CYBERSECURITY

UNIT-1
Introduction:

 The internet in India is growing rapidly. It has given rise to new opportunities in every
field we can think of be it entertainment, business, sports or education.

 There’re two sides to a coin. Internet also has it’s own disadvantages is Cyber crime-
illegal activity committed on the internet.

Cyber Crime and Information Security:

 Crime committed using a computer and the internet to steal data or information.

Alternative definitions for cybercrime:

⚫ Any illegal act where a special knowledge of computer technology is essential for its
perpetration, investigation or prosecution
⚫ Any traditional crime that has acquired a new dimension or order of magnitude through the
aid of a computer, and abuses that have come into being because of computers
⚫ Any financial dishonesty that takes place in a computer environment.
⚫ Any threats to the computer itself, such as theft of hardware or software, sabotage and
demands for ransom

Another definition:

• “Cybercrime (computer crime) is any illegal behavior, directed by means of electronic

operations, that target the security of computer systems and the data processed by them”.

• Hence cybercrime can sometimes be called as computer-related crime, computer crime, E-

crime, Internet crime, High-tech crime….

Cybercrime specifically can be defined in number of ways…:

• A crime committed using a computer and the internet to steal a person’s identity(identity
theft) or sell contraband or stalk victims or disrupt operations with malevolent programs.

• Crimes completed either on or with a computer

• Any illegal activity through the Internet or on the computer.

• All criminal activities done using the medium of computers, the Internet, cyberspace and
the WWW.

• Cybercrime refers to the act of performing a criminal act using cyberspace as communication
vehicle.

• Two types of attacks are common:

• Techno- crime
 • Techno – vandalism

• Lack of information security give rise to cybercrime

Challenges for securing data in business perspective:

⚫ Cybercrime occupy an important space in information security due to their impact.

⚫ Most organizations do not incorporate the cost of the vast majority of computer security
incidents into their accounting
⚫ The difficulty in attaching a quantifiable monetary value to the corporate data and yet
corporate data get stolen/lost
⚫ Financial loses may not be detected by the victimized organization in case of Insider attacks:
such as leaking customer data

Who are Cybercriminals?

• Are those who conduct acts such as:

– Credit card fraud

– Cyberstalking

– Defaming another online

– Gaining unauthorized access to computer systems

– Ignoring copyrights

– Software licensing and trademark protection

– Overriding encryption to make illegal copies

– Software piracy

– Stealing another’s identity to perform criminal acts

Categorization of Cybercriminals:

Type 1: Cybercriminals- hungry for recognition

– Hobby hackers

– IT professional (social engineering):

– Politically motivated hackers

– Terrorist organizations

Type 2: Cybercriminals: not interested in recognition

– Psychological perverts

– Financially motivated hackers

– State-sponsored hacking
Type 3: Cybercriminals- the insiders

– Disgruntled or former employees seeking revenge

– Competing companies using employees to gain economic advantage through

damage and/ or theft.

Classification of cybercrimes:
1. Cybercrime against an individual

2. Cybercrime against property

3. Cybercrime against organization

4. Cybercrime against Society

5. Crimes emanating from Usenet newsgroup

1. The target of the crime

 Individuals

 Property

 Organizations

2. Whether the crime occurs as a single event or series of event

• Crimes targeted at Individuals: the goal is to exploit human weakness

• Crimes targeted at property: includes stealing mobile devices

• Crimes targeted at organizations: Cyberterrorism

• Single event of crime: It is a single wevent from the perspective of the victim

• Series of events: involves attacker interacting with the victims repetitively

1. Cybercrime against an individual

 Electronic mail spoofing and other online frauds
 Phishing, spear phishing
 spamming
 Cyber defamation
 Cyberstalking and harassment
 Computer sabotage
 Pornographic offenses
 password sniffing

Email spoofing:

 Email spoofing is a technique used in spam and phishing attacks to trick users into thinking a
message came from a person or entity they know or trust. In spoofing attacks, the sender
forges email headers so that client software displays the fraudulent sender address, which
most users take at face value. Users don’t realize the sender is forged unless they inspect
the header more closely.
 Email spoofing is possible due to how email systems are designed. The client application
assigns a sender address to outgoing messages, so outgoing email servers cannot identify
whether the sender address is legitimate or spoofed.

 Recipient servers and antimalware software can help detect and filter spoofed messages.
Unfortunately, not every email service has security protocols in place. Still, users can review
each message’s email header to determine whether the sender address is forged.

Phishing & Spear Phishing:

Phishing attacks are the practice of sending fraudulent communications that appear to come
from a reputable source. It is usually done through email. The goal is to steal sensitive data like
credit card and login information, or to install malware on the victim's machine.

Spear phishing is a specific and targeted attack on one or a select number of victims, while
regular phishing attempts to scam masses of people. In spear phishing, scammers often use
social engineering and spoofed emails to target specific individuals in an organization.

Spamming:

Spamming is the use of electronic messaging systems like e-mails and other digital delivery
systems and broadcast media to send unwanted bulk messages indiscriminately.

• Spammers use many forms of communication to bulk-send their unwanted messages. Some
of these are marketing messages peddling unsolicited goods. Other types of spam messages
can spread malware, trick you into divulging personal information, or scare you into
thinking you need to pay to get out of trouble.

• Email spam filters catch many of these types of messages, and phone carriers often warn
you of a “spam risk” from unknown callers. Whether via email, text, phone, or social media,
some spam messages do get through, and you want to be able to recognize them and
avoid these threats.

Cyber Defamation:

Cyber defamation, also known as online defamation, is when someone is falsely accused of
something online. Cyber defamation is the use of the internet or a computer to damage another
person's reputation or diminish one's own reputation in the eyes of others.

Cyber Stalking:

 Cyberstalking is a type of cybercrime involving harassment or stalking through

technology (e.g., text messages, emails, social media).
 It starts with seemingly harmless interactions that escalate into persistent,
deliberate harassment.
 Victims are often subjected to disturbing and inappropriate content multiple times a
day, often from different accounts.
 Cyberstalking can occur without direct communication, with victims being
monitored and tracked online.
 Stalkers may engage in offline harassment and even involve the victim's friends.
 Common behaviours include tracking locations, breaching data privacy, and
spreading false accusations or malicious rumours.
  Cyber stalkers may create fake profiles or blogs and engage in activities such as
revenge porn.
 Despite the lack of physical contact, cyberstalking is a serious crime, given the ease
of access to personal information via the internet.
Computer sabotage:

With regard to computers, sabotage is the deliberate damage to equipment. Infecting a

website with malware is an example of information sabotage. A more extreme example is
causing the power grid in a nation to go down.

Pornographic offenses:

The punishment for a first offence of publishing, creating, exchanging, downloading or browsing
any electronic depiction of children in obscene or indecent or sexually explicit manner is
imprisonment

password sniffing:

Password sniffing is a type of network attack in which an attacker intercepts data packets that
include passwords. The attacker then uses a password-cracking program to obtain the actual
passwords from the intercepted data.

2. Cybercrime against property:

• Credit card frauds

• Intellectual property( IP) crimes

• Internet time theft

3. Cybercrime against organization:

⚫ Unauthorized accessing of computer
⚫ Password sniffing:

Password sniffing is a type of network attack in which an attacker intercepts data packets
that include passwords. The attacker then uses a password-cracking program to obtain the
actual passwords from the intercepted data.
⚫ Denial-of-service attacks
⚫ Virus attack/dissemination of viruses
⚫ E-Mail bombing/mail bombs

An email bomb is a form of Internet abuse which is perpetrated through the sending of
massive volumes of email to a specific email address with the goal of overflowing the
mailbox and overwhelming the mail server hosting the address, making it into some form of
denial of service attack.
⚫ Salami attack/ Salami technique:

A salami attack is a method of cybercrime that attackers or a hacker typically used to commit
financial crimes. Cybercriminals steal money or resources from financial accounts on a system
 one at a time. This attack occurs when several minor attacks combine to create a sturdy attack.
because of this sort of cybercrime, these attacks frequently go undetected. Salami attacks are
used for the commission of economic crimes Those who are found guilty of such an attack face
punishment under Section 66 of the IT Act.
⚫ Logic bomb

A logic bomb is a set of instructions in a program carrying a malicious payload that can attack
an operating system, program, or network. It only goes off after certain conditions are met. A
simple example of these conditions is a specific date or time.
⚫ Trojan Horse

A Trojan Horse Virus is a type of malware that downloads onto a computer disguised as a
legitimate program. The delivery method typically sees an attacker use social engineering to
hide malicious code within legitimate software to try and gain users' system access with their
software.
⚫ Data diddling

Data diddling is a type of cybercrime in which data is altered as it is entered into a computer
system, most often by a data entry clerk or a computer virus. Computerized processing of the
altered data results in a fraudulent benefit.
⚫ Industrial spying/ industrial espionage

Industrial espionage is the covert, and sometimes illegal, practice of investigating competitors
to gain a business advantage. The target of an investigation might be a trade secret, such as a
proprietary product specification or formula, or information about business plans.
⚫ Computer network intrusions
⚫ Software piracy

4. Cybercrime against Society:

• Forgery

• Cyberterrorism

• Web jacking

• The categories of vulnerability that hackers typically search for are the following

1. Inadequate border protection

2. Remote access server

3. Application Servers

4. Misconfigured systems

How criminals plan the attack:

• Criminals plan

1. Passive attack:
  gains information about target

 Breach of confidentiality

2. Active attack:

 alter the system

 Availability, integrity and authenticity

• Attacks can be categorized as

1. Inside attack: Security perimeter

2. Outside attack : Internet

• The following phases are involved in planning cyber crime

1. Reconnaissance: Foot printing

a. Passive attack involves gathering information

b. Active attack involves confirming the information gathered in passive attack

2. Scanning and scrutinizing the gathered information

a. Port scanning

b. Network scanning

c. Vulnerability scanning

3. Launching the attack: Gaining and maintaining the system access

Social engineering:
• Social Engineering is the “technique to influence” and “persuation to deceive” people

• It is an art of exploiting the trust of people

• The goal of social engineer is to fool someone into providing valuable information or access
to that information

• Classification of social engineering

1. Human-based social engineering

 Impersonating an employee or valid user

 Posing as an important user

 Using a third person

 Calling technical support

 Shoulder surfing

 Dumpster diving

2. Computer-based social engineering

  Fake E-mails

 E-mail attachments

 Pop-up windows

Cyberstalking:
• Types of stalkers

1. Online Stalker: Uses internet

2. Offline Stalker: uses traditional methods

How stalking works?

1. Gathering personal information

2. Establish a contact through telephone or cell phone

3. Establish a contact through e-mails

4. Send repeated e-mails

5. Posts victims personal information on any website related to illicit services

6. Stalkers subscribe/ register e-mail accounts of victims to illegal websites

Cyber cafes and Cybercrimes:

• Public computers available in cyber cafes ,hold two types of risks

1. Key loggers/spyware

2. Shoulder surfing- a situation where the attacker can physically view the device screen and
keypad to obtain personal information.

Cybercriminals prefer cyber cafes to carry out their activities

• A recent survey reveals the following facts about the cyber cafes:

1. Pirated software’s are installed

2. Antivirus software is not updates

3. Deepfreeze

 wipes all the activities carried out on the computer.

 Present challenges to the crime investigators

4. Annual maintenance contract found not in a place for servicing the system

5. Illegal websites are not blocked

6. Cyber cafe owners have very less awareness

7. IT Governance guidelines are not provides to cyber cafe owners

8. Cyber cell wing do not make periodic visits to cyber cafe

 • Few tips for safety and security while using the computer in cyber cafes

1. Always logout

2. Stay with the computer

3. Clear history and temporary files

4. Be alert

5. Avoid online financial transactions

6. Change passwords

7. Virtual keyboard

8. Security warnings

Botnets: The fuel for cybercrime:

Botnet (Zombie network) is the network of computers infected with a malicious program that
allows cybercriminals to control the infected machines remotely without users knowledge

• One can ensure the following to secure their system from becoming a part of botnet:

1. Use antivirus and anti-spyware software

2. Set the OS to download and install security patches automatically

3. Use a firewall

4. Disconnect from the internet when you are away from the computer

5. Download the freeware only from the websites that are known and trustworthy

6. Check regularly the folders in the mailox for those you did not send.

7. Take an immediate action if your system is infected

Attack Vector:
• Attack vector is a path or means by which an attacker can gain access to a computer or to a
network server to deliver a payload or malicious outcome.

• Following describes how most of the attack vectors are launched

1. Attack by e-mail

2. Attachments

3. Attack by deception

4. Hackers

5. Attack by webpages

6. Attack of the worms

7. Malicious macros

8. Foistware : software downloaded to a computer without the owner's knowledge, which

puts hidden components on a system

9. Viruses

Cloud computing:
• Cloud computing is internet-based development and use of computer technology used for
hosted services delivered over the internet

• A cloud service has three distinct characteristics

1. it is sold on demand

2. it is elastic in terms of usage

3. the service is fully managed by the provider

• Advantages of Cloud computing

1. Applications and data can be accessed from anywhere at anytime

2. It could bring hardware costs down

3. Do not have to buy set of software or software licenses

4. Do not have to rent a physical space

5. Would be able to save money

• Types of services

1. Infrastructure –as-a-service(IaaS)

2. Platform–as-a-service(PaaS)

3. Software–as-a-service(SaaS)
 • Cybercrime and cloud computing

Following are the risks associated with cloud computing environment

1. Elevated user access

2. Regulatory complaince

3. Location of data

4. Segregation of data

5. Recovery of data

6. Information security violation reports

7. Long term viability

UNIT-2
Proliferation of mobile and wireless devices:
⚫ You see them everywhere: people hunched over their smartphones or tablets in
cafes, airports, supermarkets and even at bus stops, seemingly oblivious to anything
or anyone around them.
⚫ They play games, download email, go shopping or check their bank balances on the
go.
⚫ They might even access corporate networks and pull up a document or two on their
mobile gadgets.

TRENDS IN MOBILITY:
⚫ Mobile computing is moving into a new era, third generation ( 3G), which promises
greater variety in applications and have highly improved usability as well as speedier
networking. smart mobile technology is rapidly gaining popularity and the attackers
(hackers and crackers) are among its biggest fans.
 ⚫ It is worth noting the trends in mobile computing; this will help readers to readers to
realize the seriousness of cybersecurity issues in the mobile computing domain.
Figure below shows the different types of mobility and their implications.

Credit Card Fraud:

⚫ Traditional technique
⚫ Application fraud: ID theft and Financial Fraud
⚫ Modern technique
⚫ Triangulation
Triangulation fraud works by placing the fraudster as a middleman between a legitimate
customer and an unsuspecting merchant. The customer places the order through the
fraudster, the fraudster purchases the customer's goods from a merchant, using a
stolen credit card
⚫ Credit Card generators
To use Credit Card Generator, Select the Language & Number of cards and click
on Generate Button. It will create fake credit card info that works for india and other
countries. Criminals use the numbers generated by the real credit card generator to make
fake credit cards and fake cc and then find a place to buy credit cards but not to validate the
numbers immediately
List of mobile vulnerabilities:
⚫ Mobile devices often do not have passwords enabled.
⚫ Two-factor authentication is not always used when conducting sensitive transactions
on mobile devices.
⚫ Wireless transmissions are not always encrypted
⚫ Mobile devices may contain malware.
⚫ Mobile devices often do not use security software.
⚫ Operating systems may be out-of-date.
⚫ Software on mobile devices may be out-of-date
⚫ Mobile devices often do not limit Internet connections.
⚫ Mobile devices may have unauthorized modifications.
⚫ an unsecured Wi Fi network could let an attacker access personal information from a
device, putting users at risk for data and identity theft.
Security challenges posed by mobile devices:
⚫ One at the device level: micro challenges
⚫ Another at the organization level: macro challenges
Well know challenges in mobile security:
⚫ Managing the registry setting and configuration
⚫ Authentication Service Security
⚫ Cryptography Security
⚫ Lightweight Directory Access protocol(LADP) Security
⚫ Remote Access Server(RAS) security
 ⚫ Media Player Control Security
⚫ Network Application Program Interface (API) security
Registry settings for mobile devices:
⚫ Microsoft Active Sync: synchronize PCs and MS Outlook
⚫ Gateway between Windows-Powered PC and Windows mobile -Powered device
⚫ Enables transfer of Outlook information, MS Office documents, pictures, music,
videos and applications
⚫ Active sync can synchronize directly with MS Exchange Sever so that the user can
keep their E-Mails, calendar, notes and contacts updated wirelessly.

Managing the registry setting and configuration:

⚫ If you use an Active Directory® environment to administer the computers in your
network, Group Policy provides a comprehensive set of policy settings to manage
Windows® Internet Explorer® 8 after you have deployed it to your users' computers.
⚫ You can use the Administrative Template policy settings to establish and lock
registry-based policies for hundreds of Internet Explorer 8 options, including security
options.
⚫ 1700 settings in a standard group policy
⚫ Even if the user go through every control panel setting and group policy option- no
desired baseline security
⚫ So make additional registry changes that are not exposed to any interface: avoid
“registry hacks”
 ⚫ Example:
When using Pick-IT ASP in Internet Explorer, the SIP (software input panel, or virtual
keyboard) will pop up when a textbox is activated. We cannot control this panel
through Pick-IT. The method disables this SIP, depending on your mobile device
model and operating system.
Authentication Service Security:
Two components of security in mobile computing:
1. Security of devices
2. Security in Networks
⚫ Involves mutual authentication between the device and the base station/
servers.
⚫ Ensures that only authenticated devices can be connected to the network
⚫ Hence, no malicious code can impersonate the service provider to trick
the device.
Eminent kinds of attacks on mobile devices:
⚫ Push attacks
⚫ Pull attacks
⚫ Crash attack
 1) Mobile Phone Theft
With mobiles or cell phones becoming fancier, more popular, and more expensive, they
are increasingly liable to theft.
The following factors contribute for outbreaks on mobile devices:

1. Keep Details: Record all your phone's information (e.g., phone number, make,
model, colour, security codes, IMEI number) and store it safely.
2. Add Security Marks: Mark your phone with a UV pen, including your postcode,
house number, or alternate contact info, so it can be easily identified if lost.
3. Use Security Codes: Activate security lock codes or PIN features on your phone to
make it less valuable to thieves and protect personal data.
 4. Register with Network Operator: Register your phone with your service provider. In
case of theft, report it immediately and provide the IMEI number for possible device
blocking.
5. Keep Records of Theft Reporting: Document your call to the carrier with details of
when you reported the theft and any confirmation that your phone was disabled.
6. Disable Phone Number: Deactivate your phone number if the handset is stolen to
avoid unauthorized charges, even if the phone itself is disabled.
7. Request a Formal Investigation: Ask your carrier to investigate if your phone is
stolen, especially to prevent potential collections issues if fraudulent charges occur.
8. File a Police Report: Reporting theft to the police serves as proof, which might be
required by your carrier or insurance provider.
9. Install Anti-Theft Software: Install anti-theft software to remotely track or control
your phone, especially for Symbian, Android, Windows Mobile, or Blackberry
devices.
10. Keep Your Phone Close: Avoid letting your phone out of your sight to prevent theft
opportunities.

2) Mobile Viruses
⚫ 40 virus families
⚫ 300+ mobile viruses identified
⚫ First mobile virus :june 2004
⚫ Spread through dominant communication protocols
⚫ Bluetooth, MMS
How to protect from mobile malware attacks:
⚫ Download or accept programs and content only from a trusted source
⚫ Turn off blue tooth or set it to non-discoverable when not in use
⚫ Receive IR beams only from trusted source
⚫ Install antivirus software

3) Mishing
⚫ 'Mishing' is a combination of the words mobile phone and phishing.
⚫ Mishing is very similar to phishing—the only difference is the technology.
⚫ Phishing involves the use of emails to trick you into providing your personal details,
whereas mishing involves mobile phones.
⚫ If you use your mobile phone for purchasing goods and services and convenient
banking, you could be more vulnerable to a mishing scam.
Variants of Mishing:
⚫ Vishing : Mishing attacker makes call for phishing
⚫ Smishing: Mishing attacker sends SMS for phishing

4) Vishing
⚫ The term "vishing" is a socially engineered technique for stealing information or
money from consumers using the telephone network.
⚫ The term comes from combining "voice" with "phishing," which are online scams
that get people to give up personal information.
⚫ Vishing is very similar to phishing—the only difference is the technology.
⚫ Vishing involves voice or telephone services. If you use a Voice over Internet
Protocol (VoIP) phone service, you are particularly vulnerable to a vishing scam.
⚫ Vishing is usually used to steal credit card numbers or other related data used in ID
theft schemes from individuals.
Profitable uses of the information gained through a Vishing attack include:
⚫ ID theft
⚫ Purchasing luxury goods and services
⚫ Transferring money/ funds
⚫ Monitoring the victims bank accounts
⚫ Making applications for loans and credit cards
How Vishing works?
⚫ a vishing perpetrator (visher) may gain access to a group of private customer phone
numbers.
⚫ The visher may then call the group(may use war dialer)
⚫ When a potential victim answers the phone, he or she hears an automated
recording informing him that his bank account has been compromised.
⚫ He then calls the specified toll-free number to reset his security settings and hears
another automated message requesting the user’s bank account number and/or
other personal details via the phone keypad..
How to protect from Vishing attack?
⚫ Be suspicious of all unknown callers
⚫ Don't trust caller ID: caller ID spoofing is easy
⚫ Ask questions: ask them to identify who they work for, and then check them out to
see if they are legitimate.
⚫ Call them back: call them back using a number from your bill or your card. Never
provide credit card information or other private information to anyone who calls you
⚫ Report incidents: to nearest cyber police cell

5) Smishing
⚫ Short for SMS Phishing, smishing is a variant of phishing email scams that
instead utilizes Short Message Service (SMS) systems to send bogus text
messages.
⚫ Also written as SMiShing, SMS phishing made recent headlines when a vulnerability
in the iPhone's SMS text messaging system was discovered that made smishing on
the mobile device possible.
How smishing works?
⚫ Smishing scams frequently seek to direct the text message recipient to visit a
website or call a phone number, at which point the person being scammed is enticed
to provide sensitive information such as credit card details or passwords.
⚫ Smishing websites are also known to attempt to infect the person's computer with
malware.
Example:
Text message originating from either notice@jpecu or message@cccu :
⚫ ABC CU – has –deactivated – your Debit card. To reactivate contact:210957XXXX
This is an automated message from ABC Bank.
⚫ Your ATM card has been suspended. To reactivate call urgent at 1 866 215 XXXX
Text message originating from [email protected] :
⚫ [email protected]/VISA. (Card Blocked) Alert. For more information please call 1-
877-269-XXXX
How to protect from Smishing attacks?
⚫ Do not answer a text message
⚫ Avoid calling any phone numbers
⚫ Never click on a hot link received through messages

6) Hacking Bluetooth
⚫ Bluetooth hacking is a technique used to get information from another Bluetooth
enabled device without any permissions from the host.
 ⚫ This event takes place due to security flaws in the Bluetooth technology.
⚫ It is also known as Blue snarfing.
⚫ Bluetooth hacking is not limited to cell phones, but is also used to hack PDAs,
Laptops and desktop computers.
⚫ Bluetooth hacking is illegal and can lead to serious consequences.
Following are threats a person can face when his/her mobile phone gets blue snarfed:
⚫ The hacker can steal, delete contacts
⚫ Hacker can extract personal files/pictures etc
⚫ Your cell phone can be used for making calls and using internet at your expense
⚫ The hacker may call or text your contacts to annoy them
⚫ Your mobile phone can be reset to default factory settings hence deleting your
personal settings
⚫ Hacker can even access your calendar, clock, International Mobile Equipment
Identity (IMEI) number. IMEI number can be used to clone your cell phone so that
your messages are also routed to another number. Cloning is also considered illegal.
Common attacks:
Blue jacking:
⚫ Blue jacking is the sending of unsolicited messages over Bluetooth to Bluetooth-
enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard
which typically contains a message in the name field (i.e., for blue dating or blue
chat) to another Bluetooth-enabled device.
⚫ Blue jacking is also known as blue hacking.
⚫ Blue jacking exploits a basic Bluetooth feature that allows devices to send
messages to contacts within range.
⚫ Blue jacking is harmless
Blue snarfing:
⚫ Blue snarfing is the unauthorized access of information from a wireless device
through a Bluetooth connection, often between phones, desktops, laptops, and
PDAs (personal digital assistant.).
⚫ This allows access to a calendar, contact list, emails and text messages, and on some
phones, users can copy pictures and private videos.
⚫ Both Blue snarfing and Blue jacking exploit others' Bluetooth connections without
their knowledge.
 ⚫ While Blue jacking is essentially harmless as it only transmits data to the target
device, Blue snarfing is the theft of information from the target device.
Blue bugging
⚫ Blue bugging is a form of Bluetooth attack often caused by a lack of awareness.
⚫ It was developed after the onset of blue jacking and blue snarfing. Similar to blue
snarfing, blue bugging accesses and uses all phone features
⚫ Blue bugging manipulates a target phone into compromising its security, this to
create a backdoor attack before returning control of the phone to its owner. Once
control of a phone has been established, it is used to call back the hacker who is
then able to listen-in to conversations.
⚫ The Blue bug program also has the capability to create a call forwarding application
whereby the hacker receives calls intended for the target phone.[1]
⚫ Not only can a hacker receive calls intended for the target phone, he can
send messages, read phonebooks, and examine calendars.
Car wishper:
⚫ Software that intercepts a hands-free Bluetooth conversation in a car.
⚫ the Car Whisperer enables an attacker to speak to the driver as well as eavesdrop on
a conversation.
⚫ By exploiting the fact that a common security code (passkey) is used by many
Bluetooth hands-free system vendors, the Car Whisperer sets up a two-way session
with the car and a Linux computer.
⚫ an attacker could access a telephone address book once he has connected with the
Bluetooth system,
⚫ May disable airbags or breaks

Mobile Devices: Security Implications for Organizations:

⚫ Managing diversity and proliferation of Hand-Held devices
⚫ Unconventional/ stealth storage devices
⚫ Threat through lost and stolen devices
⚫ Protecting data on lost devices
⚫ Educating the laptop users
1)Managing diversity and proliferation of Hand-Held devices:
⚫ Employees aren't just bringing their mobile devices to the workplace—
they're living on them
 ⚫ As smartphones and tablets become constant companions, cyber attackers are using
every avenue available to break into them.
⚫ With the right (inexpensive) equipment, hackers can gain access to a nearby mobile
device in less than 30 seconds and either mirror the device and see everything on it,
or install malware that will enable them to siphon data from it at their leisure.
⚫ Analysts predict that by 2018, 25 percent of corporate data will completely bypass
perimeter security and flow directly from mobile devices to the cloud.
⚫ Chief information security officers (CISOs) and other security executives are finding
that the proliferation of mobile devices and cloud services are their biggest barriers
to effective breach response.
⚫ In order to secure the corporate data passing through or residing on mobile devices,
it is imperative to fully understand the issues they present.
5 Security Risks and a Surprising Challenge:
1. Physical access:
 Mobile devices are small, easily portable and extremely lightweight.
 hence easy to steal or leave behind in airports, airplanes or taxicabs.
 As with more traditional devices, physical access to a mobile device equals
“game over.”
 The cleverest intrusion-detection system and best anti-virus software are
useless against a malicious person with physical access.
 Circumventing a password or lock is a trivial task for a seasoned attacker, and
even encrypted data can be accessed.
 This may include not only corporate data found in the device, but also passwords
residing in places like the iPhone Keychain, which could grant access to corporate
services such as email and virtual private network (VPN).
2. Malicious Code
 Mobile malware threats are typically socially engineered and focus on tricking
the user into accepting what the hacker is selling.
 The most prolific include spam, weaponized links on social networking sites and
rogue applications.
 Android devices are the biggest targets, as they are widely used and easy to develop
software for.
 Mobile malware Trojans designed to steal data can operate over either the
mobile phone network or any connected Wi-Fi network.
 They are often sent via SMS (text message); once the user clicks on a link in the
message, the Trojan is delivered by way of an application, where it is then free to
spread to other devices.
  When these applications transmit their information over mobile phone networks,
they present a large information gap that is difficult to overcome in a corporate
environment.
3. Device Attacks
 Attacks targeted at the device itself are similar to the PC attacks of the past.
 Browser-based attacks, buffer overflow exploitations and other attacks are possible.
 The short message service (SMS) and multimedia message service (MMS) offered on
mobile devices afford additional avenues to hackers.
 Device attacks are typically designed to either gain control of the device and access
data, or to attempt a distributed denial of service (DDoS).
4. Communication Interception
 Wi-Fi-enabled smartphones face the same security risks as other Wi-Fi devices.
 Hacking technology for wireless networks is widely available online, making Wi-Fi
hacking and man-in-the-middle (MITM) attacks easier to execute.
 Cellular data transmissions can also be intercepted and decrypted by hackers.
 Attackers can exploit vulnerabilities in Wi-Fi and cellular data protocols to eavesdrop
on transmissions or hijack user sessions, including web-based email.
 For businesses with employees using public Wi-Fi, the risks are significant.
 Hackers gaining access to enterprise systems through compromised Wi-Fi could
expose entire corporate databases, leading to severe security breaches.
5. Insider Threats:

 Mobile devices can also facilitate threats from employees and other insiders.

 Malicious insiders can use a smartphone to misuse or misappropriate data by

downloading large amounts of corporate information to the device’s secure digital
(SD) flash memory card, or by using the device to transmit data via email services to
external accounts.
 The downloading of applications can also lead to unintentional threats.
 The misuse of personal cloud services through mobile applications is another issue;
when used to convey enterprise data, these applications can lead to data leaks that
the organization remains entirely unaware of.
 Many device users remain unaware of threats, and the devices themselves tend to
lack basic tools that are readily available for other platforms, such as anti-virus, anti-
spam, and endpoint firewalls.
Policy making efforts:
⚫ Organization needs to establish security practice subject to legal and external
constraints
⚫ Policy making effort starts with the commitment of CEO, president or Director who
takes cybersecurity seriously
⚫ Mobile devices of the employees should be registered in the corporate asset register
⚫ Close monitoring of these devices
⚫ Physical access to corporate resources must be removed from mobile devices before
the employee leaves
⚫ Employees register their device with the IT department: to control the access
2)Unconventional/ Stealth Storage devices:
⚫ Secondary storage devices
⚫ CDs
⚫ USBs
⚫ Portable external hard disks
⚫ Portable storage devices can be easily lost or stolen.
⚫ Decrease in size and emerge in new shape and sizes – difficult to detect
⚫ Prime challenge for organizational security
⚫ Firewalls and antivirus software are no defense against the open USB ports
⚫ Remedy- block these ports, but Windows OS do not support
⚫ Disgruntled employee can use these to download confidential data or
upload harmful virus
Device lock software:
⚫ Device Lock provides network administrators the ability to set and enforce
contextual policies for how, when, where to, and by whom data can or can’t be
moved to or from company laptops or desktop PCs via devices like phones, digital
cameras, USB sticks, CD/DVD-R, tablets, printers or MP3 players.
⚫ In addition, policies can be set and enforced for copy operations via the Windows
Clipboard, as well as screenshot operations on the endpoint computer.
1. Threats through lost and stolen devices

2. Protecting data on lost devices

⚫ Encrypting sensitive data

⚫ Encrypting entire file system
 ⚫ Encrypting servers: third party solutions
⚫ Create a database action to delete the entire data on the user’s device
3.Educating the Laptop users
⚫ No free downloads
⚫ Illegal music files and movies
⚫ 86% employees do this
3)Security?
⚫ But as wireless devices become increasingly ingrained into our daily lives, they
open the door to heightened security risks.
⚫ Not only do such devices become points of access for cybercriminals, but they also
may be more easily breached than personal computers since many consumers do
not secure their smartphones or tablets with antivirus software or take simple
precautions such as enabling password protection.
⚫ According to a Harris Interactive survey commissioned by CTIA, a wireless trade
group,
⚫ less than half of all wireless device owners use passwords or personal
identification numbers (PINs) on their handsets
⚫ Among those who conduct online banking on mobile devices, only half
encrypt the data or use some form of security software.
⚫ Moreover, less than one third of users have installed antivirus software on
their mobile devices compared to 91% on their laptops.
⚫ This may explain why: 45% do not see cybersecurity on their mobile devices
as a threat in the same way as they see it on their computers
Risk factor:
⚫ Rogue mobile apps can record the information that users type into a device, such
as bank account numbers and PINs
⚫ They can read data stored on a handset, such as emails, text messages, attachments,
credit card numbers, and log-ins and passwords to corporate networks.
⚫ A phone can even secretly record conversations within earshot.
⚫ Data that leaves a mobile device wirelessly to connect to a Wi-Fi network could be
hijacked in midair in “man in the middle” attacks.
 ⚫ Consumers may not be as concerned about securing a wireless device because they
do not view it as a small computer. “They think, ‘Oh, it’s just my phone.

Organizational Measures for Handling Mobile:

As mobile computing becomes more prevalent, organizations face challenges in protecting
their data and systems from security breaches that can occur through mobile devices. This
section highlights the steps organizations can take to safeguard their information systems in
the context of mobile devices.

3.10.1 Encrypting Organizational Databases

Organizations store critical and sensitive data in databases, such as customer relationship
management (CRM) systems and data mining applications. With the rise of mobile computing,
it’s essential to protect this data from unauthorized access, especially as mobile devices can
now easily access these databases.
 Encryption Algorithms: Two commonly used algorithms for encrypting database files
are:
o Rijndael (AES): A block encryption algorithm chosen by the National Institute of
Standards and Technology (NIST) as the Advanced Encryption Standard (AES). It
offers strong encryption for securing database files.
o Multi-Dimensional Space Rotation (MDSR): Developed by Casio, another
strong encryption method for database security.
 Encryption Impact: Strong encryption ensures that database files cannot be accessed
without the correct key (password), effectively rendering the files unreadable if
accessed through unauthorized means. However, strong encryption can impact system
performance. For lower performance impact, weaker encryption options are available.
 Encryption Key Management: To avoid security risks, the encryption key should not be
stored on the mobile device. If the key is lost, the data becomes inaccessible. The key
should be entered securely, and there are options for database servers to display a
secure dialog box for key entry to protect against unauthorized access.
 Self-Destruct Policy: In case of lost or stolen devices, organizations can implement a
self-destruct policy. This allows the IT department to send a signal to the device,
remotely wiping sensitive data.

3.10.2 Including Mobile Devices in Security Strategy

The rise of a mobile workforce necessitates that organizations integrate mobile device security
into their overall IT strategy. While some businesses may avoid using mobile devices due to
security concerns, modern technologies now offer effective solutions for securing these
devices.
 Mobile Device Security: Corporate IT departments should focus on securing mobile
devices rather than avoiding their use. Available technologies include the ability to lock
devices remotely, wipe data, and utilize strong encryption (e.g., 128-bit encryption) on
high-powered mobile devices.
 Security Measures for Mobile Devices:
 1. Asset Management: Implement strong asset management strategies, including
virus checking, loss prevention, and controls that prevent unauthorized access
or corrupted data.
2. Secure Access: Use technologies like mobile VPNs to provide secure access to
company data through firewalls.
3. Regular Security Audits: Conduct frequent and thorough security audits of
mobile devices to ensure they are not vulnerable to attacks.
4. Security Training: Incorporate mobile device security awareness into training
and support programs to ensure employees understand the importance of
security in a company's overall IT strategy.
 Response to Security Breaches: In the event of a breach, notify the relevant law
enforcement agencies, change passwords, and monitor user accounts for any unusual
activity.

Organizational Security Policies and Measures in Mobile

Computing Era:
Importance of Security Policies relating to Mobile Computing Devices
 Proliferation of mobile devices: The rise of hand-held devices used for personal and
work purposes increases the cybersecurity risks, especially as people store confidential
information on mobile devices like music, passwords, and strategic business data.
 Business and legal impact: If a device containing sensitive information (e.g., credit
reports, social security numbers, company plans) is lost or stolen, it can lead to public
relations disasters and potential legal violations.
 Data loss prevention: Implementing controls to avoid storing proprietary information
on insecure platforms is crucial. This can be done by raising awareness among users.
 Information classification policy: Clear definitions should be set regarding what types
of data may or may not be stored on mobile devices to mitigate the risk of theft or loss.
 Survey on corporate risks: A Ponemon Institute survey reveals that companies often
face millions of dollars in losses when corporate secrets are intercepted via cell phone
communications. Many organizations frequently experience such incidents.
3.11.2 Operating Guidelines for Implementing Mobile Device Security Policies
 Determine need for mobile devices: Evaluate the necessity of mobile devices within
the organization based on risks, benefits, industry, and regulatory environment.
 Augment native security: Most mobile devices require additional security measures
such as encryption, device passwords, physical locks, and biometrics (e.g., retinal
scans) for authentication.
 Standardization: Standardize mobile devices and associated security tools to prevent
security deterioration that can arise from disparate devices and tools.
 Develop a usage framework: Create guidelines for using mobile devices, including data
syncing, firewalls, anti-malware software, and acceptable data storage practices.
 Centralized management: Maintain an inventory of mobile devices used within the
organization for better security control.
  Establish patching procedures: Integrate software patching with syncing or centralized
patch management databases to keep mobile devices secure.
 Device labeling and registration: Label and register devices with a service that assists
in returning lost or stolen devices.
 Remote access control: Set up procedures to disable remote access for devices
reported as lost or stolen, particularly if sensitive data like usernames and passwords
are stored.
 Data removal protocols: Before re-assigning company devices, ensure that all data is
wiped from devices that are no longer in use.
 Education and awareness training: Train employees on mobile device security best
practices so they understand the importance of protecting organizational data.
3.11.3 Organizational Policies for the Use of Mobile Hand-Held Devices
 Creating company policies: Develop specific policies for mobile devices to address
unique challenges such as handling lost or stolen devices.
 Policy creation approaches:
o Distinct mobile computing policy: A separate policy specifically for mobile
devices.
o Integration into existing policies: Incorporate mobile devices under existing IT
policies, with specific adaptations for mobile device use.
o Hybrid approach: Combine a new policy for mobile devices with existing
general IT policies, covering issues like acceptable use and network
connections.
 Modification over time: Companies may need to modify or create additional policies as
mobile device usage evolves, especially distinguishing between wireless and non-
wireless devices, and frequent vs. infrequent users.
 Separate policies for different devices: Over time, separate policies may be needed for
mobile devices based on whether they connect wirelessly, to WANs or LANs.
 Early planning: Even if mobile devices are not yet a major part of the organization, it's
important to start planning for their use and security to stay ahead of potential risks
and competitors' adoption of similar technologies.

Laptops:
addresses the increasing concerns related to cybersecurity in the context of portable devices
like laptops and mobile phones. Below is a summary of key points along with some
countermeasures to mitigate risks:
Key Risks
1. Laptops and Mobile Devices: While laptops offer mobility and convenience for
businesses, they are also susceptible to theft and misuse. These devices often contain
sensitive corporate and personal data, which can be exploited if stolen.
2. Spyphone Software: Spyphone software is used by employers to track employees'
mobile phone activities, including calls, messages, and GPS locations. While it can be
beneficial for monitoring, it raises concerns over privacy violations.
 3. Wireless Capabilities: Laptops' wireless features increase their exposure to cyber
threats, such as data being intercepted over unsecured networks, which is difficult to
detect.
Cybersecurity Threats from Laptop Theft
 Theft of Corporate Information: Many executives underestimate the value of the
information stored on laptops, making them vulnerable targets for cybercriminals.
 Sensitive Data: Laptops often hold valuable corporate data, including intellectual
property and confidential information, which could be exploited if it falls into the
wrong hands.
Countermeasures Against Laptop Theft
Physical Security
1. Cables and Locks: Use of security cables (e.g., Kensington cables) to physically secure
laptops to desks or fixed objects. These are cost-effective but can be bypassed if the
laptop is detached from removable components (e.g., CDs, memory cards).
2. Laptop Safes: Using robust safes (e.g., polycarbonate safes) for transporting and
storing laptops to protect them from theft. This is more effective than cables in
preventing the theft of the entire device and its peripherals.
3. Motion Sensors and Alarms: Installing alarms and motion sensors on laptops to deter
thieves and track the laptop's location if stolen. These can include keychain devices
that trigger the alarm when the laptop is moved too far away from the owner.
4. Warning Labels and Stamps: Labels with tracking information and unique IDs that
make it difficult for thieves to resell stolen laptops. These labels are designed to be
tamper-resistant.
5. Other Protective Measures:
o Engraving personal information on the laptop.
o Using inconspicuous bags to carry laptops.
o Keeping backups of purchase receipts and laptop serial numbers.
o Installing encryption software and using personal firewalls to protect stored
information.
o Locking laptops in secure places (e.g., lockers) when not in use.
o Disabling unused ports (e.g., USB, wireless cards) and removing removable
drives.
Logical Security (Digital Protection)
1. Avoiding Malicious Software: Protect laptops from malware, viruses, and other
malicious attacks through antivirus software and regular updates.
2. Strong Passwords: Using complex passwords and password management tools to
prevent unauthorized access.
3. Data Encryption: Encrypting sensitive files and using secure file systems to protect data
stored on laptops from unauthorized access.
 4. Monitoring and Access Control: Regular monitoring of laptop activities, using security
patches, and disabling unnecessary ports or devices to prevent access through
vulnerabilities.
5. Backup and Recovery: Regular backups of critical data and using secure cloud services
to ensure data recovery in case of theft or loss.
Conclusion
To address the cybersecurity risks posed by laptops, organizations must implement both
physical security measures (such as locks, safes, and motion sensors) and logical security
controls (such as encryption, password management, and regular updates). This dual
approach will help mitigate the risk of data breaches and protect sensitive information from
malicious actors.
Tools and Methods Used in Cyber Crime:
Introduction
 Focus of Chapter 4: Different forms of attacks targeting computer systems, tools, and
methodologies used by attackers.
2. Phases of a Cyberattack:
 Initial Uncovering (Reconnaissance):

o Attackers gather as much legitimate information as possible about the target,

such as network details, IP addresses, and organizational data.
o Activities are difficult to detect as they rely on publicly accessible information.
 Network Capture:
o Attackers gain a foothold by compromising low-priority systems and removing
traces of their actions.
o Trojan Horses and backdoor tools are used to maintain access.
o The compromised system is used as a stepping stone for deeper penetration.
 Data Theft:
o Stealing confidential data, altering processes, or launching secondary attacks
from the network.
 Covering Tracks:
o Erasing evidence, avoiding detection, and maintaining prolonged access for
continued misuse.

Types of Cyberattacks:
1. Scareware:
o Fraudulent software marketed through unethical means, exploiting fear to
compel users to act.
o Examples: Pop-ups warning about infections to push unnecessary purchases.
2. Malvertising:
o Malicious code embedded in online advertisements.
 o Distributes malware through ad networks and downloads.
3. Clickjacking:
o Tricks users into clicking elements that perform unintended actions, such as
revealing confidential information or giving system access.

Advanced Tools and Techniques:

 Root Access:

o Attackers exploit administrator privileges to control systems.

o Allows for extensive misuse, including file manipulation and undetected
backdoor creation.
 Hacking Tools:
o Designed to clean logs and hide intrusions, enabling attackers to cover their
tracks and maintain persistent access.

Key Takeaways:
 Cybercriminals are systematic and strategic, using a mix of reconnaissance,
exploitation, and evasion techniques.
 Protecting systems requires awareness of these methodologies and implementing
robust preventive measures like monitoring, patch management, and employee
training.

Proxy services and Anonymizers

Overview of Cyberattacks
1. Planning Cyber Offenses
o Attackers follow systematic stages:
 Reconnaissance: Gather information about the target using legitimate
means such as public websites or press releases.
 Network Discovery: Identify internal networks, domains, and IP ranges
of the target.
2. Stages of a Cyberattack
o Uncovering Information: Reconnaissance techniques to collect details about
systems.
o Capturing the Network: Gaining unauthorized access and installing tools to
maintain control.
o Stealing Data: Exploiting the compromised system to extract sensitive data.
o Covering Tracks: Removing evidence of intrusion to avoid detection.

Key Cyber Threats

1. Scareware
 o Fake warnings that trick users into downloading harmful or useless software.
o Often used for unethical marketing and social engineering.
2. Malvertising
o Injecting malware into online advertisements to compromise users' systems.
3. Clickjacking
o Manipulating users to click on hidden elements, potentially giving attackers
control over the system.

Proxy Servers and Anonymizers

 Proxy Server: An intermediary between a user and the internet to hide identity or
speed up access.
o Functions include caching frequently accessed resources, filtering unwanted
content, and enabling multiple computers to share a single IP address.
 Anonymizers: Specialized proxies that hide users' identities online, ensuring privacy
and anonymity.

Cookies and Google Tracking

 Cookies: Small files stored on users' computers by websites to save preferences or
session data.
o Persistent Cookies: Stored long-term for website preferences.
o Session Cookies: Temporary and deleted after the browser closes.
 Google Cookies: Used for tracking user search terms and activities, enabling targeted
advertisements.
 DoubleClick DART Cookies: Persistent cookies that help advertisers measure campaign
performance and user behavior.

Tools for Anonymous Browsing

 G-Zapper: A utility to block or delete Google cookies, ensuring anonymous searches.

 Other tools and websites listed provide proxy or anonymizer services.

This structured understanding showcases the evolution of cyber threats and preventive
mechanisms, emphasizing the importance of awareness in cybersecurity.

Phishing
Phishing is a deceptive cybercrime method used to steal personal and financial data or
perform online identity theft. Below are its key aspects and workflow:

What is Phishing?
  Definition: Phishing involves sending fake emails or messages designed to look like
they are from reputable organizations (e.g., banks, credit card companies, or online
retailers like Amazon and eBay).
 Purpose: To trick users into providing sensitive information such as login credentials,
bank details, or personal identification.
 Origins: The term “Phishing” is derived from “fishing,” symbolizing the act of luring
victims to reveal information. It was first documented in 1996.

How Phishing Works?

1. Planning
o Target Selection: Phishers choose a specific business or individual.
o Data Collection: They gather email addresses of potential victims, often
through spam or mass mailing techniques.
2. Setup
o Creating a Spoofed Identity: Phishers craft emails and web pages mimicking
trusted entities.
o Delivery Mechanism: Phishing emails often contain malicious links or
attachments designed to harvest victim information.

3. Attack
o Phishers send deceptive messages that appear genuine, urging users to take
immediate action (e.g., responding to a threat of account closure).
4. Collection
o Victims enter sensitive information into fake web pages or pop-ups,
unknowingly providing it to phishers.
5. Identity Theft and Fraud
o Phishers exploit the stolen data to make unauthorized purchases, commit
financial fraud, or impersonate the victim.

Impact of Phishing
 Data Theft: Compromised personal and financial details.

 System Infection: Emails can carry malicious attachments, infecting systems with
malware or viruses.
 Global Scale: Phishing has escalated with the increasing online presence of businesses
and individuals.

Phishing attacks have evolved with advanced social engineering tactics, making awareness and
vigilance critical.
Password Cracking
Password cracking is a technique used to recover or decipher passwords to gain access to
computer systems or resources. While it can be used ethically by system administrators to
identify vulnerabilities, it is often exploited by attackers for unauthorized access.

What is Password Cracking?

 Definition: The process of recovering passwords from stored or transmitted data in a
computer system.
 Purposes:
1. To recover forgotten passwords.
2. To test system security by identifying weak passwords.
3. To gain unauthorized access.

How Does Password Cracking Work?

1. Manual Cracking:
o Involves manually entering possible passwords until the correct one is found.
o Steps:
1. Identify a valid user account (e.g., Admin, Guest).
2. Generate a list of possible passwords.
3. Rank them by probability.
4. Test each password until successful.
2. Automated Cracking:
o Scripts or tools are used to test multiple passwords automatically.
o Common attack types include:
 Brute Force: Testing all possible combinations until the correct
password is found.
 Dictionary Attack: Using a list of common or likely passwords.
1. Password Storage and Hashing:
o Hashed Passwords: Instead of storing plain text passwords, systems store
hashed values using one-way functions.
o During authentication, the input password is hashed and compared with the
stored hash. If they match, access is granted.
2. Hash-Based Cracking:
o Attackers attempt to retrieve hashed passwords and use tools to compare
guessed values after hashing.
 o Common hash-cracking methods include brute force and rainbow tables
(precomputed hash tables).

Examples of Weak/Guessable Passwords

 Blank or default passwords (e.g., "admin").

 Simple words (e.g., "password").

 Sequential keyboard patterns (e.g., "qwerty").
 Personal information (e.g., names, birthdates, vehicle numbers).
 Celebrity names or common idols.

Common Password Cracking Tools

Tool Name Description
Recovers Microsoft OS passwords using sniffing, dictionary attacks, and brute
Cain & Abel
force.
John the A free, open-source password cracker compatible with various OSs. Primarily
Ripper used to detect weak Unix passwords.
A fast network logon cracker supporting multiple protocols (e.g., HTTP, POP3,
THC-Hydra
FTP).
Cracks WEP and WPA wireless network keys. Uses advanced cryptographic
Aircrack-ng
techniques.
Specializes in Windows password recovery, supporting hashes from
L0phtCrack
workstations and domain controllers.
AirSnort Recovers WLAN encryption keys by analyzing enough encrypted packets.
Uses precomputed rainbow tables for hash cracking, significantly faster than
RainbowCrack
traditional brute force methods.
Brutus A flexible remote password cracker for protocols like HTTP, FTP, and IMAP.
Extracts NTLM and LanMan hashes from Windows, including password
Pwdump
histories.

Modern Challenges and Security Practices

 Strengthened Hashing Algorithms: Using advanced algorithms (e.g., bcrypt, Argon2)
makes cracking more time-intensive.
 Two-Factor Authentication (2FA): Adds an extra layer of security.
 Password Policies: Encouraging complex, unique passwords reduces vulnerability.
Categories of Password Cracking Attacks
1. Online Attacks:
o Use of automated scripts to guess passwords.
o Common attack: Man-in-the-Middle (MITM), where the attacker intercepts
communications between the user and server.
2. Offline Attacks:
o Require physical access or extraction of password files from systems.
 o Include methods like dictionary attacks, hybrid attacks, and brute-force
attacks.
3. Non-Electronic Attacks:
o Social engineering, shoulder surfing, and dumpster diving (discussed in detail
elsewhere).

Strong vs. Weak Passwords

 Weak Passwords:

o Easily guessed due to simplicity or personal relevance.

o Examples: "1234", "password", "Susan" (common names), "abc123".
 Strong Passwords:
o Long, random, and hard to guess.
o Examples: "Convert_€100 to Euros!", "4pRtelai@3".

Guidelines for Creating Secure Passwords

1. Unique passwords for every user and system.
2. Minimum of 8 alphanumeric characters, avoiding common words/names.
3. Regular updates (every 30-45 days) with enforced policies against reuse.
4. Private storage—avoid sharing or writing passwords down.
5. Limit login attempts (e.g., freeze after five failed attempts).
6. Session suspension after inactivity (e.g., 15 minutes).
7. Use secure systems to access or reset passwords.

Precautionary Measures
1. Use different passwords for personal and business accounts.
2. Avoid accessing sensitive accounts from public facilities.
3. Verify legitimacy of emails or SMS requesting password changes.
4. Report hacks immediately to the relevant authorities.

Keyloggers and Spywares

Keyloggers
Keyloggers are tools designed to covertly monitor and record keystrokes on a computer or
device. Their primary use is often malicious, intended to steal sensitive information such as
passwords and personal data.
Types of Keyloggers:
1. Software Keyloggers:
o Installed via malicious software like Trojans or viruses.
 o Operates between the operating system and keyboard hardware.
o Can record every keystroke and store it in hidden files.
o Common targets include public computers in libraries and cybercafés.
o Examples include:
 SC-KeyLog PRO: Records emails, chats, and logon passwords.
 Spytech SpyAgent Stealth: Logs websites, filters applications, and blocks
chats.
 All-in-One Keylogger: Tracks activities and sends encrypted logs via
email or FTP.
2. Hardware Keyloggers:
o Require physical installation on a device.
o Often attached to keyboards or ATM machines.
o Used to capture sensitive data like PINs or passwords.
o Examples:
 KeyGhost
 KeyKatcher
Antikeyloggers
Antikeylogger software is used to detect and remove keyloggers from a system. They offer:
 Detection of keyloggers undetectable by firewalls.

 Security for internet banking and email communication.

 Prevention of identity theft.
Spywares
Spywares are malicious programs designed to collect information about users without their
consent. Their impact includes:
 Monitoring internet browsing habits.

 Redirecting browser activity.

 Changing system settings to slow down performance.
Popular Spyware Tools:
 007 Spy: Captures websites, passwords, and allows remote log viewing.

 Spector Pro: Monitors social media activity and emails.

 eBlaster: Tracks online searches, downloads, and social networking.

Virus and Worms

1. Computer Viruses: A computer virus is a malicious program capable of infecting other
programs by embedding itself and potentially replicating to multiple systems without user
consent. Key characteristics include:
 Propagation: Spreads via infected files, removable drives, or network sharing.
  Triggers: Activated by specific events like a date or number of executions.
 Actions: Viruses may delete files, scramble data, cause erratic behavior, or just
replicate without immediate effects.
Examples:
 Boot sector viruses

 Program viruses
 Multipartite viruses
 Polymorphic viruses

2. Computer Worms: A worm is self-replicating malware that spreads independently through

networks without needing a host program. Key distinctions:
 Propagation: Exploits network vulnerabilities.

 Damage: Worms can consume bandwidth and overload systems, potentially carrying
malicious payloads.
Examples:
 Email worms

 Internet worms
 Instant messaging worms

Comparison: Virus vs. Worm

Feature Virus Worm
Propagation Needs a host program to spread. Spreads independently through networks.
Term inspired by The Shockwave Rider
First Instance Creeper virus (1970s).
novel (1975).
High; over 100,000 known viruses (as
Prevalence Moderate prevalence compared to viruses.
of 2005).

3. Types of Viruses:
 Boot Sector Viruses: Infect the master boot record (MBR), spreading through infected
media.
 Program Viruses: Activate when the infected program is executed.
 Multipartite Viruses: Combine boot sector and program virus characteristics.
 Stealth Viruses: Mask themselves to avoid detection.
 Polymorphic Viruses: Change their signature to evade antivirus programs.
 Macro Viruses: Exploit macros in applications like MS Word or Excel.

4. Preventive Measures:
 Avoid downloading software from unreliable sources.

 Regularly update antivirus software.

 Disable features like AutoRun/AutoPlay on Windows.
  Exercise caution with email attachments and shared files.

5. Notable Virus and Worm Attacks:

 Conficker (2008): Exploits Windows flaws and dictionary attacks.

 INF/AutoRun: Exploits AutoRun in Windows for spreading malware.

 Win32/Agent: A Trojan stealing information via registry modifications.
 Win32/Qhost: Redirects DNS settings to malicious domains.
By understanding these malware types, their modes of propagation, and prevention
techniques, users can better protect systems from malicious threats.
Trojan Horses and Backdoors
Trojan Horses
 Definition: A malicious program disguised as legitimate software, capable of harming
systems, such as corrupting data, spreading malware, and providing unauthorized
access.
 Origins: The term is inspired by the Trojan War from Greek mythology, specifically the
tale where a large wooden horse was used to infiltrate and destroy the city of Troy
(Box 4.5).
 Methods of Entry:
o Web browsers, email, bundled software downloads.
o Portable media like USB drives.
 Behavior:
o Does not replicate like viruses or worms but causes significant harm upon
execution.
o Example: waterfalls.scr (a screensaver) turned into a Trojan.
 Typical Threats:
1. Erasing, overwriting, or corrupting data.
2. Spreading other malware.
3. Deactivating antivirus/firewall programs.
4. Enabling remote access.
5. Uploading/downloading files unknowingly.
6. Logging keystrokes (e.g., stealing passwords).
7. Displaying inappropriate content.
8. Slowing down or shutting down the system.
9. Reinstalling after removal.
10. Disabling task managers and control panels.
Backdoors
 Definition: A method for bypassing security to gain unauthorized access to a system.

 Purpose:
o Often left by developers for troubleshooting.
o Exploited by attackers for unauthorized control.
 Characteristics:
o Operates in the background, difficult to detect.
o Some are integrated into existing software.
 Functions:
1. Modifies files, system settings, and registries.
2. Controls hardware, shuts down/restarts computers.
3. Steals sensitive data (e.g., passwords, documents).
4. Logs user activity and captures screenshots.
5. Uploads data to predefined servers or emails.
6. Infects files and damages systems.
7. Performs attacks on remote hosts.
8. Installs hidden FTP servers for illegal purposes.
9. Hides processes/files to complicate removal.
 Examples:
1. Back Orifice: A backdoor for remote system administration.
2. Bifrost: Infects Windows systems using a backdoor program configuration.
3. SAP Backdoors: Exploits ERP systems for unauthorized access.
4. Onapsis Bizploit: A tool for ERP penetration testing.

Protection Measures
1. Avoid Suspicious Websites/Downloads:
o Stay away from pirated software and P2P networks, which often harbor
Trojans.
2. Cautious Web Surfing:
o Avoid downloading files from unverified sources.
3. Use Antivirus Software:
o Install updated antivirus or Trojan remover programs.
4. Enable Spam Filters:
 o Although not foolproof, they reduce exposure to malware.

Box 4.6: Peer-to-Peer (P2P) Networks

 Definition: A distributed network where participants share resources without central
servers.
 Types:
o Hybrid P2P: Central server with peer-stored information.
o Pure P2P: No central server; peers act as clients and servers.
o Mixed P2P: Combination of hybrid and pure models.
 Advantages:
1. Faster information transfer.
2. Cost-effective and scalable.
3. Increases fault tolerance and privacy.
 Drawbacks:
1. Propagates malware and misinformation.
2. Vulnerable to attacks and lacks content ownership.
3. Difficult to manage, lacking standards.
4. Revenue challenges and traffic bottlenecks.
 Examples: Ares, BitTorrent, Limewire, Kazaa.

Steganography
 Steganography: A Greek word meaning "sheltered writing," it is a method of hiding the
existence of a message or communication.
 The word comes from "steganos" (covered) and "graphein" (to write).

 The practice dates back to ancient Rome and Greece.

o Examples include etching messages into wooden tablets and covering them
with wax or shaving a messenger's head to tattoo a message and regrow the
hair to hide it.
 Modern Steganography:
 Used to hide data in digital forms such as images, audio, or video.

 In digital images, the least significant bit of each word can carry a hidden message
without noticeable change.
 Also used for digital watermarking to detect illegal copying of digital content.
 Difference Between Steganography and Cryptography:
 Steganography: Hides the existence of a message.

 Cryptography: Hides the content of a message but not its existence.

  Steganography is often used by terrorists to hide messages in popular images (e.g.,
images of celebrities).
 Example of Simple Steganography:
 Every fourth letter of a memo could hide a message, which does not arouse suspicion
as encryption would.
 Real-World Example:
 In October 2001, The New York Times reported that al-Qaeda used steganography
techniques to encode messages into images for planning the September 11 attacks.
 Cover Medium:
 Refers to the original message or data that hides the secret message. In digital media,
these are called "redundant bits" which can be altered to carry the hidden data.
 Digital Watermarking:
 A form of steganography used to embed trademarks or ownership markers into digital
media (images, music, software).
 Examples of Steganography Tools:
 DiSi-Steganograph: Embeds data in PCX images.

 Invisible Folders: Makes files or folders invisible on your computer or network.

 Invisible Secrets: Encrypts and hides data in picture or sound files.
 Stealth Files: Compresses and hides files inside EXE, DLL, JPG, MP3 files.
 Hermetic Stego: Hides data in BMP images with encryption.
 DriveCrypt Plus: Hides entire OS with full-disk encryption.
 MP3Stego: Hides data during the MP3 compression process.
 MSU StegoVideo: Hides data in video sequences with password protection.
 Steganalysis:
 The art of detecting hidden messages in digital files.

 Involves identifying suspected files, determining if they contain hidden data, and
recovering the message.
 Automated tools are often used for detection.
 

DoS and DDoS Attacks

Definition
 A DoS attack or DDoS attack is a deliberate attempt to make an online resource (e.g., a
website, network, or system) unavailable to its intended users. This is achieved by
overwhelming the target with excessive traffic or malicious requests, preventing
legitimate users from accessing it.

4.9.1 DoS Attacks

 Methodology:

o Attackers flood the target's bandwidth with excessive traffic or fill the target's
email inbox with spam, effectively denying access to legitimate users.
 Common Targets:
o High-profile web servers like banks, credit card payment gateways, and critical
services like domain name servers (DNS).
 Technique:
o IP Address Spoofing:
 Attackers forge source IP addresses to send malicious packets.
 Victim systems waste resources waiting for responses from nonexistent
sources, consuming bandwidth and causing service failures.
Symptoms of DoS Attacks
1. Sluggish network performance (e.g., opening files or accessing websites).
2. Unavailability of specific websites or services.
3. Complete inability to access online resources.
4. A dramatic increase in spam emails (email bombing).

Goals of DoS Attacks

 Prevent legitimate users from accessing a service.

 Overwhelm a network, disrupt connections, or deny services to individuals or systems

without gaining unauthorized access.

Classification of DoS Attacks

Type Description
Bandwidth Overloading a site’s bandwidth by repeatedly refreshing or opening pages to
Attacks consume resources.
Exploiting vulnerabilities in network software to crash or destabilize
Logic Attacks
systems.
Protocol Attacks Exploiting flaws in communication protocols to overwhelm victim systems.
Unintentional Occurs due to a sudden spike in popularity (e.g., a viral post causing an
DoS unexpected traffic surge).

4.9.3 Types or Levels of DoS Attacks

1. Flood Attack:
o Overwhelms the victim with a massive number of ping requests.
o Requires greater bandwidth on the attacker's side.
2. Ping of Death:
o Sends oversized packets that cause crashes or system reboots.
3. SYN Attack (TCP SYN Flood):
o Exploits the TCP handshake mechanism by not completing connections,
exhausting system resources.
4. Teardrop Attack:
o Sends fragmented, overlapping packets, leading to system crashes during
reassembly.
5. Smurf Attack:
o Sends spoofed ping messages to a network broadcast address, resulting in
amplified traffic back to the victim.
6. Nuke:
o Sends corrupted ICMP packets to freeze or crash systems.
 o

4.9.4 Tools Used for DoS Attacks

Tool Description
Exploits vulnerabilities in Windows networking code to consume CPU resources
Jolt2
with illegal packets.
Nemesy Generates random spoofed packets to launch attacks.
Targa Can execute multiple DoS attacks, one after another or all simultaneously.
Crazy Pinger Sends large ICMP packets to overwhelm target networks.
Some
A remote flooder/bomber designed to overwhelm systems.
Trouble

Special Types of Threats

Blended Threats
 Combines elements of viruses, worms, Trojans, and malicious code.

 Propagates using multiple methods (e.g., email, IRC, file-sharing).

 Can launch DoS attacks, install backdoors, and damage systems in one payload.
Permanent Denial-of-Service (PDoS)
 Targets hardware instead of software.

 Damages devices by exploiting vulnerabilities in firmware, rendering them inoperable.

 Often requires replacement or reinstallation of hardware.
These attacks highlight the critical need for robust cybersecurity measures to mitigate risks
and ensure uninterrupted service availability.
SQL Injection
SQL Injection is a type of attack that exploits vulnerabilities in the database layer of an
application. This vulnerability occurs when user input is incorrectly filtered or not strongly
typed, allowing malicious code to be inserted into SQL queries. The attacker can manipulate
the SQL queries to access sensitive data from the database.
Steps for an SQL Injection Attack:
1. Identifying vulnerable webpages: The attacker looks for web pages where data is
submitted, like login, search, or feedback forms.
2. Inspecting the source code: Using "view source" on the page, the attacker identifies
form fields that may accept user input (e.g., <FORM> tags).
3. Testing input fields: The attacker enters a single quote (') or similar test characters into
the input field. If the website returns an error, it indicates that the site is vulnerable to
SQL injection.
4. Executing SQL commands: The attacker uses SQL commands, like SELECT or INSERT, to
interact with the database and retrieve or manipulate data.
Blind SQL Injection:
In cases where the results of the SQL injection are not directly visible, the attacker uses "blind"
SQL injection. The attacker injects logical statements into the query, and based on the
application's behavior, they deduce information from the results, even if they cannot directly
see the output.
Common Tools for SQL Injection:
1. MySQLenum: A command-line tool for performing blind SQL injection on MySQL
servers.
2. AppDetectivePro: A vulnerability assessment scanner that locates database
applications and identifies security holes.
3. DbProtect: Helps organizations optimize database security and manage risks.
4. Database Scanner: Identifies security exposures in database applications.
5. SQLPoke: A tool that attempts to connect to MSSQL servers using default system
administrator accounts.
6. NGSSQLCrack: A tool to identify and address weak passwords in MSSQL servers.
Prevention of SQL Injection Attacks:
1. Input Validation: Ensure that all user input is validated. Numeric inputs should be
checked using functions like IsNumeric to ensure they don't contain malicious code.
2. Shorten input fields: Limit the length of user input to prevent large-scale injection
attempts.
3. Modify error reports: Configure error handling to avoid exposing SQL errors that
attackers can use.
4. Sanitize user input: Replace single quotes and other potentially harmful characters
with safe alternatives.
5. Database Isolation: Keep the database server and web server on separate machines to
reduce the attack surface.
 6. Disable extended stored procedures: If unused, procedures like xp_cmdshell should be
disabled or moved to an isolated server.
Implementing these measures can significantly reduce the likelihood of a successful SQL
injection attack.

Buffer Overflow.
Here’s the complete information on Buffer Overflow, including all the points:

Buffer Overflow Overview:

 Definition: A buffer overflow occurs when data is written outside the boundaries of a
pre-allocated memory buffer, potentially causing erratic behavior, crashes, or security
vulnerabilities by corrupting adjacent memory locations.
 Causes: Buffer overflows happen when a program tries to store more data in a buffer
than it can hold, leading to data overwriting and often leading to unintended execution
of code or other corrupt behaviors.
 Common Languages: Typically found in low-level languages like C and C++, where
there is no automatic checking for buffer sizes.
 Example in C:
c
Copy code
int main() {
int buffer[10];
buffer[20] = 10; // This will overflow the buffer
}
 Effect: If data is written beyond the buffer, it can overwrite the program’s stack or
heap memory, including important control structures like return addresses, which can
lead to arbitrary code execution.
Types of Buffer Overflow:
1. Stack-Based Buffer Overflow:
o Memory Allocation: Stack buffers are allocated for local variables and function
calls.
o Exploitation: Attackers exploit stack-based buffer overflows to overwrite return
addresses, function pointers, and local variables.
o Consequences: When a function returns, the attacker can redirect the flow of
execution to malicious code, which can lead to the execution of arbitrary
instructions or even full system compromise.
o Example: Overwriting the return address of a function so that when it returns,
the control flow is redirected to the malicious code the attacker has injected.
2. Heap-Based Buffer Overflow:
o Memory Allocation: The heap is used for dynamic memory allocation, typically
during runtime (via functions like malloc() in C).
 o Exploitation: In this type of overflow, attackers target the heap’s metadata,
corrupting linked lists or other structures that manage memory.
o Consequences: Heap overflows often lead to attackers overwriting function
pointers, virtual function tables, or other sensitive structures that control the
program's execution flow.
o Risk: It’s harder to detect and prevent because heap-based overflows can
manipulate control flow in more subtle ways than stack-based attacks.
3. Integer Overflow Leading to Buffer Overflow:
o Memory Mismanagement: An attacker may cause an integer overflow by
exploiting unsafe code that calculates the size of a buffer or memory allocation.
o Exploit: The overflow allows the attacker to cause an allocation of a smaller-
than-expected buffer, leading to buffer overflows.
o Example: If a program mistakenly allows a value larger than the buffer size (due
to an integer overflow) to be used in a memory allocation function like malloc(),
leading to insufficient space for the data.
4. Off-by-One Errors:
o Memory Misalignment: This occurs when a single byte overflows past the
buffer’s boundary, potentially corrupting important control structures without
being easily detected.
o Cause: Happens in programs where the loop or index logic incorrectly writes to
one byte beyond the buffer’s capacity.
Consequences of Buffer Overflow:
 Crashes: Programs can crash if the overflow corrupts data structures that the program
relies on.
 Arbitrary Code Execution: Attackers can inject shellcode that gets executed when the
overflow corrupts a return address or other control structures, leading to complete
control over the system.
 Denial of Service (DoS): Overflows can be used to crash programs or services, making
them unavailable.
Prevention of Buffer Overflow Vulnerabilities:
1. Secure Code Writing:
o Avoid using unsafe functions like strcpy(), strcat(), gets(), vsprintf(), etc., which
do not check buffer sizes.
o Use safe string handling functions such as strncpy(), snprintf(), or equivalent
that limit the number of bytes copied.
o Input Validation: Always validate input lengths before using them in functions
like scanf() or gets().
o Example of safe use:
c
Copy code
char dest[10];
strncpy(dest, source, sizeof(dest) - 1);
dest[9] = '\0'; // Ensure null-termination

2. Stack Protection Mechanisms:

o Stack Canaries/Guards: These are special values placed before return
addresses on the stack. If a buffer overflow overwrites this value, it signals the
overflow and terminates the program before any damage can be done.
o Example: Compilers like GCC support the -fstack-protector flag to insert stack
canaries into the code.
o Non-Executable Stack: Disable execution of code in the stack region. This
prevents attackers from injecting executable code into the stack.
 NX (No Execute) Bit: Many modern operating systems and hardware
support a feature that marks the stack area as non-executable, making it
harder to execute shellcode placed in the stack.
3. Compiler-based Protections:
o Address Space Layout Randomization (ASLR): Randomizes the location of
system libraries, stack, heap, and other memory regions. This makes it more
difficult for attackers to predict the location of the overflowed buffer or
shellcode.
o Data Execution Prevention (DEP): Prevents the execution of data in non-
executable regions like the stack and heap.
4. Memory Safety Tools:
o Bounds Checking: Modern languages and tools perform bounds checking
automatically to prevent overflows.
o Safe Memory Allocation: Languages or frameworks that enforce bounds on
allocated memory can eliminate the risk of buffer overflows. Using functions
like malloc() with size checking, for example, can prevent allocating insufficient
memory.
o Use of Memory-safe Languages: Use high-level languages like Python, Java, or
Go, which inherently protect against buffer overflow vulnerabilities.
Tools for Detecting Buffer Overflows:
1. Static Analysis Tools:
o Tools like Splint, Clang Static Analyzer, and Coverity analyze the source code
and detect potential overflow vulnerabilities without executing the program.
2. Dynamic Analysis Tools:
o Valgrind: A tool for memory debugging that detects memory leaks, heap and
stack overflows, and memory corruption.
o AddressSanitizer: A runtime memory error detector used by modern compilers
to catch various memory-related bugs, including buffer overflows.
 3. Fuzzing:
o Fuzz Testing: Automated testing technique that involves inputting random or
invalid data to the program to trigger crashes and potential vulnerabilities.
o Example tools include AFL (American Fuzzy Lop) and libFuzzer, which are
designed to find vulnerabilities like buffer overflows.
4. Control Flow Integrity (CFI):
o CFI is a security technique that ensures the program executes only valid control
flow paths. It prevents exploitation of buffer overflows that attempt to redirect
control flow to malicious code.
Defensive Tools for Buffer Overflow Protection:
1. StackGuard:
o Introduced in 1997, StackGuard protects against stack-based buffer overflow
attacks by inserting a guard value, or "canary," before the return address. If the
return address is changed (due to an overflow), the program will detect it and
terminate immediately.
2. ProPolice (Stack-Smashing Protector):
o A more advanced version of StackGuard, ProPolice works by adding stack
protection and ensuring that attackers cannot overwrite critical data structures.
3. LibSafe:
o This is a runtime library for Linux that provides protection from buffer overflows
by intercepting function calls to unsafe library functions (like gets() and
strcpy()).
4. Control Flow Integrity (CFI):
o Modern compilers can integrate CFI checks that track control flow paths in real-
time, ensuring that even if a buffer overflow happens, the attacker cannot
hijack the program’s control flow to malicious code.
Conclusion:
 Buffer overflow vulnerabilities are one of the most common types of security flaws in
software, particularly in low-level languages like C and C++.
 Mitigation strategies include using safe coding practices, leveraging modern compilers
and protection mechanisms, using tools for dynamic and static analysis, and applying
security-focused techniques like ASLR, DEP, and stack canaries.
 Developers must stay vigilant and integrate multiple layers of protection to prevent
and detect buffer overflow vulnerabilities.

Attacks on Wireless Networks.

 Work Mobility:
 Work is moving from traditional office locations to homes, hotels, airport lounges, and
taxis.
 Employees are no longer tied to a specific office location and are "boundaryless."
  The concept of "working" used to involve commuting to an office, working 9 a.m. to 6
p.m., and then separating work from personal life.
 Now, work can be done from anywhere, anytime, without clear boundaries between
"work" and "away from work."
 Types of Mobile Workers:
1. Tethered/Remote Worker:
o Works from a single point (e.g., home, telecommuting).
o Remote to central company systems.
o Includes home workers, tele-cottagers, and some branch workers.
2. Roaming User:
o Works in environments like warehousing or shop floors, or in multiple areas
(e.g., meeting rooms).
3. Nomad:
o Works in semi-tethered environments like hotel rooms.
o Uses modems and multiple wireless technologies and devices.
4. Road Warrior:
o Spends little time in the office.
o Requires access to data and collaborative tools while on the move (in transit or
in hotels).
o Includes sales and field forces.
 Wireless Technologies:
 Hand-held devices (e.g., PDAs) allow access to calendars, email, phone numbers, and
the internet.
 Wireless networks extend traditional wired networks by using radio waves to transmit
data.
 Wireless networks consist of two basic elements:
o Access Points (APs): Connected to physical networks, broadcasting signals.
o Wireless-Enabled Devices: Devices like laptops and PDAs that communicate
with APs.
 Wireless access is common in India for both individuals and organizations:
o Many laptops have pre-installed wireless cards provided by TATA Indicom,
Reliance, and Airtel.
o Many hotels around the world (including India) offer "Wi-Fi enabled" rooms.
 Working while on the move (away from home, in hotels, etc.) has significant benefits,
providing greater flexibility.
 

Wi-Fi standards and wireless networking technologies. Here's a summary of the key points:

1. Getting Started with Wi-Fi:

o Begin with a portable device (like a laptop) that supports wireless Internet
access.
o Look for a Wi-Fi-enabled device, marked with Intel's Centrino sticker or similar
signs.
o If your device lacks Wi-Fi, use an external PCMCIA card.
o Find a public hotspot, typically indicated by stickers like "Wi-Fi Zone" or "T-
Mobile HotSpot," or set up a Wi-Fi router at home.
2. Benefits of Wi-Fi:
o Wi-Fi is an easy way to share a fast Internet connection in households with
multiple devices.
o It allows people to access the Internet while on the go, like at coffee shops or
public spaces in cities, making it a common feature in India and other metros.
3. Wi-Fi and Mobile Phones:
o While Wi-Fi is not yet as widespread as mobile phone use, it is becoming
increasingly available at public hotspots.
o It's particularly useful for checking emails or comparing online prices when
you're out.
4. Wi-Fi Standards (802.11):
o The IEEE 802.11 family defines the standards for wireless local area networks
(WLANs), focusing on frequency bands like 2.4 GHz, 3.6 GHz, and 5 GHz.
o 802.11: Provides 1-2 Mbps transmission in the 2.4 GHz band.
o 802.11a: Operates at 54 Mbps in the 5 GHz band, using more efficient coding
techniques.
o 802.11b: Operates at 1 Mbps in the 2.4 GHz band and was a breakthrough
standard in 1999, making wireless technology affordable and widely adopted.
 o 802.11g: Provides 54 Mbps transmission in the 2.4 GHz band, faster than
802.11a and b, using the same coding techniques.
o 802.11n: The latest widely used standard with improved speed and range,
supporting speeds up to 140 Mbps.
5. Other Important Wireless Standards:
o 802.15: Used for personal WLANs like Bluetooth, with very short range.
o 802.16 (WiMax): Provides high-speed wireless Internet over long distances,
ideal for cities and large areas, and is the standard for Wireless Metropolitan
Area Networks (WMANs).

1. Access Points (AP):

 An Access Point (AP) is a hardware or software device that connects wireless devices
(like laptops or PDAs) to a wired Local Area Network (LAN).
 APs act as central transmitters and receivers of WLAN radio signals.
2. Wi-Fi Hotspots:
 Free Wi-Fi Hotspots: These are public areas (like cafes, libraries, and hotels) that offer
free wireless Internet access. However, they come with significant cybersecurity risks,
such as exposure to cybercriminals who can intercept user data.
 Commercial Hotspots: These require authentication and payment to access the
Internet. Airports and business hotels often offer such services, where users are
directed to authenticate themselves and make payments (via PayPal or credit/debit
cards).
3. Security Risks in Hotspots:
 Rogue/Poisoned Hotspots: These are fake hotspots set up by cybercriminals to
intercept data. Attackers can gather sensitive information like user IDs and passwords
by sniffing the network traffic.
 Wi-Fi Protected Access (WPA and WPA2): WPA2, with stronger encryption (AES), is
recommended over the outdated WEP, which is vulnerable to attacks.
 MAC Address Filtering: This technique restricts network access to specific devices
based on their MAC addresses. However, attackers can spoof MAC addresses to bypass
this security measure.
4. Wi-Fi Network Security:
 Service Set Identifier (SSID): The SSID is the name of a wireless network, and it must be
the same for all devices on the network. While hiding the SSID can discourage casual
snooping, it does not prevent determined attackers from finding and connecting to the
network.
 Wired Equivalent Privacy (WEP): WEP is an outdated and insecure encryption standard
that was introduced in the 802.11 protocol in 1997. It is no longer recommended for
securing wireless networks.
 WPA/WPA2: WPA was introduced to address WEP’s weaknesses, and WPA2 uses AES
encryption, making it a more secure option.
5. Security Tools:
 There are several tools that attackers use to crack wireless networks, such as:

o NetStumbler: A tool for detecting wireless signals.

 o Kismet: A tool for detecting hidden SSIDs.
o Airsnort: Used for cracking WEP keys.
o CowPaty: A brute-force tool for cracking WPA-PSK.
o Wireshark: A network protocol analyzer that can be used to sniff wireless
networks.
6. Cybercrime Tools and Methods:
 Sniffing: The process of intercepting data from a wireless network to gather
information such as SSID, MAC addresses, and WEP keys.
 Spoofing: Involves faking an identity to gain unauthorized access to a network.
Techniques include:
o MAC Address Spoofing: Changing the MAC address to impersonate another
device on the network.
o IP Spoofing: Creating IP packets with a forged source address.
o Frame Spoofing: Injecting fake frames into a wireless network to confuse it.
 Denial of Service (DoS) and Man-in-the-Middle (MITM) Attacks: These attacks aim to
disrupt network services or intercept communications between two parties.
7. Wi-Fi Fraud and Misuse:
 With the increasing use of Wi-Fi in homes and public places, malicious actors may
exploit vulnerabilities to steal data or gain unauthorized access to networks.
 Many home users rely on routers that are not adequately secured, and attackers can
take advantage of weak security measures.
8. Security Precautions:
 Regular updates on security protocols and tools, as well as the use of strong,
randomized encryption keys, are crucial to protect wireless networks from evolving
threats.
 IT administrators should stay aware of new vulnerabilities and countermeasures to
mitigate potential risks.
The main takeaway is that while wireless networks offer convenience, they also present
significant security challenges. Both users and administrators need to stay vigilant and adopt
best practices for securing their wireless networks to prevent unauthorized access and data
theft.
Cybersecurity: Understanding Cyber Crimes, Computer Forensics, and Legal Perspectives
1. Cybercriminals Stealing Internet Access
 Some network owners or cybercriminals may try to steal internet access from their
neighbors by logging into unprotected or unsecured networks.
 To do this, they might:
o Find out the IP address of the router in use.
o Open the command prompt (cmd) and type ipconfig /all to find the router's
default gateway IP.
 o Enter the router’s IP address in a browser to retrieve information about the
network they are stealing from.
2. Legal Perspective on Stealing Wireless Internet
 Is it illegal?: The legality of stealing wireless internet access depends on the region's
laws. Generally, logging into a wireless network that is accessible to anyone with a
receiver (like public Wi-Fi) is not considered illegal. However, using someone else’s
network without permission can be problematic, and specific laws vary across
countries.
 Wardriving: The practice of driving around in a vehicle and searching for wireless
networks using a portable computer or PDA is known as wardriving.
o Software like NetStumbler for Windows, Kismet for Linux, and KisMac for
Macintosh can help in detecting wireless networks.
o Wardriving is akin to tuning a radio to pick up signals; if networks are open and
unsecured, they can be detected without breaking any laws.
3. Other "War" Terminology in Cybersecurity
 Warwalking: Similar to wardriving but involves walking rather than driving. It is slower
and less effective due to walking speeds but can still detect networks using handheld
devices like smartphones or pocket PCs with Wi-Fi and GPS capabilities.
 Warbiking: Involves searching for wireless networks while on a bicycle or motorcycle,
usually with a Wi-Fi-enabled device mounted on the vehicle.
 Warkitting: A hybrid of wardriving and rootkitting. It involves discovering vulnerable
wireless routers (through wardriving or databases) and modifying the router's
configuration or firmware remotely to gain control over network traffic. This can even
disable secure connections like SSL.
 WAPKitting: Involves taking control of a router’s firmware through external software,
potentially exploiting open administrative access. This can allow attackers to make
malicious changes to the router settings without direct intervention.
 WAPjacking: Similar to WAPkitting but less severe. It modifies the router’s settings to
hijack or reroute network traffic without altering the router's firmware itself. This can
potentially lead to hijacked connections or traffic interception.
4. Security Risks in Wireless Networks
 There are several security issues associated with unsecured wireless networks, such as
unauthorized access and potential cybercrimes. Therefore, it is crucial to secure your
network properly.
5. How to Secure Wireless Networks
 Here are some essential steps for improving the security of wireless networks:

1. Change Default Settings: Change the default IP addresses, usernames, and

passwords of wireless devices.
2. Enable WPA/WEP Encryption: Protect your data by using encryption protocols
such as WPA or WEP.
3. Change Default SSID: Avoid using the default SSID (network name) for better
security.
 4. Enable MAC Address Filtering: Restrict access to only devices with specific MAC
addresses.
5. Disable Remote Login: Prevent remote access to the router.
6. Disable SSID Broadcast: Hide your network’s SSID from appearing in public
networks.
7. Turn Off Unused Features: Disable unnecessary features in your access point,
like music or printing support.
8. Choose a Unique Network Name: Avoid using obvious names like
"My_Home_WiFi" to protect your privacy.
9. Avoid Auto-Connecting to Open Networks: Always manually choose secure
networks and avoid auto-connect.
10. Upgrade Router Firmware: Keep your router's firmware updated to protect
against vulnerabilities.
6. Tools to Protect Wireless Networks
 Several tools can help you monitor and protect your wireless network from
cybercriminals:
o Zamzom Wireless Network Tool: A free tool to detect all connected devices on
your wireless network, including unauthorized ones.
o AirDefense Guard: An advanced intrusion detection system for wireless LANs
that can detect DoS attacks, man-in-the-middle attacks, and identity theft.
o Wireless Intrusion Detection System (WIDZ): Monitors local frequencies for
potentially malicious activity, such as bogus access points and scans.
o BSD-Airtools: A complete toolset for auditing 802.11b wireless networks,
including tools for detecting access points and cracking WEP encryption.
o Google Secure Access: A free Wi-Fi service from Google that encrypts internet
traffic through a VPN, offering protection for users in Mountain View, CA.
7. Additional Tips for Securing Networks
 Assign Static IP Addresses: Helps in controlling access and avoiding conflicts with
dynamic IP addressing.
 Enable Firewalls: Ensure firewalls are enabled on both your router and devices to block
unauthorized access.
 Position the Router Safely: Place the router in a location that minimizes the risk of
external attacks.
 Turn Off the Network When Not in Use: Disable the wireless network during times
when it is not in use to limit exposure to attacks.
 Monitor Regularly: Continuously monitor the security of your network to detect and
address vulnerabilities.