History-The first recorded cyber crime took place in the year1820.-The first spam email took place in 1978 when it wassent over the Arpanet-The first VIRUS was installed on an Apple computer in1982
History• In 1983, Kevin Mitnick did an intrusion on a Pentagon’s computer• Robert Tappan Morris created the first worm and sent it from MIT to the web and caused $50,000 of damages• In 1994, Vladimir Levin intruded in an American bank computer and stole 10 millions dollars• Jonathan James “c0mrade”, 16 years old, infiltrated a NASA computer in 1999 and had access to data worth 1,7 millions dollars• Today (CSI Report, 2007): – 46% of companies have admitted to suffering financial losses due to security incidences. The reported loss amounted to a total of approximately $66,930,000. – 39% of companies have been unable (or unwilling) to estimate the cost of their losses.• Financial Losses, Personal losses, Privacy losses, Data Losses, Computer Malfunction and more…..
Types of Cyber CrimeHACKING CREDIT CARD FRAUDNET EXTORTION PHISHINGDENIAL OF SERVICE ATTACK SPOOFING VIRUS DISSEMINATION CYBER STALKINGSOFTWARE PIRACY CYBER DEFAMATION PORNOGRAPHY THREATENING IRC Crime SALAMI ATTACK
HackingHacking, in simple terms, means illegal intrusioninto a computer system without permission of the computerowner / user. DENIAL OF SERVICE ATTACKThis is an act by the criminal who floods the bandwidth of thevictim’s network or fills his e-mail box with spam maildepriving him of the services he is entitled to access orprovide
VIRUS DISSEMINATIONVirus is a malicious software that attaches itself to other softwareand causes break down of the operating systemin extreme cases. Thekinds of viruses are –worms,Trojan Horse,Time bomb virus, Logic Bomb,True LoveSpywareMalwareHoaxes
SOFTWARE PIRACY• Theft of software through illegal copying of original programs and distribution of the products intended to pass for the original.• Retail revenue losses worldwide are ever increasing due to this crime.• This can be done in various ways - End user copying, Hard disk loading, Illegal downloads from the internet etc.
PORNOGRAPHYPornography is the first consistently successful e-commerceproduct. Deceptive marketing tactics and mouse trapping technologiesused in Pornographic sites encourage PORNOGRAPHYcustomers to access these sites.Anybody, irrespective of age, can fall prey to the pornographicsites at a click of mouse.Publishing, transmitting any material in electronic formwhich is lascivious or appeals to the prurient interest is anoffence under the provisions of section 67 of I.T. Act -2000.
IRC CRIMEInternet Relay Chat (IRC) servers have chat rooms inwhich people from any corner of the world can come togetherand chat with each other. Criminals use it for meeting co-conspirators.Hackers use it for discussing their exploits / sharing theTechniquesPedophiles use chat rooms to allure small childrenCyber Stalking - In order to harass a female, hertelephone number is shared pseudonymously with othersas if she craves to befriend males.
CREDIT CARD FRAUDYou simply have to type credit card number into www page of the vendor for online transaction.If electronic transactions are not secured, the credit card umbers can be stolen by the hackers who can misuse this card by impersonating the credit card owner.
NET EXTORTIONCopying the company’s confidential data in order to extort huge amounts of money from the said company.PHISHINGIt is the technique of pulling out confidential information of the account holders from their banks /financial institutions by deceptive means.
Phishing E-mailFrom : ICICI Bank[mailto:firstname.lastname@example.org]Sent : 08 June 2004 03:25To : IndiaSubject : Official information from ICICIBankDear valued ICICI Bank Customer ! For security purposes your account has been randomly chosen for verification. Toverify your account information we are asking you to provide us with all the data we arerequesting.Otherwise we will not be able to verify your identity and access to youraccount will be denied. Please click on the link below to get to the ICICI secure page andverify your account details.Thank you.https://infinity.icicibank.co.in/Verify.jspICICI Bank Limited
SpoofingA technique used to gain unauthorized access to computers,whereby the intruder sends hoax messages to a computerwith such an IP address which indicates that the message iscoming from trusted host.
CYBER DEFAMATION• Sending defamatory messages through e-mail to the victim or his relatives, friends, etc. or posting of the defamatory material on a website.---(Disgruntled employee may do this against boss, exboyfriends against a girl and divorced husband against his wife, to name a few.)
SALAMI ATTACKA “salami attack” is a form of cyber crime usually used for thepurpose of committing financial crimes in which criminals steal moneyor resources a bit at a time from financial accounts on a system. Asingle transaction of this kind would usually go completely unnoticed.In such a crime, the perpetrator introduces minor changes to theprogram or a software which are so insignificant that they go almostunnoticed and derive huge benefit out of thesame. e.g. Criminal makes such program that deducts small amount like Rs.2.50 per month from the account of all the customer of the Bank anddeposit the same in his account.In this case no account holder will approach the bank for such smallamount but criminal gains huge amount.
• American Lottery• UK Lottery• Yahoo Lottery• Microsoft Lottery • Hotel Industry• RBI Lottery • Hospital • RBI• Google Lottery • MNC Companies • ICICI Bank• Canada Mobile draw • International Job offer • HDFC Bank• Coca Cola Lucky draw • Shipping Industry • Axis Bank• BMW Lottery • Reputed Universities • State Bank of India• Vodafone Lucky draw • Canada Mobile draw • Royal Bank of Scottland
Cyber security-Involvesprotection of sensitive personal &business information through prevention,detection and response to different onlineattacks-Protects from attacks by detecting andpreventing
Loss of Personal Information• Human error, 32%• Software corruption, 25%• Virus attack (malware), 22%• Hardware failure, 13%• Natural disasters, 2%
Finding an IP Address via Instant Messengers Case: If you are chatting on messengers like MSN, YAHOO etc. then the following indirect connection exists between your system and your friend’s system: Thus in this case, you first have to establish a direct connection with your friend’s computer by either sending him a file or by using the call feature. Then, goto MSDOS or the command line and type: C:>netstat -n This command will give you the IP Address of your friend’s computer.
Finding an IP Address via Instant MessengersCountermeasures Do not accept File transfers or calls from unknown people Chat online only after logging on through a Proxy Server.A Proxy Server acts as a buffer between you and the un-trusted network known asthe Internet, hence protecting your identity.Some good Proxy Servers are:Wingate (For Windows Platform)Squid (For Unix Platforms)
DOS Attacks: Ping of Death AttackThe maximum packet size allowed to be transmitted by TCPIPon a network is 65 536 bytes.In the Ping of Death Attack, a packet having a size greater thanthis maximum size allowed by TCPIP, is sent to the target system.As soon as the target system receives a packet exceeding theallowable size, then it crashes, reboots or hangs.This attack can easily be executed by the ‘ping’ command asfollows: ping -l 65540 hostname
Threats from Sniffers and Key Loggers Sniffers: capture all data packets being sent across the network in the raw form. Commonly Used for: Traffic Monitoring Network Trouble shooting Gathering Information on Attacker. For stealing company Secrets and sensitive data. Commonly Available Sniffers tcpdump Ethereal Dsniff
Threats From Key Logger Key loggers: Record all keystrokes made on that system and store them in a log file, which can later automatically be emailed to the attacker. Countermeasures Periodic Detection practices should be made mandatory. A Typical Key Logger automatically loads itself into the memory, each time the computer boots. Thus, the start up script of the Key Logger should be removed.E.g. 1.SpyAgent 2.WebWatcher 3.PC Pandora
Default Settings Default Settings• Many access points arrive with no security mechanism in place• Changing the default settings before deployment should be a matter of organizational practice
• An Employee/user may unknowingly infect the network by using an infected device. Malicious downloads, infected files, corrupted images and other threats can easily spread via portable devices.
Attack Via Social network Social network users can expect more threats to travel virally,infecting everyone on a users friends list.viruses are likely be designed to steal or delete users personalinformation, which can be sold in numerous black markets andused to acquire credit card and bank information
Attacker uses multiple transparent or opaque layers to trick users into revealingconfidential information, or taking control of a users computer when they wereintending to click on the top level page. Thus, the attacker is "hijacking" clicksmeant for their page and routing them to other another page, most likely . Expectto see an increase of this malicious behavior over the next few years. Using a similar technique, keystrokes can also be hijacked. With a carefullyCrafted combination of stylesheets, iframes, and text boxes, a user can be ledto believe they are typing in the password to their email or bank account, butare instead typing into an invisible frame controlled by the attacker. Clickjacking attack allows to perform an action on victim website, MostlyFacebook and Twitter accounts are targetable.
Clickjacking is a term first introduced by Jeremiah Grossman andRobert Hansen in 2008 to describe a technique whereby an attackertricks a user into performing certain actions on a website by hidingclickable elements inside an invisible iframe.Using a similar technique, keystrokes can also be hijacked. With acarefully crafted combination of stylesheets, iframes, and text boxes, auser can be led to believe theyare typing in the password to theiremail or bank account, but are instead typing into an invisible framecontrolled by the attacker
One of the more persistent threats of 2010 was fake anti-virus, alsocommonly known as “scareware” or “rogueware.The user receives a warning that their system is infected with somenasty malware and forced to pay for a “full” version of the software toremove the threatIn most cases there’s no real danger, and in many cases they’re actuallyinstalling additional malware on the system and taking your creditcard information. With this kind of data handed over so freely, cybercrooks can drain your bank account or completely take over youridentity.
• The search engine is our gateway to the Web, and cyber crooks are skilled at manipulating search results from the engines such as Google, Bing and Yahoo!• Best partner for SQL injection is . We can find the Vulnerable websites(hackable websites) using Google Dork list. google dork is searching for vulnerable websites using the google searching tricks. There is lot of tricks to search in google. But we are going to use "inurl:" command for finding the vulnerable websites.• Find live webcams by searching for: inurl:view/view.shtmlHow hackers attack webcams Most hackers utilize so-called Trojan horse attacks, says Stiennon. When we click on an attachment or download a piece of music or video infected with malware, and a hacker is able to remotely control your PC’s functions. --Do look for the indicator light.
-Install a firewall , pop-up blocker-Ensure your virus definitions are up to date-Use strong passwords , don’t give personal information unlessrequired(not even phone number)-Use secure connections-Disable file sharing , turn off internet when not in use-Use spam filters , delete spam immediately-Use various passwords for various accounts-Don’t believe in everything you read online-Open attachments carefully-Beware of promises to make fast profits-Be smart , don’t act foolish and help in spreading spam