MODULE 1- CYBERCRIME AND CYBERSECURITY Introduction to Cyber crime Cyber" is a prefix used to describe a person, thing, or idea as part of the computer and information age. Taken from kybernetes, Greek for "steersman" or "governor," it was first used in cybernetics, a word coined by Norbert Wiener and his colleagues. Common usages include cyber culture, cyberpunk, cyber phobia and cyberspace Cyber Crime Criminal activies carried out by means of computer/internet(network) i.e it may be a tool or target A crime conducted in which a computer was directly and significantly instrumental is known as “Computer Crime. A crime committed using a computer and the Internet to steal person’s identity or sell illegal or smuggled goods or disturb any operations with malicious program is known as “Cyber Crime”. The first Cyber Crime The first recorded cyber crime took place in 1820. In 1820, Joseph-Marie Jacquard, a textile manufacturer in France, produced the loom. This device allowed the repetition of a series of steps in the weaving of special fabrics. This resulted in a fear amongst Jacquard's employees that their traditional employment and livelihood were being threatened. They committed acts of sabotage to discourage Jacquard from further use of the new technology. This is the first recorded cyber crime! Cyberspace Cyberspace is a world-wide network of computer networks that uses the TCP/IP for communication to facilitate transmission and exchange of data. Cyberspace is a place where you can chat, explore, research and play (INTERNET).

Cyber squatting This term is derived from “squatting” which is the act of occupying an vacant/unoccupied space that the squatter does not own or rent. Cyber squatting is the act of registering a popular Internet address--usually a company name--with the intent of selling it to its rightful owner.

Cyberpunk The word “cyber” and “punk” are two different words which means “disorder via machine”. The word cyberpunk was coined by writer Bruce Bethke, who wrote a story with that title in 1982. He derived the term from the words cybernetics, the science of replacing human functions with computerized ones, and punk, the harsh music that developed in the youth culture during the 1970s and '80s. The movies based on cyberpunk are : Terminator I, II and III,Until the end of the world,Mad MAX I, II and III,The Matrix (series),The X-Files, Solaris.

Cyberwarfare Cyberwarfare refers to politically motivated hacking.

Cyber terrorism Cyber terrorism is “any person, group or organization who with terrorist intent, utilizes, accesses or aids in accessing a computer or computer network or electronic system or electronic device by any available means and there by knowingly engages in a terrorist act. Cybercrime and Information Security Lack of information security gives rise to cyber crime. Cyber security means protecting information, equipment, devices, computer, computer resource, communication device and information stored in all these from unauthorized access, use, disclosure, disruption, modification or destruction. Information security (infosec) is a set of strategies for managing the processes, tools and policies necessary to prevent, detect, document and counter threats to digital and non-digital information. Infosec responsibilities include establishing a set of business processes that will protect information assets regardless of how the information is formatted or whether it is in transit, is being processed or is at rest in storage

Infosec programs are built around the core objectives of the CIA triad: maintaining the CONFIDENTIALITY, INTEGRITY and AVAILABILITY of IT systems and business data. These objectives ensure that sensitive information is only disclosed to authorized parties (confidentiality), prevent unauthorized modification of data (integrity) and guarantee the data can be accessed by authorized parties when requested (availability) Who are Cybercriminals : Cybercrime involves such activities like Financial crimes Pornography Credit card fraud Cyber stalking (irritation) Defaming another online Gaining unauthorized access to computer system Overriding encryption to make illegal copies Software piracy Online gambling Sale of illegal articles Email spoofing Stealing another’s identity to perform criminal act.

Types of Cybercriminals Type 1 : Hungry for recognition Hobby hackers IT professionals Politically motivated hackers Terrorist organizations. Type 2 : Not interested in recognition Psychological spoiled Financially motivated hackers State-sponsored hacking Organized criminals

Type 3 : The insider Disgruntled or former employees seeking revenge Competing companies using employees to gain economic advantage through damage / theft.

CLASSIFICATION OF CYBER CRIMES

1. Cybercrime against organization Unauthorized accessing of computer Password sniffing Denial-of-service attacks Email bombing Salami attack Logic bomb Trojan Horse Data diddling Crimes starts from Industrial spying Computer network disturbance Software piracy

2. Cybercrime against society Forgery Cyber terrorism Web jacking

3. Cybercrime against individual Email spoofing Cyberdefamation Cyberstalking and harassment Pornographic offense Password sniffing 4. Cybercrime against property Credit card frauds Intellectual Property Crime Internet time 5.Crime emanating from usenet newsgroups

E-Mail Spoofing A spoofed E-mail is one that appears to originate from one source but actually has been sent from another source. Example: A branch of global trust bank experienced a customer spreads out the rumor that bank is not doing well.

Spamming People who create electronic spam are called “Spammers”. Spam is the abuse of e-messaging systems to send unsolicited (unwanted) bulk messages. Spamming is difficult to control. The another definition of spamming is in the context of “search engine spamming”. To avoid spamming, following web publishing techniques should be avoided. Repeating keywords Use of keywords that do not relate to the content on the site Redirection Duplication of pages with different URLs Hidden links

Cyberdefamation The Indian Penal Code says about defamation is “Whoever by words either spoken or intended to be read, or by signs or by visible representations, makes or publishes any imputation concerning any person intending to harm or knowing or having reason to believe that such imputation will harm, the reputation of such person, is said, except in the cases hereinafter expected, to defame that person.” When above happens in electronic form, its known as Cyberdefamation Libel is written defamation and Slander is oral defamation.

Internet Time Theft Such theft occurs when an unauthorized person uses the Internet hours paid by another person.Basically, internet time theft comes under hacking.

Salami Attack These attacks are used for committing financial crimes. The main idea here is to make the alteration so insignificant that in a single case it would go completely unnoticed. For ex. A bank employee inserts a program, into bank’s servers, that deducts a small amount of money from the account of every customer. No account holder will notice this unauthorized debit, but the bank employee will make sizable amount.

Data diddling A data diddling attack involves altering raw data just before it is processed by a computer and then changing it back after the processing is completed.

Forgery Fake currency notes, postage and revenue stamps, marksheets can be forged using sophisticated computers, printers and scanners. Web Jacking Web jacking occurs when someone forcefully takes control of a website. First stage of this crime involves “password sniffing”.

Newsgroup Spam This is one form of spamming. The first widely recognized Usenet spam titled “Global Alert for All : Jesus is Coming Soon” was posted on 18th January, 1994 by Clarence L. Thomas IV a sysadmin at Andrews Unversity. Industrial Spying

The internet and privately networked systems provide new and better opportunities for spying. “Spies” can get information about product finances, research and development and marketing strategies. This activity is known as “industrial spying”. One of the interesting case is about The famous Israeli Trojan story, where a software engineer in London created a Trojan Horse program specifically designed to extract critical data gathered from machines infected by his program. He had made a business out of selling his Trojan Horse program to companies in Israel, which would use it for industrial spying by planting it into competitor’s network. Hacking Purpose of hacking are many, the main ones are as follows : Greed (Hunger) Power Publicity Revenge Adventure Desire to access forbidden information Destructive mindset Hackers write or use ready-made computer programs to attack the target computer. Government websites are hot on hacker’s target lists and attacks on government websites receive wide press coverage. In December 2009, NASA’s site was hacked by SQL Injection.

Online Frauds This comes under spoofing. The purpose of spoofing is to make the user enter personal information which is then used to access business and bank accounts. This kind of online fraud is common in banking and financial sector. It is strongly recommended not to input any sensitive information that might help criminals to gain personal information. Story of Nadya Suleman and her eight babies. Hacked by MOD (Mother of Disappointment). CIA (Central Intelligence Agency), the US website was hacked. Dept. of Justice site defaced. Pentagon, the US site defaced. Twitter site hacked . Pornographic Offenses The internet is being highly used by its abusers to reach and abuse children sexually, worldwide. “Pedophile” are people who are sexually attracted to children . They are physically and psychologically forcing minors to engage in sexual activities.

Their operation Pedophiles use a false identity to trap the children/teenagers. They seek teens in the kids’ areas. They be friend of them. Then they get email address of the child and start making contacts on email too. These emails contains sexually explicit language.They start sending pornographic images/text to the victim to fed to into his/her mind that “This is normal and everybody does it”. At the end of it, the pedophiles set up a meeting with the child out of the house and then use them as a sex object.

Software Piracy This the “The Biggest” challenge area. Software piracy is “theft of software through the illegal copying of genuine programs or the fake program and distribution of products intended to pass for the original”. Disadvantage of piracy The software, if pirated, may potentially contain hard-drive infection virus. There is no technical support in the case of software failure. There is no warranty protection There is no legal right to use the product. According to the fourth annual BSA (Business Software Alliance ) and IDC global Software Piracy study, in Asia pacific 55% of software installed are illegal.

Computer Sabotage Inserting worms, viruses or logic bomb in computer is referred as computer sabotage. Logic bomb is event dependent program created to do something only when a certain event occurs. Example : CIH ( Chernobyl virus ).

Email bombing It refers to sending a large number of e-mails to the victim to crash victim’s email account or to make victim’s mail server crash. Usenet Newsgroup Usenet is a mechanism that allows sharing information in a many-to-many manner. Usenet mainly used for following crime : Distribution/sale of pornographic material Distribution/sale of pirated software Distribution of hacking software Sale of stolen credit card number Sale of stolen data

Password Sniffing Password sniffers are programs that monitor and record the name and password of network users as they login. EX Credit Card Fraud

Information security requirements for credit cards have been increased recently. Millions of dollars lost by consumers who have credit card stolen from online database.

Identity theft Identity theft is a fraud involving another perosn’s identity for an illegal purpose.

Computer Network Intrusions Hackers can break into computer systems from anywhere in the world and steal data, plant viruses, insert Trojan horses or change user names and passwords.

Questions What is Cybercrime? How do you define it? How do we classify cybercrimes? Explain each one briefly. What are the different types of cybercriminals? Explain each one briefly. Define the following terms Cyberterrorism Cyberpunk Cyberdefamation Cyberwarefare

CYBER OFFENCES

How Criminal Plan offenses Cybercriminal use the internet for illegal activities to store data, contacts, account information, etc.

Hackers, Crackers and Phreakers A HACKER is a person with strong interest in computers who enjoys learning and experimenting with them. Hackers are usually very talented, smart people who understand computers better than others. Brute force hacking It is a technique used to find passwords or encryption keys. Brute force hacking involves trying every possible combination of letters, numbers, etc until the code is broken. CRACKER A cracker is a person who breaks into computers. People who commit cybercrimes are known as “Crackers”.Crackers should not be confused with hackers. The term cracker is usually connected to computer criminals. Cracking It is the act of breaking into computers. Cracking is popular, growing subject on the internet. Many sites are devoted to supplying crackers with programs that allow them to crack computers. PHREAKING This is the notorious art of breaking into communication system. Phreaking sites are popular among crackers and other criminals.

How Criminals plan the attacks Criminals use many methods and tools to locate weakness(vulnerability) of their target. Criminals plan ➢ PASSIVE AND ➢ ACTIVE ATTACKS. Active attacks are usually used to alter the system Passive attacks attempt to gain information about the target.

In addition to the active and passive categories, attacks can be categorized as either ➢ INSIDE OR ➢ OUTSIDE

Inside Attack An attack originating and/or attempted within the security perimeter of an organization is an inside attack. It is usually attempted by an “insider” who gains access to more resources than expected. Outside Attack ✓ An outside attack is attempted by a source outside the security perimeter. ✓ It may be attempted by an insider and/or an outsider. ✓ It is attempted through the Internet or a remote access connection. ✓ PHASES INVOLVED IN PLANNING CYBERCRIME ➢ Reconnaissance (information gathering) is the first phase and is treated as passive attacks. ➢ Scanning the gathered information for the validity of the information as well as to identify the existing weakness. ➢ Launching an attack.

PHASE 1 ✓ The meaning of Reconnaissance is an act of reconnoitering – explore, often with the goal of finding something or somebody. ✓ Reconnaissance phase begins with “Footprinting”. ✓ Footprinting is the preparation toward preattack phase. ✓ Footprinting gives an overview about system weakness and provides a judgment about “How to break this?”. ✓ The objective of this phase is to understand the system, its networking ports and services, and any other aspects of its security.

Passive Attack ✓ In computer security, attempt to steal information stored in a system by electronic wiretapping or similar means. Although, in contrast to active attack, passive attack does not attempt to interfere with the stored data, it may still constitute a criminal offense. ✓ A passive attack involves gathering information about a target without his/her knowledge. Information can be gathered from ✓ It is usually done using Internet searches or by Googling. ✓ They use Google Earth to locate information about employees. ✓ Surfing online community groups like orkut/facebook will prove useful to gain the information about an individual. ✓ Organization’s website may provide a personnel directory or information about key employees. ✓ Bolgs, newgroups, press releases, etc. are generally used as the mediums to gain information about the company or employee. ✓ Going through the job postings in particular job profiles for technical persons. ✓ Network sniffing is another means of passive attack to yield useful information such as IP, hidden servers or networks.

Electronic wire tapping & electronic eavesdropping are two types of electronic surveillance that play important role in criminal activities as well as investigation.

Electronic wiretapping involves the use of covert (covering) means to intercept(obstruct), monitor & record telephone conversations

Electronic eavesdropping involves the placement of a “bug” inside private premises to secretly record conversation or activities

TOOLS USED FOR PASSIVE ATTACK ✓ Google Earth ✓ WHOIS : An internet utility that returns information about a domain name or ip address Ex: if we enter Microsoft.com it will return ip address and domains owner ✓ Nslookup (name server lookup) : It is the name of a program that lets an internet server administration or any computer user enter a host name na d findout the corresponding ip address & domain name system and it will also do the reverse name lookup & find the host name for an ip address we specify Ex: 65.214.43.37 (ip address) it send domain query to designated system i.e domain name system server ✓ Dnsstuff : It includes DNS tools, networking tools, DNS reporting and ip address information gathering ✓ eMailTracker : software/applications used track for analyzing emails & disclose original sender location and track email address ✓ Website Watcher : It monitor complete website, check for updates,changes, password protected pages, highlights in web page

Active Attack In computer security, persistent attempt to introduce invalid data into a system, and/or to damage or destroy data already stored in it. In many countries, it is a criminal offense to attempt any such action.

Port Scanning ✓ A port is place where information goes into and out of a computer. ✓ Ports are entry/exit points that any computer has, to be able to communicate with external machines. ✓ Each computer is enabled with three or more external ports. ✓ Port scanning is an act of systematically scanning a computer’s ports.

PHASE – 2 : Scanning and Scrutinizing gathered information Scanning is a key step to examine intelligently while gathering information about the target. The objectives of scanning are as follows ✓ Port Scanning : Identify open/close ports and services. ✓ Network scanning : Understand IP addresses and related information about the computer network system. ✓ Vulnerability scanning: Understand the existing weaknesses in the system.

The scrutinizing (inspecting) phase is called “enumeration” (listing) in the hacking world. The objective behind this step is to identify : ✓ The valid user accounts or groups; ✓ Network resources and/or shared resources; ✓ OS and different applications that are running on the OS. NOTE : Usually most of the attackers consume 90% of the time in scanning, scrutinizing and gathering information on a target and 10% of the time in launching the attack.

PHASE 3 : Attack ✓ The attack is launched using the following steps : ✓ Crack the password; ✓ Exploit the privileges; ✓ Execute the malicious command/applications; ✓ Hide the files (if required); ✓ Cover the tracks – delete the access logs, so that there is no trail illicit activity.

SOCIAL ENGINEERING ✓ Social engineering is the “technique to influence” people to obtain the information. ✓ It is generally observed that people are the weak link in security and this principle makes social engineering possible. ✓ Social engineering involves gaining sensitive information or unauthorized access privileges by building inappropriate trust relationships with insiders.

Classification of Social Engineering ➢ Human Based Social Engineering

➢ Computer Based Social Engineering

Human Based Social Engineering : Human based social engineering refers to person-to-person interaction to get information. ✓ Impersonating an employee or valid user ✓ Posing as an important user ✓ Using a third person ✓ Calling technical support ✓ Shoulder surfing ✓ Dumpster diving

Computer Based Social Engineering: Computer based social engineering refers to an attempt made to get the required information by using computer software/internet.

✓ Fake E-mail ✓ E-mail attachments ✓ Pop-up windows

Cyberstalking Stalking is an “act or process of following victim silently – trying to approach somebody or something” Cyberstalking has been defined as the use of information and communications technology of individuals to harass another individual. Types of Stalkers There are primarily two types of stalkers. ➢ Online stalkers ➢ Offline stalkers Online stalkers ✓ They aim to start the interaction with the victim directly with the help of the internet (email/Chat Room). ✓ The stalker makes sure that the victim recognizes the attack attempted on him/her. ✓ The stalker can make use of a third party to harass the victim.

Offline stalkers The stalker may begin the attack using traditional methods such as following victim, watching the daily routine of the victim, etc. For ex. Use of community sites, newsgroups, social websites, personal websites. The victim is not aware that the Internet has been used to achieve an attack against them.

Cases reported on Cyberstalking The majority of cyberstalking are men and the majority of their victims are women. In many cases, the cyberstalker is ex-lover, ex-spouse, boss/subordinate, and neighbor. There also have been cases about strangers who are cyberstalkers.

How Stalking works? ✓ Personal information gathering about the victim; ✓ Establish a contact with victim through telephone/cell phone. Once the contact is established, the stalker may make calls to the victim to harass. ✓ Stalkers always establish a contact with victim through e-mail. ✓ The stalker may post the victim’s personal information as sex workers’ service or dating service. The stalker will use bad/attractive language to invite the interested persons. ✓ Whosoever comes across the information, starts calling victim and asking for sexual services or relationship. ✓ Some stalkers subscribe the e-mail account of the victim to innumerable pornographic and sex sites.

Real Life Example The indian police have registered first case of cyberstalking in Delhi. Mrs. Joshi received almost 40 calls in 3 days mostly at odd hours. Mrs. Joshi decided to register a complaint with Delhi police. A person was using her ID to chat over the Internet at the website www.mirc.com.

CYBERCAFE AND CYBERCRIMES ✓ In February 2009 survey, 90% of the audience across eight cities and 3500 cafes were male and in the age group of 15-35 years; ✓ 52% were graduates and postgraduates ✓ Almost 50% were students. ✓ In India, cybercafes are known to be used for either real or false terrorist communication.

Cybercafe hold two types of risks We do not know what programs are installed on the computer like keyloggers or spyware. Over the shoulder peeping can enable others to find out your passwords. Cybercriminals prefer cybercafes to carry out their activities.

A recent survey conducted in one of the metropolitan cities in India reveals the following facts :

✓ Pirated softwares are installed in all the computers. ✓ Antivirus was not updated with latest patch. ✓ Several cybercafes has installed “Deep Freeze” to protect computer which helps cybercriminals. ✓ Annual Maintenance Contract (AMC) was not found for servicing of the computer. ✓ Pornographical websites were not blocked. ✓ Cybercafe owner have very less awareness about IT security. ✓ Cybercafe association or State Police do not seem to conduct periodic visits to cybercafe.

Security tips for cybercafe ✓ Always Logout ✓ While checking email or logging in for chatting, always click logout/sign out. ✓ Stay with the computer ✓ While surfing, don’t leave the system unatteneded for any period of time. ✓ Clear history and temporary files ✓ Before browsing deselect AutoComplete option. Browser -> Tools -> Internet options -> Content tab. ✓ Tools -> Internet Option -> General Tab -> Temporary Internet Files -> Delete files and then Delete Cookies. ✓ Be alert ✓ One have to be alert for snooping over the shoulder. ✓ Avoid online financial transactions ✓ One should avoid online banking, shopping, etc. ✓ Don’t provide sensitive information such as credit card number or bank account details. ✓ Change Passwords / Virtual Keyboard ✓ Change password after completion of transaction. ✓ Almost every bank websites provide virtual keyboard. ✓ Security Warnings ✓ Follow security warning while accessing any bank websites.

BOTNET The meaning of botnet is “an automated program for doing some particular task, over a network”. Botnet term is used for collection of software that run autonomously and automatically. Botnets are exploited for various purposes, including denial-of-service attacks, creation or misuse of SMTP mail relays for spam, click fraud, and financial information such as credit card numbers. In short, a botnet is a network of computers infected with a malicious program that allows cybercriminals to control the infected machines remotely without the users’ knowledge. A Botnet is also called a zombie network.

Botnet is creation and activity A botnet operator sends out viruses or worms, infecting ordinary users' computers, whose payload is a malicious application—the bot. The bot on the infected PC logs into a particular C&C server (often an IRC server, but, in some cases a web server).

Botnet creation

Botnet Botnet selling renting

Malware and Stealing Phishing Ddos attacks Spam attacks Adware confidential attacks installation information

Selling Selling credit Selling internet card and personal services and bank account identity shops details information account

FIG : BOTNET CREATION AND ACTIVITY

A spammer purchases the services of the botnet from the operator. The spammer provides the spam messages to the operator, who instructs the compromised machines via the IRC server, causing them to send out spam messages.

Use of Botnet If someone wants to start a business and has no programming skills, there are plenty of “Bot for Sale” offers on forums. Encryption of these program’s code can also be ordered to protect them from detection by antivirus.

Points to secure the system : ✓ Use antivirus and anti-Spyware software and keep it up-to-date. ✓ Set the OS to download and install security patches automatically. ✓ Use a firewall to protect the system from hacking attacks while it is connected on the internet. ✓ Disconnected from the internet when you are away from your computer. ✓ Downloading the freeware only from websites that are known and trustworthy. ✓ Check regularly the folders in the mail box for those messages you did not send. ✓ Take an immediate action if your system is infected.

ATTACK VECTOR ✓ An attack vector is a path by which an attacker can gain access to a computer or to a network server to deliver a payload. ✓ Attack vectors enable attackers to exploit system vulnerability. ✓ Attack vectors include viruses, e-mail attachments, webpages, pop-up windows, instant messages, and chat rooms. ✓ The most common malicious payloads are viruses, trojan horses, worms and spyware. ✓ Payload means the malicious activity that the attack performs.

Ways to launch attack ✓ Attack by e-mail ✓ Attachment ✓ Attack by deception ✓ Hackers ✓ Heedless guests ✓ Attack of worms ✓ Malicious macros ✓ Virues

CYBERCRIME AND CLOUD COMPUTING Prime area of the risk in cloud computing is protection of user data. Risk associated with cloud computing environment are ✓ Any data processed outside the organization brings with it an inherent level of risk ✓ Cloud computing service providers are not able and/or not willing to undergo external assessments ✓ The organizations that are obtaining cloud computing services may not be aware about where the data is hosted and may not even know in which country it is hosted ✓ As the data will be stored under stored environment, encryption mechanism should be strong enough to segregate (separate) the data from another organization, whose data are also stored under the same server. ✓ Business continuity in case of any disaster. ✓ Due to complex IT environment and several customer logging in and logging out of the hosts, it becomes difficult to trace inappropriate and illegal activity. ✓ In case of any major change in the cloud computing service provider, the service provided is at the stake.

Remediate the Risk ✓ Customer should obtain as much information as he/she can about the service provider. ✓ The organization is entirely responsible for the security and integrity of their own data, even when it is held by a service provider. ✓ Organization should ensure that the service provider is committed to obey local privacy requirements on behalf of the organization to store and process the data in the specific jurisdictions. ✓ Organization should be aware of the arrangements made by the service provider about segregation of the data. The service provider should display encryption schemes. ✓ Service provider have to provide complete restoration of data within minimum timeframe. ✓ Organization should enforce the provider to provide security violation logs at frequent intervals ✓ Organization should ensure getting their data in case of such major event.

Questions What is social engineering? Explain each type of social engineering in detail. What is cyberstalking? What is botnet? How it works? OR How do viruses get disseminated? Explain with diagram. What is Attack Vector? How different attacks launched with attack vector. Explain cloud computing and cybercrime.