Cyber Crime

Cybercrime is defined as a crime in which a computer is the object of the crime

(hacking,
phishing, spamming) or is used as a tool to commit an offense (child pornography,
hate crimes).
Cybercriminals may use computer technology to access personal information, business
trade secrets or
use the internet for exploitative or malicious purposes. Criminals can also use
computers for
communication and document or data storage. Criminals who perform these illegal
activities are often
referred to as hackers.
Cybercrime may also be referred to as computer crime.
Unit-2
//Tools and methods used in Cyber Crime
Network attack incidents reveal that attackers are often very systematic in
launching their attacks.
The basic stages of an attack are described here to understand how an attacker can
compromise a
network here
1. Initial Uncovering
2. Network probe
3. Crossing the line toward electronic crime (E-crime)
4. Capturing the network
5. Grab the data
6. Covering tracks
1. Initial Uncovering
Two steps are involved here. In the first step called as reconnaissance, the
attacker gathers
information, as much as possible, about the target by legitimate means – searching
the information
about the target onthe Internet byGoogling social networking websites and people
finder websites.
2. Network probe
At the network probe stage, the attacker uses more invasive techniques to scan the
information. Usually, a “ping sweep” ofthe network IP addresses is performed to
seek out potential
targets, and then a “portscanning” tool.
3. Crossingthe line towardelectroniccrime(E-crime)
Now the attacker is toward committing what is technically a “computer crime.”
He/she does
this by exploiting possible holes on the target system.
4. Capturing thenetwork
At thisstage, the attacker attemptsto “own”the network.The attacker gains a
foothold in the
internal network quickly and easily, by compromising low-priority target systems.
The next step is
to remove anyevidenceofthe attack.
5. Grab the data: Nowthat the attacker has “captured the network” he/she takes
advantage of his/her
positiontostealconfidentialdata, customercreditcardinformation, defacewebpages,
alterprocesses
and even launch attacks at other sites from your network, causing a potentially
expensive and
embarrassing situation for an individual and/or for an organization.
6. Covering tracks
This is the last step in any cyber-attack, which refers to the activities
undertaken by the
attacker to extend misuse of the system without being detected.
Proxy Servers and Anonymizers
Proxy server is a computer on a network which acts as an intermediary for
connections with
other computers on that network. The attacker first connects to a proxy server and
establishes a
connection with the target system through existing connection with proxy.
A proxy server has following purposes:
1. Keep the systems behind the curtain (mainly for securityreasons).
2. Speed up accessto a resource (through “caching”). It is usuallyused to cache the
webpages
from a web server.
3. Specialized proxy servers are used to filter unwanted content such as
advertisements.
4. Proxyserver can be used asIP addressmultiplexer to enable to connect number
ofcomputers
onthe Internet, whenever one has only one IP address
One of the advantages of a proxy server is that its cache memory can serve all
users. If one or
more websites are requested frequently, may be by diff erent users, it islikelyto
be in the proxy’s cache
memory, whichwillimproveuserresponsetime.
Infacttherearespecialserversavailableknownascache
servers? Aproxycan also do logging.
Listed are few websites where free proxy servers can be found:
1. http://www.proxy4free.com
2. http://www.publicproxyservers.com
3. http://www.proxz.com
4. http://www.anonymitychecker.com
5. http://www.surf24h.com
6. http://www.hidemyass.com
An Anonymizers or an anonymous proxy is a toolthat attemptsto make activityon the
Internet
untraceable. It accessesthe Internet on the user’s behalf, protecting personal
information by hiding the
source computer’s identifying information.
Listed are few websites where more information about Anonymizers can be found:
1. http://www.anonymizer.com
2. http://www.browzar.com
3. http://www.anonymize.net
4. http://www.anonymouse.ws
5. http://www.anonymousindex.com

/*Phishing Password Cracking

While checking electronic mail (E-Mail) one day a user finds a message from the
bank
threatening him/her to closethebankaccount ifhe/shedoesnotreplyimmediately.
Althoughthemessage
seemsto be suspiciousfromthe contents ofthe message, it is difficult to conclude
that it is a fake/false EMail.
It is believed that Phishing is an alternative spelling of “fishing,” as in “to
fish for information.”
The first documented use of the word “Phishing” was in 1996.
IV- II SEM CSE, Cyber Security Unit - II
Prepared by A N SREEDHAR Asst. Professor, Dept. of CSE, Page 3 of 18
1. How Phishing Works?
Phishers work in the following ways
1. Planning: Criminals, usually called as phishers, decide the target and determine
how to get EMail address of that target or customers of that business. Phishers
often use mass mailing and
address collection techniques as spammers.
2. Setup: Once phishers know which business/business house to spoofand who their
victims are, they
will create methods for delivering the message and to collect the data about the
target. Most often
this involves E-Mail addresses and a webpage.
3. Attack: Thisisthe step people are most familiar with the phisher sends a phony
message that
appears to be from a reputable source.
4. Collection: Phishersrecord the information of victims entering into webpages or
pop-up windows.
5. Identity theft and fraud: Phishers use the information that they have gathered
to make illegal
purchases or commit fraud.
Phishing started off as being part of popular hacking culture. Nowadays, more and
more
organizations/institutes provide greater online access for their customers and
hence criminals are
successfully using Phishing techniquesto stealpersonal information and conduct
IDtheft at a global level.
We have explained Phishing and Identity theft.
2. Password Cracking
Password islike a keyto get an entry into computerized systems like a lock.
Password cracking is a
processof recovering passwordsfromdata that have been stored inor transmitted bya
computersystem.
Thepurposeof password cracking is as follows:
1. To recover a forgotten password.
2. As a preventive measure by systemadministratorsto check for easily crackable
passwords.
3. To gain unauthorized access to a system.
Manualpassword cracking isto attempt to logonwithdiff erent passwords. The
attackerfollowsthe
following steps
1. Find a valid user account such as an administrator or guest;
2. Create a list of possible passwords;
3. Rank the passwords from high to low probability;
4. Key-in each password;
5. Try again until a successful password isfound.
Passwords can be guessed sometimes with knowledge of the user’s personal
information:
1. Blank (none);
2. The words like “password,” “passcode” and “admin”;
3. Series of letters fromthe “qwerty” keyboard, for example, qwerty, asdf or
qwertyuiop.
IV- II SEM CSE, Cyber Security Unit - II
Prepared by A N SREEDHAR Asst. Professor, Dept. of CSE, Page 4 of 18
4. User’s name or login name;
5. Name of user’sfriend/relative/pet;
6. User’s birthplace or date of birth, or a relative’s or afriend’s;
7. User’s vehicle number, office number, residence number or mobile number;
8. Name of a celebritywho is considered to be an idol bythe user;
9. Simple modification of one ofthe preceding,suchas suffixing a digit,
particularly1, or reversing the
order of letters.
Online Attacks
An attacker can create a script file (i.e., automated program) that will be
executed to try each
password in a list and when matches, an attacker can gain the access to the system.
The most popular
online attack is man-in-the middle (MITM) attack, also termed as “bucket-brigade
attack” or
sometimes “Janus attack.”
Offline Attacks
Mostly offline attacks are performed from a location other than the target (i.e.,
either a computer
system or while on the network) where these passwords reside or are used.
Strong, Weak and Random Passwords
A weak password is one, which could be easily guessed, short, common and a system
default
password that could be easily found byexecuting a brute force attack and byusing a
subset ofall possible
passwords.
Here are some of the examples of “weak passwords”:
1. Susan: Common personal name;
2. aaaa: repeated letters, can be guessed;
3. rover: common name for a pet, also a dictionary word;
4. abc123: can be easily guessed;
5. admin: can be easily guessed;
6. 1234: can be easily guessed;
7. QWERTY: a sequence of adjacent letters on many keyboards;
8. 12/3/75: date, possibly of personal importance;
9. nbusr123: probably a username, and if so, can be very easily guessed;
10. p@$$\/\/0rd: simple letter substitutions are preprogrammed into password
cracking
tools;
11. password: used very often – trivially guessed;
12. December12: using the date of a forced password change is very common.
Here are some examples of strong passwords:
1. Convert_£100 to Euros!: Such phrases are long, memorable and contain an extended
symbol to increase the strength of the password.
IV- II SEM CSE, Cyber Security Unit - II
Prepared by A N SREEDHAR Asst. Professor, Dept. of CSE, Page 5 of 18
2. 382465304H: It is mix of numbers and a letter at the end, usually used on mass
user
accounts and such passwords can be generated randomly.
3. 4pRte!ai@3: It is not a dictionary word; however it has cases of alpha along
with
numeric and punctuation characters.
4. MoOoOfIn245679: It is long with both alphabets and numerals.
5. t3wahSetyeT4: It is not a dictionaryword; however, it has both alphabets and
numerals.
Random Passwords
We have explained in the previous section how most secure passwords are long with
random strings of characters and how such passwords are generally most difficult to
remember.
Password is stronger if it includes a mix of upper and lower case letters, numbers
and other
symbols, when allowed, for the same number of characters.
The general guidelines applicable to the password policies, which can be
implemented
organization-wide, are as follows:
1. Passwords and user logon identities (IDs) should be unique to each authorized
user.
2. Passwords should consist of a minimum of eight alphanumeric characters.
3. There should be computer-controlled lists ofprescribed passwordrules and
periodic testing to
identify any passwordweaknesses.
4. Passwordsshould be kept private, that is, not shared with friends, colleagues.
5. Passwords shall be changed every 30/45 days or less.
6. User accounts should be frozen after five failed logon attempts.
7. Sessions should be suspended after 15 minutes (or other specified period) of
inactivity and
require the passwords to be re-entered.
8. Successful logons should display the date and time ofthe last logon and logoff .
9. Logon IDs and passwords should be suspended after a specified period of non-use.
10. For high-risk systems, after excessive violations, the systemshould generate an
alarm and be
able to simulate a continuing session (with dummy data) for the failed user.
*/
/*Virus and Worms
Computer virus is a program that can “infect” legitimate programs by modifying them
to
include a possibly “evolved” copy of itself. Viruses spread themselves, without the
knowledge or
permission of the users, to potentially large numbers of programs on many machines.
Viruses can take some typical actions:
1. Display a message to prompt an action which may set of the virus;
2. Delete files inside the system into which viruses enter;
3. Scramble data on a hard disk;
4. Cause erratic screen behavior;
5. Halt the system (PC);
6. Just replicate themselves to propagate further harm. E
IV- II SEM CSE, Cyber Security Unit - II
Prepared by A N SREEDHAR Asst. Professor, Dept. of CSE, Page 9 of 18
Explain how viruses spread
(a) Through the internet,
(b) Through a stand-alonecomputer system and
(c) Through local networks.

Types of Viruses
Computer viruses can be categorized based onattacks onvarious elements ofthe
systemand
can putthe system and personal data on the system indanger.
1. Boot sector viruses: It infects the storage media on which OS is stored (e.g.,
floppydiskettes and
hard drives) and which is used to start the computer system. The entire
data/programs are stored
on the floppy disks and hard drives in smaller sections called sectors..
2. Program viruses: These virusesbecome active when the program file (usually with
extensions.bin,
.com, .exe, .ovl, .drv) is executed (i.e., opened – program is started). Once these
program files get
infected, the virus makes copies of itself and infects the other programs on the
computer system.
3. Multipartite viruses: It is a hybrid of a boot sector and program viruses. It
infects program
files along with the boot record when the infected program is active.
IV- II SEM CSE, Cyber Security Unit - II
Prepared by A N SREEDHAR Asst. Professor, Dept. of CSE, Page 11 of 18
4. Stealth viruses: It camouflages and/or masks itself and so detecting this type
of virus is very
difficult. It can disguise itself such a way that antivirus software also cannot
detect it thereby
preventing spreading into the computersystem.
5. Polymorphicviruses: It acts likea “chameleon” that changesitsvirus signature
(i.e., binarypattern)
everytime it spreadsthrough the system(i.e., multiplies and infects a new file).
6. Macro viruses:Manyapplications,suchasMicrosoft
WordandMicrosoftExcel,supportMACROs
(i.e., macro languages). These macros are programmed as a macro embedded in
adocument.
7. Active Xand Java Control: Allthe web browsers have settings about Active X and
JavaControls.
Little awareness is needed about managing and controlling these settings of a web
browser.
A typical definition of computer virus/worms might have various aspects such as:
1. A virus attacks specific file types (or files).
2. A virus manipulates a program to execute tasks unintentionally.
3. An infected program produces more viruses.
4. An infected program may run without error for a long time.
5. Viruses can modify themselves and may possibly escape detection this way.
Trojan Horses and Backdoors
Trojan Horse is a program in which malicious or harmful code is contained inside
apparently
harmless programming or data in such a way that it can get control and cause harm,
for example, ruining
the file allocationtable onthe hard disk. ATrojanHorse mayget widelyredistributed
as part ofa computer
virus. The term TrojanHorse comes from Greek mythology about the Trojan War.
Some typical examples of threats by Trojans are as follows
1. They erase, overwrite or corrupt data on a computer.
2. They help to spread other malware such as viruses (by a dropperTrojan).
3. They deactivate or interfere with antivirus and firewall programs.
4. They allow remote access to your computer (by a remote accessTrojan).
5. They upload and download files without your knowledge.
6. They gather E-Mail addresses and use them for Spam.
7. They log keystrokes to steal information such as passwords and credit card
numbers.
8. They copy fake links to false websites, display porno sites, play sounds/videos
and display
images.
9. They slow down, restart or shutdown the system.
10. They reinstall themselves after being disabled.
11. They disable the taskmanager.
12. Theydisablethecontrol panel.
IV- II SEM CSE, Cyber Security Unit - II
Prepared by A N SREEDHAR Asst. Professor, Dept. of CSE, Page 12 of 18
Backdoor
A backdoor is a means of access to a computer programthat bypasses security
mechanisms.
A programmer may sometimes install a backdoor so that the program can be accessed
for
troubleshooting or other purposes.
Following are a few examples of backdoor Trojans:
1. Back Orifice: It is a well-known example of backdoor Trojan designed for remote
system
administration. It enables a user to control a computer running the Microsoft
Windows OS froma
remote location. The name is a word play on Microsoft BackOffice Server software.
Readers may
visit http://www.cultdeadcow.com/tools/bo.html to know more about backdoor.
2. Bifrost: It is another backdoor Trojan that can infect Windows 95 through Vista.
It uses the typical
server, server builder and client backdoor program configuration to allow a remote
attacker, who
uses client, to execute arbitrary code on the compromised machine.
3. SAP backdoors: SAP is an Enterprise Resource Planning (ERP) system and nowadays
ERP is the
heart of the business technological platform. These systems handle the key business
processes of
the organization, such as procurement, invoicing, human resources management,
billing, stock
management and financial planning.
4. Onapsis Bizploit: It is the open-source ERP penetration testing framework
developed by the
Onapsis Research Labs. Bizploit assists security professionals in the discovery,
exploration,
vulnerability assessment and exploitation phases of specialized ERP penetration
tests. Readers
may visit http://www.onapsis.com/research.html to know more about this tool.
How to Protect from Trojan Horses and Backdoors
Follow the following steps to protect your systems from Trojan Horses and
backdoors:
1. Stay away from suspect websites/weblinks: Avoid downloading free/pirated
software’s
that often get infected by Trojans, worms, viruses and other things.
2. Surf on the Web cautiously: Avoid connecting with and/or downloading any
information
from peer-to-peer (P2P) networks, which are most dangerous networks to spread
Trojan
Horses and other threats.
3. It may be experienced that, after downloading the file, it never works and here
is a threat
that although the file has not worked, something must have happened to the system
the
malicious software deploys its gizmos and the system is at serious health risk.
4. Install antivirus/Trojan remover software: Nowadays antivirus software(s) have
built-in
feature for protecting the system not only from viruses and worms but also from
malware
such as Trojan Horses.
IV- II SEM CSE, Cyber Security Unit - II
Prepared by A N SREEDHAR Asst. Professor, Dept. of CSE, Page 13 of 18
Peer-to-Peer (P2P) Networks
Peer-to-peer, commonly abbreviated as P2P, is any distributed network architecture
composed of participants that make a portion of their resources.
1. Hybrid P2P: There is a central server that keeps information about the network.
The peers
are responsible for storing the information.
2. Pure P2P: There is absolutely no central server or router. Each peer acts as
both client and
server at the same time. This is also sometimes referred to as “serverless” P2P.
2. Mixed P2P: It is between “hybrid” and “pure” P2P networks. An example of such a
network
is Gnutella that has no central server but clusters its nodes around so-called
“supernodes.”***/
/***Attacks on Wireless Networks
Even when people travel, they still need to work. Thus, work seems to be moving out
of
the traditional offices into homes, hotels, airport lounges and taxis.
The following are diff erent types of “mobile workers”:
1. Tethered/remote worker: This is considered to be an employee who generally
remains at a
single point of work, but is remote to the central company systems.
2. Roaming user: This is either an employee who works in an environment (e.g.,
warehousing, shop
floor, etc.) or in multiple areas (e.g., meeting rooms).
3. Nomad: This category covers employees requiring solutions in hotel rooms and
other semitethered environments where modem use is still prevalent, along with the
increasing use of
multiple wireless technologies and devices.
4. Road warrior: This is the ultimate mobile user and spends little time in the
office; however,
he/she requires regular access to data and collaborative functionality while on the
move, in transit
or in hotels.
Fig: Wireless Networks
IV- II SEM CSE, Cyber Security Unit - II
Prepared by A N SREEDHAR Asst. Professor, Dept. of CSE, Page 18 of 18
Wireless technology is no more buzzword in today’s world. Let us understand
important
components of wireless network, apart from components such as modems, routers, hubs
and
firewall, which are integral part of any wired network as well as wireless network.
1. 802.11 networking standards:
Institute of Electrical and Electronics Engineers (IEEE)-802.11 is a family of
standards for
wireless local area network (WLAN), stating the specifications and/or requirements
for computer
communication in the 2.4, 3.6 and 5 GHz frequency bands.
2. Access points: It is also termed as AP. It is a hardware device and/or a
software that acts as a
central transmitter and receiver of WLAN radio signals.
3. Access points: It is also termed as AP. It is a hardware device and/or a
software that acts as a
central transmitter and receiver of WLAN radio signals.
1. Free Wi-Fihotspots.
2. Commercial hotspots.
4. Service Set Identifier (SSID)
5. Wired Equivalence Privacy (WEP):
6. Wi-Fi Protected Access (WPA AND WPA2)
7. Media Access Control (MAC)
Traditional Techniques of Attacks on Wireless Networks
1. Sniffing: It is eavesdropping on the network and is the simplest of all attacks.
Sniffing is the
simple process of intercepting wireless data that is being broadcasted on an
unsecured network.
2. Spoofing: The primary objective of this attack is to successfully masquerade the
identity by
falsifying data and thereby gaining an illegitimate advantage.
1. MAC address Spoofing
2. IP Spoofing
3. FrameSpoofing

[The Need for Computer Forensics

The convergence of Information and Communications Technology (ICT) advances
and the pervasive use of computers worldwide together have brought about
manyadvantages
to mankind. At the same time, this tremendously high technical capacity of modern
computers/computing devices provides avenues for misuse as well as opportunities
for
committing crime.
Chain of custody means the chronological documentation trail, etc. that indicates
the seizure, custody, control, transfer, analysis and disposition of evidence,
physical or
electronic.
Fig: Hidden and miniaturized storage media.
IV- II SEM CSE, Cyber Security Unit - III
Prepared by A N SREEDHAR Asst. Professor, Dept. of CSE, Page 4 of 17
“Fungibility” means the extent to which the components of an operation or product
can
be inter- changed with similar components without decreasing the value of the
operation or
product.
Chain of custody is also used in most evidence situations to maintain the integrity
of
the evidence by providing documentation of the control, transfer and analysis of
evidence.]

/****Rootkits
The term rootkit is used to describe the mechanisms and techniques whereby malware
including viruses, Spyware and Trojans attempt to hide their presence from Spyware
blockers,
antivirus and system management utilities.

Understanding Cell Phone Working Characteristics

In modern times, cellular mobile phones have become an integral part of
communication around the world. Forensics and digital analysis of mobile phones,
therefore, is
an area of interest, as crimes involving mobile devices are becoming increasingly
common in
the community.
While mobile phones outsell personal computers (PCs) three to one, mobile phone
forensics still lags behind computer forensics.
Understanding the Types of Cellular Networks
There are diff erent types of digital cellular networks. these networks exist due
to the
distinct and incompatible sets of network protocol standards. the two most dominant
types of
digital cellular networks are:
1. Code Division Multiple Access (CDMA).
2. Global System for Mobile Communications (GSM) network.
There are other common cellular networks; they include Time Division Multiple
Access
(TDMA) and Integrated Digital Enhanced Network (iDEN). iDEN networks use a
proprietary
protocol designed by Motorola, while the others follow standardized open protocols.
NTT DoCoMo
Digital Advanced Mobile Phone Service (D-AMPS) is the digital version of the
original
analog standard for cellular telephone phone service. Now “Do Communication over
the Mobile
Network” (DoCoMo) is also available. NTT DoCoMo isJapan’s largest wireless network
carrier.
Cell Phones: Hardware and Software Features
Diff erent devices have diff erent technical and physical features/characteristics
(e.g.,
size, weight, processor speed and memory capacity). Devices may also use diff erent
types of
expansion capabilities to provide additional functionality. Cell phone capabilities
sometimes
include those of other devices such as personal digital assistants (PDAs), global
positioning
systems (GPS) and cameras.
Irrespective of a cell phone type, all devices support voice and text messaging, a
set of
basic personal information management (PIM) applications including phonebook and
date
book facilities, and a means to synchronize PIM data with a desktop computer. More
advanced
devices also provide the ability to perform multimedia messaging, connect to the
Internet and
surf the Web, exchange E-Mail or chat using instant messaging.

/**************/2 INTRODUCTION TO CYBER CRIME

The internet was born around 1960‟s where its access was limited to few scientist,
researchers
and the defence only. Internet user base have evolved expontinanlty. Initially the
computer
crime was only confined to making a physical damage to the computer and related
infrastructure. Around 1980‟s the trend changed from causing the physical damaging
to
computers to making a computer malfunction using a malicious code called virus.
Till then
the effect was not so widespread beacouse internet was only comfined to defence
setups, large
international companies and research communities. In 1996, when internet was
launched for
the public, it immeditly became populer among the masses and they slowly became
dependent
on it to an extent that it have changed their lifestyle. The GUIs were written so
well that the
user don‟t have to bother how the internet was functioning. They have to simply
make few
click over the hyber links or type the desired information at the desired place
without
bothering where this data is stored and how it is sent over the internet or wether
the data can
accessed by another person who is conneted to the internet or wether the data
packet sent over
the internet can be snoofed and tempered. The focus of the computer crime shifted
from
marely damaging the computer or destroying or manipulating data for personal
benefit to
financial crime. These computer attacks are incresing at a rapid pase. Every second
around 25
computer became victim to cyber attack and around 800 million individuals are
effected by it
till 2013. CERT-India have reported around 308371 Indian websites to be hacked
between
2011-2013. It is also estimated that around $160 million are lost per year due to
cyber crime.
This figure is very conservative as most of the cases are never reported.
Accoring to the 2013-14 report of the standing committee on Information Technology
to the
15th Lok Sabha by ministry of communication and information technology, India is a
third
largest number do Intrernet users throughout the world with an estimated 100
million internet
users as on June, 2011 and the numbers are growing rapidly. There are around 22
million
broadband connections in India till date operated by around 134 major Internet
Service
Providers(ISPs).
Before discussing the matter further, let us know what the cyber crime is?
The term cyber crime is used to describe a unlawful activity in which computer or
computing
devices such as smartphones, tablets, Personal Digital Assistants(PDAs), etc. which
are stand
alone or a part of a network are used as a tool or/and target of criminal
acitivity. It is often
16
commited by the people of destructive and criminal mindset either for revenge,
greed or
adventure.
1.2.1 Classification of Cyber Crimes
The cyber criminal could be internal or external to the organization facing the
cyber attack.
Based on this fact, the cyber crime could be categorized into two types:
 Insider Attack: An attack to the network or the computer system by some person
with
authorized system access is known as insider attack. It is generally performed by
dissatisfied or unhappy inside employees or contractors. The motive of the insider
attack could be revenge or greed. It is comparitively easy for an insider to
perform a
cyber attack as he is well aware of the policies, processes, IT architecture and
wealness of the security system. Moreover, the attacker have an access to the
network.
Therefore it is comparatively easy for a insider attacker to steel sensitive
information,
crash the network, etc. In most of the cases the reason for insider attack is when
a
employee is fired or assigned new roles in an organization, and the role is not
reflected
in the IT policies. This opens a vernability window for the attacker. The insider
attack
could be prevented by planning and installing an Internal intrusion detection
systems
(IDS) in the organization.
 External Attack: When the attacker is either hired by an insider or an external
entity to
the organization, it is known as external attack. The organization which is a
victim of
cyber attack not only faces financial loss but also the loss of reputation. Since
the
attacker is external to the organization, so these attackers usually scan and
gathering
information.An expreicend network/security administrator keeps regual eye on the
log
generated by the firewalls as extertnal attacks can be traced out by carefully
analysinig
these firewall logs. Also, Intrusion Detection Systems are installed to keep an eye
on
external attacks.
The cyber attacks can also be classified as structure attacks and unstructured
attacks based on
the level of maturity of the attacker. Some of the authors have classified these
attacks as a
form of external attacks but there is precedence of the cases when a structured
attack was
performed by an internal employee. This happens in the case when the competitor
company
wants the future strategy of an organization on certain points. The attacker may
strategically
gain access to the company as an employee and access the required information.
17
 Unstructured attacks: These attacks are generally performed by amatures who don‟t
have any predefined motives to perform the cyber attack. Usually these amatures try
to
test a tool readily available over the internet on the network of a random company.
 Structure Attack: These types of attacks are performed by highly skilled and
experienced people and the motives of these attacks are clear in their mind. They
have
access to sophisticated tools and technologies to gain access to other networks
without
being noticed by their Intrusion Detection Systems(IDSs). Moreover, these attacker
have the necessary expertise to develop or modify the existing tools to satisfy
their
purpose. These types of attacks are usually performed by professional criminals, by
a
country on other rival countries, politicians to damage the image of the rival
person or
the country, terrorists, rival companies, etc.
Cyber crimes have turned out to be a low-investment, low-risk business with huge
returns.
Now-a-days these structured crimes are performed are highly organized. There is a
perfect
hierarchical organizational setup like formal organizations and some of them have
reached a
level in technical capabilities at par with those of developed nation. They are
targeting large
financial organizations, defence and nuclear establishments and they are also into
online
drugs trading.

Figure 1 : Hierarchical Organisational Structure

They are the attackers crimeware
toolkit owner. They distribute Trojen
in legtimate websites through their
affiliation network.
They are Trojan Provider and
Manager. They are responsible for
trojen command and control.
Criminal
Boss
Under Boss
Campaign
Manager
Stolen Data
Reseller
Campaign
Manager
Stolen Data
Reseller
Campaign
Manager
Stolen Data
Reseller
18
The role of all the people in the hierarchy reamin changing and it is based on the
oppourtinity.
If a hacker who have hacked sesetive data from an organization may use it for
financially
exploiting the organisation himself. In case, the hacker himself have the technical
expertise
for it, he will do it himself, otherwise he may find a buyer who is intrested in
that data and
have the technical expertize.
There are some cyber criminals offers on-demand and service. The person,
organization or a
country may contact these cyber criminals for hacking an organization to gain
access to some
sensetive data , or create massive denial-of –service attack on their compititors.
Based on the
demand of the customer the hackers write malware, virus, etc to suit their
requirements. An
organizaiton effected by a cyber attack, not only faces finincial loss, but its
repuration is also
adversly affected, and the compitititor organization will definatly benefited by
it.
1.2.2 Reasons for Commission of Cyber Crimes
There are many reasons which act as a catalyst in the growth of cyber crime. Some
of the
prominent reasons are:
a. Money: People are motivated towards committing cyber crime is to make quick and
easy money.
b. Revenge: Some people try to take revenge with other person/organization/society/
caste or religion by defaming its reputation or bringing economical or physical
loss.
This comes under the category of cyber terrorism.
c. Fun: The amateur do cyber crime for fun. They just want to test the latest tool
they
have encountered.
d. Recognition: It is considered to be pride if someone hack the highly secured
networks
like defense sites or networks.
e. Anonymity- Many time the anonymity that a cyber space provide motivates the
person
to commit cyber crime as it is much easy to commit a cyber crime over the cyber
space and remain anonymous as compared to real world.
It is much easier to get away with criminal activity in a cyber world than in the
real
world. There is a strong sense of anonymity than can draw otherwise respectable
citizens to abandon their ethics in pursuit personal gain.
f. Cyber Espionage: At times the government itself is involved in cyber trespassing
to
keep eye on other person/network/country. The reason could be politically,
economically socially motivated.
19
1.3 MALWARE AND ITS TYPE
Malware stands for “Malicious Software” and it is designed to gain access or
installed into the
computer without the consent of the user. They perform unwanted tasks in the host
computer
for the benefit of a third party. There is a full range of malwares which can
seriously degrade
the performance of the host machine. There is a full range of malwares which are
simply
written to distract/annoy the user, to the complex ones which captures the
sensitive data from
the host machine and send it to remote servers. There are various types of malwares
present in
the Internet. Some of the popular ones are:
1.3.1 Adware
It is a special type of malware which is used for forced advertising. They either
redirect the
page to some advertising page or pop-up an additional page which promotes some
product or
event. These adware are financially supported by the organizations whose products
are
advertised.
1.3.2 Spyware
It is a special type of which is installed in the target computer with or without
the user
permission and is designed to steal sensitive information from the target machine.
Mostly it
gathers the browsing habits of the user and the send it to the remote server
without the
knowledge of the owner of the computer. Most of the time they are downloaded in to
the host
computer while downloading freeware i.e. free application programmes from the
internet.
Spywares may be of various types; It can keeps track of the cookies of the host
computer, it
can act as a keyloggers to sniff the banking passwords and sensitive information,
etc.
1.3.3 Browser hijacking software
There is some malicious software which are downloaded along with the free software
offered
over the internet and installed in the host computer without the knowledge of the
user. This
software modifies the browsers setting and redirect links to other unintentional
sites.
1.3.4 Virus
A virus is a malicious code written to damage/harm the host computer by deleting or
appending a file, occupy memory space of the computer by replicating the copy of
the code,
slow down the performance of the computer, format the host machine, etc. It can be
spread
via email attachment, pen drives, digital images, e-greeting, audio or video clips,
etc. A virus
may be present in a computer but it cannot activate itself without the human
intervention.
20
Until and unless the executable file(.exe) is execute, a virus cannot be activated
in the host
machine.
1.3.5 Worms
They are a class of virus which can replicate themselves. They are different from
the virus by
the fact that they does not require human intervention to travel over the network
and spread
from the infected machine to the whole network. Worms can spread either through
network,
using the loopholes of the Operating System or via email. The replication and
spreading of the
worm over the network consumes the network resources like space and bandwidth and
force
the network to choke.
1.3.6 Trojan Horse
Trojan horse is a malicious code that is installed in the host machine by
pretending to be
useful software. The user clicks on the link or download the file which pretends to
be a useful
file or software from legitimate source. It not only damages the host computer by
manipulating the data but also it creates a backdoor in the host computer so that
it could be
controlled by a remote computer. It can become a part of botnet(robot-network), a
network of
computers which are infected by malicious code and controlled by central
controller. The
computers of this network which are infected by malicious code are known as
zombies.
Trojens neither infect the other computers in the network nor do they replicate.
21
Figure 2: A typical botnet
1.3.7 Scareware
Internet has changed how we talk, shop, play etc. It has even changed the way how
the
criminal target the people for ransom. While surfing the Internet, suddenly a pop-
up alert
appears in the screen which warns the presence of dangerous virus, spywares, etc.
in the
user‟s computer. As a remedial measure, the message suggests the used download the
full
paid version of the software. As the user proceeds to download, a malicious code,
known as
scareware is downloaded into the host computer. It holds the host computer hostage
until the
ransom is paid. The malicious code can neither be uninstalled nor can the computer
be used
till the ransom is paid. A sample message alert of a scareware is shown below in
Fig 3/***********/Proxies
The mobile version of Firefox – Firefox mobile can be equipped with proxy add-ons,
which
direct your traffic to a proxy server. From there your traffic goes to the site you
are
requesting. This is helpful in cases of censorship, but still may reveal your
requests unless the
connection from your client to the proxy is encrypted. We recommend the Proxy
Mobile addon (also from Guardian Project, which makes proxying with Firefox easy.
Is also the only
way to channel Firefox mobile communications to Orbot and use the Tor network.