Unit-3

TOOLS AND METHODS USED IN CYBERCRIME

Introduction: Cybercrime involves the use of digital tools and

techniques to conduct illicit activities with the intent to exploit,
compromise, or gain unauthorised access to computer systems,
networks, and sensitive information. In this section, we explore various
tools and methods employed by cybercriminals, starting with the use of
proxy servers and anonymizers.

What are Proxy Servers?

e
● A proxy server is an intermediate server that sits between a user's

ir
device and the internet.
● When a user makes a request to access a website, the request first
goes to the proxy server, which then forwards the request to the
website.
es
● The website's response is sent back to the proxy server, which then
sends it back to the user's device.
D
u
Ed

The primary function of a proxy server is to act as an intermediary

between the user's device and the internet. This can provide a number of
benefits, including:

41 Edu Desire
 ● Anonymity: Because the website only sees the proxy server's IP
address, not the user's device IP address, the user's identity is
concealed.
● Security: Proxy servers can act as a buffer between the user's
device and the internet, helping to protect against malware,
viruses, and other types of attacks.
● Access control: Proxy servers can be configured to block or allow
certain types of traffic, such as social media or streaming websites,
providing organisations with control over what their employees
can access.

Types of Proxy Servers: There are several different types of proxy

e
servers, including:

ir
● Open or Forward Proxy: A forward proxy is a server that sits
between a client and the internet. The client sends a request to the
forward proxy, which then sends the request to the internet on
es
behalf of the client.
● Reverse Proxy: A reverse proxy is a server that sits between the
internet and a server. The reverse proxy receives requests from the
D
internet and then forwards those requests to the appropriate
server.
● Transparent Proxy: A transparent proxy is a proxy that does not
modify the request or response, but simply passes the traffic along.
u

Transparent proxies are often used in corporate environments to

monitor and control access to the internet.
Ed

● Anonymous Proxy: An anonymous proxy is a proxy that conceals

the user's IP address, providing an additional layer of privacy.

What are Anonymizers?

● An anonymizer is a tool that is used to conceal a user's identity
when accessing the internet.
● Anonymizers work by hiding the user's IP address, making it
difficult for websites to track the user's online activity.

42 Edu Desire
There are several different types of anonymizers, including:
● VPN: A Virtual Private Network (VPN) is a type of anonymizer that

e
creates an encrypted connection between the user's device and the
internet. All traffic between the device and the internet is routed

ir
through the VPN, which conceals the user's IP address and provides
an additional layer of security.
● TOR: The Onion Router (TOR) is a free software program that is
es
used to conceal a user's online activity by routing their traffic
through a network of servers. TOR is designed to be extremely
difficult to trace, making it a popular choice for users who need to
D
conceal their identity.
● Web-based anonymizers: Web-based anonymizers are online tools
that allow users to browse the internet without revealing their IP
u

address. These tools work by routing traffic through a third-party

server, making it difficult for websites to track the user's online
Ed

activity.

What is Phishing:
Phishing is one type of cyber attack. Phishing got its name from “phish”
meaning fish. It’s a common phenomenon to put bait for the fish to get
trapped. Similarly, phishing works. It is an unethical way to dupe the
user or victim to click on harmful sites. The attacker crafts the harmful
site in such a way that the victim feels it to be an authentic site, thus
falling prey to it. The most common mode of phishing is by sending spam
emails that appear to be authentic and thus, taking away all credentials
from the victim. The main motive of the attacker behind phishing is to
gain confidential information like.

43 Edu Desire
 ● Password
● Credit card details
● Social security numbers
● Date of birth

The attacker uses this information to further target the user and
impersonate the user and cause data theft. The most common type of
phishing attack happens through email. Phishing victims are tricked into
revealing information that they think should be kept private. The original
logo of the email is used to make the user believe that it is indeed the
original email. But if we carefully look into the details, we will find that

e
the URL or web address is not authentic.

ir
How Does Phishing Occur?
● Clicking on an unknown file or Attachment: Here, the attacker
es
deliberately sends a mysterious file to the victim, as the victim
opens the file, either malware is injected into his system or it
prompts the user to enter confidential data.
D
● Using an open or free wifi hotspot: This is a very simple way to
get confidential information from the user by luring him by giving
him free wifi. The wifi owner can control the user’s data without
the user knowing it.
u

● Responding to social media requests: This commonly includes

Ed

social engineering. Accepting unknown friend requests and then,

by mistake, leaking secret data are the most common mistakes
made by naive users.
● Clicking on unauthenticated links or ads: Unauthenticated links
have been deliberately crafted that lead to a phished website that
tricks the user into typing confidential data.

Types of Phishing Attacks

● Email Phishing: The most common type where users are tricked
into clicking unverified spam emails and leaking secret data.
Hackers impersonate a legitimate identity and send emails to mass
victims. Generally, the goal of the attacker is to get personal details

44 Edu Desire
 like bank details, credit card numbers, user IDs, and passwords of
any online shopping website, installing malware, etc. After getting
the personal information, they use this information to steal money
from the user’s account or harm the target system, etc.
● Spear Phishing: In spear phishing or phishing attack, a particular
user(organisation or individual) is targeted. In this method, the
attacker first gets the full information of the target and then sends
malicious emails to his/her inbox to trap him into typing
confidential data. For example, the attacker targets someone(let’s
assume an employee from the finance department of some
organisation). Then the attacker pretends to be like the manager of
that employee and then requests personal information or transfers

e
a large sum of money. It is the most successful attack.

ir
● Whaling: Whaling is just like spear-phishing but the main target is
the head of the company, like the CEO, CFO, etc. a pressurized
email is sent to such executives so that they don’t have much time
es
to think, therefore falling prey to phishing.
● Smishing: In this type of phishing attack, the medium of phishing
attack is SMS. Smishing works similarly to email phishing. SMS
D
texts are sent to victims containing links to phished websites or
invite the victims to call a phone number or to contact the sender
using the given email. The victim is then invited to enter their
personal information like bank details, credit card information,
u

user id/ password, etc. Then using this information the attacker
harms the victim.
Ed

● Vishing: Vishing is also known as voice phishing. In this method,

the attacker calls the victim using modern caller id spoofing to
convince the victim that the call is from a trusted source. Attackers
also use IVR to make it difficult for legal authorities to trace the
attacker. It is generally used to steal credit card numbers or
confidential data from the victim.
● Clone Phishing: Clone Phishing this type of phishing attack, the
attacker copies the email messages that were sent from a trusted
source and then alters the information by adding a link that
redirects the victim to a malicious or fake website. Now the
attacker sends this mail to a larger number of users and then waits
to watch who clicks on the attachment that was sent in the email. It

45 Edu Desire
 spreads through the contacts of the user who has clicked on the
attachment.

Signs of Phishing Attacks:

It is very much important to be able to identify the signs of a phishing
attack in order to protect against its harmful effects. These signs help the
user to protect user data and information from hackers. Here are some
signs to look out for include:
● Suspicious email addresses: Phishing emails often use fake email
addresses that appear to be from a trusted source, but are actually
controlled by the attacker. Check the email address carefully and

e
look for slight variations or misspellings that may indicate a fake
address.

ir
● Urgent requests for personal information: Phishing attacks often
try to create a sense of urgency in order to trick victims into
providing personal information quickly. Be cautious of emails or
es
messages that ask for personal information and make sure to verify
the authenticity of the request before providing any information.
● Poor grammar and spelling: Phishing attacks are often created
D
quickly and carelessly, and may contain poor grammar and spelling
errors. These mistakes can indicate that the email or message is not
legitimate.
● Requests for sensitive information: Phishing attacks often try to
u

steal sensitive information, such as login credentials and financial

information. Be cautious of emails or messages that ask for
Ed

sensitive information and verify the authenticity of the request

before providing any information.
● Unusual links or attachments: Phishing attacks often use links or
attachments to deliver malware or redirect victims to fake
websites. Be cautious of links or attachments in emails or messages,
especially from unknown or untrusted sources.
● Strange URLs: Phishing attacks often use fake websites that look
similar to the real ones, but have slightly different URLs. Look for
strange URLs or slight variations in the URL that may indicate a
fake website.

46 Edu Desire
How To Stay Protected Against Phishing?
● Authorised Source: Download software from authorised sources
only where you have trust.
● Confidentiality: Never share your private details with unknown
links and keep your data safe from hackers.
● Check URL: Always check the URL of websites to prevent any such
attack. it will help you not get trapped in Phishing Attacks.
● Avoid replying to suspicious things: If you receive an email from
a known source but that email looks suspicious, then contact the
source with a new email rather than using the reply option.
● Phishing Detection Tool: Use phishing-detecting tools to monitor
the websites that are crafted and contain unauthentic content.

e
● Try to avoid free wifi: Avoid using free Wifi, it will lead to threats

ir
and Phishing.
● Keep your system updated: It’s better to keep your system always
updated to protect from different types of Phishing Attacks.
es
● Keep the firewall of the system ON: Keeping ON the firewalls
helps you in filtering ambiguous and suspicious data and only
authenticated data will reach you.
D
Password Cracking: It is a cyber attack technique where unauthorised
individuals attempt to gain access to user accounts or systems by
decrypting or bypassing passwords. This activity is often performed
u

using various methods and tools to exploit weaknesses in password

security.
Ed

Methods of Password Cracking:

47 Edu Desire
1. Brute Force Attacks: The attacker systematically tries all possible
combinations of passwords until the correct one is found.
● Countermeasure: Implement account lockout policies and use
strong, complex passwords.

2. Dictionary Attacks: Attackers use precompiled lists of common

passwords (dictionaries) to attempt login.
● Countermeasure: Enforce strong password policies, including the
avoidance of easily guessable passwords.

3. Rainbow Table Attacks: Attackers use precomputed tables (rainbow

e
tables) of hashed passwords to quickly crack password hashes.

ir
● Countermeasure: Use salting and strong, unique hashing
algorithms to protect password hashes.
es
4. Credential Stuffing: Attackers use known username and password
pairs obtained from previous data breaches to gain unauthorised access
to other accounts where users have reused passwords.
D
● Countermeasure: Encourage users to use unique passwords for
different accounts and implement multi-factor authentication.
u

5. Keylogging: Malicious software records keystrokes to capture

usernames and passwords as users type.
Ed

● Countermeasure: Use updated antivirus software, employ

intrusion detection systems, and educate users about the risks of
downloading unknown software.

6. Phishing: Attackers trick individuals into revealing their passwords

through deceptive emails or fake websites.
● Countermeasure: Educate users about phishing risks and
implement email filtering solutions.

48 Edu Desire
Countermeasures:

1. Strong Password Policies: Enforce the use of complex passwords

containing a mix of uppercase and lowercase letters, numbers, and
special characters.

2. Password Hashing and Salting: Use strong, one-way hashing

algorithms and employ unique salts for each user to protect
password hashes.

3. Multi-Factor Authentication (MFA): Implement MFA to add an

e
extra layer of security even if passwords are compromised.

ir
4. Account Lockout Policies: Set account lockout policies to prevent
brute force attacks by locking an account after a certain number of
es
failed login attempts.

5. Regular Security Audits: Conduct regular security audits to

D
identify and address vulnerabilities in password security.

6. Education and Awareness: Train users to recognize phishing

u

attempts and understand the importance of strong password

practices.
Ed

7. Monitoring and Detection: Implement intrusion detection

systems to monitor and detect unusual login patterns or activities.

Password cracking is a constant threat, and organisations must adopt a

multi-layered approach to safeguard against various methods used by
attackers. Combining strong technical measures with user education and
awareness is essential to maintaining robust password security.

49 Edu Desire
What is a Keylogger?
● Keylogger is a malicious program that is specifically designed to
monitor and log the keystrokes made by the user on their
keyboards.
● It is a form of spyware program used by cybercriminals to fetch
sensitive information like banking details, login credentials of
social media accounts, credit card number, etc.
● A keylogger can monitor and log such information and send those
to the cybercriminal behind it.
● A keylogger can not only monitor the keystrokes, but it can also
take note of every click and touch on your system.

e
● First key-logger was invented in 1970’s and was a hardware

ir
keylogger and first software key-logger was developed in 1983.

Types of Keyloggers:
es
1. Software keyloggers: Software key-loggers are computer programs
which are developed to steal passwords from the victim's computer.
However key loggers are used in IT organisations to troubleshoot
D
technical problems with computers and business networks. Microsoft
Windows 10 also has a key-logger installed in it.
● JavaScript based keylogger: It is a malicious script which is
u

installed into a web page, and listens for keys to press such as
oneKeyUp(). These scripts can be sent by various methods, like
Ed

sharing through social media, sending as a mail file, or RAT file.

● Form Based Keyloggers: These are key-loggers which activate
when a person fills a form online and when clicking the button
submit all the data or the words written are sent via file on a
computer. Some key-loggers work as an API in a running
application. It looks like a simple application and whenever a key is
pressed it records it.

2. Hardware Key-loggers: These are not dependent on any software as

these are hardware key-loggers. keyboard hardware is a circuit which is
attached in a keyboard itself that whenever the key of that keyboard is
pressed it gets recorded.

50 Edu Desire
 ● USB keylogger: There are USB connector key-loggers which have
to be connected to a computer and steal the data. Also some
circuits are built into a keyboard so no external wire is used or
shows on the keyboard.
● Smartphone sensors: Some cool android tricks are also used as
keyloggers such as android accelerometer sensor which when
placed near to the keyboard can sense the vibrations and the graph
then used to convert it to sentences, this technique accuracy is
about 80%. Nowadays crackers are using keystroke logging Trojan,
a malware which is sent to a victim's computer to steal the data and
login details.

e
Prevention from keyloggers: These are following below-

ir
● Anti-Key-logger: As the name suggests these are the software
which are anti / against keyloggers and main task is to detect
es
key-loggers from a computer system.
● Anti-Virus: Many anti-virus software also detect keyloggers and
delete them from the computer system. These are software
anti-software so these can not get rid from the hardware
D
key-loggers.
● Automatic form filler: This technique can be used by the user to
not fill forms on regular bases instead use automatic form filler
u

which will give a shield against key-loggers as keys will not be

pressed .
Ed

● One-Time-Passwords: Using OTP’s as password may be safe as

every time we login we have to use a new password.
● Patterns or mouse-recognition: On android devices use pattern as
a password of applications and on PC use mouse recognition,
mouse program uses mouse gestures instead of stylus.
● Voice to Text Converter: This software helps to prevent
Keylogging which targets a specific part of our keyboard.

51 Edu Desire
What is Spyware?
● Spyware is malicious software that enters a user’s computer,
gathers data from the device and user, and sends it to third parties
without their consent.
● Spyware collects personal and sensitive information that it sends
to advertisers, data collection firms, or malicious actors for a profit.
● Attackers use it to track, steal, and sell user data, such as internet
usage, credit card, and bank account details, or steal user
credentials to spoof their identities.
● Spyware is one of the most commonly used cyberattack methods
that can be difficult for users and businesses to identify and can do
serious harm to networks. It also leaves businesses vulnerable to

e
data breaches and data misuse, often affects device and network

ir
performance, and slows down user activity.

Different types of Spyware:

es
● Adware: It is a type of Spyware that keeps track of the user’s
activity and gives advertisements based on the tracked activity of
the user.
D
● Tracking Cookies: It is a type of Spyware that tracks a user’s
activity and supplies the same to third parties.
● Trojans: It is a type of Spyware that is the most dangerous. It aims
to steal confidential user information such as bank details,
u

passwords and transfers it to a third party to perform illegal

transactions or frauds.
Ed

● Keyloggers: It is a type of Spyware that keeps a track of all the

keystrokes that the user enters through the keyboard. It is
dangerous as it contributes to cyber fraud where sensitive
passwords can be stolen by keeping an eye on the user who entered
the information.
● Stalkerware: It is a type of Spyware that is installed on mobile
phones to stalk the user. It tracks the movement of the user and
sends the same to the third party.
● System Monitor: It is a type of Spyware that monitors and keep a
track of the entire system including users activity, sensitive
information, keystrokes, calls, and chats. It is extremely dangerous
to user privacy.

52 Edu Desire
How to Prevent Spyware?
● Installing Antivirus/ Antispyware: The best way to protect your
system from spyware is to install a good quality Anti-spyware or
Antivirus such as MalwareBytes, Adaware, AVG Antivirus,
SpywareBlaster, etc. This will help in protecting the computer
system in case spyware tries to attach to our system. Installing
Antivirus/ Antispyware also protects the system from harmful
threats by blocking sites that try to steal data or leak the data to
third-party users.
● Beware of Cookie Settings: There are some websites that transfer
confidential information alongside cookies. It is always advisable

e
to keep a check on the cookie settings and set the settings to high
security.

ir
● Beware of the Pop-ups on Websites: Don’t click on the pop-ups
that appear on your website without reading them. Never accept
their terms and conditions as it is highly dangerous. Always close
es
the pop-up windows without clicking on ‘ok’.
● Never Install Free Software: Always be very cautious when you
install free software on your systems. Free software mostly has
D
spyware attached to them and it can directly leak confidential user
information.
● Always read Terms & Conditions: Always read Terms and
u

Conditions before installing apps on your system. Never accept

policies that breach privacy. Download only trusted and verified
Ed

apps from Google PlayStore or Apple PlayStore for mobile phones

to protect them from Spyware.

Viruses and Worms:

While discussing the virus and worm, it is important to first understand
the larger category of malicious programs, called "Malware". Malware can
be defined as a special kind of code or application specifically developed
to harm electronic devices or the people using those devices. Viruses and
worms are both types of malware; however, there are significant
differences between them.

53 Edu Desire
What is a Virus?
● A Virus is a program developed using malicious code with a nature
that links itself to the executable files and propagates device to
device.
● Viruses are often transferred through the downloaded files and the
shared files.
● They can also be attached with a scripting program and
non-executable files like images, documents, etc.
● After the user executes the infected program, the virus gets
activated and starts replicating further on its own.

e
Viruses can harm the system by the following means:
● Filling up the disk space unnecessarily

ir
● Formatting the hard disk drive automatically
● Making the system slow
es
● Modify, or delete personal data or system files
● Stealing sensitive data
D
How does a virus spread?
The virus does not have the capability of spreading itself. It requires the
host and human support to spread. The virus is developed in such a way
u

that it attaches itself to the executable files. It further spreads when the
infected executable file or software is transferred from one device to
Ed

another. As soon as a human launches the infected file or a program, the

virus starts replicating itself.

What is a Worm?
● Worms are the type of virus that can self-replicate and travel from
device to device using a computer network. That means worms
don't need any host to spread.
● They are standalone computer malware that doesn't even require
human support to execute.
● Usually, worms use computer networks by exploiting
vulnerabilities, and that makes them spread more quickly.

54 Edu Desire
How does a worm spread?
Unlike viruses, worms don't require host files to spread. This means that
worms do not attach themselves with executable files or programs.
Instead, worms find a weak spot in the system and enter through a
vulnerability in the network. Before we detect and remove worms from
our system, they replicate and spread automatically and consume all the
network bandwidth. This can result in the failure of the entire network
and web servers. Because worms can spread automatically, their
spreading speed is comparatively faster than other malware.

e
Difference between Worms and Virus :

ir
Basis of WORMS VIRUS
Comparison

Definition
es
A Worm is a form of malware A Virus is a malicious
that replicates itself and can executable code attached to
spread to different computers another executable file which
via Network. can be harmless or can
D
modify or delete data.

Objective The main objective of worms The main objective of viruses

is to eat the system resources. is to modify the information.
u

It consumes system resources

such as memory and
bandwidth and makes the
Ed

system slow in speed to such

an extent that it stops
responding.

Host It doesn’t need a host to It requires a host to spread.

replicate from one computer
to another.

Harmful It is less harmful as It is more harmful.

compared.

Detection Worms can be detected and Antivirus software is used for

and removed by the Antivirus and protection against viruses.
Protection firewall.

Controlled by Worms can be controlled by Viruses can’t be controlled

55 Edu Desire
 remote. remotely.

Execution Worms are executed via Viruses are executed via

weaknesses in the system. executable files.

Comes from Worms generally come from Viruses generally come from
the downloaded files or the shared or downloaded
through a network files.
connection.

Prevention ● Keep your operating ● Installation of Antivirus

system and system in software
updated state ● Never open email
● Avoid clicking on links attachments
from untrusted or ● Avoid usage of pirated

e
unknown websites software
● Avoid opening emails ● Keep your operating

ir
from unknown sources system updated
● Use antivirus software ● Keep your browser
and a firewall updated as old versions
es are vulnerable to
linking to malicious
websites

Types Internet worms, Instant Boot sector virus, Direct

D
messaging worms, Email Action virus, Polymorphic
worms, File sharing worms, virus, Macro virus, Overwrite
Internet relay chat (IRC) virus, File Infector virus are
worms are different types of different types of viruses
u

worms.

Examples Examples of worms include Examples of viruses include

Ed

Morris worm, storm worm, Creeper, Blaster, Slammer,

etc. etc.

Interface It does not need human It needs human action to

action to replicate. replicate.

Speed Its spreading speed is faster. Its spreading speed is slower

as compared to worms.

56 Edu Desire
What is a Trojan Horse?
● The name of the Trojan Horse is taken from a classical story of the
Trojan War.
● It is a code that is malicious in nature and has the capacity to take
control of the computer.
● It is designed to steal, damage, or do some harmful actions on the
computer.
● It tries to deceive the user to load and execute the files on the
device. After it executes, this allows cybercriminals to perform
many actions on the user’s computer like deleting data from files,
modifying data from files, and more.

e
● Now like many viruses or worms, Trojan Horse does not have the

ir
ability to replicate itself.

Types of Trojan Horse: Now there are many Trojans which are designed
es
to perform specific functions. Some of them are: –
● Backdoor trojan: A trojan horse of this kind gives the attacker
remote access to the compromised machine.
D
● Ransom trojan: This kind of trojan horse is intended to encrypt
the data on the compromised system and then demand payment in
exchange for its decryption.
u

● Trojan Banker: It is designed to steal the account data for online

banking, credit and debit cards, etc.
Ed

● Trojan Downloader: It is designed to download many malicious

files like the new versions of Trojan and Adware into the computer
of the victims.
● Trojan Dropper: It is designed to prevent the detection of
malicious files in the system. It can be used by hackers for
installing Trojans or viruses on the victim’s computers.
● Trojan GameThief: It is designed to steal data from Online Gamers.

57 Edu Desire
Uses of Trojan Horse: There are many ways that it can be used :
● Spy: Some Trojans act as spyware. It is designed to take the data
from the victim like social networking(username and passwords),
credit card details, and more.
● Creating backdoors: The Trojan makes some changes in the
system or the device of the victim, So this is done to let other
malware or any cyber criminals get into your device or the system.
● Zombie: There are many times that the hacker is not at all
interested in the victim’s computer, but they want to use it under
their control.

e
Prevention from Trojan Horse: The most basic prevention method: –
● Do not download anything like the images, and audios from an

ir
unsecured website.
● Do not click on the ads that pop up on the page with
es
advertisements for online games.
● Do not open any attachment that has been sent from an unknown
use.
D
● The user has to install the antivirus program. This anti-virus
program has the capacity to detect those files which are affected by
a virus.
u
Ed

What are Backdoors?

● A backdoor is an undocumented way to bypass existing
cybersecurity measures and gain access to the computer system or
device. Software and hardware developers sometimes install
backdoors into their own products to retain access for
troubleshooting purposes.
● Backdoor installation helps software developers solve various
problems, for example, retrieve data from a device to aid a criminal
investigation or restore users’ lost passwords. But the backdoors
might also be exploited by hackers, but how?

58 Edu Desire
How does a backdoor attack work: Backdoor attacks work in two ways.

● In the first scenario, hackers use a backdoor to circumvent normal

security measures and gain unauthorised access to a computer
system and its data.
● In the second one, they exploit system vulnerabilities to gain
access into it and implant backdoor software. Once the backdoor is
in, attackers can easily re-enter the system whenever they like,
even if the vulnerabilities are fixed.

Types of Backdoor Attack Backdoor attacks vary depending on the

types of backdoors they use. We’ll explore those different options now.

e
1. Administrative backdoors:

ir
Lots of software developers include backdoors in their programs to give
them easy administrative access to various areas of their own systems.
Doing so can help them to troubleshoot user problems and fix
es
vulnerabilities quickly. However, if these backdoors are discovered by
cybercriminals, they can be used to launch cyberattacks.
2. Malicious backdoors:
D
A malicious backdoor is one created for a malicious purpose. This process
may involve hackers installing backdoor malware through a targeted
phishing email. If the hacker can eventually gain access to the code of an
u

operating system, they can add backdoors to allow for easy access in the
future.
Ed

3. Accidental backdoors:
Many backdoors are just the result of human error. When a developer
leaves a weak point in their internet security systems, it can go
undetected for a long time. If bad actors find the flaw first, they can use it
as a backdoor to the operating system or application.
4. Hardware backdoors:
While most backdoor attacks involve hackers gaining remote access to
networks and devices through software flaws, it’s also possible to include
hardware backdoors in the physical structure of a device. A good
example is the Clipper chip that the NSA proposed. However, this
approach is high risk for a cybercriminal because it requires physical
access to a targeted device.

59 Edu Desire
How to protect yourself from backdoor attacks: Here are some steps
you can take to protect yourself.

● Don’t use your work device for personal internet activity: Even
if you don’t visit high-risk websites, it’s easy to accidentally click
on a malicious ad or a phishing link, triggering a malware
download. A work device, like a personal computer or phone, could
be a hacker’s access point to the entire company, so it’s your
responsibility to protect it.
● Report any unusual or suspicious incidents: If your device is
acting strangely or you’ve received a suspicious email, report these
potential red flags to superiors within your organisation. If the

e
company has a security team or specialist, contact them directly.

ir
● Use a VPN, especially while travelling: Remote work is
increasingly common, but connecting to public Wi-Fi in a local
cafe, on a train, or in a hotel could be risky. These hotspots are
es
often the hunting grounds of hackers, so use a VPN on your work
device to keep your online activity private.
● Use strong passwords: Create strong and unique passwords for all
D
your accounts, and change the passwords regularly. You can use a
password manager to store your credentials so you don’t have to
memorise them.
u

● Enable firewalls: Use both hardware and software firewalls to

protect your network from unauthorised access.
Ed

● Monitor network traffic: Keep an eye on your network traffic for

unusual activity, which might indicate a backdoor being used.

Steganography:
● Steganography is like hiding a secret message in plain sight.
● Instead of encrypting the message, you hide it within another
seemingly innocent file, like an image, audio file, or even a text
document.
● The goal is to conceal the existence of the message, making it
difficult for others to detect.

60 Edu Desire
 e
Techniques:

ir
1. Image Steganography:
● Embedding data within images by subtly altering pixel values. This
can be achieved through the least significant bit (LSB) method,
es
where the least significant bits of pixel values are replaced with
hidden data.
D
2. Audio Steganography:
● Concealing information within audio files by modifying certain
components, such as the amplitude or frequency. This can be done
u

without significantly altering the perceived quality of the audio.

Ed

3. Text Steganography:
● Hiding information within text by using techniques like whitespace
manipulation, word or letter arrangement, or embedding messages
within seemingly innocent text.

4. Video Steganography:
● Embedding data within video files, often by modifying specific
frames or components of the video stream. Similar to image
steganography, this can involve altering pixel values.

61 Edu Desire
5. File Steganography:
● Hiding data within seemingly innocuous files, such as documents
or executable files, by manipulating certain aspects without
affecting the overall functionality.

Denial of Service (DoS) Attack:

DOS Attack is a denial of service attack, in this attack a computer sends a
massive amount of traffic to a victim’s computer and shuts it down. Dos
attack is an online attack that is used to make the website unavailable for
its users when done on a website. This attack makes the server of a

e
website that is connected to the internet by sending a large amount of
traffic to it.

ir
es
D
u

Detection and Mitigation:

● Traffic Monitoring: Use network monitoring tools to detect
Ed

unusual patterns or spikes in traffic.

● Firewalls and Intrusion Prevention Systems (IPS): Employ
firewalls and IPS to filter and block malicious traffic.
● Load Balancers: Distribute incoming traffic to prevent
overwhelming a single server.

Distributed Denial of Service (DDoS) Attack:

A DDoS attack involves multiple compromised computers, known as
botnets, working together to flood a target system with a massive volume
of traffic. The distributed nature makes DDoS attacks more challenging
to mitigate compared to traditional DoS attacks.

62 Edu Desire
 e
Detection and Mitigation:
● Traffic Analysis: Use anomaly detection and traffic analysis tools

ir
to identify unusual patterns.
● Rate Limiting: Implement rate limiting to restrict the number of
requests from a single source.
es
● Content Delivery Networks (CDNs): Distribute content across
multiple servers to absorb and mitigate DDoS traffic.
D
Difference between DOS and DDOS attacks:

DOS DDOS
u

DOS Stands for Denial of service DDOS Stands for Distributed

attack. Denial of service attack.
Ed

In Dos attacks, a single system In DDoS multiple systems attack

targets the victim system. the victim's system.

Victim PC is loaded from the Victim PC is loaded from the

packet of data sent from a single packet of data sent from Multiple
location. locations.

Dos attack is slower as compared DDoS attack is faster than Dos

to DDoS. Attack.

Can be blocked easily as only one It is difficult to block this attack as

system is used. multiple devices are sending
packets and attacking from
multiple locations.

63 Edu Desire
In DOS Attack only a single device In DDoS attacks,The volumeBots
is used with DOS Attack tools. are used to attack at the same
time.

DOS Attacks are Easy to trace. DDOS Attacks are Difficult to

trace.

Volume of traffic in the Dos attack DDoS attacks allow the attacker to
is less as compared to DDos. send massive volumes of traffic to
the victim network.

Types of DOS Attacks are: Types of DDOS Attacks are:

1. Buffer overflow attacks 1. Volumetric Attacks
2. Ping of Death or ICMP flood 2. Fragmentation Attacks

e
3. Teardrop Attack 3. Application Layer Attacks
4. Flooding Attack 4. Protocol Attack.

What Is SQL Injection?

ir
es
● SQL Injection is a code-based vulnerability that allows an attacker
to read and access sensitive data from the database.
● Attackers can bypass security measures of applications and use
D
SQL queries to modify, add, update, or delete records in a database.
● A successful SQL injection attack can badly affect websites or web
applications using relational databases such as MySQL, Oracle, or
SQL Server.
u
Ed

Types of SQL Injection

1. In-band SQLi: The attackers use the same communication channel to
launch their attacks and collect results. The two common types of
in-band SQL injections are:
● Error-based SQL injection: Here, the attacker performs certain
actions that cause the database to generate error messages. Using
the error message, you can identify what database it utilises, the
version of the server where the handlers are located, etc.
● Union-based SQL injection: Here, the UNION SQL operator is used
in combining the results of two or more select statements
generated by the database, to get a single HTTP response. You can
craft your queries within the URL or combine multiple statements
within the input fields and try to generate a response.

64 Edu Desire
2. Blind SQLi: Here, it does not transfer the data via the web application.
The attacker can not see the result of an attack in-band.
● Boolean-based SQL Injection: Here, the attacker will send an SQL
query to the database asking the application to return a different
result depending on whether the query returns True or False.
● Time-based SQL Injection: In this attack, the attacker sends an
SQL query to the database, which makes the database wait for a
particular amount of time before sharing the result. The response
time helps the attacker to decide whether a query is True or False.

3. Out-of-bound SQL Injection: Out-of-bound is not so popular, as it

e
depends on the features that are enabled on the database server being
used by the web applications. It can be like a misconfiguration error by

ir
the database administrator.

Methods used to prevent SQL Injection are:

es
● Password hashing
● Third-party authentication
● Web application firewall
D
● Purchase better software
● Always update and use patches
● Continuously monitor SQL statements and database
u
Ed

Impact:
1. Unauthorised Data Access: Attackers can gain access to sensitive data
stored in the database, such as usernames, passwords, or financial
information.

2. Data Manipulation: Malicious users can modify or delete data within

the database, leading to data integrity issues.

3. Server Compromise: In severe cases, successful SQL injection attacks

can lead to the compromise of the entire server hosting the database.

65 Edu Desire
What is Buffer Overflow
Buffers are memory storage regions that temporarily hold data while it is
being transferred from one location to another. A buffer overflow (or
buffer overrun) occurs when the volume of data exceeds the storage
capacity of the memory buffer. As a result, the program attempting to
write the data to the buffer overwrites adjacent memory locations.

e
ir
For example, a buffer for log-in credentials may be designed to expect
username and password inputs of 8 bytes, so if a transaction involves an
es
input of 10 bytes (that is, 2 bytes more than expected), the program may
write the excess data past the buffer boundary.
D
Buffer Overflow Attacks:
A buffer overflow attack is a type of cybersecurity threat that occurs
when a program or application tries to store more data in a buffer
u

(temporary storage) than it can actually hold. This excess data can
overflow into adjacent memory locations, potentially overwriting
Ed

important information or causing the program to crash. In some cases,

attackers can exploit this vulnerability to execute malicious code and
gain unauthorised access to a system or application.

Types of Buffer Overflow Attacks

● Stack-based buffer overflows are more common, and leverage
stack memory that only exists during the execution time of a
function.
● Heap-based attacks are harder to carry out and involve flooding
the memory space allocated for a program beyond memory used
for current runtime operations.

66 Edu Desire
What Programming Languages are More Vulnerable?
● C and C++ are two languages that are highly susceptible to buffer
overflow attacks, as they don’t have built-in safeguards against
overwriting or accessing data in their memory. Mac OSX, Windows,
and Linux all use code written in C and C++.
● Languages such as PERL, Java, JavaScript, and C# use built-in
safety mechanisms that minimise the likelihood of buffer overflow.

What are Wireless Network Attacks?

Wireless network attacks are deliberate and malicious actions aimed at

e
exploiting vulnerabilities in wireless communication systems to gain
unauthorised access, intercept sensitive data, disrupt network

ir
operations, or compromise the security of devices and users connected
to the network. These attacks target weaknesses in the protocols,
configurations, or encryption mechanisms of wireless networks, taking
es
advantage of their inherent nature of broadcasting signals over the
airwaves.
D
Types of Wireless Network Attacks: Here are some of the common
types of wireless network attacks:
● Wireless Eavesdropping (Passive Attacks): Attackers use tools
u

like packet sniffers to intercept and monitor wireless

communications between devices. By capturing data packets
Ed

transmitted over the air, they can potentially obtain sensitive

information, such as login credentials, financial data, or personal
information.
● Wireless Spoofing (Man-in-the-Middle Attacks): In these attacks,
the attacker positions themselves between the wireless client and
the legitimate access point, intercepting and manipulating data
transmissions. The attacker may then relay the information back
and forth, making it appear as if they are the legitimate access
point. This enables them to snoop on data or perform other
malicious actions unnoticed.
● Wireless Jamming (Denial-of-Service Attacks): Attackers flood
the wireless frequency spectrum with interference signals,

67 Edu Desire
 disrupting legitimate communications between devices and access
points. By creating excessive noise, they can render the wireless
network unusable for legitimate users.
● Rogue Access Points: Attackers set up unauthorised access points,
mimicking legitimate ones, to deceive users into connecting to
them. Once connected, the attacker can eavesdrop, capture data, or
launch further attacks on the unsuspecting users.
● Brute-Force Attacks: Attackers try various combinations of
passwords or encryption keys in rapid succession until they find
the correct one to gain unauthorised access to the wireless
network.

e
● WEP/WPA Cracking: Attackers exploit vulnerabilities in older
wireless security protocols like Wired Equivalent Privacy (WEP)

ir
and Wi-Fi Protected Access (WPA) to gain unauthorised access to
encrypted wireless networks.
es
● Evil Twin Attacks: Attackers create fake access points with names
similar to legitimate ones, tricking users into connecting to the
malicious network. Once connected, the attacker can intercept
sensitive data or execute further attacks.
D
● Deauthentication/Disassociation Attacks: Attackers send forged
deauthentication or disassociation frames to wireless devices,
forcing them to disconnect from the network, leading to service
u

disruptions or potential vulnerabilities when devices automatically

reconnect.
Ed

Preventing Wireless Network Attacks: Follow these essential tips to

fortify your wireless network against attacks:
● Update your computer often: Regularly update your operating
system and applications to ensure you have the latest security
patches and fixes.
● Use MAC filtering: Enable MAC filtering on your wireless router to
control access to your network. By specifying which devices are
allowed to connect based on their unique MAC addresses, you can
prevent unauthorised access and enhance your network’s security.
● Disable SSID broadcasting: Turn off SSID broadcasting to make
your wireless network invisible to casual observers. This prevents

68 Edu Desire
 your network from being easily discoverable and adds an extra
layer of obscurity for potential attackers.
● Use WPA2 encryption: Utilise WPA2 encryption, the latest and
most secure protocol, to safeguard your data as it travels between
devices and access points. Encryption ensures that even if
intercepted, your data remains unintelligible to unauthorised
entities.
● Disable file sharing: Turn off file sharing on your network to
prevent unauthorised users from accessing your sensitive files. If
file sharing is necessary, ensure you set up secure passwords to
limit access to approved users only.

e
ir
What is Identity Theft?
● Identity Theft also called Identity Fraud is a crime that is being
es
committed by a huge number nowadays.
● Identity theft happens when someone steals your personal
information to commit fraud.
● This theft is committed in many ways by gathering personal
D
information such as transactional information of another person to
make transactions.
u

Types of Identity Thefts: There are various amount of threats but some
common ones are :
Ed

● Criminal Identity Theft: This is a type of theft in which the victim

is charged guilty and has to bear the loss when the criminal or the
thief backs up his position with the false documents of the victim
such as ID or other verification documents and his bluff is
successful.
● Senior Identity Theft: Seniors with age over 60 are often targets of
identity thieves. They are sent information that looks to be actual
and then their personal information is gathered for such use.
Seniors must be aware of not being the victim.
● Driver’s licence ID Identity Theft: Driver’s licence identity theft is
the most common form of ID theft. All the information on one’s
driver’s licence provides the name, address, and date of birth, as

69 Edu Desire
 well as a State driver’s identity number. The thieves use this
information to apply for loans or credit cards or try to open bank
accounts to obtain checking accounts or buy cars, houses, vehicles,
electronic equipment, jewellery, anything valuable and all are
charged to the owner’s name.
● Medical Identity Theft: In this theft, the victim’s health-related
information is gathered and then a fraud medical service need is
created with fraud bills, which then results in the victim’s account
for such services.
● Tax Identity Theft: In this type of attack the attacker is interested
in knowing your Employer Identification Number to appeal to get a
tax refund. This is noticeable when you attempt to file your tax

e
return or the Income Tax return department sends you a notice for
this.

ir
● Social Security Identity Theft: In this type of attack the thief
intends to know your Social Security Number (SSN). With this
es
number, they are also aware of all your personal information which
is the biggest threat to an individual.
● Financial Identity Theft: This type of attack is the most common
type of attack. In this, the stolen credentials are used to attain a
D
financial benefit. The victim is identified only when he checks his
balances carefully as this is practised in a very slow manner.
u

Techniques of Identity Thefts: Some common identity theft techniques

are:
Ed

● Pretext Calling: Thieves pretending to be an employee of a

company over phone asking for financial information are an
example of this theft. Pretending as legitimate employees they ask
for personal data with some buttery returns.
● Mail Theft: This is a technique in which credit card information
with transactional data is extracted from the public mailbox.
● Phishing: This is a technique in which emails pertaining to be from
banks are sent to a victim with malware in it. When the victim
responds to mail their information is mapped by the thieves.
● Internet: Internet is widely used by the world as attackers are
aware of many techniques of making users get connected with

70 Edu Desire
 public networks over the Internet which is controlled by them and
they add spyware with downloads.
● Card Verification Value (CVV) Code Requests: The Card
Verification Value number is located at the back of your debit cards.
This number is used to enhance transaction security but several
attackers ask for this number while pretending as a bank official.

Steps Of Prevention From Identity Theft: Following are some methods

by which you can enhance your security for identity thefts :
● Use Strong Passwords and do not share your PIN with anyone on or
off the phone.

e
● Use two-factor notification for emails.
● Secure all your devices with a password.

ir
● Don’t install random software from the internet.
● Don’t post sensitive information over social media.
● While entering passwords at payment gateway ensure its
authenticity.
es
● Keep a practice of changing your PIN and password regularly.
● Do not disclose your information over the phone.
D
● While travelling do not disclose personal information with
strangers.
● Never share your Aadhaar/PAN number (In India) with anyone
whom you do not know/trust.
u

● Please never share an Aadhaar OTP received on your phone with

someone over a call.
Ed

● Do not fill personal data on the website that claims to offer benefits
in return.
● Last, be a keeper of personal knowledge.

71 Edu Desire