world of networked computing systems. From wireless laptops to
paradigm in i
paes and WiFi/Bluetooth-enabled PDA's to wireless sensor networks, mobile computing
3.1. Introduction tablets and
not
n.
smartphones,
including hecome ubiquitous in its impact on the daily lives of people. Along with the existing
devices are o k
devices
mobile
of These mobile connections that
a wide range
and 4G technologies, 5G technology is wel underway to provide speedier in
activities.
In recent years, their day-to-day well
people in This can often pose mobility before
by switched on.
etay online no matter where you are. It is worth noting the various trends
used
PCs are being
but notwell-understood threats fromtime
cybercriminals.
they are Along with these devices, variouew fobs,
for most of the devices in cybersecurity.
network-connected

studying the use of moDile and wireless

cards, electronic ke to another
chip-based payment mobility: move from one physical location
Users should be abie to
in devices,
objects like
RFID tags
embedded
devices. This can
lead to various types ofa k
1, User
The service could be in the home network or a remote network.
same service.
connected with mobile
wireless technology.
using the
etc., are also getting with is when a user travels for business and uses corporate
One of the classical examples
connected
devices are getting
many heterogeneous performing an attack on a
as

have many
different motives for mobile
mok
services and applications as if he/she were in the office.
simply denial of service or sabotano
Cybercriminals may the
theft, or je. It Users should be able to move from one device to another using
hardware theft,
information
2. Device mobility:
device, including seek to gain from an attack. It become their desktop computer in their home/office.
criminal might same service. Sales representatives
use
all the waysa
is difficult to enumerate application.
criminals will compromise mobile and wirelese their Paimtop to access the
hard to determine where, how
and in what
way During the day. while travelling they can use

essential to consider all possible security issues when tryina A user session should be able to move from one user-agent
devices. Therefore, it becomes 3. Session mobility:
and wireless devices. using a service through
environment to another. A typical example would be of
a user
to address cybercrime in mobile
the
network. The user drives through a tunnel and gets disconnected from
a CDMA
3.2. Proliferation of Mobile and Wireless Devices network. He/she then returns to the office and uses
where he/she at the
the desktop computer, continuing
time of disconnection.
the unfinished session from
was
With the rising advancement of high-speed, large bandwidth 3G, 4G and upcoming 5G mobile service to another. Suppose
mobility: A user should be able to move from
one
networks, customers can perform Internet activities on their smartphones as quickly and 4. Service
the user needs to refer to some
reliably as they can via a normal computer. The proliferation of mobile devices in our daily life a user writing an e-mail. To complete the e-mail,
is
the simply opens another service (browser)
and the significant advancement of wireless network technologies and infrastructures have other information. In a desktop PC, user

He/she should be able to switch amongst

become an increasing driving force for a variety of emerging mobile applications. A mobile and moves between them using the taskbar.
be developed and run on mobile handheld devices and communicate with wireless devices like a desktop.
application can
other devices via wireless communication. There are various
services in small footprint
a client or a server. When
it is a server or
mobile devices like smartphones, 5. Host mobility: A user device can be either
tablet PCs, personal digital assistants based on whether it is playing
(PDAs), carputers, pen top computers, etc. These host get changed
devices are connected using a wireless host, some of the complexities of the
network for transferring information amongst them. the role of a client or a server.
Nowadays, almostevery organisation involves the use
ofinformation technology. Organisations Wireless
investing large amounts of capital on 3.4. Credit Card Frauds in Mobile and
are
be used by their purchasing laptops and other handheld devices to
employees work as well as in
at
requires a greater emphasis on travelling. The high usage of mobile device Computing Era
Security should be made a prioritysecuring
both the stored and
communicated of business, providing
data. It is
as this
information can contain valuable informauo in recent years, electronic gadgets
have become an integral part
ease of use but at the s a m e
necessary that users of mobile devices
corporate, to protect follow a mobile organisationa Connectivity with the Internet outside
the office. They provide
security policy, personal devices from being a victim of cybercrime.
organisational data. time there are many challenges in securing these
are coming up with mobile
commerce
in cybercrime that
3.3. Trends in Mobility redit are the new trends
card frauds
Customers tend to do more online
transactions than traditional banking
Mobile computing is dmobile banking. it is very easy and convenient with
as
becoming increasingly to a rise in digital card usage
computers and the desire important due to the rise in the ansactions. This leads terminals. However, it was observed
to have ble and point of sale (POS)
of the
physical location of the continuous network connectivity to the number of porta help of mobile commerce
e credit card frauds in
recent years with mobile and
credit
node. Mobile that is tremendous growth in
computing has quickly becomeInternet
ctive

58
irrespeun e w nere
an
importan Cybercrime Using
Mobile and W.relass Devices
 fraud is a
form of identity
theft
that involve site using the stolen credit card details. The fraudster then goes on to purchase otner
card) for the purpose of
t r a n s a c t i o n s .
A credit
card (ordebitin a n u n a u t h o r i s e d
way

card frauds
are are com
committed in charging goods using the credit card numbers of the customers. This process is designed to cause
the
information

card
great deal of initial confusion, and the fraudulent internet company, in this manner, can
card Credit
credit from it.
someone's
funds a
taking removing
to that
card or
operate long enough to accumulate a vast amount of goods with the stolen credit card
purchases

following ways (mislead

with intent) by
the u s e of
an
thorised account
unauthorise
numbers.

criminal
deception
An act of
a n d o r p e r s o n a l information

for personal gain

3.4.2. Protection Against Credit Card Fraud
account
can help keep your cards and account
llegal or
unauthorised
use of
an

to obtain goods
andlor services Incorporating a few practices into your daily routine
infomation
safe. For example, keep a record of your account numbers, their expiration dates
Misrepresentation of account numbers
Card Fraud andthe phone number of each company in a secure place. Do not lend your card to anyone.
of Credit Do not leave your cards, receipts,
or statements around your home or office, when you no
3.4.1. Types offers the
easiest way to a fraudsters o get
shred them before throwing them away. Other fraud protection practices
cards: This type offraud in technology. It is also longer need them,
L o s t or stolen
a
investment
cards without
individual's credit It should be include:
hold of other credit card fraud
to tackle.
traditional made the cal
perhaps the
hardest form of Do not give your account number to anyone on the phone unless you have
to minimise any
damages. know be If have done business with it
reported immediately to the company you to reputable. you never

occurs when a
fraudster illegally obtains a valid
before, first do an online search for reviews or complaints.
This type of fraud
Account takeover:
takes control of (takeover) a legitimate
information. The fraudster your wallet. It minimise your losses if someone
customer's personal or the card number. The Carry your cards separately from can
customer's account number for certain
carry the card you would need
a
account by either providing the as the genuine cardholder, to ask
steals your wallet or purse. Moreover, only
masquerading
fraudster then contacts the card issuer, outing.
to new address. The fraudster reports the loss of the card and Make you get it back before youu
During a transaction, keep your eyes on your card.
that mail be redirected a sure

asks for a replacement to be sent. walk away.

cards together with lost/stolen cards
Counterfeit cards: The creation of counterfeit Draw line through any blank spaces above the total.
Never sign a blank receipt. a
frauds. Fraudsters are constantly finding
new
poses the highest threat in credit card to compare with your statement.
counterfeit cards. Some of the techniques used for Save your receipts
and more innovative ways to create - a n d reconcile them with the
of fake card, Open your bills promptly- or check them online often
creating false and counterfeit cards are erasing the magnetic strip, creation purchases you've made.
alteration of card details, skimming and cloning.
to the card issuer.
Never received: New or replacement card is stolen from the mail, while in transmission Report any questionable charges
or if you will be traveling
and never reach its rightful owner. Notify your cardissuer if your address changes
the outside of an envelope.
Do not write your account number on
Fraudulent application:Afraudster uses another person's name and information greatly reduce the risk of theft
personal information
can
applying for and obtaining a credit card. Staying vigilant about protecting your world.
in today's digital
Collusive merchants: This type of fraud occurs when merchant owners and/or or fraud. It is an impotant and necessary step
ne
and
employees conspire to commit fraud using their customers' (cardholder) accounts Posed by Mobile Devices
or personal information.
.5, Security Challenges
technology and improvement
in mobile devices helped
Triangulation: The fraudster in this type of fraud operates from a website. G00u are Necently, advancement in wireless
activities, mobile devices are used
offered at heavily discounted rates and also shipped before paymen The fraudulent site market. Almost in all
day-to-day
O increase the mobile This has created challenges
for individuals, society and
appears to be a legitimate auction or traditional sales site. While an individual or organisation. mobile banking. mobile check-in,
placing orders to the
oy mobile added
value services like
CUstomers provide information such as usinesses, particularly in
name, address and valid credit card delai
site. Once the fraudster
receives these details, he/she orders goods from
a
a
legitimate
ley Cybercrime Using
Mobile and Wireless Devices(61
 security c h a l .
services.
Some of the major
as
alleng
followsges
can put security in danger and have severe impacts such as lack of confidentiality of data
security described
data tampering, and facilitation of man-in-the-middle attacks.
govemment are
and vulnerabilities
mobile ticket, etc., threats and
devices due to 7. Server-side controls:
mobile
posed by authentication:
schemes rely on.
1. Poor
authorisation
and
and
authentication
devica At the server side, proper updation of systerm and application software, secure
authorisation
SI
ldentity), IMS (Internation
In mobile devices,
generally,
Mobile Equipment
Ifseci
configurations, defaut accounts credential updation or disabling of unnecessarily
ldentifier) values.
(International
such as
IMEI
Unique y for running senvices should make the sever robust against malicious attacks. Failing to
identifiers
UUID (Universally authentication
Mobile
Subscriber ldentity),
devices tend to fail
and can lead to poor and implement proper security controls can result in secuity compromise and confidentiality
the
them is not
enforced, and data integrity risks.
privilege access issues.
8. Client-side injection:
data storage: in mobile devices, users :are to mobile web
2. Insecure and higher storage Along with the known htrmi injection, SQL injection attacks applicable
processing power
Due to increased
in mobile
devices. Sensitive
data is stored on the devira and hybrid applications, new attacks like abusing phone dialer, SMS and in-application
day-to-day data
storing lots of unprotected. It generally
happens that non-encryptinn payments are also launched by attackers in mobile applications.
and is often left lack of global
or in the cloud for long term storage,
information
9 Improper session handling:
non-caching of
of sensitive data, best practices result
in the exposure of
of defauit device identifiers as session
not leveraging platform A session withlonger expiry time or the use
file permissions and etc.
identification poses security risks such as privilege escalation, unauthorised
access,
violations and non-compliance.
sensitive information, privacy
10. Side channel data leakage:
via untrusted inputs:
3. Security decisions
become the victims of flaws or because insecure
decisions via user input may Side channel data leakages are caused due to programmatic
Applications making security results in the consumption of not disabied. They can lead to
malware or client-side injection
attacks, which further operating system features in mobile applications are
caches. global operating system logs.
paid resources, and data
and privilege escalation. storage of sensitive data at places like web
accessible to attackers
disclosure: screenshots, temp directories and thus make the data easily
4. Sensitive information
tokens, once the mobile device is compromised.
If sensitive information, such as login credentials, shared secret keys, access
vulnerabilities in mobile devices.
sensitive business logic, etc., is hardcoded into the application
code, then there are These challenges are mainly caused by various threats and
reverse engineering. If such
chances that the attacker gets this information by applying
details are in the hands of attackers, it becomes easy for
them to compromise
understand the
an
3.6. Authentication Service Security require and the ability to accurately
organisation's security. However, code obfuscation makes it dificult to Modern computer systems provide service to muitiple
users
Password-based authentication is not
suitable for use on
code Identify the user making a request. to impersonate the
the eavesdropper
5. Broken cryptography: a computer network as it can be easily intercepted by
Often, usersS make use of customised algorithms instead of standard cryptographic user.
There are two components of security in mobile computng
algorithms for performing encryption. They believe that encoding and obfuscaon
access involves mutual
authentication between
are equivalent to encryption and make the mistake of hardcoding cryptographic keys 1. Security of devices: secure network
A that the authenticated
into the web servers. This ensures
application code itself. It may lead to loss of confidentiality of data, privieg the device and the base station or
services. In this regard
escalation, etc., due to the failure in cryptographic implementation. network to get the requested
devices can be connected to the attacks on mobile devices
6. Insufficient transport layer protection: is important due to typical
Authentication Service Security
The transport layer does not provide inbuilt security. Users need to enforce re
through WAN.
encryption before measures in this regard come from Wireless Application
transmitting data. It has been observed that the data is transmitted as plaintext in most Security in network: Security and MAC address filtering
the mobile applications. Even Private Networks (VPN)
though strong encryption is applied to data in transmission Protocol (WAP), use of Virtual
ignoring certificate validation errors or falling back to plaintext communication after res
tai Cybercrime Using
Mobile and Wireless Devices63
(Ga
 Devices
Mobile
Cryptographic
Security for
ich the
for which the interface
3.6.3. RAS Securityon Mobile Devices
3.6.1. Addresses (CGA) are IPv6
addresses
hash function from a
mote access server (RAS) provides a collection of services to remotely connected users
Generated
Cryptographically
computing a
cryptographic
one-way
and the addreen
public a network or on the Internet. It acts as a remote gateway to connect remote users
identifier is generated by between the public
key can with an organisation's internal network. As RAS has specialised server software which
The binding
the hash with the interface
idb
identifier
w
parameters.
key and auxliary and comparing connectvity This software
verified by re-computing
the hash value
protected by attaching
the public
key provides remote
and
provides the functionalities like authentication,
address can be access services to
Messages sent
from an IPv6
with the corresponding
private kev i connectivity resource connecting users. An RAS is deployed within
the message an organisation
and directly connected with the
and by signing identifier. The network prefiy i organisation's internal network and systems
auxiliary parameters 64-bit interface used Once connected with an RAS, a user can access his or her data. desktop. application.
network prefix and
a
with the interface ident
consists ofa 64-bit link is identified ntifier, other supported services. In
for routing in the
network. A specific
node in a
without a certification authorih
print and/or an organisation, many mobile devices within the
The protection works ority o organisation and from
which must be unique in the link.
is particularly useful in securing ip
outside the organisation are geting connected to RAS
becomes essential to enforce security on RAS
Therefore. t
CGA-based authentication
infrastructure.
any security and mobility protocols, where IPu
such as neighbour discovery For the secure operation of a RAS system, it is essential that the hardware and software
layer signalling protocols,
the protocol participants. The biggest advantaoe
addresses are the primary identifiers for components of the system are securely installed and configured. Secure configuration of the
infrastructure (PKI) or address baSed
topublic key RAS system must, therefore, be performed before the RAS system goes live. in addition
of CGA-based authentication compared
not require a trusted authority, pre-established
trust relationships or all the organisational processes must be defined and implemented. it shouid aliso be noted
key (ABK) is that it does
other security infrastructure. that the desired level of system security can only be assured f the physical security of the
hardware components, which make up the RAS system, is aiso assured. The security ofa
3.6.2. LDAP Security for Handheld Mobile Computing Devices RAS system can be roughly broken down into three areas:
LDAP (Lightweight Directory Access Protocol) is a software protocol generally used to
locate
Security of the RAS sever
organisations, individuals, and other resources, such as files and devices, on the public Security of the RAS client
Intemet or on a corporate intranet. LDAP is a lightweight version of Directory Access Protocol
(DAP) which is a part of X.500, a standard for directory services in a network. In a network, Security of data transmission
the domain name system (DNS) is the directory system used to relate the domain name to a Though the desired level of secunity of the RAS server can be controlled through the
specific network address. However, if the domain name is not known, LDAP allows searching implementation of local security guidelines, the RAS client is typically not under the compiete
for an individual without knowing his/her location. An LDAP directory is organised using the control of the IT personnel who are responsible for the LAN. The secunty of data transmission
tree structure with the following levels: media is generally completely out of their controi. For this reason, the communication between
1. The root the client and the server must be secured by additional means.
directory
2. Countries
3. Organisations
3.7. Attacks on Mobile/Cell Phones
those of personal computers
4. Organisational units Smartphones or mobile phones with advanced capabilities, like
briefcases of more and more people.
5. Individuals FCs). are appearing in pockets. purses, and have made them attractive targets for
An LDAP omartphones' popularity and relatively lax securnty
directory is distributed among many servers with smartphones outsoid PCs for
this
year,
An LDAP server is called periodically synchronised repica artackers. According to a report pubiished earier
a
Directory System Agent (DSA). LDAP uses a
relatively
ne first time. Attackers have been exploiting this expanding market by using oid techniques
string-based query to extract information from Active simple gWith the new ones. There are three prime targets for attackers.
to an LDAP server which in turn
Directory. Users submit the reque
passes it to other DSAs, if They may contain sensitive
response for the user. necessary, and genera Data: Mobile phones are utilised for data management.
authentication information, private information
nformation like credit card numbers,
activity logs, calendar, call logs., etc.
tg vuhie rd
yber e
 to users.
The
The
contents of a
ease
of
customisation
Change account credentials. f you used your phone to access any remote resources,
the
provide
Mobile phones
such as corporate networks or social networking sites, revoke all credentials that were
owne.
it
to it and
and
Identity:
reveal the identity
of its
one can
limit
access
deprive thea stored on the lost device
phone mobile phone,
a
By attacking
Install find your phone application for tracking your mobile phone in case it
Availability:

owner of the service stolen. For example, an iPhone (and iPad) can be tracked by the owner by using thegets
Theft "Find my iPhone app. Similar apps are available for downioad for Android- and Windows
Phone
their capability
to handle
3.7.1. Mobile due to
application and data processing, like laptops.
devices gained
Also, due to advancements in technolple
popularity , due based phones; however, many older mobiles do not have this capability.
In recent years,
mobile blogy and Install anti-theft software on your phone. It does not allowa criminal to insert a new SIM
mobile phones. Howe
purchase high-end card. Even f the criminaltries to do so, it asks for a verfication code. Also, it sends a
easier for people to target of thievess
lesser price, it
became
becoming a
favourite
Mobile the of SIM to two contact numbers
to their growing
popularity,
mobile phones
are

restaurants, or
on public transport. message about change registered while installing
anti-theft software. Some of the well-known anti-theft software are Cerberus, Crook
in bars, nightclubs, to stop
phone theft often o c c u r s are intended anyone
security features that else Catcher, Prey, Lookout, etc.
have a range of
Most mobile phones be stolen.
These security features include:
from accessing and using them should they Wipe out the phone. Some mobile service providers offer remote wipe
form of pattern) or
unique code (a PIN, password
or some
etric
A c c e s s control

authentication
using
(such as fingerprint or facial recognition)
is used on the user interface of 3.7.2. MobileVirus
unlock it.
A mobile virus is very much like a computer virus that infects applications running on a
your handset to
a remote service. mobile device. A mobile phone virus spreads via Internet downioads. MMS attachments and
Tracing the location of your phone using
Bluetooth transfers. The most common type of cell phone infection, nght now. occurs when
data from or locking your handset remotely (for example, by using another
Wiping a cell phone downloads an infected file from a PC or the Internet. However, phone-to-phone
Internet-enabled device)
viruses are also on the rise.
who may find your handset
Function to display a home/lock screen message to someone

to help you recover it.

A mobile virus spreads primarily in three ways
Preventing thethieffrom resetting your handsetto its factory setting in order to bypass Internet downloads: The virus spreads in the same way as a traditional computer virus
any unique codes or other security features that you are using to protect your handset. does. The user downioads an infected file to his/her phone through a PC or the phone's
own Internet connection. This may include fle-sharing downioads, applications available
The aforementioned security features are available in only a few latest configuration mobile
phones. Some
generalised safety tips to secure all kinds of mobile phones against theft are
from add-on sites and false security patches posted on the Symbian Website
listed as follows: Bluetooth wireless connection: The virus spreads benween phones through their
Bluetooth connection. The user receives a virus via Bluetooth when the phone is in
Always keep your phone details, such as your bills and contacts, safe and secure.
discoverable mode, i.e. it can be seen by other Bluetooth-enabled phones. in this case,
Keep your mobile phone out of sight when not in use.
the virus spreads like an airborneilness
When in a public place, do not leave
your phone unattended. Multimedia messaging service (MMS): The virus comes as an attachment with an
When talking on your mobile
phone, be alert and aware of your surroundings. MMS text message. As with computer viruses that arrive as e-mail attachments, the user
Do not leave your
phone unattended in a vehicle. must choose to open the attachment and then instail it for the virus to infect the phone
Ensure that your mobile
phone has a Personal Identification virus that spreads via MMS gets into the phone's contact list and sends itself
Typically, a
Number (PIN)
f your phone is
stolen, contact your network activated to every phone number stored there.
your IMEI (nternational Mobile provider to disable the SIM card.
Equipment ldentity) number. Qud The first mobile virus was introduced in a game called Mosquito by Ojam. Ever since then,
Report the theft to the police. malware has been introduced in various ways and affecting MCDs (Mobile Computing
Devices) all over the world. Some of the wel-known mobile viruses on different operating
systems are given in Table 1:

Cybercrime Using Mobile and Wireless Devices

 unknown publicWi-Fi networks.
Operating
Systems
Never join
on
Different Mobile Operating System elete all informati stored in a device prior to discarding it.
Viruses

Table 1: Mobile

Virus Name Symbian 3.7.3. Vishing

the riminal practice of using t telephone system to gain access to the persona
Cabir
Symbian Vishing is
and financial information of customers for the purpose of committing fraud. It exploits a
Symbian
Mosquito
Symbian & Windows
arson's trust in telephone services as the victim is often unaware that fraudsters can use
perse
of
Skulls uch as caller ID spoofing and complex automated systems to commit this type
methods such

CardTrap Symbian Scam.

to
CommWarior iOS-iPhone
Eraudsters making use of vulnerabilities in public branch exchange (PBX) to connect
are
Internet Protocol (VolP) services and perform auto dialing to thousands of people
Rick Astley/lkee iOS-iPhone oice over
involves the following steps:
hour. A typical process
in an
Duh Android Os voice messaging
is used to call numbers in a given region or a legitimate
1, A war dialler stolen from a
GG Tracker of numbers
is compromised and calls are made with a list phone
Android OS
system
Google+* Android Os financial institution.
customer
Angry Birds Trojan customer answers the cal, an automated recording alerts the
BlackBerry OS 2. When a
his/her credit
suspicious activity that has been detected on

regarding a fraudulent or bank

Zeus Trojan Palm OS instructs the customer to place
a call to the
card or bank account. The message also the phone
LibertyCrack number. Often time, this is
Palm OS
immediately and provides a false phone
Phage is displayed on the caller ID screen.
Palm OS number that enters a
automated instructions request that he/she
Vapor calls the number,
3. When the victim the call can also be used
Viruses account number into the keypad. However,
Phones from credit card or bank expiration date,
Protecting Mobile his/her mobile phone from details such as personal identification numbers,

needs to follow the following tips to safeguard to harvest additional

Every mobile user CVV number and date

of birth.
information necessary
the
Viruses: data, the fraudster gets
software. enters the requested
4. As the customer
up-to-date system and application the account.
access
Maintain
become available. use of the card to
to make fraudulent in which a phishing
Install antivirus software and updates as and when they combine vishing
and traditional phishing
the moble a credit card
password to access Some sophisticated
attacks such as a bank,
Enable the personal identification number (PIN) or
from a legitimate
company
been a problem
to be that there has
e-mail, which appears online user stating
device, if available. sent to an and enter certain
online retailer, is call a number
of the application company, or an the user to
while installing applications as some e-mail then directs
Read and understand permissions wIth an online account. The
access the data stored on our
mobile device. account.
information to verify his/her
Encrypt personal and sensitive data, when possible.
How to avoid vishing scams?
Disable Bluetooth, infrared, or Wi-Fi when they are not in use.
ome
mode so that they De
Always set Bluetooth-enabled devices in the non-discoverable
invisible to unauthenticated devices.
Use caution when opening e-mail and text message attachments and clicking link
mail or
Avoid opening attachments, links, or calling numbers contained in illegitimate e- Wireless Devices
69

Cybercrime Using Mobile and

text messages.
 sCcam, an
In this scam, this an:
s c a m is
Microsoft tech support scam. attacker Get your number registered on the National Do Not Call Registry to block automated
|A widely known vishing
a member
of the Microsoft
technical departm
artment and caills. It may not stop vishing, but it will reduce the number of automated calls.
calls a victim posing as
typically infected with malware which is genera
informs the victim that his/her
computer is
the victim's computer
erating:al 5. Report the incident
for remote a c c e s s of or ask is
sorts of erors. The attacker
can then ask If you notice that you have become a victim of vishing and your financial information
anti-malware programs to solve the proi compromised, immediately call the bank and report the incident. Verity whether there
the victim to download
software
some orfake
his/her bank account
oblem|
informafin has been any unauthorised transaction. Immediately change your IPIN, ATM PIN
convince a victim to reveal
even tion to
Some attacker may
make a payment. password and other related credentials that may have been compromised. Also. report
avoid vishing scams. against businesses
Frauds the incident to appropriate legal authority. It helps in catching the actual criminals.
Unfortunately, we cannot fully and
information are completely out of your control. AUsa
institutions that reveal your private
with many accounts and there
are chances to
the lose th 3.7.4. Smishing
mobile number is often associated
Smishing or SMS phishing is a technique where a text message is sent to an individual's
number to scammers in a data breach at some point. of
can take to avoid vishing scams. Theyate mobile phone get him/her divulge personal information. The two most common types
to
There are a few technical and proactive steps you
smishing attack are given as follows:
described as follows: number to confirmn
1. Aperson receives a text message that directs him/her to call a phone
1. Never answer a call from an unknown number
personal or account information.
Answering the call from unknown number can
lead you right waiting
into a scammer's
2. A person receives a text message that directs him/her to visit
a website to confirm the
arms. Picking up the call will alert the vishing scammers that the number is active mobile phone
information but is served witha malicious Trojan on his/her computer or
that if any legitimate
leading to more calls down the road. Make use of the Voicemail so capable of stealing passwords.
person is calling, then he/she will leave a voicemail or call back later. Many vishing Success rates are higher
Smishing has become a more attractive alternative to phishing.
scams will also leave a pre-recorded voicemail message which will give you a chana is because customers
with a smishing attack as compared to a standard phishing attack. This
to properly scrutinise whether the caller is a legitimate source. Thus. they are more likely to
Many a time, scammers call back immediately. Users are more likely to pick upa
are not conditioned to receive spam on their mobile phone.
believe that the communication is legitimate. Furthermore. phishing e-mails are now
most
unknown number that calls back as traditionally this indicates that the caller is notony their intended targets. There is no mainstream
stopped by spam filters and often never reach
someone that we know, but also that the call is important. mechanism for weeding out spam text messages.
2. Never share personal information over the phone
Most of the smishing attacks target banks or financial institutions by sending phone
a number
Banks and government institutions never ask for that the victim calls after receiving the message. resuiting in a vishing attack
personal information over the phone
f you have any doubt, ask for the caller's name and let him/her know that you wil ca There are several common themes in smishing messages.
The foilowing examples include
back after acquiring official number. The from either a spoofed phone
phone numbers for victims to call. The messages may onginate
an
suspicious caller may try to give y
number to call back on. If that occurs, cross-check this tion use voicemail to steal user information
number with the inio number or an e-mail address. Many of these systems
available online. If the numbers differ, call the number you have found througn Including bank accountinformation
online search
at the business's or institution's website. Once you call back,
about the original caller to
verify identity.
3. Do not completely trust caller D
Even with a more effective caller tin you
ID app installed, avoid
phone book. You may still receive fraud numbers that are no r to be
calls from spoofed numbers that
legitimate. Even with
caller ID app installed, let
a appehae phone
book go directly to any calls that are not in yo
voicemail.
4. Avoid automated calls
 C
threats in moble
Establish a program tnat
continually evaluates new and emerging
A.
Your mobile platforms.
Example 1: Congratulations!
ANNOUNCEMENT call controls around mobile device connection points when feasible.
9.Increase monitoring
money,
Official Microsoft To claim your
prize money.
40 Assess classic threats against web-based applications and infrastructure.
milion
won US$ 10
phone has tomorrow at 8 am.
Thank you.
XXXXXXXX
this number 3.7.5.HackingBluetooth
to lock your bank ano
Example 2:
we regret to
inform you that
we had
ccount Rluetooth is one of those technologies that is so common that it
has become a part of our
Dear Credit
union customer, account.
a cell phone and
your
bank
has become a solution to problens like driving and talking on
daily lives. It
to restore
827-2796 are
access. Call (647)
new and interesting marketing opportunities for
attacks. Biuetooth devices
via sites like whocall
introduced one device
number services
connected through a pairing. The pairing process usually involves
process called
their own SMS mish with based
should monitor Such suspicions
could indicate
trust devices in the area and then selecting the device to partner
Organisations
their services.
suspicious of affected organisat
searching for other the devices bond with one
if users are number of the isation or a logical name. Once pairing is complete,
to spoofing the on its BD_ADDR
com see
attackers who are will
service or on the action being taken, a PIN for the
device being connected
in the legitimate trust. another. Depending scheme
to improve their
chances of gaining the process. The PIN acts as a password in an encryption
to filter e-mails,
but mobile phishing is mora be required to complete is used to secure
are designed
devices and is used to generate a link key. This key
Anti-phishing
software programs
SMS messages contain much less between the two
and automatic products. to authenticate devices in the future.
difmicult to filter for
both users
determine from where they communication between the devices and
will not be able to the inevitable
therefore, recipients and convenience of Bluetooth device comes
tracking information; also lack integrated phishing defences With the widespread adoption Bluetooth-based
browsers and SMS programs cause unexpected things to happen.
Most
originate. Mobile phone Smishers also often spoofthe
source address
implementation problems that
clients and browsers. often are very poor at reading
built into today's e-mail Mobile browsers also make it attacks are based, simple and common flaw. Users
on a
numbers to perform vishing. generaily,
and at changing defaults. Most
and use many different phone factor and limited display are documentation, at understanding risks
and threats,
of a URL. The small-form the default settings on their devices.
difficult to determine the legitimacy attacks revolve around users not changing
ten clicks to a c c e s s the secuity
and it can take as many as ailows legitimate users to
incapable of displaying full URLs, do is to find the device. This
information of a site. Most mobile
browsers lack support for protections normally available on As with most attacks, the first thing to
attacker to find those s a m e devices
(EV) SSL alsoallows anearby
extended validation find the device they are seeking. but
URL filtering, phishing toolbars, and to attack.
desktop systems such as
if are suitable
it seems likely that users of mobile devices have and silentily interrogate them to find out they
certificates. Based upon these concerns, Bluetooth are Bluejacking. Bluesnarfing.
with mobile browsers attacks for hacking
to a phishing attack when they surf Some of the common
an increased risk of falling victim
attacks,
receive fraudulent SMS messages. To protect
mobile devices from such phishing Bluebugging and Car Whisperer.
or
users from any organisation should follow the given guidelines: 1. Bluejacking
common form of
Bluetooth hacking. This happens
1. Add mobile security to the existing employee security awareness programs. Bluejacking is probably the most area and then sends spam in
oyees discoverable devices in the
when a hacker searches for
2. Create and implement an IT policy that governs usage and ensures empo devices. This form of hacking
is harmless.
the form of text messages to the
understanding. in the past when mobile devices came
with
It was once used mainly to prank people
rm
3. Perform threat modelling to identify the risks of movingapplications toa mobile plano is used today for
set to discoverable. Bluejacking
Bluetooth that was automatically
do it just to frustrate others. The method
4. Train application developers in secure coding practices for mobile device platforn spam messaging and the
hackers who use this
or the information on
it.
5. Limit the sensitive data transferred to mobile devices or consider view-only acce a c c e s s to your phone
does not give hackers
receive them. If
is to ignore the messages if you
6. Utilise Mobile Device Management software to create an
password-p to deal with Bluejacking
p a s s w o r d - p r o t e c t e d
encrypted The best way or non-discoverable, you
are not likely to
sandbox for sensitive data and enforce device-side technical policies. your Bluetooth
settings to invisible
p p o r t i n g

you keep
Perform technical security assessments on mobile devices and the supp
infrastructure and focus on device-side data storage.
Cybercrime Using Mobile and Wireless DevIces73
 smartphone
or device
set invisible
sat.
use public Wi-Fi networks. These connections are unsecure. Always disable
can keep your 3. Never
messages.
Also, you
automatic connections to public netwoks to keep your device from connecting to an
these Wi-Fi area.
receive
open untrustworthy source Without your knowledge.
are in a busy or
while you
a virtual protected network (VPN). VPNs are available for downioad in app
2. Bluesnarfing Bluejacking
and can leave open so
ome of the a Consider
serious than possible throunh . stores and offer a more secure way to connect while on the go.
This form of
hack is
more
smartphone.
This is made
froe
softwar
stored on your to request information
llows him/her
information
private
A hacker may
purchase
software that
can happen
while your device is set to
inr
invisible 3.8. Mobile
Devices: Security Implications for
this form of
hacking
device. Even though due to the time, effort,
and m o n e v .
eeded Organisations
to happen
it is unlikely but it mightr
ornon-discoverable, important to you, not b increased bandwidth, efficient and powerful
stolen may seem With the rapid growth of wireless technology,
to complete it.
The information
That data can be
accessed by hacking your daui and applications, devices like smartphones. laptops, tablet PCs,
and PDAs
precious as banking
information.
mobile hardware
as in the workplace
are becoming increasingly ubiquitous
through Bluebugging used not
is currently calling but alsoin business for utility computing
only for
3. Bluebugging Mobile technology revoiutionised the
he/she gains total access
and control of your device untethered employees from landline phones. and laptops
Ifa hacker blue bugs your phone,
Cell phones to today's mobile
comparison in
of accessing all information including photos, apps. to work remotely. But these tools pale
This makes the hacker capable ability of employees data. and information,
device is left in the discoverable and ability to access corporate servers.
can happen when your devices, whose portability
contacts, etc. Bluebugging is geographically. are revolutionising
the way business
here, hackers gain access to your phone
state. From
at the same point they do when regardless of where the employee regulators around the
world have
than Bluesnarfing and Telecommunication companies and govening
a much harder form of hacking gets done.
performing Bluejacks. This is technology for decades.
recognised this coming and evolving
Bluejacking replacing the desktops
and laptops. is yet manyclear
This is only feasible on older phones with outdated firmware. Newer smartphones The shift towards mobile devices, in a purely business
of that shift being leveraged
and their owners are less likely to have this happen to them because of the constant have not thought about the significance can, if properly
utilised. enable the
device technology
updates mobile operating systems perform. environment. The evolving mobile
4. Car Whisperer enterprise to achieve several significant benefits empioyees can
functioning.
Improved workforce productivity:
Along withonsite job
Car Whisperer is a hacking technique which can be used by attackers to hack hands
information and compiete work off-site
company
free Bluetooth in a car system and connect it to a system to inject audio to or record also remotely access customer information. employees
access to
customer service:
With real-time
audio from a bypassing car. It can be easily used Improved
by attackers to invade privacy ai turnaround times for problem resoiution
listen to conversations inside a car and can significantly improve devices significantly
exploit that for illegitimate purposes. use of mobile
efficiency: Making
This attack takes advantage of the fact that Ihcreased business process overall business
most of the Bluetooth systems in a improvement in
which leads to
need a simple four-digit management and shipment.
security key and this security key is not enough Many car mproves supply-chain
order. production,
time between
manufacturers use the default security
key, and this results in the vulnerability. EXp PrOcesses by shortening the are travelling
tor work-related tasks
could not confirm till now whether Even if employees
Car Whisperer attack can be used to do even and safety: connected
Employee security in touch
and
serious activities like disabling n in the office, they
can always
be
faciltate
airbags or breaks. nd not available
work-lite
balance as mobile
devices
Consider the following simple tips to improved
protect yourself from Bluetooth Cmployee retention: It provides
1. Update all hacking remotely is huge
software to keep your mobile phone up to date. Also, change a
tasks to be performed
secunty policies
are not
entorced. there a
Each
passwords and keep changing them if proper
and strong available on mobile
devices.
regularly. s
ganisation,
of confidential
information
being kept
2. Turn the Bluetooth
services o s s , theft,
or misuse So, lots of data is
to invisible makes it
off when they are not in use. Turning your Bluetoo setting
is handled
using mobile devices
e v e r y business
process
harder
difficult for them to steal
for hackers to discover
your device, thus maki
more
your data.
(74)
 whether deployed by
the company or simplu simply those used as part of many
devices, attacks -a
on employees'
devices. Mobile
are at risk
if not handled
properly. davices are the biggest targets as they areconcept known as "malverusi Iroid
in possession of employees, PCs and laptops
as they are software for them. Mobile malware Trojans widely used and it is easy
must be
viewed like existing also lesigned to steal data can
All these mobile devices horses, etc. They can either the mobile
phone network or any operate over
viruses, worms, Trojan also
susceptible malicious attacks using
of malicious applications, spanm and via SMS (text message). Once the userconnected Wi-Firnetwork. They are often sent
through the use clicks on a
become the victims of cyberattacks
are portable,
are more
they
susceptible to loss, theft delivered by the way o1 an application, where it is thenlinkfreein the message, the Trojan is
to spread to other
phishing schemes. As they
is different when
compared with existing PCs in termaof When these applications transmit their information devices
over mobile
damage. Mobile device functioning
updates, etc. One of
the unique threats to these devic.
ices oresent a large information gap that is difficult to overcome in a phone networks, they
the operating system, applications,
device and access its information, It m 3. Device attacks
corporate environment
is jailbreak software. It allows strangers
to hijack a may
devices zombies and controlling
them to conn
resultin some otherattacks by making
these Attacks targeted at the device itself are similar to the PC attacks of the past. Browser-
other devices in an open unsecured
automatically to an unknown
Bluetooth device or
based attacks, buffer overflow exploitations and other attacks are
increasing expansion and availability of new applications possible. The short
Fi network. Furthermore, with the message service (SMS) and mutimedia message service (MMS) offered on mobile
mobile devices, there are now many wavs
developed on open platforms for specific
use on s devices afford additional avenues to hackers. Device attacks are typically designed to
of most organisations that were designed
to undermine the security protocols and policies either gain control of the device and access data, or to attempt a distributed denial of
around senvers, PCs, and laptops. Since
the risks are more identify, managers
dificult to
service (DDoS).
must consciously take key steps to protect their
business from risks that may be under the
4. Communication interception
to take advantage of
corporate security radar. Has your company created systems designed Wi-F-enabled smartphones are susceptible to the same attacks that affect other Wi-
mobile security features that are unique to mobile devices that could pose a risk? These risks
Fi-capable devices. The technology to hack into wireless networks is readily available,
can be categorised into five areas:
and much of it is accessible online, making Wi-Fi hacking and man-in-the-middle
1. Physical access
(MITM) attacks easy to perform. Cellular data transmission can aiso be intercepted and
Mobile devices are small, easily portable and extremely lightweight. While their diminutive decrypted. Hackers can exploit weaknesses in these Wi-Fi and cellular data protocols
size makes them ideal travel companions, it also makes them easy to steal or leave to eavesdrop on data transmission, or to hijack users' sessions for online senvices,
behind in airports, aeroplanes or taxicabs. As with more traditional devices, physical
including web-based e-mail. For companies with workers who use free Wi-Fi hot spot
access to a mobile device equals "game over". The cleverest intrusion-detection system
services, the stakes are losing a personal social networking login may be
high. While
and the best antivirus software are useless against a malicious person with physical enterprise systems may be giving hackers access
to
inconvenient, people logging on
access. Circumventing a password or lock is a trivial task for a seasoned attacker, even to an entire corporate database.
data can be accessed. This may include not only the
encrypted
the device, but also passwords
corporate data found in 5. Insider threats
residing in placeslike the iPhone Keychain, which could and other insiders. Humans
Mobile devices can also facilitate threats from employees
grant access to corporate services such as e-mail and virtual private network (VPN). TO
and many employees have neither the
make matters worse, full removal of data is not are the weakest link in any security strategy.
possible using a device's built-in factory nor the time to track
whether their devices have updated security
software
reset by re-flashing the operating system. Forensic data retrieval software-whict
or knowledge
can also lead to unintentional threats. Most
is available to the installed. The downloading of applications
general public allows data to be recovered from phones and other stores and use mobile applications that can
mobile devices evenafter it has been manually deleted or people download applications from app who developed an application,
undergone a reset. has any idea about
2. Malicious code Ccess enterprise assets; nobody the application right back to the
or whether there
is a threat vector through
Mobile
nOw good it is, services through mobile applications
malware threats are of personal cloud
typically socially engineered and focus on tricking the network. The misuse
into accepting what the hacker is use Corporate these applications can lead to
data,
seling. The most prolific include when used to convey enterprise
networking sites and rogue applications. While mobile usersweaponis another issue;
links on social spam, of. Not all insider threats are
unaware
remains entirely
subject to the same drive-by downloads that PC users face, mobile ads are
are not
y uata leaks that the organisation
insiders can use
a smartphone to
or misappropriate data
misuse
increasingy advertent; malicious
Cybercrime Using
Mobile and Wireless Devices( 77
 information to
the device's s e c i r e
amounts of corporate sana di rced authentication: Whenever any mobile device is
Enford
by downloading large
the device to
transmit data via e-mail e-mail services to should enforce to enter
etwork, users s
connected to an organisations
(SD) flash
card, or by using
memory technologies such aas s
authentication details.
circumventing
robust monitoring
even data ver-the-air data encryption: An organisation should force the use of Secure SoCkets
external accounts,
loss prevention (DLP).
ar (SSL) when exchanging data wirelessly over mobile devices.
corporate data is accessed
Mobile security threats will continue
to advance as
cash in on the trend.
by a
Makinna Over-the-air provisioning: technicians should be able to configure and update
and hackers try to sure
seemingly endless pool of devices
mobile security practices and
mobile applications remotely froma central platform.
fully understand the implications of faulty eting Remote wipe and data fading There should be a provision to clear all data remotely
users
device users remain unaware.
can be dificult. Many of
them to adhere to best practices and change the settings on a lost or stolen PDA, smartphone, or tablet.
themselves tend to lack
basic tools that are readily availah
threats, and the devices Full disk encryption: An organisation should use full disk encryption to make it virtually
firewalls.
anti-spam, and endpoint
for other platforms, such as antivirus, impossible for anyone without authorisation to read private data on mobile devices.
Mobile
Organisational Measures for Handling
Separation of personal and enterprise information: There should be a facility to
3.9.
secure, control, and erase corporate data and applications without impacting a user's
Devices-Related Security Issues personal photos, music, or games.
available only on PCs
Although mobile phones are taking on more capabilities formerly U s e r access rights and security policies: An organisation should keep track and
technical security solutions for mobile phones are not as sophisticated or widespreadas
control exactly what data users can access with their mobile devices
those for PCs. This means that the bulk of mobile phone security relies on the user making
Network filters: Network filtering should be applied to monitor who is attempting access
intelligent, cautious choices. Even the most careful users can still fall victim to attacks on
to the corporate network and to block access unless a device management client is
their mobile phones. Four key questions need to be addressed when developing a mobile
installed on the device.
security strategy:
1. How do deny to unauthorised users?
we access
3.10. Organisational Security Policies and Measures in
Instruct employees to set a strong password on their mobile device and to change it
every three to six months. Mobile management systems can automate MobileComputing Era
enforcement.
advancements shift productivity
2. What is our plan if
personal device gets lost or stolen?
a iobile devices are receiving more attention as technoiogical
Passwords Tools from desktops to pockets amid increasing reliance on mobile applications. Systems and
not enough. You must be able to lock and wipe the device
are
remotely security features of various devices
the
This, first, lets you "freeze" a
device, which is useful if there is a good chance policies should be developed to evaluate and manage
will turn up again. If it is
gone for good, remote wipe lets you
that t This should be done to know what
are already in the workplace or corporately deployed. or stand-alone computers. Again,
data. permanently erase storeu Ormation they are able to access on company servers
3.
s parallels commonly known concerns with PCs and laptops, but with mobile devices
How do we remove
corporate data from a personal device whose owner is leaving An organisation should adhere to the
the company?
eral other considerations must be considered.
Management wng rules for effective mobile device management
tools can be used to
an
employee segregate enterprise and personal data. When 1. on the network:
Regular audit should be done in the
leaves, IT can wipe the
enterprise data while leaving personadv ta
dentify all mobile devices
to make sure that there are
unafected. This and other mobile systems
capability protects the organisation without organisation to identify servers
4. How do we
keep prying eyes away from inconveniencing the u er.
no unauthorised devices.
which
Use mobility confidential files? employees need to access: ldentify
management software to Anow which back-office systems
need special purpose applications
rest' in the device's encrypt enterprise data, both as it is e-mail access /which
and when it is "at
mployees can sufficewith just
itted
Some of the most memory. transi which need executive-level access.
common security features used to Appropriate user groups should be created
protect mobile assets 3.
Formalise types and set policies:
8
are user
CyrmUsin Mt
 each of the
user group. Guar
phone
policies need
to be set for Protection, McAfee Endpoint Encryption, PGP MoDile,
and strict governance
be used to
control acceess to and Pointsec Mobile Encryption)
Filters should
ready to block
access:
management clientinstaln b. Do an assessmentor at least be
4. Be that do not have
a
stalled. aware of the
devices. Some devices may offer more matureencryptiorn
access to devices ion options available for mobile
systems to block The organisation.
encryption policies plus remote wipe: sho security solutions than others.
and
5. Add password
mobile security measures such as password enforceme c.Consider using thinclient models so that data is centrally and securely maintained.
implement minimum This is one option
device data encryption,
remote wipe for lost
devices, and
to the network.

inventory
management to
manaae
means not having
to
to
help avoid
storing confidential
develop new solutions every
data on mobile devices. It aiso
are connected time a new mobile technology iSs
identify which devices
business data: Mobile devices shns
released.
6. Consider separating personal data from buld be
passsword. d. Educate users to avoid using or storing confidential data on a
in one area of the device and encrypt and mobile device whenever
able to store enterprise data
possible.
protect only that area. 6. Use digital certificates on mobile devices.
Burden on the organisation should be minimie
7. Enable users to be self-sufficient:
that keeps mobile devices in compliane 7. Take appropriate physical security
by using a client management application
measures to prevent theft or enable recovery of
mobile devices.
User training should be onganised regularly.
policies key to a. Make use of cable locks for laptops.
management and data-protection tools and
are preventinn
Effective remote
mobile breaches. Protecting sensitive information on mobile devices requires an b. Use tracking and tracing application software
security
be compromised. Providing a bullet
understanding of the many ways in which security can c. Never leave your mobile device unattended.
proofstrategy requires mobile security policies and functions, security-aware employees, and d. Report lost or stolen devices immediately
a comprehensive set of mobile device management tools. Steps to secure an organisation's
e. Remember to back up data on your mobile device on a regular basis.
mobile devices are listed as follows:
8. Use appropriate sanitisation and disposal procedures for mobile devices. Delete all
1. Configure mobile devices securely by stored information prior to discarding, exchanging, or donating devices.
a. Enabling auto-lock.
9. Develop appropriate policies, procedures, standards, and guidelines for mobile devices.
b. Enabling password praotection that requires complex passwords. 10. Educate employees about mobile device security.
c. Avoiding the use of auto-complete features that remember usernames or passwords a. Employees should be cautious when opening e-mail and text message attachments
d. Ensuring that browser security settings are configured appropriately. or clicking on links.
e. Enabling remote wipe. b. They should avoid opening attachments, clicking links, or caling numbers contained
f. Ensuring that SSL protection is enabled, if available. in illegitimate e-mails or text messages. They should be aware of what they are
2.
Connect to secure Wi-Fi networks and disable Bluetooth, infrared, or Wi-Fi when not downloading
use. Additionally, set Bluetooth-enabled
devices C. They should be aware of the current threats affecting mobile devices
to non-discoverable to render
invisible to unauthenticated devices. Avoid
tne flexible mobile device
joining unknown Wi-Fi networks. very organisation needs to frame a comprehensive yet policy and
3. It should be centrally managed by the IT staff.
Update mobile devices frequently. Select the automatic update option. Maintain up TCe it on all devices employees are using. be that the organisation is
date software, including gained
can
operating systems and applications. Security policy must be auditable so that assurance
4. Utlise antivirus
programs, configure automatic updates and maintain up-o ale doing bverything possible to protect its investment in mobile technology. Audit procedures for
device policies and procedures are highlighted
signatures. Sessing the operating efficiency of mobile
as follows:
5. Use an encryption solution to
keep portable data secure in transit. policy is available for mobile devices
Policy: Auditors should check whether security has rules for
1. a
a. Data
protection is essential. If confidential data must be accessed or storeo
using
whether the policy physical and logical
a mobile
Or not. If it is available, check
device, make sure the users have installed an (eg
encryption solu Cybercrime Using Mobile and Wireless Devices
 devices. The organisation
should have a policy
that may be accessible
ecifying diferes
speeit
ble th.
o
ife
95/98/ME, etc. If you are
running
handling of
mobile
information and
information
services
through thes access your data.
any of them, anyone who picks up your
iap
types of
devices. rules and regulations t 2. Enable a strong BiOS password
should include for
organisation
2. Antivirus updates: The whether those rules and reuMi Security begins right from the stat by password protecting the BIOS. Some laptop
secure and check Sara
the system
updates to keep manufacturers use stronger B10S protection schemes than others. So. you should
the employees. find out from your laptop manufacturer what the procedure is for resetting the BIOs
being followed by whether sensitive
data in storage ae
Auditors should verify well as password. if they absolutely demand that you send the laptop back into the factory and
3. Encryption:
or not. do not give you a "workaround". you have a better chance of recovering the machine
transit is properly secured .
and verify that mobile device
transmission: Auditors should check usersare and maybe even catching the thief (both 1BM and Dell provide this feature). Also. find
4. Secure
secure connection using one of the
specfes
s
network via a out if the BIOS password locks the hard drive so that it cannot simpily be removed and
connecting to the enterprise security D.
(for example, VPN, IP
methods in the security policy
of the organisation
(IPsec reinstalled into a similar machine.
or Secure SocketsLayer (SSL)) 3. Engrave the laptop
check asset management to veritv
Auditors should carefully Permanently marking the outer case of the laptop with your company name. address.
5. Device management: who have been terminaled.
as procedures for employees nated o and phone number may greatly increase your odds of getting it returned to you if you
and stolen devices as well
have resigned from the enterprise. it in a hotel room or somewhere else. According to the FBI. 97% of
carelessly leave
Access control: Auditors should
check access privileges and escalations if anythir unmarked computers are never recovered. Marking may aiso prevent it from simply
6.
happens in the organisation and report
it for further action. being resold over the Internet via an online auction
whether the organisation has an awarenes 4. Register the laptop with the manufacturer:
7. Awareness training: Auditors need to verify
program in place that addresses
the importance of securing mobile devices physica Most of us are in the habit of throwing away the registration cards of all of the electronic
and logically. The training should also make clear the types
of information that can an items we buy every day because we have learned that it just leads to more junk mail.
Registering your laptop with the manutacturer will lag t f a thief ever sends it for
in
cannot be stored on such devices.
exist and ar maintenance and increase your chances of getting t back. it aiso pays to write down
8. Risk: Auditors should check and confirm that policies and procedures
laptop's serial store t in a
number and safe piace In the event your laptopis
functioning as management intended to ensure that the company's information asse your
stolen, it will be impossible for the police to ever recover tf they cannot trace it back
are not subjected to high risk of data leakage and loss.
to you.
So. their physicai secunty shouid
Many laptops and mobile devices are lost each year.
3.11.Laptops be high on any prionity list, especiaily because nght protection can save time. money
Laptops have enabled us to work whenever and wherever we choose, greatly ennan data and embarrassment. There is a wide range of physicai laptop security optons
our productivity, but they also put huge volumes of confidential data at risk. In today's
mo available. they are as foilows.
business environment, the protection of confidential data on laptops has become a
loss
top p 5. Get a cable lock and use it
both for corporations and government agencies. To reduce the risk and impact of
aad Over 80% of the laptops in the market are equipped
with a niversal Secunty Slot
organisations must proactively secure confidential data before the laptop is stolen o attached to a cable lock or laptop
alarm. Aithough this
bas (USS) that allows them to be the casual
missing and be prepared to respond immediately when a theft does occur. Some of ne with boit cutters. t can efectively keep
may not stop determined thieves
security principles that need to be followed for laptops are given as follows: whiie you re
take advantage of you sleeping in an airport
thieves away who generaily
etc costhy
hese devices are not very
1. Choose a secure
operating system and lock it down lobby, leaving it on a tabie to go bathroomthe
stores or onine Tubular locks are preferable to
and can be found at office suppiy
Window
To care about your data, you must
pick an operating system that is secuo lev
2000 Professional and Windows XP Professional both offer secure common tumbler lock design
log- do
security, and the ability to encrypt data. Such type of security is not provided by
82
 6Use a docking statlon:
Almost 40% of laptop thefts occur in the office Poorly
screened housekeetire
fou Can
ontractors, and disgruntled employees are the usual suspects.
n
help
this by using a docking station that is permanently aflxed o your desktop arnd
top andpreve
has
feature which locks the laptop securely in place
Lock up your PCMCIA cards:
cable lock to Keep sorneone from
Apart trom locking your PC to the desk witha
away with your laptop. you can do something to keep someone from ne.
stealing
When e walkr
we.
PCMCIA NIC card or modem that is sticking out of
the side of your machine. Whan
h use. eject these cards from the laptop bay and lock them in a sae place. Even e
her
they are not being used, PCMCIA cards still consume battery power and contribade
the heat levels within your laptop while they are left inserted into their siots
8 Use a personal firewall on your laptop:
t is a popular practice for the corporate networks to protéct their servers are
workstations by configuring a firewall to prevent intruders from hacking their system
the company's Intemet connection. But once the users leave the corporate buildin
and connect to the web from home or other places, their data is vulnerable to attack
Personal frewalls such as Blacklce and ZoneAlarm are an effective and inexpensive
layer of secunity that takes only a few minutes to install. The use of a good third-pa
personal firewall to secure your Windows XP workstations is recommended.
9Use tracking software to have your laptop call home:
There are several vendors that offer
stealthy software solutions that enable your laptoc
to check in to a
tracking centre periodically using a traceable signal. In the event your
iaptop is lost stolen, these agencies work with the
or
internet service police, phone company and
providers to track and recover
Stealth your laptop. CompuTrace, Secureil.
Signal, and ZTrace provide tracking services for
corporations and individuas
3.12.Summary
in
today's era, traditional
devices increase computing devices are being replaced
productivity and ease of by portable devices. I
data is the work at any place. However, loss of
potential threat for such confidenu
peripheral portable systems. Even
security, it will not be applicable all
the time to such
though organisations na
devices are
susceptible to being lost or stolen.
portable devices. Also, es e
devices can be This
exploited to launch attacks chapter focuses on how theld
about organisations. to steal sensitive and confidential nan ation
various authentication Security challenges posed by wireless intormaus
service security devices are discussea and
attacks on mobilemechanisms are suggested to
Various specialised
phones are safeguard the devivices.
discussed and different
84 organisa