CHAP 2

Credit-card Frauds
Inside vs Outside attacks
Inside Attacks:

● Perpetrator Location: Originates from within the organization's network or trusted

environment.
● Perpetrator Identity:The attacker is typically an insider, such as an employee,
contractor, or business partner.
● Access Level: Insiders may have legitimate access to systems and data, making
detection more challenging.
● Motivation: Insiders may have various motives, including financial gain, revenge, or
espionage.
● Attack Methods :May involve exploiting their existing privileges, abusing their access,
or introducing malware from within.
● Detection Difficulty: Can be harder to detect due to legitimate user access and
knowledge of security measures.
● Mitigation: Requires a focus on monitoring internal activities, user behavior analytics,
and access control.

Outside Attacks:

● Perpetrator Location: Originates from outside the organization's network or trusted

perimeter.
● Perpetrator Identity: The attacker is typically an external threat actor, such as hackers,
cybercriminals, or state-sponsored entities.
● Access Level: Attackers need to breach the network's defenses to gain access, often
exploiting vulnerabilities.
● Motivation: Motives typically include financial gain, data theft, disruption, or political
objectives.
● Attack Methods: Involves techniques like phishing, malware, DDoS attacks, and
exploiting software vulnerabilities.
● Detection Difficulty: Easier to detect at the network perimeter, but advanced attackers
may still evade detection for some time.
● Mitigation: Requires robust perimeter defenses, regular security updates, and incident
response planning.
Cyber Security Vulnerability (Types)
1. Software Vulnerabilities :
- Flaws or weaknesses in software code that can be exploited by attackers. These include
programming errors, buffer overflows, and injection attacks.

2. Hardware Vulnerabilities :
- Weaknesses in computer hardware components, such as microprocessors, memory chips,
or peripheral devices, that can be targeted by attackers.

3. Network Vulnerabilities :
- Weaknesses in network infrastructure or configurations that can be exploited. This includes
misconfigured routers, firewalls, or open ports.

4. Human Vulnerabilities :
- Weaknesses related to human behavior, such as social engineering attacks, where attackers
manipulate people into divulging sensitive information or taking harmful actions.

5. Policy and Procedural Vulnerabilities :

- Weaknesses in an organization's cybersecurity policies, procedures, or practices that can be
exploited. This includes inadequate access control policies or poor incident response
procedures.

6. Physical Security Vulnerabilities :

- Weaknesses in an organization's physical security measures, like unsecured server rooms,
unauthorized access to facilities, or lack of surveillance.

7. Configuration Management Vulnerabilities :

- Weaknesses arising from improper configuration of systems, software, or security settings.
This includes default passwords, unpatched systems, and insecure device settings.

Addressing these vulnerabilities is critical to maintaining a strong cybersecurity posture and

reducing the risk of cyberattacks and data breaches.

Malware
Any malicious software intended to harm or exploit any programmable device, service, or
network is referred to as malware. Cybercriminals typically use it to extract data they can use
against victims to their advantage in order to profit financially. Financial information, medical
records, personal emails, and passwords are just a few examples of the types of information
that could be compromised.

In simple words, malware is short for malicious software and refers to any software that is
designed to cause harm to computer systems, networks, or users. Malware can take many
forms. It’s important for individuals and organizations to be aware of the different types of
malware and take steps to protect their systems, such as using antivirus software, keeping
software and systems up-to-date, and being cautious when opening email attachments or
downloading software from the internet.

Malware is a program designed to gain access to computer systems, generally for the benefit of
some third party, without the user’s permission. Malware includes computer viruses, worms,
Trojan horses, ransomware, spyware, and other malicious programs.

Why Do Cybercriminals Use Malware?

● Cybercriminals use malware, which includes all forms of malicious software including
viruses, for a variety of purposes.
● Using deception to induce a victim to provide personal information for identity theft
● Theft of customer credit card information or other financial information
● Taking over several computers and using them to launch denial-of-service attacks
against other networks
● Using infected computers to mine for cryptocurrencies like bitcoin.

Types of Malware
● Viruses – A Virus is a malicious executable code attached to another executable file.
The virus spreads when an infected file is passed from system to system. Viruses can be
harmless or they can modify or delete data. Opening a file can trigger a virus. Once a
program virus is active, it will infect other programs on the computer.
● Worms – Worms replicate themselves on the system, attaching themselves to different
files and looking for pathways between computers, such as computer network that
shares common file storage areas. Worms usually slow down networks. A virus needs a
host program to run but worms can run by themselves. After a worm affects a host, it is
able to spread very quickly over the network.
● Trojan horse – A Trojan horse is malware that carries out malicious operations under the
appearance of a desired operation such as playing an online game. A Trojan horse
varies from a virus because the Trojan binds itself to non-executable files, such as image
files, and audio files.
● Ransomware – Ransomware grasps a computer system or the data it contains until the
victim makes a payment. Ransomware encrypts data in the computer with a key that is
unknown to the user. The user has to pay a ransom (price) to the criminals to retrieve
data. Once the amount is paid the victim can resume using his/her system
 ● Adware – It displays unwanted ads and pop-ups on the computer. It comes along with
software downloads and packages. It generates revenue for the software distributer by
displaying ads.
● Spyware – Its purpose is to steal private information from a computer system for a third
party. Spyware collects information and sends it to the hacker.
● Logic Bombs – A logic bomb is a malicious program that uses a trigger to activate the
malicious code. The logic bomb remains non-functioning until that trigger event happens.
Once triggered, a logic bomb implements a malicious code that causes harm to a
computer. Cybersecurity specialists recently discovered logic bombs that attack and
destroy the hardware components in a workstation or server including the cooling fans,
hard drives, and power supplies. The logic bomb overdrives these devices until they
overheat or fail.
● Rootkits – A rootkit modifies the OS to make a backdoor. Attackers then use the
backdoor to access the computer distantly. Most rootkits take advantage of software
vulnerabilities to modify system files.
● Backdoors – A backdoor bypasses the usual authentication used to access a system.
The purpose of the backdoor is to grant cyber criminals future access to the system even
if the organization fixes the original vulnerability used to attack the system.
● Keyloggers – Keylogger records everything the user types on his/her computer system
to obtain passwords and other sensitive information and send them to the source of the
keylogging program.

How To Know If Our Devices Are Infected With

Malware?
● Performing poorly on the computer by execution.
● When your web browser directs you to a website you didn’t intend to visit, this is known
as a browser redirect.
● Warnings about infections are frequently accompanied by offers to buy a product to treat
them.
● Having trouble starting or shutting down your computer.
● Persistent pop-up ads.

How To Protect From Malware?

● Protect your devices.
● Update your operating system and software. Install updates as soon as they become
available because cybercriminals search for vulnerabilities in out-of-date or outdated
software.
● Never click on a popup’s link. Simply click the “X” in the message’s upper corner to close
it and leave the page that generated it.
● Don’t install too many apps on your devices. Install only the apps you believe you will
regularly use and need.
● Be cautious when using the internet.
 ● Do not click on unidentified links. If a link seems suspicious, avoid clicking it whether it
comes from an email, social networking site, or text message.
● Choose the websites you visit wisely. Use a safe search plug-in and try to stick to
well-known and reputable websites to avoid any that might be malicious without your
knowledge.
● Emails requesting personal information should be avoided. Do not click a link in an email
that appears to be from your bank and asks you to do so in order to access your account
or reset your password. Log in immediately at your online banking website.

How To Remove Malware?

As was already mentioned, a large number of security software programs are made to both find
and stop malware as well as to eliminate it from infected systems.

An antimalware tool that handles malware detection and removal is Malwarebytes. Malware can
be eliminated from Windows, macOS, Android, and iOS operating systems. A user’s registry
files, currently running programs, hard drives, and individual files can all be scanned by
Malwarebytes. Malware can then be quarantined and removed if it is found. Users cannot,
however, set automatic scanning schedules like they can with some other tools.

Sniffing Attack:
A sniffing attack in system hacking is a form of denial-of-service attack which is carried out by
sniffing or capturing packets on the network, and then either sending them repeatedly to a victim
machine or replaying them back to the sender with modifications. Sniffers are often used in
system hacking as a tool for analyzing traffic patterns in a scenario where performing more
intrusive and damaging attacks would not be desirable.

A sniffing attack can also be used in an attempt to recover a passphrase, such as when an SSH
private key has been compromised. The sniffer captures SSH packets containing encrypted
versions of the password being typed by the user at their terminal, which can then be cracked
offline using brute force methods.

● The term “sniffing” is defined in RFC 2301 as: “Any act of capturing network traffic and
replaying it, usually for the purpose of espionage or sabotage.”
● This definition is not accurate for UNIX-based systems, since any traffic can be sniffed
as long as either the attacker has access to network interfaces (NIC) or modifies packets
that could not be altered in transit. Sniffing can be performed using a special program
like tcpdump, tcpflow, or LanMon that is connected to a port over which the packets can
be inspected remotely.
● Another sniffing attack called ARP spoofing involves sending forged Address Resolution
Protocol (ARP) messages to the Ethernet data link layer. These messages are used to
associate a victim machine’s IP address with a different MAC address, leading the
 targeted machine to send all its traffic intended for the victim through an
attacker-controlled host.
● This is used to both hijack sessions and also cause flooding of the network via a
denial-of-service attack (see Smurf attack).
Every IP packet contains, in addition to its payload, two fields: an IP header, and an
Ethernet header encapsulating it.
● The combination of these two headers is often referred to as a “packet” by those who
work with internet communications. An attacker can, therefore, view and modify an IP
packet’s IP header without having to see its payload.
● The Ethernet header contains information about the destination MAC address (the
hardware address of the recipient machine) and the Ether Type field contains a value
indicating what type of service is requested (e.g., precedence or flow control).
● The Ether type could be “0xFFFF”, indicating that no service fields were included for the
Ethernet frame. This was used in Cisco’s implementation prior to version 8.0.

How it works :

● The attacker has access to the “ARP cache” on their infected machine, which also
contains other machines’ MAC addresses, but who do not have or are not using the
same IP addresses as other machines with the same MAC addresses in their ARP
caches.
● The attacker does not know what method the other machines use for keeping a table of
MAC addresses, and so simply sets up a network with many duplicate entries.
● The attacker sends out forged ARP messages, trying to associate their infected machine
with another machine’s MAC address.

Countermeasures:

There are a number of ways that the attacker can be prevented from using these methods,
including:

● ARP spoofing is not a very effective attack, except in networks that are poorly secured.
● In order for an attacker to use this method as a form of masquerading, they must be able
to send packets directly to the network (either through access to Wi-Fi or by finding a
security flaw). Because of this, the attacker’s IP address is likely to become known very
quickly.
● A sniffing attack is a form of attack where the attacker tries to access certain data over
the network and sniffing is used as an essential task in capturing data. The term
“sniffing” comes from the action of sniffing or smelling. The attacker gets hold of this
information by using special software called “network analyzer”.
● Sniffing in Hacking: it is considered to be an intrusion on your computer system without
permission, without your knowledge, and without legal authorization. It’s called hacking,
which can be performed by several methods.
Phases of Hacking:
● 1. Reconnaissance: This is the first phase where the Hacker tries to collect
information about the target. It may include Identifying the Target, finding out the target’s
IP Address Range, Network, DNS records, etc. Let’s assume that an attacker is about to
hack a websites’ contacts.
He may do so by using a search engine like maltego, researching the target say a
website (checking links, jobs, job titles, email, news, etc.), or a tool like HTTPTrack to
download the entire website for later enumeration, the hacker is able to determine the
following: Staff names, positions, and email addresses.
● 2. Scanning: This phase includes the usage of tools like dialers, port scanners,
network mappers, sweepers, and vulnerability scanners to scan data. Hackers are now
probably seeking any information that can help them perpetrate attacks such as
computer names, IP addresses, and user accounts. Now that the hacker has some basic
information, the hacker now moves to the next phase and begins to test the network for
other avenues of attacks. The hacker decides to use a couple of methods for this end to
help map the network (i.e. Kali Linux, Maltego and find an email to contact to see what
 email server is being used). The hacker looks for an automated email if possible or
based on the information gathered he may decide to email HR with an inquiry about a
job posting.
● 3. Gaining Access: In this phase, the hacker designs the blueprint of the network of
the target with the help of data collected during Phase 1 and Phase 2. The hacker has
finished enumerating and scanning the network and now decides that they have some
options to gain access to the network.
For example, say a hacker chooses a Phishing Attack. The hacker decides to play it safe
and use a simple phishing attack to gain access. The hacker decides to infiltrate the IT
department. They see that there have been some recent hires and they are likely not up
to speed on the procedures yet. A phishing email will be sent using the CTO’s actual
email address using a program and sent out to the techs. The email contains a phishing
website that will collect their login and passwords. Using any number of options (phone
app, website email spoofing, Zmail, etc) the hacker sends an email asking the users to
log in to a new Google portal with their credentials. They already have the Social
Engineering Toolkit running and have sent an email with the server address to the users
masking it with a bitly or tinyurl.

Other options include creating a reverse TCP/IP shell in a PDF using Metasploit ( may
be caught by spam filter). Looking at the event calendar they can set up an Evil Twin
router and try to Man in the Middle attack users to gain access. A variant of Denial of
Service attack, stack-based buffer overflows, and session hijacking may also prove to be
great.

● 4. Maintaining Access: Once a hacker has gained access, they want to keep that
access for future exploitation and attacks. Once the hacker owns the system, they can
use it as a base to launch additional attacks.
In this case, the owned system is sometimes referred to as a zombie system. Now that
the hacker has multiple e-mail accounts, the hacker begins to test the accounts on the
domain. The hacker from this point creates a new administrator account for themselves
based on the naming structure and tries and blends in. As a precaution, the hacker
begins to look for and identify accounts that have not been used for a long time. The
hacker assumes that these accounts are likely either forgotten or not used so they
change the password and elevate privileges to an administrator as a secondary account
in order to maintain access to the network. The hacker may also send out emails to
other users with an exploited file such as a PDF with a reverse shell in order to extend
their possible access. No overt exploitation or attacks will occur at this time. If there is
no evidence of detection, a waiting game is played letting the victim think that nothing
was disturbed. With access to an IT account, the hacker begins to make copies of all
emails, appointments, contacts, instant messages and files to be sorted through and
used later.
● 5. Clearing Tracks (so no one can reach them): Prior to the attack, the attacker would
change their MAC address and run the attacking machine through at least one VPN to
help cover their identity. They will not deliver a direct attack or any scanning technique
that would be deemed “noisy”.
 Once access is gained and privileges have been escalated, the hacker seeks to cover
their tracks. This includes clearing out Sent emails, clearing server logs, temp files, etc.
The hacker will also look for indications of the email provider alerting the user or possible
unauthorized logins under their account.

Most of the time is spent on the Reconnaissance process. Time spend gets reduced in
upcoming phases. The inverted triangle in the diagram represents a time to spend in
subsequent phases that get reduced.

Privilege Escalation:
Privilege escalation in cybersecurity refers to the process of gaining unauthorized access to
higher levels of privilege or permissions within a computer system or network. It is a critical
security concern as it can lead to more significant breaches and data compromises. Here's an
explanation in bullet points:

● Definition: Privilege escalation is the act of obtaining higher-level privileges or access

rights than originally granted to an attacker.
● Types:

○Horizontal Privilege Escalation: An attacker with a given privilege level tries to

gain access to another user's account with the same level of privilege.
○ Vertical Privilege Escalation: An attacker with lower-level privileges attempts to
acquire higher-level privileges.
● Common Targets:

○ Operating Systems: Attackers aim to elevate their privileges to gain control over
an entire system.
○ Applications: Vulnerabilities in software applications can be exploited to escalate
privileges.
○ Networks: Gaining access to network devices and routers can lead to privilege
escalation.
● Methods:

○ Exploiting Vulnerabilities: Attackers may discover and exploit software

vulnerabilities (e.g., buffer overflows) to escalate privileges.
○ Abusing Misconfigurations: Insecure configurations can be manipulated to gain
elevated access.
○ Social Engineering: Tricking authorized users or administrators into providing
credentials or access.
 ● Objectives:
○ Access Control: Gain access to sensitive data, systems, or resources that are
typically off-limits.
○ Persistence: Maintain unauthorized access over an extended period, ensuring
continued control.
● Mitigation:
○ Least Privilege Principle: Limit user and system accounts to the minimum
privileges necessary for their tasks.
○ Patch Management: Regularly update and patch software to fix known
vulnerabilities.
○ Security Auditing: Continuously monitor and audit systems for signs of privilege
escalation attempts.
○ User Education: Train users and administrators to recognize social engineering
attacks.
● Examples:
○ A user exploiting a vulnerability in an application to gain admin-level access.
○ An attacker using stolen credentials to escalate privileges from a regular user to
an administrator.
○ Leveraging a misconfigured server to access higher-level network resources.

Computer Virus :
How a Computer Virus Attacks:

● Infiltration: Viruses typically enter a computer through various means, such as infected
files, email attachments, malicious downloads, or compromised websites.
● Activation: Once on a target system, the virus code is activated, and it executes its
malicious payload, which can vary widely in intent and impact.
● Reproduction: Many viruses are designed to replicate themselves, spreading to other
files, programs, or systems to increase their reach.

How a Computer Virus Spreads:

● File Infection: Some viruses attach themselves to executable files and propagate when
these files are run or shared.
● Email Attachments: Viruses can spread through infected email attachments when users
open or download these attachments.
● Drive-by Downloads: Malicious code can be injected into legitimate websites, infecting
visitors' systems when they browse the compromised site.
● Removable Media: Viruses can spread when infected USB drives or external storage
devices are connected to a computer.
 ● Networks: Worms and network-based viruses can exploit vulnerabilities to spread across
local and global networks.
Signs of a Computer Virus Attack:

● Sluggish Performance: A sudden decrease in system performance, slower response

times, or frequent crashes may indicate a virus infection.
● Unusual Pop-ups and Advertisements: Intrusive pop-ups, ads, or unwanted browser
redirects can be signs of malware.
● Unauthorized Access: Suspicious activities like new user accounts, file modifications, or
unauthorized access to resources may be indicative of a virus.
● Changes in Files or Settings: Altered or missing files, unfamiliar icons, or changes to
system settings can signal a virus.
● High Network Activity: Unexplained spikes in network usage, especially when the
computer is idle, might indicate a virus communicating with a remote server.
● Disabled Security Software: Viruses often attempt to disable antivirus and firewall
programs to avoid detection.
● Unwanted Email Activity: Your email may send out spam or phishing messages without
your knowledge if infected.
● Unexplained Disk Space Usage: Viruses can create large, hidden files or consume
excessive disk space.

Types of Computer Viruses:

● File Infector Viruses:Infect executable files, such as .exe or .com files.

Examples: CIH (Chernobyl) and Sasser.
● Macro Viruses:Target macro scripts in documents, like Microsoft Word or Excel.
Examples: Concept and Melissa.
● Boot Sector Viruses:Infect the master boot record (MBR) of a computer, making it
challenging to start.
Examples: Stone and Michelangelo.
● Polymorphic Viruses:Change their code each time they infect a new file or system to
evade detection.
Examples: Storm Worm and Marburg.
● Metamorphic Viruses:Rewrite their entire code while maintaining the same functionality.
Extremely difficult to detect and remove.
● Resident and Non-Resident Viruses:Resident viruses embed themselves in a system's
memory.Non-resident viruses rely on external files for execution.
● Multipartite Viruses:Combine characteristics of multiple virus types.Can infect both files
and the boot sector.
How to Protect Against Computer Viruses:

● Install Antivirus Software:Use reputable antivirus software and keep it updated.

● Keep Operating System and Software Updated:Apply security patches regularly to fix
vulnerabilities.
● Use a Firewall:Enable a firewall to filter incoming and outgoing traffic.
● Be Cautious with Email and Downloads:Don't open email attachments from unknown
sources.Download files from trusted websites only.
● Enable Email Filtering:Use email filtering to detect and quarantine suspicious
attachments.
● Exercise Safe Browsing Habits:Avoid clicking on suspicious links or pop-ups.
● Use Strong, Unique Passwords:Password protect your computer and accounts with
strong, varied passwords.
● Implement Network Security:Secure your Wi-Fi network with a strong password.Disable
unnecessary services and ports.

How to Remove Computer Viruses:

● Use Antivirus Software:Run a full system scan with updated antivirus software.
● Boot into Safe Mode:Some viruses can be removed more easily in Safe Mode.
● Use Removal Tools:Specific virus removal tools are available for certain infections.
● Delete Infected Files:Manually delete infected files if necessary.
● Restore from Backup:If all else fails, restore your system from a clean backup.
● Seek Professional Help:If the virus is particularly stubborn or damaging, consult a
cybersecurity expert.

Buffer Overflow :
● Definition: A buffer overflow is a security vulnerability that occurs when a program writes
more data to a buffer (temporary data storage) than it can hold, leading to the overflow of
data into adjacent memory locations.
● Exploitation: Attackers can exploit buffer overflows to inject malicious code into a
vulnerable program, potentially gaining unauthorized access or executing arbitrary code.

Different Types of Buffer Overflow:

● Stack-Based Buffer Overflow:

○ Overflows occur in the stack memory region.
○ Attackers overwrite the return address or function pointers to hijack program flow.
● Heap-Based Buffer Overflow:
○ Overflows occur in the heap memory region.
 ○ Attackers manipulate dynamic memory allocation to execute malicious code.

● Integer Overflow:
○ Overflows occur due to improper handling of numeric values.
○ Attackers can exploit these vulnerabilities to control program behavior.

How to Minimize Buffer Overflow:

● Use Safe Programming Languages: Choose programming languages like Rust or Go,
which offer memory safety features to prevent buffer overflows.
● Bounds Checking:Implement strict bounds checking to ensure data written to buffers
does not exceed their allocated size.
● Input Validation:Validate and sanitize all user input to prevent malicious data from
reaching buffers.
● Stack Canaries:Use stack canaries, random values placed before the return address, to
detect stack-based buffer overflows.
● Address Space Layout Randomization (ASLR):Randomize memory addresses to
make it harder for attackers to predict buffer locations.
● Non-Executable Stack (NX):Mark stack memory as non-executable to prevent injected
code execution.
● Buffer Size Checking:Ensure that buffers are sized appropriately for the data they will
hold.
● Static Analysis Tools:Employ static analysis tools to identify potential buffer overflow
vulnerabilities during code development.
● Patch Vulnerable Software:Keep all software and libraries up to date, as vendors often
release patches for known buffer overflow vulnerabilities.
● Use Secure Libraries:Utilize secure libraries and functions that are less prone to buffer
overflow issues.
● Security Training:Educate developers and maintainers about secure coding practices
and the risks associated with buffer overflows.

Minimizing buffer overflow vulnerabilities requires a combination of secure coding practices,

robust validation, and a proactive approach to software security. Regular testing and ongoing
security assessments are essential to maintaining the integrity of software systems.

Types of Hackers:

In the field of cybersecurity, there are several different types of hackers, each with their own
motivations, skills, and objectives. Here are the main types of hackers:

● Black Hat Hackers:

○ Malicious hackers who engage in illegal activities.
 ○ Intent on causing harm, stealing data, or exploiting vulnerabilities for personal
gain.
○ Commonly associated with cybercriminals and malicious activities.
● White Hat Hackers:
○ Ethical hackers who work legally to uncover vulnerabilities and strengthen
security.
○ Employed by organizations to perform security assessments and penetration
testing.
○ Help improve security by identifying weaknesses before malicious hackers can
exploit them.
● Gray Hat Hackers:
○ Operate in a morally ambiguous space between black hat and white hat hackers.
○ May discover and disclose vulnerabilities without authorization, potentially for
financial gain.
○ Their actions can be seen as both beneficial and potentially unethical.
● Script Kiddies:
○ Individuals with limited technical skills who use pre-written scripts or tools to
launch attacks.
○ Typically lack in-depth knowledge and perform attacks without a clear motive.
● Hacktivists:
○ Hackers who engage in cyberattacks for political, social, or ideological reasons.
○ Often target government entities, corporations, or organizations they perceive as
oppressive or unethical.
● State-Sponsored Hackers:
○ Operate on behalf of government agencies or nation-states.
○ Conduct cyber espionage, gather intelligence, or engage in cyber warfare.
○ Often have significant resources and advanced capabilities.
● Phreakers:
○ Focus on manipulating telecommunications systems, such as phone networks.
○ Historically, phreakers manipulated phone systems for free long-distance calls.
● Cyber Terrorists:
○ Use hacking techniques to advance political or ideological goals through acts of
terror.
○ Seek to create fear or chaos by disrupting critical infrastructure or systems.
● Crackers:
○ Primarily focused on breaking digital rights management (DRM) or software
licensing protections.
○ Often engaged in software piracy or the distribution of cracked software.
● Social Engineers:
○ Manipulate individuals through psychological tactics to obtain sensitive
information or access.
○ Exploit human behavior, trust, or gullibility rather than technical vulnerabilities.
● Insiders:
○ Individuals within an organization who misuse their access and privileges.
 ○ Can be employees, contractors, or business partners who abuse trust for
malicious purposes.

It's important to note that these categories are not always distinct, and some hackers may
transition between roles or have multiple motivations. Additionally, the ethical considerations
and legality of hacking activities vary among these different types of hackers.

Different Types of Cyber Stalkers:

● Revenge-Oriented Stalker:
○ Seeks revenge against a specific individual.
○ May engage in online harassment, doxxing, or spreading false information.
● Love Obsession Stalker:
○ Obsessively pursues a romantic or emotional connection with the victim.
○ Often invades the victim's online space and privacy.
● Erotomanic Stalker:
○ Believes that someone, usually a public figure, is in love with them.
○ May engage in persistent online contact, despite receiving no response.
● Troll Stalker:
○ Engages in online trolling, making provocative or offensive comments.
○ Seeks to upset and provoke emotional responses from victims.
● Political Stalker:
○ Targets individuals with opposing political views.
○ Engages in online harassment, threats, or doxxing related to political beliefs.
 ● Cyberbully Stalker:
○ Uses online platforms to bully and intimidate victims.
○ Can include sending hurtful messages, spreading rumors, or engaging in public
humiliation.
● Corporate Stalker:
○ Targets individuals associated with a specific corporation or organization.
○ May aim to steal corporate data, damage reputation, or harass employees.
● Celeb-Struck Stalker:
○ Obsesses over celebrities or public figures.
○ Engages in online activities like fanatical fan behavior, stalking, or harassment.

Cyberbullying:
● Definition: Cyberbullying is the use of digital communication tools, such as social media,
email, or messaging apps, to harass, threaten, or intimidate another person.
● Types of Cyberbullying:
○ Harassment: Repeated offensive or threatening messages or actions.
○ Flaming: Intense, often offensive, online arguments or verbal attacks.
○ Outing: Sharing someone's private or embarrassing information without consent.
○ Doxing: Publishing someone's private or personal information online.
○ Exclusion: Deliberately excluding someone from online groups or activities.
○ Impersonation: Posing as someone else online to damage their reputation.
○ Catfishing: Creating fake personas to deceive and manipulate others.
○ Cyberstalking: Persistent, unwanted online attention or monitoring.
● Effects of Cyberbullying:
○ Emotional distress, anxiety, and depression.
○ Damage to self-esteem and mental health.
○ Social isolation and withdrawal from online and offline activities.
○ Academic or professional consequences.
○ In severe cases, it can lead to self-harm or suicidal thoughts.
● Prevention and Response:
○ Educate individuals, especially young people, about responsible online behavior.
○ Encourage reporting of cyberbullying incidents.
○ Implement policies and laws against cyberbullying.
○ Provide support and resources for victims.

Cyberbullying and cyber stalking are serious issues with significant emotional and psychological
impacts. Efforts should be made to raise awareness, prevent these behaviors, and support
victims.
Backdoor :
Malwares :
CHAP 4
Cyber Forensics:
● Definition: Cyber forensics, also known as digital forensics, is the process of collecting,
analyzing, and preserving electronic evidence to investigate and prevent cybercrimes.
● Objective: To uncover digital evidence, trace cyberattacks, and support legal
proceedings.
● Key Activities:
○ Evidence Collection: Gather data from computers, networks, mobile devices, and
digital media.
○ Analysis: Examine collected data to discover clues, patterns, and anomalies.
○ Preservation: Ensure the integrity and admissibility of evidence for legal
purposes.
○ Recovery: Restore deleted or damaged digital information.
○ Reporting: Document findings and prepare reports for use in investigations or
court.
● Types of Cyber Forensics:
○ Computer Forensics: Focuses on examining computer systems, storage devices,
and files.
○ Network Forensics: Investigates network traffic, logs, and communication to trace
cyberattacks.
○ Mobile Device Forensics: Analyzes smartphones, tablets, and other mobile
devices for evidence.
○ Incident Response: Addresses immediate threats and breaches, including data
breaches and malware attacks.
● Common Use Cases:
○ Investigating cyber crimes like hacking, data breaches, and identity theft.
○ Supporting litigation and criminal cases by providing digital evidence.
○ Assisting organizations in improving cybersecurity and incident response.
● Tools and Techniques:
○ Specialized software and hardware tools for data extraction and analysis.
○ Chain of custody procedures to maintain the integrity of evidence.
○ Hashing algorithms to verify data integrity during analysis.
● Challenges:
○ Rapidly evolving technology makes it challenging to keep forensic techniques up
to date.
○ Privacy and legal considerations when handling digital evidence.
○ Encryption and obfuscation techniques used by cybercriminals to hide evidence.
 ● Importance:
○ Helps identify cybercriminals and hold them accountable.
○ Supports the prevention and mitigation of cyber threats.
○ Provides crucial evidence for legal proceedings and incident response.
● Certifications:
○ Professionals in cyber forensics often seek certifications like Certified Information
Systems Security Professional (CISSP) and Certified Information Systems
Auditor (CISA) to validate their expertise.

How is cyber forensic used as evidence?

**Network Forensics**:

- **Definition:** Network forensics is the process of collecting, analyzing, and interpreting digital
evidence from network traffic to investigate security incidents, cybercrimes, or operational
issues.
- **Data Sources:** It involves examining network packets, logs, and other network-related data
to reconstruct events and identify malicious activities.
- **Goals:** Network forensics aims to uncover the who, what, when, where, and how of
network-based incidents, helping organizations respond, mitigate, and prevent future threats.

**Challenges of Network Forensics**:

1. **Volume of Data:** The sheer volume of network traffic data can be overwhelming, making it
challenging to filter and analyze relevant information.
2. **Encryption:** Increasing use of encryption in network traffic can obscure the content of
communication, limiting visibility into malicious activities.
3. **Data Retention:** Limited data retention policies or data overwritten over time can hinder
forensic investigations.
4. **Complexity:** Networks are becoming more complex with cloud services, virtualization, and
IoT devices, making it harder to trace and reconstruct events accurately.
5. **Legal and Privacy Concerns:** Adhering to legal requirements and privacy regulations while
conducting network forensics can be complex and sensitive.
6. **Real-time Analysis:** Some incidents require real-time analysis, which can be challenging
in identifying and mitigating ongoing threats.
7. **Skill Requirements:** Network forensics demands specialized skills and tools, and
organizations may struggle to find qualified experts.
8. **Integrity Preservation:** Ensuring the integrity of collected evidence is critical, as any
tampering or mishandling can render it inadmissible in legal proceedings.
9. **Resource Demands:** Network forensics tools and storage solutions require significant
resources, which can be costly for organizations.
10. **Anonymity and Attribution:** Tracing cyberattacks to specific individuals or entities can be
difficult due to techniques used to anonymize attackers.

Successful network forensics involves overcoming these challenges to reconstruct events

accurately, identify culprits, and strengthen an organization's cybersecurity posture.