CYBERSECURITY

UNIT 1
Introduction to Cybercrime
Introduction
• World- April 2024- 5.44 billion internet users
• India-world’s second-largest internet population at over 1.2 billion
users in 2023.
• Of these, 1.05 billion users accessed the internet via their mobile
phones.
• Estimates suggest that this figure would reach over 1.2 billion by
2050.
• Opens a new way of exploitation - cybercrime
Number of mobile phone internet users in India from 2015 to 2023
April 2024- 5.44 billion internet users
What is Cyber security ?
• Definition: Refers to the technologies and processes designed to protect computers, networks
and data from unauthorized access and attacks delivered via the internet by cyber criminals

Objective of Cyber Security

• To establish rules and measures to use against attacks over the internet.
• To prevent or mitigate harm to—or destruction of—computer networks, applications,
devices, and data.
Advantages:
• Protection from
• Unwanted programs
• Data theft
• Hackers
• Provides privacy to
• Data and System
1.1 Definition and origins of the word

Definition:
• A crime conducted in which a
computer was directly and
significantly instrumental.
Alternative definitions for computer
crime
1. Any illegal act where a special knowledge of computer technology is
essential for its perpetration, investigation or prosecution
• Investigation - formal or systematic examination or research:
• Perpetration is the act of committing a crime or a violent or harmful act.

2. Any traditional crime that has acquired a new dimension through the aid of
a computer, and abuses that have come into being because of computers
3. Any financial dishonesty that takes place in a computer environment.
4. Any threats to the computer itself, such as theft of hardware or software,
sabotage and demands for ransom
• Sabotage - act of destruction or disruption in which equipment is damaged
• Ransom- a large amount of money that is demanded in exchange for someone who has been taken prisoner, or
sometimes for an animal
Another definition

• “Cybercrime (computer crime) is any illegal behaviour, directed by means of electronic

operations, that target the security of computer systems and the data processed by
them.”
• Hence cybercrime can sometimes be called as computer-related crime, computer crime,
E-crime, Internet crime, High-tech crime….

Cybercrime specifically can be defined in number of ways……

1. A crime committed using a computer and the internet to steal a person’s identity
(identity theft) or sell contraband or stalk victims or disrupt operations with
malevolent programs.
2. Crimes completed either on or with a computer
3. Any illegal activity through the Internet or on the computer.
4. All criminal activities done using the medium of computers, the Internet, cyberspace
and the WWW.
• Selling contraband refers to selling goods that are banned by law from being
imported or exported. Contraband is distributed or sold illicitly.
Further.............

• Cybercrime refers to the act of performing a criminal act using

cyberspace as communication vehicle.
Cyberspace
• Conceptual definition: The “Nebulous place” where humans interact
over the computer.
• Present: It describes the internet and other computer networks.
• In terms of computer science: It is a worldwide network of computer
networks that uses the Transmission Control Protocol/Internet
Protocol (TCP/IP) for communication to facilitate transmission and
exchange of data.
• (Or) A place where you chat, explore, research and play.
Two types of attacks are common:
1. Techno- crime
• Techno-crime refers to criminal activities that involve the use of technology, particularly
computers and networks. These crimes can include:
• Hacking: Unauthorized access to computer systems to steal, alter, or destroy data.
• Phishing: Fraudulent attempts to obtain sensitive information by pretending to be a
trustworthy entity.
• Malware: Software designed to disrupt, damage, or gain unauthorized access to
computer systems.
• Identity Theft: Stealing personal information to commit fraud or other crimes
2. Techno – vandalism
• Techno-vandalism involves unauthorized access to computer systems with the intent to
cause damage or disruption, often for the challenge rather than for financial gain. This
can include:
• Defacing Websites: Altering the appearance of websites.
• Destroying Data: Deleting or corrupting files and programs.
• Disrupting Services: Causing systems to crash or become unusable
Cyber terrorism
• Any person, group or organization who with terrorist intent, utilizes,
accesses or aids in accessing a computer or computer network or
electronic system or electronic device by any available means and
there by knowingly engages in a terrorist act.
1.2 Cybercrime and information
security
• Lack of information security give rise to cybercrime
• Cybersecurity: means protecting information, equipment, devices,
computer, computer resource, communication device and information
stored therein from unauthorized access, use, disclosure, disruption,
modification or destruction.
1.3 Who are Cybercriminals?
Are those who conduct acts such as:
• Child pornography
• Credit card fraud
• Cyberstalking
• Cyber stalking involves following a person's movements across the Internet by posting
messages (sometimes threatening) on the bulletin boards frequented by the victim, entering
the chat - rooms frequented by the victim, constantly bombarding the victim with emails etc.
• Defaming another online
• Gaining unauthorized access to computer systems
• Ignoring copyrights, Software licensing and trademark protection
• Overriding encryption to make illegal copies
• Software piracy and
• Stealing another’s identity to perform criminal acts
Categorization of
Cybercriminals
1. Type 1: Cybercriminals- hungry for recognition
• Hobby hackers- A person who enjoys exploring the limits of what is
possible, in a spirit of playful cleverness. May modify hardware/ software
• IT professional(social engineering):
Ethical hacker - a person who hacks into a computer network in order to
test or evaluate its security, rather than with malicious or criminal intent.
• Politically motivated hackers : promotes the objectives of individuals,
groups or nations supporting a variety of causes such as : Anti
globalization, transnational conflicts and protest
Terrorist organizations: a political movement that uses terror as a weapon to
achieve its goals.
• Cyberterrorism
• Use the internet attacks in terrorist activity
• Large scale disruption of computer networks , personal computers attached to
internet via viruses
2. Type 2: Cybercriminals- not interested in recognition

Psychological perverts
• Express sexual desires, deviates from normal behaviour
Financially motivated hackers
• Make money from cyber attacks
• Bots-for-hire : fraud through phishing, information theft, spam and extortion
State-sponsored hacking
• Hacktivists
• Extremely professional groups working for governments
• Have ability to worm into the networks of the media, major corporations,
Défense departments
organized criminals
3. Type 3: Cybercriminals- the insiders

• Disgruntled or former employees seeking revenge

• Competing companies using employees to gain economic advantage
through damage and/ or theft
 1.4 Classification of cybercrimes

1. Cybercrime against an individual

2. Cybercrime against property
3. Cybercrime against organization
4. Cybercrime against Society
5. Crimes emanating from Usenet newsgroup
1. Cybercrime against an individual
• Electronic mail spoofing and other online frauds
• Phishing, Spear phishing
• Spamming
• Cyberdefamation
• Cyberstalking and harassment
• Computer sabotage
• Pornographic offenses
• Password sniffing
2. Cybercrime against property

1. Credit card frauds

2. Intellectual property( IP) crimes

3. Internet time theft

3. Cybercrime against
organization
1. Unauthorized accessing of computer
2. Password sniffing
3. Denial-of-service attacks
4. Virus attack/dissemination of viruses
5. E-Mail bombing/mail bombs
6. Salami attack/ Salami technique

6. Logic bomb

7. Trojan Horse

8. Data diddling

9. Industrial spying/ industrial espionage

10. Computer network intrusions

11. Software piracy

4. Cybercrime against Society
1. Forgery

2. Cyberterrorism

3. Web jacking

5. Crimes emanating from Usenet newsgroup

1. Usenet groups may carry very offensive, harmful, inaccurate
material
2. Postings that have been mislabeled or are deceptive in another way
1.4.1 E-Mail Spoofing
• A spoofed E-mail is one that appears to originate from one source but
actually has been sent from another source.
Examples of email spoofing
• An Email claiming to be from a system administrator (and also
appearing so) requesting users to change their passwords to a
specified string and threatening to suspend their account if they do
not do this.
• A mail claiming to be from a person in authority requesting users to
send them a copy of a password file or other sensitive information.
• Receiving an Email from a partner, requesting for funds transfer
pertaining to a sale or transaction.
• One type of e-mail spoofing, self-sending spam, involves messages
that appear to be both to and from the recipient
1.4.2 Spamming
• Sending large amount of restricted electronic message
• Some senders of Spam Email combined it with Email
Spoofing techniques, so that it would not be easy to determine original
email address of the sender.
1.4.3 Cyber defamation
• The act of defaming, insulting, offending or otherwise causing harm
through false statements pertaining to an individual in cyberspace.
1.4.4 Internet Time Theft
• the unauthorized person uses internet hours paid by another person.
• The unauthorized person gets access to another person's ISP user ID
and password, either by hacking or by illegal means without that
person's knowledge.
• Example:
1.4.5 Salami Attack/Salami
Technique
1.4.6 Data diddling
1.4.7 Forgery
• Fake currency notes, postage and revenue stamps,
marksheets can be forged using sophisticated
computers, printers and scanners.
1.4.8 Web Jacking
Example:
• Recently the site of MIT (Ministry of Information Technology) was
hacked by the Pakistani hackers and some obscene matter was placed
therein.
• Further the site of Bombay crime branch was also web jacked.
• Another case of web jacking is that of the ‘gold fish’ case. In this case
the site was hacked and the information pertaining to gold fish was
changed.
ISRO website hacked in 2015
1.4.9 Newsgroup Spam
• Newsgroup spam is a type of spam where the targets are Usenet
newsgroups.
• Spamming of Usenet newsgroups actually pre-dates e-mail spam.
1.4.10 Industrial Spying /
Industrial Espionage
• “Spies” can get information about product finances, research and
development and marketing strategies.
• This activity is known as “industrial spying”.
1. Gillette was a victim of industrial espionage back in 1997
Steven L. Davis, then 47-years-old, stole information concerning a new
shaving system the had been developed by the company.
2. Kodak also fell foul of industrial espionage in the '90s
The former employee, Harold Worden, then 56-years-old, stole Kodak
property that was worth millions of dollars. He had worked for Kodak for
over 30 years and did not return confidential documentation when he left
the company in 1992.
4. IBM won an espionage court case against Hitachi in the 1980s
Back in the 1980s, IBM won a court case against Hitachi, and two of its
employees, for industrial espionage. Hitachi was charged with conspiring to
steal confidential computer information from IBM and transport it to Japan.
Chinese hackers managed to break into the computer systems of five
multinational oil and gas companies back in 2011. They were able to make
off with bidding plans and other critical proprietary information according
to an article by Reuters at the time.
Example:
• One of the interesting case is about The famous Israeli Trojan story,
where a software engineer in London created a Trojan Horse program
specifically designed to extract critical data gathered from machines
infected by his program. He had made a business out of selling his
Trojan Horse program to companies in Israel, which would use it for
industrial spying by planting it into competitor’s network.
1.4.11 Hacking
1.4.12 Online Frauds
• This comes under spoofing. The purpose of spoofing is to make the
user enter personal information which is then used to access business
and bank accounts.
• This kind of online fraud is common in banking and financial sector.
• It is strongly recommended not to input any sensitive information that
might help criminals to gain personal information.
Online fraud
1.4.13 Pornographic Offenses
• People will physically and psychologically forcing minors to engage in
sexual activities.
1.4.14 Software Piracy
1.4.15 Computer Sabotage
1.4.16 Email bombing
• It refers to sending a large number of e- mails to the
victim to crash victim’s email account or to make
victim’s mail server crash.
1.4.17 Usenet Newsgroup
• Usenet is a mechanism that allows sharing information in a many-to-
many manner.
• Usenet mainly used for following crime :
1. Distribution/sale of pornographic material
2. Distribution/sale of pirated software
3. Distribution of hacking software
4. Sale of stolen credit card number
5. Sale of stolen data/Stolen Property
1.4.18 Computer Network
Intrusions
• Hackers can break into computer systems from anywhere in the world
and steal data, plant viruses, insert trojan horses or change user
names and passwords.

1.4. 19 Password sniffing

• Password sniffing is a technique used to gain knowledge
of passwords that involves monitoring traffic on a network to pull out
information. There are several software's available for
automatic password sniffing.
1.4.20 Credit Card Fraud
• Information security requirements for credit cards have been
increased recently.
• Millions of dollars lost by consumers who have credit card stolen from
online database.

1.4.21 Identity theft

• Identity theft is a fraud involving another perosn’s identity for an
illegal purpose.
1.5 Cyberstalking
Definitions:
• Stalking is an “act or process of following victim silently – trying to
approach somebody or something”
• Cyberstalking has been defined as the use of information and
communications technology by an individual or group of individuals to
harass another individual, group of individuals .
• Social media, blogs, image-sharing sites, and lots of different ordinarily
used online sharing activities offer cyber Stalkers a wealth of data that
helps them arrange their harassment.
• Types of Stalkers
1. Online stalkers
2. Offline stalkers.
1. Online stalkers :

• They aim to start the interaction with the victim directly with the help of
the internet (email/Chat Room).
• The stalker makes sure that the victim recognizes the attack attempted
on him/her.
• The stalker can make use of a third party to harass the victim.
2. Offline stalkers :

• The stalker may begin the attack using traditional methods such as
following victim, watching the daily routine of the victim, etc.
• For ex. Use of community sites, newsgroups, social websites, personal
websites.
• The victim is not aware that the Internet has been used to achieve an
attack against them.
Cases reported on Cyberstalking:

• The majority of cyberstalking are men and the majority of their victims
are women.
• In many cases, the cyberstalker is ex-lover, ex- spouse, boss/subordinate,
and neighbor.
• There also have been cases about strangers who are cyberstalkers.
How Stalking works?
1. Personal information gathering about the victim
– Name; family background; contact details- cell phone and telephone
numbers(residence as well as office)
2. Establish a contact with victim through telephone/cell phone.
– Once the contact is established, the stalker may make calls to the victim to harass.
3. Stalkers will almost always establish a contact with victim through e-
mail.
– The letters may have the tone of loving, threatening or can be sexually explicit.
The stalker may use multiple names while contacting the victim
4. Some stalkers keep on sending repeated E-mails asking for various
kinds of favors or threaten the victim.
5. The stalker may post the victim’s personal information as sex workers’
services or dating services. The stalker will use bad/attractive language
to invite the interested persons.
6. Whosoever comes across the information, starts calling victim and
asking for sexual services or relationship.
7. Some stalkers subscribe/register the e-mail account of the victim to
innumerable pornographic and sex sites.
 Real Life Example:

• The indian police have registered first case of cyberstalking in

Delhi.
• Mrs. Joshi received almost 40 calls in 3 days mostly at odd hours.
• Mrs. Joshi decided to register a complaint with Delhi police.
• A person was using her ID to chat over the Internet at the
website www.mirc.com.
1.6 Cybercafes and Cybercrimes
• In February 2009 survey,
• 90% of the audience across eight cities and 3500 cafes were male and in the age group of
15-35 years;
• 52% were graduates and postgraduates
• Almost 50% were students.
• IT security and governance is practiced.
• Many instanced reported in India, where cybercafes are known to be used for
either real or false terrorist communication.
• Cybercrimes – stealing bank passwords, fraudulent withdrawal of money-
happened through cybercafes.
• Cybercafes have also been used regularly for sending obscene mails to harass
people.
Cybercafe hold two types of risks :
1. Risk of malicious programs –
• We do not know what programs are installed on the computer.
• Like keyloggers or spyware may be running background that captures
keystrokes to know the passwords and confidential info and/or monitor browser
behavior.
2. Over-the-shoulder peeping (i.e shoulder surfing)
• Enable others to find out your passwords.

• Cybercriminals prefer cybercafes to carry out their activities.

• Indian Information Technology Act (ITA) 2000
• Doesn’t define cybercafes and interprets cybercafes as “network service
providers” – Section 79
• cybercafes - Responsibility – “due diligance”
• If fail - responsible for offences committed in their network.
• Due diligence is an investigation, audit, or review performed to confirm
facts or details of a matter under consideration
• A recent survey conducted in one of the metropolitan cities in India reveals the
following facts :
1. Pirated softwares are installed in all the computers.
2. Antivirus was not updated with latest patch.
3. Several cybercafes had installed “Deep Freeze” to protect computer which
helps cybercriminals.
• Deep Freeze, is a software application available for the Microsoft Windows,
and macOS operating systems which allows system administrators to protect the
core operating system and configuration files on a workstation or server by restoring a
computer back to the saved configuration, each time the computer is restarted
4. Annual Maintenance Contract (AMC) was not found for servicing of the
computer (hard disk format). Not done results in conduct of criminal activities
without any interruption with the help of a malicious code
• Annual Maintenance Contract - an agreement between company and
a maintenance services provider.
5. Pornographic and other similar websites were not blocked.
6. Cybercafe owner have very less awareness about IT security and IT Governance.
7. Government/ISPs/State Police (cyber cell wing) do not seen to provide IT
Governance guidelines to cybercafe owners.
8. Cybercafe association or State Police do not seem to conduct periodic visits to
cybercafe.
Security tips for cybercafe :
1. Always Logout: While checking email or logging in for chatting, always
click logout/sign out.
2. Stay with the computer: While surfing, don’t leave the system
unattended for any period of time.
3. Clear history and temporary files: Before browsing deselect
AutoComplete option.
1. Open Browser - > Tools -> Internet options -> Content tab->AutoComplete.
Deselect checkboxes to deselect. Ok twice.
2. After browsing---Tools -> Internet Option -> General Tab -> Temporary Internet
Files -> Delete files and then Delete Cookies.
3. Go history - > click clear history. Leave the computer after finishing.
4. Be alert: One have to be alert for snooping over the shoulder.
5. Avoid online financial transactions: One should avoid online banking,
shopping, etc. Don’t provide sensitive information such as credit card
number or bank account details.
6. Change Passwords: Change password after completion of transaction
7. Virtual Keyboard: Almost every bank websites provide virtual keyboard.
8. Security Warnings: Follow security warning while accessing any bank
websites.
 1.7 Botnet

• The meaning of botnet is “an automated program for doing some

particular task, over a network”.

• Botnet term is used for collection of software that run autonomously and
automatically.

• Botnets are exploited for various purposes, including denial-of-service

attacks, creation or misuse of SMTP mail relays for spam, click fraud, and
financial information such as credit card numbers.
• In short, a botnet is a network of computers infected with a malicious
program that allows cybercriminals to control the infected machines
remotely without the users’ knowledge.

• A Botnet is also called a zombie network.

 Example:
• A botnet can be created for a variety of purposes. In many cases, botnets today are
created with the goal to be rented out to people wanting to send a targeted attack. The
following example demonstrates the process of using a botnet for the purpose of
sending out email spam.
1. Multiple machines are infected with the malware sent out by the operator
2. The slave machines log into a command and control server where the botnet
operator can issue commands
3. A spammer rents the botnet from the operator
4. The operator sends out the spammer’s message to the command and control server
resulting in the mass delivery of spam messages
Use of Botnet
• If someone wants to start a business and has no programming skills,
there are plenty of “Bot for Sale” offers on forums.
• Encryption of these program’s code can also be ordered to protect
them from detection by antivirus.
Types of Botnet Attacks:
• Botnet attacks come in many forms. They can be used to do everything from overloading a web
server with requests, to illegally generating revenue. The following is a list of a few popular types
of botnet attacks.
• DDoS Attacks: Distributed Denial of Service attacks are used for the purpose of making a website
inoperable by overloading the server with requests.
• Click Fraud: Botnets can be used to command a user’s computer to click on PPC (pay-per-click)
campaigns or other ads for personal monetary gain.
• Email Spam: email spammers can rent a botnet from the operator to send out a mass spam
email campaign.
• Bitcoin Mining: Botnet operators have been known to use their slave computer’s resources to
mine bitcoins on their behalf.
• Adware: Replaces the current ads on a web page with the ads of another advertiser for personal
or commercial gain.
Points to secure the system :
• Use antivirus and anti-Spyware software and keep it up-to-date.
• Set the OS to download and install security patches automatically.
• Use a firewall to protect the system from hacking attacks while it is
connected on the internet.
• Disconnected from the internet when you are away from your computer.
• Downloading the freeware only from websites that are known and
trustworthy.
• Check regularly the folders in the mail box for those messages you did not
send.
• Take an immediate action if your system is infected.
 1.8 Attack Vector
• An attack vector is a path by which an attacker can gain access to a
computer or to a network server to deliver a payload.
• Attack vectors enable attackers to exploit system vulnerability.
• Attack vectors include viruses, e-mail attachments, webpages, pop-up
windows, instant messages, and chat rooms.
• The most common malicious payloads are viruses, trojan horses,
worms and spyware.
• Payload means the malicious activity that the attack performs.
How attack launched ?
• Attack by e-mail
• Attachment
• Attack by deception
• Hackers
• Heedless guests
• Attack of worms
• Malicious macros
• Virues
1.9 Proliferation of mobile and
wireless devices
• Electronic gadgets ( i.e mobile hand-held devices) - integral part of
life, providing connectivity with the Internet.
• We see them everywhere: people hunched over their smartphones or
tablets in cafes, airports, supermarkets and even at bus stops,
seemingly oblivious to anything or anyone around them.
• They play games, download email, go shopping or check their bank
balances on the go.
Terminology need to known
• Mobile device – include many products.
• Mobile computing – refers to a variety of devices that allow people to
access data and information from wherever they are.
• Wireless computing - refers to a network of computers and devices
that are connected using a "wireless" network connection such
as WiFi.
• Hand-held devices- a piece of computing equipment that can be used
in the hand, such as a smartphone or tablet computer.
Mobile, Wireless Devices and hand-held devices
Types of mobile computers:
1. Portable computer
• General purpose computer, easily moved from
one place to another, but cannot used in transit,
it requires some “setting-up” and an AC Power
source.

2. Tablet PC
• It lacks a keyboard, is shaped like a slate or a paper notebook
and has features of a touch-screen with a stylus and
handwriting recognition software.
• Tablets may not be best suited for applications requiring a
physical keyboard for typing, but are otherwise capable of
carrying out most tasks that an ordinary laptop would be able to
perform.
3. Internet Tablet
• It is the Internet appliance in tablet form. Unlike a Tablet PC, the Internet
tablet does not have much computing power and its applications suite is
limited. Also it cannot replace a general-purpose computer.
• The Internet tablets typically feature an MP3 and video player, a Web
browser, a chat application and a picture viewer.
4. Personal Digital Assistant (PDA)
• It is a small, usually pocket-sized, computer with limited functionality.
• It is intended to supplement and synchronize with a desktop
computer, giving access to contacts, address book, notes, E-Mail and
other features.
5. Ultra Mobile PC
• It is a full-featured, PDA-sized computer running
a general-purpose operating system (OS).

6. Smartphone
• It is a PDA with an integrated cell phone
functionality.
• Current Smartphones have a wide range
of features and installable applications.
7. Carputer
• It is a computing device installed in an automobile.
• It operates as a wireless computer, sound system, and global
positioning system (GPS) and DVD player. It also contains word
processing software and is Bluetooth compatible.
8. Fly Fusion Pentop Computer
• It is a computing device with the size and shape of a pen. It
functions as a writing utensil, MP3 player, language translator,
digital storage device and calculator.
1.10 Security challenges posed by
mobile devices
1.10 Security challenges posed by
mobile devices
• Mobility brings two main challenges to cybersecurity:
• On the hand-held devices, information is being taken outside the physically controlled
environment and
• Remote access back to the protected environment is being granted.
• Increasing #mobile device users creates two security challenges:
1. Micro-challenges : Security Challenges at the device level.
2. Macro-challenges: Security Challenges at the organizational level.

Well know challenges in mobile security:

• Managing the registry setting and configuration

• Authentication Service Security
• Cryptography Security
• Lightweight Directory Access protocol(LADP) Security
• Remote Access Server(RAS) security
• Media Player Control Security
• Network Application Program Interface (API) security
1.11 Authentication Service
Security
Two components of security in mobile computing:
• Security of Devices : – A secure network access involves mutual
authentication between the device and the base station or web
servers. So that authenticated devices can be connected to the
network to get requested services. In this regard Authentication
Service Security is important due to typical attacks on mobile devices
through WAN:
• DoS attacks: –
• Traffic analysis:-
• Eavesdropping:-
• Man-in-the-middle attacks: –
• Security in network: – Security measures in this regard come from
• Wireless Application Protocol (WAP)
• use of Virtual Private Networks (VPN)
• MAC address filtering

• Eminent kinds of attacks on mobile devices:

• Push attacks : Sending fake approval messages to a user is nothing
new, we’ve seen them take the form of SMS phishing, fake login
pages and of course the classic Google Drive email attachment.
• Pull attacks : A “pull attack” on mobile devices isn’t a specific term,
but it might refer to various types of cyberattacks targeting mobile
devices.
• Crash attack: Any type of cyberattack
1.Cryptographic Security for Mobile Devices:
• A Cryptographically Generated Address (CGA) is an Internet Protocol
Version 6 (IPv6) address that has a host identifier computed from a
cryptographic hash function.
• It addresses upto 64-address bits
• This procedure is a method for binding a public signature key to an IPv6
address in the Secure Neighbor Discovery Protocol (SEND).
• A Cryptographically Generated Address is formed by replacing the least-
significant 64 bits of the 128-bit IPv6 address with the cryptographic
hash of the public key of the address owner.
• Is used to identify the host's network interface on its subnet.
• The messages are signed with the corresponding private key.
• Only if the source address and the public key are known can the
verifier authenticate the message from that corresponding sender.
• This method requires no public key infrastructure. Valid CGAs may
be generated by any sender, including a potential attacker, but they
cannot use any existing CGAs
• CGA-based Authentication can be used to protect IP-Layer signaling
protocols
• Also used in key –exchange and create an IPSec security association
for encryption and data authentication

Example: PalmOS
• Palms are one of the most common hand-held devices used in mobile
computing, Cryptographic security controls are deployed on these devices.

• Cryptographic Provider Manager (CPM) in Palm OS5 is a system-wide suite of

cryptographic services for securing data and resources on a Palm- powered
device
2. LDAP security for hand held mobile
computing devices
• LDAP (Lightweight Directory Access Protocol) is a software protocol for
enabling anyone to locate data about organizations, individuals and
other resources such as files and devices in a network -- whether on the
public internet or on a corporate intranet.
• LDAP is a "lightweight" (smaller amount of code) version of Directory Access
Protocol (DAP), which is part of X.500, a standard for directory services in a
network.
• since it does not include security features in its initial version.
• LDAP allows a user to search for an individual without knowing where
they're located .
• The common use of LDAP is to provide a central place for authentication -- meaning
it stores usernames and passwords. LDAP can then be used in different applications
or services to validate users with a plugin.
• It originated at the University of Michigan
• Endorsed by atleast 40 companies
• Centralized directories such as LDAP make revoking permissions quick and easy.

LDAP directory Structure: simple tree

structure
• Root directory
• Countries
• Organizations
• Organizational units
• individuals
3. RAS security for mobile devices

• Remote Application Server

• RAS is important for protecting business sensitive data that may reside on
the employee’s mobile devices.
• Vulnerable to unauthorized access : resulting in providing a route into the
systems with which they connect
– By impersonating or masquerading to these systems, a cracker is able to steal
data or compromise corporate systems in other ways.
• Another threat is by port scanning: DNS server- locate IP address- scan the
port on this IP address that are unprotected.
• Precautions: a personal firewall
 RAS system security for Mobile device
clients
• The security of the RAS server
• The security of the RAS client
• The secure data transmission
 4. Media Player Control Security
• Potential security attacks on mobile devices through the “music
gateways”
• Windows media player: MS warned about security loop holes
• Corrupt files posing as normal music and video files
– May open a website from where the Javascript can be operated.
– Allow attacker to download and use the code on user’s machine
– Create buffer overrun errors.

5. Networking API security for mobile

computing applications
• Development of various API’s to enable software and hardware
developers to write single applications to target multiple security
platforms
 1.12 Attacks on Mobile/ cell phones
• Mobile Phone Theft
• Mobile Viruses
• Mishing
• Vishing
• Smishing
• Hacking Bluetooth
1. Mobile phone theft
With mobiles or cell phones becoming fancier, more popular, and more expensive, they
are increasingly liable to theft.
The following factors contribute for outbreaks on mobile devices:
1. Enough target terminals: first mobile virus in 2004 :- Mosquito – this virus sent SMS
text messages to the organization(Ojam)
2. Enough functionality: office functionality, critical data and applications protected
insufficiently or not at all.
expanded functionality increases the probability of malware
3. Enough connectivity: SMS, MMS, Synchronization, bluetooth, infrared(IR) and WLAN
connections
How to Protect a Mobile Phone from Being Stolen?

• Keep details.
• Make a record of all your phone information and keep this in a safe place.
Include the following elements in the information: Your phone number
• The make and model
• Color and appearance details
• The pin or security lock code
• The IMEI number (on GSM phones)
• International Mobile Equipment Identity

Add a security mark.

Use an ultra violet pen to print your post code and house number onto both your mobile
handset and battery. This makes it easily identifiable as your property if lost or stolen. It would
also be good if you write your alternate contact number or email id on your phone.
This would help the finder of your handset to contact you if he or she intents to return it. The
ultra-violet pen marking will wear off every couple of months, so reapply it when you feel
necessary.
• Use the security lock code, or PIN feature, to lock your phone.
• This will make it less valuable to a thief and deny them access to personal numbers
stored on your SIM card.
• Register your phone with your network operator.
• If your phone is stolen, report the loss to them immediately. Using your IMEI number, they
may be able to block your hand set and account details.
• Some wireless carriers are willing to do this, and some aren't. If done, this will prevent
anyone from using the phone across any network, even if the SIM card is changed. Keep in
mind that once the phone is disabled, it may not be able to be used again, even if you get
it back.
• Keep records of this call--the date, time, name of the person you spoke to, what they said,
and their extension. Ask for confirmation in writing that your phone has been disabled.[2]
This is important in case the thief makes fraudulent charges on your account.
• Have your phone number disabled.
• In addition to reporting your phone lost or stolen, you should also disable your phone
number (not account) so that no further charges can be applied. This is in case the
thief figures out how to access your account through another hand set, or in case the
carrier is unwilling to block the handset. Remember that, as mentioned earlier, many
thieves stand to benefit from using your service rather than selling your phone,
especially between the moment they steal it and the moment you realize your phone
is missing.[3] As in the previous step, keep detailed records of when you requested your
account to be disabled.
• Request an immediate, formal investigation from your carrier. Sometimes this can
prevent (or at least delay) the carrier from launching a collections effort and tainting your
credit, if things get ugly.
• File a police report immediately. Time is money, literally. A thief can add over US$10,000
to your cell phone bill in just hours by making international calls, and you might end up
being asked to foot the bill. Some phone companies may require proof that the phone was
actually stolen, versus it having been lost. A police report serves as evidence, which will
make your wireless provider more cooperative, especially if insurance is involved.
• Install anti phone theft software. There are suppliers that provide
modern anti theft software for your phone. The software enables you to
remotely contact your mobile and stay in control. For example, one of the
recently published solutions for Symbian and Android is Theft Aware;
others provide Windows Mobile or Blackberry support
• Never let the phone get out of your sight. Unless you are sleeping of
course, always have your eyes on the phone.
2. Mobile Viruses
• 40 virus families
• 300+ mobile viruses identified
• First mobile virus : june 2004
• Spread through dominant communication protocols
• Bluetooth, MMS

How to protect from mobile malware attacks

• Download or accept programs and content only from a trusted source
• Turn off bluetooth or set it to non-discoverable when not in use
• Receive IR beams only from trusted source
• Install antivirus software
Mobile Phone Virus Hoax

• Forwarded messages claim that a destructive virus will infect your

mobile (cell) phone if you receive a call that displays "ACE" or
"XALAN" on the screen.
Example
• All mobile users pay attention!!!!!!!!!

If you receive a phone call and your mobile phone displays(XALAN)on the screen don't
answer the call, END THE CALL IMMEDIATELY,if you answer the call,your phone will be
infected by a virus. This virus WILL ERASE all IMEI and IMSI information from both your
phone and your SIM card, which will make your phone unable to connect with the
telephone network. You will have to buy a new phone. This information has been
confirmed by both Motorola and Nokia. There are over 3 Million mobile phones being
infected by this virus in all around the world now. You can also check this news in the
CNN web site.

PLEASE FORWARD THIS PIECE OF INFORMATION TO ALL YOUR FRIENDS HAVING A

MOBILE PHONE.
• Variants of this hoax have been circulating since 1999. The information in
the email is completely untrue and has certainly not been "confirmed by
both Motorola and Nokia".
3. Mishing

• 'Mishing' is a combination of the words Mobile phone and phISHING.

• Mishing is very similar to phishing—the only difference is the
technology.
• Phishing involves the use of emails to trick you into providing your
personal details, whereas mishing involves mobile phones.
• If you use your mobile phone for purchasing goods and services and
convenient banking, you could be more vulnerable to a mishing scam.
• Variants of Mishing:
• Vishing : Mishing attacker makes call for phishing
• Smishing: Mishing attacker sends SMS for phishing
 4. Vishing
• "vishing" - is a socially engineered technique for stealing information or money from
consumers using the telephone network.
• The term comes from combining "Voice" with "phISHING," which are online scams that
get people to give up personal information.
• Vishing is very similar to phishing—the only difference is the technology.
• Vishing involves voice or telephone services. If you use a Voice over Internet Protocol
(VoIP) phone service, you are particularly vulnerable to a vishing scam.
• Vishing is usually used to steal credit card numbers or other related data used in ID
theft schemes from individuals.
The most Profitable uses of the information gained through a Vishing
attack include:

• ID theft
• Purchasing luxury goods and services
• Transferring money/ funds
• Monitoring the victims bank accounts
• Making applications for loans and credit cards
How Vishing works?
• Visher uses different methods based on the info gathered

1. Internet E-Mail: It is also called Phishing mail

2. Mobile text messaging
3. Voicemail: Here, victim is forced to call on the provided phone
number, once he/she listens to voicemail.
4. Direct phone call:
• A vishing perpetrator (visher) may gain access to a group of private customer
phone numbers.
• The visher may then call the group(may use war dialer)

• When a potential victim answers the phone, he or she hears an automated

recording informing him that his bank account has been compromised.
• He then calls the specified toll-free number to reset his security settings and
hears another automated message requesting the user’s bank account number
and/or other personal details via the phone keypad..
How to protect from Vishing attack?
• Be suspicious of all unknown callers
• Don't trust caller ID: caller ID spoofing is easy
• Ask questions: ask them to identify who they work for, and then check them out to
see if they are legitimate.
• Call them back: call them back using a number from your bill or your card. Never
provide credit card information or other private information to anyone who calls
you
• Report incidents: to nearest cyberpolice cell
5. Smishing

• Short for SMS Phishing, smishing is a variant of phishing email scams that
instead utilizes Short Message Service (SMS) systems to send bogus text
messages.
• Also written as SMiShing, SMS phishing made recent headlines when a
vulnerability in the iPhone's SMS text messaging system was discovered
that made smishing on the mobile device possible.
How smishing works?
• Smishing scams frequently seek to direct the text message recipient to
visit a website or call a phone number, at which point the person being
scammed is enticed to provide sensitive information such as credit card
details or passwords.
• Smishing websites are also known to attempt to infect the person's
computer with malware.
Example :
Text message originating from either notice@jpecu or message@cccu :
• ABC CU – has –deactivated – your Debit_card. To reactivate
contact:210957XXXX
This is an automated message from ABC Bank.
• Your ATM card has been suspended. To reactivate call urgent at 1 866
215 XXXX
Text message originating from sms.alert@visa.com :
• sms.alert@visa.com/VISA. (Card Blocked) Alert. For more information
please call 1-877-269-XXXX
How to protect from Smishing attacks?
• Do not answer a text message
• Avoid calling any phone numbers
• Never click on a hot link received through messages
6. Hacking bluetooth

• Bluetooth hacking is a technique used to get information from another

Bluetooth enabled device without any permissions from the host.
• This event takes place due to security flaws in the Bluetooth technology.
• It is also known as Bluesnarfing.
• Bluetooth hacking is not limited to cell phones, but is also used to hack
PDAs, Laptops and desktop computers.
• Bluetooth hacking is illegal and can lead to serious consequences.
Following are threats a person can face when his/her mobile
phone gets bluesnarfed:
1. The hacker can steal, delete contacts
2. Hacker can extract personal files/pictures etc
3. Your cell phone can be used for making calls and using internet at your expense
4. The hacker may call or text your contacts to annoy them
5. You mobile phone can be reset to default factory settings hence deleting your
personal settings
6. Hacker can even access your calendar, clock, International Mobile Equipment
Identity (IMEI) number. IMEI number can be used to clone your cell phone so that
your messages are also routed to another number. Cloning is also considered
illegal.
Common attacks:
1. Bluejacking:
2. Bluesnarfing
3. Bluebugging
4. Car wishper
Bluejacking
• Bluejacking is the sending of unsolicited messages
over Bluetooth to Bluetooth-enabled devices such as
mobile phones, PDAs or laptop computers, sending a
vCard which typically contains a message in the name
field (i.e., for bluedating or bluechat) to another
Bluetooth-enabled device .
• Bluejacking is also known as bluehacking.
• Bluejacking exploits a basic Bluetooth feature that
allows devices to send messages to contacts within
range.
• Bluejacking is harmless
Bluesnarfing
• Bluesnarfing is the unauthorized access of information from a
wireless device through a Bluetooth connection, often
between phones, desktops, laptops, and PDAs (personal digital
assistant.).
• This allows access to a calendar, contact list, emails and text
messages, and on some phones, users can copy pictures and
private videos.
• Both Bluesnarfing and Bluejacking exploit others' Bluetooth
connections without their knowledge.
• While Bluejacking is essentially harmless as it only transmits
data to the target device, Bluesnarfing is the theft of
information from the target device.
Bluebugging
• Bluebugging is a form of Bluetooth attack often caused by a
lack of awareness.
• It was developed after the onset of bluejacking and
bluesnarfing. Similar to bluesnarfing, bluebugging accesses
and uses all phone features
• Bluebugging manipulates a target phone into compromising its
security, this to create a backdoor attack before returning
control of the phone to its owner. Once control of a phone has
been established, it is used to call back the hacker who is then
able to listen-in to conversations.
• The Bluebug program also has the capability to create a call
forwarding application whereby the hacker receives calls
intended for the target phone.
• Not only can a hacker receive calls intended for the target
phone, he can send messages, read phonebooks, and examine
calendars.
Car Whisperer
• Software that intercepts a hands-free Bluetooth
conversation in a car.
• the Car Whisperer enables an attacker to speak to the
driver as well as eavesdrop on a conversation.
• By exploiting the fact that a common security code
(passkey) is used by many Bluetooth hands-free
system vendors, the Car Whisperer sets up a two-way
session with the car and a Linux computer.
• an attacker could access a telephone address book
once he has connected with the Bluetooth system,
• May disable airbags or breaks
• The best way to avoid being "Car Whispered" is to
simply connect the in-car system to a Bluetooth
phone, because only one such device can be
connected at a time.
1.13 Network and Computer
Attacks
• Types of network and computer attacks include12:Data theft:
Unauthorized access to obtain private information.
• Insider threats: Attacks from employees within an organization.
• Malware attacks: Insertion of malicious code onto a network device.
• Denial-of-service attacks: Attempts to block access to a server or
website.
• Supply chain attacks.