SlideShare a Scribd company logo

rajat_ppt

Download as PPTX, PDF
R
Rajat Guta

The document discusses different types of spoofing attacks including IP spoofing, email spoofing, and web spoofing. It provides examples of how these spoofing techniques work, such as modifying web pages and form submissions in web spoofing attacks. The document also discusses the legal implications of spoofing under Indian law and provides a case study of the first US federal criminal prosecution of spoofing in futures market trading. Overall, the document aims to educate about different spoofing attacks, how they are carried out, examples of real cases, and legal consequences.

1 of 23
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Submitted to: Mr. Mahesh Joshi Submitted by: Rajat Gupta 11EGJIT041
 Spoofing is a security attack that allows an adversary to observe and modify all web pages sent to the victim's machine, and observe all information entered into forms by the victim.  The attacker can observe and modify all web pages and form submissions, even when the browser's "secure connection" indicator is lit. The user sees no indication that anything is wrong.  After your browser has been fooled, the spoofed web server can send you fake web pages or prompt you to provide personal information such as login Id, password, or even credit card or bank account numbers.
 IP Spoof  E-mail Spoof  Web Spoofing  Non Technical Spoof
 The creation of IP packets with a forged source. The purpose of it is to conceal the identity of the sender or impersonating another computing system.  Some upper layer protocols provide their own defense against IP spoofing.  For example, TCP uses sequence numbers negotiate with the remote machine to ensure that the arriving packets are part of an established connection. Since the attacker normally cant see any reply packets, he has to guess the sequence number in order to hijack the connection.
rajat_ppt
 IP spoofing is almost always used in what is currently one of the most difficult attacks to defend against – denial of service attacks, or DoS. Since hrackers are concerned only with consuming bandwidth and resources, they need not worry about properly completing handshakes and transactions. Rather, they wish to flood the victim with as many packets as possible in a short amount of time. In order to prolong the effectiveness of the attack, they spoof source IP addresses to make tracing and stopping the DoS as difficult as possible. When multiple compromised hosts are participating in the attack, all sending spoofed traffic; it is very challenging to quickly block traffic.
 E-mail spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source.
rajat_ppt
 It has happened that the media printed false stories based on spoofed e-mails.  In October 2013, an e-mail which looked like it was from the Swedish company Fingerprint Cards was sent to a news agency, saying that Samsung offered to purchase the company. The news spread and the stock exchange rate surged by 50%. But the e- mail was from someone else.
 Don’t click links in emails instead always copy and paste, or even better manually type the URL in.  When entering personal or sensitive information, verify the URL is as you expect, and the site’s SSL certificate matches that URL.  Look at the IP information of the email header. If an email originated from inside your network, the sender should have very similar IP address.
 Pretending to be a legitimate site  Attacker creates convincing but false copy of the site  Stealing personal information such as login ID, password, credit card, bank account, and much more. aka Phishing attack  False Web looks and feels like the real one  Attacker controls the false web by surveillance  Modifying integrity of the data from the victims
rajat_ppt
 These non-computer based techniques are commonly referred to as social engineering. This can be as simple as the attacker calling someone on the phone saying that he is a certain person.
rajat_ppt
 Web spoofing is increasing at a rapid pace › According to a study by Gartner Research › Two million users gave such information to spoofed web sites. › About $1.2 billion direct losses to U.S. Bank and credit card issuers in 2003 › And about $400 million to $1 billion losses from the victims
Under Information Technology (Amendment) Act, 2008, Section 66-D and Section 417, 419 & 465 of Indian Penal Code, 1860 also applicable. Spoofing offence is cognizable, bailable, compoundable with permission of the court before which the prosecution of such offence is pending and triable by any magistrate.
 WASHINGTON (Reuters) - High-frequency trader Michael Coscia was charged with manipulating commodity futures prices in the first U.S. federal criminal prosecution of the practice of "spoofing," the Justice Department said on Thursday.  Coscia and his high-speed trading firm, Panther Energy Trading, were fined $3.1 million by regulators in the United States and Britain in July 2013 for market manipulation and ordered to disgorge $2.7 million in profits.
 It was the first criminal federal prosecution for 'spoofing' - creating the false impression of market demand by rapidly placing orders and then canceling them - which is explicitly banned by the 2010 Dodd-Frank Wall Street reform act.  "In August 2011, Coscia began a high-frequency trading strategy in which he entered large-volume orders that he intended to immediately cancel before they could (be) filled by other traders," the Department of Justice said.
 "By entering large orders that he ... canceled before other traders could fill them, Coscia made a profit by buying 14 contracts at 14288 ticks and selling them at 14289 ticks less than one second later," the Department said.  Futures markets, regulated by the Commodity Futures Trading Commission, are a common hunting ground for high-speed traders, and the agency is probing the sector for any breaches.
 Follow a three part strategy:  Disable JavaScript in your browser so the attacker will be unable to hide the evidence of the attack;  Make sure your browser’s location line is always visible;  Pay attention to the URLs displayed on your browser’s location line, making sure they always point to the server you think you are connected to.
 We should remain updated in this fields.  Daily there will be new challenges as the hackers seek out weakness and vulnerabilities in our systems.
 ANY QUERIES???
rajat_ppt

More Related Content

DOCX
Credit card hackers are here
Abhay pal
 
PDF
A Survey Paper on Identity Theft in the Internet
ijtsrd
 
PPTX
Phising a Threat to Network Security
anjuselina
 
PPTX
Phishing--The Entire Story of a Dark World
Avishek Datta
 
PPTX
Hacking phishing
dhanyadhanya121
 
PPTX
Seminar
Kavis Pandey
 
PPTX
Cyber fraud a threat to E commerce
Sudeshna07
 
PPTX
Phishing
shivli0769
 
Credit card hackers are here
Abhay pal
 
A Survey Paper on Identity Theft in the Internet
ijtsrd
 
Phising a Threat to Network Security
anjuselina
 
Phishing--The Entire Story of a Dark World
Avishek Datta
 
Hacking phishing
dhanyadhanya121
 
Seminar
Kavis Pandey
 
Cyber fraud a threat to E commerce
Sudeshna07
 
Phishing
shivli0769
 

What's hot (19)

PPT
P H I S H I N G
temi
 
PPTX
What is Phishing and How can you Avoid it?
Quick Heal Technologies Ltd.
 
PPTX
Topshop potential threats
daisy_maggs
 
PPT
Phishing
Syahida
 
PPTX
Phishing techniques
Sushil Kumar
 
PDF
Asto card into
IB Kang
 
PPT
Phishing
Kiran Patil
 
PPT
Phishing
oitaoming
 
PPTX
Phishing attack, with SSL Encryption and HTTPS Working
Sachin Saini
 
PPTX
Phishing
rahmataiman1
 
PPTX
ELECTRONIC FRAUD TACTICS
ICFAI Business School
 
PPT
Phishing: Swiming with the sharks
Nalneesh Gaur
 
PPT
Identity Theft business
Matt Smith
 
PPTX
Phishing
Syeda Javeria
 
PPT
Strategies to handle Phishing attacks
Sreejith.D. Menon
 
PPT
ICT-phishing
MH BS
 
PPTX
Internet fraud #scichallenge2017
N F
 
PPT
e-Fraud ppt
jasonsirmon
 
PPTX
Different Types of Phishing Attacks
SysCloud
 
P H I S H I N G
temi
 
What is Phishing and How can you Avoid it?
Quick Heal Technologies Ltd.
 
Topshop potential threats
daisy_maggs
 
Phishing
Syahida
 
Phishing techniques
Sushil Kumar
 
Asto card into
IB Kang
 
Phishing
Kiran Patil
 
Phishing
oitaoming
 
Phishing attack, with SSL Encryption and HTTPS Working
Sachin Saini
 
Phishing
rahmataiman1
 
ELECTRONIC FRAUD TACTICS
ICFAI Business School
 
Phishing: Swiming with the sharks
Nalneesh Gaur
 
Identity Theft business
Matt Smith
 
Phishing
Syeda Javeria
 
Strategies to handle Phishing attacks
Sreejith.D. Menon
 
ICT-phishing
MH BS
 
Internet fraud #scichallenge2017
N F
 
e-Fraud ppt
jasonsirmon
 
Different Types of Phishing Attacks
SysCloud
 
Ad

Viewers also liked (20)

PPTX
Introduction to Managing Cancer Living Meaningfully (CALM)
Global Institute GIPPEC
 
PDF
01 Mid-term Assignment - Christmas Land Project_khawar_v3
Reza Khawar
 
PPT
Portafolio virtua lalbertaponte
uftsaia
 
PPTX
El valor de la escucha
carolinahc25
 
DOCX
Mu0013 hr audit
consult4solutions
 
PPTX
Characters
Kim Hutton-Brown
 
DOCX
Mk0016 advertising management and sales
consult4solutions
 
DOCX
Mb0050 research methodology
consult4solutions
 
PDF
FlexDealer Automotive Digital Marketing Agency Presentation
Jason Prud'homme
 
DOCX
Mf0011 mergers & acquisitions
consult4solutions
 
DOCX
ACC 491 Week 4 Learning Team Assignment Apollo Shoes Case Assignment (1) 2015...
amoryatlanta
 
DOCX
Mk0018 international marketing
consult4solutions
 
PDF
Luyen viet tieng thai
Trung Nguyen
 
DOCX
Mi0035 computer networks
consult4solutions
 
PPSX
Under ground dams design
Amro Elfeki
 
PDF
Projektverzögerungen - Welche Verteidigungsstrategien gibt es gegen Verzugver...
Thomas Hofbauer
 
PDF
Board Comunicação Integrada
Fernanda Sobral
 
DOCX
Mk0018 international marketing
consult4solutions
 
PDF
Gratis schnittmuster 06-59_44
Luis Fernando Gomes
 
PPTX
Construction companies in qatar
qatpedia
 
Introduction to Managing Cancer Living Meaningfully (CALM)
Global Institute GIPPEC
 
01 Mid-term Assignment - Christmas Land Project_khawar_v3
Reza Khawar
 
Portafolio virtua lalbertaponte
uftsaia
 
El valor de la escucha
carolinahc25
 
Mu0013 hr audit
consult4solutions
 
Characters
Kim Hutton-Brown
 
Mk0016 advertising management and sales
consult4solutions
 
Mb0050 research methodology
consult4solutions
 
FlexDealer Automotive Digital Marketing Agency Presentation
Jason Prud'homme
 
Mf0011 mergers & acquisitions
consult4solutions
 
ACC 491 Week 4 Learning Team Assignment Apollo Shoes Case Assignment (1) 2015...
amoryatlanta
 
Mk0018 international marketing
consult4solutions
 
Luyen viet tieng thai
Trung Nguyen
 
Mi0035 computer networks
consult4solutions
 
Under ground dams design
Amro Elfeki
 
Projektverzögerungen - Welche Verteidigungsstrategien gibt es gegen Verzugver...
Thomas Hofbauer
 
Board Comunicação Integrada
Fernanda Sobral
 
Mk0018 international marketing
consult4solutions
 
Gratis schnittmuster 06-59_44
Luis Fernando Gomes
 
Construction companies in qatar
qatpedia
 
Ad

Similar to rajat_ppt (20)

PDF
ccs12-18022310494mghmgmyy3 (1).pdf
KALPITKALPIT1
 
PPTX
Cyber Crime and Security
Md Nishad
 
PDF
IT Sample Paper
Write My Essay
 
PPTX
cyber crime.pptx
OmprakashRaut
 
PDF
Edu 03 assingment
Aswani34
 
DOCX
Running head SOCIAL ENGINEERING1SOCIAL ENGINEERING 6As a .docx
todd521
 
PDF
Databreach forecast
Suresh Kesavan
 
PDF
A Guide to Internet Security For Businesses- Business.com
Business.com
 
PPTX
Web spoofing hacking
jignesh khunt
 
PPT
Cyber crime
Nitin Kanaujia
 
PDF
Phish phry operation
Mohamed Zahran
 
PDF
Phishing.pdf
MariGogokhia
 
PPTX
Cyber crime
Durban Chamber of Commerce and Industry
 
DOCX
Preventing Internet Fraud By Preventing Identity Theft
Diane M. Metcalf
 
PDF
The Current State of Cybercrime 2014
EMC
 
PDF
A Review on Antiphishing Framework
IJAEMSJORNAL
 
PPTX
Cyber Crime
infantemiliya
 
PPTX
PPT FOR CYBER SECURITY AND FORENSICS MICRO PROJECT
UrveshPrajapati11
 
PDF
A Contextual Framework For Combating Identity Theft
Martha Brown
 
PPTX
Disadvantages of-i ct-woww
FloroRaphaell
 
ccs12-18022310494mghmgmyy3 (1).pdf
KALPITKALPIT1
 
Cyber Crime and Security
Md Nishad
 
IT Sample Paper
Write My Essay
 
cyber crime.pptx
OmprakashRaut
 
Edu 03 assingment
Aswani34
 
Running head SOCIAL ENGINEERING1SOCIAL ENGINEERING 6As a .docx
todd521
 
Databreach forecast
Suresh Kesavan
 
A Guide to Internet Security For Businesses- Business.com
Business.com
 
Web spoofing hacking
jignesh khunt
 
Cyber crime
Nitin Kanaujia
 
Phish phry operation
Mohamed Zahran
 
Phishing.pdf
MariGogokhia
 
Cyber crime
Durban Chamber of Commerce and Industry
 
Preventing Internet Fraud By Preventing Identity Theft
Diane M. Metcalf
 
The Current State of Cybercrime 2014
EMC
 
A Review on Antiphishing Framework
IJAEMSJORNAL
 
Cyber Crime
infantemiliya
 
PPT FOR CYBER SECURITY AND FORENSICS MICRO PROJECT
UrveshPrajapati11
 
A Contextual Framework For Combating Identity Theft
Martha Brown
 
Disadvantages of-i ct-woww
FloroRaphaell
 

rajat_ppt

  • 1. Submitted to: Mr. Mahesh Joshi Submitted by: Rajat Gupta 11EGJIT041
  • 2.  Spoofing is a security attack that allows an adversary to observe and modify all web pages sent to the victim's machine, and observe all information entered into forms by the victim.  The attacker can observe and modify all web pages and form submissions, even when the browser's "secure connection" indicator is lit. The user sees no indication that anything is wrong.  After your browser has been fooled, the spoofed web server can send you fake web pages or prompt you to provide personal information such as login Id, password, or even credit card or bank account numbers.
  • 3.  IP Spoof  E-mail Spoof  Web Spoofing  Non Technical Spoof
  • 4.  The creation of IP packets with a forged source. The purpose of it is to conceal the identity of the sender or impersonating another computing system.  Some upper layer protocols provide their own defense against IP spoofing.  For example, TCP uses sequence numbers negotiate with the remote machine to ensure that the arriving packets are part of an established connection. Since the attacker normally cant see any reply packets, he has to guess the sequence number in order to hijack the connection.
  • 6.  IP spoofing is almost always used in what is currently one of the most difficult attacks to defend against – denial of service attacks, or DoS. Since hrackers are concerned only with consuming bandwidth and resources, they need not worry about properly completing handshakes and transactions. Rather, they wish to flood the victim with as many packets as possible in a short amount of time. In order to prolong the effectiveness of the attack, they spoof source IP addresses to make tracing and stopping the DoS as difficult as possible. When multiple compromised hosts are participating in the attack, all sending spoofed traffic; it is very challenging to quickly block traffic.
  • 7.  E-mail spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source.
  • 9.  It has happened that the media printed false stories based on spoofed e-mails.  In October 2013, an e-mail which looked like it was from the Swedish company Fingerprint Cards was sent to a news agency, saying that Samsung offered to purchase the company. The news spread and the stock exchange rate surged by 50%. But the e- mail was from someone else.
  • 10.  Don’t click links in emails instead always copy and paste, or even better manually type the URL in.  When entering personal or sensitive information, verify the URL is as you expect, and the site’s SSL certificate matches that URL.  Look at the IP information of the email header. If an email originated from inside your network, the sender should have very similar IP address.
  • 11.  Pretending to be a legitimate site  Attacker creates convincing but false copy of the site  Stealing personal information such as login ID, password, credit card, bank account, and much more. aka Phishing attack  False Web looks and feels like the real one  Attacker controls the false web by surveillance  Modifying integrity of the data from the victims
  • 13.  These non-computer based techniques are commonly referred to as social engineering. This can be as simple as the attacker calling someone on the phone saying that he is a certain person.
  • 15.  Web spoofing is increasing at a rapid pace › According to a study by Gartner Research › Two million users gave such information to spoofed web sites. › About $1.2 billion direct losses to U.S. Bank and credit card issuers in 2003 › And about $400 million to $1 billion losses from the victims
  • 16. Under Information Technology (Amendment) Act, 2008, Section 66-D and Section 417, 419 & 465 of Indian Penal Code, 1860 also applicable. Spoofing offence is cognizable, bailable, compoundable with permission of the court before which the prosecution of such offence is pending and triable by any magistrate.
  • 17.  WASHINGTON (Reuters) - High-frequency trader Michael Coscia was charged with manipulating commodity futures prices in the first U.S. federal criminal prosecution of the practice of "spoofing," the Justice Department said on Thursday.  Coscia and his high-speed trading firm, Panther Energy Trading, were fined $3.1 million by regulators in the United States and Britain in July 2013 for market manipulation and ordered to disgorge $2.7 million in profits.
  • 18.  It was the first criminal federal prosecution for 'spoofing' - creating the false impression of market demand by rapidly placing orders and then canceling them - which is explicitly banned by the 2010 Dodd-Frank Wall Street reform act.  "In August 2011, Coscia began a high-frequency trading strategy in which he entered large-volume orders that he intended to immediately cancel before they could (be) filled by other traders," the Department of Justice said.
  • 19.  "By entering large orders that he ... canceled before other traders could fill them, Coscia made a profit by buying 14 contracts at 14288 ticks and selling them at 14289 ticks less than one second later," the Department said.  Futures markets, regulated by the Commodity Futures Trading Commission, are a common hunting ground for high-speed traders, and the agency is probing the sector for any breaches.
  • 20.  Follow a three part strategy:  Disable JavaScript in your browser so the attacker will be unable to hide the evidence of the attack;  Make sure your browser’s location line is always visible;  Pay attention to the URLs displayed on your browser’s location line, making sure they always point to the server you think you are connected to.
  • 21.  We should remain updated in this fields.  Daily there will be new challenges as the hackers seek out weakness and vulnerabilities in our systems.