Cyber offenses: How criminals plan them

• Learning objectives :

• Understand different types of cyber attacks.

• Get an overview of the steps involved in planning cybercrime.
• Understand tools used for gathering information about the target.
• Get an overview on social engineering – what and how
• Learning about the roles of cyber-cafes in cybercrime.
• Understanding what cyber stalking is.
• Learn about botnets and attack vector.
 Introduction
• Technology is like a double-edge sword -> It can be both progressive and
destructive.
• Advancement in Computers and other electronic devices technology is also
no exceptions- They can be used as means of committing crime or target of
the crime.
• Cyber criminals uses WWW and internet to an optimum level to steal data,
contacts , account information and much more of netizens.
• Cybercriminal takes the advantages of lack of awareness about
cybercrimes and cyber-laws among the people who are constantly using
the IT infrastructure for official and personal use.
• People who commit cybercrimes are known as ‘crackers’.
• An attacker would always look to exploit the vulnerabilities in the networks.
• The different kinds of vulnerabilities that the hackers typically looks for are
as follows.
• Inadequate border protection:
• Firewalls misconfigured to allow unnecessary traffics.
• Remote access servers(RAS’s) with weak access control.
• Workstation without the password, use of poor password policy for application
servers.
• Application servers with well-known exploits .
• Administrator fails to install patch to fix up vulnerability.
• Misconfigured systems and systems with default configuration.
• Administor fails to monitor intrusion detection system(IDS) alert and firewall logs to
detect suspicious activity
Difference between Hackers , crackers and
phreakers.
• Hacker:
• A Hacker is a person with strong interest in computers who enjoys
learning and experimenting with them. Hackers are usually very
talented , smart people who understands computers better than
others.
• Hackers are someone who identifies the security system flaws and
works to improve them.
• Hackers are internet security experts who are even hired for
locating and identifying loopholes in the internet security systems
and fix these loopholes and flaws.
• Cracker:
• A cracker is a person who breaks into computer to conduct cybercrime such as
vandalism, theft and snooping in unauthorized areas.

• Crackers are someone who unethically exploits highly sensitive information

and uses the flaws in the security system to his advantages

• The cracker usually breach the internet security and without paying royalties ,
gain access to various software.

• Crackers are some time called black hat.

• Cracking is an act of breaking into computer. There are many open source tools
that is used to breakdown the password. Examples includes Hashcat, John the
ripper, brutus , wfuzz, THC hydra etc.
• Phreaking: It is an art of breaking into phone and/or other
communication system.
• War dialers: it a program that automatically dials phone numbers
looking for the computers on the other end. It catalogs numbers so that
the hackers can call back and try to break in.
 Categories of cybercrime
• Cybercrime / cyber attacks can be categorized based on the following .
• The target of the crime.
• Whether the crime occurs as a single event or a series of the events.

• Crime targeted at individual:

• The goal is to exploit human weakness such as greed and naivety. These crime
includes financial frauds , child pornography , sale of non-existent or stolen items ,
harassment.
• Crime targeted at property:
• The goal is to disrupt normal functionalities of the system, copy the sensitive
information and/or wipe out the data from the system and all of its connected
devices.
• These crime includes credit card frauds, software piracy , trademark violations ,
theft of computer source code, internet-time-theft.
• Crimes targeted at organization.
• Cyber terrorism is a distinct crime against
organizations/government .Attackers uses computer tools and the internet
to terrorize the citizens of a particular country by stealing the private
information and also plant program to get control of the network and/or
system, damage the program and file.
• These crime includes password sniffing, unauthorized accessing of
computer, DoS attacks , Email bombing, salami attack.

• Single event of cybercrime.

• It is a single event from the perspective of the victim. For example,
unknowingly open an attachment that may contain virus that will infect
the system
• Series of events:
• This involves attacker interacting with the victim repetitively . For
example attacker interacts with the victim on the phone and/or via chat
rooms to establish relationship first and then exploit that relationship
to commit the sexual assault .