Professional Documents
Culture Documents
Cybercrime can be committed against an individual or a group; it can also be committed against
government and private organizations. It may be intended to harm someone’s reputation,
physical harm, or even mental harm.
Cybercrime can cause direct harm or indirect harm to whoever the victim is.
However, the largest threat of cybercrime is on the financial security of an individual as well as
the government.
Types of Cybercrime:
Hacking:
It is an illegal practice by which a hacker breaches the computer’s security system of someone
for personal interest.
Unwarranted mass-surveillance:
Child pornography:
It is one of the most heinous crimes that is brazenly practiced across the world. Children are
sexually abused and videos are being made and uploaded on the Internet.
Child grooming:
It is the practice of establishing an emotional connection with a child especially for the purpose
of child-trafficking and child prostitution.
Copyright infringement:
If someone infringes someone’s protected copyright without permission and publishes that
with his own name, is known as copyright infringement.
Money laundering:
Cyber-extortion:
When a hacker hacks someone’s email server, or computer system and demands money to
reinstate the system, it is known as cyber-extortion.
Cyber-terrorism:
Cyber Security :
Cyber security is a potential activity by which information and other communication systems
are protected from and/or defended against the unauthorized use or modification or
exploitation or even theft.
E-mail Spoofing:
Email spoofing is a technique used in spam and phishing attacks to trick users into thinking a
message came from a person or entity they either know or can trust. In spoofing attacks, the
sender forges email headers so that client software displays the fraudulent sender address,
which most users take at face value. Unless they inspect the header more closely, users see the
forged sender in a message. If it’s a name they recognize, they’re more likely to trust it. So
they’ll click malicious links, open malware attachments, send sensitive data and even wire
corporate funds.
Email spoofing is possible due to the way email systems are designed. Outgoing messages are
assigned a sender address by the client application; outgoing email servers have no way to tell
whether the sender address is legitimate or spoofed.
Recipient servers and antimalware software can help detect and filter spoofed messages.
Unfortunately, not every email service has security protocols in place. Still, users can review
email headers packaged with every message to determine whether the sender address is
forged.
The goal of spoofing is to trick users into believing the email is from someone they know or can
trust—in most cases, a colleague, vendor or brand. Exploiting that trust, the attacker asks the
recipient to divulge information or take some other action.
For example, an attacker might create an email that looks like it comes from PayPal. The
message tells the user that their account will be suspended if they don’t click a link,
authenticate into the site and change the account’s password. If the user is successfully tricked
and types in credentials, the attacker now has credentials to authenticate into the targeted
user’s PayPal account, potentially stealing money from the user.
More complex attacks target financial employees and use social enginerring and online
reconnaissance to trick a targeted user into sending millions to an attacker’s bank account.
To the user, a spoofed email message looks legitimate, and many attackers will take elements
from the official website to make the message more believable. Here’s an example PayPal
phishing attack with a spoofed email sender:
With a typical email client (such as Microsoft Outlook), the sender address is automatically
entered when a user sends a new email message. But an attacker can programmatically send
messages using basic scripts in any language that configures the sender address to an email
address of choice. Email API endpoints allow a sender to specify the sender address regardless
whether the address exists. And outgoing email servers can’t determine whether the sender
address is legitimate.
Outgoing email is retrieved and routed using the Simple Mail Transfer Protocol (SMTP). When a
user clicks “Send” in an email client, the message is first sent to the outgoing SMTP server
configured in the client software. The SMTP server identifies the recipient domain and routes it
to the domain’s email server. The recipient’s email server then routes the message to the right
user inbox.
For every “hop” an email message takes as it travels across the internet from server to server,
the IP address of each server is logged and included in the email headers. These headers
divulge the true route and sender, but many users do not check headers before interacting with
an email sender.
Another component often used in phishing is the Reply-To field. This field is also configurable
from the sender and can be used in a phishing attack. The Reply-To address tells the client
email software where to send a reply, which can be different from the sender’s address. Again,
email servers and the SMTP protocol do not validate whether this email is legitimate or forged.
It’s up to the user to realize that the reply is going to the wrong recipient.
Notice that the email address in the From sender field is supposedly from Bill Gates
(b.gates@microsoft.com). There are two sections in these email headers to review. The
“Received” section shows that the email was originally handled by the email server
email.random-company.nl, which is the first clue that this email is forged. But the best field to
review is the Received-SPF section—notice that the section has a “Fail” status.
Sender Policy Framework (SPF) is a security protocol set as a standard in 2014. It works in
conjunction with DMARC (Domain-based Message Authentication, Reporting and
Conformance) to stop malware and phishing attacks.
SPF can detect spoofed email, and it’s become common with most email services to combat
phishing. But it’s the responsibility of the domain holder to use SPF. To use SPF, a domain
holder must configure a DNS TXT entry specifying all IP addresses authorized to send email on
behalf of the domain. With this DNS entry configured, recipient email servers lookup the IP
address when receiving a message to ensure that it matches the email domain’s authorized IP
addresses. If there is a match, the Received-SPF field displays a PASS status. If there is no
match, the field displays a FAIL status. Recipients should review this status when receiving an
email with links, attachments or written instructions.
Email spoofing happens when the cybercriminal uses a fake email address to commit a
cybercrime. Depending on the email spoofing tactic, the criminal may spoof the email address,
email sender name or both. Additionally, the cybercriminal can assume multiple identities, that
of the sender, the company, or both.
For example, the sender’s name is joan.smith@xyzwidgets.com but Joan Smith does not work
for XYZ Widgets. The recipient works at XYZ Widgets, a large multinational company and does
not know that Joan is not an actual person. The recipient trusts the email since it uses the
company logo and asks her to do legitimate work-related tasks.
Similar to phishing, the spoofed email uses urgent and convincing language to spur the
recipient into immediate action. This sense of urgency does a couple of things – it limits the
chance for hesitation and questioning and it convinces the recipient that they are helping and
doing the right thing.
Even with email security in place, some malicious email messages reach user inboxes. Whether
you’re an employee responsible for financial decisions or as someone who uses personal email
at work, there are several steps you can take to avoid becoming a victim of email fraud:
Never click links to access a website where you’re asked to authenticate. Always type
the official domain in your browser and authenticate directly on the site.
The steps to view email headers are different for each email client, so first look up how
to view email headers for your inbox software. Then, open email headers and look for
the Received-SPF section of the headers and look for a PASS or FAIL response.
Copy and paste the content of an email message into a search engine. Chances are that
text used in a common phishing attack has already been reported and published on the
Internet.
Be suspicious of email supposedly from an official source with bad spelling or grammar.
Avoid opening attachments from suspicious or unknown senders.
Emails promising riches—or anything else that’s too good to be true—is likely a scam.
Beware of emails that create a sense of urgency or danger. Phishing and BEC attacks
often try to short-circuit recipients’ natural skepticism by suggesting that something bad
will happen if they don’t act quickly. Treat email links with extra caution if the message
warns of pending account closures, scheduled payment failures or suspicious activity on
one of your financial accounts. Visit the website directly through your browser, not the
link in the email.
Spamming:
Email bombing is characterised by an abuser sending huge volumes of email to a target address
resulting in victim’s email account or mail servers crashing. The message is meaningless and
excessively long in order to consume network resources. If multiple accounts of a mail server
are targeted, it may have a denial-of-service impact. Such mail arriving frequently in your inbox
can be easily detected by spam filters. Email bombing is commonly carried out using botnets
(private internet connected computers whose security has been compromised by malware and
under the attacker’s control) as a DDoS attack.
This type of attack is more difficult to control due to multiple source addresses and the bots
which are programmed to send different messages to defeat spam filters. “Spamming” is a
variant of email bombing. Here unsolicited bulk messages are sent to a large number of users,
indiscriminately. Opening links given in spam mails may lead you to phishing web sites hosting
malware. Spam mail may also have infected files as attachments. Email spamming worsens
when the recipient replies to the email causing all the original addressees to receive the reply.
Spammers collect email addresses from customer lists, newsgroups, chat-rooms, web sites and
viruses which harvest users’ address books, and sell them to other spammers as well. A large
amount of spam is sent to invalid email addresses.
Sending spam violates the acceptable use policy (AUP) of almost all internet service providers. If
your system suddenly becomes sluggish (email loads slowly or doesn’t appear to be sent or
received), the reason may be that your mailer is processing a large number of messages.
Unfortunately, at this time, there’s no way to completely prevent email bombing and spam
mails as it’s impossible to predict the origin of the next attack. However, what you can do is
identify the source of the spam mails and have your router configured to block any incoming
packets from that address.
Salami Attack:
A “salami slicing attack” or “salami fraud” is a technique by which cyber-criminals steal money
or resources a bit at a time so that there’s no noticeable difference in overall size. The
perpetrator gets away with these little pieces from a large number of resources and thus
accumulates a considerable amount over a period of time. The essence of this method is the
failure to detect the misappropriation. The most classic approach is “collect-the-roundoff”
technique. Most calculations are carried out in a particular currency are rounded off up to the
nearest number about half the time and down the rest of the time. If a programmer decides to
collect these excess fractions of rupees to a separate account, no net loss to the system seems
apparent. This is done by carefully transferring the funds into the perpetrator’s account.
Attackers insert a program into the system to automatically carry out the task. Logic bombs
may also be employed by unsatisfied greedy employees who exploit their know-how of the
network and/or privileged access to the system. In this technique, the criminal programs the
arithmetic calculators to automatically modify data, such as in interest calculations.
Stealing money electronically is the most common use of the salami slicing technique, but it’s
not restricted to money laundering. The salami technique can also be applied to gather little
bits of information over a period of time to deduce an overall picture of an organisation. This
act of distributed information gathering may be against an individual or an organisation. Data
can be collected from web sites, advertisements, documents collected from trash cans, and the
like, gradually building up a whole database of factual intelligence about the target.
Since the amount of misappropriation is just below the threshold of perception, we need to be
more vigilant. Careful examination of our assets, transactions and every other dealing including
sharing of confidential information with others might help reduce the chances of an attack by
this method.
Data Hacking:
In simple words, hacking is an act committed by an intruder by accessing your computer system
without your permission. Hackers (the people doing the ‘hacking’) are basically computer
programmers, who have an advanced understanding of computers and commonly misuse this
knowledge for devious reasons. They’re usually technology buffs who have expert-level skills in
one particular software program or language. As for motives, there could be several, but the
most common are pretty simple and can be explained by a human tendancy such as greed,
fame, power, etc. Some people do it purely to show-off their expertise – ranging from relatively
harmless activities such as modifying software (and even hardware) to carry out tasks that are
outside the creator’s intent, others just want to cause destruction.
Greed and sometimes voyeuristic tendancies may cause a hacker to break into systems to steal
personal banking information, a corporation’s financial data, etc. They also try and modify
systems so hat they can execute tasks at their whims. Hackers displaying such destructive
conduct are also called “Crackers” at times. they are also called “Black Hat” hackers On the
other hand, there are those who develop an interest in computer hacking just out of
intellectual curiosity. Some companies hire these computer enthusiasts to find flaws in their
security systems and help fix them. Referred to as “White Hat” hackers, these guys are against
the abuse of computer systems. They attempt to break into network systems purely to alert the
owners of flaws. It’s not always altruistic, though, because many do this for fame as well, in
order to land jobs with top companies, or just to be termed as security experts. “Grey Hat” is
another term used to refer to hacking activities that are a cross between black and white
hacking.
Some of the most famous computer geniuses were once hackers who went on to use their skills
for constructive technological development. Dennis Ritchie and Ken Thompson, the creators of
the UNIX operating system (Linux’s predecessor), were two of them. Shawn Fanning, the
developer of Napster, Mark Zuckerberg of Facebook fame, and many more are also examples.
The first step towards preventing hackers from gaining access to your systems is to learn how
hacking is done. Of course it is beyond the scope of this Fast Track to go into great details, but
we will cover the various techniques used by hackers to get to you via the internet.
a. SQL Injections: An SQL injection is a technique that allows hackers to play upon the security
vulnerabilities of the software that runs a web site. It can be used to attack any type of
unprotected or improperly protected SQL database. This process involves entering portions of
SQL code into a web form entry field – most commonly usernames and passwords – to give the
hacker further access to the site backend, or to a particular
user’s account. When you enter logon information into sign-in fields, this information is
typically converted to an SQL command. This command checks the data you’ve entered against
the relevant table in the database. If your input data matches the data in the table, you’re
granted access, if not, you get the kind of error you would have seen when you put in a wrong
password. An SQL injection is usually an additional command that when inserted into the web
form, tries to change the content of the database to reflect a successful login. It can also be
used to retrieve information such as credit card numbers or passwords from unprotected sites.
b. Theft of FTP Passwords: This is another very common way to tamper with web sites. FTP
password hacking takes advantage of the fact that many webmasters store their website login
information on their poorly protected PCs. The thief searches the victim’s system for FTP login
details, and then relays them to his own remote computer. He then logs into the web site via
the remote computer and modifies the web pages as he or she pleases.
c. Cross-site scripting:
Also known as XSS (formerly CSS, but renamed due to confusion with cascading style sheets), is
a very easy way of circumventing a security system. Cross-site scripting is a hard-to-find
loophole in a web site, making it vulnerable to attack. In a typical XSS attack, the hacker infects
a web page with a malicious client-side script or program. When you visit this web page, the
script is automatically downloaded to your browser and executed. Typically, attackers inject
HTML, JavaScript, VBScript, ActiveX or Flash into a vulnerable application to deceive you and
gather confidential information. If you want to protect your PC from malicious hackers,
investing in a good firewall should be first and foremost. Hacking is done through a network, so
it’s very important to stay safe while using the internet. You’ll read more about safety tips in
the last chapter of this book.
Web Jacking:
Web jacking derives its name from “hijacking”. Here, the hacker takes control of a web site
fraudulently. He may change the content of the original site or even redirect the user to
another fake similar looking page controlled by him. The owner of the web site has no more
control and the attacker may use the web site for his own selfish interests. Cases have been
reported where the attacker has asked for ransom, and even posted obscene material on the
site.
The web jacking method attack may be used to create a clone of the web site, and present the
victim with the new link saying that the site has moved. Unlike usual phishing methods, when
you hover your cursor over the link provided, the URL presented will be the original one, and
not the attacker’s site. But when you click on the new link, it opens and is quickly replaced with
the malicious web server. The name on the address bar will be slightly different from the
original website that can trick the user into thinking it’s a legitimate site. For example, “gmail”
may direct you to “gmai1”. Notice the one in place of ‘L’. It can be easily overlooked.
Identity Theft:
• Fraud that involves someone pretending to be someone else to steal money or get other
benefits.
• What type of Information can uniquely identify a person (Personally Identifiable
Information)
– Full Name
– National Identification Number (Aadhar Card)
– Telephone/ Mobile Phone No.
– Driving License Number
– Credit Card Number
– Face and Fingerprint
Classification of Information
• Non-classified information
– Public Information
– Personal Information (Only share with other for personal or business reason)
– Routine Business Information
– Private Information (eg. SSN, credit card number)
– Confidential Business Information (Tender price)
• Classified Information
– Confidential (Unauthorized disclosure could damage the national security)
– Secret (could seriously damage the national security)
– Top Secret (could severely damage national security)
Techniques:
• Human-based methods
– Direct access
– Dumpster diving (from dustbeans)
– Theft of a purse/wallet
– Shoulder Surfing
– False ATMs (Recording information from ATMs)
– Dishonest or mistreated employees
– Fake telephone calls
• Computer-based methods
– Backup Theft (Analyze or backup the stolen equipments)
– Hacking
– Phishing
– Pharming
– Redirectors
– Hardware (Eg. Keyloggers)
Countermeasures:
It refers to the theft in a manner where the unauthorized person uses internet hours paid by
another person. The authorized person gets access to another person's ISP user ID and
password, either by hacking or by illegal means without that person's knowledge.
Intellectual property (IP) theft is defined as theft of material that is copyrighted, the theft of
trade secrets, and trademark violations etc. One of the most commonly and dangerously known
consequence of IP theft is counterfeit goods and piracy.
Laws governing identity thefts in India
An identity theft involves both theft and fraud, therefore the provisions with regard to forgery
as provided under the Indian Penal Code, 1860 (IPC) is often invoked along with the Information
Technology Act, 2000. Some of the Sections of IPC such as forgery (Section 464), making false
documents (Section 465), forgery for purpose of cheating (Section 468), reputation (Section
469), using as genuine a forged document (Section 471) and possession of a document known
to be forged and intending to use it as genuine (Section 474) can be coupled with those in the IT
Act.
The Information Technology Act, 2000 (IT Act) is the main act which deals with the legislation in
India governing cybercrimes. Some of the Sections dealing with Cyber Theft are: -
With the increase in the number of frauds and cyber related crime, the government is coming
up with refined regulations to protect the interest of the people and safeguard against any
mishappenning on the internet. Further, stronger laws have been formulated with respect to
protection of "sensitive personal data" in the hands of the intermediaries and service providers
(body corporate) thereby ensuring data protection and privacy.
Credit Card Fraud:
At its simplest, credit card fraud can involve stealing someone’s physical credit or debit
card and using it to make purchases. However, that type of credit card fraud is
becoming rarer by the day. In fact, after the introduction of Europay, Mastercard, and
Visa (EMV) chips, card present fraud at the point of sale significantly declined, while
card-not-present (CNP) fraud drastically increased.
Now, twice as many consumers deal with CNP fraud than with card present fraud, and
many of these fraud cases start online as a cyber crime. Keep reading to learn more
about the intersection of credit card fraud and cyber crimes.
What Is Credit Card Fraud?
Credit card fraud refers to using a credit card to obtain money or goods fraudulently.
Thieves may steal a credit card, copy the number off a credit card, or take over a
victim’s account and have the credit card mailed to their (the criminal’s) address. They
may also open a new credit card in the victim’s name or try a variety of other techniques
to steal money or buy assets.
What Are Cyber Crimes?
A cyber crime is any crime that starts online. One type of crime is a scam artist
befriending someone on a social platform and convincing them to send money over the
platform using their credit card. Or, thieves may steal a physical credit card or obtain its
numbers and use that information to make purchases online.
Alternatively, a thief may hack into a bank or business database to steal personal
details about customers and sell those details online. Then, the thief who buys that
information can use it to fraudulently open an account with the victim’s details.
How Do Credit Card Fraud and Cyber Crimes Overlap?
There are countless types of cyber crimes, and many of them involve credit cards. The
internet has changed how thieves target data and information. While some thieves
focus on hacking large files of information that they can sell online, others simply target
a single victim or steal a single card. To prevent credit card fraud, you need a fraud
detection and prevention plan that focuses on the threats of cyber crimes.
Consumers understand this risk instinctually, and their response to fears about crimes
highlights this fact. In one survey, respondents said they feared identity theft more than
having their home broken into — 47% said identity theft was their biggest fear, while
27% chose a home break-in.
These fears are based in reality. The Federal Trade Commission (FTC) reports
that credit card fraud is the most common form of identity theft. Annually, there are
over 133,000 cases of identity theft involving credit cards, and credit cards are used in
almost all (92%) of fraudulent transactions.
Credit Card Fraud Online
Once a scam artist has someone’s credit card details, they can make purchases online.
This is one of the most popular ways to use stolen credit card information. Between
2016 and 2017, online shopping fraud increased by nearly a third, and transactions
from foreign internet protocol (IP) addresses were about seven times more likely to
involve fraud than transactions from U.S. IP addresses.
Software Piracy:
Software Piracy – Definition
Software piracy is the act of stealing software that is legally protected. This stealing
includes copying, distributing, modifying or selling the software.
Copyright laws were originally put into place so that the people who develop software
(programmers, writers, graphic artists, etc.) would get the proper credit and
compensation for their work. When software piracy occurs, compensation is stolen from
these copyright holders.
The End-User License Agreement (EULA) is a license used for most software. It is a
contract between the manufacturer and/or author and the end user. This agreement
defines rules for software use and not every agreement is the same. One common rule
in most EULAs prohibits users from sharing the software with others.
Softlifting
Softlifting is when someone purchases one version of the software and downloads it
onto multiple computers, even though the software license states it should only be
downloaded once. This often occurs in business or school environments and is usually
done to save money. Softlifting is the most common type of software piracy.
Client-server overuse
Client-server overuse is when too many people on a network use one main copy of the
program at the same time. This often happens when businesses are on a local area
network and download the software for all employees to use. This becomes a type of
software piracy if the license doesn’t entitle you to use it multiple times.
Hard disk loading is a type of commercial software piracy in which someone buys a
legal version of the software and then reproduces, copies or installs it onto computer
hard disks. The person then sells the product. This often happens at PC resale shops
and buyers aren’t always aware that the additional software they are buying is illegal.
Counterfeiting
Counterfeiting occurs when software programs are illegally duplicated and sold with the
appearance of authenticity. Counterfeit software is usually sold at a discounted price in
comparison to the legitimate software.
Online Piracy
Online piracy, also known as Internet piracy, is when illegal software is sold, shared or
acquired by means of the Internet. This is usually done through a peer-to-peer
(P2P) file-sharing system, which is usually found in the form of online auction sites and
blogs.
Keep your PC secure by only purchasing software from authorized dealers. Be aware of
any software’s terms and conditions — make sure you agree and adhere to their
guidelines. Protect your device from any further threats with Panda Security’s Free
Antivirus for your Mac or Windows devices.
Forgery:
What is Forgery?
Forgery is making, using, altering, or possessing a false document with the intent to
commit fraud. Forgery can be the creation of a false document, or changing an authentic one.
Forgery is a crime that is classified as a felony in all fifty states and by the federal government.
There are several elements to the crime of forgery, and all must be proven before someone can
be found guilty:
A person must make, alter, use, or possess a false document. Forgery can be creating a
false document from scratch, or altering an otherwise genuine document in a material
way. The alteration is material if it affects a legal right.
o For example, a document like a will may be otherwise valid according to state
law, but if someone other than the testator signs it, the will is a forgery. A forged
signature misrepresents the identity of the person whose will it is, and that has
significant legal consequences.
The writing must have legal significance. Not just any false writing will be considered
criminal forgery. Common examples of documents with legal significance include
contracts, passports, drivers licenses, deeds, receipts, checks, wills, certifications,
professional licenses, prescriptions, historical papers, and art.
o Legally significant means that the document affects legal rights or obligations.
Signing someone else’s name on a friendly letter would not be forgery because it
is probably not legally significant.
o On the other hand, signing someone else’s name on a letter of recommendation
for a job may be forgery because it might affect employment and that is legally
significant.
The writing must be false. The writing must have been created or changed in a way that
makes it appear that the document represents something that it is not. The
fundamental meaning of the document must have changed because of the forgery.
Intent to defraud. The person committing the forgery must have done so with
the specific intent to defraud or trick another person or entity.
Some states punish forgery crimes based on the type of forgery that was committed.
New York classifies forgery in “degrees” based on the type of document that was
forged.
Lack of Intent: The defendant in a forgery case must have intended to defraud,
deceive, or trick the victim with the forged document. Intent is a key element to
proving forgery, so without it the defendant cannot be found guilty.
Lack of Capacity or Knowledge: The defendant must have known that the
document was forged to be guilty of forgery. Knowledge is key to proving the
defendant had the required intent. If they did not know, or did not have the
mental capacity to know, they have a defense.
Coercion: If the defendant was forced to commit the forgery because they or
someone they loved was threatened, they have a defense.
Consent: a defendant has the defense of consent if they forged the document
with the consent or cooperation of the alleged victim.
Most defenses to forgery address the required element of the intent to defraud or
deceive. Proving that the defendant did not have specific intent is a complete defense
because it means the defendant did not have the required mental state to commit the
crime.
Online Frauds:
Internet Fraud The term ‘internet fraud’ refers to any type of fraud scheme that uses email, web sites,
chat rooms or message boards to present fraudulent solicitations to prospective victims, to conduct
fraudulent transactions or to transmit the proceeds of fraud to financial institutions or to others
connected with the scheme. Internet fraud may include spam, scams, spyware, identity theft, phishing
or internet banking fraud.
Spam Spam is a generic term used to describe electronic ‘junk mail’ or unwanted messages sent to your
email account or mobile phone. These messages vary, but are essentially commercial and often
annoying in their sheer volume. They may try to persuade you to buy a product or service, or visit a
website where you can make purchases; or they may attempt to trick you into divulging your bank
account or credit card details. More information about spam is available from the Australian
Communications and Media Authority (ACMA) website
Scams The power of the internet and email communication has made it all too easy for email scams to
flourish. These schemes often arrive uninvited by email. Many are related to the well documented
Nigerian Scam or Lotto Scams and use similar tactics in one form or another.
Spyware Spyware is generally considered to be software that is secretly installed on a computer and
takes things from it without the permission or knowledge of the user. Spyware may take personal
information, business information, bandwidth or processing capacity and secretly gives it to someone
else. It is recognised as a growing problem.
Phishing Phishing is a technique used to gain personal information for the purpose of identity theft.
Phishing involves using a form of spam to fraudulently gain access to people’s online banking details. As
well as targeting online banking customers, phishing emails may target online auction sites or other
online payment facilities. Typically, a phishing email will ask an online banking customer to follow a link
in order to update personal bank account details. If the link is followed the victim downloads a program
which captures his or her banking login details and sends them to a third party
Identity theft A large part of online crime is now centred on identity theft which is part of identity fraud
and specifically refers to the theft and use of personal identifying information of an actual person, as
opposed to the use of a fictitious identity. This can include the theft and use of identifying personal
information of persons either living or dead
Internet banking fraud Internet banking fraud is a fraud or theft committed using online technology to
illegally remove money from a bank account and/or transfer money to an account in a different bank.
Internet banking fraud is a form of identity theft and is usually made possible through techniques such
as phishing
• Consideration of using a low-limit separate credit card for online purchases to minimise the potential
loss if things go wrong.
• Limiting the amount of personal information you allow to be ‘the public domain’ i.e.: social networking
sites that could be used to assist in identity theft.
Information can be erased or become inaccessible, resulting in loss of availability. This means
that people who are authorized to get information cannot get what they need. Availability is
often the most important attribute in service-oriented businesses that depend on information
(for example, airline schedules and online inventory systems).
Availability of the network itself is important to anyone whose business or education relies on
a network connection. When users cannot access the network or specific services provided on
the network, they experience a denial of service.
To make information available to those who need it and who can be trusted with it,
organizations use authentication and authorization. Authentication is proving that a user is the
person he or she claims to be. That proof may involve something the user knows (such as a
password), something the user has (such as a “smartcard”), or something about the user that
proves the person’s identity (such as a fingerprint). Authorization is the act of determining
whether a particular user (or computer system) has the right to carry out a certain activity, such
as reading a file or running a program.
Authentication and authorization go hand in hand. Users must be authenticated before carrying
out the activity they are authorized to perform. Security is strong when the means of
authentication cannot later be refuted—the user cannot later deny that he or she performed
the activity. This is known as nonrepudiation.
These concepts of information security also apply to the term information security; that is,
internet users want to be assured that,
• they can trust the information they use
• the information they are responsible for will be shared only in the manner that they expect
• the systems they use will process information in a timely and trustworthy manner
Confidentiality is perhaps the element of the triad that most immediately comes to mind
when you think of information security. Data is confidential when only those people who are
authorized to access it can do so; to ensure confidentiality, you need to be able to identify
who is trying to access data and block attempts by those without authorization. Passwords,
encryption, authentication, and defense against penetration attacks are all techniques
designed to ensure confidentiality.
Integrity means maintaining data in its correct state and preventing it from being improperly
modified, either by accident or maliciously. Many of the techniques that ensure confidentiality
will also protect data integrity—after all, a hacker can't change data they can't access—but
there are other tools that help provide a defense of integrity in depth: checksums can help
you verify data integrity, for instance, and version control software and frequent backups can
help you restore data to a correct state if need be. Integrity also covers the concept of non-
repudiation: you must be able to prove that you've maintained the integrity of your data,
especially in legal contexts.
Availability is the mirror image of confidentiality: while you need to make sure that your data
can't be accessed by unauthorized users, you also need to ensure that it can be accessed by
those who have the proper permissions. Ensuring data availability means matching network
and computing resources to the volume of data access you expect and implementing a good
backup policy for disaster recovery purposes.
In an ideal world, your data should always be kept confidential, in its correct state,
and available; in practice, of course, you often need to make choices about which
information security principles to emphasize, and that requires assessing your data. If
you're storing sensitive medical information, for instance, you'll focus on
confidentiality, whereas a financial institution might emphasize data integrity to
ensure that nobody's bank account is credited or debited incorrectly.
2nd answer:
These goals form the confidentiality, integrity, availability (CIA) triad, the basis of all
security programs. The CIA triad is a security model that is designed to guide policies
for information security within the premises of an organization or company. This
model is also referred to as the AIC (Availability, Integrity, and
Confidentiality) triad to avoid the confusion with the Central Intelligence Agency.
The elements of the triad are considered the three most crucial components of
security.
The CIA criteria are one that most of the organizations and companies use when they
have installed a new application, creates a database or when guaranteeing access to
some data. For data to be completely secure, all of these security goals must come
into effect. These are security policies that all work together, and therefore it can be
wrong to overlook one policy.
1. Confidentiality
Access control
Access control defines rules and policies for limiting access to a system or to physical
or virtual resources. It is a process by which users are granted access and certain
privileges to systems, resources or information. In access control systems, users
need to present credentials before they can be granted access such as a person's
name or a computer's serial number. In physical systems, these credentials may
come in many forms, but credentials that can't be transferred provide the most
security.
Authentication
An authentication is a process that ensures and confirms a user's identity or role that
someone has. It can be done in a number of different ways, but it is usually based on
a combination of-
o something the person has (like a smart card or a radio key for storing secret
keys),
Authorization
Physical Security
2. Integrity
Integrity refers to the methods for ensuring that data is real, accurate and
safeguarded from unauthorized user modification. It is the property that information
has not be altered in an unauthorized way, and that source of the information is
genuine.
Checksums
It is a method for storing data in such a way that small changes can be easily
detected and automatically corrected.
3. Availability
o Physical Protections
o Computational Redundancies
Physical Protections
Physical safeguard means to keep information available even in the event of physical
challenges. It ensure sensitive information and critical information technology are
housed in secure areas.
Computational redundancies
It is applied as fault tolerant against accidental faults. It protects computers and
storage devices that serve as fallbacks in the case of failures.
E-commerce security:
Security is an essential part of any transaction that takes place over the internet.
Customers will lose his/her faith in e-business if its security is compromised. Following
are the essential requirements for safe e-payments/transactions −
Confidentiality − Information should not be accessible to an unauthorized
person. It should not be intercepted during the transmission.
Integrity − Information should not be altered during its transmission over the
network.
Availability − Information should be available wherever and whenever required
within a time limit specified.
Authenticity − There should be a mechanism to authenticate a user before
giving him/her an access to the required information.
Non-Repudiability − It is the protection against the denial of order or denial of
payment. Once a sender sends a message, the sender should not be able to
deny sending the message. Similarly, the recipient of message should not be
able to deny the receipt.
Encryption − Information should be encrypted and decrypted only by an
authorized user.
Auditability − Data should be recorded in such a way that it can be audited for
integrity requirements.
Measures to ensure Security
Major security measures are following −
Encryption − It is a very effective and practical way to safeguard the data being
transmitted over the network. Sender of the information encrypts the data using
a secret code and only the specified receiver can decrypt the data using the
same or a different secret code.
Digital Signature − Digital signature ensures the authenticity of the information.
A digital signature is an e-signature authenticated through encryption and
password.
Security Certificates − Security certificate is a unique digital id used to verify
the identity of an individual website or user.
Security Protocols in Internet
We will discuss here some of the popular protocols used over the internet to ensure
secured online transactions.
Secure Socket Layer (SSL)
It is the most commonly used protocol and is widely used across the industry. It meets
following security requirements −
Authentication
Encryption
Integrity
Non-reputability
"https://" is to be used for HTTP urls with SSL, where as "http:/" is to be used for HTTP
urls without SSL.
SHTTP extends the HTTP internet protocol with public key encryption, authentication,
and digital signature over the internet. Secure HTTP supports multiple security
mechanism, providing security to the end-users. SHTTP works by negotiating
encryption scheme types used between the client and the server.
Computer Forensics:
Forensics is the process of using scientific knowledge for collecting, analyzing, and
presenting evidence to the courts. Forensics deals primarily with the recovery and
analysis of latent evidence. Latent evidence can take many forms, from fingerprints left
on a window to DNA evidence recovered from blood stains to the files on a hard drive.
computer forensics as the discipline that combines elements of law and computer
science to collect and analyze data from computer systems, networks, wireless
communications, and storage devices.
2. Collection:
It includes preserving the digital evidences identified in the first step so that they
doesn’t degrade to vanish with time. Preserving the digital evidences is very
important and crucial.
3. Analysis:
It includes analyzing the collected digital evidences of the committed computer
crime in order to trace the criminal and possible path used to breach into the
system.
4. Documentation:
It includes the proper documentation of the whole digital investigation, digital
evidences, loop holes of the attacked system etc. so that the case can be
studied and analysed in future also and can be presented in the court in a proper
format.
5. Presentation:
It includes the presentation of all the digital evidences and documentation in the
court in order to prove the digital crime committed and identify the criminal.
Media forensics:
It is the branch of digital forensics which includes identification, collection,
analysis and presentation of audio, video and image evidences during the
investigation process.
Cyber forensics:
It is the branch of digital forensics which includes identification, collection,
analysis and presentation of digital evidences during the investigation of a cyber
crime.
Mobile forensics:
It is the branch of digital forensics which includes identification, collection,
analysis and presentation of digital evidences during the investigation of a crime
committed through a mobile device like mobile phones, GPS device, tablet,
laptop.
Sofware forensics:
It is the branch of digital forensics which includes identification, collection,
analysis and presentation of digital evidences during the investigation of a crime
related to softwares only.
Ch – 3 Phishing and Identity Theft
Methodology of Phishers:
• Planning
• Identify the victim
• Setup
• Decide the method/medium(Most probably email)
• Attack
• Make the phishing attack (For example : send the fake
email)
• Collection
• Collect the data arrived from phishing attack
• Identity Theft and Fraud
• Use the collected information for the illegal activity
Emails : a popular medium for phishing
• Free
• Easy to get the victim’s email id(s).
• No trace back
• Types of email attacks :
• Spam Emails
• Hoax Emails (Example: an email hoax may be a bogus
warning about a non-existent security threat or virus.)
Road-and-reel
Identify victims in advance
Convey false information to victims to prompt their disclosure of personal and
financial data.
For example, advertising an item with big discount that the victim is searching for.
Lobsterpot
Use of spoofed websites.
Website name is similar to a legitimate corporate one.
Also known as content injection phishing
Gillnet
Phishers introduce malicious code into emails or websites.
This malicious code helps attacker to theft user’s personal and financial
information.
For example, the malicious code may change hosts.txt file in user’s system to
redirect him to a fake website
Phishing techniques:
Spear phishing:
• Sending a Phishing message to a particular organization to gain
organizational information for more targeted social engineering.
• Example sending emails to employees from Reliance industry, gain the
information and use this information to make social phishing attacks on the
customers of Reliance.
• Whaling : Special form of Spear Phishing;
• Targets executives from top management.
• Attempts to retrieve confidential information
Not all phishing scams embrace “spray and pray” techniques. Some ruses rely more on
a personal touch. They do so because they wouldn’t be successful otherwise.
Enter spear phishing schemes.
In this type of ploy, fraudsters customize their attack emails with the target’s name,
position, company, work phone number and other information in an attempt to trick the
recipient into believing that they have a connection with the sender. Yet the goal is the
same as deceptive phishing: trick the victim into clicking on a malicious URL or email
attachment so that they’ll hand over their personal data. Given the amount of
information needed to craft a convincing attack attempt, it’s no surprise that spear-
phishing is commonplace on social media sites like LinkedIn where attackers can use
multiple data sources to craft a targeted attack email.
Techniques Used in Spear Phishing
Provided below are some of the most common techniques used in spear phishing
attacks:
Phishing Countermeasure:
The Internet is full of articles for how to tell if an email is phishing but there seems to
be a lack of concise checklists how to prepare an organization against phishing
attacks, so here you go.
Because phishing attacks humans and systems alike, the defense should also cover
both aspects. None of the following steps is bullet proof, so layering your defenses is
important – and having an incident response plan in case someone does get through.
It's important that you filter your emails for malicious URLs and attachments to
prevent phishing emails making it to your users in the first place. Sandboxing can
detect a lot of the malware in emails, but make sure that you have a follow up plan in
place if you're deploying this technology in detection rather than blocking mode –
otherwise the malware is still live on your systems. Use security analytics to filter out
malicious URLs. Rapid7 UserInsight uses threat feeds to detect known malicious
URLs and security analytics to alert on unknown ones. It also integrates with
sandboxing solutions, such as FireEye NX Series and PaloAlto WildFire, to enable
quick and easy incident investigation of malware alerts.
Some phishing emails include URLs to exploit vulnerabilities in the browsers and its
plug-ins, such as Flash and Java; others send file attachments that try to exploit
applications like Adobe Acrobat or Microsoft Office. That's why it's important to patch
vulnerabilities on your endpoints as well. Many organizations already have a
vulnerability management program in place but only scan servers. Make sure you
extend coverage to your endpoints and patch operating systems, software, and plug-
ins. This not only protects you from phishing emails but also drive-by attacks. Rapid7
Nexpose can help you manage vulnerabilities on your endpoints, and much more.
Many phishing attacks involve malware that steal your data or passwords. You should
have technology in place to detect malware on the endpoint. Regular anti-virus is
great for catching commodity malware, which is likely the bulk of what you will see
used against you. There are also many new endpoint detection vendors out there that
have great alternative technologies. Rapid7 UserInsight uses its agentless endpoint
monitor to collect process hashes from all machines on your network to highlight
known malicious processes based on the output of 57 anti-virus scanners; it also
looks for rare/unique unsigned processes that may indicate malware.
Even with all of these protections in place, your users may still fall prey to credential
harvesting attacks. A common phishing attack is leading users to a fake Outlook Web
Access page and asking them to enter their domain credentials to log on, but there
are many variations. Once the attackers have the passwords, they can impersonate
users. Rapid7 UserInsight can detect compromised credentials, both on your network
and in cloud services, such as Office 365, Salesforce.com and Box.com. It detects
lateral movement to other users, assets, or to the cloud, so you'll be able to trace
intruders even if they break out of the context of the originally compromised user.
7. Implement 2-factor authentication
There are two standards that help determine if an email actually came from the
sender domain it claims to detect email spoofing. The first one is the Sender Policy
Framework (SPF), which adds an list to your DNS records that includes all servers
that are authorized to send mail on your behalf. The second standard is DomainKeys
Identified Mail (DKIM), which is a way for an email server to digitally sign all outgoin g
mail, proving that an email came from a specific domain and was not altered during
transportation. Together, they raise the confidence in the authenticity of the sender
and email content by the recipient. To help improve security hygiene, check that your
systems have both SPF and DKIM enabled on your outgoing email. For incoming
email, you should check if a the sender domain has SPF set up and the email came
from an authorized server, and that DKIM signed emails have not been tampered
with. While these protections are not bullet proof against targeted attacks that register
look-alike domains, they can help filter out a lot of mass phishing.
While even educated users won't catch everything, they are worth investing in. Train
your users about how to detect phishing emails and send them simulated phishing
campaigns to test their knowledge. Use the carrot, not the stick: Offer prizes for those
that detect phishing emails to create a positive security-aware culture – and extend
the bounty from simulated to real phishing emails. Whenever you see new phishing
emails targeting your company, alert your employees about them using sample
screenshots of the emails with phishy features highlighted. Encourage your users to
use secure browsers – I put Google Chrome (64-bit version) on the top of my list for
security and usability. Here at Rapid7, we offer Security Awareness Trainings; you
can also send phishing simulations with Rapid7 Metasploit Pro that track click-
throughs so you can report on user awareness.
Even if you put all of these protections in place, some phishing emails will get
through, especially if they are targeted against your organization and tailored to the
individual. It's not whether these emails will get through but how well you are
prepared to respond to intruders on the network. Rapid7 UserInsight enables you to
detect compromised users and investigate intruders that entered the network through
a phishing attack. This helps you shorten your time-to-detection and time-to-contain,
reducing the impact of a phishing attack on your organization. In addition, Rapid7
offers incident response services and can help you develop an incident response
program.
While these areas cover the most important counter-phishing measures, I'd love to
hear if you've implemented anything else that you found to be effective - just post
your experience in the comments section.
Identity Theft:
Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces
of personally identifiable information (PII), such as Social Security or driver's license numbers,
to impersonate someone else.
The taken information can be used to run up debt purchasing credit, goods and services in the
name of the victim or to provide the thief with false credentials. In rare cases, an imposter
might provide false identification to police, creating a criminal record or leaving outstanding
arrest warrants for the person whose identity has been stolen.
Identity theft is categorized in two ways: true name and account takeover. True-name identity
theft means the thief uses personal information to open new accounts. The thief might open a
new credit card account, establish cellular phone service or open a new checking account to
obtain blank checks.
Account-takeover identity theft is when the imposter uses personal information to gain access
to the person's existing accounts. Typically, the thief will change the mailing address on an
account and run up a huge bill before the victim realizes there is a problem. The internet has
made it easier for identity thieves to use the information they've stolen since transactions can
be made without any personal interaction.
Financial identity theft. This is the most common type of identity theft. Financial identity
theft seeks economic benefits by using a stolen identity.
Tax-related identity theft. In this type of exploit, the criminal files a false tax return with the
Internal Revenue Service (IRS). Done by using a stolen Social Security number.
Medical identity theft. Where, the thief steals information like health insurance member
numbers, to receive medical services. The victim's health insurance provider may get the
fraudulent bills. This will be reflected in the victim's account as services they received.
Criminal identity theft. In this example, a person under arrest gives stolen identity
information to the police. Criminals sometimes back this up with a containing stolen
credentials. If this type of exploit is successful, the victim is charged instead of the thief.
Child identity theft. In this exploit, a child's Social Security number is misused to apply for
government benefits, opening bank accounts and other services. Children's information is
often sought after by criminals because the damage may go unnoticed for a long time.
Senior identity theft. This type of exploit targets people over the age of 60. Because senior
citizens are often identified as theft targets, it is especially important for this seniors to stay
on top of the evolving methods thieves use to steal information.
Identity cloning for concealment. In this type of exploit, a thief impersonates someone else
in order to hide from law enforcement or creditors. Because this type isn't explicitly
financially motivated, it's harder to track, and there often isn't a paper trail for law
enforcement to follow.
Synthetic identity theft. In this type of exploit, a thief partially or completely fabricates an
identity by combining different pieces of PII from different sources. For example, the thief
may combine one stolen Social Security number with an unrelated birthdate. Usually, this
type of theft is difficult to track because the activities of the thief are recorded files that do
not belong to a real person.
Identity theft techniques
Although an identity thief might hack into a database to obtain personal information, experts
say it's more likely the thief will obtain information by using social engineering techniques.
These techniques includes the following:
Mail theft. This is stealing credit card bills and junk mail directly from a victim's mailbox or
from public mailboxes on the street.
Dumpster diving. Retrieving personal paperwork and discarded mail from trash dumpsters is
an easy way for an identity thief to get information. Recipients of preapproved credit card
applications often discard them without shredding them first, which greatly increases the
risk of credit card theft.
Shoulder surfing. This happens when the thief gleans information as the victim fills out
personal information on a form, enter a passcode on a keypad or provide a credit card
number over the telephone.
Phishing. This involves using email to trick people into offering up their personal
information. Phishing emails may contain attachments bearing malware designed to steal
personal data or links to fraudulent websites where people are prompted to enter their
information.
Ch – 4 Security Threats and Vulnerabilities
Threats:
• The people eager, willing and qualified to take an advantage of each
security vulnerability, and continually search for new exploits and
weaknesses.
• Threats can be many like software attacks, theft of intellectual property,
identity theft, theft of information and information extortion.
• Software attacks means attack by Viruses, Worms, Trojan Horses etc.
• Malware means malicious software that is program code or a malicious
operations on system.
• Four main classes of threats:
• Structured Threats: technical person who is trying to access to your
network
• Unstructured Threats non-technical person trying to access to your
network
• Internal Threats form inside your network
• External Threats from outside your network
• Malware can be divided in 2 categories:
• Infection Methods:
• Virus replicate by hooking them to the program on the host
computer. e.g. File Virus, Macro Virus, Boot sector Virus.
• Worms are self replicating but it don’t hook to the program on
host computer. e.g. slowing down the computer.
• Trojan their purpose is executed their task of either stealing
information or steal your valuable data without your
knowledge and permission. e.g. FTP Trojans, Proxy Trojans etc.
• Bots they are automated processes that are designed to
interact over the internet without the need of human
interaction.
• Malware Actions:
• Adware they display ads on computer’s or inside individual
programs. They monitor your interests and display relevant
ads. An attacker can embed malicious code inside the software
and adware can monitor user’s system activities.
• Spyware is a program or software that monitors user’s
activities on computer. e.g. Keylogger
• Ransomware is encrypt user’s file or will lock your computer.
e.g. ransom in exchange.
• Scareware a tool or software is executed it will infect your
system or completely destroy.
• Theft of intellectual property means copyrights, patents etc.
• Identity theft like accessing the computer or social media account of
a person by login into the account. e.g. login credentials.
• Some of these are new generation threats
• Technology with weak security like very few devices are fully
secured and follows information security principles.
• Social media attacks it identify that to steal persons information's.
• Mobile Malware e.g. user to download a game or any unknown
application from internet then unintentionally user will install
malware or virus in the device.
• Outdated security software updation in security software.
• Social engineering
Attacks:
• Hackers
• Crackers
• Phreakers
Palnning of attack:
Reconnaissance:
• Reconnaissance (Information Gathering)
• Scanning and Scrutinizing the Gathered Information
• Launching an attack
• Passive
– Googling
– Network Sniffing
– Several other tools (eMailTrackerPro, Traceroute, VisualRoute Trace)
• Active
– Arphound (Gives IP-MAC pair lists, and other network event
information)
– Dsniff (Network auditing tool to capture username, password and
authentication information on a local subnet)
Scanning and Scrutinizing the gathered Information:
• Port Scanning
• Network Scanning
• Vulnerability Scanning
Attacks- 5 steps:
• Crack the password
• Exploit the privileges
• Execute the malicious commands/applications
• Hide the files (if required)
• Cover the tracks
Social Engineering:
• Technique to influence and persuasion to deceive people to obtain the
information or perform some action.
• Human-based Social Engineering
• Computer-based Social Engineering
– Fake emails
– Email attachements
– Pop-up Windows
Attack Vector:
• Path or means by which an attacker can gain access to a computer or to a
network server to deliver a payload or malicious outcome.
• Viruses, worms, Trojan Horse, botnet etc.
Hacking Techniques:
A commonly used hacking definition is the act of compromising digital devices and
networks through unauthorized access to an account or computer system. Hacking is
not always a malicious act, but it is most commonly associated with illegal activity and
data theft by cyber criminals.
Hacking refers to the misuse of devices like computers, smartphones, tablets, and
networks to cause damage to or corrupt systems, gather information on users, steal
data and documents, or disrupt data-related activity.
A traditional view of hackers is a lone rogue programmer who is highly skilled in coding
and modifying computer software and hardware systems. But this narrow view does not
cover the true technical nature of hacking. Hackers are increasingly growing in
sophistication, using stealthy attack methods designed to go completely unnoticed by
cybersecurity software and IT teams. They are also highly skilled in creating attack
vectors that trick users into opening malicious attachments or links and freely giving up
their sensitive personal data.
As a result, modern-day hacking involves far more than just an angry kid in their
bedroom. It is a multibillion-dollar industry with extremely sophisticated and successful
techniques.
• Types of Hackers
White Hat: Hackers who is authorized or the certified hackers who
work for the government and organizations .
Black Hat: Hackers who is trying to unauthorized access of your
system or data
Gray Hat: Hackers are not legally authorized hackers, they work for
both good and bad intentions