CHAPTER 2

Cyber Offenses
Chapter Contents
⚫ Categories of Cyber Crimes
⚫ How Criminal Plans the Attack
⚫ Active Attacks
⚫ Passive Attacks
⚫ Social Engineering
⚫ Classification of Social Engineering
⚫ Cyber Stalking: types of Stalkers
⚫ Cyber Cafe and Cyber Crimes
⚫ Botnets
⚫ Attack Vectors
⚫ Cyber Crime and Cloud Computing.
 Introduction
⚫ Technology is “double edge sword” ( Good/bad)
Fast exchange of information. (Good)
Easy down the work . (Good )
Threats of interception. (Bad)
Technology use for criminal activities. (Bad)
⚫ Cybercriminal use the World Wide Web and Internet to an optimal level for
all illegal activities to transfer and store information, contacts , account
information . ( Smart use of resources )
⚫ Cybercriminal are taking advantage about lack of awareness about
cybercrimes and cyber laws. ( Cyber Threats ).
⚫ Attacker exploit the network vulnerability.
⚫ The categories of vulnerability that hacker typically search for are as
follows,
- Inadequate network boundary protection
- Remote Access Server with weak access control
- Application server with known vulnerability.
- Misconfigured or default configuration. ( Router /switches/Access point
/storage devices)
Categories of cybercrime
⚫ Crime targeted at individuals.
- exploit human weakness such as greedy nature.
- financial fraud.
- Child pornography.
- copyright violation
- Harassment
⚫ Crime targeted at property.
- stealing of Smartphone, Laptop, Tab, Ext HD,
pendrive
⚫ Crime targeted at organization
- Attacker target specific group of computer or organization
using internet and attacking tools by stealing private information
and damaging programming file ,database and software.
⚫ Single event cybercrime : Virus with attachment.
⚫ Series of event : Attacker interact with victim using social engg
skill
Regularly telephonic conv .
Chat Room
How Criminal Plan the Attacks

⚫ The following phases are involved in planning

cybercrime:
1. Reconnaissance (information gathering) is the
first phase and is treated as passive attacks.

2. Scanning and scrutinizing the gathered

information for the validity of the information as
well as to identify the existing vulnerabilities.

3. Launching an attack (gaining and maintaining

the system access).
I. Reconnaissance

❖ Passive attacks…gain information about target

…exploit confidential information
❖ Gathering information ( Passive Attack)
✔ - Google or Yahoo search (search info about employee)
✔ - Organization web site .
✔ - Surfing online community group like orkut/Facebook.
✔ - Blogs, newsletter and Press releases etc. are used as
a
✔ medium to gain information about company or
✔ employee.
✔ - Job Posting sites.
❖ Active Attacks
✔ Active attack help to collect information about system.
( IP Addresses , OS type , service on network )
 II. Scanning and Scrutinizing Gathered
Information
⚫ The objectives of scanning are as follows:
1. Port scanning:
2. Network scanning:
3. Vulnerability scanning:

⚫ The objectives of the scrutinizing phase

are to identify
1. The valid user accounts or groups;
2. Network resources and/or shared resources
3. OS and different applications that are
running on the OS.
III. Launching and Attack

Steps for Lunching an attack are

1. Crack the password
2. Exploit he priviledges
3. Execute the malicious
command/applications
4. Hide the files (if required);
5. Cover the tracks - delete the access logs, so
that there is no trail illicit activity.
 Types Security Attacks

The three goals of security can be threatened by security attacks.

9
 Passive Attacks

 Passive attacks are in the nature of eavesdropping on, or monitoring of,

transmissions.

 The goal of the opponent is to obtain information that is being

transmitted.

 Two types of passive attacks are the release of message contents and
traffic analysis.
 The release of message contents is easily understood. A
telephone conversation, an electronic mail message, and a transferred
file may contain sensitive or confidential information. We would like to
prevent an opponent from learning the contents of these transmissions
 A second type of passive attack, traffic analysis.
 Suppose that we had a way of masking the contents of messages or other information traffic so
that opponents, even if they captured the message, could not extract the information from the
message.
 The common technique for masking contents is encryption.
 If we had encryption protection in place, an opponent might still be able to observe the
pattern of these messages. The opponent could determine the location and identity of
communicating hosts and could observe the frequency and length of messages being
exchanged.
 This information might be useful in guessing the nature of the communication that was taking
place.
 Passive attacks are very difficult to detect, because they do not involve any alteration of the
data.
 Typically, the message traffic is sent and received in an apparently normal fashion, and neither
the sender nor receiver is aware that a third party has read the messages or observed the
traffic pattern.
 However, it is feasible to prevent the success of these attacks, usually by means of encryption.
 Thus, the emphasis in dealing with passive attacks is on prevention rather than detection.
 Active Attacks

 Active attacks involve some modification of the data stream or the

creation of a false stream
 It can be subdivided into four categories: masquerade, replay,
modification of messages, and denial of service.
 A masquerade attack is an attack that uses a fake identity, to gain
unauthorized access to personal computer information through legitimate
access identification. For example, authentication sequences can be
captured and replayed after a valid authentication sequence has taken
place, thus enabling the attacker to gain extra privileges by impersonating
an entity that has those privileges.
 Replay involves the passive capture of a data
unit and its subsequent retransmission to produce an unauthorized effect.
 Modification of messages simply means that some portion of a valid message is altered, or that messages are delayed or
reordered, to produce an unauthorized effect.
 For example, a message meaning “Allow Ram to read confidential file accounts” is modified to mean “Allow Ramesh to read
confidential file accounts.”
 The denial of service prevents the normal use or management of communications facilities.
 This attack may have a specific target; for example, an entity may suppress all messages directed to a particular
destination.
 Another form of service denial is the disruption of an entire network, either by disabling the network or by
overloading it with messages so as to degrade performance.
 Passive vs Active Attacks

In a passive attack, the attacker’s goal is just to obtain information. The

attack does not modify data or harm the system, and the system
continues with its normal operation.
An active attack may change the data or harm the system.

19
Difference between Passive and Active Attack
S.NO Active Attack Passive Attack
In active attack, Modification in information take While in passive attack, Modification in the information
1.
place. does not take place.
Active Attack is danger for Integrity as well
2. Passive Attack is danger for Confidentiality.
as availability.
3. In active attack attention is on detection. While in passive attack attention is on prevention.
While due to passive attack, there is no any harm to
4. Due to active attack system is always damaged.
the system.
While in passive attack, Victim does not get informed
5. In active attack, Victim gets informed about the attack.
about the attack.
While in passive attack, System resources are not
6. In active attack, System resources can be changed.
change.
While in passive attack, information and messages in
7. Active attack influences the services of the system.
the system or network are acquired.
In active attack, information collected through passive While passive attacks are performed by collecting the
8.
attacks are used during executing. information such as passwords, messages by itself.
Active attack is tough to restrict from entering Passive Attack is easy to prohibit in comparison to
9.
systems or networks. active attack.
Social Engineering
⚫ Social engineering involves gathering secret
information as well as unauthorized access of
network.
⚫ Activities in Social engineering
i. Foot printing
ii. Trust Establishment
iii. Psychological Manipulation
iv. Clear Exit

https://www.youtube.com/watch?
v=nknq9sUu8ko
https://www.youtube.com/watch?
v=DemzgLiWCco
Classification of Social Engineering

1. Human Based 2. Computer Based.

1. Human –Based social engineering.
- Impersonating an employee or valid user.
(organization having various branch)
-Projecting an important member of the
organization. (CEO/Manager)
- Using third person : An attacker pretends to have
permission from authorized user to access the
system.
- Calling technical support .(Technical Support staff)
- Shoulder surfing (login id/password)
- Dumpster Driving
Classification of Social Engineering………

2. Computer Based Social Engineering.

- sensitive or confidential information is collected by
using computer
/Internet.
1. Fake E-mail : Attacker sends fake email to no of
user victim find it
legitimate mail.
2. E-mail Attachment. (malicious code is attached )
3. Pop up windows. – special offers.
4 . Dumpster Driving
Types of Social Engineering
1. Pretexting
2. Baiting
3. Role Playing
4. Dumpster Driving
5. Shoulder Surfing
6. Phishing
7. Surfing organization website and online
Forums
Prevention of Social Engineering

⚫ Don’t open emails and attachments from

suspicious sources
⚫Use multifactor authentication
⚫Be wary of tempting offers
⚫Keep your antivirus/antimalware software
updated
Cyberstalking
⚫Stalking means “act or process of
following victim silently”
⚫Cyberstalking is when someone uses the
internet to stalk, harass, or make repeated
threats.
⚫The stalker might be a stranger or someone
you know
⚫A cyberstalked relies upon the anonymity
afforded by the Internet to allow them to
stalk their victim without being detected.
Types of Cyber Stalking
1. Online Stalking :
✔ They interact with victim directly with the
help of Internet.
✔ Mode of Interaction : E-mail, chat room,
traditional PSTN, VoIP phones.
✔ Stalker can make use of third party to harass
victim.
2. Offline Stalker :
✔ Stalker may attack on victim by observing his

1. Daily routing.
2. Searching personal website /blogs
3. Visiting victim organization.
How Stalking is Done
1. Gathering personal info .( e.g.. Contact no and address)
2. Established contact with victim through telephone /cell phone.
3. Contact via E-mail.
4. Continues threaten mail to victim.
5. The stalker may post victim personal photo and information social
site or porn web site.
6. Place a GPS device on the victim’s car to track their movements.
7. Threaten the victim or their friends and family via emails.
8. Post personal details such as name, address, social security number, number,
etc. over the internet.
9. Gain access to emails, text messages and social media to blackmail or harass
a victim.
10. Hack into the victim’s social media account to post offensive material and
comments.
11. Hack into the victim’s computer to look for different things to exploit.
12. Release personal information to discredit you in your place of work.
13. Use your social media account or email to stalk others.
14. Create malicious websites, fake social media profiles, and blogs about victim
Case
⚫https://timesofindia.indiatimes.com/city/ah
medabad/woman-officer-complains-of-being
cyberstalked/articleshow/73854252.cms
⚫https://timesofindia.indiatimes.com/city/mu
mbai/mumbai-fashion-designer-cyber-stalke
d-woman-arrested/articleshow/92028101.c
ms
⚫https://timesofindia.indiatimes.com/city/rajk
ot/minor-falls-prey-to-cyberstalker-attempts
-suicide/articleshow/87345067.cms
National Cyber Crime Reporting Portal
Cyber-attacks per organization by Industry in 2021 [1]
Defense Against Cyber stalking
i. Understanding and learn how to use privacy setting of
social media platforms.
ii. Make use of the two-factor or double authentication
security option as and when available and possible
iii. Review and filter the personal information supplied on
public accounts
iv. Do not accept friend requests or follower from a person
who is not personally known
v. Tell friend not to post your personal information without
your permission
vi. Do not publicly share pictures or other identifying
information about your close family members and friends
vii. Do not share your personal information on online surveys
, quizzes and polls websites
viii. Always make use of strong and different password for
each online account
Cybercafe and Cybercrime
⚫ Cybercafe : A cybercafe is a type of business where
computers are provided for accessing the internet,
playing games, chatting with friends or doing other
computer-related tasks.
⚫ Charges on the basis of time
⚫ Cybercafe is used by the cybercriminals to perform
crime as
❖ It easily hack visitor’s data because of a lack of awareness of
cybercrime in users.
❖ In addition it is very easy to cover the crime they are
committing as they are making use of public Internet
services.
⚫ Cybercafe hold two types of risks :
1. We do not know what programs are installed on the
computer like keyloggers or spyware.
2. Shoulder peeping can enable others to find out your
passwords
Facts Related to Cybercafé
⚫ Pirated software(s) such as OS, browser, office
automation software(s) (e.g., Microsoft Office) are
installed in all the computers.
⚫ Antivirus software are not updated
⚫ Deep Freeze is installed on computer in Several
cybercafés
⚫ Annual maintenance contract (AMC) found to be not
in a place for servicing the computers
⚫ Pornographic websites and other similar websites
with indecent contents are not blocked.
⚫ Cybercafe owners have very less awareness about
IT Security and IT Governance.
⚫ No cyber audit was initiated by the cybercafé
association or cyber cell of the police in cybercafé
Cybercafe and Cybercrime
⚫ Tips for safety and security while using the computer in a
cybercafe.
- Always logout.
- Stay with the computer.
- Clear history and temporary file.
- Be alert.
- Avoid online financial transaction.
- change password.
- Virtual keyboard ( icici bank provides it to enter secret
pin/3D secure code / credit card no.)
- Security warning : warning should consider during
accessing financial
/banking site.
National Cyber Crime Reporting Portal
Botnet
⚫ Bot is an automated program which are responsible
to perform specific task over network.
⚫ The word ‘botnet’ is a combination of two words,
‘robot’ and ‘network.’
⚫ A botnet is a number of Internet-connected
devices, each of which is running one or more bots.
⚫ The owner of botnet can control the it using
Command and Control (C&C) software.
⚫ Botnet can be used for performing DDoS Attack ,
Spam Attack ,Malware and Adware Installation
Stealing confidential information Phishing
Attack ,Spamdexing
{search engine poisoning } etc.
Botnet Architecture
1. Client-server Model
3. Hierarchical
Model

Figure. Client-Server model

2. Peer-to-Peer Model

Figure Hierarchical C&C

Topology

Figure. Peer-to-Peer Model

Types of Botnet Attacks
1. Distributed Denial of Operations Service
2. Spamming and Traffic Monitoring
3. Keylogging
4. Mass Identity Theft
5. Pay-per-click abuse
6. Adware
Botnet Prevention Measures
⚫ Use antivirus and anti-spyware and keep it up-to-date.
⚫ Download security patches (OS)
⚫ Use firewall to protect system from hacking attacks
while it is connected on the internet.
⚫ Disconnect internet when you are away from your
computer.
⚫ Download freeware from trusted website.
⚫ Check regularly E mail folder.
⚫ Take an immediate action if your system is inflected.
Attack Vector
⚫ An attack vector is a path or means by which an attacker
can gain access to a computer or to network server to
deliver a payload. ( malicious code )
⚫ Attacker vector include virus , E-mail attachment, web
page, pop up window, instant message , chat room .
⚫ To some extend , attack vector can be block using firewalls
and antivirus.
⚫ List of attack vector
1. Attack by email Attachment.
2.Attack by deception (trick)
4. Hackers
5. Heedless guest (attack by webpage ) : attacker make
fake website to extract
personal information , such website look genuine
 Attack Vector……

6. Attack of the worms.

Many worms are deliver as E mail attachment.
worms are using loopholes of network protocol
7. Malicious macros : MS word and MS excel.
8. Foistware : Foistware is the software that adds hidden
components to the system on the sly (smartly or
clever). It is bundle with attractive software.
9. Virus
Cloud Computing
⚫ Cloud Computing is a technology that uses the
internet and central remote servers to maintain
data and applications.
⚫ Businesses that cannot afford the same amount
of hardware and storage space as a bigger
company. Small companies can store their
information in the cloud, removing the cost of
purchasing and storing memory devices
⚫ The goal of cloud computing is to provide easy,
scalable access to the computing resources and
IT services.
⚫ To access the cloud user should have internet
connection.
 Types of Cloud
⚫ There are different types of clouds that you can
subscribe to depending on your needs. As a
home user or small business owner, you will
most likely use public cloud services.
1. Public Cloud
2. Private Cloud
3. Community Cloud
4. Hybrid Cloud
⚫ Types of Services
1. Infrastructure-as-a-service (IaaS)
2. Platform-as-a-service (PaaS)
3. Software-as-a-service (SaaS)
4. Storage as Service
Advantages of Cloud computing
1. Application and data can be access from
anywhere at any time.
2. It bring HW cost down. Resources can
access through internet.
3. Organization can save software license cost
4. Organization can save money on IT support.
5. Scalability
6. Mobility
7. Disaster recovery
8. Data Security
Treads Associated with Cloud Computing

⚫Data Breach
⚫Data Ownership And Control
⚫Data Loss
⚫Malicious Attacks
⚫Insider Treats
⚫Shared Space
⚫Privacy Issues