Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
• Course description
• Objective
• Content
• Text books
• Structure & schedule
• Lecture plan
• Understanding cyber space environment and security
• Introduction
• Attacks on web
No Objective
CO1 To learn techniques for assessing network attacks & vulnerabilities, to
learn for systematically reducing vulnerabilities and mitigating risks.
CO2 Acquire knowledge about Cybercrime tools and applications.
CO3 To provide depth knowledge in computer, information, organizational
and human security to recover the important evidence for identifying
various computer crimes.
CO4 To have a fundamental understanding of Digital Forensics and to learn
theoretical and practical knowledge in forensic computing.
• Introduction
• The web attacks
• Operating system security
• Network attacks
• Strategic defense
• Management and incidents
• Introduction to cyber crime
• Cyber offenses
• Tools and methods used in cyber crime
• Cyber laws and ethics: The legal perspective
• Understanding computer forensics
BITS Pilani, Pilani Campus
Text books
Text books
T1 Charles P. Pfleeger, Shari Lawrence Pfleeger, Jonathan Margulies,
Security in Computing, 5th edition Pearson Education , 2015
T2 Nina Godbole, Sunit Belapure, Cyber Security, Wiley India, New Delhi
Reference books
R1 Ethical Hacking & Network Defense, Michael T. Simpson, Cengage
Learning
R2 Cryptography, Network Security and Cyber Laws – Bernard Menezes,
Cengage Learning, 2010 edition
R3 Cyber security and Cyber Laws, Alfred Basta, Nadine Basta, Mary
brown, Ravindrakumar, Cengage learning
BITS Pilani, Pilani Campus
Course structure & schedule
• Schedule
• Semester start (first lecture) : 08-Aug-2020
• Last lecture : 25-Nov-2020
• Mid Sem Test : 09-11-Oct-2020
• Mid Sem Test Makeup : 16-18-Oct-2020
• Comprehensive Exam : 27-29-Nov-2020
• Comprehensive Exam Makeup : 11-13-Dec-2020
• Individual
• Hackers
• Terrorist
• Criminal for hire
• Loosely connected group
• Organized crime member
• computer crime is lucrative
• Integrity checksums
• Signed code or data
• Access control separation: separate operating system
level privileges to install programs
• Manage and monitor site code
• User vigilance
10-Mar-2019 to 31-Mar-2019
https://photo-print.fr/
• Reference monitor
• Authentication processing
• Identification
• Auditing
• Setting enforcement parameters
• Orange book
• Developed in late 1970s by US department of defense for secure computing
• Defines a two part rating scale for trusted systems with six ratings - C1
(lowest), C2, B1, B2, B3, A1 (highest)
• It tied features with assurance at each level
• Strict rules limited the commercial applicability of this book
• Common criteria
• Separation between features and assurances
• Seven assurance levels EAL1 (lowest) thru EAL7 (highest)
• At higher levels practices are more stringent and rigorous
• Allowed open ended protection profiles for future products like firewalls and
intrusion detection devices
• Trusted computing base (TCB): Parts of trusted operating system responsible for
correct enforcement of security policies
• TCB constituents:
• Hardware: processors, memory, registers, clock and I/O devices
• Security critical processes
• Primitive files: security access control database, authentication & identification data
• Protected memory
• Inter-process communication
• Trusted system maintain an audit log of all security related changes like
installation of new programs, or modification to operating system
• Audit log is protected against tampering, modification and deletion by
unauthorized users
• Audit logging is active throughout system operations
• If audit medium fills to capacity, the system shuts down
• Security templates: Group of policies which can be loaded into one procedures
– commonly used in corporate environment.
• Example:
Plain Text: Lets meet for coffee at 4:00pm at Barista
Encrypted Text:
fUfDPzlyJu5LOnkBAf4vxSpQgQZltcz7LWwEtrughon5kSQIkQlZtfxtSTstutq6gVX4SmlC3
A6RDAhhL2FfhfoeimC7sDv9G1Z7pCNzFLp0lgAWWA9ACm8r44RZOBiO5skw9cBZjZVfg
mQ9VpFzSwzLLODhCU7/2THg2iDrW3NGQZfz3SSWviwCe7GmNIvp5jEkGPCGcla4Fgdp
/xuyewPk6NDlBewftLtHJVf
• Stuxnet
• Sony BMG Copy Protection
• Lion
• NTRootkit
CC:46:D6 - Cisco
3C:5A:B4 - Google, Inc.
3C:D9:2B - Hewlett Packard
00:9A:CD - HUAWEI TECHNOLOGIES CO.,LTD
• Wiretapping
• Causes for interception
• Anonymity
• Many points of attack
• Sharing
• System complexity
• Unknown perimeter
• Unknown path
• Loss of service
• Causes for interruption
• Routing
• Excessive demand
• Component failure
• Network design incorporates
redundancy to counter
hardware failure
• In Jan 2013, New York Times, Washington Post and Wall Street Journal
sites were sent massive traffic resulting in collapse of these sites
• Allegedly these were attacked by hackers with allegiance to China
• In August 2013, Syrian Electronic Army shut access to New York Times
website for 20 hours
• In June 2014, Syrian Electronic Army redirected Reuters readers to a
message that the site has been hacked
There are variations of ping that can be used to execute an attack, some are:
• ping –n : specify the number of times a request is sent
• ping –l : specify the amount of data sent with each packet
• ping –t : continue pinging until the host times out
• A Ping of Death is an attack, in which the attacker aims to disrupt a targeted machine by
sending a packet larger than the maximum allowable size, causing the target machine to
freeze or crash.
• While ping packets are normally very small, IP4 ping packets can be as larger than the
maximum allowable packet size of 65,535 bytes. Some TCP/IP systems were never
designed to handle packets larger than the maximum, making them vulnerable to
packets above that size.
• When a maliciously large packet is transmitted from the attacker to the target, the
packet becomes fragmented into segments, each of which is below the maximum size
limit. When the target machine attempts to put the pieces back together, the total size
exceeds the limit and a buffer overflow can occur, causing the target machine to freeze,
crash or reboot.
BITS Pilani, Pilani Campus
Ex3: Smurf
• Smurf malware builds a spoofed packet that has its source address set to the real IP
address of the targeted victim.
• The packet is then sent to an IP broadcast address of a router or firewall, which in turn
sends requests to every host device address inside the broadcasting network, increasing
the number of requests by the number of networked devices on the network.
• Each device inside the network responds to the spoofed address of the target with an
ICMP Echo Reply packet.
• The target victim then receives a deluge of ICMP Echo Reply packets, becoming
overwhelmed and resulting in denial-of-service to legitimate traffic.
BITS Pilani, Pilani Campus
Ex4: Echo-Chargen
• An attacker can ask a router to declare that it has best path for all
IP addresses
• All traffic will be re-directed to this router automatically resulting
in flooding
• Attacker allows communication to start between parties and then takes over
i.e. take control once authentication is over
• Un-encrypted sites have high exposure to this risk
• It takes advantage of TCP/IP design protocol. Changes source IP in the IP
header causing communication redirect
• Hackers often begin with known vulnerabilities for which patches haven’t been
installed by the user
• Zero-day-exploit: exploitation of a vulnerability for which a patch is not yet
available
• R-U-Dead-Yet, EvilGrade, Zeus are some tools which identify vulnerabilities to
help organize an attack
• Link & End to end encryption data is encrypted but client & server address
remain exposed
• TOR prevents an eavesdropper from learning source, destination, or content
of data in transit
• Protection is achieved by transferring communication around a network of
computer before delivery to receiver
• Ex: A needs to send a packet to B. It routes it thru X, Y & Z.
• A encrypts the packet with B’s public key and appends a header from Z to B
• Then A encrypts the result with Z’s public key and appends a header from Y to Z
• Then A encrypts the result with Y’s public key and appends a header from X to Y
• Then A encrypts the result with X’s public key and appends a header from A to X
• Upon receipt of the packet, intermediate nodes only know the previous and next nodes for
the packet and not the whole path
• The client with access to all the encryption keys i.e key 1, key 2 & key 3 encrypts the message (get request) thrice
wrapping it under 3 layers like an onion which have to be peeled one at a time.
• This triple encrypted message is then sent to the first server i.e. Node 1(Input Node).
• Node 1 only has the address of Node 2 and Key 1. So it decrypts the message using Key 1 and realises that it
doesn’t make any sense since it still has 2 layers of encryption so it passes it on to Node 2
• Node 2 has Key 2 and the addresses of the input & exit nodes. So it decrypts the message using Key 2 realises that
its still encrypted and passes it onto the exit node
• Node 3 (exit node) peels of the last layer of encryption and finds a GET request for youtube.com and passes it onto
the destination server
• The server processes the request and serves up the desired webpage as a response. The response passes through
the same nodes in the reverse direction where each node puts on a layer of encryption using their specific key
• It finally reaches the client in the form of a triple encrypted response which can be decrypted since the client has
access to all the keys
• Rule 1: Allow traffic from any outside host to 192.168.1 subnet on port 25 (mail transfer)
• Rule 2: Allow traffic from any outside host to 192.168.1 subnet on port 69 (file transfer)
• Rule 3: Allow traffic from 192.168.1 subnet to any outside host on port 80 (web pages)
• Rule 4: Allow traffic from any outside host to 192.168.1.18 on port 80 (web server)
• Rule 5 & Rule 6: Deny all other traffic (inbound or outbound)
• Every packet between two hosts contains source address & port and destination
address & port
• NAT firewall conceals real internal addresses from outsiders who don’t know the
real addresses and can not access these real addresses directly
• Firewall replaces source address by its own address and keeps entries of original
source address & port and destination address & port in a mapping table.
• Fortinet Fortigate
• Cisco ASA NGFW
• pfSense
• Sophos UTM
• WatchGuard Firebox
• Meraki MX Firewalls
• Juniper SRX
• Palo Alto Network VM-Series
• State based
• Monitors system going thru overall state change
• Identify when a system has veered into unsafe state
• Model based
• List of known bad activities
• Each activity has a degree of bad
• Action when an activity of certain bad degree occurs
• Overall cumulative activities cross a certain degree of bad
• Misuse intrusion detection
• Compare real activity with a known representation of normality
• Ex: password file being access by utilities other than login, change
password, create user etc
• Code modification checkers: compares the active version of source code with
saved version (Tripwire)
• Vulnerability scanners: checks and report known vulnerabilities and flaws in a
network (ISS Scanner, Nessus)
• Strengths:
• Can detect ever growing number of attacks
• New signatures can be configured
• Have become cheaper and easy to operate
• Can operate in stealth mode to avoid attackers
• Limitations:
• Requires strong defense else attacker can render an IDS ineffective
• Attackers tend to gain insight into IDS working over a period of time
• Poor sensitivity could limit accuracy
• Someone needs to monitor IDS reports for actions
• McAfee NSP
• Trend Micro TippingPoint
• HillStone NIPS
• Darktrace Enterprise Immune System
• NSFocus NGIPS
• H3C SecBlade IPS
• Huawei NIP
• Entrust IoTrust Identity and Data Security
• Cisco FirePower NGIPS
Requirement Characteristics
• Correctness
• Consistency
• Completeness
• Realism
• Need
• Verifiability
• Traceability
Smaller organization will need a minimum of Incident Response Manager and ICT Technical Staff
BITS Pilani, Pilani Campus
5: Accountability…
• Specific responsibilities
• Users may be responsible for their own personal computers and devices
• Project leaders may be responsible for project data and assets
• Managers may be responsible to ensure that people they supervise
implement security measures
• DBAs may be responsible for access to and integrity of their databases
• Information officers may be responsible for creation, use, retention and
proper disposal of data
• HR may be responsible for screening employees and training them in
security measures
• Document the contact (phone, backup phone, email, residential
address etc) details of security response team members and keep
it in secure place
• Security plan must articulate the potential losses v/s cost incurred
in implementing security measures
• Security plan must present technical issues in a language which
can be understood and appreciated by non-technical people
• Security plan should avoid technical jargon and should use
business terminology
• Security plan should describe vulnerabilities and risks in terms of
financial terms for management attention
• What are the essential assets – things if lost will prevent doing
business
• Network, customer reservation system, traffic controllers etc
• What could disrupt availability of these assets – what are the
vulnerabilities
• A network could be unavailable due to failure, loss of power or corruption
• What is the minimum set of assets or activities required to keep
business operational to some degree
• Prepare manual system for such activities
Recovery… return to normal operation and (if applicable) remediate vulnerabilities to prevent similar
them have a different impact on recovery time, cost limitations or data loss:
versions
Rebuild the Slow, not Chances of This is, however, the only way to be
Very costly
system(s) or data loss
environment
from zero
Statistics show
that very often
incidents are only Therefore, it is important to check your backup for viruses, rootkits and backdoors before
revealed after BITS Pilani, Pilani Campus
Communication Phase
• Reporting
• Detection
• Triage
• Response
• Post-mortem
• Education
• Study current data to predict future attack trends (preventive
measure)
• Incident affecting one site may affect another site and analysis
from one place may help another place
• No standards for automated information sharing between CSIRTs
• Sharing is also hindered due to fear of competition, regulations
and negative publicity
5
BITS Pilani, Pilani Campus
Security Assessment Overview
• Definition
– Security assessment identifies existing IT vulnerabilities and recommends
countermeasures for mitigating potential risks
• Goal
– Make the infrastructure more secure
– Identify risks and reduce them
• Consequences of Failure
– Loss of services
– Financial loss
– Loss of reputation
– Legal consequences
• Non-Intrusive
– Security Audit
– Risk Assessment
– Risk Analysis
• Intrusive
– Vulnerability Scan
– Penetration Testing / Ethical Hacking
• Goal is to identify vulnerabilities and improving security
– Differ in rules of engagement and limited purpose of the specific
engagement (what is allowed, legal liability, purpose of analysis, etc.)
• Security Risk: is the probability that a specific threat will successfully exploit
a vulnerability causing a loss.
• Anger at company
Insiders with Malicious Intent
• Competition with co-worker(s)
• Floods
Environmental Damage • Earthquakes
• Fires
1. Define objectives
2. Define deliverables
• Continuously
– Part of the normal workflow
– Provides “real-time” risk view
– Often supported by technology and analysis tools
– Integrated with other IT/business processes
• ISO 13335
– Information technology (Guidelines for the management of IT Security -
Part 1: Concepts and models for IT Security)
– Assists with developing baseline security.
• NIST SP 800-xx
– Different standards for various applications
• Technical
– Security Operations: vulnerability assessment, patch management, intrusion
detection, scanning, forensics, response management, security technology
research
– Security Architect: technology implementation, implementation options
– Security Administrator: user administration, server security configuration,
desktop security
– Resource Owner: own any residual risk after controls are implemented
– Resource Custodian: implements/monitors controls
• Communications
– Security Communications: marketing, awareness
Source: CSCIC & Meta Group, Inc.
Name Description
Designed to help detect and identify pirated software through
Software Audit Tool tracking licenses. It is a suite of tools used by the Business
(GASP) Software Alliance and is freely available at:
http://global.bsa.org/uk/antipiracy/tools/gasp.phtml
This offers advanced configuration support for LAN and WAN interfaces, NAT,
Stateful Firewall Policy, Inline Intrusion Prevention and IPSec virtual private
CISCO Router network (VPN) features. It also provides a 1-click router lockdown and ability
and Security
to check and recommend changes to router configuration based on ICSA Labs,
Device Manager
and Cisco TAC recommendations.”
http://www.cisco.com/en/US/products/sw/secursw/ps5318/
Linux This site provides a listing of various Linux configuration tools for system and
Configuration network configuration, X configuration, library and kernel dependency
and Diagnostic management, and general diagnostics.
Tools http://www.comptechdoc.org/os/linux/usersguide/linux_ugdiag.html
Utility for network exploration or security auditing. Can scan large networks or
single hosts. It uses raw IP packets to determine hosts available on network,
Nmap
services those hosts are running, OS and OS version they are running, type of
packet filters/firewalls being used, etc.
http://www.insecure.org/nmap/nmap_download.html
Network Reconnaissance Tool. Supports various TCP port & filter scans, UDP
MingSweeper scans, OS detection (NMAP and ICMP style), Banner grabbing etc.
http://www.hoobie.net/mingsweeper/
Network mapping tool with graphical user interface (GUI).
Cheops
http://www.marko.net/cheops/
Remote OS detector. Sends obscure TCP packets to determine remote OS.
QueSO
http://www.antiserver.it/Unix/scanner/Unix-Scanner/
4
BITS Pilani, Pilani Campus
Cyber Crime: What is it?
6
BITS Pilani, Pilani Campus
Cyber Crime: Alternate Definition
7
BITS Pilani, Pilani Campus
Cyber Crime Attack Types
8
BITS Pilani, Pilani Campus
Impact of Cyber Crime in India
Direct impact on
ime s
business with
e r C r financial loss
C y b
s e in o v id
cre a o f C
in h s
60% 5 mont
la s t
in
9
BITS Pilani, Pilani Campus
Challenges for Securing Data
11
BITS Pilani, Pilani Campus
Who are Cyber Criminals?
13
BITS Pilani, Pilani Campus
Hungry for Recognition
14
BITS Pilani, Pilani Campus
Not Interested in Recognition
• Psychological perverts
– Express sexual desires, deviates from normal behavior
• Financially motivated hackers
– Make money from cyber attacks
– Bots-for-hire: fraud through phishing, information theft, spam and
extortion
• State-sponsored hacking
– Hacktivists
– Extremely professional groups working for governments
– Have ability to worm into the networks of the media, major corporations,
defense departments etc
15
BITS Pilani, Pilani Campus
The Insiders
16
BITS Pilani, Pilani Campus
Motives for Cyber Crime
• Money
• Gain power
• Publicity
• Revenge
• Sense of adventure
• Thrill to access forbidden information
• Destructive mindset
• Sell security services
17
BITS Pilani, Pilani Campus
Classification of Cyber Crimes
• Against an individual
• Against property
• Against organization
• Against society
• Crimes emanating from Usenet newsgroup
18
BITS Pilani, Pilani Campus
Cyber Crimes: Against an Individual
19
BITS Pilani, Pilani Campus
Cyber Crimes: Against Property
20
BITS Pilani, Pilani Campus
Cyber Crimes: Against Organization
• Forgery
• Cyber terrorism
• Web jacking
22
BITS Pilani, Pilani Campus
Cyber Crimes: Emanating from Usenet
Newsgroup
• Usenet groups may carry very offensive, harmful, inaccurate
material
• Postings that have been mislabeled or are deceptive in another
way
• These should be taken in with a considered view
23
BITS Pilani, Pilani Campus
E-Mail Spoofing
• E-mail spoofing is the forgery of an e-mail header so that the message appears to have
originated from someone or somewhere other than the actual source.
• It is possible to send a message that appears to be from anyone, anywhere, saying
whatever the sender wants it to say.
• Thus, someone could send spoofed e-mail that appears to be from you with a message
that you didn't write.
• Example: senders who might prefer to disguise the source of the e-mail include a sender
reporting mistreatment by a spouse to a welfare agency.
• Most spoofed e-mails fall into the "nuisance" category and require little action other
than deletion; the more malicious varieties can cause serious problems and security
risks.
• Spoofed e-mail may purport to be from someone in a position of authority, asking for
sensitive data, such as passwords, credit card numbers, or other personal information -
any of which can be used for a variety of criminal purposes.
• Bank of America, eBay, and Wells Fargo are among the companies who were spoofed in
mass spam mailings.
• One type of e-mail spoofing, self-sending spam, involves messages that appear to be
both to and from the recipient.
24
BITS Pilani, Pilani Campus
Spamming
25
BITS Pilani, Pilani Campus
Search Engine Spamming
26
BITS Pilani, Pilani Campus
Web Publishing Techniques to Avoid
• Repeating keywords
• Use of keywords that do not relate to the content on the site
• Use of fast meta refresh i.e. change to the new page in few
seconds.
• Redirection
• IP cloaking i.e. including related links, information, and terms.
• Use of colored text on the same color background
• Tiny text usage
• Duplication of pages with different URLs
• Hidden links
27
BITS Pilani, Pilani Campus
Cyber Defamation
28
BITS Pilani, Pilani Campus
What Amount to Defamation?
29
BITS Pilani, Pilani Campus
Types of Defamation
30
BITS Pilani, Pilani Campus
Cyber Defamation Case Examples
31
BITS Pilani, Pilani Campus
Internet Time Theft
32
BITS Pilani, Pilani Campus
Salami Attack / Salami Technique
33
BITS Pilani, Pilani Campus
Data Diddling
34
BITS Pilani, Pilani Campus
Forgery
35
BITS Pilani, Pilani Campus
Hacking
36
BITS Pilani, Pilani Campus
History of Hacking
37
BITS Pilani, Pilani Campus
Hacking V/S Cracking
38
BITS Pilani, Pilani Campus
Types of Hackers
39
BITS Pilani, Pilani Campus
Case Study 1: NASA Site Hacked thru SQL
Injection (2009)
• Two NASA sites recently were hacked by an individual wanting to demonstrate that the
sites are susceptible to SQL injection.
• The websites for NASA's Instrument Systems and Technology Division and Software
Engineering Division were accessed by a researcher, who posted to his blog screen shots
taken during the hack.
• A researcher, using alias "c0de.breaker," used SQL injection to hijack the sites.
• SQL injection is an attack process where a hacker adds additional SQL code commands to
a page request and the web server then tries to execute those commands within the
backend database
• The NASA hack yielded the credentials of some 25 administrator accounts.
• The researcher also gained access to a web portal used for managing and editing those
websites.
• In this particular case, the researcher found the vulnerabilities, made NASA aware of
them, then published findings after the websites had been fixed.
• An attacker, however, could have tried to use that web server as an entry point into
other systems NASA might control or edit the content of the sites and use them for drive-
by downloads.
40
BITS Pilani, Pilani Campus
Case Study 2: Nadia Suleman’s Site Hacked
(2009)
41
BITS Pilani, Pilani Campus
Case Study 2: Nadia Suleman’s Site Hacked
(2009) – The Story
• LOS ANGELES, CA: Octuplet mom Nadya Suleman launched a website to solicit
donations, but it was immediately hacked by a group of vigilante mothers!
• The website originally featured photos of all eight octuplets, a “thank you” note from
Suleman, images of children’s toys and a large donation button for viewers to send
money through. Suleman also provided an address where people can send baby use
items.
• The site was hacked and brought down within hours. The original homepage was left up
but defaced, as seen in the screenshot.
• The site was tagged by famous hacker group MOD (Mothers of Disappointment). The
group has a history of attacking personal sites they disapprove of, including Britney
Spears when she hung dry her sons on a clothes after a bath.
• Reporters received a short note from an anonymous e-mail address:
– MOD will not tolerate the selfish acts of bad parenting, we will remain true to our mission despite any
setbacks viva la maternity (call your mother, she misses you)
• Site was restored with extra security measures to guard against future attacks.
42
BITS Pilani, Pilani Campus
How do Pedophiles Operate?
43
BITS Pilani, Pilani Campus
Software Piracy
44
BITS Pilani, Pilani Campus
Pirated Software Has a Lot to Loose
45
BITS Pilani, Pilani Campus
Computer Sabotage
46
BITS Pilani, Pilani Campus
E-Mail Bombing / Mail Bombs
47
BITS Pilani, Pilani Campus
Network Intrusion
48
BITS Pilani, Pilani Campus
Password Sniffing
49
BITS Pilani, Pilani Campus
Credit Card Frauds
• Credit card fraud is a term for theft and fraud committed using or
involving a payment card, such as a credit card or debit card, as a
fraudulent source of funds in a transaction.
• The purpose may be to obtain goods without paying or to obtain
unauthorized funds from an account.
• Credit card fraud is also an adjunct to identity theft.
50
BITS Pilani, Pilani Campus
Identity Theft
51
BITS Pilani, Pilani Campus
Identity Theft: Real Cases
52
BITS Pilani, Pilani Campus
Cyber Crime: Legal Perspective
53
BITS Pilani, Pilani Campus
Cyber Crime: Legal Perspective…
54
BITS Pilani, Pilani Campus
Cyber Crime: Indian Perspective
• India has the fourth highest number of internet users in the world.
• 350+ million internet users in India
• 37% - in cyber cafes
• 57% are between 18 and 35 years
• Information Technology (IT) Act, 2000, specifies the acts which are
punishable. The primary objective of this Act is to create an
enabling environment for commercial use of IT
55
BITS Pilani, Pilani Campus
Cyber Crime: Indian Perspective…
• 217 cases were registered under IT Act during the year 2007 as
compared to 142 cases during the previous year (2006)
• Thereby reporting an increase of 52.8% in 2007 over 2006.
• 22.3% cases (49out of 217 cases) were reported from Maharashtra
followed by Karnataka (40), Kerala (38) and Andhra Pradesh and
Rajasthan (16 each).
56
BITS Pilani, Pilani Campus
Incidence of Cyber Crime in Cities (2006
v/s 2007)
• 17 out of 35 mega cities did not report any case of Cyber Crime i.e,
neither under the IT Act nor under IPC Sections) during the year
2007.
• 17 mega cities have reported 118 cases under IT Act and 7
megacities reported 180 cases under various section of IPC.
• There was an increase of 32.6% (from 89 cases in 2006 to 118
cases in 2007) in cases under IT Act as compared to previous year
(2006),
• An increase of 26.8% (from 142 cases in 2006 to 180 cases in 2007)
of cases registered under various section of IPC
• Bengaluru (40), Pune (14) and Delhi (10) cities have reported high
incidence of cases (64 out of 118 cases) registered under IT Act,
accounting for more than half of the cases (54.2%) reported under
the Act. 57
BITS Pilani, Pilani Campus
BITS Pilani
Pilani Campus
• Active attack
– Used to alter system
– Affects the availability, integrity and authenticity of data
• Passive attack
– Attempts to gain information about the target
– Leads to breaches of confidentiality
• Inside attack
– Attack originating and/or attempted within the security perimeter of an
organization
– Gains access to more resources than expected.
• Outside attack
– Is attempted by a source outside the security perimeter,
– May be an insider or an outsider, who is indirectly associated with the
organization
– Attempted through internet or remote access connection
BITS Pilani, Pilani Campus
Cyber Crime Life Cycle
• Arphound: Listens network traffic and reports • Hmap: finger printing of web servers
IP/MAC mismatches & IP conflicts • Hping: TCP/IP packet analyzer
• Arping: Discovers and probes computers on a • Hunt: Exploit vulnerabilities in TCP/IP
network • Netcat: reads and writes network
• Bugtraq: Mailing list about security related issues connections using TCP & UDP
• Dig: Queries domain name service database • Nmap: network explorer – security and
• DNStacer: Where does a DNS servers gets it port scanner
information from and follows the chain of servers • TCPdump: command line packet
• Dsniff: Password sniffing and network analysis tool analyzer
• Filesnarf: sniffs files from NFS file system • TCPreplay: edits and replays previously
• FindSMB: information about machine and subnets captured packets
Botnet creation
DDoS attacks
Malware and spamdexing Phishing
Adware installation attacks
Spam attacks Stealing
confidential
information