Cybercrime and Security

Introduction

Technology: A double-edged sword.
Target of offense and false sense of anonymity.
Misuse of information occurs.
Agencies collect individual information.
Cyber criminals use the internet for illegal activities.
Lack of awareness about cybercrime and cyber laws.
Cybercriminals are often referred to as "crackers."

Network Vulnerabilities

Attackers exploit network vulnerabilities due to inadequate protection.
Categories of vulnerabilities:
- Inadequate border protection (network periphery).
- Remote access servers with weak access controls.
- Application servers with well-known exploits.
- Misconfigured systems and systems with default configurations.

Data Privacy Concerns

Potential for abuse with vast amounts of private data amassed by government, private industry, and the internet community.

Hackers vs. Crackers

Hackers:
- Strong interest in computers, enjoy learning and experimenting.
- Talented and smart individuals.
Crackers:
- Break into computer systems.
- Crimes include vandalism, theft, and snooping in unauthorized areas.

Types of Hackers

White Hat Hackers:
- Ethical hackers who identify and fix security vulnerabilities.
- Work to improve cybersecurity and protect systems.
Black Hat Hackers:
- Malicious hackers who use skills for illegal or unethical purposes.
- Gain unauthorized access, steal data, or cause harm.
The term "hacker" is broad; distinction between ethical and malicious use is crucial.

Brute Force Hacking

Technique to find passwords or encryption keys.
Trying every possible combination until the code is broken.

Crackers (Detailed)

Subset of hackers engaged in unauthorized activities with malicious intent.
Focus on breaking into systems, networks, and software for illegal purposes like piracy or data theft.
Historically, "crackers" removed copy protection or license restrictions from software.

Phreakers

Individuals who manipulate telecommunication infrastructure for unauthorized calls.
"Phone phreaking" was more common when phone networks were less secure.
Techniques used to access free long-distance calls and explore phone networks.

War Dialers

Also known as ‘Demon dialers’ automatically dial phone numbers of same area code to look for unprotected modems.
Wardialing involves calling an unknown number and waiting for one or two rings.
If the phone rings twice, the modem hangs up and tries the next number. If a modem or fax machine answers, the wardialer program makes a note of the number. If it’s a human, immediately hangs up the call.

Patriotic Hacking

Computer hacking or system cracking by citizens or supporters of a country against perceived enemies.
Illegal and reserved for government agencies (CIA, NSA, FBI, etc.).

Network Vulnerabilities (Examples)

Router misconfiguration rendering network highly vulnerable to DoS attacks.
Administrator failing to monitor IDS alerts and firewall logs to detect suspicious activity.
Administrator failing to install patch to fix BIND vulnerability.
Poor password policy allowing creation of dial-in accounts with easily guessed passwords.
Employee installing PC Anywhere without a password.

Cybercriminal Attack Planning

Cybersecurity experts need to understand how cybercriminals plan attacks.
Criminals use tools and techniques to identify vulnerabilities of individuals or organizations.
Attacks aim at stealing valuable information or breaching systems.
Criminals plan active and passive attacks.
- Active attacks: aim to alter the targeted system.
- Passive attacks: attempt to acquire as much information as possible.
Active attacks may affect integrity, authenticity, and availability of data, whereas passive attacks lead to breaches of privacy.

Outside vs. Inside Attacks

Inside attacks: Originate from within the security perimeter of an organization.
- Often performed by employees with access and knowledge of security infrastructure.
Outside attacks: Executed from outside the organization's security firewall.
- Performed by someone without direct association with the organization.
- Can be made over the internet or via remote access.

Cybercriminal Profiles

Most attacks are led by individuals or small groups of hackers.
Organized crime exploits the internet with professional hackers who develop innovative crime methods.
Global criminal conglomerates treat cybercrime as an income-generating investment.
Criminal communities share strategies and tools for coordinated attacks.
Underworld cyber-markets facilitate the purchase and sale of stolen credentials.

Cybercriminal Anonymity

The internet makes it difficult to track cybercriminals.
Collaboration anonymously via Dark Web, Tor, Cryptocurrencies, VPNs, Hacker Forums, and Marketplaces.
Attacks can be launched and controlled from anywhere globally.
Hackers use already hacked computers, removing any form of identity.
Crime laws vary, complicating situations when attacks are launched from different countries.

Types of Cybercrime (Targeting Individuals)

Criminals exploit human weaknesses (innocence, ignorance, avidity).
Attacks include copyright violation, sale of stolen properties, financial fraud, and harassment.
Technological advancements expand the group of potential victims.
79% of security professionals think that the biggest threat to endpoint security is the negligence among the employees for security practices.
Negligence and mistakes can lead to tremendous financial loss.

Cybercrime against an organization

Cyberterrorism: Cyber-attacks against an organization.
Hackers rely on computers and the Internet.
Objectives: Steal confidential information, destroy valuable files, take total control of the system, or damage programs.
- Example: A cyber-attack on financial institutions (e.g., banks).

Cybercrimes target valuable assets

Description: Stealing property (e.g., laptops, pen drives, DVDs, mobile devices, CDs, iPads, etc.).
Infection: Attackers may infect devices with malicious programs (e.g., malware, Trojan) to disrupt functionality.
- Example: Shortcut virus: Converts valid files into inaccessible forms on PC hard drives or flash drives, hiding actual files behind shortcut files.

Attacks using a single event

Description: Attack performed with a single action from the victim’s point of view.
- Example: Opening an email containing corrupted files or a link to a corrupted website.
Exploitation: Attacker uses malware as a backdoor to access and take control of the system.
Impact: Can cause organization-wide havoc with a single click by an “ignorant” employee.

Cyber-attacks considering a chain of events

Description: Hackers perform a series of events to track and interact with victims personally.
- Example: Phone call or chat room to establish a connection, then steal or explore data.
Prevalence: This type of attack is common.
Caution: Exercise caution before accepting friend requests on Facebook or joining WhatsApp groups from unknown sources.

How Cybercriminals Plan Attacks

5 phases involved:
- Reconnaissance - footprint (initial phase).
- Scanning and scrutinization of the collected data.
- Launching the attack .

Reconnaissance

Definition: Act of exploring with an aim to find something about the target.
Objective: Gain information about a potential enemy in cybersecurity.
Footprinting: Initial preparation towards the pre-attack phase.
- Collection of data about the target’s computer infrastructure and cyber environment.
- Provides an overview of the victim’s weak points and how they can be exploited.
Goal: Provide the attacker with an understanding of the victim’s systems, networking ports, services, and security aspects.
Data sourcing: Attackers gather data from passive and active attacks.

Passive attacks

Description: An attacker secretly gathers information about their target.
Objective: Acquire relevant data without the victim noticing.
Methods:
- Watching an organization’s activities or spying on a specific department.
- Googling or using search engines to find information.
Examples:
- Yahoo or Google search.
- Surfing online communities like Twitter, Facebook, Instagram.
- Organization’s website.
- Press releases, blogs, and newsgroups.
- Job requirements for specific positions.

Active Attacks

Actively examine the network to discover individual hosts and verify the validity of gathered information.
IP address of the given gadget, and available services on the network, collected during the passive attack.
Involves risk of detection and can also be referred to as “Active reconnaissance” or “Rattling the doorknobs”
Active reconnaissance can be used to confirm the security measures put in place by an attacker
May raise suspicion or increase the attacker’s chance of being caught before they execute the full attack.

Scrutinizing and Scanning Gathered Information

Scanning is a key step to examine as you collect information about the network infrastructure.
The process has the following objectives
- Network scanning is executed to understand better the IP address and other related information about the computer network system.
- Port Scanning – to identify any closed or open ports and services.
- Vulnerability scanning – to identify existing weak links within the system.
In the hacking world, the scrutinizing phase is also referred to as enumeration. The objective of scrutinizing includes:
- To validate the authenticity of the user running the given account, be it an individual or a group of persons.
- To identify network resources and or shared resources.
- To verify the operating system and various applications that are running on the computer OS.

Attack Phase

The attack phase is the last step in the attack process.
It involves the hacker gaining and maintaining full control of the system access.
It comes immediately after scanning and enumeration, and it launches sequentially as listed in the below steps.
- Brute force attack or any other relevant method to bypass the password.
- Exploit the password.
- Launch the malicious command or applications.
- Hide the files.
- Cover the tracks, don’t leave any trail that can lead back to you as the malicious third party. This can be achieved by deleting logs so that there is no trail for your illicit actions.

Passive Attacks

Gathering information about a target without his/her knowledge.
Internet searches or by googling.
*Tools used during passive attack:
*Google Earth is a virtual globe, map, and geographic information program.
*The Internet Archive is an Internet library, with the purpose of offering permanent access for researchers, historians and scholars to historical collections that exist in digital format. It includes texts, audio, moving images, and software as well as archived webpages in our collections.
*LinkedIn is an interconnected network of experienced professionals from around the world, representing 170 industries and 200 countries.
*People Search provides details about personal information: date of birth, residential address, contact number, etc.
*WHOIS This is a domain registration lookup tool. This utility is used for communicating with WHOIS servers located around the world to obtain domain registration information.
*Nslookup The name nslookup means "name server lookup."
*Traceroute This is the best tool to find the route (i.e., computer
network path) to a target system.
*HTTrack This tool acts like an offline browser.

Active Attacks

It involves probing the network to discover individual hosts to confirm the information gathered in the passive attack phase
The attacker efforts to change or modify the content of messages.
Due to active attack system is always damaged and System resources can be changed.
The most important thing is that, In active attack, Victim gets informed about the attack.
*Tools used during active attack:
*Arphound This is a tool that listens to all traffic on an Ethernet network interface.
*Arping This is a network tool that broadcasts ARP packets and receives replies similar to "ping."
*Bing This is used for Bandwidth Ping.
*Bugtraq This is a database of known vulnerabilities and exploits providing a large quantity of technical information and resources.
*Dig This is used to perform detailed queries about DNS records and zones, extracting configuration, and administrative information about a network or domain.
*Dsniff This is a network auditing tool to capture username, password, and authentication information on a local subnet.
*Filesnarf This is a network auditing tool to capture file transfers and file sharing traffic on a local subnet.
*Fragroute This intercepts, modifies and rewrites egress traffic destined for a specified host, implementing several intrusion detection system (IDS) evasion techniques.
*Tcpdump This is a network tool for the protocol packet capture and dumper program.

Active attack vs Passive attack

Based on	Active attack	Passive attack
Definition	In active attacks, the attacker intercepts the connection and efforts to modify the message's content.	In passive attacks, the attacker observes the messages, then copy and save them and can use it for malicious purposes.
Modification	In an active attack, the attacker modifies the actual information.	In passive attacks, information remains unchanged.
Victim	In active attacks, the victim gets notified about the attack.	Unlike active attacks, in passive attacks, victims do not get informed about the attack.
System's	The damage done with active attacks can be harmful to the system and its resources.	The passive attacks do not harm the system.
impact
System	In active attacks, the system resources can be changed.	In passive attacks, the system resources remain unchanged.
resources
Dangerous for	They are dangerous for the integrity and availability of the message.	They can be dangerous for confidentiality of the message.
Emphasis on	In active attacks, attention is on detection.	In active attacks, attention is on prevention.
Types	Active Masquerade, Repudiation, Modification of message, and Denial of service.	It traffic analysis, release message.
Prevention	Active attacks are tough to restrict from entering systems or networks.	Unlike active attacks, passive attacks are easy to prohibit.

Categories of cybercrime:

Cybercrime can be categorized based on
- The target of the crime.
- Whether the crime occurs as a single event or as a series of events.

Crimes targeted at individuals

Human weakness
Financial frauds
Child pornography
Copy right violations
Harassment

Crimes targeted at property

Stealing devices
Transmitting harmful programs to destroy the devices

Crimes targeted at organizations

Cyberterrorism
Attackers (individual / group)

Single event of cybercrime

It is the single event from the perspective of victim
Unknowingly opening attachments contain virus
This is hacking or fraud

Series of events

Attacker interacting with the victims repetitively
Series of events / demanding
Cyberstalking

How criminals plan the attacks

Criminals use many methods and tools to locate the vulnerabilities of their target
Target can be individual or / and organizations
Active attack and passive attack
Inside attack: originating or attempted within the security perimeter of an organization.
Attempted by insider
Gains access to more resources than expected
Outside attack: attempted outside the security perimeter of an organization.
Attempted through internet or remote access connection.

Phases involved in planning cybercrime

Reconnaissance (information gathering) is the first phase and is treated as passive attacks.
Scanning and scrutinizing the gathered information for the validity of the information as well as to
identify the existing vulnerabilities.
Launching an attack (gaining and maintaining the
system access).

Reconnaissance

Is an act of reconnoitering – explore, often with the goal of finding something or somebody.
Gain information about an enemy or potential enemy.
Foot printing- gives an overview about the system vulnerability
Attackers gather the information in two phases
Passive and active attacks

Scanning and scrutinizing gathered information

Scanning: key step to examine intelligently while gathering the information.
Objectives of scanning are

Scrutinizing phase

Scrutinizing phase: called enumeration in the hacking world.

Attack Phase

After scanning and enumeration, the attack is launched using the following steps.

Social Engineering

Technique to influence or persuasion to deceive
It is the tactic of manipulating, influencing, or deceiving a victim in order to gain control over a computer system, or to steal personal and financial information.
Uses telecommunication / internet against the security policy of the organization

Classification of social Engineering

Human based social engineering:
- Person to person interaction
- Ex. Calling to get information
Computer based social engineering:
- Getting required information by using computer software / internet
- Ex. Fake E-mail

Human based social engineering

Impersonating an employee or valid user
Posing as an important user
Using a third person
Calling technical support
Shoulder suffering
Dumpster driving

Computer based social engineering

Fake E-mails
E-mail attachments
Pop-up windows

Past statistics

As per Microsoft Corporation recent (October 2007) research, there is an increase in the number of security attacks designed to steal personal information (PI) or the instances of tricking people to provide it through social engineering
2,249 social engineering incidents were reported. - Verizon.
A hacker used social engineering attack on Twilio and gained access to the company's internal systems and the data of 125 customers. - Venturebeat Social engineering attacks rely not on hacking computer systems, but on manipulating people. Yet social engineering methods play a part in million of cyberattacks. In this article, we'll dig into 21 key social engineering statistics. Read on.
- 98% of Cyber Attacks Involve Some Form Social Engineering.

Cyberstalking

Cyberstalkers take advantage of the anonymity afforded by the internet to stalk or harass their victims, sometimes without being caught, punished or even detected. The terms cyberstalking and cyberbullying are often used interchangeably.
Individual or group of individual to harass another individual, group of individual or organization.
More than 75% of the women are victims of cyber stalking but the data is insufficient as most of the cases go unreported.
Cyberstalking is criminalized under the Indian Penal Code, 1860. The Criminal Law (Amendment) Act of 2013 to the IPC introduced section 354D which deals with stalking.

Types of Cyber stalkers

Online stalkers: They aim to start the interaction with the victim directly with the help of the Internet. E-Mail and chat rooms are the most popular communication medium to get connected with the victim.
Offline stalkers: The stalker may begin the attack using traditional methods such as following the
victim, watching the daily routine of the victim, etc.

Cases reported on cyber stalking

The majority of cyberstalkers are men and the majority of their victims are women.
In many cases, the cyberstalker and the
victim hold a prior relationship, and the cyberstalking begins when
the victim attempts to break off the relationship

How stalking works

Establish a contact with victim through telephone/cell phone
Stalkers will almost always establish a contact with the victims through E-Mail.
Some stalkers keep on sending repeated E-Mails asking for various kinds of favors or threaten the victim.

Cybercafe and cybercrimes

A cybercafe is a business which allows people to pay for access to the Internet.
Cybercrimes such as stealing of bank passwords and subsequent fraudulent withdrawal of money have also happened through cybercafes.