UNIT V-CYBER CRIMES AND CYBER SECURITY

5.1 CYBER CRIME & INFORMATION SECURITY

Cyber Crime
Meaning – Criminal activities carried out by means of computers or the internet.
Definition –
● Cybercrime is defined as a crime where a computer is the object of the crime or is
used as a tool to commit an offense.
● A cybercriminal may use a device to access a user's personal information, confidential
business information, government information, or disable a device.
● Cybercrime, also called computer crime, the use of a computer as an instrument to
further illegal ends, such as committing fraud, trafficking in child pornography and
intellectual property, stealing identities, or violating privacy.
● Cybercrime, especially through the Internet, has grown in importance as the computer
has become central to commerce, entertainment, and government.
● Cyber crime or computer-oriented crime is a crime that includes a computer and a
network. The computer may have been used in the execution of a crime or it may be
the target.
Cyber crime encloses a wide range of activities, but these can generally be divided into two
categories:
a) Crimes that aim computer networks or devices. These types of crimes involve different
threats (like virus, bugs etc.) and denial-of-service attacks.
b) Crimes that use computer networks to commit other criminal activities. These types of
crimes include cyber stalking, financial fraud or identity theft.
5.2 Classification of Cyber Crimes
Email spoofing
● Email spoofing is a form of cyber attack in which a hacker sends an email that has
been manipulated to seem as if it originated from a trusted source.
● For example, a spoofed email may pretend to be from a well-known shopping
website, asking the recipient to provide sensitive data, such as a password or credit
card number.
● Alternatively, a spoofed email may include a link that installs malware on the user's
device if clicked.
● An example of spoofing is when an email is sent from a false sender address, that asks
the recipient to provide sensitive data.
● This email could also contain a link to a malicious website that contains malware.
Spamming
● Spamming is the use of electronic messaging systems like e-mails and other digital
delivery systems and broadcast media to send unwanted bulk messages
indiscriminately.
● The term spamming is also applied to other media like in internet forums, instant
messaging, and mobile text messaging, social networking spam, junk fax
transmissions, television advertising and sharing network spam.
● Spam is any kind of unwanted, unsolicited digital communication that gets sent out in
bulk. Often spam is sent via email, but it can also be distributed via text messages,
phone calls, or social media.
Cyber defamation
● The tort of cyber defamation is an act of intentionally insulting, defaming or
offending another individual or a party through a virtual medium.
● It can be both written and oral.
● Defamation means giving an “injury to the reputation of a person” resulting from a
statement which is false. The term defamation is used in the section 499 of Indian
Penal Code, 1860.
● Cyber defamation is also known as internet defamation or online defamation in the
world of internet and its users.
● Cyber defamation is also known as internet defamation or online defamation in the
world of internet and its users.
● Cyber defamation is a new concept but it virtually defames a person through new
medium. The medium of defaming the individual's identity is through the help of
computers via internet.
Internet time theft
● It refers to the theft in a manner where the unauthorized person uses internet hours
paid by another person.
● The authorized person gets access to another person's ISP user ID and password,
either by hacking or by illegal means without that person's knowledge.
● Basically, Internet time theft comes under hacking. It is the use by an unauthorized
person, of the Internet hours paid for by another person.
Salami Attack
● A salami attack is a small attack that can be repeated many times very efficiently.
Thus the combined output of the attack is great.
 ● In the example above, it refers to stealing the round-off from interest in bank
accounts.
● Even though it is less than 1 cent per account, when multiplied by millions of
accounts over many months, the adversary can retrieve quite a large amount. It is also
less likely to be noticeable since your average customer would assume that the
amount was rounded down to the nearest cent.
Data Diddling
● Data diddling is a type of cybercrime in which data is altered as it is entered into a
computer system, most often by a data entry clerk or a computer virus.
● Data diddling is an illegal or unauthorized data alteration. Changing data before or as
it is input into a computer or output.
● Example: Account executives can change the employee time sheet information of
employees before entering to the HR payroll application.
Forgery
When a perpetrator alters documents stored in computerized form, the crime committed may
be forgery. In this instance, computer systems are the target of criminal activity.
● The term forgery usually describes a message related attack against a cryptographic
digital signature scheme. That is an attack trying to fabricate a digital signature for a
message without having access to the respective signer's private signing key.
● Among the many examples of this crime, taking another's work, whether it be written
or visual, such as a artwork, and attempting to distribute it as either your own or as an
original is an example of forgery.
● Likewise, either creating fake documents or producing counterfeit items is considered
to be forgery as well.
Hacking
● Hacking refers to activities that seek to compromise digital devices, such as
computers, smartphones, tablets, and even entire networks.
● Hacking is an attempt to exploit a computer system or a private network inside a
computer. Simply put, it is the unauthorized access to or control over computer
network security systems for some illicit purpose
Email bombing
● An email bomb or "mail bomb" is a malicious act in which a large number of email
messages are sent to a single email address in a short period of time. The purpose of
an email bomb is typically to overflow a user's inbox. In some cases, it will also make
the mail server unresponsive.
5.3 Tools and Methods used in Cyber Crime
Proxy Server
● It is a server (a computer system or an application) that acts as an intermediary for
requests from clients seeking resources from other servers.
● A client connects to the proxy server, requesting some service, such as a file,
connection, web page, or other resource available from a different server and the
proxy server evaluates the request as a way to simplify and control its complexity.
● Proxies were invented to add structure and encapsulation to distributed systems.
● Today, most proxies are web proxies, facilitating access to content on the World Wide
Web and providing anonymity
Anonymizer
● An anonymizer or an anonymous proxy is a tool that attempts to make activity on the
Internet untraceable.
● It is a proxy server computer that acts as an intermediary and privacy shield between a
client computer and the rest of the Internet.
● It accesses the Internet on the user’s behalf, protecting personal information by hiding
the client computer’s identifying information
Phishing
● Phishing is a cybercrime in which a target or targets are contacted by email, telephone
or text message by someone posing as a genuine (legal) organization to ensnare
individuals into providing sensitive data such as personally identifiable information,
banking and credit card details, and passwords.
Keylogger
● Keyloggers are a form of spyware where users are unaware their actions are being
tracked. Keyloggers can be used for a variety of purposes; hackers may use them to
maliciously gain access to your private information, while employers might use them
to monitor employee activities. Spyware is largely invisible software that gathers
information about your computer use, including browsing. Key loggers are a form of
spyware that capture every keystroke you type; they can send this information to
remote servers, where log-in information--including your passwords--can be extracted
and used.
● A keylogger is a tool that captures and records a user's keystrokes. It can record
instant messages, email, passwords and any other information you type at any time
using your keyboard. Keyloggers can be hardware or software.
 ● Spyware is any software that installs itself on your computer and starts covertly
monitoring your online behaviour without your knowledge or permission. Spyware is
a kind of malware that secretly gathers information about a person or organization and
relays this data to other parties.
There are two common types of keyloggers.
Software and Hardware keyloggers.
● Software Keyloggers.
● Hardware Keyloggers.
● Spear Phishing.
● Drive-by-Downloads.
● Trojan Horse.
● 2-Step Verification.
● Install Anti Malware Software
● Use Key Encryption Software
Hardware Keyloggers
● Hardware keyloggers are small hardware devices.
● These are connected to the PC and/or to the keyboard and save every keystroke into a
file or in the memory of the hardware device.
● Cybercriminals install such devices on ATM machines to capture ATM Cards’ PINs.
● Each keypress on the keyboard of the ATM gets registered by these keyloggers.
● These keyloggers look like an integrated part of such systems; hence, bank customers
are unaware of their presence.
Software Keyloggers
Software keyloggers are software programs installed on the computer systems which usually
are located between the OS and the keyboard hardware, and every keystroke is recorded.
Software keyloggers are installed on a computer system by Trojans or viruses without the
knowledge of the user.
Antikeylogger
● Antikeylogger is a tool that can detect the keylogger installed on the computer system
and also can remove the tool.
● Advantages of using antikeylogger are as follows:
● Firewalls cannot detect the installations of keyloggers on the systems; hence,
antikeyloggers can detect installations of keylogger.
 ● This software does not require regular updates of signature bases to work effectively
such as other antivirus and antispy programs if not updated, it does not serve the
purpose, which makes the users at risk.
Spywares
Spyware is a type of malware, that is installed on computers which collects information about
users without their knowledge. The presence of Spyware is typically hidden, from the user, it
is secretly installed on the user's personal computer. Sometimes, however, Spywares such as
keyloggers are installed by the owner of a shared, corporate or public computer on purpose to
secretly monitor other users.
5.4 Password Cracking
Password cracking is the process of attempting to gain Unauthorized access to restricted
systems using common passwords or algorithms that guess passwords. In other words, it's an
art of obtaining the correct password that gives access to a system protected by an
authentication method.
Password cracking refers to various measures used to discover computer passwords. This is
usually accomplished by recovering passwords from data stored in, or transported from, a
computer system. Password cracking is done by either repeatedly guessing the password,
usually through a computer algorithm in which the computer tries numerous combinations
until the password is successfully discovered.
Password cracking can be done for several reasons, but the most malicious reason is in order
to gain unauthorized access to a computer without the computer owner’s awareness. This
results in cybercrime such as stealing passwords for the purpose of accessing banking
information. Other, nonmalicious, reasons for password cracking occur when someone has
misplaced or forgotten a password.
The purpose of password cracking is as follows:
● To recover a forgotten password
● Testing the strength of a password
● To gain unauthorized access to a system
Manual password cracking is a process of trying out different password combinations and
checking if each one of them working or not and is quite a time consuming process. Manual
password cracking involves:
1. Find a valid user account
2. Create a list of possible passwords (dictionary)
3. Rank the passwords from high to low probability
4. Key-in each password
5. Try again until a successful password is found
Sometimes password can be guessed with the prior knowledge of the target user’s
information. Different characteristics of a guessable password are as follows:
● Blank (no password)
● General passwords like password, admin, 123456, etc.
● Series of letters like QWERTY
● User’s name or login name
● Name of user’s friend/relative/pet
● User’s birth date or birth place
● User’s vehicle number, office number, residence or mobile number
● Name of a celebrity or idol
● Simple modification of the above mentioned passwords (like adding numbers)
Password Cracking Techniques
Password cracking can be classified into three types:
● Online attacks
● Offline attacks
● Non-electronic attacks (social engineering, shoulder surfing, dumpster diving etc)
5.5 SQL Injection
An SQL injection is a type of cyber-attack in which a hacker uses a piece of SQL (Structured
Query Language) code to manipulate a database and gain access to potentially valuable
information. ... Prime examples include notable attacks against Sony Pictures and Microsoft
among others.
SQL injection (SQLi) is a type of cyberattack against web applications that use SQL
databases such as IBM Db2, Oracle, MySQL, and MariaDB. As the name suggests, the attack
involves the injection of malicious SQL statements to interfere with the queries sent by a web
application to its database.
Using SQL injection, a hacker will try to enter a specifically crafted SQL commands into a
form field instead of the expected information. The intent is to secure a response from the
database that will help the hacker understand the database construction, such as table names.
Steps for SQL Injection Attack
Following are some steps for SQL injection attack:
1. The attacker looks for the webpages that allow submitting data, that is, login page, search
page, feedback, etc.
2. To check the source code of any website, right click on the webpage and click on “view
source” (if you are using IE – Internet Explorer) – source code is displayed in the notepad.
The attacker checks the source code of the HTML, and look for “FORM” tag in theHTML
code. Everything between the
<FORM< and </FORM> have potential parameters that might be useful to find the
vulnerabilities.
<FORM action=Search/search.asp method=post>
<input type=hidden name=A value=C></FORM>
3. The attacker inputs a single quote under the text box provided on the webpage to accept the
user- name and password. This checks whether the user-input variable is sanitized or
interpreted literally by the server.
4. The attacker uses SQL commands such as SELECT statement command to retrieve data
from the database or INSERT statement to add information to the database
Blind SQL Injection
Blind SQL injection is used when a web application is vulnerable to an SQL injection but
the results of the injection are not visible to the attacker. The page with the vulnerability may
not be the one that displays data.
Using SQL injections, attackers can:
1. Obtain some basic information if the purpose of the attack is reconnaissance.
2. May gain access to the database by obtaining username and their password.
3. Add new data to the database.
4. Modify data currently in the database
Tools used for SQL Server penetration
1. AppDetectivePro
2. DbProtect
3. Database Scanner
4. SQLPoke
5. NGSSQLCrack
6. Microsoft SQL Server Fingerprint (MSSQLFP) Tool
How to Prevent SQL Injection Attacks
SQL injection attacks occur due to poor website administration and coding. The following
steps can be taken to prevent SQL injection.
1. Input validation
2. Modify error reports
3. Other preventions
5.6 Network access control
Network access control is the act of keeping unauthorized users and devices out of a
private network. Organizations that give certain devices or users from outside of the
organization occasional access to the network can use network access control to ensure that
these devices meet corporate security compliance regulations.
The increasingly sanctioned use of non-corporate devices accessing corporate
networks requires businesses to pay special attention to network security, including who or
what is allowed access. Network security protects the functionality of the network, ensuring
that only authorized users and devices have access to it, that those devices are clean, and that
the users are who they say they are.
Network access control, or NAC, is one aspect of network security. There are many
NAC tools available, and the functions are often performed by a network access server.
Effective network access control restricts access to only those devices that are authorized and
compliant with security policies, meaning they have all the required security patches and
anti-intrusion software. Network operators define the security policies that decide which
devices or applications comply with endpoint security requirements and will be allowed
network access.
One advantage of network access controls is that users can be required to authenticate
via multi-factor authentication, which is much more secure than identifying users based on IP
addresses or username and password combinations.
Secure network access control also provides additional levels of protection around
individual parts of the network after a user has gained access, ensuring application
security. Some network access control solutions may include compatible security controls
such as encryption and increased network visibility.
5.7 Cloud Security
Cloud computing which is one of the most demanding technology of the current time, starting
from small to large organizations have started using cloud computing services. Where there
are different types of cloud deployment models are available and cloud services are provided
as per requirement like that internally and externally security is maintained to keep the cloud
system safe. Cloud computing security or cloud security is an important concern which refers
to the act of protecting cloud environments, data, information and applications against
unauthorized access, DDOS attacks, malwares, hackers and other similar attacks. Community
Cloud : These allow to a limited set of organizations or employees to access a shared cloud
computing service environment.
Planning of security in Cloud Computing:
As security is a major concern in cloud implementation, so an organization have to plan for
security based on some factors like below represents the three main factors on which
planning of cloud security depends.
● Resources that can be moved to the cloud and test its sensitivity risk are picked.
● The type of cloud is to be considered.
● The risk in the deployment of the cloud depends on the types of cloud and service
models.
Types of Cloud Computing Security Controls :
There are 4 types of cloud computing security controls i.e.
1. Deterrent Controls : Deterrent controls are designed to block nefarious attacks on a
cloud system. These come in handy when there are insider attackers.
2. Preventive Controls : Preventive controls make the system resilient to attacks by
eliminating vulnerabilities in it.
3. Detective Controls : It identifies and reacts to security threats and control. Some
examples of detective control software are Intrusion detection software and network
security monitoring tools.
4. Corrective Controls : In the event of a security attack these controls are activated. They
limit the damage caused by the attack.
5.8 Web Security
Web Security is very important nowadays. Websites are always prone to security
threats/risks. Web Security deals with the security of data over the internet/network or web or
while it is being transferred to the internet. For e.g. when you are transferring data between
client and server and you have to protect that data that security of data is your web security.
Hacking a Website may result in the theft of Important Customer Data, it may be the
credit card information or the login details of a customer or it can be the destruction of one’s
business and propagation of illegal content to the users while somebody hacks your website
they can either steal the important information of the customers or they can even propagate
the illegal content to your users through your website so, therefore, security considerations
are needed in the context of web security.
Security Threats:
A Threat is nothing but a possible event that can damage and harm an information system.
Security Threat is defined as a risk that which, can potentially harm Computer systems &
organizations. Whenever an Individual or an Organization creates a website, they are
vulnerable to security attacks.
Security attacks are mainly aimed at stealing altering or destroying a piece of personal and
confidential information, stealing the hard drive space, and illegally accessing passwords. So
whenever the website you created is vulnerable to security attacks then the attacks are going
to steal your data alter your data destroy your personal information see your confidential
information and also it accessing your password.
Web Security Threats :
Web security threats are constantly emerging and evolving, but many threats consistently
appear at the top of the list of web security threats. These include:
● Cross-site scripting (XSS)
● SQL Injection
● Phishing
● Ransomware
● Code Injection
● Viruses and worms
● Spyware
● Denial of Service
Security Consideration:
Updated Software: You need to always update your software. Hackers may be aware of
vulnerabilities in certain software, which are sometimes caused by bugs and can be used to
damage your computer system and steal personal data. Older versions of software can
become a gateway for hackers to enter your networkThat’s why It is mandatory to keep your
software updated, It plays an important role in keeping your personal data secure.
Beware of SQL Injection: SQL Injection is an attempt to manipulate your data or your
database by inserting a rough code into your query. For e.g. somebody can send a query to
your website and this query can be a rough code while it gets executed it can be used to
manipulate your database such as change tables, modify or delete data or it can retrieve
important information also so, one should be aware of the SQL injection attack.
Cross-Site Scripting (XSS): XSS allows the attackers to insert client-side script into web
pages. E.g. Submission of forms. It is a term used to describe a class of attacks that allow an
attacker to inject client-side scripts into other users’ browsers through a website. As the
injected code enters the browser from the site, the code is reliable and can do things like
sending the user’s site authorization cookie to the attacker.
Error Messages: You need to be very careful about error messages which are generated to
give the information to the users while users access the website and some error messages are
generated due to one or another reason and you should be very careful while providing the
information to the users. For e.g. login attempt – If the user fails to login the error message
should not let the user know which field is incorrect: Username or Password.
Data Validation: Data validation is the proper testing of any input supplied by the user or
application. It prevents improperly created data from entering the information system.
Validation of data should be performed on both server-side and client-side. If we perform data
validation on both sides that will give us the authentication. Data validation should occur
when data is received from an outside party, especially if the data is from untrusted sources.
Password: Password provides the first line of defense against unauthorized access to your
device and personal information. It is necessary to use a strong password. Hackers in many
cases use sophisticated software that uses brute force to crack passwords. Passwords must be
complex to protect against brute force. It is good to enforce password requirements such as a
minimum of eight characters long must including uppercase letters, lowercase letters, special
characters, and numerals.
5.9 Wireless Security
Wireless Network provides various comfort to end users but actually they are very complex
in their working. There are many protocols and technologies working behind to provide a
stable connection to users. Data packets traveling through wire provide a sense of security to
users as data traveling through wire probably not heard by eavesdroppers.
To secure the wireless connection, we should focus on the following areas –
● Identify endpoint of wireless network and end-users i.e., Authentication.
● Protecting wireless data packets from middleman i.e., Privacy.
● Keeping the wireless data packets intact i.e., Integrity.
We know that wireless clients form an association with Access Points (AP) and transmit data
back and forth over the air. As long as all wireless devices follow 802.11 standards, they all
coexist. But all wireless devices are not friendly and trustworthy, some rogue devices may be
a threat to wireless security. Rogue devices can steal our important data or can cause the
unavailability of the network.