Paper name: Information security and cyber laws

Unit: 3
What is cyber warfare?
Cyber warfare is the use of digital attacks to attack a nation, causing comparable
harm to actual warfare and/or disrupting the vital computer systems.
However, there has been some debate among experts regarding what acts
specifically qualify as cyber warfare. While the United States Department of
Defense (DOD) states that the use of computers and the internet to conduct warfare
in cyberspace is a threat to national security, why certain activities qualify as
warfare, while others are simply cybercrime, is unclear.
Although cyber warfare generally refers to cyber attacks perpetrated by one nation-
state on another, it can also describe attacks by terrorist groups or hacker groups
aimed at furthering the goals of particular nations. While there are a number of
examples of suspected cyber warfare attacks in recent history, there has been no
formal, agreed-upon definition for a cyber act of war, which experts generally agree
would be a cyber attack that directly leads to loss of life.

What kinds of cyber weapons are used in warfare?

Examples of acts that might qualify as cyber warfare include the following:
 Viruses, phishing, computer worms and malware that can take down critical

infrastructure.
 Distributed denial-of-service (DDoS) attacks that prevent legitimate users

from accessing targeted computer networks or devices.

 Hacking and theft of critical data from institutions, governments and

businesses.
 Spyware or cyber espionage that results in the theft of information that

compromises national security and stability.

What are the goals of cyber warfare?

According to the Cyber security and Infrastructure Security Agency, the goal
of cyber warfare is to "weaken, disrupt or destroy" another nation. To achieve
their goals, cyber warfare programs target a wide spectrum of objectives that
might harm national interests. These threats range from propaganda to
 espionage and serious disruption with extensive infrastructure disruption and
loss of life to the citizens of the nation under attack.
Cyber warfare is similar to cyber espionage, and the two terms are sometimes
confused. The biggest difference is that the primary goal of a cyber warfare
attack is to disrupt the activities of a nation-state, while the primary goal of a
cyber espionage attack is for the attacker to remain hidden for as long as
possible in order to gather intelligence. The two activities are often used
together. For example, cyber espionage can be used to build intelligence that
helps a nation-state prepare for declaring a physical or cyber war.

Some Historical examples of cyber warfare attacks:

Bronze Soldier -- 2007
In 2007, the Estonian government moved a Bronze Soldier, a painful symbol of
Soviet oppression, from the center of Tallinn, the capital of Estonia, to a military
cemetery on the outskirts of the city.
In the following months, Estonia was hit by several major cyber attacks. This
resulted in many Estonian banks, media outlets and government sites being taken
offline due to unprecedented levels of traffic.
The Stuxnet worm -- 2010
The Stuxnet worm was used to attack Iran's nuclear program in what is considered
one of the most sophisticated malware attacks in history. The malware targeted
Iranian supervisory control and data acquisition systems and was spread with
infected Universal Serial Bus devices.
Edward Snowden -- 2013
Edward Snowden, a former Central Intelligence Agency consultant, leaked details
of the U.S. National Security Agency's cyber surveillance system. He attributed this
act to ethical concerns about the programs he was involved with, which he says
were ignored. The incident raised corporate and public awareness about how the
advance of technology infringes on personal privacy and coined the term
the Snowden effect.
DDoS attack in Ukraine -- 2014
The Russian government allegedly perpetrated a DDoS attack that disrupted the
internet in Ukraine, enabling pro-Russian rebels to take control of Crimea.
What is port scanning?
Port scanning is a method of determining which ports on a network are open and
could be receiving or sending data. It is also a process for sending packets to
specific ports on a host and analyzing responses to identify vulnerabilities.
This scanning can‘t take place without first identifying a list of active hosts and
mapping those hosts to their IP addresses. This activity, called host discovery, starts
by doing a network scan.
The goal behind port and network scanning is to identify the organization of IP
addresses, hosts, and ports to properly determine open or vulnerable server
locations and diagnose security levels. Both network and port scanning can reveal
the presence of security measures in place such as a firewall between the server and
the user‘s device.
After a thorough network scan is complete and a list of active hosts is compiled,
port scanning can take place to identify open ports on a network that may enable
unauthorized access.
It‘s important to note that network and port scanning can be used by both IT
administrators and cybercriminals to verify or check the security policies of
a network and identify vulnerabilities — and in the attackers‘ case, to exploit any
potential weak entry points. In fact, the host discovery element in network scanning
is often the first step used by attackers before they execute an attack.
As both scans continue to be used as key tools for attackers, the results of network
and port scanning can provide important indications of network security levels for
IT administrators trying to keep networks safe from attacks.

What are the different port scanning techniques?

There are several techniques for port scanning, depending on the specific goal. It‘s
important to note that cybercriminals will also choose a specific port scanning
technique based on their goal, or attack strategy.
Listed below are a few of the techniques and how they work:
 Ping scans: The simplest port scans are called ping scans. In a network, a

ping is used to verify whether or not a network data packet can be distributed
to an IP address without errors. Ping scans are internet control message
protocol (ICMP) requests and send out an automated blast of several ICMP
requests to different servers to bait responses. IT administrators may use this
 technique to troubleshoot, or disable the ping scan by using a firewall —
which makes it impossible for attackers to find the network through pings.
 Half-open or SYN scans: A half-open scan, or SYN (short for synchronize)
scan, is a tactic that attackers use to determine the status of a port without
establishing a full connection. This scan only sends a SYN message and
doesn‘t complete the connection, leaving the target hanging. It‘s a quick and
sneaky technique aimed at finding potential open ports on target devices.
 XMAS scans: XMAS scans are even quieter and less noticeable by firewalls.
For example, FIN packets are usually sent from server or client to terminate a
connection after establishing a TCP 3-way handshake and successful transfer
of data and this is indicated through a message ―no more data is available
from the sender.‖ FIN packets often go unnoticed by firewalls because SYN
packets are primarily being looked for. For this reason, XMAS scans send
packets with all of the flags — including FIN — expecting no response, which
would mean the port is open. If the port is closed, a RST response would be
received. The XMAS scan rarely shows up in monitoring logs and is simply a
sneakier way to learn about a network‘s protection and firewall.

How can cybercriminals use port scanning as an attack method?

According to the SANS Institute, port scanning happens to be one of the most
popular tactics used by attackers when searching for a vulnerable server to breach.
These cybercriminals often use port scanning as a preliminary step when targeting
networks. They use the port scan to scope out the security levels of various
organizations and determine who has a strong firewall and who may have a
vulnerable server or network. A number of TCP protocol techniques actually make
it possible for attackers to conceal their network location and use ―decoy traffic‖ to
perform port scans without revealing any network address to the target.
Attackers probe networks and systems to see how each port will react — whether
it‘s open, closed, or filtered.
For example, open and closed responses will alert hackers that your network is in
fact on the receiving end of the scan. These cybercriminals can then determine your
operation‘s type of operating system and level of security.
As port scanning is an older technique, it requires security changes and up-to-date
threat intelligence because protocols and security tools are evolving daily. As a best
practice approach, port scan alerts and firewalls should be used to monitor traffic to
your ports and ensure malicious attackers do not detect potential opportunities for
unauthorized entry into your network.

What is spoofing attack?

Spoofing is a cyberattack that occurs when a scammer is disguised as a trusted
source to gain access to important data or information. Spoofing can happen
through websites, emails, phone calls, texts, IP addresses and servers. Usually, the
main goal of spoofing is to access personal information, steal money, bypass
network access controls or spread malware through infected attachments or links.
With every form of communication online, scammers will try to use spoofing to try
to steal your identity and assets.

How Does Spoofing Happen?

The term ―spoof‖ dates back over a century and refers to any form of trickery.
However, today it‘s mostly used when talking about cybercrime. Any time a
scammer disguises their identity as another, it‘s spoofing.
Spoofing can apply to a number of communication channels and engage different
levels of technical know-how. For it to be successful, the spoofing attack has to
incorporate a certain level of social engineering. This means that the methods that
scammers use are able to effectively trick their victims into giving out their personal
information. Scammers use social engineering to play on vulnerable human
characteristics, such as greed, fear, and naiveté.
An example of this type of social engineering is where the scammer relies on the
victim‘s feelings of fear in an attempt to gain information or money. The
grandchildren scam is when a scammer pretends to be a family member and
allegedly states that they‘re in trouble and need money as soon as possible.
Scammers will often target the elderly in these situations due to the preconceived
notion that the elderly are less tech-savvy.
Types of Spoofing Attacks:
Spoofing can occur in many different forms and various types of attacks you should
watch out for. Here are some examples of different types of spoofing:
Caller ID Spoofing
Caller identification (Caller ID) allows the receiver of a phone call to determine the
identity of whoever is calling. Caller ID spoofing occurs when a scammer uses false
information to change the caller ID. Since Caller ID spoofing makes it impossible
for the number to be blocked, many phone scammers use Caller ID spoofing to hide
their identity. Occasionally, these scammers will use your area code to make it seem
like the call is local.
Most Caller ID spoofing happens using a VoIP (Voice over Internet Protocol) that
allows scammers to create a phone number and caller ID name of their choice. Once
the call recipient answers the phone, the scammer will try to convince them to
divulge important information.
Website Spoofing
Website spoofing is when a scammer will try to make a dangerous website look like
a safe one, using legitimate fonts, colors, and logos. This is done by replicating a
trusted site with the intention of taking users to a phishing or malicious site. These
copied sites will usually have a similar website address to the original site and
appear to be real at first glance. However, they‘re usually created to obtain the
visitor‘s personal information.
Email Spoofing
Email spoofing is when a scammer sends out emails with fake sender addresses
with the intention of infecting your computer with malware, asking for money or
stealing information. These fake sender addresses are created to look like it came
from someone that you know, like a coworker or a friend.
These addresses can either be created by using alternative numbers or letters to look
slightly different than the original, or by disguising the ‗from‘ field to be the exact
email address of someone in your network.
IP Spoofing
When a scammer aims to hide the location of where they‘re sending or requesting
data online, they‘ll usually use IP spoofing. The goal of IP spoofing is to trick a
computer into thinking the information being sent to a user is a trusted source and
allow malicious content to pass through.
DNS Server Spoofing
Domain Name System (DNS) spoofing, also known as cache poisoning, is used to
reroute traffic to different IP addresses. This will lead visitors to malicious
websites. This is done by replacing the IP addresses stored in the DNS server with
the ones that the scammer wants to use.
ARP Spoofing
ARP spoofing (Address Resolution Protocol) is used often to modify or steal data or
for in-session hijacking. To do this, the spammer will link their media access
control to an IP address so the spammer can access the data that was originally
meant for the owner of that address.
Text Message Spoofing
Text message spoofing is when a scammer sends a text or SMS message using
another person‘s phone number. Scammers do this by covering their identity behind
an alphanumeric sender ID and will usually include links to malware downloads or
phishing sites. Make sure you‘re aware of mobile security tips if you believe the
data on your phone is being compromised.
GPS Spoofing
A GPS spoofing attack happens when a GPS receiver is deceived by broadcasting
fake signals that resemble real ones. In other words, the scammer is pretending to
be in one location while actually being in another. Scammers can use this to hack a
car GPS and send you to the wrong address, or even to interfere with GPS signals of
ships, buildings, or aircraft. Any mobile app that relies on location data from a
smartphone could be a target for this type of attack.
Man-in-the-middle (MitM) Attack
Man-in-the-middle (MitM) attacks occur when a scammer hacks a WiFi network or
makes a duplicate fraudulent WiFi network in that location to intercept web traffic
between two parties. In doing so, scammers are able to reroute sensitive information
to themselves, such as logins or credit card numbers.
Extension Spoofing
In order to disguise malware extension folders, scammers will utilize extension
spoofing. Usually, they‘ll rename the files to ―filename.txt.exe‖ and hide malware
inside the extension. So, a file that appears to be a text document actually runs a
malicious program when it‘s opened.

Some popular Password-Cracking Techniques Used By Hackers:

1. Dictionary Attack
The dictionary attack uses a simple file containing words that can be found in a
dictionary, hence its rather straightforward name. In other words, this attack uses
exactly the kind of words that many people use as their password.
Cleverly grouping words together such as ―letmein‖ or ―superadministratorguy‖
will not prevent your password from being cracked this way – well, not for more
than a few extra seconds.
2. Brute Force Attack
Similar to the dictionary attack, the brute force attack comes with an added bonus
for the hacker. Instead of simply using words, a brute force attack lets them detect
non-dictionary words by working through all possible alpha-numeric combinations
from aaa1 to zzz10.
It‘s not quick, provided your password is over a handful of characters long, but it
will uncover your password eventually. Brute force attacks can be shortened by
throwing additional computing horsepower, in terms of both processing power –
including harnessing the power of your video card GPU – and machine numbers,
such as using distributed computing models like online bitcoin miners.
3. Rainbow Table Attack
Rainbow tables aren‘t as colorful as their name may imply but, for a hacker, your
password could well be at the end of it. In the most straightforward way possible,
you can boil a rainbow table down into a list of pre-computed hashes – the
numerical value used when encrypting a password. This table contains hashes of all
possible password combinations for any given hashing algorithm. Rainbow tables
are attractive as it reduces the time needed to crack a password hash to simply just
looking something up in a list.
However, rainbow tables are huge, unwieldy things. They require serious
computing power to run and a table becomes useless if the hash it‘s trying to find
has been ―salted‖ by the addition of random characters to its password ahead of
hashing the algorithm.
There is talk of salted rainbow tables existing, but these would be so large as to be
difficult to use in practice. They would likely only work with a predefined ―random
character‖ set and password strings below 12 characters as the size of the table
would be prohibitive to even state-level hackers otherwise.
4. Phishing
There‘s an easy way to hack, ask the user for his or her password. A phishing email
leads the unsuspecting reader to a spoofed log in page associated with whatever
service it is the hacker wants to access, usually by requesting the user to put right
some terrible problem with their security. That page then skims their password and
the hacker can go use it for their own purpose.
5. Social Engineering
Social engineering takes the whole ―ask the user‖ concept outside of the inbox that
phishing tends to stick with and into the real world.
A favorite of the social engineer is to call an office posing as an IT security tech
guy and simply ask for the network access password. You‘d be amazed at how
often this works. Some even have the necessary gonads to don a suit and name
badge before walking into a business to ask the receptionist the same question face
to face.
6. Malware
A keylogger, or screen scraper, can be installed by malware which records
everything you type or takes screenshots during a login process, and then forwards
a copy of this file to hacker central.
Some malware will look for the existence of a web browser client password file and
copy this which, unless properly encrypted, will contain easily accessible saved
passwords from the user‘s browsing history.
7. Offline Cracking
It‘s easy to imagine that passwords are safe when the systems they protect lock out
users after three or four wrong guesses, blocking automated guessing applications.
Well, that would be true if it were not for the fact that most password hacking takes
place offline, using a set of hashes in a password file that has been ‗obtained‘ from
a compromised system.
Often the target in question has been compromised via a hack on a third party,
which then provides access to the system servers and those all-important user
password hash files. The password cracker can then take as long as they need to try
and crack the code without alerting the target system or individual user.
8. Shoulder Surfing
Another form of social engineering, shoulder surfing, just as it implies, entails
peeking over a person‘s shoulders while they‘re entering credentials, passwords,
etc. Although the concept is very low tech, you‘d be surprised how many passwords
and sensitive information is stolen this way, so remain aware of your surroundings
when accessing bank accounts, etc. on the go.
The most confident of hackers will take the guise of a parcel courier, aircon service
technician, or anything else that gets them access to an office building. Once they
are in, the service personnel ―uniform‖ provides a kind of free pass to wander
around unhindered, and make note of passwords being entered by genuine members
of staff. It also provides an excellent opportunity to eyeball all those post-it notes
stuck to the front of LCD screens with logins scribbled upon them.
9. Spidering
Savvy hackers have realized that many corporate passwords are made up of words
that are connected to the business itself. Studying corporate literature, website sales
material, and even the websites of competitors and listed customers can provide the
ammunition to build a custom word list to use in a brute force attack.
Really savvy hackers have automated the process and let a spidering application,
similar to the web crawlers employed by leading search engines to identify
keywords, collect and collate the lists for them.
10. Guess
The password crackers‘ best friend, of course, is the predictability of the user.
Unless a truly random password has been created using software dedicated to the
task, a user-generated ‗random‘ password is unlikely to be anything of the sort.

What is Malicious Software?

The words ―Malicious Software‖ coin the word ―Malware‖ and the meaning
remains the same. Malicious Software refers to any malicious program that causes
harm to a computer system or network. Malicious Malware Software attacks a
computer or network in the form of viruses, worms, trojans, spyware, adware or
rootkits.
Their mission is often targeted at accomplishing unlawful tasks such as robbing
protected data, deleting confidential documents or add software without the user
consent.

Different Types of Malicious Software:

Computer Virus
A computer virus is a malicious software which self-replicates and attaches itself to
other files/programs. It is capable of executing secretly when the host program/file
is activated. The different types of Computer virus are Memory-Resident Virus,
Program File Virus, Boot Sector Virus, Stealth Virus, Macro Virus, and Email
Virus.
Worms
A worm is a malicious software which similar to that of a computer virus is a self-
replicating program, however, in the case of worms, it automatically executes itself.
Worms spread over a network and are capable of launching a cumbersome and
destructive attack within a short period.

Trojan Horses
Unlike a computer virus or a worm – the trojan horse is a non-replicating program
that appears legitimate. After gaining the trust, it secretly performs malicious and
illicit activities when executed. Hackers make use of trojan horses to steal a user‘s
password information, destroy data or programs on the hard disk. It is hard to
detect!
Spyware/Adware
Spyware secretly records information about a user and forwards it to third parties.
The information gathered may cover files accessed on the computer, a user‘s online
activities or even user‘s keystrokes.
Adware as the name interprets displays advertising banners while a program is
running. Adware can also work like spyware, it is deployed to gather confidential
information. Basically, to spy on and gather information from a victim‘s computer.
Rootkit
A rootkit is a malicious software that alters the regular functionality of an OS on a
computer in a stealthy manner. The altering helps the hacker to take full control of
the system and the hacker acts as the system administrator on the victim‘s system.
Almost all the rootkits are designed to hide their existence.
What is Session Hijacking?
Session hijacking, also known as TCP session hijacking, is a method of taking over
a web user session by surreptitiously obtaining the session ID and masquerading as
the authorized user. Once the user's session ID has been accessed, the attacker can
masquerade as that user and do anything the user is authorized to do on the
network.
One of the most valuable byproducts of this type of attack is the ability to gain
access to a server without having to authenticate to it. Once the attacker hijacks a
session, they no longer have to worry about authenticating to the server as long as
the communication session remains active. The attacker enjoys the same server
access as the compromised user because the user has already authenticated to the
server prior to the attack.
What Do Attackers Gain from Session Hijacking?
When cybercriminals have hijacked a session, they can do virtually anything that
the legitimate user was authorized to do during the active session. The most severe
examples include transferring money from the user‘s bank account, buying
merchandise from web stores, accessing personally identifiable information (PII)
for identity theft, and even stealing data from company systems.