Introduction to Cyber Security Module 2

Module-2: Cyber Offenses: How criminals plan them

Cyber Offenses: How Criminals Plan Them: Introduction, How criminals plan
the attacks, Social Engineering, Cyber Stalking, Cybercafé & cybercrimes.
Botnets: The fuel for cybercrime, Attack Vector.
Textbook:1 Chapter 2 (2.1 to 2.7)

2.1 Introduction

• Hacker:

A hacker is person with strong interest in computers who enjoys learning and
experimenting with them. He/She is very talented, smart people who
understand computer better than the others.

• Brute Force Hacking:

It is a technique used to find passwords or encryption keys. It involves trying

every possible combination of letters, number, etc, until the code is broken.

• Cracker: A Cracker is a person who breaks into computers. Crackers should

not be confused with hackers the term "cracker” is usually connected to
computer criminals. Crimes conducted by crackers are vandalism, theft and
snooping in unauthorized areas.

• Cracking: It's the act of breaking into computers. Cracking is a popular

growing subject on the internet. There are website→ supplying crackers with
programs that allows them to crack computers (like guessing passwords); they
used to break phone line (phreaking). These files display warnings such as
"These files are illegal, we are not responsible for what you do with them”

• Cracker tools: These are programs that’ break into computer. These are
widely distributed on the internet. Like password crackers, Trojans, Viruses,
war dialers and worms

• Phreaking: This is notorious art of breaking into phone or other

communication systems.

• War dialer: It is program that automatically dials phone numbers looking for
computers on the other end. It catalogs numbers so that the hackers can call
back and try to break in.

Prof. Nisha S K, Dept. of ECE, SVIT Page 1

 Introduction to Cyber Security Module 2

• Black hat:

A black hat hacker is typically one that engages in cybercrime operations and
uses hacking for financial gain, cyber espionage purposes or other malicious
motives, like implanting malware into computer systems.

A black hat is also called cracker. To add insult to injury, black hats may also
share information about the “break in” with other black hat crackers so they
can exploit the same vulnerabilities before the victim becomes aware and
takes appropriate measures.

• White hat:

A White Hat hacker tests systems and networks by trying to break into them.
They are hackers, but their talents are being used to improve Cyber Security.

White hats are ethical hackers. They use their knowledge and skill to thwart
the black hats and secure the integrity of computer systems or networks. If a
black hat decides to target you, it’s a great thing to have a white hat around.
White hat focuses on securing IT systems. Whereas black hat would like to
break into them. It's like thief and police game.

• Brown hat:

He is the one is one who thinks before acting or committing a malice or non-
malice deed.

• Grey hat Hacker:

Gray hat hackers may not have the criminal or malicious intent of a black hat
hacker, but they also don’t have the prior knowledge or consent of those whose
systems they hack into. Nevertheless, when gray hat hackers uncover
weaknesses such as zero-day vulnerabilities, they report them rather than
fully exploiting them. But gray hat hackers may demand payment in exchange
for providing full details of what they uncovered.

Categories of Cybercrime

Cybercrime can be categorized based on the following:

• The target of the crime: Cybercrime can be targeted against individuals

(persons), asset (property) and/or organizations (government, business and
social).

Prof. Nisha S K, Dept. of ECE, SVIT Page 2

 Introduction to Cyber Security Module 2

• Whether the crime occurs as a Single event(Hacking or fraud) or as a series of

events(Cyber stalking)

1. Crimes targeted at Individuals:

• The goal is to exploit human weakness such as greed and naivety.

• These crimes include financial frauds, sale of non-existent or stolen items,

child pornography, copyright violation, harassment, etc. with the development
in the IT and the Internet;

• Thus, criminals have a new tool that allows them to expand the pool of
potential victims. However, this also makes difficult to trace and apprehend the
criminals.

• It is done by methods like E-mail spoofing, Phishing, Spamming, Cyber

defamation, Password sniffing etc.

2. Crimes targeted on property:

• These includes stealing mobile devices such as cell phone, laptops, personal
digital assistant (PDAs), and removable medias (CDs and pen drives);
transmitting harmful programs that can disrupt functions of the systems
and/or can wipe out data from hard disk and can create the malfunctioning of
the attached devices in the system such as modem, CD drive etc.,

• This usually includes Credit card frauds, Internet time theft and Intellectual
property crimes.

3. Crimes targeted at organization:

• Cyber terrorism is one of the distinct crimes against

organizations/governments.

• Attackers (individuals or groups of individuals) use computer tools and the

Internet to usually terrorize the citizens of a particular country by stealing the
private information and also to damage the programs files

• They plant programs to get control of the network system.

• This includes Unauthorized accessing of the computer, password sniffing, DOS

attack, Virus attack, E-mail bombs, Salami attack, Logic bomb, Data diddling
etc.

Prof. Nisha S K, Dept. of ECE, SVIT Page 3

 Introduction to Cyber Security Module 2

4. Single event of Cyber crime:

• It is the single event from the perspective of the victim.

• Ex. Unknowingly open an attachment that may contain virus that will infect
the system (PC/Laptop). It is known as hacking or fraud.

5. Series of events

• This involves attacker interacting with the victims repetitively.

• Example, attacker interacts with the victim on the phone and/or via chat
rooms to establish relationship first and then exploit that relationship to
commit sexual assault. Ex. Cyber stalking

2.2 How criminal plan the Attacks

• Criminals use many methods and tools to locate the vulnerabilities of their
target.
• The target can be individual or an organization.
• Criminals plan passive attack and active attack.
• Active attacks are usually used to alter the system whereas passive attacks
are used to gain information about the target.
• Active attacks may affect the availability, integrity and authenticity of data
whereas passive attacks leads to breaching of the confidentiality.
• In addition to passive attack and active attack, the attack may be done by an
insider or an outsider.
• An attack attempted within the security parameter of an organization is an
inside attack. It is usually attempted by an insider who gains access to more
resources than expected.
• An outside attack attempted by a source outside the security perimeter, may
be attempted by an insider or an outsider, who is indirectly associated with
the organization through the internet or remote access connection.
• The following phases are involved in planning cybercrime:
1. Reconnaissance
2. Information gathering, first phase passive attack .
3. Scanning and scrutinizing the gathered information
4. Launching an attack and Gaining and maintaining the system access.
Phase 1: Reconnaissance:
• It is an act of reconnoitering- explore, often with the goal of finding something
or somebody (gain information about enemy (potential enemy)
• In the world of "hacking," reconnaissance phase begins with foot printing - this
is the preparation toward pre attack phase, and involves accumulating data

Prof. Nisha S K, Dept. of ECE, SVIT Page 4

 Introduction to Cyber Security Module 2

about the target environment and computer architecture to find ways to

intrude into that environment.
• The objective of this preparatory phase is to understand the system, its
networking ports and services, and any other aspects of its security that are
needful for launching the attack.
• The attacker attempts to gather information in two phases: passive and active
attacks.
Phase 2: Passive attacks (Information gathering, first phase passive attack)
• This Phase Involves gathering information about the target without his/her
knowledge. It is done using internet searches or by googling. It involves:
1. Google or Yahoo : People search to locate information about employees
2. Surfing online community groups like Facebook to gain information about an
individual
3. Organizations website for personal directory or information about the key
employees like contact details, email ID etc. These can be used in social
engineering attack to reach the target. (Social engineering refers to all
techniques aimed at talking a target into revealing specific information or
performing a specific action for illegitimate reasons.)
4. Blogs, news groups, press releases etc., to gain information
5. Going through job postings in particular job profiles for technical persons can
provide information about type of technology used in the organization
Phase 3: Active Attack:
• It involves probing the network to discover individual host to confirm the
information (IP address, operating system type and version, and services on the
network) gathered in the passive attack phase
• It involves the risk of detection and is also called as Rattling the Doorknobs or
Active Reconnaissance
• Active Reconnaissance can provide confirmation to an attacker about security
measures in place (Whether front door is locked?), but the process can also
increase the chance of being caught.
Phase 4: Scanning the gathered information
• It is a key to examine intelligently while gathering information about the target
• The objectives are:
1. Port scanning: Identify open/close ports and services
2. Network scanning : Understand IP addresses and related information about
the computer network systems
3. Vulnerability scanning: Understanding the existing weakness in the system.
Phase 5: Scrutinizing the gathered information
• Scrutinizing Phase is also called as enumeration in the hacking world. The
object to behind the step is to identify the following:

Prof. Nisha S K, Dept. of ECE, SVIT Page 5

 Introduction to Cyber Security Module 2

1. The valid user accounts or groups;

2. Network resources and/or shared resources;
3. Operating System (OS) and different applications that are running on the OS.
Phase 6: Launching an attack and gaining and maintaining the system
access:
• After scanning and scrutinizing (enumeration) the attack is launched using the
following steps.
1. Crack the password
2. Exploit the privileges
3. Execute the malicious command or application
4. Hide the files
5. Cover the tracks- delete access logs, so that there is no trial illicit activity
Difference between Active and Passive attack

Active attack Passive attack

Definition It involves probing the network to It is done to Gain

discover individual host to information about the
confirm the information (IP target without his/her
address, operating system type permission.
and version, and services on the
network) gathered in the passive
attack phase

Modification In Active Attack, information is In Passive Attack,

modified. information remains
unchanged.

Dangerous Active Attack is dangerous for Passive Attack is dangerous

for Integrity as well as Availability. for Confidentiality.

Attention Attention is to be paid on detection. Attention is to be paid on

prevention.

Impact on An Active Attack can damage the A Passive Attack does not
System system. have any impact on the
regular functioning of a
system.

Prof. Nisha S K, Dept. of ECE, SVIT Page 6

 Introduction to Cyber Security Module 2

Victim The victim gets informed in an The victim does not get
active attack. informed in a passive
attack.

Tracking It is difficult to track, it does not Comparatively easy to trace.

leave any traces of the attacker's
interference.

2.3 Social Engineering

• It is a “technique to influence” and “persuasion to device” people to obtain the

information or perform some action.
• Social engineering refers to all techniques aimed at talking a target into
revealing specific information or performing a specific action for illegitimate
reasons. A social engineer uses telecommunications or internet to get them to
do something that is against the security practices and/or policies of the
organization.
• SE involves gaining sensitive information or unauthorized access privileges by
building inappropriate trust relationship with insiders. It is an art of exploiting
the trust of people.
• The goal of SE is to fool someone into providing valuable information or access
to that information.
• SE studies human behavior so that people will help because of the desire to be
helpful, the attitude to trust people, and fear of getting into trouble.
• An example is calling a user and pretending to be someone from the service
desk working on a network issue; the attacker then proceeds to ask question
about what the user is working on, what files shares he/she uses, what
his/her password is and so on..,
• Example: Talking to an employee of a company, in the name of technical
support from the same office. While taking with the employee the attacker will
collect the confidential information such as name of the company, username
and password etc.
2.3.1 Classification of Social Engineering
• Human-Based Social Engineering
• Computer-Based Social Engineering
Human-Based Social Engineering:
It refers to person to person interaction to get the required/desired
information. An example is calling the help desk and trying to find out the
password.

Prof. Nisha S K, Dept. of ECE, SVIT Page 7

 Introduction to Cyber Security Module 2

1. Impersonating an employee or valid user: Impersonation" (e.g.. posing

oneself as an employee of the same organization) is perhaps the greatest
techniques used by Social Engineers to deceive people. SE take the advantages
of the fact that most people are basically helpful, so they are harmless to tell
someone who appears to be lost where the computer room is located. Or
pretending some one as employee or valid user on the system.
2. Posing as an important user: The attacker pretends to be an important user
for example a chief Executive Officer (CEO) or high-level manager who needs
immediate assistance to gain access to a system. They think that low level
employees don’t ask about the proof or questions to the higher level employees.
3. Using a third person: An attacker pretends to have permission from an
authorized source to use a system. This trick is useful when the supposed
authorized personnel is on vacation or cannot be contacted for verification.
4. Calling as an technical support : Calling the technical support for assistance
is a classic social engineering example. Help desk and technical support
personnel are trained to help users, which makes them good prey for Social
Engineering attacks.
5. Shoulder surfing : It is a technique of gathering information such as
usernames and passwords by watching over a person's shoulder while he/she
logs into the system, thereby helping an attacker to gain access to the system.
6. Dumpster diving :It involves looking in the trash for information written on
pieces of paper or computer printouts. This is a typical North American term; it
is used to describe the practice of rummaging through commercial or
residential trash to find useful free items that have been discarded. It is also
called dumpstering, binning, trashing garbing or garbage gleaning "Scavenging
is another term to describe these habits. In the UK, the practice is referred to
as "binning or "skipping and the person doing it is a "binner" or a "skipper.
Example: Going through someone's trash for to recover documentation of
his/her critical data [ e.g., social security number (SSN) in the US,
PAN/AADHAR number in India, credit card identity (ID) numbers, etc.].
Computer based Social Engineering:
It uses a computer software/Internet to get the required/ desired information
by using computer software/Internet. For example, sending fake E-mail to the
user and asking him/her to re-enter a password in a webpage to confirm it.
1. Fake E-Mails :
An attacker sends emails to numerous users in such that the user finds it as
legitimate mail. This activity is called as Phishing. It is an attempt to
entice(attract users by offering advantage) users to reveal their personal
information like username pass word, credit card details etc showcasing
themselves as trustworthy organization. Free websites are available to send

Prof. Nisha S K, Dept. of ECE, SVIT Page 8

 Introduction to Cyber Security Module 2

fake emails.. Phishing involves false emails, chats or websites designed to

impersonate real systems with the goal of capturing sensitive data. A mail
might send to victim (Internet users/ Netizens) by attacker to reveal their
personal information. Phishing is carried through email or instant messaging.
2. E-Mail attachment:
E-Mail attachments are used to send malicious code to a victim's system,
which will automatically (e.g. keylogger utility to capture passwords) get
executed. Viruses, Trojans, and worms can be included cleverly into the
attachments to entice a victim to open the attachment.
3. Pop-up windows :
Pop-up windows are also used in a similar manner to E Mail attachments. Pop-
up windows with special offers or tree stuff can encourage a user to
unintentionally install malicious software.
2.4 Cyber-Stalking
• Cyber stalking refers to use of Internet and/or other electronic communication
devices to stalk another person.
• It involves harassing or threatening behavior that an individual will conduct
repeatedly .
• It may involve any number of incidents including threats, libel, defamation,
sexual harassment, or other actions in which to control, influence, or
intimidate their target.
• As the Internet has become an integral part of our personal and professional
life, cyber stalkers take advantage of ease of communication and increased
access to personal information.

2.4.1 Types of Stalkers

There are 2 types of stalkers:
1. Online Stalkers:
They aim to start the interaction with the victim directly with the help of
Internet. E-Mail and chat rooms are the most popular communication medium
to get connected with the victim, rather than using traditional instrumentation
like telephone, cell phone. The stalker makes sure that the victim recognizes
the attack attempted on him/her. The stalker can make use of a third party to
harass the victim.
2. Offline Stalkers:
The stalker may begin the attack using traditional methods such as following
the victim, watching the daily routine of the victim, etc. Searching on message
boards/newsgroups, personal websites, and people finding services or websites
are most common ways to gather information about the victim using the

Prof. Nisha S K, Dept. of ECE, SVIT Page 9

 Introduction to Cyber Security Module 2

Internet. The victim is not aware that the Internet has been used to perpetuate
an attack against them.
2.4.2 Cases reported on Cyber Stalking
• The majority of cyber stalkers are men and the majority of their victims are
women.
• Some cases are vice-versa and some cases are reported of same-sex cyber-
stalking.
• In many cases, the cyber stalker and the victim hold a prior relationship, and
the cyber stalking begins when the victim attempts to break off the relationship.
• However, many cases are reported done by stranger.

2.4.3 How stalking Works?

Stalking work in following ways.
1. Personal information gathering about the victim like name, address, family
background, contact details, etc.
2. Establish a contact with the victim through telephone or cell phone and start
making calls to the victim to threatening or Harass.
3. Stalkers will almost always establish contact with the victim through email.
The letters may have tone of threatening, loving or even sexually explicit
4. Keep sending repeated emails asking for various kinds of favors or threaten
the victim.
5. Stalker may post victim's personal information's on any website related to
illicit services such as sex-worker or dating services, posing as if the victim
have posted it providing the contact details.
6. Who so ever comes across the information start calling the victim on the given
contact details asking for sexual services or relationships.
7. Some stalkers may Subscribe/Register email account of the victim to
innumerable pornographic and sex sites, because of which victim will start
receiving such kinds of unsolicited e-mails.

2.4.4 Real life Incident of cyber stalking

• The Indian police have registered first case of cyber stalking in Delhi- the brief
account of the case has been mentioned here.
• To maintain confidentiality and privacy of the entities involved, the names have
been changed. Mrs. Joshi received almost 40 calls in 3 days mostly at odd
hours from as far away as Kuwait, Cochin, Bombay, and Ahmadabad.
• The said calls created havoc in the personal life destroying mental peace of
Mrs. Joshi who decided to register a complaint with Delhi Police.
• A person was using her ID to chat over the Internet at the websites, mostly in
the Delhi channel for four consecutive days.

Prof. Nisha S K, Dept. of ECE, SVIT Page 10

 Introduction to Cyber Security Module 2

• This person was chatting on the Internet, using her name and giving her
address, talking in obscene language.
• The same person was also deliberately giving her telephone number to other
chatters encouraging them to call Mrs. Joshi at odd hours.
• This was the first time when a case of cyber stalking was registered.
• Cyber stalking does not have a standard definition but it can be defined to
mean threatening, unwarranted behavior, or advances directed by one person
toward another person using Internet and other forms of online communication
channels as medium.

2.5 Cybercafé and Cyber crimes

• An Internet café or Cybercafé is a place which provides internet access to the
public usually for a fee.
• According to Nielsen Survey on the profile of Cybercafé users in India:
1. 37% of the total population uses cyber cafes
2. 90% of this word male in the age group of 15 to 35 years
3. 52% graduates and post graduates
4. > than 50% were students
• Hence it is extremely important to understand the IT security and governance
practice in the cyber café.
• Cyber café are known to be used for either real or false terrorist
communication.
• Cybercrimes such as stealing passwords and fraudulent withdrawal of money
have also happened through cyber café.
• Cyber café are also used for sending obscene mails to harass people.
• The systems in Cyber café hold two type of risks, like, the first is the risk of
malicious programs such as Key loggers or spyware running in background
which may capture the keystrokes to know the password or any other personal
information and second is the risk of shoulder surfing which will enable one to
know the passwords.
The illegal activities observed in Cyber café are:
• Pirated software's may be installed in all the computers.
• Anti-virus software may not update.
• Cybercafés would have installed “Deep freeze” software to protect computer
from prospective malware attacks. This software clears all the activities carried
out when one press the restart button. Thus there will be problem for police or
crime investigators to search the victim.
• Annual Maintenance Contract (AMC) found to be not in place for servicing
computer. Not having AMC is a risk, because cybercriminal can install
malicious code for criminal activities without any interaction.

Prof. Nisha S K, Dept. of ECE, SVIT Page 11

 Introduction to Cyber Security Module 2

• Pornographic websites and similar websites with indecent contents are not
blocked.
• Cybercafé Owners have less awareness about the IT security and IT
Governance.
• No proper guidelines to the owners of Cyber Café from Government/State
police.
• No periodic visits to Cyber Cafe by Cyber-Cell wing (state Police) or Cybercafé
Association until any cyber crime is filed in the station in the form of FIR.
Here are few tips for safety and security while using the computers in Cyber Café.
1. Always logout:
Do not save login information through automatic login using saved passwords.
While checking E-Mails or logging into chatting services such as instant
messaging or using any other service that requires a username and a
password, always click "logout or sign out" before leaving the system. Simply
closing the browser window is not enough, because if some body uses the same
service after you then one can get an easy access to your account. However, do
not save your login information through options that allow automatic login.
Disable such options before login
• Stay with the computer :
While surfing/browsing, one should not leave the system unattended for any
period of time. If one has to go out, logout and close all browser windows.
3. Clear history and temporary files:
Internet Explorer saves pages that you have visited in the history folder and in
temporary Internet files. Your passwords may also be stored in the browser if
that option has been enabled on the computer that you have used. Therefore,
before you begin browsing, do the following in case of the browser Internet
Explorer:
• Go to Tools> Internet options click> the Content tab > click AutoComplete. If
the checkboxes for passwords are selected, deselect them. Click OK twice.
• After you have finished browsing, you should clear the history and temporary
Internet files folders.
For this, go to Tools > Internet options again> click the General tab go to
Temporary Internet Files > click Delete Files and then click Delete Cookies
• Then, under history, click clear history. Wait for the process to finish before
leaving the computer.
4. Be alert don't be a victim of Shoulder Surfing:
One should have to stay alert and aware of the surroundings while using a
public computer. Snooping over the shoulder is an easy way of getting your
username and password.
5. Avoid online financial transaction :

Prof. Nisha S K, Dept. of ECE, SVIT Page 12

 Introduction to Cyber Security Module 2

Ideally one should avoid online banking, shopping or other transactions that
require one to provide personal, confidential and sensitive information such as
credit card or bank account details. In case of urgency, one has to do it;
however, one should take the precaution of changing all the passwords as soon
as possible. One should change the passwords using a more trusted computer,
such as at home and/or in office.
6. Change password :
Changing the bank account/transaction passwords is the best practice to be
followed by every one who does the online net banking.
7. Virtual Keyboard:
Nowadays almost every bank has provided the virtual keyboard on their
website. The advantages of utilizing virtual keyboard is we can avoid the key
logger attack.
8. Security warnings: One should take utmost care while accessing the websites
of any banks/financial institution.

2.6 Bot nets: Fuel for Cyber Crime

• Bot usually means “an automated program for doing some particular task,
often over network”.

• Bot net is a term used for collection of robots or Bots that run autonomously or
automatically.

• This term is associated with malicious software but can also refer to the
network of computers using distributed computing software.

• A bot net also called as zombie network is a network of computers infected with
malicious program that allows cyber criminals to control the infected machines
remotely without the users knowledge.

• If someone wants to start a business and has no programming skills, there are
plenty of bot for sale.

Prof. Nisha S K, Dept. of ECE, SVIT Page 13

 Introduction to Cyber Security Module 2

Technical terms

• Malware: It is malicious software. designed to damage a computer system

without the owners informed consent. Viruses and worms are the examples of
malware.

• Adware: It is advertising-supported software. which automatically plays,

displays, or downloads advertisements to a computer after the software is
installed on it or while the application is being used. Few spywares are
classified as adware.

• Spam: It means unsolicited or undesired E-Mail messages.

• Spamdexing: It is also known as search Spam or search engine Spam. It

involves a number of methods. such as repeating unrelated phrases, to
manipulate the relevancy or prominence of resources indexed by a search
engine in a manner inconsistent with the purpose of the indexing system.

• DDoS: Distributed denial-of service attack (DDoS) occurs when multiple

systems flood bandwidth of resources of a targeted system, usually one or more
web servers. These systems are by attackers using a variety of methods.

Steps to secure the computer system

1. Use antivirus and anti-Spyware and keep it up-to-date:

lt is important to remove and/or quarantine the viruses. The settings of these

software's should be done during the installations so that these software's get
updated automatically on a daily basis.

• Set the OS to download and install security patches automatically :

Prof. Nisha S K, Dept. of ECE, SVIT Page 14

 Introduction to Cyber Security Module 2

OS companies issue the security patches for flaws that are found in these
systems.

3. Use firewall to protect the system from hacking attack, while it is

connected to the Internet:

A firewall is a software and/or hardware that is designed to block

unauthorized access while permit- ting authorized communications. It is a
device or set of devices configured to permit, deny, encrypt, decrypt, or proxy
all (in and out) computer traffic between different security domains based upon
a set of rules and other criteria. A firewall is different from antivirus protection.
Antivirus software scans incoming communications and files for troublesome
viruses vis-à-vis properly configured firewall that helps to block all incoming
communications from unauthorized sources

4. Disconnect internet when not in use/away from computer:

Attackers cannot get into the system when the system is disconnected from the
Internet. Firewall, antivirus, and anti-Spyware software's are not foolproof
mechanisms to get access to the system.

5. Don’t trust free downloads, download freeware from trustworthy websites:

It is always appealing to download free software(s) such as games, file-sharing

programs, customized toolbars, etc. However, one should remember that many
free software(s) contain other software, which may include Spyware

6. Check regularly inbox and sent items, for those messages you did not
send: If you do find such messages in your outbox, it is a sign that your
system may have infected with Spyware, and maybe a part of a Botnet. This is
not foolproof; many spammers have learned to hide their unauthorized access.

7. Take immediate action if system is infected: If your system is found to be

infected by a virus, disconnect it from the Internet immediately. Then scan the
entire system with fully updated antivirus and anti Spyware software. Report
the unauthorized accesses to ISP and to the legal authorities. There is a
possibility that your passwords may have been compromised in such cases, so
change all the passwords immediately.

Prof. Nisha S K, Dept. of ECE, SVIT Page 15

 Introduction to Cyber Security Module 2

2.7 Attack vector

• An attack vector is a path or means by which a hacker (or cracker) can gain
access to a computer or network server in order to deliver a payload or
malicious outcomes.

• Attack vectors enable hackers to exploit system vulnerabilities, including the

human element.

• Attack vector include viruses, email attachments, Web pages, pop-up windows,
instant messages, chat rooms, and deception.

• All of these methods involve programming (or hardware), except deception, in

which a human operator is fooled into removing or weaking system defenses.

• To some extent, Firewalls and anti-virus software can block attack vectors.

• But no protection method is totally attempting proof.

• A defense method that is affected today may not remain so for long, because
hackers are constantly updating Attack vectors, and seeking new ones, in their
quest to gain unauthorized access to computers and servers.

• If vulnerability is at the entry point then attack vectors are the way attacks can
launch their results are try to infrate the building .

• In the broadest sent purpose of the attack battery in plant or piece of code that
makes use of a Wonderla score is called as pay load Android vector very in how
a balloon is implemented the most common malicious follow the viruses which
can function as their own attack vectors ) Trojan horses, worms and spyware.

• If an attack vector is thought of as guided missile, its payload can be compared

to the warhead in the tip of the missile.

Different ways to launch an attack:

1. Attack by E-mail: The hostile content is either embedded in the message or

linked to by the message. Sometimes attacks combine the two vectors, so that
if the message does not get you, the attachment will. Spam is almost always
carrier for scams, fraud, dirty tricks, or malicious action of some kind. Any link
that offers something "tree or tempting is a suspect.

2. Attachments: Malicious attachments install malicious computer Code. The

code could be a virus, Trojan Horse, Spyware, or any other kind of malware.
Attachments attempts to install their payload as soon as you open them.
Prof. Nisha S K, Dept. of ECE, SVIT Page 16
 Introduction to Cyber Security Module 2

3. Attacks by deception: Social engineering/hoaxes Deception is aimed at the

user/operator as a vulnerable entry Point. It is not just malicious computer
code that one needs to monitor. Fraud, scams, hoaxes, and some extent Spam,
not to mention viruses, worms and such require the unwitting cooperation of
computer's operator to succeed. Social engineering and hoaxes are other forms
of deception that are often an attack vector too.

4. Hackers: Hacker or cracker are a formidable attack vector because, unlike

ordinary malicious code, people are flexible and they can improvise. They have
hacking tool, heuristic, and social engineering to gain access to computer and
online accounts. They often install Trojan Horse to commandeer the computer
for their own use.

5. Heedless guests (attack by webpages):

Counterfeit websites are used to extract personal information. Such websites

look very much like the genuine websites they imitate. One may think he/she
is doing business with someone you trust. However, he/she is really giving
their personal information, like address, credit card number, and expiration
date. They are often used in conjunction with Spam, which gets you there in
the first place. Pop-up webpages may install Spyware, Adware or Trojans.

6. Attack of the worms:

Many worms are delivered as E-Mail attachments, but network worms use
holes in network protocols directly. Any remote access service, like file sharing,
is likely to be vulnerable to this sort of worm. In most cases, a firewall will
block system worms. Many of these system worms install Trojan Horses. Next,
they begin scanning the Internet from the computer they have just infected,
and start looking for other computers to infect. If the worm is successful, it
propagates rapidly. The worm owner soon has thousands of "zombie"
computers to use for more mischief.

7. Malicious macros:

Microsoft Word and Microsoft Excel are some of the examples that allow
macros. A macro does something like automating a spreadsheet, for example.
Macros can also be used for malicious purposes. All Internet services like
instant messaging, Internet Relay Chart (IRC), and P2P file-sharing networks
rely on cozy connections between the computer and the other computers on the
Internet. If one is using P2P software then his/her system is more vulnerable to
hostile exploits

Prof. Nisha S K, Dept. of ECE, SVIT Page 17

 Introduction to Cyber Security Module 2

8. Foist ware/sneakware: Foist ware is the software that adds hidden

components to the system on the sly. Spyware is the most common form of
Foist ware. Foist ware is quasi-legal software bundled with sone attractive
software. Sneak software often hijacks your browser and diverts you to some
"revenue opportunity" that the Foistware has set up.

9. Viruses: These are malicious computer codes that hitch a ride and make the
payload. Nowadays, virus vectors include E-Mail attachments, downloaded
files, worms, etc.

Zero day attack

• A zero-day (or zero - hour or day zero) attack or threat is an attack that exploits
a previously unknown vulnerability in a computer applications or operating
system, one that developers have not had time to address and patch.

• Software vulnerabilities may be discovered by hackers by security companies

or researchers, by the software vendors themselves of by users.

• If discovered by hackers, an exploit will be kept secret for as long as possible

and will circulate only through the ranks of hackers, until software or security
companies become aware of it or of the attacks targeting it.

• Zero-day emergency response team (ZERT): This is a group of software

engineers who work to release non-vendor patches for zero-day exploits.

• Nevada is attempting to provide support with the Zero day Project at

www.zerodayproject.com, which purports to provide information on upcoming
attacks and provide support to vulnerable systems.

With neat sample network, explain the categories of vulnerabilities that

hackers typically search.

• The network consists of the many workstations. These workstations are

connected by switch. In turn switch is connected to the Citrix server and
applications servers. The clinical data is analyzed and in turn connected to the
switch.

1. BIND: Berkely Internet Name Domain

2. IDS: Intrusion Detection System

3. IIS: Internet Information Service

4. DNS: Domain Name Service

Prof. Nisha S K, Dept. of ECE, SVIT Page 18
 Introduction to Cyber Security Module 2

• Categories of vulnerabilities that hackers typically search for are

1. Inadequate border protection (border as in the sense of network

periphery): Many workstations are connected together and employee installs
the PC without a password. Poor password allows the guessing of password
easily.

2. Remote Access Servers (RASs) with weak access controls: These are
connected to all the network. A Firewall will protect the PC, by reporting
suspicious activity, when admistarator fails to monitor the IDS alters. IDS is a
Intrusion Detection system, It is a system that monitors network traffic for
suspicious activity and alters when such activity is discovered.

3. Application servers with well-known exploits: Administrator fails to install

patch to fix the BIND Vulnerability. Web administrator fails to install patch to
fix IIS Unicode vulnerability

4. Misconfigured systems and systems with default configurations: The

router which is misconfigured highly vulnerable to DoS attack.

Prof. Nisha S K, Dept. of ECE, SVIT Page 19

Introduction to Cyber Security Module 2

Tools used during Passive Attacks

1. Google Earth:

• Google Earth is a virtual globe, map, geographic information program.

• It maps the Earth by the superimposition of images obtained from

satellite imagery and provides aerial photography of the globe.

• It is available under 3 different licenses.

1. Google Earth-Free version with limited functionality.

2. Google Earth Plus-(discontinued ) with additional features.

3. Google Earth Pro-intended for commercial use.

2. Internet archive:
 It is an internet library with the purpose of offering permanent access for
researchers, historians and scholars to historical collections that exist in
digital format.
 It includes texts, audio, moving images, and software as well as archived
WebPages in our collection.
3. Professional Community:
 LinkedIn is an interconnected network of experienced professional from
around.
4. People Search
 People Search provides details about personal information like Date of
Birth, residential address, contact number etc.
5. WHOIS
 This is a domain registration lookup tool. This utility is used for
communicating with WHOIS servers located around the world to obtain
domain registration information(Domain name registration is the act of
reserving a name on the Internet for a certain period, usually one year)
 It supports IP address queries. And automatically selects appropriate
WHOIS server for IP address.

Prof. Nisha S K, Dept. of ECE, SVIT Page 20

Introduction to Cyber Security Module 2

6. Nslookup:
 It means name server lookup. This tool is used in windows and UNIX to
query Domain name system(DNS) servers to find DNS details, including
IP address and other technical details such as mail exchanger and name
server.
7. Dnsstuff
 This is a tool to extract DNS information about the IP address, mail
server extensions, DNS lookup etc.
8. Traceroute:
 It is a tool to find the route to a target system. It determines the route
taken by packets across an IP network.
9. VisualRoute Trace:
 This is a graphical tool which determines where and how virtual traffic
on the computer network is flowing between source and target
destination.
10. eMailtrackerPro:
 It analyzes the E-Mail header and provides the IP address of the system
that sent the mail.
11. HTTrack
 This tool acts like an offline browser. It can mirror the entire website to
a desktop. One can analyze the entire website by being offline.
12. Website Watcher
 This tool can be used to keep the track of favorite websites for an update.
When the website undergoes an update/change, this tool automatically
detects it and saves the last 2 versions onto the desktop.

Tools used during Active Attacks:

Arphound:

• Arphound is a tools that listens to all traffic on an Ethernet network

interface, and reports IP/MAC address pair, as well as events such as IP

Prof. Nisha S K, Dept. of ECE, SVIT Page 21

Introduction to Cyber Security Module 2

conflict, IP changes, IP addresses with no RDNS, various ARP spoofing,

and packets not using the expected gateway.

Arping:

• Arping is a tool for physically exploring hosts in a network. Unlike

the ping command, which operates at the network layer, arping operates
at the data link layer and uses the Address Resolution Protocol (ARP).
Using it involves sending ARP requests to a destination host and waiting
for ARP replies.

Bugtraq

• This is a database of known vulnerabilities and exploits providing a large

quantity of technical information and resources.

Dig

• This is used to perform detailed queries about DNS records and zones,
extracting configuration, and administrative information about a network
or domain

DNStracer

• dnstracer determines where a given Domain Name Server (DNS) gets its
information from for a given hostname, and follows the chain of DNS
servers back to the authoritative answer.

Dsniff

• This package contains several tools to listen to and create network

traffic.

Filesnarf

• This is network auditing tool to capture file transfers and file sharing
traffic on a local subnet.

Prof. Nisha S K, Dept. of ECE, SVIT Page 22

Introduction to Cyber Security Module 2

FindSMB

• This is used to find and describe message block servers on the local
network.

Fping

• This is a utility similar to ping used to perform parallel network

discovery.

Hackbot

• This is an host exploration tool, simple vulnerability scanner.

Hmap

• This is used to obtain detailed fingerprinting of web servers to identify

the vendor, version and much more

******End******

Prof. Nisha S K, Dept. of ECE, SVIT Page 23