Unit 2

Tools and Methods used in Cyber Crime: Introduction, Proxy Servers and Anonymizers, Phishing,
Password Cracking, Key loggers and Spywares, Virus and Worms, Trojan horses and Backdoors,
Steganography, DoS and DDoS attacks.

Phishing and Identity Theft: Introduction, Phishing, Identity Theft (ID Theft).

Proxy Servers and Anonymizers

 A proxy server acts as an intermediary between a user's device and other servers on a
network.
 Attackers can use a proxy server to connect to a target system anonymously, concealing their
identity and the attack.
 The client connects to the proxy server, which evaluates and fulfils requests for services or
resources from different servers on behalf of the client.
 Proxy servers serve various purposes, including enhancing security by keeping internal
systems hidden, speeding up access to resources through caching, and filtering unwanted
content such as ads.
 They can also function as IP address multiplexers, enabling multiple computers to connect to
the internet with a single IP address.
 Proxy servers offer the advantage of cache memory, improving user response time by storing
frequently requested content.

Phishing
Phishing is a deceptive online tactic that involves sending fake messages, often posing as legitimate
entities like banks or businesses, to trick users into revealing personal and financial information.
These messages can also infect systems with viruses and lead to online identity theft. Phishers, or
criminals behind phishing attacks, follow a systematic process:

1. Planning: Phishers select a target, such as a specific business or individual, and gather email
addresses using mass mailing and other spam-like techniques.

2. Setup: Once the target and victims are identified, phishers create methods, including email
messages and fake webpages, to deliver the phishing attack.

3. Attack: Phishers send deceptive messages, appearing authentic, to lure users into providing
sensitive information.

4. Collection: Phishers record the information entered by victims on fake webpages or pop-up
windows.

5. Identity Theft and Fraud: The stolen information is then used for illegal activities, such as making
unauthorized purchases or committing fraud. Phishing has evolved from its roots in hacking culture,
with an increasing number of organizations providing online access, making it a global threat for
personal information and identity theft.

Password Cracking
 A password serves as a key for accessing computerized systems, akin to a lock.
  Password cracking is the process of recovering passwords from stored or transmitted data,
often involving repeated guesses by attackers.
 The purposes of password cracking include recovering forgotten passwords, checking system
security by administrators, and gaining unauthorized access.
 Manual password cracking involves attempting to log in with various passwords, targeting a
valid user account and systematically ranking and trying different passwords until success.
 Guessable passwords often involve personal information, such as names, birthdates, or
common words like "password."
 Automated scripts can be created for password cracking but are time-consuming and less
effective.
 Passwords are stored in a database using one-way functions, like encryption or cryptographic
hash, for verification during authentication.
 Despite cryptographic security, attackers seek hashed passwords to test guesses rapidly using
password cracking tools, compromising the confidentiality of passwords.
 Password cracking can be classified into 3 categories: online attacks, offline attacks, non-
electronic attacks.

Key loggers and Spywares

 Keystroke logging, often called keylogging, is the practice of noting (or logging) the keys
struck on a keyboard, typically in a covert manner so that the person using the keyboard is
unaware that such actions are being monitored.
 Keystroke logger or keylogger is quicker and easier way of capturing the passwords and
monitoring the victims' IT savvy behaviour. It can be classified as software keylogger and
hardware keylogger.

Software Keylogger
 Software keyloggers are programs installed on computer systems, typically positioned
between the operating system and keyboard hardware, capturing and recording every
keystroke.
 They are stealthily installed by Trojans or viruses without the user's knowledge.
 Cybercriminals often target insecure computer systems in public places, like cybercafes or
libraries, to easily obtain sensitive information.
 A typical keylogger comprises two files in the same directory: a dynamic link library (DLL) file
and an executable (EXE) file.
 The DLL file is responsible for recording keystrokes, making it a potent tool for unauthorized
access and data theft.

Hardware Keylogger
 To install these keyloggers, physical access to the computer system is required.
 Hardware keyloggers are small hardware devices.
 These are connected to the PC and/or to the keyboard and save every keystroke into a file or
in the memory of the hardware device.
 Cybercriminals install such devices on ATM machines to capture ATM Cards' PINs.
 Each keypress on the keyboard of the ATM gets registered by these keyloggers.
 These keyloggers look like an integrated part of such systems; hence, bank customers are
unaware of their presence.
Antikeylogger
Antikeylogger is a tool that can detect the keylogger installed on the computer system and also can
remove the tool.

Advantages of using antikeylogger are as follows:

1. Firewalls cannot detect the installations of keyloggers on the systems; hence, antikeyloggers can
detect installations of keylogger.

2. This software does not require regular updates of signature bases to work effectively such as other
antivirus and antispy programs; if not updated, it does not serve the purpose, which makes the users
at risk.

3. Prevents Internet banking frauds. Passwords can be easily gained with the help of installing
keyloggers.

4. It prevents ID theft (we will discuss it more in Chapter 5).

5. It secures E-Mail and instant messaging/chatting.

Spywares
 Spyware is a form of malicious software that secretly collects information about users
without their knowledge.
 It is often discreetly installed on personal computers, hidden from the user.
 In some cases, owners intentionally install spyware, like keyloggers, on shared or public
computers to monitor other users.
 Beyond simple monitoring, spyware gathers personal information such as internet surfing
habits and visited websites.
 It can also redirect internet activities and alter computer settings, leading to issues like
slowed internet speed.
 Anti-spyware software is available to counteract these threats, becoming a common practice
in computer security to protect against the troublesome effects of spyware.

Virus and Worms

 A computer virus is a program that infects legitimate programs by modifying them to include
a potentially evolved copy of itself.
 These viruses spread without user knowledge or permission, affecting numerous programs
on various machines.
 Similar to biological viruses, computer viruses pass from computer to computer. They often
contain malicious instructions that can cause damage or annoyance.
 The ability to spread combined with potentially malicious code makes viruses a significant
concern.
 Viruses may spread without visible symptoms and can be triggered by events, time, or
randomly.

 Viruses can take some typical actions:

1. Display a message to prompt an action which may set of the virus;

2. delete files inside the system into which viruses enter;

scramble data on a hard disk;

4. cause erratic screen behaviour;

5. halt the system (PC);

6. just replicate themselves to propagate further harm.

 A worm spreads itself automatically to other computers through networks by exploiting

security vulnerabilities where areas at Trojan is a cord of program that appears to be
harmless, but hides malicious functions.
 Worms and Trojans, such as viruses may harm the systems data performance.
 Some viruses and other malware have notable symptoms that enable computer user to take
necessary corrective actions, but many viruses are surreptitious, or simply do nothing for
users to take note of them.
 Some viruses do nothing beyond reproducing themselves.