SlideShare a Scribd company logo

module 3 of cybersecurity of first year students

Download as PPTX, PDF
M
MayuraD1

module 3

Education
1 of 136
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
Cyber Security and Cyber Law Module 3: Tools and Methods used in Cybercrime Phishing and Identity Theft Gowtham R Naik The National Institute of Engineering
Topics Tools and Methods Used in Cybercrime • Introduction • Proxy Servers and Anonymizers • Phishing, Password Cracking • Keyloggers and Spywares • Virus and Worms • Trojan Horses and Backdoors • DoS and DDoS Attacks • Attacks on Wireless Networks
Introduction • As the Internet and computer networks are integral parts of information systems, attackers have in-depth knowledge about the technology and/or they gain thorough knowledge about it. • Various tools and techniques and complex methodologies used to launch attacks. • Network attack incidents reveal that attackers are often very systematic in launching their attacks.
Introduction (Continued) • The basic stages of an attack are: 1. Initial uncovering 2. Network probe 3. Crossing the line toward electronic crime (E-crime) 4. Capturing the network 5. Grab the data 6. Covering tracks
Introduction (Continued) 1. Initial uncovering • In the first step called as reconnaissance, the attacker gathers information, as much as possible, about the target by legitimate means. • Googling, public websites, news articles, press releases are used. • In the second step, the attacker uncovers as much information as possible on the company’s internal network. • Internet domain, machine names, IP ranges are identified.
Introduction (Continued) 2. Network probe • Invasive technique to find more information. • A “ping sweep” of the network IP addresses is performed to seek out potential targets, and then a “port scanning” tool is used to discover exactly which services are running on the target system. • Attacker has done nothing that is considered as abnormal activity/intrusion on network.
Introduction (Continued) 3. Crossing the line toward electronic crime (E-crime) • Now the attacker is toward committing what is technically a “computer crime” by exploiting possible holes on the target system. • Exploit possible holes in the system. • Programming errors can be exploited. CGI and Buffer overflow attacks. • Default logins, and attempt for admin/root access after gaining access.
Introduction (Continued) 4. Capturing the network: • At this stage, the attacker attempts to “own” the network. The attacker gains a foothold in the internal network quickly and easily. • Tools to replace system files with Trojan files and services that have a backdoor password. • Hacking tools to remove log files and trace of intrusion. • Using backdoor, hackers can access the system later and carry out attacks on the entire network, next level attacks.
Introduction (Continued) 5. Grab the data • Now that the attacker has “captured the network,” he/she takes advantage of his/her position to steal confidential data, customer credit card information, deface webpages, alter processes and even launch attacks at other sites from your network.
Introduction (Continued) 6. Covering tracks • This is the last step in any cyberattack, which refers to the activities undertaken by the attacker to extend misuse of the system without being detected. • Attacker can go undetected for long periods.
Proxy Servers and Anonymizers • Proxy server is a computer on a network which acts as an intermediary for connections with other computers on that network. • Attacker first connects to a proxy server and establishes a connection with target system. This helps attacker to browse anonymously. • A proxy server has following purposes: 1. Keep the systems behind the curtain. 2. Speed up access to a resource (through “caching”). 3. Specialized proxy servers are used to filter unwanted content such as advertisements. 4. Proxy server can be used as IP address multiplexer to enable to connect number of computers on the Internet, whenever one has only one IP address.
module 3 of cybersecurity of first year students
Proxy Servers and Anonymizers (Continued) • Advantage of proxy server is that its cache memory can serve all users. Same website being requested by different users, this will improve response time. Cache servers. • An anonymizer or an anonymous proxy is a tool that attempts to make activity on the Internet untraceable. • It accesses the Internet on the user’s behalf, protecting personal information by hiding the source computer’s identifying information. • Web surfing through website which acts as a proxy server for web client. • Anonymizer hides/removes all the identifying information from a user’s computer, ensures privacy of the user.
Phishing • Phishing is a fake or false e-mail which can infect systems within addition to stealing personal and financial data. • How Phishing Works? Phishers work in the following ways: 1. Planning (decide the target) 2. Setup (create methods for delivering the message and to collect the data about the target), 3. Attack (phisher sends a phony message), 4. Collection (record the information of victims) 5. Identity theft and fraud (use the information that they have gathered to make illegal purchases or commit fraud)
module 3 of cybersecurity of first year students
Password Cracking • Password cracking is a process of recovering passwords from data that have been stored in or transmitted by a computer system. • Purpose of password cracking • To recover a forgotten password. • To check password strength by system administrators. • To gain unauthorized access. • Manual password cracking • Find a valid user account (admin, guest) • Create a list of possible passwords. • Rank the passwords from high to low probability. • Key-in each password. • Try again until successful.
Password Cracking (Continued) • Examples of guessable passwords include: 1. Blank (none); 2. the words like “password,” “passcode” and “admin”; 3. series of letters from the “QWERTY” keyboard, for example, qwerty, asdf or qwertyuiop; 4. user’s name or login name; 5. name of user’s friend/relative/pet; 6. user’s birthplace or date of birth, or a relative’s or a friend’s; 7. user’s vehicle number, office number, residence number or mobile number; 8. name of a celebrity who is an idol (e.g., actors, actress, spiritual gurus) by the user; 9. simple modification of one of the preceding, such as suffixing a digit, particularly 1, or reversing the order of letters.
Password Cracking (Continued) • Attackers create script file which will be executed to try each password in a list. Even this is time consuming. • Passwords are stored in a DB and password verification is done when user attempts to access. • To maintain confidentiality, passwords are not stored in clear text. Hashing/Encryption. • Password cracking attacks can be classified under three categories as follows: 1. Online attacks; 2. offline attacks; 3. non-electronic attacks (e.g., social engineering, shoulder surfing and dumpster diving).
Thank you.
Password Cracking (Continued) • Online Attacks • Automated scripts to try all password. • The most popular online attack is man-in- the middle (MITM) attack, also termed as “bucket-brigade attack” or sometimes “Janus attack.” • It is a form of active eavesdropping in which the attacker establishes a connection between a victim and the server to which a victim is connected.
module 3 of cybersecurity of first year students
Password Cracking (Continued) • Offline Attacks • Location is other than the target location. • Offline attacks usually require physical access to the computer and copying the password file from the system onto removable media. • Types of offline attacks • Dictionary attack (Admin) • Hybrid attack (Adm1n) • Brute force attack (Admin@09)
module 3 of cybersecurity of first year students
module 3 of cybersecurity of first year students
Password Cracking Strong, Weak and Random Passwords Weak password • A weak password is one, which could be easily guessed, short, common and a system default password that could be easily found by executing a brute force attack and by using a subset of all possible passwords. • Can each one of you give at least one sample weak password?
Password Cracking Strong, Weak and Random Passwords Strong password • A strong password is long enough, random or otherwise difficult to guess – producible only by the user who chooses it. • Can each one of you give at least one sample strong password?
Password Cracking Strong, Weak and Random Passwords • Random Password • Password is stronger if it includes a mix of upper and lower case letters, numbers and other symbols, when allowed, for the same number of characters. • The difficulty of the password will make the user to write it down somewhere which the password vulnerable. • Pseudorandom passwords – It follows some pattern. • System generated password and password aging.
Password Cracking Strong, Weak and Random Passwords • Random Password - The general guidelines applicable to the password policies are: 1. Passwords and user IDs must be unique to each user. 2. Minimum of 8 alphanumeric characters. 3. Password rules and periodic testing to identify password weakness. 4. Private and must not be shared with anyone, not to be coded or written anywhere. 5. Must be changed in 30/45 days, automatic expiration, prevent reusing password. 6. Freezing accounts after 5 failed logins, record in log, audit log and take action. 7. Session must be suspended after 15 minutes of inactivity. 8. Display date and time of last login. 9. Accounts must be suspended if not used for a long duration. 10. High risk systems, alarm for excessive violations, let the personal continue with the session while personnel investigate alarm.
Password Cracking Strong, Weak and Random Passwords • Netizens should follow password guidelines: 1. Password for business, personal, banking account must be different. 2. Should be minimum 8 alphanumeric characters. 3. Should be changed every 30/45 days. 4. Should not be shared with anyone. 5. While renewing passwords, old passwords should not be used. 6. Passwords must be changed using secure systems if accessed using public systems. 7. Should not be stored on mobile devices etc, which are vulnerable to cyber attacks. 8. Check legitimacy of the email before clicking on the hyperlinks (Bank email) 9. Check legitimacy of the SMS before following the instructions. 10. If hacked, respective agencies must be informed immediately.
Keyloggers and Spywares • Keystroke logging- practice of noting (or logging) the keys struck on a keyboard. • Keystroke logger or keylogger is quicker and easier way of capturing the passwords and monitoring the victims’ IT savvy behaviour. • It can be classified as software keylogger and hardware keylogger.
Keyloggers and Spywares (Continued) Software Keyloggers • Software keyloggers are software programs installed on the computer systems which usually are located between the OS and the keyboard hardware, and every keystroke is recorded. • They are installed by Trojans and viruses without the knowledge of the user. • Insecure computers systems in public places. • A keylogger usually consists of two files in a directory: a dynamic link library (DLL) file and an Executable (EXE) file that installs the DLL file and triggers it to work.
Keyloggers and Spywares (Continued) Hardware Keyloggers • Hardware keyloggers are small hardware devices connected to the PC and/or to the keyboard and save every keystroke into a file or in the memory of the hardware device. • These keyloggers look like an integrated part of such systems; hence, bank customers are unaware of their presence. • Keyloggers in ATM.
Keyloggers and Spywares (Continued) • Anti-keylogger • Anti-keylogger is a tool that can detect the keylogger installed on the computer system and also can remove the tool. • Advantages are: 1. Firewalls cannot detect the installations of keyloggers on the systems; hence, anti-keyloggers can detect installations of keylogger. 2. This software does not require regular updates of signature bases to work effectively such as other antivirus and anti-spy programs. 3. Prevents Internet banking frauds. 4. It prevents ID theft. 5. It secures E-Mail and instant messaging/chatting.
Keyloggers and Spywares (Continued) • Spywares • Spyware is malicious software secretly installed on the user’s personal computer. • Spywares such as keyloggers are installed by the owner of a shared, corporate or public computer on purpose to secretly monitor other users. • Collect personal information, internet browsing data and redirect browsing data. • Change settings resulting in slow Internet speed. • Anti-spyware software are available in the market.
Viruses and Worms • Computer virus is a program that can “infect” legitimate programs by modifying them to include a possibly “evolved” copy of itself. • Spreads like biological viruses spread from one person to another. • Viruses may contain malicious instructions (cause damage, annoyance) and can spread without visible symptoms. • It can start event-driven effects, time-driven effects, or could be random.
Viruses and Worms (Continued) • Viruses can take some typical actions: 1. Display a message to prompt an action which may set of the virus; 2. delete files inside the system into which viruses enter; 3. scramble data on a hard disk; 4. cause erratic screen behaviour; 5. halt the system (PC); 6. just replicate themselves to propagate further harm.
Viruses and Worms (Continued) • The term virus is erroneously used to refer to other types of malware, adware, spyware that may not spread. • A true virus can spread from one system to another. • A worm spread itself automatically to other computers through networks by exploiting security vulnerabilities. • Trojan is a code/program that appears to be harmless but hides malicious functions.
module 3 of cybersecurity of first year students
Thank you.
module 3 of cybersecurity of first year students
module 3 of cybersecurity of first year students
module 3 of cybersecurity of first year students
Viruses and Worms (Types of Viruses) • Computer viruses can be categorized based on attacks on various elements of the system and can put the system and personal data on the system in danger. 1. Boot sector viruses • Infects storage media where OS is stored. First sector is BOOT and it carries Master Boot Record (MBR). • MBR reads and loads OS, enables system to start through OS. • Spreads through shared infected disks and pirated software. 2. Program viruses • Becomes active when program file (.bin, .com, .exe, .ovl, .drv) is executed. • Makes copies of itself and infects other programs.
Viruses and Worms- Types of Viruses (Continued) 3. Multipartite viruses • Hybrid of boot sector and program virus. • Infects program files and boot files when infected. 4. Stealth viruses • It camouflages or masks itself and detecting this type of virus is difficult. • Anti virus cannot detect it. • Alters file size and conceals itself to be hidden in the system. • Good anti-virus can detect these kind of viruses.
Viruses and Worms- Types of Viruses (Continued) 5. Polymorphic viruses • Acts like chameleon and changes virus signature every time it spreads through the system. • Polymorphic generators – Routines that can be linked with existing viruses, they are not viruses but they hide actual viruses. 6. Macroviruses • Microsoft word and excel support macros. • Macros are embedded in a document. • Macroviruses infect every document opened by the user. • Updated anti-virus can detect these.
Viruses and Worms- Types of Viruses (Continued) 7. Active X and Java Control • Web browsers have Active X and Java Control options. • Enabling and disabling pop-ups, downloading files and sound which invites threats for computer system. • Viruses have various aspects: • Attacks specific file types. • Manipulates a program to execute tasks unintentionally. • Infected program produces more viruses. • Infected program may run without error for a long time. • Modify themselves and may escape detection.
Trojan Horses and Backdoors (Continued) • Trojan Horse is a program in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and cause harm. • Trojans can get into the system in a number of ways, including from a web browser, via E-Mail or in a bundle with other software downloaded from the Internet. • Unlike viruses or worms, Trojans do not replicate themselves but they can be equally destructive. • On the surface, Trojans appear benign and harmless, but once the infected code is executed, Trojans kick in and perform malicious functions to harm the computer system without the user’s knowledge.
Trojan Horses and Backdoors (Continued) • Waterfalls.scr is a waterfalls screensaver can contain hidden malware and infect PCs. • Threats by Trojan are 1. Erase, overwrite or corrupt data on a computer. 2. Help to spread other malware. 3. Deactivate or interfere with anti-virus software. 4. Allow remote access to your computer. 5. Upload and download files without your knowledge. 6. Gather email addresses and use them for spam. 7. Log keystrokes to steal information. 8. Copy fake links to false websites, display porno sites, play sounds/videos. 9. Slow down, restart or shutdown the system. 10. Reinstall themselves after being disabled. 11. Disable task manager. 12. Disable control panel.
Trojan Horses and Backdoors (Continued) Backdoor • A backdoor is a means of access to a computer program that bypasses security mechanisms. • A programmer may sometimes install a backdoor so that the program can be accessed for troubleshooting or other purposes. • An attackers often use backdoors that they detect or install themselves as part of an exploit. • In some cases, a worm is designed to take advantage of a backdoor created by an earlier attack.
Trojan Horses and Backdoors (Continued) Backdoor (Continued) • They are hidden and work in background. • What a Backdoor does? Its function are: 1. Allows an attacker to create, delete, rename, copy or edit any file, execute commands, change settings, alter registry, run, control and terminate programs. 2. Allows attacker to take control of the hardware devices, shutdown and restart computers. 3. Steal sensitive information, credentials, log user activity and tracks browsing data. 4. Records keystrokes and captures screenshots. 5. Sends all the gathered information to predefined email address, uploads data to FTP server.
Trojan Horses and Backdoors (Continued) Backdoor (Continued) 6. Infects files, corrupts applications and damages entire system. 7. Distributes infected files to computer with vulnerabilities. 8. Installs hidden FTP servers for illegal activities. 9. Degrades internet connection speed and overall system performance. 10. Provides no uninstall feature and hides processes, files to complicate removal process.
Trojan Horses and Backdoors (Continued) How to Protect from Trojan Horses and Backdoors 1. Stay away from suspect websites/weblinks • Avoid downloading from free / pirated software. 2. Surf on the Web cautiously • Avoid downloading from peer-to-peer networks. • Enable spam filters. 3. Install antivirus/Trojan remover software • Anti-virus work against viruses, trojans, malware, etc. • Free trojan remover programs are available.
module 3 of cybersecurity of first year students
Activity • Hide a secret information in a image using Steganography technique.
Thank you.
DoS and DDoS Attacks • A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. • DoS Attacks • The attacker floods the bandwidth of the victim’s network or fills his E-Mail box with Spam mail depriving him of the services he is entitled to access or provide. • Targets high-profile sites such as banks, payment gateways, mobile phone networks, name servers, etc.
DoS and DDoS Attacks • DoS Attacks (Continued) • IP address is spoofed – source IP address is changed to hide the actual IP or to impersonate other system. • Victim keeps waiting for response for each request.
DoS and DDoS Attacks • DoS Attacks (Continued) • US Computer Emergency Response Team defined symptoms of DoS attacks • Unusually slow network performance. • Unavailability of a particular website. • Inability to access any website. • Dramatic increase in the number of Spam Emails received.
DoS and DDoS Attacks • DoS Attacks (Continued) • The goal of DoS is not to gain unauthorized access to systems or data, but to prevent intended users (i.e., legitimate users) of a service from using it. 1. Flood a network with traffic, thereby preventing legitimate network traffic. 2. Disrupt connections between two systems, thereby preventing access to a service. 3. Prevent a particular individual from accessing a service. 4. Disrupt service to a specific system or person.
DoS and DDoS Attacks Classification of DoS Attacks 1. Bandwidth Attacks • Each website is given a limited bandwidth (say 50 Gb), users load 100 pages of the site and reload it to consume all the available bandwidth. 2. Logic Attacks • Vulnerabilities in network software such as web server or TCP/IP stack. 3. Protocol Attacks • Exploit specific features or implementation bug of some protocol. 4. Unintentional DoS attack • Sudden spike in the popularity.
DoS and DDoS Attacks Types or Levels of DoS Attacks 1. Flood attack • Ping flood. • Uses PING command. • Attacker must have faster connection than victim. • Complete prevention is difficult. 2. Ping of death attack • Oversized ICMP packets. • Max size is 65,536 octets. • Upon receiving system may crash, freeze and reboot – unavailable.
DoS and DDoS Attacks Types or Levels of DoS Attacks (Continued) 3. SYN attack • TCP SYN Flooding. • Client to server – SYN, Server to client – SYN- ACK, client should respond to this but intentionally ignores this. • Server reserves memory for client’s pending connection and waits. • This fills buffer preventing access to legitimate clients.
module 3 of cybersecurity of first year students
DoS and DDoS Attacks Types or Levels of DoS Attacks (Continued) 4. Teardrop attack • TCP/IP fragmentation reassembly code bug. • Fragmented packets are forged to overlap each other when the receiving host tries to reassemble them. • Older versions of windows and Linux were vulnerable to this attack. 5. Smurf Attack • Generate significant computer network traffic on a victim’s network. • Host sends a ICMP request to a network broadcast address. • All devices respond to this and the target network/node receives response from all the devices creating huge traffic.
DoS and DDoS Attacks Types or Levels of DoS Attacks (Continued) 6. Nuke • Fragmented or corrupt ICMP packets to target. • A string of out-of-band data was sent to TCP port 139 causing blue screen of death. • Target machine slows down and eventually shuts down.
DoS and DDoS Attacks Tools used to Launch DoS Attack • Jolt2 – Processing illegal packets. • Nemesy – random packets of spoofed source IP address. • Targa – 8 different types of DoS attacks. • Crazy pinger – Large number of ICMP packets to a remote target network. • SomeTrouble – Remote flooder and bomber.
DoS and DDoS Attacks DDoS Attacks • In a DDoS attack, an attacker may use your computer to attack another computer. • By taking advantage of security vulnerabilities or weaknesses, an attacker could take control of your computer. • He/she could then force your computer to send huge amounts of data to a website or send Spam to particular E-Mail addresses. • A DDoS attack is a distributed DoS wherein a large number of zombie systems are synchronized to attack a particular system. The zombie systems are called “secondary victims” and the main target is called “primary victim.”
DoS and DDoS Attacks DDoS Attacks (Continued) • DDoS attacks involves hardcoding the target IP address prior to release of the malware, hence no further interaction is necessary to launch the attack. • A system may also be compromised with a Trojan, allowing the attacker to download a zombie agent.
DoS and DDoS Attacks How to protect from DoS/DDoS attacks 1. Implement router filters. 2. If such filters are available for your system, install patches to guard against TCP SYN flooding. 3. Disable any unused or inessential network service. 4. Enable quota systems on your OS if they are available. 5. Observe your system’s performance and establish baselines for ordinary activity 6. Routinely examine your physical security with regard to your current needs.
DoS and DDoS Attacks How to protect from DoS/DDoS attacks (Continued) 7. Use Tripwire or a similar tool to detect changes in configuration information or other files. 8. Invest in and maintain “hot spares” – machines that can be placed into service quickly if a similar machine is disabled. 9. Invest in redundant and fault-tolerant network configurations. 10. Establish and maintain regular backup schedules and policies, particularly for important configuration information. 11. Establish and maintain appropriate password policies, especially access to highly privileged accounts such as Unix root or Microsoft Windows NT Administrator.
Additional Reading How did FBI trick criminals into using an app? https://www.bbc.com/news/world -57394831
Thank you.
Attacks on Wireless Networks • Even when people travel, they still need to work. • The employee is no longer tied to an office location and is, in effect, “boundaryless.” • The following are different types of “mobile workers”: 1. Tethered/remote worker 2. Roaming user 3. Nomad 4. Road warrior
Attacks on Wireless Networks (Continued) 1. Tethered/remote worker • Remains at a single point of work but is remote to the central company systems. 2. Roaming user • Who works in an environment or in multiple areas. 3. Nomad • Employees in hotel rooms and other semi- tethered environments. 4. Road warrior • Ultimate mobile user, spends little time in office. Needs regular access to data and function on the move.
Attacks on Wireless Networks (Continued) • Wireless networks extend the range of traditional wired networks by using radio waves to transmit data to wireless-enabled devices such as laptops and PDAs. • Wireless networks are generally composed of two basic elements: a) access points (APs) b) other wireless-enabled devices, such as laptops radio transmitters and receivers to communicate or “connect” with each other.
Attacks on Wireless Networks (Continued)
Thank you.
Attacks on Wireless Networks (Continued) • Important Components of wireless network (other than routers, hubs and firewalls) 1. 802.11 networking standard • Family of WLANs. • 802.11a – 54 Mbps in 5 GHz band uses orthogonal frequency division multiplexing (OFDM). • 802.11b - 11 Mbps in 2.4 GHz band – “Wi-Fi Standard”. • 802.11g – 54 Mbps in 2.4 GHz band using OFDM. • 802.11n – Multiple-input multiple-output (MIMO), 140 Mbps. • 802.15 – Bluetooth technology. • 802.16 – WiMax, Wireless Metropolitan Area Networks.
Attacks on Wireless Networks (Continued) 2. Access points • Hardware/Software that acts as transmitter and receiver of WLAN radio signals. • Connects to wired LAN. 3. Wi-Fi hotspots • Free Wi-Fi hotspots – Public places, free of cost, click and connect, no authentication, Vulnerable to cyber attacks. • Commercial hotspots – Authentication, payment to avail services, Airports, Business hotels, VPNs for secure access. 4. Service set identifier (SSID) • Name of the 802.11i WLAN and all wireless devices must use same name to communicate. • Administrator/User sets a SSID (can be 32 characters long). • Turn off SSID broadcast, force manual entering of SSID.
Attacks on Wireless Networks (Continued) 5. Wired equivalence privacy (WEP) • Safety matching the Ethernet standard, 802.11i in 1997. 6. Wi-Fi protected access (WPA and WPA2) • In 2001, serious vulnerabilities were found in WEP. • WPA was introduced as a interim standard to replace WEP. • WPA2 – approved Wi-Fi alliance interoperable implementation of 802.11i. • WPA2- uses AES.
Attacks on Wireless Networks (Continued) 7. Media access control (MAC) • Unique identifier of each node of the network and is assigned by manufacturer of NIC. • MAC filtering – Only matching devices gets access – done through Router. • MAC address Spoofing. • New device – MAC address must added manually.
Attacks on Wireless Networks (Continued) • Traditional Techniques of Attacks on Wireless Networks • Penetration of a wireless network through unauthorized access is termed as wireless cracking. • There are various methods that demand high level of technological skill and knowledge, and availability of numerous software tools made it less sophisticated with minimal technological skill to crack WLANs. • Sniffing • Spoofing • Denial of service (DoS) • Man-in-the-middle attack (MITM) • Encryption cracking
Attacks on Wireless Networks (Continued) • Traditional Techniques of Attacks on Wireless Networks 1. Sniffing • Eavesdropping on network. • Intercept wireless data in unsecured network. • Attacker installs sniffers to conduct following activities. • Passive scanning of wireless network. • Detection of SSID. • Collecting the MAC address. • Collecting the frames to crack WEP.
Attacks on Wireless Networks (Continued) 2. Spoofing • Masquerade the identity by falsifying data. • Create a new network, with same SSID in the same area. • Computers automatically connect to this new strong network. • MAC address spoofing – Change the assigned MAC address to a different one, by-passes ACL by impersonating others. • IP Spoofing – Process of creating IP packets with a forged IP address, to conceal identity or impersonate other user. • Frame spoofing – Injects frames whose content is carefully spoofed and are valid as per 802.11 specifications, these are not authenticated in 802.11 networks . 3. Denial of service (DoS)
Attacks on Wireless Networks (Continued) 4. Man-in-the-middle attack (MITM) • Attacker A inserts between the communication of X and Y with the knowledge of X and Y. • All messages between X and Y goes through A. • Can simply observe or can even make modifications to messages. 5. Encryption cracking • WPA encryption for protection. • Older encryption techniques are vulnerable and may be exploited. • Long and highly randomized encryption key making it extremely difficult to crack.
Attacks on Wireless Networks (Continued) • Theft of Internet Hours and Wi-Fi-based Frauds and Misuses • Wireless network into homes enables the Internet on the finger tip of home users. • Plug and play features of wireless networks. • In case, unfortunately, he/she visits a malicious webpage, the router is exposed for an attack. • As the networks become stronger and more prevalent, more of the signals are available outside the home of the subscriber, spilling over into neighbor’s apartments, hallways and the street.
Attacks on Wireless Networks (Continued) • Theft of Internet Hours and Wi-Fi-based Frauds and Misuses • Is stealing wireless network illegal? • Connecting to a wireless network among the different available networks is not illegal. • Making efforts to intentionally move to a particular location, connect to a network and carry out unwanted activities in illegal. • Be careful with use of WAPs; when you are using a WAP to gain access to computer on a network • be aware of the local laws/legislations where you are doing it because things can become dangerous from security and privacy as well legal perspective.
Attacks on Wireless Networks (Continued) • How to Secure the Wireless Networks • Following summarized steps will help to improve and strengthen the security of wireless network: 1. Change the default settings of all the equipment /components of wireless network (e.g., IP address/ user IDs/administrator passwords, etc.). 2. Enable WPA/WEP encryption. 3. Change the default SSID. 4. Enable MAC address filtering. 5. Disable remote login. 6. Disable SSID broadcast. 7. Disable the features that are not used in the AP (e.g., printing/music support).
Attacks on Wireless Networks (Continued) 8. Avoid providing the network a name which can be easily identified (e.g., My_Home_Wifi ). 9. Connect only to secured wireless network (i.e., do not auto connect to open Wi-Fi hotspots). 10. Upgrade router’s firmware periodically. 11. Assign static addresses to devices. 12. Enable firewalls on each computer and the router. 13. Position the router or AP safely. 14. Turn off the network when not in use. 15. Monitor wireless network security periodically.
Chapter 2: Phishing and Identity Theft • Introduction • Phishing • Methods of Phishing • Phishing techniques • Spear phishing • Types of phishing scams • Phishing toolkits and spy phishing • Phishing countermeasures • Identity Theft (ID Theft) • PII • Types of Identity Theft • Techniques of ID Theft • Countermeasures • How to efface online identity
Thank you.
Phishing and Identity Theft- Introduction • Phishing is one of the methods of enticing users to reveal their personal information - Identify. • Identity theft involves unauthorized access to personal data. • Indian IT Act Section 66C – Misuse of identity - 3 years of imprisonment or one lakh fine. • Indian IT Act Section 66D – Cheating using communication device - 3 years of imprisonment or one lakh fine. • Phishing is the use of social engineering attacks to trick users into revealing confidential information.
Phishing and Identity Theft- Introduction • Phishing attacks are on the rise in Asia, Europe and North America. • Europe is the dominant source of Phishing E- mails. • US, India and China are the most targeted countries. • Financial organizations, payment services and auction websites were the most targeted industry. • Port 80, 443 and 8080 are the most popular ports among the phishing attacks.
Phishing • Definitions • Criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as trustworthy entity in an electronic communication. • Act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for ID theft. • Scam to steal valuable information such as credit card and social security numbers, user IDs and password. Brand spoofing. • In summary, Phishing is a type of deception to steal your identity. • Emails is the popular medium used in the phishing attack. These are known as spam emails.
Phishing (Spam E- Mails) • Junk E-mails – Nearly identical emails sent to numerous recipients. • Botnets are used for sending spams and they account to 80% of spams. • Types of Spam are: UBE and UCE. • Unsolicited bulk E-Mail – unsolicited emails sent in large quantities. • Unsolicited commercial E-Mail - unsolicited emails sent in large quantities from commercial perspective. • Spam E-Mails forge organizations such as: • HSBC, Common Wealth Bank – International banks having large customer base. • eBay – Auction site. • Amazon – Top brands. • Facebook – Social networking sites.
Phishing (Spam E- Mails) • Tactics used by a phisher • Names of legitimate organizations (Create phony company, use company’s name, look and feel of company site in Spam) • “From” a real employee (Real name of an official, if users check official company website, they will find the same name) • URLs that “look right” (Spoofed sites, selected pages of legitimate site) • Urgent messages (Fear to trigger a response, “No longer be able to access account”) • Phrases used to entice the user • “Verify your account” • “You have won the lottery” • “If you don’t respond within 48 hours, your account will be closed”
Phishing (Spam E- Mails) • Ways to reduce the amount of Spam E-mails: 1. Share personal email id with limited people on public websites, more it is exposed, more spam will be sent. 2. Never reply or open spam email. 3. Disguise the email address on public website spelling “@” and “.” narenderATnieDOTacDOTin instead of narender@nie.ac.in 4. Use alternate email ids for personal work, don’t use business email addresses everywhere. 5. Do not forward any emails from unknown recipients. 6. Preview an email before opening it. 7. Never use email addresses as screen names in chat groups or rooms. 8. Never respond to a spam email asking to remove your email address from the mailing list.
Phishing (Hoax E- Mails) • Deliberate attempt to deceive or trick user into believing or accepting that something is real, when it is actually false. • It may or may not be spam. • Difficult to recognize whether an email is a spam or hoax. • Websites to check if it is hoax. • Breakthechain.org • Hoaxbusters.org
Methods of Phishing 1. Dragnet 2. Rod-and-reel 3. Lobsterpot 4. Gillnet
Methods of Phishing 1. Dragnet • Use of spammed emails, bearing falsified corporate identification, addressed to a large group of people to websites or pop-up windows. • Phishers do not identify victims in advance and rely on the false information included in the email. • Requested to enter bank or credit card account data or other personal data. 2. Rod and reel • Identify specific prospective victims in advance, and convey false information to them to prompt their disclosure of personal and financial data. • Phony webpages for an item for which the user may be searching for. Attract them by giving better deals. • Victim’s visit these sites and provide personal and financial information.
Methods of Phishing 3. Lobsterpot • Focuses on spoofed websites similar to corporate ones, targeting a narrowly defined class of victims. • Phisher places a weblink in the email which takes to a phony website or a pop-up window that looks exactly like the legitimate website. • Users enter their personal and financial information and hackers use to make purchases and steal identity. 4. Gillnet • Relies less on social engineering and more on the malicious code embedded in the emails and websites. • Visiting these sites might install trojan horse. • Malicious code may redirect legitimate request to look alike fake sites. • It might record key strokes and transmit to phishers.
Phishing Techniques 1. URL (weblink) manipulation 2. Filter evasion 3. Website forgery 4. Flash Phishing 5. Social Phishing 6. Phone Phishing • Phishers usually send millions of E-Mail messages, pop-up windows, etc., that appear to be looking official and legitimate.
Activity Have you heard of and used - Temporary email accounts?
Thank you.
Phishing Techniques 1. URL (weblink) manipulation • Instead of abcbank.com, abcbank1.com. • Difference of 1 or 2 characters in the URL. • Homograph attack – www.google.com and www.g00gle.com 2. Filter evasion • Use images instead of text to bypass anti phishing filters. • Build in features in browsers, enable it if it is disabled by default.
Phishing Techniques 3. Website forgery • Redirect users to website designed and developed by phisher. • When users login, their credentials are received by phisher. • Cloaked URL – domain forwarding, inserting control characters in the URL. 4. Flash Phishing • Anti-phishing tools do not check flash objects. • Phishers use flash to emulate real websites and users enter data in spite of anti-phishing tools installed.
Phishing Techniques 5. Social Phishing – Entice users to reveal information in a systematic manner. • Phisher sends a mail as if it is sent from a bank asking to call them because of security issue. • Victim’s call the number displayed in the email. • Fake number, and is redirected to phisher. • Phisher speaks like bank employee. • Gets the sensitive details. 6. Phone Phishing • Mishing, Vishing, Smishing. • Fake caller id to make it appear that the call is coming from a legitimate organization. • Users reveal personal information.
Spear Phishing • Traditional phishing involves sending emails to large number of people. • A method of sending a Phishing message to a particular organization / group of people to gain organizational information for more targeted social engineering. • Spear phishers send E-Mail that appears genuine to all. • It aims to gain access to a company’s entire computer network.
Spear Phishing • The message might look like as if it has come from your employer, or from a colleague who might send an E-Mail message to everyone in the company (such as the person who manages the computer systems); it could include requests for usernames or passwords.
Spear Phishing (Whaling) • A specific form of “Phishing” and/or “Spear Phishing” – targeting executives from the top management in the organizations, usually from private companies. • The objective is to swindle the executives into revealing confidential information. • Whaling targets C-level executives sometimes with the help of information gleaned through Spear Phishing, aimed at installing malware for keylogging or other backdoor access mechanisms.
Spear Phishing (Whaling) • E-Mails sent in the whaling scams are designed to masquerade as a critical business E-Mail sent from a legitimate business body and/or business authority. • Whaling phishers have also forged official looking FBI subpoena E-Mails and claimed that the manager needs to click a link and install special software to view the subpoena. • Whaling involves more extensive reconnaissance about the target.
Types of Phishing Scams 1. Deceptive Phishing 2. Malware-based Phishing 3. Keyloggers 4. Session hijacking 5. In-session Phishing 6. Web Trojans 7. Pharming 8. System reconfiguration attacks 9. Data theft 10. Content-injection Phishing 11. Man-in-the-middle Phishing 12. Search engine Phishing 13. SSL certificate Phishing
Types of Phishing Scams 1. Deceptive Phishing • Broadcast deceptive emails with the objective to steal identity. • Verify bank account / system failure / account changes / new free services / quick action. • Netizens enter information and fall prey. 2. Malware-based Phishing • Malicious code is used, email-attachment / downloadable file / exploiting security feature. • OS and anti-virus update. 3. Keyloggers • Malware embed keyloggers to track user input. • It can be a small browser entity like a plugin.
Types of Phishing Scams 4. Session hijacking • After connection is established using credential, malicious code takes control of the connection and perform transactions. 5. In-session Phishing • One-browsing session opening interfering and misusing another session say banking session. • Users feel that it is a Pop-up from bank session. 6. Web Trojans • Invisible pop-ups which gather information when user tries to login using browser. • Gather information and transmit to phisher.
Types of Phishing Scams 7. Pharming • Attacker exploits vulnerability in ISP DNS server and hijacks domain name. • Host file poisoning – Windows host file, poison and redirect the traffic to fake website (developed by phisher) which looks like real website. • DNS –based poisoning – Tampers with DNS so that he responds with fake address when a DNS request is sent to it. DNS hijacking. 8. System reconfiguration attacks • Modify setting in user’s computer for malicious purposes. • URL saved in bookmarks can be changed. • xyzbank.com to xyzbanc.com
Types of Phishing Scams 9. Data theft • Critical and confidential data is stolen. • Corporate servers and web are easy targets. • Unsecured systems are most vulnerable. • Widely used business espionage approach. • Sell the data and cause economic damage. 10. Content-injection Phishing • Replace part of content in a legitimate website with false content to mislead users into revealing personal information. • Malicious code to collect information from a legitimate website and send it to phisher. 11. Man-in-the-middle Phishing • Phishers positions himself between user and legitimate website/system. • Collect information transmitted between the systems and sell /misuse the data.
Types of Phishing Scams 12. Search engine Phishing • Create websites with attractive offers and have them indexed legitimately with search engine. • Mobile phones for less price, low interest credits, etc. • Search engine optimization – Maximizing traffic to a website so that the search engine places this website on the top. 13. SSL certificate Phishing • Targets web servers with SSL certificates to create a duplicitous website displaying similar lock icon. • SSL certificates are valid and belong to legitimate website and these are misused by phishers.
Thank you.
Types of Phishing Scams Distributed Phishing Attack (DPA) • An advanced form of phishing attack that works as per victim’s personalization of the location of sites collecting credentials and a covert transmission of credentials to a hidden coordination center run by the phisher. • A large number of fraudulent web hosts are used for each set of lured E-Mails. • Each server collects only a tiny percentage of the victim’s personal information.
Phishing Toolkits and Spy Phishing • Toolkit is a set of scripts/programs that allows a phisher to automatically set up phishing websites that looks like legitimate site. • Sold in the dark web. • Free phishing tools are do it yourself tools. These may contain backdoor to send phished information to someone other than the tool user. • Rock Phish – Allows a single website with multiple DNS names to host variety of phished pages. • Xrenoder Trojan Spyware – Resets homepage/search settings to other sites. • Cpanel Google – Modifies DNS entry in host’s file to point to its own website.
Phishing Countermeasures • The countermeasures prevent malicious attacks that phisher may target to gain the unauthorized access to the system to steal the relevant personal information about the victim, from the system. • It is always challenging to recognize/judge the legitimacy of a website while Googling. 1. Keep antivirus up to date 2. Do not click on hyperlinks in E-Mails 3. Take advantage of anti-Spam software 4. Verify https (SSL) 5. Use anti-spyware software 6. Get educated 7. Use Microsoft Baseline Security Analyzer 8. Firewall 9. Use backup system images 10. Do not enter sensitive or financial information into pop- up windows 11. Secure the hosts file 12. Protect against DNS Pharming attacks
Phishing Countermeasures (SPS Algorithm) • With Sanitizing Proxy System (SPS), web Phishing attack can be immunized by removing part of the content that entices the netizens into entering their personal information. • SPS sanitizes all HTTP responses from suspicious URLs with warning messages. • Phishing attack comprises two phases: • Attraction • Acquisition • Characteristics of SPS 1. Two-level filtering 2. Flexibility of the rule set 3. Simplicity of the filtering algorithm 4. Accountability of HTTP response sanitizing 5. Robustness against both misbehavior of novice users and evasion techniques
Phishing Countermeasures (SPS Algorithm) • Characteristics of SPS 1. Two-level filtering • Strict URL filtering and HTTP response sanitizing. 2. Flexibility of the rule set • Rule set as defined by the operator of SPS. 3. Simplicity of the filtering algorithm • 20 steps for implementation in existing browsers, plugins or firewalls. 4. Accountability of HTTP response sanitizing • Removes malicious HTTP headers/tags from HTTP responses. • Alert users. 5. Robustness against both misbehavior of novice users and evasion techniques • Built-in proxy can protect from all deceit cases of web spoofing.
Identity Theft • Fraud that involves someone pretending to be someone else to steal money or get other benefits. • The person whose identity is used can suffer various consequences when he/she is held responsible for the perpetrator’s actions. • Statistics as per Federal Trade Commission (FTC) 1. Credit card fraud (26%) 2. Bank fraud (17%) 3. Employment fraud (12%) 4. Government fraud (9%) 5. Loan fraud (5%)
Personally Identifiable Information (PII) • 4 variants: Personal, Personally, Identifiable, Identifying • Fraudsters attempts to steal the elements mentioned below: 1. Full name 2. National identification number (e.g., SSN) 3. Telephone and mobile phone numbers 4. Driver’s license number 5. Credit card numbers 6. Digital identity (e.g., E-Mail address, online account ID and password) 7. Birth date and Place name 8. birthplace 9. Face and fingerprints
Personally Identifiable Information (PII) •A fraudster generally searches the following about an individual: 1. First or last name 2. age 3. country, state or city of residence 4. gender 5. name of the school/college/workplace 6. job position, grades and/or salary 7. criminal record
Personally Identifiable Information (PII) •Types of Identity Theft 1. Financial identity theft 2. Criminal identity theft 3. Identity cloning 4. Business identity theft 5. Medical identity theft 6. Synthetic identity theft 7. Child identity theft
Personally Identifiable Information (PII) • Types of Identity Theft 1. Financial identity theft • 25 types - Bank, credit card, tax refund, mail fraud. • Name, SSN, bank account. • Recovery is expensive, time-consuming, psychologically painful. 2. Criminal identity theft • Taking over someone’s identity and committing crime. • Computer & cybercrimes, organized crimes, trafficking, money laundering. • Employer conducts a criminal background verification.
Personally Identifiable Information (PII) • Types of Identity Theft 3. Identity cloning • Clones compromise victim’s life by actually living and working as the victim at a different location. • May pay bills, get engaged, married and start a family. 4. Business identity theft • Fraudster rents a space in the same building as victim’s office. • Applies for corporate credit cards using victim firm’s name. • Business sensitive information (BSI) is info about the business, privileged in nature or proprietary information, if compromised, could cause serious damage. (Sensitive asset) • Masquerading business goods, IP theft.
Personally Identifiable Information (PII) •Types of Identity Theft 5. Medical identity theft • Medical records of patients get created who avail medical facility. • Protected health information (PHI) changing hands when multiple agencies are involved. (Medical representatives, health officers, doctors, medical insurance organizations, hospitals) • A man received medical services bill who had no health issues.
Personally Identifiable Information (PII) • Types of Identity Theft 6. Synthetic identity theft • Fraudster will take parts of personal information from many victims and combine them. • Not specific to any particular victim but can affect all victims. 7. Child identity theft • Parents using children’s identity to open credit card accounts, utility accounts, bank accounts, take loans because their credit history is insufficient.
Techniques of ID Theft 1. Human-based methods – Techniques used by attacker without or minimum use of technology • Direct access to information (who have gained trust and have access to buildings– House cleaners, babysitters, nurses, friends) • Dumpster diving (retrieving documents from trash bins) • Theft of a purse or wallet (credit cards, debit cards, DL, Insurance ID card) • Mail theft and rerouting (Steal postal mails from mailboxes) • Shoulder surfing (People in public loitering around near ATM, cybercafes) • False or disguised ATMs (Miniaturized equipment on a valid ATM) • Dishonest or mistreated employee (Access to personal files, salary info, confidential info) • Telemarketing and fake telephone calls (Vishing)
Techniques of ID Theft 2. Computer-based technique • Backup theft (Steal equipment from private buildings, public facilities) • Hacking, unauthorized access to systems and database theft (compromise information systems) • Phishing • Pharming (websites looking similar to legit site and domain is altered slightly, www.xyzbank.com to www.xyzbanc.com ) • Redirectors (Redirect users traffic to locations they did not intend to visit, infecting DNS server) • Hardware (Keystroke recording device)
Identity Theft: Countermeasures 1. Monitor your credit closely. 2. Keep records of your financial data and transactions. 3. Install security software. 4. Use an updated web browser. 5. Be wary of e-mail attachments and links in both email and instant messages. 6. Store sensitive data securely. 7. Shred documents. 8. Protect your PII. 9. Stay alert to the latest scams.
How to efface your online identity Tools that users can use to remove their usage footprints. 1. Anti tracks 2. Privacy eraser pro. 3. MyPrivacy 4. Web 2.0 suicide machine 5. Seppukoo
Thank you.

More Related Content

PPTX
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
GIRISHKUMARBC1
 
PPTX
Cyber Security(Password Cracking Presentation).pptx
VASUOFFICIAL
 
PDF
Unit 6_Introduction_Phishing_Password Cracking.pdf
KanchanPatil34
 
PPTX
Cyber Security # Lec 2
Kabul Education University
 
PPTX
05-Authentication.pptx Software Security
RahmathMohammed4
 
PPTX
Ethical Hacking justvamshi .pptx
vamshimatangi
 
PPT
Types of attack -Part2
SHUBHA CHATURVEDI
 
PPTX
attack vectors by chimwemwe.pptx
JenetSilence
 
Cyber Security Module 3.pptx Cybersecurity is the practice of protecting syst...
GIRISHKUMARBC1
 
Cyber Security(Password Cracking Presentation).pptx
VASUOFFICIAL
 
Unit 6_Introduction_Phishing_Password Cracking.pdf
KanchanPatil34
 
Cyber Security # Lec 2
Kabul Education University
 
05-Authentication.pptx Software Security
RahmathMohammed4
 
Ethical Hacking justvamshi .pptx
vamshimatangi
 
Types of attack -Part2
SHUBHA CHATURVEDI
 
attack vectors by chimwemwe.pptx
JenetSilence
 

Similar to module 3 of cybersecurity of first year students (20)

PPTX
Password Stealing & Enhancing User Authentication Using Opass Protocol
Prasad Pawar
 
PPTX
presentation_security_1510578971_320573.pptx
AadityaRauniyar1
 
PDF
Intruders
Dr.Florence Dayana
 
PPTX
Network security and firewalls
Murali Mohan
 
PPTX
How to hack or what is ethical hacking
baabtra.com - No. 1 supplier of quality freshers
 
PPT
Complete notes security
Kitkat Emoo
 
PPT
Internet Security
Mitesh Gupta
 
PDF
Computer security
Mahesh Singh Madai
 
PPTX
INFORMATION AND CYBER SECURITY
Nishant Pawar
 
PDF
Web security uploadv1
Setia Juli Irzal Ismail
 
PPTX
Enumeration and system hacking
begmohsin
 
PPT
1.hacking and its types for all types of attackers.ppt
RohitAhuja58
 
PPTX
Security Basics
Rishi Prasath
 
PPT
Introduction to ethical hacking
ankit sarode
 
PDF
What is ethical hacking and complete cyber security presentation on this file
AyushSrivastava673855
 
PDF
Network Security_4th Module_Dr. Shivashankar
Dr. Shivashankar
 
PPTX
Computer Security Presentation
PraphullaShrestha1
 
PPTX
building foundation for ethical hacking.ppt
ShivaniSingha1
 
PPT
Types of attack -Part3 (Malware Part -2)
SHUBHA CHATURVEDI
 
PDF
Introduction of hacking and cracking
Harshil Barot
 
Password Stealing & Enhancing User Authentication Using Opass Protocol
Prasad Pawar
 
presentation_security_1510578971_320573.pptx
AadityaRauniyar1
 
Intruders
Dr.Florence Dayana
 
Network security and firewalls
Murali Mohan
 
How to hack or what is ethical hacking
baabtra.com - No. 1 supplier of quality freshers
 
Complete notes security
Kitkat Emoo
 
Internet Security
Mitesh Gupta
 
Computer security
Mahesh Singh Madai
 
INFORMATION AND CYBER SECURITY
Nishant Pawar
 
Web security uploadv1
Setia Juli Irzal Ismail
 
Enumeration and system hacking
begmohsin
 
1.hacking and its types for all types of attackers.ppt
RohitAhuja58
 
Security Basics
Rishi Prasath
 
Introduction to ethical hacking
ankit sarode
 
What is ethical hacking and complete cyber security presentation on this file
AyushSrivastava673855
 
Network Security_4th Module_Dr. Shivashankar
Dr. Shivashankar
 
Computer Security Presentation
PraphullaShrestha1
 
building foundation for ethical hacking.ppt
ShivaniSingha1
 
Types of attack -Part3 (Malware Part -2)
SHUBHA CHATURVEDI
 
Introduction of hacking and cracking
Harshil Barot
 
Ad

More from MayuraD1 (20)

PPTX
Sentiment Analysis_ppt (1).pptx useful ppt
MayuraD1
 
PPTX
_major project final ppt (1).pptx important
MayuraD1
 
PPT
1111111111111111111111111111111111111111
MayuraD1
 
PPTX
Module1-Part2.pptx of social networks of PG
MayuraD1
 
PPTX
Unit 2.pptx of social networks of Mtech CNE
MayuraD1
 
PPT
wi-fi.ppt required for WAN subject for engineering
MayuraD1
 
PPT
Wireless & Mobile Communications_Third_unit.ppt
MayuraD1
 
PPTX
dimentionalityreduction-241109090040-5290a6cd.pptx
MayuraD1
 
PPTX
10asymmetrickeycryptographystudents-240406142312-cd71b097.pptx
MayuraD1
 
PPTX
Myppt1.pptx on ics subject for 6th semester
MayuraD1
 
PPT
feature-selection.ppt on machine learning
MayuraD1
 
PPTX
ppt for Module 5 cybersecuirty_023501.pptx
MayuraD1
 
PPTX
cyber security module 2 ppt of first year
MayuraD1
 
PPTX
Unit one of cybersecurity for first year students
MayuraD1
 
PPTX
Decision trees concept from Machine learning
MayuraD1
 
PPTX
Education Field for the composition function
MayuraD1
 
PPT
Support Vector machine in Machine learning course
MayuraD1
 
PDF
SDP_May2023:student developement program
MayuraD1
 
PDF
cyber_security_brochure details of workshop
MayuraD1
 
PPTX
DeepFakes presentation : brief idea of DeepFakes
MayuraD1
 
Sentiment Analysis_ppt (1).pptx useful ppt
MayuraD1
 
_major project final ppt (1).pptx important
MayuraD1
 
1111111111111111111111111111111111111111
MayuraD1
 
Module1-Part2.pptx of social networks of PG
MayuraD1
 
Unit 2.pptx of social networks of Mtech CNE
MayuraD1
 
wi-fi.ppt required for WAN subject for engineering
MayuraD1
 
Wireless & Mobile Communications_Third_unit.ppt
MayuraD1
 
dimentionalityreduction-241109090040-5290a6cd.pptx
MayuraD1
 
10asymmetrickeycryptographystudents-240406142312-cd71b097.pptx
MayuraD1
 
Myppt1.pptx on ics subject for 6th semester
MayuraD1
 
feature-selection.ppt on machine learning
MayuraD1
 
ppt for Module 5 cybersecuirty_023501.pptx
MayuraD1
 
cyber security module 2 ppt of first year
MayuraD1
 
Unit one of cybersecurity for first year students
MayuraD1
 
Decision trees concept from Machine learning
MayuraD1
 
Education Field for the composition function
MayuraD1
 
Support Vector machine in Machine learning course
MayuraD1
 
SDP_May2023:student developement program
MayuraD1
 
cyber_security_brochure details of workshop
MayuraD1
 
DeepFakes presentation : brief idea of DeepFakes
MayuraD1
 
Ad

Recently uploaded (20)

PDF
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
PDF
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
PPTX
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PDF
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
PPTX
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PDF
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
PPTX
Lesson notes of climatology university.
sgladness67
 
PDF
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
PPTX
master seminar digital applications in india
ananyaray35
 
PPTX
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
PDF
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
PDF
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
PDF
Classroom Observation Tools for Teachers
Nicaramirez
 
PPTX
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
PDF
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
PPTX
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
PDF
Sports Quiz easy sports quiz sports quiz
nikunj2757
 
PDF
RMMM.pdf make it easy to upload and study
sajedul2
 
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
Lesson notes of climatology university.
sgladness67
 
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
master seminar digital applications in india
ananyaray35
 
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
Classroom Observation Tools for Teachers
Nicaramirez
 
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
Sports Quiz easy sports quiz sports quiz
nikunj2757
 
RMMM.pdf make it easy to upload and study
sajedul2
 

module 3 of cybersecurity of first year students

  • 1. Cyber Security and Cyber Law Module 3: Tools and Methods used in Cybercrime Phishing and Identity Theft Gowtham R Naik The National Institute of Engineering
  • 2. Topics Tools and Methods Used in Cybercrime • Introduction • Proxy Servers and Anonymizers • Phishing, Password Cracking • Keyloggers and Spywares • Virus and Worms • Trojan Horses and Backdoors • DoS and DDoS Attacks • Attacks on Wireless Networks
  • 3. Introduction • As the Internet and computer networks are integral parts of information systems, attackers have in-depth knowledge about the technology and/or they gain thorough knowledge about it. • Various tools and techniques and complex methodologies used to launch attacks. • Network attack incidents reveal that attackers are often very systematic in launching their attacks.
  • 4. Introduction (Continued) • The basic stages of an attack are: 1. Initial uncovering 2. Network probe 3. Crossing the line toward electronic crime (E-crime) 4. Capturing the network 5. Grab the data 6. Covering tracks
  • 5. Introduction (Continued) 1. Initial uncovering • In the first step called as reconnaissance, the attacker gathers information, as much as possible, about the target by legitimate means. • Googling, public websites, news articles, press releases are used. • In the second step, the attacker uncovers as much information as possible on the company’s internal network. • Internet domain, machine names, IP ranges are identified.
  • 6. Introduction (Continued) 2. Network probe • Invasive technique to find more information. • A “ping sweep” of the network IP addresses is performed to seek out potential targets, and then a “port scanning” tool is used to discover exactly which services are running on the target system. • Attacker has done nothing that is considered as abnormal activity/intrusion on network.
  • 7. Introduction (Continued) 3. Crossing the line toward electronic crime (E-crime) • Now the attacker is toward committing what is technically a “computer crime” by exploiting possible holes on the target system. • Exploit possible holes in the system. • Programming errors can be exploited. CGI and Buffer overflow attacks. • Default logins, and attempt for admin/root access after gaining access.
  • 8. Introduction (Continued) 4. Capturing the network: • At this stage, the attacker attempts to “own” the network. The attacker gains a foothold in the internal network quickly and easily. • Tools to replace system files with Trojan files and services that have a backdoor password. • Hacking tools to remove log files and trace of intrusion. • Using backdoor, hackers can access the system later and carry out attacks on the entire network, next level attacks.
  • 9. Introduction (Continued) 5. Grab the data • Now that the attacker has “captured the network,” he/she takes advantage of his/her position to steal confidential data, customer credit card information, deface webpages, alter processes and even launch attacks at other sites from your network.
  • 10. Introduction (Continued) 6. Covering tracks • This is the last step in any cyberattack, which refers to the activities undertaken by the attacker to extend misuse of the system without being detected. • Attacker can go undetected for long periods.
  • 11. Proxy Servers and Anonymizers • Proxy server is a computer on a network which acts as an intermediary for connections with other computers on that network. • Attacker first connects to a proxy server and establishes a connection with target system. This helps attacker to browse anonymously. • A proxy server has following purposes: 1. Keep the systems behind the curtain. 2. Speed up access to a resource (through “caching”). 3. Specialized proxy servers are used to filter unwanted content such as advertisements. 4. Proxy server can be used as IP address multiplexer to enable to connect number of computers on the Internet, whenever one has only one IP address.
  • 13. Proxy Servers and Anonymizers (Continued) • Advantage of proxy server is that its cache memory can serve all users. Same website being requested by different users, this will improve response time. Cache servers. • An anonymizer or an anonymous proxy is a tool that attempts to make activity on the Internet untraceable. • It accesses the Internet on the user’s behalf, protecting personal information by hiding the source computer’s identifying information. • Web surfing through website which acts as a proxy server for web client. • Anonymizer hides/removes all the identifying information from a user’s computer, ensures privacy of the user.
  • 14. Phishing • Phishing is a fake or false e-mail which can infect systems within addition to stealing personal and financial data. • How Phishing Works? Phishers work in the following ways: 1. Planning (decide the target) 2. Setup (create methods for delivering the message and to collect the data about the target), 3. Attack (phisher sends a phony message), 4. Collection (record the information of victims) 5. Identity theft and fraud (use the information that they have gathered to make illegal purchases or commit fraud)
  • 16. Password Cracking • Password cracking is a process of recovering passwords from data that have been stored in or transmitted by a computer system. • Purpose of password cracking • To recover a forgotten password. • To check password strength by system administrators. • To gain unauthorized access. • Manual password cracking • Find a valid user account (admin, guest) • Create a list of possible passwords. • Rank the passwords from high to low probability. • Key-in each password. • Try again until successful.
  • 17. Password Cracking (Continued) • Examples of guessable passwords include: 1. Blank (none); 2. the words like “password,” “passcode” and “admin”; 3. series of letters from the “QWERTY” keyboard, for example, qwerty, asdf or qwertyuiop; 4. user’s name or login name; 5. name of user’s friend/relative/pet; 6. user’s birthplace or date of birth, or a relative’s or a friend’s; 7. user’s vehicle number, office number, residence number or mobile number; 8. name of a celebrity who is an idol (e.g., actors, actress, spiritual gurus) by the user; 9. simple modification of one of the preceding, such as suffixing a digit, particularly 1, or reversing the order of letters.
  • 18. Password Cracking (Continued) • Attackers create script file which will be executed to try each password in a list. Even this is time consuming. • Passwords are stored in a DB and password verification is done when user attempts to access. • To maintain confidentiality, passwords are not stored in clear text. Hashing/Encryption. • Password cracking attacks can be classified under three categories as follows: 1. Online attacks; 2. offline attacks; 3. non-electronic attacks (e.g., social engineering, shoulder surfing and dumpster diving).
  • 20. Password Cracking (Continued) • Online Attacks • Automated scripts to try all password. • The most popular online attack is man-in- the middle (MITM) attack, also termed as “bucket-brigade attack” or sometimes “Janus attack.” • It is a form of active eavesdropping in which the attacker establishes a connection between a victim and the server to which a victim is connected.
  • 22. Password Cracking (Continued) • Offline Attacks • Location is other than the target location. • Offline attacks usually require physical access to the computer and copying the password file from the system onto removable media. • Types of offline attacks • Dictionary attack (Admin) • Hybrid attack (Adm1n) • Brute force attack (Admin@09)
  • 25. Password Cracking Strong, Weak and Random Passwords Weak password • A weak password is one, which could be easily guessed, short, common and a system default password that could be easily found by executing a brute force attack and by using a subset of all possible passwords. • Can each one of you give at least one sample weak password?
  • 26. Password Cracking Strong, Weak and Random Passwords Strong password • A strong password is long enough, random or otherwise difficult to guess – producible only by the user who chooses it. • Can each one of you give at least one sample strong password?
  • 27. Password Cracking Strong, Weak and Random Passwords • Random Password • Password is stronger if it includes a mix of upper and lower case letters, numbers and other symbols, when allowed, for the same number of characters. • The difficulty of the password will make the user to write it down somewhere which the password vulnerable. • Pseudorandom passwords – It follows some pattern. • System generated password and password aging.
  • 28. Password Cracking Strong, Weak and Random Passwords • Random Password - The general guidelines applicable to the password policies are: 1. Passwords and user IDs must be unique to each user. 2. Minimum of 8 alphanumeric characters. 3. Password rules and periodic testing to identify password weakness. 4. Private and must not be shared with anyone, not to be coded or written anywhere. 5. Must be changed in 30/45 days, automatic expiration, prevent reusing password. 6. Freezing accounts after 5 failed logins, record in log, audit log and take action. 7. Session must be suspended after 15 minutes of inactivity. 8. Display date and time of last login. 9. Accounts must be suspended if not used for a long duration. 10. High risk systems, alarm for excessive violations, let the personal continue with the session while personnel investigate alarm.
  • 29. Password Cracking Strong, Weak and Random Passwords • Netizens should follow password guidelines: 1. Password for business, personal, banking account must be different. 2. Should be minimum 8 alphanumeric characters. 3. Should be changed every 30/45 days. 4. Should not be shared with anyone. 5. While renewing passwords, old passwords should not be used. 6. Passwords must be changed using secure systems if accessed using public systems. 7. Should not be stored on mobile devices etc, which are vulnerable to cyber attacks. 8. Check legitimacy of the email before clicking on the hyperlinks (Bank email) 9. Check legitimacy of the SMS before following the instructions. 10. If hacked, respective agencies must be informed immediately.
  • 30. Keyloggers and Spywares • Keystroke logging- practice of noting (or logging) the keys struck on a keyboard. • Keystroke logger or keylogger is quicker and easier way of capturing the passwords and monitoring the victims’ IT savvy behaviour. • It can be classified as software keylogger and hardware keylogger.
  • 31. Keyloggers and Spywares (Continued) Software Keyloggers • Software keyloggers are software programs installed on the computer systems which usually are located between the OS and the keyboard hardware, and every keystroke is recorded. • They are installed by Trojans and viruses without the knowledge of the user. • Insecure computers systems in public places. • A keylogger usually consists of two files in a directory: a dynamic link library (DLL) file and an Executable (EXE) file that installs the DLL file and triggers it to work.
  • 32. Keyloggers and Spywares (Continued) Hardware Keyloggers • Hardware keyloggers are small hardware devices connected to the PC and/or to the keyboard and save every keystroke into a file or in the memory of the hardware device. • These keyloggers look like an integrated part of such systems; hence, bank customers are unaware of their presence. • Keyloggers in ATM.
  • 33. Keyloggers and Spywares (Continued) • Anti-keylogger • Anti-keylogger is a tool that can detect the keylogger installed on the computer system and also can remove the tool. • Advantages are: 1. Firewalls cannot detect the installations of keyloggers on the systems; hence, anti-keyloggers can detect installations of keylogger. 2. This software does not require regular updates of signature bases to work effectively such as other antivirus and anti-spy programs. 3. Prevents Internet banking frauds. 4. It prevents ID theft. 5. It secures E-Mail and instant messaging/chatting.
  • 34. Keyloggers and Spywares (Continued) • Spywares • Spyware is malicious software secretly installed on the user’s personal computer. • Spywares such as keyloggers are installed by the owner of a shared, corporate or public computer on purpose to secretly monitor other users. • Collect personal information, internet browsing data and redirect browsing data. • Change settings resulting in slow Internet speed. • Anti-spyware software are available in the market.
  • 35. Viruses and Worms • Computer virus is a program that can “infect” legitimate programs by modifying them to include a possibly “evolved” copy of itself. • Spreads like biological viruses spread from one person to another. • Viruses may contain malicious instructions (cause damage, annoyance) and can spread without visible symptoms. • It can start event-driven effects, time-driven effects, or could be random.
  • 36. Viruses and Worms (Continued) • Viruses can take some typical actions: 1. Display a message to prompt an action which may set of the virus; 2. delete files inside the system into which viruses enter; 3. scramble data on a hard disk; 4. cause erratic screen behaviour; 5. halt the system (PC); 6. just replicate themselves to propagate further harm.
  • 37. Viruses and Worms (Continued) • The term virus is erroneously used to refer to other types of malware, adware, spyware that may not spread. • A true virus can spread from one system to another. • A worm spread itself automatically to other computers through networks by exploiting security vulnerabilities. • Trojan is a code/program that appears to be harmless but hides malicious functions.
  • 43. Viruses and Worms (Types of Viruses) • Computer viruses can be categorized based on attacks on various elements of the system and can put the system and personal data on the system in danger. 1. Boot sector viruses • Infects storage media where OS is stored. First sector is BOOT and it carries Master Boot Record (MBR). • MBR reads and loads OS, enables system to start through OS. • Spreads through shared infected disks and pirated software. 2. Program viruses • Becomes active when program file (.bin, .com, .exe, .ovl, .drv) is executed. • Makes copies of itself and infects other programs.
  • 44. Viruses and Worms- Types of Viruses (Continued) 3. Multipartite viruses • Hybrid of boot sector and program virus. • Infects program files and boot files when infected. 4. Stealth viruses • It camouflages or masks itself and detecting this type of virus is difficult. • Anti virus cannot detect it. • Alters file size and conceals itself to be hidden in the system. • Good anti-virus can detect these kind of viruses.
  • 45. Viruses and Worms- Types of Viruses (Continued) 5. Polymorphic viruses • Acts like chameleon and changes virus signature every time it spreads through the system. • Polymorphic generators – Routines that can be linked with existing viruses, they are not viruses but they hide actual viruses. 6. Macroviruses • Microsoft word and excel support macros. • Macros are embedded in a document. • Macroviruses infect every document opened by the user. • Updated anti-virus can detect these.
  • 46. Viruses and Worms- Types of Viruses (Continued) 7. Active X and Java Control • Web browsers have Active X and Java Control options. • Enabling and disabling pop-ups, downloading files and sound which invites threats for computer system. • Viruses have various aspects: • Attacks specific file types. • Manipulates a program to execute tasks unintentionally. • Infected program produces more viruses. • Infected program may run without error for a long time. • Modify themselves and may escape detection.
  • 47. Trojan Horses and Backdoors (Continued) • Trojan Horse is a program in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and cause harm. • Trojans can get into the system in a number of ways, including from a web browser, via E-Mail or in a bundle with other software downloaded from the Internet. • Unlike viruses or worms, Trojans do not replicate themselves but they can be equally destructive. • On the surface, Trojans appear benign and harmless, but once the infected code is executed, Trojans kick in and perform malicious functions to harm the computer system without the user’s knowledge.
  • 48. Trojan Horses and Backdoors (Continued) • Waterfalls.scr is a waterfalls screensaver can contain hidden malware and infect PCs. • Threats by Trojan are 1. Erase, overwrite or corrupt data on a computer. 2. Help to spread other malware. 3. Deactivate or interfere with anti-virus software. 4. Allow remote access to your computer. 5. Upload and download files without your knowledge. 6. Gather email addresses and use them for spam. 7. Log keystrokes to steal information. 8. Copy fake links to false websites, display porno sites, play sounds/videos. 9. Slow down, restart or shutdown the system. 10. Reinstall themselves after being disabled. 11. Disable task manager. 12. Disable control panel.
  • 49. Trojan Horses and Backdoors (Continued) Backdoor • A backdoor is a means of access to a computer program that bypasses security mechanisms. • A programmer may sometimes install a backdoor so that the program can be accessed for troubleshooting or other purposes. • An attackers often use backdoors that they detect or install themselves as part of an exploit. • In some cases, a worm is designed to take advantage of a backdoor created by an earlier attack.
  • 50. Trojan Horses and Backdoors (Continued) Backdoor (Continued) • They are hidden and work in background. • What a Backdoor does? Its function are: 1. Allows an attacker to create, delete, rename, copy or edit any file, execute commands, change settings, alter registry, run, control and terminate programs. 2. Allows attacker to take control of the hardware devices, shutdown and restart computers. 3. Steal sensitive information, credentials, log user activity and tracks browsing data. 4. Records keystrokes and captures screenshots. 5. Sends all the gathered information to predefined email address, uploads data to FTP server.
  • 51. Trojan Horses and Backdoors (Continued) Backdoor (Continued) 6. Infects files, corrupts applications and damages entire system. 7. Distributes infected files to computer with vulnerabilities. 8. Installs hidden FTP servers for illegal activities. 9. Degrades internet connection speed and overall system performance. 10. Provides no uninstall feature and hides processes, files to complicate removal process.
  • 52. Trojan Horses and Backdoors (Continued) How to Protect from Trojan Horses and Backdoors 1. Stay away from suspect websites/weblinks • Avoid downloading from free / pirated software. 2. Surf on the Web cautiously • Avoid downloading from peer-to-peer networks. • Enable spam filters. 3. Install antivirus/Trojan remover software • Anti-virus work against viruses, trojans, malware, etc. • Free trojan remover programs are available.
  • 54. Activity • Hide a secret information in a image using Steganography technique.
  • 56. DoS and DDoS Attacks • A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. • DoS Attacks • The attacker floods the bandwidth of the victim’s network or fills his E-Mail box with Spam mail depriving him of the services he is entitled to access or provide. • Targets high-profile sites such as banks, payment gateways, mobile phone networks, name servers, etc.
  • 57. DoS and DDoS Attacks • DoS Attacks (Continued) • IP address is spoofed – source IP address is changed to hide the actual IP or to impersonate other system. • Victim keeps waiting for response for each request.
  • 58. DoS and DDoS Attacks • DoS Attacks (Continued) • US Computer Emergency Response Team defined symptoms of DoS attacks • Unusually slow network performance. • Unavailability of a particular website. • Inability to access any website. • Dramatic increase in the number of Spam Emails received.
  • 59. DoS and DDoS Attacks • DoS Attacks (Continued) • The goal of DoS is not to gain unauthorized access to systems or data, but to prevent intended users (i.e., legitimate users) of a service from using it. 1. Flood a network with traffic, thereby preventing legitimate network traffic. 2. Disrupt connections between two systems, thereby preventing access to a service. 3. Prevent a particular individual from accessing a service. 4. Disrupt service to a specific system or person.
  • 60. DoS and DDoS Attacks Classification of DoS Attacks 1. Bandwidth Attacks • Each website is given a limited bandwidth (say 50 Gb), users load 100 pages of the site and reload it to consume all the available bandwidth. 2. Logic Attacks • Vulnerabilities in network software such as web server or TCP/IP stack. 3. Protocol Attacks • Exploit specific features or implementation bug of some protocol. 4. Unintentional DoS attack • Sudden spike in the popularity.
  • 61. DoS and DDoS Attacks Types or Levels of DoS Attacks 1. Flood attack • Ping flood. • Uses PING command. • Attacker must have faster connection than victim. • Complete prevention is difficult. 2. Ping of death attack • Oversized ICMP packets. • Max size is 65,536 octets. • Upon receiving system may crash, freeze and reboot – unavailable.
  • 62. DoS and DDoS Attacks Types or Levels of DoS Attacks (Continued) 3. SYN attack • TCP SYN Flooding. • Client to server – SYN, Server to client – SYN- ACK, client should respond to this but intentionally ignores this. • Server reserves memory for client’s pending connection and waits. • This fills buffer preventing access to legitimate clients.
  • 64. DoS and DDoS Attacks Types or Levels of DoS Attacks (Continued) 4. Teardrop attack • TCP/IP fragmentation reassembly code bug. • Fragmented packets are forged to overlap each other when the receiving host tries to reassemble them. • Older versions of windows and Linux were vulnerable to this attack. 5. Smurf Attack • Generate significant computer network traffic on a victim’s network. • Host sends a ICMP request to a network broadcast address. • All devices respond to this and the target network/node receives response from all the devices creating huge traffic.
  • 65. DoS and DDoS Attacks Types or Levels of DoS Attacks (Continued) 6. Nuke • Fragmented or corrupt ICMP packets to target. • A string of out-of-band data was sent to TCP port 139 causing blue screen of death. • Target machine slows down and eventually shuts down.
  • 66. DoS and DDoS Attacks Tools used to Launch DoS Attack • Jolt2 – Processing illegal packets. • Nemesy – random packets of spoofed source IP address. • Targa – 8 different types of DoS attacks. • Crazy pinger – Large number of ICMP packets to a remote target network. • SomeTrouble – Remote flooder and bomber.
  • 67. DoS and DDoS Attacks DDoS Attacks • In a DDoS attack, an attacker may use your computer to attack another computer. • By taking advantage of security vulnerabilities or weaknesses, an attacker could take control of your computer. • He/she could then force your computer to send huge amounts of data to a website or send Spam to particular E-Mail addresses. • A DDoS attack is a distributed DoS wherein a large number of zombie systems are synchronized to attack a particular system. The zombie systems are called “secondary victims” and the main target is called “primary victim.”
  • 68. DoS and DDoS Attacks DDoS Attacks (Continued) • DDoS attacks involves hardcoding the target IP address prior to release of the malware, hence no further interaction is necessary to launch the attack. • A system may also be compromised with a Trojan, allowing the attacker to download a zombie agent.
  • 69. DoS and DDoS Attacks How to protect from DoS/DDoS attacks 1. Implement router filters. 2. If such filters are available for your system, install patches to guard against TCP SYN flooding. 3. Disable any unused or inessential network service. 4. Enable quota systems on your OS if they are available. 5. Observe your system’s performance and establish baselines for ordinary activity 6. Routinely examine your physical security with regard to your current needs.
  • 70. DoS and DDoS Attacks How to protect from DoS/DDoS attacks (Continued) 7. Use Tripwire or a similar tool to detect changes in configuration information or other files. 8. Invest in and maintain “hot spares” – machines that can be placed into service quickly if a similar machine is disabled. 9. Invest in redundant and fault-tolerant network configurations. 10. Establish and maintain regular backup schedules and policies, particularly for important configuration information. 11. Establish and maintain appropriate password policies, especially access to highly privileged accounts such as Unix root or Microsoft Windows NT Administrator.
  • 71. Additional Reading How did FBI trick criminals into using an app? https://www.bbc.com/news/world -57394831
  • 73. Attacks on Wireless Networks • Even when people travel, they still need to work. • The employee is no longer tied to an office location and is, in effect, “boundaryless.” • The following are different types of “mobile workers”: 1. Tethered/remote worker 2. Roaming user 3. Nomad 4. Road warrior
  • 74. Attacks on Wireless Networks (Continued) 1. Tethered/remote worker • Remains at a single point of work but is remote to the central company systems. 2. Roaming user • Who works in an environment or in multiple areas. 3. Nomad • Employees in hotel rooms and other semi- tethered environments. 4. Road warrior • Ultimate mobile user, spends little time in office. Needs regular access to data and function on the move.
  • 75. Attacks on Wireless Networks (Continued) • Wireless networks extend the range of traditional wired networks by using radio waves to transmit data to wireless-enabled devices such as laptops and PDAs. • Wireless networks are generally composed of two basic elements: a) access points (APs) b) other wireless-enabled devices, such as laptops radio transmitters and receivers to communicate or “connect” with each other.
  • 76. Attacks on Wireless Networks (Continued)
  • 78. Attacks on Wireless Networks (Continued) • Important Components of wireless network (other than routers, hubs and firewalls) 1. 802.11 networking standard • Family of WLANs. • 802.11a – 54 Mbps in 5 GHz band uses orthogonal frequency division multiplexing (OFDM). • 802.11b - 11 Mbps in 2.4 GHz band – “Wi-Fi Standard”. • 802.11g – 54 Mbps in 2.4 GHz band using OFDM. • 802.11n – Multiple-input multiple-output (MIMO), 140 Mbps. • 802.15 – Bluetooth technology. • 802.16 – WiMax, Wireless Metropolitan Area Networks.
  • 79. Attacks on Wireless Networks (Continued) 2. Access points • Hardware/Software that acts as transmitter and receiver of WLAN radio signals. • Connects to wired LAN. 3. Wi-Fi hotspots • Free Wi-Fi hotspots – Public places, free of cost, click and connect, no authentication, Vulnerable to cyber attacks. • Commercial hotspots – Authentication, payment to avail services, Airports, Business hotels, VPNs for secure access. 4. Service set identifier (SSID) • Name of the 802.11i WLAN and all wireless devices must use same name to communicate. • Administrator/User sets a SSID (can be 32 characters long). • Turn off SSID broadcast, force manual entering of SSID.
  • 80. Attacks on Wireless Networks (Continued) 5. Wired equivalence privacy (WEP) • Safety matching the Ethernet standard, 802.11i in 1997. 6. Wi-Fi protected access (WPA and WPA2) • In 2001, serious vulnerabilities were found in WEP. • WPA was introduced as a interim standard to replace WEP. • WPA2 – approved Wi-Fi alliance interoperable implementation of 802.11i. • WPA2- uses AES.
  • 81. Attacks on Wireless Networks (Continued) 7. Media access control (MAC) • Unique identifier of each node of the network and is assigned by manufacturer of NIC. • MAC filtering – Only matching devices gets access – done through Router. • MAC address Spoofing. • New device – MAC address must added manually.
  • 82. Attacks on Wireless Networks (Continued) • Traditional Techniques of Attacks on Wireless Networks • Penetration of a wireless network through unauthorized access is termed as wireless cracking. • There are various methods that demand high level of technological skill and knowledge, and availability of numerous software tools made it less sophisticated with minimal technological skill to crack WLANs. • Sniffing • Spoofing • Denial of service (DoS) • Man-in-the-middle attack (MITM) • Encryption cracking
  • 83. Attacks on Wireless Networks (Continued) • Traditional Techniques of Attacks on Wireless Networks 1. Sniffing • Eavesdropping on network. • Intercept wireless data in unsecured network. • Attacker installs sniffers to conduct following activities. • Passive scanning of wireless network. • Detection of SSID. • Collecting the MAC address. • Collecting the frames to crack WEP.
  • 84. Attacks on Wireless Networks (Continued) 2. Spoofing • Masquerade the identity by falsifying data. • Create a new network, with same SSID in the same area. • Computers automatically connect to this new strong network. • MAC address spoofing – Change the assigned MAC address to a different one, by-passes ACL by impersonating others. • IP Spoofing – Process of creating IP packets with a forged IP address, to conceal identity or impersonate other user. • Frame spoofing – Injects frames whose content is carefully spoofed and are valid as per 802.11 specifications, these are not authenticated in 802.11 networks . 3. Denial of service (DoS)
  • 85. Attacks on Wireless Networks (Continued) 4. Man-in-the-middle attack (MITM) • Attacker A inserts between the communication of X and Y with the knowledge of X and Y. • All messages between X and Y goes through A. • Can simply observe or can even make modifications to messages. 5. Encryption cracking • WPA encryption for protection. • Older encryption techniques are vulnerable and may be exploited. • Long and highly randomized encryption key making it extremely difficult to crack.
  • 86. Attacks on Wireless Networks (Continued) • Theft of Internet Hours and Wi-Fi-based Frauds and Misuses • Wireless network into homes enables the Internet on the finger tip of home users. • Plug and play features of wireless networks. • In case, unfortunately, he/she visits a malicious webpage, the router is exposed for an attack. • As the networks become stronger and more prevalent, more of the signals are available outside the home of the subscriber, spilling over into neighbor’s apartments, hallways and the street.
  • 87. Attacks on Wireless Networks (Continued) • Theft of Internet Hours and Wi-Fi-based Frauds and Misuses • Is stealing wireless network illegal? • Connecting to a wireless network among the different available networks is not illegal. • Making efforts to intentionally move to a particular location, connect to a network and carry out unwanted activities in illegal. • Be careful with use of WAPs; when you are using a WAP to gain access to computer on a network • be aware of the local laws/legislations where you are doing it because things can become dangerous from security and privacy as well legal perspective.
  • 88. Attacks on Wireless Networks (Continued) • How to Secure the Wireless Networks • Following summarized steps will help to improve and strengthen the security of wireless network: 1. Change the default settings of all the equipment /components of wireless network (e.g., IP address/ user IDs/administrator passwords, etc.). 2. Enable WPA/WEP encryption. 3. Change the default SSID. 4. Enable MAC address filtering. 5. Disable remote login. 6. Disable SSID broadcast. 7. Disable the features that are not used in the AP (e.g., printing/music support).
  • 89. Attacks on Wireless Networks (Continued) 8. Avoid providing the network a name which can be easily identified (e.g., My_Home_Wifi ). 9. Connect only to secured wireless network (i.e., do not auto connect to open Wi-Fi hotspots). 10. Upgrade router’s firmware periodically. 11. Assign static addresses to devices. 12. Enable firewalls on each computer and the router. 13. Position the router or AP safely. 14. Turn off the network when not in use. 15. Monitor wireless network security periodically.
  • 90. Chapter 2: Phishing and Identity Theft • Introduction • Phishing • Methods of Phishing • Phishing techniques • Spear phishing • Types of phishing scams • Phishing toolkits and spy phishing • Phishing countermeasures • Identity Theft (ID Theft) • PII • Types of Identity Theft • Techniques of ID Theft • Countermeasures • How to efface online identity
  • 92. Phishing and Identity Theft- Introduction • Phishing is one of the methods of enticing users to reveal their personal information - Identify. • Identity theft involves unauthorized access to personal data. • Indian IT Act Section 66C – Misuse of identity - 3 years of imprisonment or one lakh fine. • Indian IT Act Section 66D – Cheating using communication device - 3 years of imprisonment or one lakh fine. • Phishing is the use of social engineering attacks to trick users into revealing confidential information.
  • 93. Phishing and Identity Theft- Introduction • Phishing attacks are on the rise in Asia, Europe and North America. • Europe is the dominant source of Phishing E- mails. • US, India and China are the most targeted countries. • Financial organizations, payment services and auction websites were the most targeted industry. • Port 80, 443 and 8080 are the most popular ports among the phishing attacks.
  • 94. Phishing • Definitions • Criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as trustworthy entity in an electronic communication. • Act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for ID theft. • Scam to steal valuable information such as credit card and social security numbers, user IDs and password. Brand spoofing. • In summary, Phishing is a type of deception to steal your identity. • Emails is the popular medium used in the phishing attack. These are known as spam emails.
  • 95. Phishing (Spam E- Mails) • Junk E-mails – Nearly identical emails sent to numerous recipients. • Botnets are used for sending spams and they account to 80% of spams. • Types of Spam are: UBE and UCE. • Unsolicited bulk E-Mail – unsolicited emails sent in large quantities. • Unsolicited commercial E-Mail - unsolicited emails sent in large quantities from commercial perspective. • Spam E-Mails forge organizations such as: • HSBC, Common Wealth Bank – International banks having large customer base. • eBay – Auction site. • Amazon – Top brands. • Facebook – Social networking sites.
  • 96. Phishing (Spam E- Mails) • Tactics used by a phisher • Names of legitimate organizations (Create phony company, use company’s name, look and feel of company site in Spam) • “From” a real employee (Real name of an official, if users check official company website, they will find the same name) • URLs that “look right” (Spoofed sites, selected pages of legitimate site) • Urgent messages (Fear to trigger a response, “No longer be able to access account”) • Phrases used to entice the user • “Verify your account” • “You have won the lottery” • “If you don’t respond within 48 hours, your account will be closed”
  • 97. Phishing (Spam E- Mails) • Ways to reduce the amount of Spam E-mails: 1. Share personal email id with limited people on public websites, more it is exposed, more spam will be sent. 2. Never reply or open spam email. 3. Disguise the email address on public website spelling “@” and “.” narenderATnieDOTacDOTin instead of narender@nie.ac.in 4. Use alternate email ids for personal work, don’t use business email addresses everywhere. 5. Do not forward any emails from unknown recipients. 6. Preview an email before opening it. 7. Never use email addresses as screen names in chat groups or rooms. 8. Never respond to a spam email asking to remove your email address from the mailing list.
  • 98. Phishing (Hoax E- Mails) • Deliberate attempt to deceive or trick user into believing or accepting that something is real, when it is actually false. • It may or may not be spam. • Difficult to recognize whether an email is a spam or hoax. • Websites to check if it is hoax. • Breakthechain.org • Hoaxbusters.org
  • 99. Methods of Phishing 1. Dragnet 2. Rod-and-reel 3. Lobsterpot 4. Gillnet
  • 100. Methods of Phishing 1. Dragnet • Use of spammed emails, bearing falsified corporate identification, addressed to a large group of people to websites or pop-up windows. • Phishers do not identify victims in advance and rely on the false information included in the email. • Requested to enter bank or credit card account data or other personal data. 2. Rod and reel • Identify specific prospective victims in advance, and convey false information to them to prompt their disclosure of personal and financial data. • Phony webpages for an item for which the user may be searching for. Attract them by giving better deals. • Victim’s visit these sites and provide personal and financial information.
  • 101. Methods of Phishing 3. Lobsterpot • Focuses on spoofed websites similar to corporate ones, targeting a narrowly defined class of victims. • Phisher places a weblink in the email which takes to a phony website or a pop-up window that looks exactly like the legitimate website. • Users enter their personal and financial information and hackers use to make purchases and steal identity. 4. Gillnet • Relies less on social engineering and more on the malicious code embedded in the emails and websites. • Visiting these sites might install trojan horse. • Malicious code may redirect legitimate request to look alike fake sites. • It might record key strokes and transmit to phishers.
  • 102. Phishing Techniques 1. URL (weblink) manipulation 2. Filter evasion 3. Website forgery 4. Flash Phishing 5. Social Phishing 6. Phone Phishing • Phishers usually send millions of E-Mail messages, pop-up windows, etc., that appear to be looking official and legitimate.
  • 103. Activity Have you heard of and used - Temporary email accounts?
  • 105. Phishing Techniques 1. URL (weblink) manipulation • Instead of abcbank.com, abcbank1.com. • Difference of 1 or 2 characters in the URL. • Homograph attack – www.google.com and www.g00gle.com 2. Filter evasion • Use images instead of text to bypass anti phishing filters. • Build in features in browsers, enable it if it is disabled by default.
  • 106. Phishing Techniques 3. Website forgery • Redirect users to website designed and developed by phisher. • When users login, their credentials are received by phisher. • Cloaked URL – domain forwarding, inserting control characters in the URL. 4. Flash Phishing • Anti-phishing tools do not check flash objects. • Phishers use flash to emulate real websites and users enter data in spite of anti-phishing tools installed.
  • 107. Phishing Techniques 5. Social Phishing – Entice users to reveal information in a systematic manner. • Phisher sends a mail as if it is sent from a bank asking to call them because of security issue. • Victim’s call the number displayed in the email. • Fake number, and is redirected to phisher. • Phisher speaks like bank employee. • Gets the sensitive details. 6. Phone Phishing • Mishing, Vishing, Smishing. • Fake caller id to make it appear that the call is coming from a legitimate organization. • Users reveal personal information.
  • 108. Spear Phishing • Traditional phishing involves sending emails to large number of people. • A method of sending a Phishing message to a particular organization / group of people to gain organizational information for more targeted social engineering. • Spear phishers send E-Mail that appears genuine to all. • It aims to gain access to a company’s entire computer network.
  • 109. Spear Phishing • The message might look like as if it has come from your employer, or from a colleague who might send an E-Mail message to everyone in the company (such as the person who manages the computer systems); it could include requests for usernames or passwords.
  • 110. Spear Phishing (Whaling) • A specific form of “Phishing” and/or “Spear Phishing” – targeting executives from the top management in the organizations, usually from private companies. • The objective is to swindle the executives into revealing confidential information. • Whaling targets C-level executives sometimes with the help of information gleaned through Spear Phishing, aimed at installing malware for keylogging or other backdoor access mechanisms.
  • 111. Spear Phishing (Whaling) • E-Mails sent in the whaling scams are designed to masquerade as a critical business E-Mail sent from a legitimate business body and/or business authority. • Whaling phishers have also forged official looking FBI subpoena E-Mails and claimed that the manager needs to click a link and install special software to view the subpoena. • Whaling involves more extensive reconnaissance about the target.
  • 112. Types of Phishing Scams 1. Deceptive Phishing 2. Malware-based Phishing 3. Keyloggers 4. Session hijacking 5. In-session Phishing 6. Web Trojans 7. Pharming 8. System reconfiguration attacks 9. Data theft 10. Content-injection Phishing 11. Man-in-the-middle Phishing 12. Search engine Phishing 13. SSL certificate Phishing
  • 113. Types of Phishing Scams 1. Deceptive Phishing • Broadcast deceptive emails with the objective to steal identity. • Verify bank account / system failure / account changes / new free services / quick action. • Netizens enter information and fall prey. 2. Malware-based Phishing • Malicious code is used, email-attachment / downloadable file / exploiting security feature. • OS and anti-virus update. 3. Keyloggers • Malware embed keyloggers to track user input. • It can be a small browser entity like a plugin.
  • 114. Types of Phishing Scams 4. Session hijacking • After connection is established using credential, malicious code takes control of the connection and perform transactions. 5. In-session Phishing • One-browsing session opening interfering and misusing another session say banking session. • Users feel that it is a Pop-up from bank session. 6. Web Trojans • Invisible pop-ups which gather information when user tries to login using browser. • Gather information and transmit to phisher.
  • 115. Types of Phishing Scams 7. Pharming • Attacker exploits vulnerability in ISP DNS server and hijacks domain name. • Host file poisoning – Windows host file, poison and redirect the traffic to fake website (developed by phisher) which looks like real website. • DNS –based poisoning – Tampers with DNS so that he responds with fake address when a DNS request is sent to it. DNS hijacking. 8. System reconfiguration attacks • Modify setting in user’s computer for malicious purposes. • URL saved in bookmarks can be changed. • xyzbank.com to xyzbanc.com
  • 116. Types of Phishing Scams 9. Data theft • Critical and confidential data is stolen. • Corporate servers and web are easy targets. • Unsecured systems are most vulnerable. • Widely used business espionage approach. • Sell the data and cause economic damage. 10. Content-injection Phishing • Replace part of content in a legitimate website with false content to mislead users into revealing personal information. • Malicious code to collect information from a legitimate website and send it to phisher. 11. Man-in-the-middle Phishing • Phishers positions himself between user and legitimate website/system. • Collect information transmitted between the systems and sell /misuse the data.
  • 117. Types of Phishing Scams 12. Search engine Phishing • Create websites with attractive offers and have them indexed legitimately with search engine. • Mobile phones for less price, low interest credits, etc. • Search engine optimization – Maximizing traffic to a website so that the search engine places this website on the top. 13. SSL certificate Phishing • Targets web servers with SSL certificates to create a duplicitous website displaying similar lock icon. • SSL certificates are valid and belong to legitimate website and these are misused by phishers.
  • 119. Types of Phishing Scams Distributed Phishing Attack (DPA) • An advanced form of phishing attack that works as per victim’s personalization of the location of sites collecting credentials and a covert transmission of credentials to a hidden coordination center run by the phisher. • A large number of fraudulent web hosts are used for each set of lured E-Mails. • Each server collects only a tiny percentage of the victim’s personal information.
  • 120. Phishing Toolkits and Spy Phishing • Toolkit is a set of scripts/programs that allows a phisher to automatically set up phishing websites that looks like legitimate site. • Sold in the dark web. • Free phishing tools are do it yourself tools. These may contain backdoor to send phished information to someone other than the tool user. • Rock Phish – Allows a single website with multiple DNS names to host variety of phished pages. • Xrenoder Trojan Spyware – Resets homepage/search settings to other sites. • Cpanel Google – Modifies DNS entry in host’s file to point to its own website.
  • 121. Phishing Countermeasures • The countermeasures prevent malicious attacks that phisher may target to gain the unauthorized access to the system to steal the relevant personal information about the victim, from the system. • It is always challenging to recognize/judge the legitimacy of a website while Googling. 1. Keep antivirus up to date 2. Do not click on hyperlinks in E-Mails 3. Take advantage of anti-Spam software 4. Verify https (SSL) 5. Use anti-spyware software 6. Get educated 7. Use Microsoft Baseline Security Analyzer 8. Firewall 9. Use backup system images 10. Do not enter sensitive or financial information into pop- up windows 11. Secure the hosts file 12. Protect against DNS Pharming attacks
  • 122. Phishing Countermeasures (SPS Algorithm) • With Sanitizing Proxy System (SPS), web Phishing attack can be immunized by removing part of the content that entices the netizens into entering their personal information. • SPS sanitizes all HTTP responses from suspicious URLs with warning messages. • Phishing attack comprises two phases: • Attraction • Acquisition • Characteristics of SPS 1. Two-level filtering 2. Flexibility of the rule set 3. Simplicity of the filtering algorithm 4. Accountability of HTTP response sanitizing 5. Robustness against both misbehavior of novice users and evasion techniques
  • 123. Phishing Countermeasures (SPS Algorithm) • Characteristics of SPS 1. Two-level filtering • Strict URL filtering and HTTP response sanitizing. 2. Flexibility of the rule set • Rule set as defined by the operator of SPS. 3. Simplicity of the filtering algorithm • 20 steps for implementation in existing browsers, plugins or firewalls. 4. Accountability of HTTP response sanitizing • Removes malicious HTTP headers/tags from HTTP responses. • Alert users. 5. Robustness against both misbehavior of novice users and evasion techniques • Built-in proxy can protect from all deceit cases of web spoofing.
  • 124. Identity Theft • Fraud that involves someone pretending to be someone else to steal money or get other benefits. • The person whose identity is used can suffer various consequences when he/she is held responsible for the perpetrator’s actions. • Statistics as per Federal Trade Commission (FTC) 1. Credit card fraud (26%) 2. Bank fraud (17%) 3. Employment fraud (12%) 4. Government fraud (9%) 5. Loan fraud (5%)
  • 125. Personally Identifiable Information (PII) • 4 variants: Personal, Personally, Identifiable, Identifying • Fraudsters attempts to steal the elements mentioned below: 1. Full name 2. National identification number (e.g., SSN) 3. Telephone and mobile phone numbers 4. Driver’s license number 5. Credit card numbers 6. Digital identity (e.g., E-Mail address, online account ID and password) 7. Birth date and Place name 8. birthplace 9. Face and fingerprints
  • 126. Personally Identifiable Information (PII) •A fraudster generally searches the following about an individual: 1. First or last name 2. age 3. country, state or city of residence 4. gender 5. name of the school/college/workplace 6. job position, grades and/or salary 7. criminal record
  • 127. Personally Identifiable Information (PII) •Types of Identity Theft 1. Financial identity theft 2. Criminal identity theft 3. Identity cloning 4. Business identity theft 5. Medical identity theft 6. Synthetic identity theft 7. Child identity theft
  • 128. Personally Identifiable Information (PII) • Types of Identity Theft 1. Financial identity theft • 25 types - Bank, credit card, tax refund, mail fraud. • Name, SSN, bank account. • Recovery is expensive, time-consuming, psychologically painful. 2. Criminal identity theft • Taking over someone’s identity and committing crime. • Computer & cybercrimes, organized crimes, trafficking, money laundering. • Employer conducts a criminal background verification.
  • 129. Personally Identifiable Information (PII) • Types of Identity Theft 3. Identity cloning • Clones compromise victim’s life by actually living and working as the victim at a different location. • May pay bills, get engaged, married and start a family. 4. Business identity theft • Fraudster rents a space in the same building as victim’s office. • Applies for corporate credit cards using victim firm’s name. • Business sensitive information (BSI) is info about the business, privileged in nature or proprietary information, if compromised, could cause serious damage. (Sensitive asset) • Masquerading business goods, IP theft.
  • 130. Personally Identifiable Information (PII) •Types of Identity Theft 5. Medical identity theft • Medical records of patients get created who avail medical facility. • Protected health information (PHI) changing hands when multiple agencies are involved. (Medical representatives, health officers, doctors, medical insurance organizations, hospitals) • A man received medical services bill who had no health issues.
  • 131. Personally Identifiable Information (PII) • Types of Identity Theft 6. Synthetic identity theft • Fraudster will take parts of personal information from many victims and combine them. • Not specific to any particular victim but can affect all victims. 7. Child identity theft • Parents using children’s identity to open credit card accounts, utility accounts, bank accounts, take loans because their credit history is insufficient.
  • 132. Techniques of ID Theft 1. Human-based methods – Techniques used by attacker without or minimum use of technology • Direct access to information (who have gained trust and have access to buildings– House cleaners, babysitters, nurses, friends) • Dumpster diving (retrieving documents from trash bins) • Theft of a purse or wallet (credit cards, debit cards, DL, Insurance ID card) • Mail theft and rerouting (Steal postal mails from mailboxes) • Shoulder surfing (People in public loitering around near ATM, cybercafes) • False or disguised ATMs (Miniaturized equipment on a valid ATM) • Dishonest or mistreated employee (Access to personal files, salary info, confidential info) • Telemarketing and fake telephone calls (Vishing)
  • 133. Techniques of ID Theft 2. Computer-based technique • Backup theft (Steal equipment from private buildings, public facilities) • Hacking, unauthorized access to systems and database theft (compromise information systems) • Phishing • Pharming (websites looking similar to legit site and domain is altered slightly, www.xyzbank.com to www.xyzbanc.com ) • Redirectors (Redirect users traffic to locations they did not intend to visit, infecting DNS server) • Hardware (Keystroke recording device)
  • 134. Identity Theft: Countermeasures 1. Monitor your credit closely. 2. Keep records of your financial data and transactions. 3. Install security software. 4. Use an updated web browser. 5. Be wary of e-mail attachments and links in both email and instant messages. 6. Store sensitive data securely. 7. Shred documents. 8. Protect your PII. 9. Stay alert to the latest scams.
  • 135. How to efface your online identity Tools that users can use to remove their usage footprints. 1. Anti tracks 2. Privacy eraser pro. 3. MyPrivacy 4. Web 2.0 suicide machine 5. Seppukoo