Cyber Security & Law

(CSET 260)

Course Descriptions Course Descriptions

Part 1: 75 Marks (Theory) Part 2: 25 Marks (Lab)
(70% Exams, (60% Practical,
20%Quizzes/Class Tests, 30% Quizzes/Viva-voce, 10%
10%Attendance) Attendance)

Lecture Conducted By:

Dr. Sujan Kumar Roy
Associate Professor
Dept. of CSE, RU
 OUTLINES
 Review of OSI Reference Model
 Review of TCP/IP and TCP

 IP Header Analysis

 Introduction to Cyber World

 Cyber Attack & Cyber Security

 Also Cover Types of Cyber Attacks

 Information Warfare

 Cyber Terrorism

 Cyber Crime

 Digital Fraud
 REVIEW OF OSI REFERENCE MODEL (1/6)
Concept of Layer
 We use the concept of layers in our daily life.
 As an example, let us consider two friends who
communicate through postal mail.
 The process of sending a letter to a friend would be
complex if there were no services available from the
post office.

Topics discussed in this section:

Sender, Receiver, and Carrier
Hierarchy
REVIEW OF OSI REFERENCE MODEL (2/6)

Figure 1 Tasks involved in sending a letter

 REVIEW OF OSI REFERENCE MODEL (3/6)
OSI Reference Model

 Established in 1947, the International Standards

Organization (ISO) is a multinational body dedicated to
worldwide agreement on international standards.

 An ISO standard that covers all aspects of network

communications is the Open Systems Interconnection
(OSI) model. It was first introduced in the late 1970s.
REVIEW OF OSI REFERENCE MODEL (4/6)
Figure 2 Seven layers of the OSI model
REVIEW OF OSI REFERENCE MODEL (5/6)
Figure 3 The interaction between layers in the OSI model
 REVIEW OF OSI REFERENCE MODEL (6/6)
Figure 4 Summary of layers & Activities (OSI Model)
REVIEW OF TCP/IP REFERENCE MODEL (1/3)

 The layers in the TCP/IP protocol suite do not exactly

match those in the OSI model.

 The original TCP/IP protocol suite was defined as

having four layers: host-to-network, internet,
transport, and application.

 However, when TCP/IP is compared to OSI, the TCP/IP

protocol suite is made of five layers: physical, data link,
network, transport, and application.
 REVIEW OF TCP/IP REFERENCE MODEL (2/3)
Figure 5 TCP/IP and OSI model
 REVIEW OF TCP/IP REFERENCE MODEL (3/3)
ADDRESSING Four levels of addresses: physical, logical, port, and specific.
Figure 7 Relationship of layers and addresses in TCP/IP
 IP HEADER ANALYSIS (1/2)
Figure 20.5 IPv4 datagram format
 Version: For IPv4, it will be value 4
 Header Length – header is at least 20 bytes (length
multiplied by 4 bytes word).
 Type of Service – it contains 3-bits precedence
filed, but used. 4 service bits, and 1 unused bit.
 Total Length – specified in bytes
 Identification – uniquely identifies the datagram,
the number is usually increased by 1 each time the
datagram is sent.
 IP Flags offset – used for fragmentation
 Time to Live – Usually set to 32 or 64. This value is
decremented by each router that processes the
datagram.
 Protocol – Tells IP where to send the datagram up
to, 6 being TCP.
 Header Checksum – only covers the header, not the
data.
 Source Address – The sender
 Destination Address – The destination
 IP HEADER ANALYSIS (2/2)
Example 1

An IPv4 packet has arrived with the first 8 bits as shown:

01000010
The receiver discards the packet. Why?

 Solution
 There is an error in this packet. The 4 leftmost bits (0100) show
the version, which is correct.
 The next 4 bits (0010) show an invalid header length (2 × 4 = 8).
 The minimum number of bytes in the header must be 20. The
packet has been corrupted in transmission.
 INTRODUCTION TO CYBER WORLD (1/3)

What is the meaning of cyber world?

 The world of computers and communications. It implies today's fast-
moving, high-technology world.
 The Cyber World, or cyberspace, is more than just the Internet. It refers
to an online environment where many participants are involved in social
interactions and have the ability to affect and influence each other.
 People interact in cyberspace through the use of digital media.
Examples of cyberspace interactions are: Create media, share media and
consume media.
 INTRODUCTION TO CYBER WORLD (2/3)
Cyber World
 INTRODUCTION TO CYBER WORLD (3/3)
Characteristics of Cyberspace
 When people are online, most of them engage in activities that leave a digital
footprint.
 A digital footprint refers to all information found online about a person; it is
either posted by that person or others, intentionally or unintentionally.
 This information leaves a permanent mark as it can be easily retraced, retrieved
and passed on by others.
 The digital footprint can be used by potential employers and universities
looking for information on their potential employees and students.
 CYBER ATTACK & CYBER SECURITY
Cyber Attack

 A cyber attack is an assault launched by cybercriminals using one or more

computers against a single or multiple computers or networks.
 A cyberattack is any offensive maneuver that targets computer information systems,
computer networks, infrastructures, or personal computer devices.
 An attacker is a person or process that attempts to access data, functions, or other
restricted areas of the system without authorization, potentially with malicious
intent.
 A cyber attack can maliciously disable computers, steal data, or use a breached
computer as a launch point for other attacks.
 Cybercriminals use a variety of methods to launch a cyber attack, including
malware, phishing, ransomware, denial of service, among other methods.
 CYBER ATTACK & CYBER SECURITY
Top 10 Common Types of Cybersecurity Attacks

1. Malware:
 The term “malware” encompasses various types of attacks including
spyware, viruses, and worms.
 Malware uses a vulnerability to breach a network when a user clicks a
“planted” dangerous link or email attachment, which is used to install
malicious software inside the system.

 Malware and malicious files inside a computer system can:

 Deny access to the critical components of the network
 Obtain information by retrieving data from the hard drive
 Disrupt the system or even rendering it inoperable
 CYBER ATTACK & CYBER SECURITY
Top 10 Common Types of Cybersecurity Attacks

Various types of malware are available nowadays. The most common types being:
 Viruses
 These infect applications attaching themselves to the initialization sequence.
 The virus replicates itself, infecting other code in the computer system. Viruses
can also attach themselves to executable code or associate themselves with a file
by creating a virus file with the same name but with an. exe extension, thus
creating a decoy which carries the virus.
 Trojans
 Trojan, is a type of malicious code or software that looks legitimate but can take
control of your computer.
 Trojan is a program hiding inside a useful program with malicious purposes.
 Usually, a Trojan is designed to damage, disrupt, steal, or in general inflict some
other harmful action on your data or network.
 CYBER ATTACK & CYBER SECURITY
Top 10 Common Types of Cybersecurity Attacks
 Worms
 Unlike viruses, they don’t attack the host, being self-contained
programs that propagate across networks and computers.
 Worms are often installed through email attachments, sending a copy
of themselves to every contact in the infected computer email list.
 They are commonly used to overload an email server and achieve a
denial-of-service attack.
 Spyware
 A type of program installed to collect information about users, their
systems or browsing habits, sending the data to a remote user.
 The attacker can then use the information for blackmailing purposes
or download and install other malicious programs from the web.
 CYBER ATTACK & CYBER SECURITY
Top 10 Common Types of Cybersecurity Attacks
 Ransomware
 A type of malware that denies access to the victim data, threatening
to publish or delete it unless a ransom is paid.
 Advanced ransomware uses cryptoviral extortion, encrypting the
victim’s data so that it is impossible to decrypt without the decryption
key.
 Normally loaded onto a computer via a download/attachment/link
from an email or website.
 Wannacry attack 2017 - One of the biggest cyber attacks to occur.
 Is said to have hit 300,000 computers in 150 countries.
 Companies affected include; NHS, Renault, FedEx, Spanish telecoms
and gas companies, German railways.
 CYBER ATTACK & CYBER SECURITY
Top 10 Common Types of Cybersecurity Attacks
2. Phishing
 Phishing attacks are extremely common and involve sending mass amounts of
fraudulent emails to unsuspecting users, disguised as coming from a reliable
source.
 The fraudulent emails often have the appearance of being legitimate but link the
recipient to a malicious file or script designed to grant attackers access to your
device to control it or gather recon, install malicious scripts/files, or to extract
data such as user information, financial info, and more.
 Phishing attacks can also take place via social networks and other online
communities, via direct messages from other users with a hidden intent.
 Phishers often leverage social engineering and other public information sources
to collect info about your work, interests, and activities—giving attackers an
edge in convincing you they’re not who they say.
 CYBER ATTACK & CYBER SECURITY

Top 10 Common Types of Cybersecurity Attacks

2. Phishing
There are several different types of phishing attacks, including:
 Spear Phishing—targeted attacks directed at specific companies and/or individuals.
 Whaling—attacks targeting senior executives and stakeholders within an
organization.
 Pharming—leverages DNS cache poisoning to capture user credentials through a
fake login landing page.
 Phishing attacks can also take place via phone call (voice phishing) and via text
message (SMS phishing).
 Common phishing activities — Email Account Upgrade Scam, Advance-fee Scam,
Google Docs Scam, PayPal Scam, Message From HR Scam, Dropbox Scam.
 CYBER ATTACK & CYBER SECURITY

Top 10 Common Types of Cybersecurity Attacks

3. Man-in-the-Middle (MitM) Attacks
 It occurs when an attacker intercepts a two-party transaction, inserting
themselves in the middle.
 From there, cyber attackers can steal and manipulate data by interrupting traffic.
 This type of attack usually exploits security vulnerabilities in a network, such as
an unsecured public WiFi, to insert themselves between a visitor’s device and the
network.
 The problem with this kind of attack is that it is very difficult to detect, as the
victim thinks the information is going to a legitimate destination.
 Phishing or malware attacks are often leveraged to carry out a MitM attack.
 CYBER ATTACK & CYBER SECURITY

Top 10 Common Types of Cybersecurity Attacks

3. Man-in-the-Middle (MitM) Attacks
 Example
 CYBER ATTACK & CYBER SECURITY

Top 10 Common Types of Cybersecurity Attacks

4. Denial-of-Service (DOS) Attack
 A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or
network, making it inaccessible to its intended users (works in network layer).
 DOS attacks accomplish this by flooding systems, servers, and/or networks with
traffic to overload resources and bandwidth.
 It makes the system unable to process and fulfill legitimate requests. In addition
to DoS attacks, there are also distributed DoS (DDoS) attacks.
 A DDoS attack is launched from several infected host machines with the goal of
achieving service denial and taking a system offline, thus paving the way for
another attack to enter the network/environment.
 The most common types of DoS and DDoS attacks are: TCP SYN flood attack,
teardrop attack, smurf attack, ping-of-death attack, and botnets.
 CYBER ATTACK & CYBER SECURITY
Top 10 Common Types of Cybersecurity Attacks
4. Denial-of-Service (DOS) Attack
 TCP SYN flood attack: It can target any system connected to the Internet and providing
TCP services (e.g. web server, email server, file transfer).
 Teardrop attack: It assaults target TCP/IP reassembly mechanisms, preventing them
from putting together fragmented data packets. As a result, the data packets overlap and
quickly overwhelm the victim's servers, causing them to fail.
 Smurf attack: Smurfing attacks are named after the malware DDoS. Smurf, which
enables hackers to execute them. Basically, a hacker overloads computers with Internet
Control Message Protocol (ICMP) echo requests, also known as pings.
 Ping-of-death attack: It occurs when an attacker crashes, destabilizes, or freezes
computers or services by targeting them with oversized data packets. This form of DoS
attack typically targets and exploits legacy weaknesses that organizations may have
patched.
 Botnets: It is a logical collection of Internet-connected devices such as computers,
smartphones or IoT devices whose security have been breached and control ceded to a
third party.
 CYBER ATTACK & CYBER SECURITY

Top 10 Common Types of Cybersecurity Attacks

5. SQL Injections
 A SQL injection is a technique that attackers use to gain unauthorized access to a
web application database by adding a string of malicious code to a database query.
 This type of attack usually involves submitting malicious code into an unprotected
website comment or search box.
 When a SQL command uses a parameter instead of inserting the values directly, it
can allow the backend to run malicious queries.
 Moreover, the SQL interpreter uses the parameter only as data, without executing
it as a code.
 Secure coding practices such as using prepared statements with parameterized
queries is an effective way to prevent SQL injections.
 CYBER ATTACK & CYBER SECURITY

Top 10 Common Types of Cybersecurity Attacks

6. Zero-day Exploit
 A zero-day exploit is when hackers take advantage of a software security flaw to
perform a cyberattack.
 And that security flaw is only known to hackers, meaning software developers
have no clue to its existence and have no patch to fix it.
 These attacks are rarely discovered right away. In fact, it often takes not just
days but months and sometimes years before a developer learns of the
vulnerability that led to an attack.
 Security software vulnerabilities can come in many forms, including
unencrypted data, broken algorithms, bugs, or weak passwords.
 Thus, preventing zero-day attacks requires constant monitoring, proactive
detection, and agile threat management practices.
 CYBER ATTACK & CYBER SECURITY

Top 10 Common Types of Cybersecurity Attacks

7. Password Attack
 Passwords are the most widespread method of authenticating access to a secure
information system, making them an attractive target for cyber attackers.
 By accessing a person’s password, an attacker can gain entry to confidential or critical
data and systems, including the ability to control said data/systems.
 Password attackers use different methods to identify an individual password, including
using social engineering, gaining access to a password database, testing the network
connection to obtain unencrypted passwords, or simply by guessing.
 A systematic manner known as a “brute-force attack”, which employs a program to try
all the possible variants and combinations of information to guess the password.
 Another common method is the dictionary attack, when the attacker uses a list of
common passwords to attempt to gain access to a user’s computer and network.
 CYBER ATTACK & CYBER SECURITY
Top 10 Common Types of Cybersecurity Attacks
8. Cross-site Scripting
 A cross-site scripting attack sends malicious scripts into content from reliable websites.
 The malicious code joins the dynamic content that is sent to the victim’s browser.
 Usually, this malicious code consists of JavaScript code executed by the victim’s browser, but
can include Flash, HTML and XSS.
 CYBER ATTACK & CYBER SECURITY

Top 10 Common Types of Cybersecurity Attacks

9. Rootkits
 Rootkits are installed inside legitimate software, where they can gain remote
control and administration-level access over a system.
 The attacker then uses the rootkit to steal passwords, keys, credentials, and
retrieve critical data.
 Since rootkits hide in legitimate software, once you allow the program to make
changes in your OS, the rootkit installs itself in the system (host, computer,
server, etc.) and remains dormant until the attacker activates it or it’s triggered
through a persistence mechanism.
 Rootkits are commonly spread through email attachments and downloads from
insecure websites.
 CYBER ATTACK & CYBER SECURITY

Top 10 Common Types of Cybersecurity Attacks

10. Internet of Things (IoT) Attacks
 While internet connectivity across almost every imaginable device creates
convenience and ease for individuals, it also presents a growing—almost unlimited
—number of access points for attackers to exploit and wreak havoc.
 The interconnectedness of things makes it possible for attackers to breach an entry
point and use it as a gate to exploit other devices in the network.
 IoT attacks are becoming more popular due to the rapid growth of IoT devices and
(in general) low priority given to embedded security in these devices and their
operating systems.
 In one IoT attack case, a Vegas casino was attacked, and the hacker gained entry via
an internet-connected thermometer inside one of the casino’s fishtanks.
 CYBER ATTACK & CYBER SECURITY

Why do cyber attacks happen?

 Cyber attacks are usually either criminally/politically motivated, although some
hackers enjoy bringing down computer systems a thrill or sense of achievement.
 Politically motivated cyber attacks may occur for propaganda reasons, to harm the
image of a particular state or government in the minds of the public.
 Cyber attacks could potentially go even further, for example, government-backed
hackers could theoretically create software to corrupt and destroy a weapons
program, or other crucial infrastructure.
 Cyber attacks can also lead to data breaches– where large amounts of information
are leaked online and then used by criminals to commit financial fraud.
 Data such as credit card details, purchase histories and names and addresses can be
all some fraudsters need to carry out identity theft.
 CYBER ATTACK & CYBER SECURITY

What is Cyber Security?

 Cybersecurity is a set of technologies and processes designed to protect computers,
networks, programs and data from attack, damage, or unauthorized access.
 Cyber Security is an all-encompassing domain of information technology – it
comprises the entire set of security-related technologies and issues.
 Without a single perspective for security management, the hundred’s of related yet
technically distinct aspects of this problem space could become unmanageable (and
in fact many would argue that’s exactly what we’re facing right now).
 Problem Space = A related set of concepts or issues united by shared challenges and
inter-dependencies.
CYBER ATTACK & CYBER SECURITY
Cybersecurity Objectives

l i t y
i de ntia
f
c on
inte
gr i t
y
i l i t y
i l a b
a va
More: NIST Special Publication 800-12, revision
1
An Introduction to Information Security section
1.4
 CYBER ATTACK & CYBER SECURITY

Confidentiality Example:
Criminal steals customers’
It is a property used to prevent the access and disclosure of usernames, passwords, or
information to unauthorized individuals, entities or systems. credit card information

al i t y
i de nti
f
c on
 CYBER ATTACK & CYBER SECURITY
Integrity
Example:
It is a property used to prevent any modification or
Someone alters payroll
destruction of information in an unauthorized manner
information or a proposed
product design

inte
g r it
y
 CYBER ATTACK & CYBER SECURITY
Availability Example:
It is a property used to ensure timely and reliable access of Your customers
information assets and systems to an authorized entity. are unable to
access your
online services

i l i t y
i l a b
a va
 CYBER/INFORMATION WARFARE
What is Cyber Warfare?
 Cyber Warfare is a set of actions by a nation to penetrate another nation’s computers
or networks for the purposes of causing damage or disruption.
 Military, Economic, Political, Social and Physical planes of society
 Cyber Warfare is non-kinetic (less violent and more high-tech) only in the most
direct sense, if we view Cyber Operations separate from conventional operations.
 As soon as we consider that conventional operations that rely on IT capability are
Cyber Operations then Cyber can become both Kinetic and Non-Kinetic in nature.
 Cyber Attacks can be real-time events or time-delayed events. They can originate
from anywhere or be triggered from anywhere and originate from within our
perimeters.
 They occur in multi-dimension Cyberspace as well as in conventional warfare
frames of reference.
 CYBER/INFORMATION WARFARE
Is Traditional Cyber Law can Tackle Cyber War?

 Existing international law does not completely cover some important aspects of
cyber warfare.
 CYBER/INFORMATION WARFARE
Powerful Cyber Protected Countries

 Major cyber-powers: United States, China, Russia, and other

former Soviet republics.

 Don’t tend to attack each other due to likelihood massive

cyber- or kinetic counter-attack.

 Uses of cyber-weapons far less informationally sophisticated

nations.
 CYBER TERRORISM

What is Cyber Terrorism?

 A cyber-terrorist is a criminal who uses computer technology and the
Internet, especially to cause fear and disruption.
 Some cyber-terrorists spread computer viruses, and others threaten
people electronically.
 Some ways they do this hacking networks and computers to find out
personal information.
 The attacker distributes things that draw huge amount of attention to get
information about people.
 Since computers are so powerful, downloading software for cyber
terrorism is easy.
CYBER TERRORISM
 CYBER CRIME
What is Cyber Crime?
 Cyber crime is an activity done using computers and internet. We can
say that it is an unlawful acts wherein the computer either a tool or target
or both.
 There are many privacy concerns surrounding Cybercrime when
confidential information is intercepted or disclosed, lawfully or
otherwise.
 Internationally, both governmental and non-state actors engage in
cybercrimes, including espionage, financial theft, and other cross-border
crimes.
 Cybercrimes crossing international borders and involving the actions of
at least one nation-state are sometimes referred to as cyberwarfare.
 CYBER CRIME
Define Cyber Crime Activity in Terms of Law
 The U.S. Department of Justice (DOJ) divides cybercrime into three
categories:
i. Crimes in which the computing device is the target -- for example, to
gain network access;
ii. Crimes in which the computer is used as a weapon -- for example, to
launch a denial-of-service (DoS) attack; and
iii. Crimes in which the computer is used as an accessory to a crime -- for
example, using a computer to store illegally obtained data.
 The Council of Europe Convention on Cybercrime, to which the U.S. is a
signatory, defines cybercrime as a wide range of malicious activities,
including the illegal interception of data, system interferences that
compromise network integrity and availability, and copyright infringements.
 CYBER CRIME

Types of Cyber Crime

 Hacking
 Identity Theft
 Virus Spreading through Internet
 Denial Of Service Attack
 Computer Vandalism
 Electronic Money Laundering
 Software Piracy
 Cyber Terrorism
 Ransomware Attack
 Cyber Bullying, Cyber Stalking
 CYBER CRIME
How Cyber Crime Happens?
 Cybercrime attacks can begin wherever there is digital data, opportunity
and motive.
 Cybercriminals are engaged in cyberbullying to state-sponsored actors,
like China's intelligence services.
 Cybercriminals typically rely on other actors to complete the crime.
 This is whether it's the creator of malware using the dark web to sell
code.
 Specifically, Cybercriminals often carry out their activities using
malware and other types of software, but social engineering.
 Phishing emails are another important component to many types of
cybercrime but especially so for targeted attacks.
 DIGITAL FRAUD

What is Digital Fraud?

 Digital Fraud is the use of a computer for criminal deception or abuse of
web-enabled assets that results in financial gain.
 Digital fraud is when criminals try to use email, websites, malicious
software or other methods to learn your personal details or trick you into
paying them.
 With increasing levels of online business activity and a greater
dependency on IT, the business world now must brace itself to deal with
increasingly sophisticated kinds of digital fraud.
 DIGITAL FRAUD
Reason of Digital Fraud
 Chaos caused by the global COVID-19 crisis: Opportunistic hackers are taking
advantage of the chaotic, global crisis to commit even more fraudulent activity.
 A changing e-commerce landscape: The rise in fraud is more retail purchases
shifting online, e.g., card not present (CNP) transactions have increased
dramatically in recent years.
 The advent of new marketplace platforms: From social networks and dating
apps to food delivery, alternative transportation, and vacation rentals, digital
channels have revolutionized almost every industry.
 Payments moving online: In addition to consumers transacting more in online
marketplaces, they are also using peer-to-peer payment (P2P) and eWallet apps
more often.
 DIGITAL FRAUD
Reason of Digital Fraud
 Increasingly digital banking services: Today’s consumers demand more online and
mobile services from their financial institutions. As a result, legacy banks are going
digital.
 New consumer expectations: Today’s consumers also expect their data to be secure.
Yet they will abandon any transaction that takes too long, requires too much data, or is
too complex.
 More sophisticated fraud tactics: Due to an increasing number of data breaches over
recent years, fraudsters can more easily access PII (personally identifiable information)
and use it against consumers.
 Unclear legal jurisdiction of cross-border fraud: Global commerce gives today’s
online retailers and marketplaces an opportunity to reach even more customers.
 Technological advancements: Today, fraud has also accelerated and grown even more
sophisticated due to the rise of e-commerce, mobile payments, and computing power.
 CLASS ASSIGNMENT-1
Case Study 1: Design a Complete a Cybersecurity Strategy: Step-by-step
Guide with Description (For any Organization/Company)
 You have to write a semi-proposal report (3-4 pages: excluding
references)
It includes:
 Problem Definition (Organization/Company Specific)
 Cyber Security Issues
 Cyber Threats
 Impact/Danger of Cyber Attacks/Threats
 Proposed Strategy against Cyber Threats/Attacks (include descriptions)
*** This Case study is individual basis: Submit as PDF file. I will not
accept any statement which are identical between two or more students.