IV-IT II SEM, Cyber Security (15A05806) Unit - I

Unit – 1
 Cyber Crime

Cybercrime is defined as a crime in which a computer is the object of the crime (hacking,
phishing, spamming) or is used as a tool to commit an offense (child pornography, hate crimes).
Cybercriminals may use computer technology to access personal information, business trade secrets or
use the internet for exploitative or malicious purposes. Criminals can also use computers for
communication and document or data storage. Criminals who perform these illegal activities are often
referred to as hackers.
Cybercrime may also be referred to as computer crime.
 Mobile, Wireless Devices and hand-held devices

Fig: Mobile, wireless and hand-held devices.

1. Portable Computer
It is a general-purpose computer that can be easily moved from one place to another,
but cannot be used while in transit, usually because it requires some “setting-up” and an AC
power source.
2. Tablet PC
It lacks a keyboard, is shaped like a slate or a paper notebook and has features of a
touch- screen with a stylus and handwriting recognition software. Tablets may not be best suited
for applications requiring a physical keyboard for typing, but are otherwise capable of carrying
out most tasks that an ordinary laptop would be able to perform.
3. Internet Tablet
It is the Internet appliance in tablet form. Unlike a Tablet PC, the Internet tablet does
not have much computing power and its applications suite is limited. Also it cannot replace a
general-purpose computer. The Internet tablets typically feature an MP3 and video player, a
Web browser, a chat application and a picture viewer.

Prepared by D. Prasad Reddy Asst. Professor, Dept. of IT, SVCE Page 1 of 14

 IV-IT II SEM, Cyber Security (15A05806) Unit - I

4. Personal Digital Assistant (PDA)

It is a small, usually pocket-sized, computer with limited functionality. It is intended to
supplement and synchronize with a desktop computer, giving access to contacts, address book,
notes, E-Mail and other features.
5. Ultra Mobile PC
It is a full-featured, PDA-sized computer running a general-purpose operating system
(OS).
6. Smartphone
It is a PDA with an integrated cell phone functionality. Current Smartphones have a
wide range of features and installable applications.
7. Carputer
It is a computing device installed in an automobile. It operates as a wireless computer,
sound system, and global positioning system (GPS) and DVD player. It also contains word
processing software and is Bluetooth compatible.
8. Fly Fusion Pentop Computer
It is a computing device with the size and shape of a pen. It functions as a writing utensil,
MP3 player, language translator, digital storage device and calculator.
 Trends in Mobility
Mobile computing is moving into a new era, third generation (3G), which promises
greater variety in applications and have highly improved usability as well as speedier
networking. “iPhone” from Apple and Google-led “Android” phones are the best examples of
this trend and there are plenty of other developments that point in this direction. This smart
mobile technology is rapidly gaining popularity and the attackers (hackers and crackers) are
among its biggest fans.

Fig: Mobility types and implications.

Prepared by D. Prasad Reddy Asst. Professor, Dept. of IT, SVCE Page 2 of 14

 IV-IT II SEM, Cyber Security (15A05806) Unit - I

1. Key Findings for Mobile Computing Security Scenario

1. With usage experience, awareness of mobile users gets enhanced
2. People continue to remain the weakest link for laptop security
3. Wireless connectivity does little to increase burden of managing laptops
4. Laptop experience changes the view of starting a smart hand-held pilot
5. There is naivety and/or neglect in smart hand-held security
6. Rules rather than technology keep smart hand-helds’ usage in check
2. Popular types of attacks against 3G mobile networks
1. Malwares, viruses and worms
2. Denial-of-service (DoS)
3. Overbilling attack
4. Spoofed policy development process (PDP)
5. Signaling-level attacks
 Authentication Service Security
1. There are two components of security in mobile computing: security of devices
and security in networks.
2. A secure network access involves mutual authentication between the device and
the base stations or Web servers.
3. This is to ensure that only authenticated devices can be connected to the network for
obtaining the requested services.
4. No Malicious Code can impersonate the service provider to trick the device into
doing something it does not mean to.
5. Thus, the networks also play a crucial role in security of mobile devices. Some
eminent kinds of attacks to which mobile devices are subjected to are: push attacks,
pull attacks and crash attacks.
6. Authentication services security is important given the typical attacks on mobile
devices through wireless networks: DoS attacks, traffic analysis, eavesdropping, man-
in-the-middle attacks and session hijacking.
1. Cryptographic Security for Mobile Devices
We will discuss a technique known as cryptographically generated addresses
(CGA). CGA is Internet Protocol version 6 (IPv6) that addresses up to 64 address bits that
are generated by hashing owner’s public-key address. The address the owner uses is the
corresponding private key to assert address ownership.

Prepared by D. Prasad Reddy Asst. Professor, Dept. of IT, SVCE Page 3 of 14

IV-IT II SEM, Cyber Security (15A05806) Unit - I

Fig: Push attack on mobile devices. DDos implies distributed denial-of-service attack.

2. LDAP Security for Hand-Held Mobile Computing Devices

LDAP is a software protocol for enabling anyone to locate individuals, organizations and
other resources such as files and devices on the network (i.e., on the public Internet or on the
organization’s Intranet). In a network, a directory tells you where an entity is located in the
network.

Fig: Pull attack on mobile devices.

3. RAS Security for Mobile Devices
RAS is an important consideration for protecting the business-sensitive data that may
reside on the employees’ mobile devices. In terms of cyber security, mobile devices are sensitive.

Prepared by D. Prasad Reddy Asst. Professor, Dept. of IT, SVCE Page 4 of 14

IV-IT II SEM, Cyber Security (15A05806) Unit - I

4. Media Player Control Security

1. Given the lifestyle of today’s young generation, it is quite common to expect them
embracing the mobile hand-held devices as a means for information access, remote
working and entertainment.
2. Music and video are the two important aspects in day-to-day aspects for the young
generation.
3. Given this, it is easy to appreciate how this can be a source for cyber security breaches.
Various leading software development organizations have been warning the users about
the potential security attacks on their mobile devices through the “music gateways.”
4. There are many examples to show how a media player can turn out to be a source of threat
to information held on mobile devices.
5. For example, in the year 2002, Microsoft Corporation warned about this.
6. According to this news item, Microsoft had warned people that a series of flaws in its
Windows Media Player could allow a malicious hacker to hijack people’s computer
systems and perform a variety of actions.
7. According to this warning from Microsoft, in the most severe exploit of a flaw, a hacker
could take over a computer system and perform any task the computer’s owner is allowed
to do, such as opening files or accessing certain parts of a network.
5. Networking API Security for Mobile Computing Applications
1. With the advent of electronic commerce (E-Commerce) and its further off-shoot into M-
Commerce, online payments are becoming a common phenomenon with the payment
gateways accessed remotely and possibly wirelessly.
2. With the advent of Web services and their use in mobile computing applications
consideration.
3. Already, there are organizations announcing the development of various APIs to enable
software and hardware developers to write single applications that can be used to target
multiple security platforms present in a range of devices such as mobile phones, portable
media players, set-top boxes and home gateways.
4. Most of these developments are targeted specifically at securing a range of embedded and
consumer products, including those running OSs such as Linux, Symbian, Microsoft
Windows CE and Microsoft Windows Mobile (the last three are the most commonly used
OSs for mobile devices).
5. Technological developments such as these provide the ability to significantly improve
cyber security of a wide range of consumer as well as mobile devices.
6. Providing a common software framework, APIs will become an important enabler of new
and higher value services.

Prepared by D. Prasad Reddy Asst. Professor, Dept. of IT, SVCE Page 5 of 14

 IV-IT II SEM, Cyber Security (15A05806) Unit - I

 Attacks on Mobile/Cell Phones

1. Mobile Phone Theft
1. Mobile phones have become an integral part of ever body’s life and the mobile phone
has transformed from being a luxury to a bare necessity.
2. Increase in the purchasing power and availability of numerous low cost handsets have
also lead to an increase in mobile phone users.
3. Theft of mobile phones has risen dramatically over the past few years.
4. Many Insurance Companies have stopped offering Mobile Theft Insurance due to a large
number of false claims.
The following factors contribute for outbreaks on mobile devices
1. Enough target terminals: The first Palm OS virus was seen after the number of Palm
OS devices reached 15 million. The first instance of a mobile virus was observed during
June 2004 when it was discovered that an organization “Ojam” had engineered an
antipiracy Trojan virus in older versions of their mobile phone game known as Mosquito.
This virus sent SMS text messages to the organization without the users’ knowledge.
2. Enough functionality: Mobile devices are increasingly being equipped with office
functionality and already carry critical data and applications, which are often protected
insufficiently or not at all. The expanded functionality also increases the probability of
malware.
3. Enough connectivity: Smartphones offer multiple communication options, such as SMS,
MMS, synchronization, Bluetooth, infrared (IR) and WLAN connections. Therefore,
unfortunately, the increased amount of freedom also offers more choices for virus writers.
2. Mobile Viruses
1. A mobile virus is similar to a computer virus that targets mobile phone data or
applications/software installed in it.
2. Virus attacks on mobile devices are no longer an exception or proof-of-concept
nowadays. In total, 40 mobile virus families and more than 300 mobile viruses have
been identified.
3. First mobile virus was identified in 2004 and it was the beginning to understand that
mobile devices can act as vectors to enter the computer network.
4. Mobile viruses get spread through two dominant communication protocols – Bluetooth
and MMS.
5. Bluetooth virus can easily spread within a distance of 10–30 m, through Bluetooth-
activated phones (i.e., if Bluetooth is always ENABLED into a mobile phone) whereas
MMS virus can send a copy of itself to all mobile users whose numbers are available in
the infected mobile phone’s address book.

Prepared by D. Prasad Reddy Asst. Professor, Dept. of IT, SVCE Page 6 of 14

IV-IT II SEM, Cyber Security (15A05806) Unit - I

Following are some tips to protect mobile from mobile malware attacks.
1. Download or accept programs and content (including ring tones, games, video clips and
photos) only from a trusted source.
2. If a mobile is equipped with Bluetooth, turn it OFF or set it to non-discoverable mode
when it is not in use and/or not required to use.
3. If a mobile is equipped with beam (i.e., IR), allow it to receive incoming beams, only
from the trusted source.
4. Download and install antivirus software for mobile devices.
3. Mishing
1. Mishing is a combination of mobile phone and Phishing Mishing attacks are attempted
using mobile phone technology.
2. M-Commerce is fast becoming a part of everyday life. If you use your mobile phone for
purchasing goods/services and for banking, you could be more vulnerable to a Mishing
scam.
3. A typical Mishing attacker uses call termed as Vishing or message (SMS) known as
Smishing.
4. Attacker will pretend to be an employee from your bank or another organization and
will claim a need for your personal details.
5. Attackers are very creative and they would try to convince you with different reasons
why they need this information from you.
4. Vishing
Vishing is the criminal practice of using social engineering over the telephone
system, most often using features facilitated by VoIP, to gain access to personal and
financial information from the public for the purpose of financial reward. The term is a
combination of V – voice and Phishing.
Vishing is usually used to steal credit card numbers or other related data used in ID
theft schemes from individuals.
The most profitable uses of the information gained through a Vishing attack include
1. ID theft;
2. Purchasing luxury goods and services;
3. Transferring money/funds;
4. Monitoring the victims’ bank accounts;
5. Making applications for loans and credit cards.
How Vishing Works
The criminal can initiate a Vishing attack using a variety of methods, each of
which depends upon information gathered by a criminal and criminal’s will to reach a
particular audience.

Prepared by D. Prasad Reddy Asst. Professor, Dept. of IT, SVCE Page 7 of 14

IV-IT II SEM, Cyber Security (15A05806) Unit - I

1. Internet E-Mail: It is also called Phishing mail.

2. Mobile text messaging.
3. Voicemail: Here, victim is forced to call on the provided phone number, once he/she
listens to voicemail.
4. Direct phone call: Following are the steps detailing on how direct phone call works:
• The criminal gathers cell/mobile phone numbers located in a particular region and/or
steals cell/ mobile phone numbers after accessing legitimate voice messaging
company.
• The criminal often uses a war dialer to call phone numbers of people from a specific
region, and that to from the gathered list of phone numbers.
• When the victim answers the call, an automated recorded message is played to alert
the victim that his/her credit card has had fraudulent activity and/or his/her bank
account has had unusual activity.
• When the victim calls on the provided number, he/she is given automated instructions
to enter his/her credit card number or bank account details with the help of phone
keypad.
• Once the victim enters these details, the criminal (i.e., visher) has the necessary
information to make fraudulent use of the card or to access the account.
• Such calls are often used to harvest additional details such as date of birth, credit card
expiration date, etc.
Some of the examples of vished calls, when victim calls on the provided number after
receiving phished E-Mail and/or after listening voicemail, are as follows:
1. Automated message: Thank you for calling (name of local bank). Your business is
important to us. To help you reach the correct representative and answer your query
fully, please press the appropriate number on your handset after listening to options.
• Press 1 if you need to check you’re banking details and live balance.
• Press 2 if you wish to transfer funds.
• Press 3 to unlock your online profile.
• Press 0 for any other query.
2. Regardless of what the victim enters (i.e., presses the key), the automated system
prompts him to authenticate himself: “The security of each customer is important to
us. To proceed further, we require that you authenticate your ID before proceeding.
Please type your bank account number, followed by the pound key.”
3. The victim enters his/her bank account number and hears the next prompt: “Thank
you. Now please type your date of birth, followed by the pound key. For example 01
January 1950 press 01011950.”

Prepared by D. Prasad Reddy Asst. Professor, Dept. of IT, SVCE Page 8 of 14

 IV-IT II SEM, Cyber Security (15A05806) Unit - I

4. The caller enters his/her date of birth and again receives a prompt from the
automated system:
“Thank you. Now please type your PIN, followed by the pound key.”
5. The caller enters his PIN and hears one last prompt from the system: “Thank you.
We will now transfer you to the appropriate representative.”
How to Protect from Vishing Attacks
Following are some tips to protect oneself from Vishing attacks.
1. Be suspicious about all unknown callers.
2. Do not trust caller ID. It does not guarantee whether the call is really coming from
that number, that is, from the individual and/or company – caller ID Spoofing is easy.
3. Be aware and ask questions, in case someone is asking for your personal or financial
information.
4. Call them back.
5. Report incidents:
5. Smishing
Smishing is a criminal offense conducted by using social engineering techniques similar
to Phishing. The name is derived from “SMS PhISHING.” SMS – Short Message Service – is the
text messages communication component dominantly used into mobile phones. To know how
SMS can be abused by using different methods and techniques other than information gathering
under cybercrime.
How to Protect from Smishing Attacks
Following are some tips to protect oneself from Smishing attacks:
1. Do not answer a text message that you have received asking for your PI.
2. Avoid calling any phone numbers, as mentioned in the received message, to cancel a
membership and/or confirming a transaction which you have not initiated but
mentioned in the message.
3. Always call on the numbers displayed on the invoice and/or appearing in the bank
statements/passbook.
3. Never click on a hot link received through message on your Smartphone or PDA. Hot
links are links that you can click, which will take you directly to the Internet sites.
6. Hacking Bluetooth
1. Bluetooth is an open wireless technology standard used for communication (i.e.,
exchanging data) over short distances between fixed and/or mobile devices.
2. Bluetooth is a short-range wireless communication service/technology that uses the 2.4-
GHz frequency range for its transmission/communication.

Prepared by D. Prasad Reddy Asst. Professor, Dept. of IT, SVCE Page 9 of 14

 IV-IT II SEM, Cyber Security (15A05806) Unit - I

Name of the
S. No. Description
Tool
This tool enables to search for Bluetooth enable device and will try to extract as
1 BlueScanner much information as possible for each newly discovered device after connecting
it with the target.
This is a GUI-based utility for finding discoverable and hidden Bluetooth enabled
2 BlueSniff
devices.
The buggers exploit the vulnerability of the device and access the images,
3 BlueBugger
phonebook, messages and other personal information.
If a Bluetooth of a device is switched ON, then Bluesnarfing makes it possible
4 Bluesnarfer to connect to the phone without alerting the owner and to gain access to
restricted portions of the stored data.
Bluediving is testing Bluetooth penetration. It implements attacks like Bluebug
5 BlueDiving
and BlueSnarf.
Bluejacking, Bluesnarfing, Bluebugging and Car Whisperer are common attacks that have
emerged as Bluetooth-specific security issues.
1. Bluejacking: It means Bluetooth Jacking where Jacking is short name for hijack – act of
taking over something. Bluejacking is sending unsolicited messages over Bluetooth to
Bluetooth-enabled devices such as mobile phones, PDAs or computers.
2. Bluesnarfing: It is the unauthorized access from a wireless device through a Bluetooth
connection between cell phones, PDAs and computers. This enables the attacker to access a
calendar, contact list, SMS and E-Mails as well as enable attackers to copy pictures and
private videos.
3. Bluebugging: It allows attackers to remotely access a user’s phone and use its features
without user’s attention.
4. Car Whisperer: It is a piece of software that allows attackers to send audio to and receive
audio from a Bluetooth-enabled car stereo.
 Mobile Devices: Security Implications for Organizations
1. Managing diversity and proliferation of hand-held devices
We have talked about the micro issues of purely technical nature in mobile device security.
Given the threats to information systems through usage of mobile devices, the organizations
need to establish security practices at a level appropriate to their security objectives, subject to
legal and other external constraints.

Prepared by D. Prasad Reddy Asst. Professor, Dept. of IT, SVCE Page 10 of 14

IV-IT II SEM, Cyber Security (15A05806) Unit - I

2. Unconventional/stealth storage devices

We would like to emphasize upon widening the spectrum of mobile devices and focus
on secondary storage devices, such as compact disks (CDs) and Universal Serial Bus (USB)
drives (also called zip drive, memory sticks) used by employees.
As the technology is advancing, the devices continue to decrease in size and emerge in
new shapes and sizes – unconventional/stealth storage devices available nowadays are
difficult to detect and have become a prime challenge for organizational security.

Fig: Unconventional/stealth storage devices.

The features of the software allows system administrator to:
1. Monitor which users or groups can access USB Ports,
2. Wi-Fi and Bluetooth adapters, CD read-only memories (CD-ROMs) and other
removable devices.
3. Control the access to devices depending on the time of the day and day of the week.
4. Create the white list of USB devices which allows you to authorize only specific
devices that will not be locked regardless of any other settings.
5. Set devices in read-only mode.
6. Protect disks from accidental or intentional formatting.
3. Threats through lost and stolen devices
This is a new emerging issue for cyber security. Often mobile hand-held devices are
lost while people are on the move. Lost mobile devices are becoming even a larger security
risk to corporations.
A report based on a survey of London’s 24,000 licensed cab drivers quotes that
2,900 laptops, 1,300 PDAs and over 62,000 mobile phones were left in London in cabs in
the year 2001 over the last 6-month period.
4. Protecting data on lost devices
Readers can appreciate the importance of data protection especially when it resides
on a mobile hand-held device. At an individual level, employees need to worry about this.

Prepared by D. Prasad Reddy Asst. Professor, Dept. of IT, SVCE Page 11 of 14

 IV-IT II SEM, Cyber Security (15A05806) Unit - I

5. Educating the laptop users

Often it so happens that corporate laptop users could be putting their company’s
networks at risk by down- loading non-work-related software capable of spreading viruses
and Spyware.

Fig: Most important management or support issues for laptops.

 Organizational Measures for Handling Mobile Devices-Related Security Issues

We have discussed micro- and macro level security issues with mobile devices used for
mobile computing purposes and what individuals can do to protect their personal data on mobile
devices. We discuss what organizations can do toward safeguarding their information systems
in the mobile computing paradigm.
1. Encrypting Organizational Databases
Critical and sensitive data reside on databases [say, applications such as customer
relationship management (CRM) that utilize patterns discovered through data warehousing and
data mining (DM) techniques] and with the advances in technology, access to these data is not
impossible through hand-held devices. It is clear that to protect the organizations’ data loss,
such databases need encryption.
2. Including Mobile Devices in Security Strategy
These discussion so far makes a strong business case – in recognition of the fact that
our mobile workforce is on the rise, organizational IT departments will have to take the
accountability for cyber security threats that come through inappropriate access to organizational
data from mobile-device–user employees. Encryption of corporate databases is not the end of
everything.

Prepared by D. Prasad Reddy Asst. Professor, Dept. of IT, SVCE Page 12 of 14

 IV-IT II SEM, Cyber Security (15A05806) Unit - I

A few things that enterprises can use are:

1. Implement strong asset management, virus checking, loss prevention and other controls for
mobile systems that will prohibit unauthorized access and the entry of corrupted data.
2. Investigate alternatives that allow a secure access to the company information through a
firewall, such as mobile VPNs.
3. Develop a system of more frequent and thorough security audits for mobile devices.
4. Incorporate security awareness into your mobile training and support programs so that
everyone understands just how important an issue security is within a company’s overall
IT strategy.
5. Notify the appropriate law-enforcement agency and change passwords. User accounts are
closely monitored for any unusual activity for a period of time.
 Organizational Security Policies and Measures in Mobile Computing Era
1. Importance of Security Policies relating to Mobile Computing Devices
Proliferation of hand-held devices used makes the cyber security issue graver than what
we would tend to think. People (especially, the youth) have grown so used to their handhelds
that they are treating them like wallets! The survey asked the participants about the likelihood
of six separate scenarios involving the use of cell phones to communicate sensitive and
confidential information occurring in their organizations.
The scenarios described the following:
1. A CEO’s administrative assistant uses a cell phone to arrange ground transportation that
reveals the CEO’s identity and location.
2. The finance and accounting staff discusses earnings of press release and one participant on
the call is using a cell phone.
3. A conference call among senior leaders in the organization in which cell phones are
sometimes used.
4. A sales manager conducting business in Asia uses, his/her cell phone to communicate with
the home office.
5. An external lawyer asks for proprietary and confidential information while using his cell
phone.
6. A call center employee assists a customer using a cell phone to establish an account and
collects personal information (including SSN).
2. Operating Guidelines for Implementing Mobile Device Security Policies
In situations such as those described above, the ideal solution would be to prohibit all
confidential data from being stored on mobile devices, but this may not always be practical.
Organizations can, however, reduce the risk that confidential information will be accessed from
lost or stolen mobile devices through the following steps:

Prepared by D. Prasad Reddy Asst. Professor, Dept. of IT, SVCE Page 13 of 14

 IV-IT II SEM, Cyber Security (15A05806) Unit - I

1. Determine whether the employees in the organization need to use mobile computing
devices at all, based on their risks and benefits within the organization, industry and
regulatory environment.
2. Implement additional security technologies, as appropriate to fit both the organization and
the types of devices used.
3. Standardize the mobile computing devices and the associated security tools being used with
them. As a matter of fundamental principle, security deteriorates quickly as the tools and
devices used become increasingly disparate.
4. Develop a specific framework for using mobile computing devices, including guidelines
for data- syncing, the use of firewalls and anti-malware software and the types of
information that can be stored on them.
5. Centralize management of your mobile computing devices. Maintain an inventory so that
you know who is using what kinds of devices.
6. Establish patching procedures for software on mobile devices. This can often be simplified
by integrating patching with syncing or patch management with the centralized inventory
database.
7. Label the devices and register them with a suitable service that helps return recovered
devices to the owners.
8. Establish procedures to disable remote access for any mobile devices reported as lost or
stolen. Many devices allow the users to store usernames and passwords for website portals,
which could allow a thief to access even more information than on the device itself.
9. Remove data from computing devices that are not in use or before re-assigning those
devices to new owners (in case of company-provided mobile devices to employees). This
is to preclude incidents through which people obtain “old” computing devices that still had
confidential company data.
10. Provide education and awareness training to personnel using mobile devices. People
cannot be expected to appropriately secure their information if they have not been told how.

3. Organizational Policies for the Use of Mobile Hand-Held Devices

Securing mobile devices is creating company policies that address the unique issues
these devices raise. Such questions include what an employee should do if a device is lost or
stolen.
There are many ways to handle the matter of creating policy for mobile devices. One
way is creating a distinct mobile computing policy. Another way is including such devices
under existing policy.

Prepared by D. Prasad Reddy Asst. Professor, Dept. of IT, SVCE Page 14 of 14