Program : B.

Tech
Subject Name: Cyber Security
Subject Code: CS-503
Semester: 5th
Downloaded from www.rgpvnotes.in

Unit -4
Topics to be covered
UNIT 4
The Indian Evidence Act of 1872 v. Information Technology Act, 2000: Status of Electronic Records as
Evidence, Proof and Management of Electronic Records; Relevancy, Admissibility and Probative Value of
E-Evidence, Proving Digital Signatures, Proof of Electronic Agreements, Proving Electronic Messages.
-------------------------------------------------------------------------------------------------------------------------------------------
The Indian EvidenceAct of 1872 v. Information Technology Act, 2000- Conventional Crime is a social and
economic phenomenon and is as old as the human society. Crime is a legal concept and has the sanction
of the law. Crime or an offence is a legal wrong that can be followed by criminal proceedings which may
result into punishment.‘ The hallmark of criminality is that, it is breach of the criminal law. Per Lord the
criminal quality of an act cannot be discovered by reference to any standard but one: is the act
prohibited with penal consequences‘. A crime may be said to be any conduct accompanied by act or
omission prohibited by law and consequential breach of which is visited by penal consequences.
There is apparently no distinction between cyber and conventional crime. However on a deep
introspection we may say that there exist a fine line of demarcation between the conventional
and cybercrime, which is appreciable. The demarcation lies in the involvement of the medium in cases
of cybercrime. The sine qua non for cybercrime is that there should be an involvement, at any stage, of
the virtual cyber medium.
The Court may presume that an electronic message forwarded by the originator through an electronic
mail server to the addressee to whom the message purports to be addressed corresponds
with the message as fed into his computer for transmission; but the Court shall not make any
presumption as to the person by whom such message was sent.

Reasons for Cyber-crime:

Hart in his work The Concept of Law‘ has said ―human beings are vulnerable so rule of law is
required toprotect them . Applying this to the cyberspace we may say that computers are
vulnerable so rule of law is required to protect and safeguard them against cybercrime. The
reasons for the vulnerability of computers may be said to be:
 Capacity to store data in comparatively small space:The computer has unique characteristic of
storing data in a very small space. This affords to remove or derive information either through
physical or virtual medium makes it much easier.
 Easy to access :The problem encountered in guarding a computer system from unauthorized
access is that there is every possibility of breach not due to human error but due to the
complex technology. By secretly implanted logic bomb, key loggers that can steal access
codes, advanced voice recorders; retina imagers etc. That can fool biometric systems and
bypass firewalls can be utilized to get past many a security system.
 Complex: The computers work on operating systems and these operating systems in turn are
composed of millions of codes. Human mind is fallible and it is not possible that there might not
be a lapse at any stage. The cyber criminals take advantage of these lacunas and penetrate into
the computer system.
 Negligence: Negligence is very closely connected with human conduct. It is therefore very
probable that while protecting the computer system there might be any negligence, which in turn
provides a cybercriminal to gain access and control over the computer system.
 Loss of evidence : Loss of evidence is a very common & obvious problem as all the data
are routinely destroyed. Further collection of data outside the territorial extent also
paralyzes this system of crime investigation.

Page no: 1 Get real-time updates from RGPV

Downloaded from www.rgpvnotes.in

The Information Technology Act was originally passed on 17th October 2000 withone ofthe aim to provide
legal recognition to digital/electronic evidence. Hence, amendments were made in the Indian Evidence
Act regarding collection and production of digital evidence in the court of law.
Some of the important provisions of the Indian Evidence Act pertaining to digital/electronic evidence are
as follows –
 Defining Electronic Record.
 Scope of definition of evidence expanded to include electronic records.
 Admissibility of electronic records.
 Presumption as to electronic messages

Digital evidence- Digital data are all around us and should be collected routinely in any investigation.Even
if digital data do not provide a link between a crime and its victim or a crime and its perpetrator, they can
be useful in an investigation. Digital evidence can reveal howa crime was committed, provide
investigative leads, disprove or support witness statements, and identify likely suspects.
Digital evidence is defined as any data stored or transmitted using a computer that support or refute
(counter)a theory of how an offense occurred or that address critical elements of the offense such
as intent or alibi(excuse).Data - a combination of numbers that represent information of various kinds,
including text, images, audio, and video.
Types of digital data that exist and how they might be useful in an investigation?
Computers are ubiquitous and digital data are being transmitted through the air around us and through
wires in the ground beneath our feet. When considering the many sources of digital evidence, it is
useful to Categorize computer systems into three groups:
Open Computer System Communication System Embedded Computer System
I. Digital Evidence – Communication System
 Traditional telephone systems, wireless telecommunication systems, the Internet, and networks
ingeneral can be a source of digital evidence.
 For instance, telecommunication systems transfer SMS/MMS messages, and the Internet carries
e- mail messages around the world.
 The time a message was sent, who likely sent it, or what the message contained can all
be important in an investigation.
 To verify when a message was sent, it may be necessary to examine log files from
intermediate servers and routers that handled a given message.
 Some communication systems can be configured to capture the full contents of traffic,
giving digital investigators access to all communications (e.g., message text and
attachments, and telephone conversations.

II. Digital Evidence –Embedded Computer System

 Mobile devices, smart cards, and many other systems with embedded computers may contain
digital evidence. Mobile devices can contain communications, digital photographs and videos, and
other personal data. Navigation systems can be used to determine where a vehicle has been.
 Sensing and Diagnostic Modules in many vehicles hold data that can be useful for
understanding accidents, including the vehicle speed, brake status, and throttle position during
the last 5s before impact.
 Microwave ovens are now available with embedded computers that can download information
from the Internetand some home appliances allow users to program them remotely via a wireless
network or the Internet.

Page no: 2 Get real-time updates from RGPV

Downloaded from www.rgpvnotes.in

Figure 4.1: Embedded Computer System

Status of Electronic Records as Evidence

 It is any probative information stored or transmitted in digital form that a party to a court case
may use at trial. Before accepting digital evidence it is vital that the determination of
its relevance, veracity and authenticity be ascertained by the court and to establish if
the fact i s hearsay or a copy is preferred to the original.
 Digital Evidence is “information of probative value that is stored or transmitted in
binary form”. Evidence is not only limited to that found on computers but may also
extend to include evidence on digital devices such as telecommunication or electronic
multimedia devices. The e-EVIDENCE can be found in e- mails, digital photographs,
ATM transaction logs, word processing, documents, instant message histories, files saved
from accounting programs, spreadsheets, internet browser histories databases, Contents of
computer memory, Computer backups, Computer printouts, Global Positioning System
tracks, Logs from a hotel’s electronic door locks, Digital video or audio files. Digital
Evidence tends to be more voluminous, more difficult to destroy, easily modified, easily
duplicated, potentially more expressive and more readily available.

Proof and Management of Electronic Records

 It Defines Records Management (RM) as the field of management responsible for the efficient
and systematic control of the creation, receipt, maintenance, use and disposition of records,
including the processes for capturing and maintaining evidence of and information about
business activities and transactions in the form of records. Electronic Records Management (ERM)
ensures your organization has the records it needs when they are needed.
 Records management refers to a set of activities required for systematically controlling
the creation, distribution, use, maintenance, and disposition of recorded information
maintained as evidence of business activities and transaction.

Relevancy-As a quality of evidence, "relevancy" means applicability to the issue joined.

Relevancy is that which conduces to the proof of a pertinent hypothesis; a pertinent hypothesis
being one which, if sustained, would logically influence the issue.

Page no: 3 Get real-time updates from RGPV

Downloaded from www.rgpvnotes.in

Admissibility and Probative Value of E-Evidence

Digital evidence or electronic evidence is any probative information stored or transmitted in digital form
that a partyto a court casemay use at trial. Before accepting digital evidence a court will
determine if the evidence is relevant, whether it is authentic, if it is hearsay and whether a copy is
acceptable or the original is required.
The use of digital evidence has increased inthe past few decades ascourts have allowed the use of e-
mails,digital photographs, ATM transaction logs, word processing documents, instant message histories,
files saved from accounting programs, spreadsheets, internet browser histories, databases, the
contents of computer memory, computer backups, computer printouts, Global Positioning
System tracks, logs from a hotel’s electronic door locks, and digital video or audio files.

Proving Digital Signatures-Proving the legality of a digital signature involves a two-step process:
having the signature admitted as evidence and then demonstrating its trustworthiness. To admit a
signature as evidence, you will need expert testimony describing the record creation process and
supporting its accuracy. Once the signed record is admitted, the trustworthiness of the signature
must be shown.

Figure 4.2: Proving Digital Signature

Proof of Electronic Agreements

 Section 84A12 provides for the presumption that a contract has been concluded where the
parties’ digital signatures are affixed to an electronic record that purports to be an agreement.
 Section 85B of the Evidence Act provides that where a security procedure has been applied to an
electronic record at a specific time, the record is deemed tobe a secure electronic record from
such time until the time of verification. Unless the contrary is proved, the court is to presume
that a secure electronic record has not been altered since obtaining secure status. The provisions
relating to a secure digital signature are set out in Section 15 of the IT Act.
It is presumed that by affixing a secure digital signature the subscriber intends to sign or
approve the electronic record. In respect of digital signature certificates (Section 8 of the
Evidence Act) , it is presumed that the information listed in the certificate is correct, with the
exception of information specified as subscriber information that was not verified when the subscriber
accepted the certificate.

Page no: 4 Get real-time updates from RGPV

Downloaded from www.rgpvnotes.in

Proving Electronic Messages-Under section 88A, it is presumed that an electronic message

forwarded by a sender through an electronic mail server to an addressee corresponds with the
message fed into the sender's computer for transmission. However, there is no presumption regarding
the person who sent the message.
-------------------------------------------------------------------------------------------------------------------------------------------

Page no: 5 Get real-time updates from RGPV

Downloaded from www.rgpvnotes.in

Unit-5
Topics to be covered
UNIT 5
Tools and Methods in Cybercrime: Proxy Servers and Anonymizers, Password Cracking, Key loggers
and Spyware, virus and worms, Trojan Horses, Backdoors, DoS and DDoS Attacks , Buffer and
Overflow, Attack on Wireless Networks, Phishing : Method of Phishing, Phishing Techniques.

-------------------------------------------------------------------------------------------------------------------------------
Proxy Servers
A proxy server is a server (a computer system or an application) that acts as an intermediary for
requestsfrom clients seeking resources from other servers. A client connects to the proxy server,
requesting some service, such as a file, connection, web page, or other resource available from a
different server and the proxy server evaluates the request as a way to simplify and control its
complexity. Proxies were invented to add structure and encapsulation to distributed
systems. Today, most proxies are web proxies, facilitating access to content on the World
Wide Web, providing anonymity and may be used to bypass IP address blocking.

Figure5.1: Communication between two computers connected through a third computer acting as a
proxy. Bob does not know to whom the information is going, which is why proxies can be used to
protect privacy.
Anonymizers- An Anonymizers or an anonymous proxy is a tool that attempts to make activity on the
Internet untraceable. It is a proxy server computer that acts as an intermediary and privacy
shield between a client computer and the rest of the Internet. It accesses the Internet on the
user's behalf, protecting personal information by hiding the client computer's identifying
information. There are many reasons for using Anonymizers. Anonymizers help minimize risk. They
can be used to prevent identity theft, or to protect search histories from public disclosure.
Some countries apply heavy censorship on the internet. Anonymizers can help in allowing freeaccess
to all of the internet content, but cannot help against persecution for accessing the Anonymizers
website itself. Password Cracking
Password cracking is the process of recovering passwords from data that have been stored in
ortransmitted by a computer system. A common approach (brute-force attack) is to try
guesses repeatedly for the password and check them against an available cryptographic hash
of the password.
The purpose of password cracking might be to help a user recover a forgotten password (installing
an entirely new password is less of a security risk, but it involves System Administration privileges),
to gain unauthorized access to a system, or as a preventive measure by system
administrators to check for easily crackable passwords. On a file-by-file basis, password
cracking is utilized to gain access to digital evidence for which a judge has allowed access
but the particular file's access is restricted.
Password cracking refers to various measures used to discover computer passwords. This is
usuallyaccomplished by recovering passwords from data stored in, or transported from, a computer
Page no: 6 Get real-time updates from RGPV
Downloaded from www.rgpvnotes.in

system. Password cracking is done by either repeatedly guessing the password, usually
through a computer algorithm in which the computer tries numerous combinations until
the password is successfully discovered.
Password cracking can be done for several reasons, but the most malicious reason is in order
to gain unauthorized access to a computer without the computer owner’s awareness. This
results in cybercrime such as stealing passwords for the purpose of accessing banking information.

Key loggers-A Key loggers is a piece of software — or, even scarier, a hardware device — that logs
every key you press on your keyboard. It can capture personal messages, passwords, credit card
numbers, and everything else you type.
Key loggers are generally installed by malware, but they may also be installed by protective
parents, jealous spouses, or employers who want to monitor their employees. Hardware
Key loggers are perfect for corporate espionage.
Key loggers can pose a serious threat to users, as they can be used to intercept passwords
and other confidential information entered via the keyboard. As a result, cybercriminals can
get PIN codes and account numbers for your financial accounts, passwords to your email and
social networking accounts and then uses this information to take your money, steal your
identity and possibly extort information and money from your friends and family.

Spyware- Spyware is the term given to a category of software which aims to steal
personal or organizational information. It is done by performing a set of operations without
appropriate user permissions, sometimes even covertly. General actions a spyware
performs include advertising, collection of personal information and changing user
configuration settings of the computer.
A Spyware is generally classified into adware, tracking cookies, system monitors and Trojans.
The most common way for a spyware to get into the computer is through freeware and
shareware as a bundled hidden component. Once a spyware gets successfully installed, it starts
sending the data from that computer in the background to some other place.
These days’ spywares are usually used to give popup advertisements based on user habits andsearch
history. But when a spyware is used maliciously, it is hidden in the system files of
thecomputer and difficult to differentiate.
One of the simplest and most popular, yet dangerous is Key loggers. It is used to record the
keystrokes which could be fatal as it can record passwords, credit card information etc. In
someshared networks and corporate computers, it is also intentionally installed to track
user activities.
Presence of spyware in a computer can create a lot of other troubles as spyware intended to
monitor the computer can change user preferences, permissions and also administrative right
s, resulting in users being locked out of their own computer and in some cases, can also result in
full data losses. Spyware running in the background can also amount to increased number of
processes and result in frequent crashes. It also often slows down a computer.

Virus- A computer virus is malicious code that replicates by copying itselfto another program,
computerboot sector or document and changes how a computer works. The virus requires
someone to knowingly or unknowingly spread the infection without the knowledge or
permission of a user or system administrator.
A virus can be spread by opening an email attachment, clicking on an executable file, visiting
an infected website or viewing an infected website advertisement. It can also be spread
through infected removable storage devices, such USB drives. Once a virus has infected the host, it
caninfect other system software or resources modify or disable core functions or applications, as well
as copy, delete or encrypt data. Some viruses begin replicating as soon as they infect the
Page no: 7 Get real-time updates from RGPV
Downloaded from www.rgpvnotes.in

host, while other viruses will lie dormant until a specific trigger causes malicious code to be
executed by the device or system.

Types of viruses
 File infectors- Some file infector viruses attach themselves to program files, usually
selected.com or .exe files. Some can infect any program for which execution is requested,
including .sys,.ovl, .prg, and .mnu files. When the program is loaded, the virus is loaded
as well. Other file infector viruses arrive as wholly contained programsor scripts sent as
an attachment to an email note.
 Macro viruses- These viruses specifically target macro language commands in
applications like Microsoft Word and other programs. In Word, macros are saved
sequences for commands or keystrokes that are embedded in the documents. Macro viruses
can add their malicious code to the legitimate macro sequences in a Word file. Microsoft
disabled macros by default in more recent versions of Word; as a result, hackers have
used social engineering schemes to convince targeted users to enable macros and launch
the virus. As macro viruses have seen a resurgence in recent years, Microsoft added a
new feature in Office 2016 that allows security managers to selectively enable macro
use for trusted workflows only, as well as block macros across an organization.
 Overwrite viruses- Some viruses are designed specifically to destroy a file or
application's data.After infecting a system, an overwrite virus begins overwriting files
with its own code. These viruses can target specific files or applications or
systematically overwrite all files on an infected device. An overwrite virus can install
new code in files and applications that programs them to spread the virus to additional
files, applications and systems.
 Polymorphic viruses-A polymorphic virus is a type of malware that has the ability to
change or mutate its underlying code without changing its basic functions or features.
This process helps a virus evade detection from many antimalware and threat
detection products that rely on identifying signatures of malware; once a
polymorphic virus' signature is identified by a security product, the virus can then alter
itself so that it will no longer be detected using that signature.
 Resident viruses-This type of virus embeds itself in the memory of a system. The
original virus program isn't needed to infect new files or applications; even if the
original virus is deleted, the version stored in memory can be activated when the
operating system loads a specific application or function. Resident viruses are
problematic because they can evade antivirus and antimalware software by hiding in the
system's RAM.
 Rootkit viruses-A Rootkit virus is a type of malware that installs an unauthorized
rootkit on an infected system, giving attackers full control of the system with the
ability to fundamentally modify or disable functions and programs. Rootkit viruses
were designed to bypass antivirus software, which typically scanned only applications
and files. More recent versions of major antivirus and antimalware programs include
rootkit scanning to identify and mitigate these types of viruses.
 System or boot record infectors-These viruses infect executable code found in certain
system areas on a disk. They attach to the DOS boot sector on diskettes and USB
thumb drives or the Master Boot Record on hard disks. In a typical attack scenario,
the victim receives storage device that contains a boot disk virus. When the victim's
operating system is running, files on the external storage device can infect the system;
rebooting the system will trigger the boot disk virus. An infected storage device
connected to a computer can modify or even replace the existing boot code on the
Page no: 8 Get real-time updates from RGPV
Downloaded from www.rgpvnotes.in

infected system so that when the system is booted next, the virus willbe loaded and run
immediately as part of the master boot record. Boot viruses are less common now
as today's devices rely less on physical storage media.

Worms- A computer worm is a standalone malware computer program that replicates itself in
order to spread to other computers. Often, it uses a computer network to spread itself,
relying on security failures on the target computer to access it. Worms almost always cause at
least some harm to the network, even ifonly by consuming bandwidth, whereas viruses almost
always corrupt or modify files on a targeted computer.

Trojan Horses- A Trojan horse or Trojan is a type of malware that is often disguised as legitimate
software. Trojans can be employed by cyber-thieves and hackers trying to gain access to users'
systems. Users are typically tricked by some form of social engineering into loading and executing
Trojans on their systems. Once activated, Trojans can enable cyber-criminals to spy on you, steal
your sensitive data, and gain backdoor access to your system. These actions can include:
 Deleting data
 Blocking data
 Modifying data
 Copying data
 Disrupting the performance of computers or computer networks. Unlike computer viruses
and worms, Trojans are not able to self-replicate.

Backdoors- A backdoor is a malware type that negates normal authentication procedures to

access a system. As a result, remote access is granted to resources within an application, such
as databases and file servers, giving perpetrators the ability to remotely issue system
commands and update malware. Backdoor installation is achieved by taking advantage of
vulnerable components in a web application. Once installed, detection is difficult as files tend
to be highly obfuscated. Webserver backdoors are used for a number of malicious activities,
including:
 Data theft
 Website defacing
 Server hijacking
 The launching of distributed denial of service (DDoS) attacks
 Infecting website visitors (watering hole attacks)

DoS Attack- A denial-of-service (DoS) is any type of attack where the attackers (hackers)
attempt to prevent legitimate users from accessing the service. In a DoS attack, the attacker
usually sends excessive messages asking the network or server to authenticate requests that
have invalid return addresses. The network or server will not be able to find the return
address of the attacker when sending the authentication approval, causing the server to
wait before closing the connection. When the server closes the connection, the attacker sends
more authentication messages with invalid return addresses. Hence, the process of authentication
and server wait will begin again, keeping the network or server busy.

DDoS Attack- A Distributed Denial of Service (DDoS) attack is an attempt to make an online
service unavailable by overwhelming it with traffic from multiple sources. They target a wide variety
of important resources, frombanks to news websites, and present a major challenge to making
sure people can publish and access important information.

Page no: 9 Get real-time updates from RGPV

Downloaded from www.rgpvnotes.in

Buffer Overflow- A buffer overflow, or buffer overrun, is a common software coding mistake
that an attacker could exploit to gain access to your system. To effectively mitigate buffer
overflow vulnerabilities, it is important to understand what buffer overflows are, what dangers
they pose to your applications, and what techniques attackers use to successfully exploit
these vulnerabilities.

Key Concepts of Buffer Overflow

 This error occurs when there is more data in a buffer than it can handle, causing
data to overflow into adjacent storage.
 This vulnerability can cause a system crash or, worse, create an entry point for a cyber-attack.
 C and C++ are more susceptible to buffer overflow.
 Secure development practices should include regular testing to detect and fix buffer
overflows.
 These practices include automatic protection at the language level and bounds-checking
at run- time.

Attack on Wireless Networks- Wireless attacks have become a very common security issue when it
comes to networks. This is because such attacks can really get a lot of information that is being
sent across a network and use it to commit some crimes in other networks. Every wireless
network is very vulnerable to such kinds of attacks and it is therefore very important that all
the necessary security measures are taken so as to prevent the mess that can be caused by such
attacks. These attacks are normally carried out to target information that is being shared
through the networks. It is therefore very important to know of such attacks so that one is
in a position to identify it in case it happens. Some of the common network attacks have been
outlined below.
 Rogue access points-A rouge access point is basically an access point that has been
added to one's network without one's knowledge. One totally has no idea that it is
there. This is a kind of scenario that can create a kind of back door especially if one is
not conversant with it and have complete management of it. This is an access point
that can create some very huge security concerns. One is due to the fact that it can be very
easy to plug in a wireless access point in it. If one is not doing any type of network access
control protocols on one's network, it becomes very easy for additional workstations
and access points to be added onto one's network.
 Jamming/Interference-Wireless interference basically means disruption of one’s network.
This is a very big challenge especially owing to the fact that wireless signals will
always get disrupted. Such interference can be created by a Bluetooth headset, a
microwave oven and a cordless phone. This makes transmission and receiving of wireless
signals very difficult. Wireless interference can also be caused by causing service
degradation so as to make sure that one denies complete access to a particular service.
Jamming can also be used in conjunction with an evil twin.
 Evil twin-A wireless evil twin mainly comes into play when criminals are trying to
create rogue access points so as to gain access to the network or access to
information that is being put through a network. Coming up with an evil twin is very
simple since all one need to do is purchase a wireless access point, plug it into
the network and configure it as exactly as the existing network. This is possible in
open access points that do not have any passwords associated with them. Once
one comes up with one’s access point, one plugs it into the network so that it
becomes the primary access point thus overpowering other existing accesspoints. With this,
one's evil twin will tend to have a stronger network signal and therefore people will
Page no: 10 Get real-time updates from RGPV
Downloaded from www.rgpvnotes.in

choose it. Through this, the individual controlling the access point will be in a
position to see all the information being sent around the network.
 War driving-War driving is a way that bad guys use so as to find access points wherever
they can be. With the availability of free Wi-Fi connection and other GPS functionalities,
they can drive around and obtain a very huge amount of information over a very short
period of time. One can also use some special type of software to view all the different
access points around one. With this information, an individual is in a position to come
up with a very large database which he or she can use to determine where he or she can
gain access to a wireless signal.
 Blue Jacking-Blue jacking is a kind of illegal activity that is similar to hacking where one
can be able to send unsolicited messages to another device via Bluetooth. This is
considered spam for Bluetooth and one might end up seeing some pop-up messages on
one's screen. Blue jacking is possible where a Bluetooth network is present and it is limit
end to a distance of ten meters which is the distance a Bluetooth device can send
a file to another device. It rarely depends on antennae. Blue jacking works on the basis
that it takes advantage of what is convenient for us on our mobile devices and the
convenience is being able to communicate and send things back and forth between
devices. With this, one can easily send messages to other Bluetooth devices since no
authentication is required. Some third party software can also be used to carry out
Blue jacking.
 Bluesnarfing-Bluesnarfing is far much more malicious than Blue jacking since it
involves using one's Bluetooth to steal information. This is where a Bluetooth -enabled
device is able to use the vulnerability on the Bluetooth network to be able to get
into a mobile device to steal information such as contacts and images. This is a
vulnerability that exposes the weakness and vulnerability with the Bluetooth network.
This is an act that creates some very serious security issues since an individual can steal a
file from one if he or she knows it.
 War chalking-War chalking is another method that was used so as to determine
where one could get a wireless access signal. In this case, if an individual detected a
wireless access point, he or she would make a drawing on the wall indicating that a
wireless access point has been found. However, this is not currently used.
 IV attack-An IV attack is also known as an Initialization Vector attack. This is a kind of
wireless network attack that can be quite a threat to one's network. This is because it
causes some modification on the Initialization Vector of a wireless packet that is
encrypted during transmission. After such an attack, the attacker can obtain much
information about the plaintext of a single packet and generate another encryption
key which he or she can use to decrypt other packets using the same Initialization
Vector. With that kind of decryption key, attackers can use it to come up with a
decryption table which they and use to decrypt every packet being sent across the
network.
 Near field communication-Near field communication is a kind of wireless
communication between devices like smart phones where people are able to send
information to near filed communication compatible devices without the need to bring
the devices in contact. This allows one device to collect information from another device
that is in close range.

Page no: 11 Get real-time updates from RGPV

Downloaded from www.rgpvnotes.in

Phishing Techniques: Popular Phishing Techniques used by Hackers:

 Deceptive Phishing-Deceptive phishing is the most common type of social media
phishing. In a typical scenario, a phisher creates an account pretending to be the account of
the victim. Next, the phisher sends friend requests to the friends of the victim aswell as
amessage such as “I have abandoned my previous Facebook account. From now on, please
communicate with me through this account only”. Afterwards, the phisher starts sending
messages to the friends of the victim that demand the recipient to click on a link.
Examples of such messages include:A statement that the receiver of the message has a virus
which can be deleted bysigning up for a special anti-virus inspection conducted by the social
network. A fictitious invoice which can be cancelled by clicking on a link requesting the user to
provide her/his personal information. Content Injection based Phishing-The content-injection
social network phishing refers to inserting malicious content in social networks. The
malicious content can often be in the form of bogus posts (e.g., tweets, posts in the Facebook
feed or in LinkedIn feed) published by users whose accounts were affected with rogue
apps. In many cases, the victims are unable to see the bogus posts posted by the
malware apps on their behalf. The bogus posts, for example, may contain a photo of the
account owner and the text: “I am in the hospital. If you would like to help me, please sign up
by clicking on the following link”. When the victim clicks on the link, he/she will be
requested to provide his/her personal data, which may be used by the phisher for committing
identity theft and other scams.
 Malware Based Phishing-Malware-based phishing refers to a spread of phishing messages by
using malware.For example, the Facebook account of a victim who installed a rogue
Facebook app will automatically sendmessages to all the friends of the victim. Such
messages often contain links allowing the receivers of the messages to install the rogue
Facebook app on their computers or mobile devices. The best way to avoid the installation of
rogue Facebook apps is to be very selective when installing any third-party
Facebook applications. For example, Facebook apps developed by unknown developers that
request access to extensive information should be researched thoroughly. One method often
used by phishers to “seduce” the Facebook users to install malware to their computer is to
promise them that the malware will enable them to see a list of people who visited their
Facebook profile page.
 Men in the Middle Phishing-A man-in-the-middle social network attack, also known as social
network session hijacking attack, is a form of phishing in which the phisher positions himself
between the user and a legitimate social network website. Messages intended for the
legitimatesocial networkwebsite pass through the phisher who can inspect the messages and
acquire valuable information.

Page no: 12 Get real-time updates from RGPV

 We hope you find these notes useful.
You can get previous year question papers at
https://qp.rgpvnotes.in .

If you have any queries or you want to submit your

study notes please write us at
rgpvnotes.in@gmail.com