UNIT II:

Cyber offenses: Criminals Plan: Categories of

Cybercrime Cyber Attacks: Reconnaissance, Passive
Attack, Active Attacks, Scanning/Scrutinizing
gathered Information, Attack, Social Engineering:
Classification of Social Engineering.
Cyberstalking: Types of Stalkers, Working of
Stalking, Real-Life Incident of Cyber stalking,
Cybercafe and Cybercrimes, Botnets: The Fuel for
Cybercrime, Botnet, Attack Vector.
Attacks on mobile/cell phones: Theft, viruses,
mishing, vishing, smishing, hacking Bluetooth.
How Criminals Plan Them –Introduction
• Technology is a “double-edged sword” as it can be used for both good
and bad purposes
• People with the tendency to cause damages or carrying out illegal
activities will use it for bad purpose.
• Computers and tools available in IT are also used as either target of
offense.
• In today’s world of Internet and computer networks, a criminal activity
can be carried out across national borders.
• Cybercriminal use the World Wide Web and Internet to an optimum
level for all illegal activities to store data, contacts, account information,
etc.
• The criminals take advantage of the widespread lack of awareness about
cybercrimes and cyber laws among the people who are constantly using
the IT infrastructure for official and personal purposes.
• People who commit cybercrimes are known as “Crackers”
Hacker:
• A hacker is a person with a strong interest in
computers who enjoys learning and
experimenting with them.
• Hackers are usually very talented, smart
people who understand computers better
than others.
• The term is often confused with cracker that
defines someone who breaks into computers
Cracker:
• A cracker is a person who breaks into
computers. Crackers should not be confused
with hackers. The term “cracker” is usually
connected to computer criminals. Some of
their crimes include vandalism, theft and
snooping in unauthorized areas.
Phreaking:
• This is the notorious art of breaking into
phone or other communication systems.
• Phreaking sites on the Internet are popular
among crackers and other criminals
Brute force hacking:
• It is a technique used to find passwords or
encryption keys. Brute force hacking involves
trying every possible combination of letters,
numbers, etc., until the code is broken
Cracking:
• It is the act of breaking into computers. Cracking
is a popular, growing subject on the Internet.
Many sites are devoted to supplying crackers
with programs that allow them to crack
computers.
Cracker tools:
• These are programs used to break into
computers. Cracker tools are widely distributed
on the Internet. They include password crackers,
Trojans, viruses, war dialers and worms
War dialer
• Program automatically dials phone numbers
looking for computers on the other end.
• It catalogs numbers so that the hackers can call
back and try to break in.
• An attacker would look to exploit the
vulnerabilities in the networks, most often so
because the networks are not adequately
protected.
The categories of vulnerabilities that hackers
typically search for are the following:
• Inadequate border protection (border as in
the sense of network periphery);
• remote access servers (RASs) with weak
access controls;
• application servers with well-known exploits;
• misconfigured systems and systems with
default configurations.
A small network highlighting specific occurrences of several vulnerabilities
Categories of Cybercrime
• Cybercrime can be categorized based on the
following:
1. The target of the crime and
2. whether the crime occurs as a single event or as a
series of events.
• Cybercrime can be targeted against individuals
(persons), assets (property) and/or
organizations (government, business and
social).
Crimes targeted at individuals:
• The goal is to exploit human weakness such as
greed and naivety.
• These crimes include financial frauds, sale of
non-existent or stolen items, child pornography,
copyright violation, harassment, etc. with the
development in the IT and the Internet;
• thus, criminals have a new tool that allows them
to expand the pool of potential victims.
• However, this also makes difficult to trace and
apprehend the criminals.
Crimes targeted at property:
• This includes stealing mobile devices such as
cell phone, laptops, personal digital assistant
(PDAs), and removable medias (CDs and pen
drives); transmitting harmful programs that
can disrupt functions of the systems and/or
can wipe out data from hard disk, and can
create the malfunctioning of the attached
devices in the system such as modem, CD
drive, etc.
Crimes targeted at organizations:
• Cyber terrorism is one of the distinct crimes
against organizations/ governments.
• Attackers use computer tools and the Internet
to usually terrorize the citizens of a particular
country by stealing the private information,
and also to damage the programs and files or
plant programs to get control of the network
and/or system
Single event of cybercrime:
• It is the single event from the perspective of the
victim. For example, unknowingly open an
attachment that may contain virus that will infect
the system (PC/laptop). This is known as hacking or
fraud.
Series of events:
• This involves attacker interacting with the victims
repetitively. For example, attacker interacts with
the victim on the phone and/or via chat rooms to
establish relationship first and then they exploit
that relationship to commit the sexual assault.
How Criminals Plan the Attacks
• Criminals use many methods and tools to locate the
vulnerabilities of their target.
• The target can be an individual and/or an
organization.
• Criminals plan passive and active attacks
• Active attacks are usually used to alter the system
• whereas passive attacks attempt to gain information
about the target.
• Active attacks may affect the availability, integrity and
authenticity of data whereas passive attacks lead to
violation of confidentiality.
The following phases are involved in planning
cybercrime:
1. Reconnaissance (information gathering) is the first
phase and is treated as passive attacks.
2. Scanning and scrutinizing the gathered
information for the validity of the information as
well as to identify the existing vulnerabilities.
3. Launching an attack (gaining and maintaining the
system access).
Reconnaissance
• The literal meaning of “Reconnaissance” is an act of finding
something or somebody.
• In the world of “hacking,” reconnaissance phase begins with
“Footprinting” –
• Footprinting gives an overview about system vulnerabilities and
provides a judgment about possible exploitation of those
vulnerabilities. 
• The objective of this preparatory phase is to understand the system,
its networking ports and services, and any other aspects of its
security that are needful for launching the attack.
• Thus, an attacker attempts to gather information in two phases:
passive and active attacks. Let us understand these two phases.
Passive Attacks
A passive attack involves gathering information about a target
without his/her knowledge.
It can be as simple as watching a building to identify what time
employees enter the building premises.
It is usually done using Internet searches or by Googling an
individual or company to gain information.
1. Google or Yahoo search: People search to locate information about
employees.
2. Surfing online community groups like Orkut/Facebook will prove
useful to gain the information about an individual.
3. Organization’s website may provide a personnel directory or
information about key employees.
4. Blogs, newsgroups, press releases, etc. are generally used as the
mediums to gain information about the company or employees.
5. Going through the job postings in particular job profiles for technical
persons.
Active Attacks
• An active attack involves probing the network to
discover individual hosts to confirm the
information gathered in the passive attack phase.
• It involves the risk of detection and is also called
“Rattling the doorknobs” or “Active
reconnaissance.”
• Active reconnaissance can provide confirmation to
an attacker about security measures in place, but
the process can also increase the chance of being
caught or raise a suspicion.
Scanning and Scrutinizing Gathered Information
• Scanning is a key step to examine intelligently
while gathering information about the target.
• The objectives of scanning are as follows:
1. Port scanning: Identify open/close ports and
services.
2. Network scanning: Understand IP Addresses and
related information about the computer network
systems.
3. Vulnerability scanning: Understand the existing
weaknesses in the system.
Attack
• After the scanning and enumeration, the
attack is launched using the following steps:
1. Crack the password.
2. exploit the privileges.
3. execute the malicious commands/applications.
4. hide the files (if required).
5. cover the tracks – delete the access logs, so that
there is no trail illicit activity.
Social Engineering
• Social engineering is the “technique to influence” and “persuasion to
deceive” people to obtain the information or perform some action.
• Social engineers exploit the natural tendency of a person to trust
social engineers’ word, rather than exploiting computer security
holes.
• It is generally agreed that people are the weak link in security and
this principle makes social engineering possible.
• A social engineer usually uses telecommunication (i.e., telephone
and/or cell phone) or Internet to get them to do something that is
against the security practices and/or policies of the organization.
• Social engineering involves gaining sensitive information or
unauthorized access privileges by building inappropriate trust
relationships with insiders.
• It is an art of exploiting the trust of people, which is not doubted
while speaking in a normal manner.
• The goal of a social engineer is to fool someone into
providing valuable information or access to that
information.
• Social engineer studies the human behavior so that people
will help because of the desire to be helpful, the attitude
to trust people, and the fear of getting into trouble.
• The sign of truly successful social engineers is that they
receive information without any suspicion.
• A simple example is calling a user and pretending to be
someone from the service desk working on a network
issue; the attacker then proceeds to ask questions about
what the user is working on, what file shares he/she uses,
what his/her password is, and so on
Classification of Social Engineering
• Human-Based Social Engineering
– Impersonating an employee or valid user
– Posing as an important user
– Using a third person
– Calling technical support
– Shoulder surfing
– Dumpster diving
• Computer-Based Social Engineering
– Fake E-Mails
– E-Mail attachments
– Pop-up windows
Impersonating an employee or valid user

• “Impersonation” is perhaps the greatest technique

used by social engineers to deceive people.
• Social engineers “take advantage” of the fact that
most people are basically helpful, so it seems
harmless to tell someone who appears to be lost
where the computer room is located, or to let
someone into the building who “forgot” his/her
badge, etc., or pretending to be an employee or
valid user on the system.
Posing as an important user
• The attacker pretends to be an important user
– for example, a Chief Executive Officer (CEO)
or high-level manager who needs immediate
assistance to gain access to a system.
• The attacker uses intimidation so that a
lower-level employee such as a help-desk
worker will help him/her in gaining access to
the system. Most of the low-level employees
will not ask any question to someone who
appears to be in a position of authority
Using a third person
• An attacker pretends to have permission from an
authorized source to use a system. This trick is
useful when the supposed authorized personnel is
on vacation or cannot be contacted for verification
Shoulder surfing
• It is a technique of gathering information such as
usernames and passwords by watching over a
person’s shoulder while he/she logs into the
system, thereby helping an attacker to gain access
to the system.
Dumpster diving
• It involves looking in the trash for information written on
pieces of paper or computer printouts.
• This is a typical North American term; it is used to describe
the practice of rummaging through commercial or
residential trash to find useful free items that have been
discarded.
• It is also called dumpstering, binning, trashing, garbing or
garbage gleaning.
• “Scavenging” is another term to describe these habits.
• In the UK, the practice is referred to as “ binning” or
“skipping” and the person doing it is a “binner” or a
“skipper.”
Computer-Based Social Engineering
• Computer-based social engineering refers to
an attempt made to get the required/desired
information by using computer
software/Internet.
Fake E-Mails
• The attacker sends fake E-Mails to users in such that the user finds it as a real
e-mail.
• This activity is also called “Phishing”.
• It is an attempt to attract the Internet users (netizens) to reveal their personal
information, such as usernames, passwords and credit card details by
impersonating as a trustworthy and legitimate organization or an individual.
• Banks, financial institutes and payment gateways are the common targets.
• Phishing is typically carried out through E-Mails or instant messaging and often
directs users to enter details at a website, usually designed by the attacker with
abiding the look and feel of the original website.
• Thus, Phishing is also an example of social engineering techniques used to fool
netizens.
• The term “Phishing” has been evolved from the analogy that Internet
scammers are using E-Mails attract to fish for passwords and financial data from
the sea of Internet users.
• The term was coined in 1996 by hackers who were stealing AOL Internet
accounts by scamming passwords without the knowledge of AOL users.
• As hackers have a tendency of replacing “f” with “ph,” the term “Phishing”
came into being.
E-Mail attachments
• E-Mail attachments are used to send malicious
code to a victim’s system, which will automatically
get executed.
• Viruses, Trojans, and worms can be included
cleverly into the attachments to entice a victim to
open the attachment.
Pop-up windows
• Pop-up windows are also used, in a similar
manner to E-Mail attachments. Pop-up windows
with special offers or free stuff can encourage a
user to unintentionally install malicious software.
 Cyberstalking
• The dictionary meaning of “stalking” is an “act
or process of following prey stealthily – trying
to approach somebody or something.”
• Cyberstalking has been defined as the use of
information and communications technology,
particularly the Internet, by an individual or
group of individuals to harass another
individual, group of individuals, or
organization.
• It involves harassing or threatening behavior
that an individual will conduct repeatedly, for
example, following a person, visiting a person’s
home and/or at business place, making phone
calls, leaving written messages, or vandalizing
against the person’s property. As the Internet
has become an integral part of our personal and
professional lives, cyberstalkers take advantage
of ease of communication and an increased
access to personal information available with a
few mouse clicks or keystrokes
Types of Stalkers
There are primarily two types of stalkers.
1. Online stalkers
• They aim to start the interaction with the victim directly with the help of the
Internet.
• E-Mail and chat rooms are the most popular communication medium to get
connected with the victim, rather than using traditional instrumentation like
telephone/cell phone.
• The stalker makes sure that the victim recognizes the attack attempted on
him/her.
• The stalker can make use of a third party to harass the victim.
2. Offline stalkers
• The stalker may begin the attack using traditional methods such as following the
victim, watching the daily routine of the victim, etc.
• Searching on message boards/newsgroups, personal websites, and people finding
services or websites are most common ways to gather information about the
victim using the Internet.
• The victim is not aware that the Internet has been used to perpetuate an attack
against them.
Cases Reported on Cyberstalking
• The majority of cyberstalkers are men and the majority of
their victims are women.
• Some cases also have been reported where women act as
cyberstalkers and men as the victims as well as cases of
same-sex cyberstalking.
• In many cases, the cyberstalker and the victim hold a
prior relationship, and the cyberstalking begins when the
victim attempts to break off the relationship, for example,
ex-lover, ex-spouse, boss/subordinate, and neighbor.
• However, there also have been many instances of
cyberstalking by strangers.
How Stalking Works?
It is seen that stalking works in the following ways:
1. Personal information gathering about the victim: Name; family background;
contact details such as cell phone and telephone numbers ; address of residence as
well as of the office; E-Mail address; date of birth, etc.
2. Establish a contact with victim through telephone/cell phone. Once the contact is
established, the stalker may make calls to the victim to threaten/harass.
3. Stalkers will almost always establish a contact with the victims through E-Mail. The
letters may have the tone of loving, threatening or can be sexually explicit. The
stalker may use multiple names while contacting the victim
4. Some stalkers keep on sending repeated E-Mails asking for various kinds of favors
or threaten the victim.
5. The stalker may post the victim’s personal information on any website related to
illicit services such as sex-workers’ services or dating services, posing as if the
victim has posted the information and invite the people to call the victim on the
given contact details to have sexual services. The stalker will use bad and/or
offensive/attractive language to invite the interested persons.
6. Whosoever comes across the information, start calling the victim on the given
contact details , asking for sexual services or relationships.
7. Some stalkers subscribe/register the E-Mail account of the victim to innumerable
pornographic and sex sites, because of which victim will start receiving such kind of
unsolicited E-Mails.
Real-Life Incident of Cyberstalking
Case Study
The Indian police have registered first case of cyberstalking in Delhi
the brief account of the case has been mentioned here

– Mrs. Joshi received almost 40 calls in 3 days mostly at odd hours from
as far away as Kuwait, Cochin, Bombay, and Ahmadabad.
– The said calls created havoc in the personal life destroying mental
peace of Mrs. Joshi who decided to register a complaint with Delhi
Police.
– A person was using her ID to chat over the Internet at the website
www.mirc.com, mostly in the Delhi channel for four consecutive days.
– This person was chatting on the Internet, using her name and giving her
address, talking in obscene language.
– The same person was also deliberately giving her telephone number to
other chatters encouraging them to call Mrs. Joshi at odd hours.
– This was the first time when a case of cyberstalking was registered.
– Cyberstalking does not have a standard definition but it can be defined
to mean threatening, unwarranted behavior, or advances directed by
one person toward another person using Internet and other forms of
Cyberbullying
Cyberbullying as “when the Internet, cell phones
or other devices are used to send or post text or
images intended to hurt or embarrass another
person.”
Cybercafe and Cybercrimes
• It is extremely important to understand the IT security and governance practiced
in the cybercafes.
• In the past several years, many instances have been reported in India, where
cybercafes are known to be used for either real or false terrorist communication.
• Cybercrimes such as stealing of bank passwords and subsequent fraudulent
withdrawal of money have also happened through cybercafes.
• Cybercafes have also been used regularly for sending obscene mails to harass
people.
• Public computers, usually referred to the systems, available in cybercafes, hold
two types of risks.
• First, we do not know what programs are installed on the computer – that is, risk
of malicious programs such as keyloggers or Spyware, which maybe running at
the background that can capture the keystrokes to know the passwords and
other confidential information and/or monitor the browsing behavior.
• Second, over-the-shoulder surfing can enable others to find out your passwords.
Therefore, one has to be extremely careful about protecting his/her privacy on
such systems, as one does not know who will use the computer after him/her. 
• Cybercriminals prefer cybercafes to carry out
their activities.
• The criminals tend to identify one particular
personal computer (PC) to prepare it for their
use.
• Cybercriminals can either install malicious
programs such as keyloggers and/or Spyware or
launch an attack on the target.
• Cybercriminals will visit these cafes at a
particular time and on the prescribed frequency,
maybe alternate day or twice a week.
A recent survey conducted in one of the metropolitan cities in India reveals
the following facts:
• Pirated software(s) such as OS, browser, office automation software(s)
(e.g., Microsoft Office) are installed in all the computers.
• Antivirus software is found to be not updated to the latest patch and/or
antivirus signature.
• Annual maintenance contract (AMC) found to be not in a place for
servicing the computers; hence, hard disks for all the computers are not
formatted unless the computer is down. Not having the AMC is a risk
from cybercrime perspective because a cybercriminal can install a
Malicious Code on a computer and conduct criminal activities without any
interruption.
• Pornographic websites and other similar websites with indecent contents
are not blocked.
• Cybercafe owners have very less awareness about IT Security and IT
Governance.
• Cybercafe association or State Police (cyber cell wing) do not seem to
conduct periodic visits to cybercafes
Here are a few tips for safety and security while
using the computer in a cybercafe:
1. Always logout:
2. Stay with the computer:
3. Clear history and temporary files:
4. Be alert:
5. Avoid online financial transactions:
6. Change passwords:
 Botnets: The Fuel for Cybercrime
• A Bot is simply an automated computer program One
can gain the control of computer by infecting them with
a virus or other Malicious Code that gives the access.
• Computer system maybe a part of a Botnet even though
it appears to be operating normally.
• Botnets are often used to conduct a range of activities,
from distributing Spam and viruses to conducting
denial-of-service (DoS) attacks.
• A Botnet (also called as zombie network) is a network of
computers infected with a malicious program that
allows cybercriminals to control the infected machines
remotely without the users’ knowledge.
• Zombie networks” have become a source of
income for entire groups of cybercriminals.
The invariably low cost of maintaining a
Botnet and the ever diminishing degree of
knowledge required to manage.
• If someone wants to start a “business” and
has no programming skills, there are plenty of
“Bot for sale” offers on forums.
• ‘encryption of these programs’ code can also
be ordered in the same way to protect them
from detection by antivirus tools
One can ensure following to secure the system:
1. Use antivirus and anti-Spyware software and keep it up-to-
date.
2. Set the OS to download and install security patches
automatically
3.Use a firewall to protect the system from hacking attacks
while it is connected on the Internet: A firewall is a software
and/or hardware that is designed to block unauthorized
access while permitting authorized communications.
4. Disconnect from the Internet when you are away from your
computer.
5. Downloading the freeware only from websites that are
known and trustworthy.
6. Check regularly the folders in the mail box – “sent items” or
“outgoing” – for those messages you did not send.
7. Take an immediate action if your system is infected.
Malware: It is malicious software, designed to
damage a computer system without the owner’s
informed consent. Viruses and worms are the
examples of malware.
Adware: It is advertising-supported software,
which automatically plays, displays, or
downloads advertisements to a computer after
the software is installed on it or while the
application is being used. Few Spywares are
classified as Adware
Spam: It means unsolicited or undesired E-Mail
messages
Spamdexing: It is also known as search Spam or search
engine Spam. It involves a number of methods, such as
repeating unrelated phrases, to manipulate the
relevancy or prominence of resources indexed by a
search engine in a manner inconsistent with the
purpose of the indexing system.
DDoS: Distributed denial-of-service attack (DDoS)
occurs when multiple systems flood the bandwidth or
resources of a targeted system, usually one or more
web servers. These systems are compromised by
attackers using a variety of methods.
 Attack Vector
• An “attack vector” is a path, which an attacker can gain
access to a computer or to a network server to deliver a
payload or malicious outcome.
• Attack vectors enable attackers to exploit system
vulnerabilities, including the human element.
• Attack vectors include viruses, E-Mail attachments,
webpages, pop-up windows, instant messages, chat rooms,
and deception. All of these methods involve programming,
except deception, in which a human operator is fooled into
removing or weakening system defenses.
• To some extent, firewalls and antivirus software can block
attack vectors.
• However, no protection method is totally attack-proof.
• A defense method that is effective today may
not remain so for long because attackers are
constantly updating attack vectors, and
seeking new ones, in their quest to gain
unauthorized access to computers and
servers.
• The most common malicious payloads are
viruses (which can function as their own
attack vectors), Trojan Horses, worms, and
Spyware.
The attack vectors described here are how most of them
are launched.
• Attack by E-Mail: The content is either embedded in
the message or linked to by the message.
• Attachments (and other files): Malicious attachments
install malicious computer code. The code could be a
virus, Trojan Horse, Spyware, or any other kind of
malware.
• Attack by deception: Deception is aimed at the
user/operator as a vulnerable entry point. It is not just
malicious computer code that one needs to monitor.
Social engineering are other forms of deception that
are often an attack vector too.
• Hackers: Hackers/crackers are a formidable attack
vector because, unlike ordinary Malicious Code,
people are flexible and they can improvise.
Hackers/crackers use variety of hacking tools.
• Heedless guests (attack by webpage): Counterfeit
websites are used to extract personal information.
Such websites look very much like the genuine
websites they imitate.
• Attack of the worms: Many worms are delivered as E-
Mail attachments, but network worms use holes in
network protocols directly. Any remote access service,
like file sharing, is likely to be vulnerable to this sort of
worm.
• Malicious macros: Microsoft Word and
Microsoft Excel are some of the examples that
allow macros. A macro does something like
automating a spreadsheet, for example.
Macros can also be used for malicious
purposes.
• Foistware (sneakware): Foistware is the
software that adds hidden components to the
system with cunning nature.
• Viruses: These are malicious computer codes
that hitch a ride and make the payload.
Zero-Day Attack
• A zero-day (or zero-hour) attack is a computer
threat which attempts to exploit computer
application vulnerabilities that are unknown to
anybody in the world and/or for which no patch
(i.e., security fix) is available.
• Zero-day exploits are used or shared by attackers
before the software vendor knows about the
vulnerability
Zero-day emergency response team (ZERT):
This is a group of software engineers who work to
release non-vendor patches for zero-day exploits.