Go, change the

RV College world
of
Engineering
22EM106-Introduction to Cyber Security

UNIT- II
Chapter-2:Cyber Offenses How Criminals Plan Them
Text Book:
Cyber Security Understanding Cyber Crimes, Computer Forensics and Legal Perspectives by Sumit Belapure and Nina
Godbole, Wiley India Pvt. Ltd, 1st Edition 2011,Reprint 2022, ISBN:978-81-265-2179-1 .

Course Incharge: Dr.Mohana

Department of Computer Science & Engineering (Cyber Security)
RV College of Engineering, Bangalore-560059
RV College of
Engineering Unit - II Syllabus Go, change the
world
 RV College of
Engineering Learning outcomes Go, change the
world

• Understand different types of cyberattacks

• Get an overview of the steps involved in planning cybercrime
• Understand tools used for gathering information about the target.
 RV College of
Engineering Introduction Go, change the
world

• Technology is a double-edged sword

• Target of offense and false sense of anonymity
• Misuse of information
• Agencies collect information about the individuals
• Cyber criminals use WWW and internet for all illegal activities
• Lack of awareness and about cybercrime and cyber laws.
• People who commit cybercrimes are known as crackers.
 RV College of
Engineering
Go, change the
world
⮚ An attacker would always try to exploit vulnerabilities in the network, most
often because networks are not adequately protected. The categories of
vulnerabilities that they search are as follows:
⮚ Inadequate border protection(network periphery)
⮚ Remote access servers with weak access controls
⮚ Application servers with well-known exploits
⮚ Misconfigured systems and systems with default configurations
RV College of
Engineering
Go, change the
world
 RV College of
Engineering Hackers and crackers Go, change the
world

Hackers:
• Person with strong interest in computers and enjoys learning and
experimenting
• Very talented and smart people
Crackers:
• Person who breaks into computer
• Crimes include vandalisms, theft and snooping in unauthorized areas
 RV College of
Engineering
Go, change the
world
• 1. Hacker:
• A hacker is a person who is generally skilled in computer programming and
technology. Hackers can be of two types:
• White Hat Hackers: These are ethical hackers who use their skills to identify and fix
security vulnerabilities. They work to improve cybersecurity and protect systems.
• Black Hat Hackers: These are malicious hackers who use their skills for illegal or
unethical purposes, such as gaining unauthorized access to computer systems, stealing
data, or causing harm.
• The term "hacker" is often used broadly and can refer to anyone with advanced
computer skills, but it's essential to distinguish between those who use their skills for
good and those who engage in cybercrime.
• Brute force hacking: It is a technique used to find password or encryption keys by
trying every possible combinations of letters, numbers etc until code is broken.
 RV College of
Engineering
Go, change the
world
2. Cracker:
• A cracker is a subset of hackers, specifically referring to
individuals who engage in unauthorized activities, often with
malicious intent. Crackers are primarily focused on breaking
into computer systems, networks, and software for illegal
purposes, such as software piracy, data theft, or disrupting
services.
• While the term "cracker" is less commonly used today, it
historically referred to those who "crack" software to remove
copy protection or license restrictions, allowing it to be used
without authorization.
 RV College of
Engineering
Go, change the
world
• 3. Phreaker:
• Phreakers are individuals who manipulate or exploit the
telecommunication infrastructure, such as phone systems, to make
free or unauthorized calls. This practice, known as "phone phreaking,"
was more common in the past when phone networks were less secure.
• Phreakers were known for using various techniques to access free long-
distance calls, explore the phone network's inner workings, and
sometimes engage in pranks or illegal activities related to
telecommunications.
⮚ 4. War Dialers: Often called as ‘Demon dialers’ automatically dial phone numbers of
same area code to look for unprotected modems.
⮚ A single wardialing call would involve calling an unknown number, and
waiting for one or two rings, since answering computers usually pick up
on the first ring. If the phone rings twice, the modem hangs up and
tries the next number. If a modem or fax machine answers, the
 RV College of
Engineering
Go, change the
world
⮚ Patriotic hacking is a term for computer hacking or system
cracking in which citizens or supporters of a country,
traditionally industrialized Western countries but increasingly
developing countries, attempt to perpetrate attacks on, or
block attacks by, perceived enemies of the state.
⮚ It has been deemed illegal and reserved only for government
agencies like CIA,NSA,FBI etc
RV College of
Engineering
Go, change the
world
 RV College of
Engineering
Go, change the
world
⮚ How cybercriminals plan attacks is a basic question that every cybersecurity
expert needs to know. Cybercriminals use various tools and techniques to
identify the vulnerabilities of their target victims. The target can either be an
individual or an organization. Most cyber-attacks aim at stealing valuable
information or breaching systems. Criminals plan active and passive attacks.
⮚ Active attacks actively aim to alter the targeted system. On the other hand,
passive attacks only attempt to acquire as much information as possible about
their target.

⮚ Active attacks may affect the integrity, authenticity, and availability of data,
whereas passive attacks lead to breaches of privacy.
 RV College of
Engineering
Go, change the
world
⮚ Cyber-attacks can also be classified as either outside attacks or inside attacks.
An attack originating or executed from within the security perimeter of an
organization is called an inside attack. In most cases, inside attacks are
engineered and performed by employees who have access to the organization’s
credentials and knowledge of the organization’s security infrastructure.

⮚ However, attacks executed from outside an organization’s or entity’s security

firewall are referred to as an outside attack. This type of attack is performed by
someone who does not have a direct association with the organization. The
attack can be made over the internet or via a remote access connection.
 RV College of
Engineering Who are cybercriminals? Go, change the
world
⮚ Most cyber-attacks are spearheaded by individuals or small groups of
hackers. However, sizeable organized crime also exploits the internet. These
criminals, branded as “professional” hackers, develop new and innovative
ways to commit crimes. Others form global criminal conglomerates and treat
cyber-crime like an income-generating investment.

⮚ Criminal communities operate as a unit, where they share strategies and tools
to launch coordinated attacks, either from the same place or from different
remote locations. The “business” has advanced over the past few years with
the emergence of underworld cyber-markets, where you can conveniently
purchase and sell stolen credentials and other information of significance.
 RV College of
Engineering
Go, change the
world
⮚ The internet makes it very difficult to track down cybercriminals. It allows
cybercriminals to collaborate anonymously(Dark Web(hidden part of
internet), Tor(The Onion Router) tool, Cryptocurrencies,
Virtual Private Networks (VPNs), Hacker Forums and
Marketplaces). Attacks can be launched and controlled from any
location across the globe. Hackers often use computers that have already been
hacked, and any form of identity is removed.

⮚ This makes it extremely difficult to identify the attacker, tool, or gadget used
to execute the attack. Crime laws vary from country to country, making the
situation very complicated when an attack is launched from a different
country.
 RV College of
Engineering Types of Cyber Crime Go, change the
world
a. Cyber-crime targeting an individual
⮚ In this type of attack, criminals exploit human weaknesses such as innocence,
ignorance, and avidity(eager). Attacks targeting an individual include copyright
violation, sale of stolen or non-existent properties, financial fraud, harassment,
etc. The latest technological advancements and developments of new
innovative attacking tools allow cyber criminals to expand the group of
potential victims.

⮚ 79% of security professionals think that the biggest threat to endpoint security
is the negligence among the employees for security practices. We are all human,
and we all make mistakes. However, many people are scheming day and night
to take advantage of a single silly mistake. This mistake can cost you
tremendous financial loss.
 RV College of
Engineering
Go, change the
world
b. Cybercrime against an organization
⮚ Cyber-attacks against an organization are also referred to as cyber terrorism.
Hackers rely on computers and the internet to perform cyber terrorism, steal
confidential information or destroy valuable files, take total control of the
network system, or damage programs. An example is a cyber-attack on
financial institutions such as banks.
 RV College of
Engineering
Go, change the
world
c. Cybercrimes target valuable assets
⮚ This kind of crime involves stealing property such as laptops, pen drives,
DVDs, mobile devices, CDs, iPad, etc. In some cases, an attacker may infect the
devices with a malicious program such as malware or Trojan to disrupt the
functionality. One of the virus used to steal information from target victims is
known as a Shortcut virus. The Shortcut virus is a form of a virus that converts
your valid files into a form that cannot be accessed on your PC’s hard drive or
Flash drive. The shortcut does not delete the actual file but instead hides it
behind the shortcut files.
 RV College of
Engineering
Go, change the
world
d. Attacks using a single event
⮚ From the victim’s point of view, this attack is performed with a single action.
For example, an individual mistakenly opens an email containing corrupted
files, which may either be malware or a link that redirects you to a corrupted
website. An attacker then uses the malware as a backdoor to access your
system and take over the control of the entire system if need be. This type of
attack can also be used to cause organization-wide havoc, and it all starts with
a single click by an “ignorant” employee.
 RV College of
Engineering
Go, change the
world
e. Cyber-attacks considering a chain of events
⮚ In some situations, hackers perform a series of events to track a victim and
interact with them personally. For example, an attacker may make a phone
call or chat room to establish a connection with the victim and afterward steal
or explore valuable data by breaching the relationship between the two
parties. Nowadays, this type of attack is prevalent. Therefore, you should be
extremely cautious before accepting a friend request on Facebook or joining a
WhatsApp group using links from unknown sources or WhatsApp groups.
 RV College of
Engineering How Cybercriminals Plan Attacks Go, change the
world
⮚ Below are the 5 phases involved in planning a cyber-attack.
1. Reconnaissance – footprint(initial phase) this is the information-gathering
stage and is usually considered a passive attack.
2. Passive attack
3. Active attack
4. Scanning and scrutinization of the collected data for validation and accurate
identification of existing vulnerabilities.
5. Launching the attack – entails gaining and maintaining access to the
system.
 RV College of
Engineering
Go, change the
world
1. Reconnaissance
⮚ The first step in how cybercriminals plan attacks is always Reconnaissance. The literal
meaning of reconnaissance is an act of exploring with an aim or goal of finding
someone or something about the target. Concerning cybersecurity, it’s an exploration to
gain information about an enemy or a potential enemy. In cybersecurity, reconnaissance
begins with “Footprinting”, the initial preparation towards the preattack phase, and
entails collecting data about the target’s computer infrastructure as well as their cyber-
environment.
⮚ Footprinting gives an overview of the victim’s weak points and suggestions on how they
can be exploited. The primary objective of this phase is to provide the attacker with an
understanding of the victim’s system infrastructure, the networking ports and services,
and any other aspect of security required for launching attacks.
⮚ Thus, an attacker attempts to source data from two different phases: passive and active
attacks.
 RV College of
Engineering
Go, change the
world
2. Passive attacks
This is the second phase of the attack plan. In this phase, an attacker secretly gathers information about their target; the aim is to
acquire the relevant data without the victim noticing. The process can be as simple as watching an organization to see when their CEO
reports to work or spying on a specific department to see when they down their tools. Because most hackers prefer executing their duties
remotely, most passive attacks are conducted over the internet by googling. For example, one may use search engines such as dogpile to
search for information about an individual or organization.
1. Yahoo or Google search: malicious individuals can use these search engines to gather information about employees of the firm they
are targeting to breach their system.
2. Surfing online communities like Twitter, Facebook, Instagram can also prove useful sources to gather information about an
individual, their lifestyle, and probably a hint to their weakness that can then be exploited.
3. The organization’s website may also provide useful information about specific or key individuals within the organization, such as the
CEO, MD, head of the IT department, etc. The website can be used to source personal details such as email addresses, phone numbers,
roles, etc. With the details, an attacker can then launch a social engineering attack to breach their target.
4. Press releases, blogs, newsgroups, and so on, are in some cases, used as the primary channels to gather information about an entity or
employees.
5. Going through job requirements for a specific position within a company can also help an attacker identify the type of technology
being used by a company and the level of competency of their workforce. An attacker can then decide on what method to use when
breaching the targeted system from the data.
RV College of
Engineering
Go, change the
world
RV College of
Engineering
Go, change the
world
 RV College of
Engineering
Go, change the
world
3. Active Attacks
⮚ An active attack involves closely examining the network to discover
individual hosts and verify the validity of the gathered information, such as
the type of operating system in use, IP address of the given gadget, and
available services on the network, collected during the passive attack. It
involves the risk of detection and can also be referred to as “Active
reconnaissance” or “Rattling the doorknobs”
⮚ Active reconnaissance can be used to confirm the security measures put in
place by an attacker, but at the same time, it can alert the victim if not well
executed. The process may raise suspicion or increase the attacker’s chance
of being caught before they execute the full attack.
RV College of
Engineering
Go, change the
world
RV College of
Engineering
Go, change the
world
 RV College of
Engineering
Go, change the
world
4. Scrutinizing and Scanning the Gathered Information
⮚ Scanning is a key step to intelligently examine as you collect information about the network
infrastructure. The process has the following objectives;

1. Network scanning is executed to understand better the IP address and other related information
about the computer network system.
2. Port Scanning – to identify any closed or open ports and services
3. Vulnerability scanning – to identify existing weak links within the system.
⮚ In the hacking world, the scrutinizing phase is also referred to as enumeration. The objective of
scrutinizing includes:

1. To validate the authenticity of the user running the given account, be it an individual or a group of
persons.
2. To identify network resources and or shared resources
3. To verify the operating system and various applications that are running on the computer OS.
 RV College of
Engineering
Go, change the
world
5. Attack
⮚ The attack phase is the last step in the attack process. It involves the hacker
gaining and maintaining full control of the system access. It comes
immediately after scanning and enumeration, and it launches sequentially as
listed in the below steps.
1. Brute force attack or any other relevant method to bypass the password.
2. Exploit the password.
3. Launch the malicious command or applications.
4. hide the files.
5. Cover the tracks, don’t leave any trail that can lead back to you as the
malicious third party. This can be achieved by deleting logs so that there is
no trail for your illicit actions.
 RV College of
Engineering
Go, change the
world

• An attacker would look to exploit the vulnerabilities in the network.

• Categories of vulnerabilities
 RV College of
Engineering Passive attacks Go, change the
world
• Gathering information about a target without his/her knowledge
• Internet searches or by googling.
RV College of
Engineering
Go, change the
world
RV College of
Engineering
Go, change the
world
RV College of
Engineering Tools used during passive attack Go, change the
world
RV College of
Engineering
Go, change the
world
RV College of
Engineering
Go, change the
world
 RV College of
Engineering Active attacks Go, change the
world

• It involves probing the network to discover individual hosts to confirm the information gathered in

the passive attack phase

• Risk of detection and is also called rattling the doorknobs or active reconnaissance

• The attacker efforts to change or modify the content of messages.

• Active Attack is danger for Integrity as well as availability.

• Due to active attack system is always damaged and System resources can be changed.

• The most important thing is that, In active attack, Victim gets informed about the attack.
RV College of
Engineering
Go, change the
world
RV College of
Engineering Tools used during active attack Go, change the
world
RV College of
Engineering
Go, change the
world
RV College of
Engineering
Go, change the
world
RV College of
Engineering
Go, change the
world
RV College of
Engineering
Difference between Active attack and Passive attack Go, change the
world
RV College of
Engineering
Go, change the
world
RV College of
Engineering
Go, change the
world
RV College of
Engineering
Go, change the
world
RV College of
Engineering
Go, change the
world
RV College of
Engineering
Go, change the
world
RV College of
Engineering
Go, change the
world
RV College of
Engineering
Go, change the
world
RV College of
Engineering
Go, change the
world
RV College of
Engineering
Go, change the
world
RV College of
Engineering
Go, change the
world
RV College of
Engineering
Go, change the
world
RV College of
Engineering
Go, change the
world
RV College of
Engineering
Go, change the
world
 RV College of
Engineering Categories of cybercrime Go, change the
world

Cybercrime can be categorized based on

• The target of the crime
• Whether the crime occurs as a single event or as a series of events
1. Crimes targeted at individuals
2. Crimes targeted at property
3. Crimes targeted at organizations
4. Single event of cybercrime
5. Series of events
 RV College of
Engineering 1. Crimes targeted at individuals Go, change the
world

• Human weakness
• Financial frauds
• Child pornography
• Copy right violations
• Harassment
 RV College of
Engineering 2. Crimes targeted at property Go, change the
world
• Stealing devices
• Transmitting harmful programs to destroy the devices
 RV College of
Engineering 3. Crimes targeted at organizations Go, change the
world

• Cyberterrorism
• Attackers (individual / group)
• Usage of computer tools and usage
 RV College of
Engineering 4. Single event of cybercrime Go, change the
world

• It is the single event from the perspective of victim

• Unknowingly opening attachments contain virus
• This is hacking or fraud
 RV College of
Engineering 5. Series of events Go, change the
world

• Attacker interacting with the victims repetitively

• Series of events / demanding
• Cyberstalking
 RV College of
Engineering How criminals plan the attacks Go, change the
world

• Criminals use many methods and tools to locate the vulnerabilities of their target
• Target can be individual or / and organizations
• Active attack and passive attack
• Inside attack and outside attack

Inside attack: originating or attempted within the security perimeter of an organization.

• Attempted by insider
• Gains access to more resources than expected

Outside attack: attempted outside the security perimeter of an organization.

• Attempted through internet or remote access connection.
RV College of
Engineering
Phases involved in planning cybercrime Go, change the
world
 RV College of
Engineering Reconnaissance Go, change the
world

• Is an act of reconnoitering – explore, often with the goal of finding something

or somebody.
• Gain information about an enemy or potential enemy.
• Foot printing- gives an overview about the system vulnerability
• Attackers gather the information in two phases
• Passive and active attacks
 RV College of
Engineering
Scanning and scrutinizing gathered information Go, change the
world
Scanning: key step to examine intelligently while gathering the information.
Objectives of scanning are
 RV College of
Engineering
Go, change the
world
Scrutinizing phase: called enumeration in the hacking world.
The main objective is to identify
 RV College of
Engineering
Attack(gaining and maintaining the system access) Go, change the
world
After scanning and enumeration, the attack is launched using the following steps.
 RV College of
Engineering Social Engineering Go, change the
world

• Technique to influence or persuasion to deceive

• It is the tactic of manipulating, influencing, or deceiving a victim in order to gain
control over a computer system, or to steal personal and financial information.
• Uses telecommunication / internet against the security policy of the organization
RV College of
Engineering Example Go, change the
world
 RV College of
Engineering Classification of social Engineering Go, change the
world

1. Human based social engineering:

• Person to person interaction

• Ex. Calling to get information

2. Computer based social engineering:

• Getting required information by using computer software / internet

• Ex. Fake E-mail

 RV College of
Engineering 1. Human based social engineering: Go, change the
world

• Impersonating an employee or valid user

• Posing as an important user
• Using a third person
• Calling technical support
• Shoulder suffering
• Dumpster driving
RV College of
Engineering Shoulder suffering Go, change the
world
 RV College of
Engineering
Go, change the
world
Dumpster driving: looking or getting information
• Trash
• Pieces of paper or computer printouts
• Garbage
• E-waste etc..
 RV College of
Engineering 2. Computer based social engineering: Go, change the
world

• Fake E-mails
• E-mail attachments
• Pop-up windows
 RV College of
Engineering
Go, change the
world
Fake E-mails:
 RV College of
Engineering
Go, change the
world

E-mail attachments and Pop-up windows:

RV College of
Engineering Past statistics Go, change the
world
 RV College of
Engineering
Go, change the
world

https://www.getastra.com/blog/security-audit/cyber-security-statistics/#:~:text=Social%20engineering%20statistics%202023,-75%25%20of%20security&text=2%
2C249%20social%20engineering%20incidents%20were%20reported
.

https://firewalltimes.com/social-engineering-statistics/
 RV College of
Engineering Cyberstalking Go, change the
world

• Cyberstalkers take advantage of the anonymity afforded by the internet to stalk or harass
their victims, sometimes without being caught, punished or even detected. The terms
cyberstalking and cyberbullying are often used interchangeably.
• Trying to approach some-body or something.
• Refers to use of internet / ICT/ electronic communications devices to stalk another person
• Individual or group of individual to harass another individual, group of individual or
organization.
• Behaviour includes false accusation, monitoring, transmission of threats, ID theft, damage to data
or equipment, and gathering information for harassment purposes.
RV College of
Engineering Types of Cyber stalkers Go, change the
world
RV College of
Engineering Cases reported on cyber stalking Go, change the
world
 RV College of
Engineering
Go, change the
world

https://www.mondaq.com/india/social-media/1193320/cyberstalking-and-the-indian
jurisprudence#:~:text=More%20than%2075%25%20of%20the,354D%20which%20deals%20with%20stalking.
RV College of
Engineering How stalking works Go, change the
world
RV College of
Engineering
Go, change the
world
RV College of
Engineering Real life incident of cyberstalking Go, change the
world
 RV College of
Engineering Cybercafe and cybercrimes Go, change the
world
• A cybercafe is a business which allows people to pay for access to the Internet. Another name
for a cybercafe is an Internet cafe. Such places often look just like cafes or coffee shops, with the
addition of computer terminals.

• Cybercrimes such as stealing of bank passwords and subsequent fraudulent withdrawal of

money have also happened through cybercafes. Cybercafes have also been used regularly for
sending obscene mails to harass people.
 RV College of
Engineering
Go, change the
world
As per survey in india:
RV College of
Engineering Safety and security while using computer in cybercafe Go, change the
world
RV College of
Engineering
Go, change the
world
RV College of
Engineering
Go, change the
world
RV College of
Engineering
Go, change the
world
RV College of
Engineering
Go, change the
world
 RV College of
Engineering Botnets: The fuel of cyber crime Go, change the
world

• Bot- computing
• A botnet (short for “robot network”) is a network of computers infected by malware
that are under the control of a single attacking party, known as the “bot-herder.”
• Each individual machine under the control of the bot-herder is known as a bot.

• Automated program for doing some particular task

RV College of
Engineering Botnet Go, change the
world
RV College of
Engineering
Go, change the
world
RV College of
Engineering
Go, change the
world
RV College of
Engineering
Go, change the
world
RV College of One can ensure the following to secure the system Go, change the
Engineering
world
RV College of
Engineering
Go, change the
world
RV College of
Engineering Attack vector Go, change the
world
RV College of
Engineering
Go, change the
world
RV College of
Engineering
Go, change the
world
RV College of
Engineering
Go, change the
world

Thank you
RV College of
Engineering
Go, change the
world
RV College of
Engineering
Go, change the
world