Transcript of "Ethical Hacking Basics and Cyber Crime."
Table of Contents
What is cyber security?
1.1Why do we need cyber security?
1.2Cyber Law India.
2.1 E-mail Threats.
2.2 Website Threats.
2.3 Network Threats.
2.4 Phone Threats
2.5 Debit and credit card threats.
2.6 Trojans, spywares and viruses.
2.7 Wi-Fi Security.
Some common methods used in attacks.
3.2 Password Cracking.
Security on Internet.
Career in Cyber Security.
What is Cyber Security?
Cyber security is information security as applied to computers and networks. The field covers all
the processes and mechanisms by which computer-based equipment, information and services
are protected from unintended or unauthorized access, change or destruction. Computer security
also includes protection from unplanned events and natural disasters.
Why do we need cyber security?
There are many numbers of reasons. The cyber community changes in an unbelievable pace.
The nature of the Internet as a tool for communication and education has been used and misused
for personal gain, which resulted in cyber-attacks and unprecedented rise in cyber-crime rates.
These rates are expected to increase more rapidly in the coming years if cyber security is not put
1-Hackers are everywhere, they find loopholes and vulnerabilities in our system and thus they
can read or manipulate our private data or confidential information. Moreover, they can create
backdoors so that they could access our system whenever they want.
2- Internet scams and frauds are rampant. These include phishing, a very organized cyber-crime,
which deceives people into giving their banking details.
3- Viruses, worms and malwares are very harmful for our computers and systems. They can slow
down our systems and even damage it. Malwares could send our logs to other person (hacker).
4- Spyware, as the name hints, can spy on you. A computer program automatically installed on
your computer, spyware tracks personal information you entered and sends it to its creator.
Cyber Law India: With anonymously growing of internet, it has become necessary to
make a body that has controls over the internet. Because one can miss use it and can commit
crimes. India also has a cyber-law. It covers these areas:1.
The basic of Internet Security.
Basic information on Indian Cyber Law.
Impact of technology aided crime.
Indian IT act on covering the legal aspect of all online activities.
Types of Internet policies required for an organization.
Minimum Hardware and software, security measures required for an organization to
Internet Threats:E-Mail Threats
Electronic mail (email) is a widely used communication mechanism that can be categorized into
two basic types of web-based service: an open web-based email service and a closed web-based
service. The first category provides web-based email accounts to anyone for free or at a fee. The
second category provides email accounts that are managed by organizations for employees,
students, and members only. Commercial and social websites rely on the security of email
accounts. Large amounts of email exchanges are occurring daily, some of which contain personal
information, company secrets, and sensitive information. This makes email accounts very
valuable and becomes one of the main causes of email hacking.
As rules that govern unsolicited emails tighten, spammers attempt to find new ways around
them. Attackers often send massive email broadcasts with a hidden or misleading incoming IP
address and email address. Some users may open the spam, read it, and possibly be tempted by
whatever wares or schemes are offered. If the spammer were to get a hold of a company‘s
sending email and IP address, the impact on the company's business would be devastating. The
company‘s Internet connection would be terminated by its Internet Service Provider (ISP) if its
email and IP address are added to the black list of known spamming addresses. Effectively, this
would shut down the company‘s online business because none of the emails would reach their
Some emails incorporate a virus as a means of transportation. The Sobig virus is an example of
such technology, creating a spamming infrastructure by taking over unwilling participants‘ PC.
This was a major threat to email security as spam will continue to spread and trigger dangerous
viruses for malicious intent.
This type of attack uses email messages from legitimate businesses that the user may be
associated with. Although the messages look authentic with all the corporate logos and similar
format as the official emails, they ask for verification of personal information such as the account
number, password, and date of birth. 20% of unsuspecting victims respond to them, which may
result in stolen accounts, financial loss, and even worse, identity theft.
To maintain privacy of your Email and to Protect our Email ID from being hacked
we must follow some basic steps as follows,
1. Enable two step verification in your Email accounts.
2. Enable Login-notification for your email and get notification in your mobile whenever
3. Set a strong password with a mix of alphabets, numbers and special characters.
4. Enable login- notification for you Facebook accounts to prevent unauthorized
5. Enable HTTPS in your email settings and your Facebook account settings.
6. Never share your password with anyone. Even to your closest person.
7. Setup a recovery question which is difficult to answer and never setup an easy &
guessable answer to your security question.
8. Never click on any links sent through mail or chat. It may be a link which can steal
your cookie or inject any viruses.
9. Always check your address bar for proper website address before logging in.
10. Whenever you Need to Forward an Email to More than One Person use the BCC
Option to Write Addresses.
11. If you are Unable to Access Your Email Account Immediately Report it to the
Provider. They Give You a Option of Forgot Password/Account Hacked etc.
12. Avoid Using FREE WIFI Access At Public Places.
Website Threats:Website is set of related webpages hosted by a webserver, accessible via a network such as the
Internet or a private local area network through an Internet address known as a Uniform resource
locator. All publicly accessible websites collectively constitute the World Wide Web. A website
is scripted or written in languages like HTML, PHP, .net, XHTML, CSS, java script, J query etc.
Most used webservers are:Apache
Authentication Process of websites:
Most of the websites today requires the user to sign up for their services. And then we have to
sign-in each time when we need the service. Some common examples are Facebook, Gmail,
twitter, forums, shopping websites, internet banking, online storage, etc. Each website gets the
username and password from the user and sends it to the server, where it is verified by
comparing it with the details in its database and then the user is allowed to use the specific
service offered by the website. All these things happen in few seconds over the internet.
Attacks on Websites & Web Applications
There are several Attacks performed on websites and web-based applications every minute, and
most of the attacks are due to improper coding and poor programming skills.
Some of the common attacks performed on website / webapplications are as follows
1. SQL Injection
3. RFI & LFI Attacks
SQL Injection Attacks- An SQL injection is probably the most abundant programming
flaw that exists on the internet at present. It is the vulnerability through which an unauthorized
person can access various critical and private data. The SQL injection is not a flaw in the web or
DB server, but is a result of the poor and inexperienced programming practices. And it is one of
the deadliest as well as easiest attacks to execute from a remote location.
Let's see an example, where the username ‗admin‘ with the password ‗i3indya‘ can log into the
site. Suppose the SQL query for this is carried out as below:
SELECT USER from database WHERE username=' admin' AND password='amity'
If the above SELECT command evaluates true, the user will be given access to the site otherwise
disallowed. Think what we could do if the script is not sanitized.. This opens a door for the
hackers to gain illegal access to the site.
In this example, the attacker can enter the following user data in the login form:
Username: a or 1=1—
So, this would make our query as:
SELECT USER from database WHERE username=' a' or 1=1-- ' AND password=''
Cross Site Scripting Attack ( XSS )
Cross Site Scripting or XSS is an attack which allows a hacker to insert malicious codes into the
webpage either temporarily or permanently. These codes which are inserted mostly run on client
side ( The end-user or victim ) and some on the server side ( Affecting all users of that website ).
It is a common vulnerability found in several web applications , Due to breaches of browser
security, XSS enables attackers to inject client-side script into Web pages viewed by other users.
There are two types of XSS,
1. Persistent XSS ( Stored XSS )
2. Non-Persistent XSS ( Reflected XSS )
Stored XSS vulnerability is a more devastating variant of a cross-site scripting flaw, it occurs
when the data provided by the attacker is saved by the server, and then permanently displayed on
"normal" pages returned to other users who normally visit that page. A classic example of this is
with online message boards where users are allowed to post HTML formatted messages for other
users to read. This is a severe threat to the users of that website.
Reflected XSS vulnerability is the most common type of XSS. These vulnerabilities show up
when the data provided by a web client, most commonly in HTTP query parameters or in HTML
form submissions, is used immediately by server-side scripts to parse and display a page of
results for and to that user, without properly sanitizing the request.
It is most commonly found in the search box of several websites which doesn‘t sanitize the input
given by the users. Which means it accepts special characters and other variables and allow
script to be run using the search box or other holes.
RFI & LFI Attacks
Remote File Inclusion ( RFI )
Remote File Inclusion (RFI) is a type of vulnerability of website which allows an attacker to
include a remote file, usually through a script on the web server. The vulnerability occurs due to
the use of user-supplied input without proper validation. This can be used just to display contents
of a file and can also be used for the following attacksA. Code execution on the web server
as cross site scripting (XSS).
C. Denial of Service (DoS)
D. Data Theft/Manipulation
Local File Inclusion ( LFI )
Local File Inclusion ( LFI ) is a vulnerability where the local files of the webserver can be
accessed by anybody by using their website in a browser. The attacker can traverse the entire
directory of the webserver therefore allowing access to sensitive data and password files.
The LFI can be exploited by using ―../‖ to traverse one directory up in a webserver. Therefore if
multiple ―../‖ is used then the attacker can access the root directory of the webserver and view
sensitive files such as the passwords. Usually in Unix servers the folder containing the passwords
is in ―etc/passwords‖ file.Suppose if a site is vulnerable to LFI , then the example below will
display the contents of the password file of a Unix server.
This is the RFI & LFI Attacks these can be prevented by restricting the access to folders and by
sanitizing the user inputs.
Countermeasures:1- Secure Programming is needed for programmers to prevent website and website users from
2-Users must be careful not to click on any unwanted links in websites.
3-Never use same password for different websites, even if one is compromised, you are safe.
4-Inputs must be sanitized in the web applications and web forms.
Network Attacks:A computer network or data network is a telecommunications network that allows computers to
exchange data. In computer networks, networked computing devices (network nodes) pass data
to each other along data connections. The connections (network links) between nodes are
established using either cable media or wireless media. The best-known computer network is the
Footprinting is the act of gathering information about a computer system and the companies it
belongs to. Footprinting is the first step hackers take in their hacking process. Footprinting is
important because to hack a system the hacker must first know everything there is to know about
it.First, a hacker would start gathering information on the targets website. Things a hacker would
look for are e-mails and names. This information could come in handy if the hacker was
planning to attempt a social engineering attack against the company.
The point of port scanning a server is to detect its open ports the port‘s listening services. Once a
hacker knows all the services running on your server, he could search for possible vulnerabilities
they may have and exploit them to take control of our website. Along with finding out what ports
are running, the hacker needs to also find out what operating system the server is running. There
are always a lot of operating system vulnerabilities out there to choose from. So by knowing the
operating system, the hacker‘s chances of taking over the server go up.
Denial-of-Service (DoS) – There are many types of DoS attacks, but they all have one
purpose: to make the target server unavailable for legitimate users. The most common type of
DoS attack is when the hacker sends a flood of information to the target server causing it to use
up all of its resources, and in return pushing it offline, or causing it to deny requests from
legitimate users trying to access it.
Buffer Overflow (BoF) – A buffer overflow happens when a program attempts to store
more data into a buffer, or a data storage area, then it was meant to hold. Because the buffer was
only meant to hold a certain amount of data, the extra information overflows into other buffers
causing them to be overwritten with malicious code created by the hacker. Once this code is
executed, the hacker can receive full control of the server.
ARP spoofing- It is a technique whereby an attacker sends fake (―spoofed‖) Address
Resolution Protocol (ARP) messages onto a Local Area Network. Generally, the aim is to
associate the attacker‘s MAC address with the IP address of another host (such as the default
gateway), causing any traffic meant for that IP address to be sent to the attacker instead.
ARP spoofing may allow an attacker to intercept data frames on a LAN, modify the traffic, or
stop the traffic altogether. Often the attack is used as an opening for other attacks, such as denial
of service, man in the middle, or session hijacking attacks.The attack can only be used on
networks that make use of the Address Resolution Protocol (ARP), and is limited to local
There are a few things we can do to stay secure from network hacking attempts1. Keep all your software up to date. There will always be new vulnerabilities coming out, and
your responsibility is to patch them immediately after a patch comes out.
2. Implement a firewall. This will keep most of the bad data out and good data in.
3. Install anti-virus software.
4. Scan your system with a vulnerability scanner. This may reveal possible vulnerabilities in your
Phone Hacking:Phone hacking is the practice of intercepting telephone calls or voicemail messages, often by
accessing the voicemail messages of a mobile phone without the consent of the phone's owner.
All smartphones, as computers, are preferred targets of attacks. These attacks exploit weaknesses
related to smartphones that can come from means of communication like SMS, MMS, wifi
networks, and GSM.
Malware Apps -Just as malware downloaded from the Internet can crack open our computer,
malware apps can leave our phone exposed. The major app stores usually try to prevent malware
apps from getting spread through their platforms, but malware apps do get through and can even
be distributed through Web pages as a download. Common sense is a fair barrier against
malware. Right now, the true extent of malware app penetration is unknown and may be
Phishing-Phishing may be actually more effective on a mobile Internet browser because the
smaller address bar makes it less likely that a user will carefully check the address before
entering information. The best way to protect yourself from phishing is to enter important
addresses – those for sites where you will be entering private information – from scratch.
GSM encryption Algorithm –Sometimes algos used by GSM services could be cracked and
lead to voicemail hacking. Nohl working with others around the Internet -- has created a
guidebook for cracking the Global System for Mobile communication's 64-bit A5/1 algorithm,
which was adopted in 1988. 3G networks use 128-bit encryption to protect Relevant
Products/Services caller privacy and the new A5/3 algorithm is being "phased in," GSM
Countermeasures:Being skeptical-A user should not believe everything that may be presented, as some
information may be phishing or attempting to distribute a malicious application. It is therefore
advisable to check the reputation of the application that you want to buy before actually
Permissions given to applications-The mass distribution of applications is accompanied by the
establishment of different permissions mechanisms for each operating systems. It is necessary to
clarify these permissions mechanisms to users, as they differ from one system to another, and are
not always easy to understand.
Mobile Antivirus- Many antiviruses for cell phones are available. E.g. Avast Mobile Security,
Quick Heal, Kasper Sky, etc.
Credit Card & Debit Card Hacking:Nowadays Internet banking and credit cards are very common methods of funds transfer and
online shopping. And the most interesting thing is that it is done over SSL. So people always
have a misconception that their accounts cannot be hacked as their transactions are secured by
extra security Layer i.e. SSL but its quite easy to break the SSL. So its always better to secure
your computer and internet connection rather than depending on payment sites.
The fatal flaw that enabled the sensitive information to be stolen is possible when an end-user is
not properly educated on an easy to do and well-known SSL exploit – SSL MITM. The hackers
take benefit of that to get access your sensitive data. Hacker runs a series of utilities to redirect
other user‘s data through his machine. He runs a number of other utilities to sniff the data, act as
an SSL Certificate Server and to be the Man-the-Middle. He send us a fake SSL certificate, thus
we actually connect to his machine instead of bank‘s system. In this case, our credentials are
being transmitted between our browser and the hacker‘s machine. The hacker is able to grab that
traffic, and, because he gave us the certificate to encrypt the data/credentials, he can use that
same certificate to decrypt our data/credentials.
Phising is also used to steal credentials.
Countermeasures:Educate the end-user on the Security Alert and how to react to it.
Utilize One Time Passwords, such as RSA Tokens, to prevent the reuse of sniffed credentials.
When using SSL VPN, utilize mature products with advanced features, such as Juniper‘s Secure
Application Manager or Network Connect functionality.
Trojans, Spywares and Viruses
A Trojan or a Trojan Horse is a is a malicious application that acts like a legitimate file or
helpful program but whose real purpose is, for example, to grant a hacker unauthorized access to
a computer. Trojans do not attempt to inject themselves into other files like a computer virus.
Trojan horses may steal information, or harm their host computer systems.
Trojans are mostly embedded with legitimate software or downloaded from websites by some
Ads etc., It is a very dangerous form of Malware which can perform advanced operations like the
1. Use of the machine as part of a botnet (e.g. to perform automated spamming or to
distribute Denial-of-service attacks)
2. Electronic money theft
3. Data theft (e.g. retrieving passwords or credit card information)
4. Installation of software, including third-party malware
5. Downloading or uploading of files on the user's computer
6. Modification or deletion of files
7. Keystroke logging
8. Watching the user's screen
9. Crashing the computer
10. Anonymizing internet viewing
A computer virus is a type of malware that, when executed, replicates by inserting copies of
itself (possibly modified) into other computer programs, data files, or the boot sector of the hard
drive; when this replication succeeds, the affected areas are then said to be "infected".
Your computer may be infected if you recognize any of these malware symptoms:
Slow computer performance
Erratic computer behavior
Unexplained data loss
Frequent computer crashes
Spyware is software that aids in gathering information about a person or organization without
their knowledge and that may send such information to another entity without the consumer's
consent, or that asserts control over a computer without the consumer's knowledge. Spyware can
collect almost any type of data, including personal information like Internet surfing habits, user
logins, and bank or credit account information. Spyware can also interfere with user control of a
computer by installing additional software or redirecting Web browsers. Some spyware can
change computer settings, which can result in slow Internet connection speeds, un-authorized
changes in browser settings, or changes to software settings.
A computer worm is a standalone malware computer program that replicates itself in order to
spread to other computers. Often, it uses a computer network to spread itself, relying on security
failures on the target computer to access it. Unlike a computer virus, it does not need to attach
itself to an existing program. Worms almost always cause at least some harm to the network,
even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on
a targeted computer.
Security Against Malwares
1. Install a good antivirus. Free or Paid is good, but don‘t used cracked or pirated versions.
2. Install real-time anti-spyware protection
3. Update your Anti-virus programs daily.
4. Perform scans on your computer daily.
5. Disable autorun to prevent infection from pendrives.
Wireless/Wi-Fi is a technology which allows devices to connect with each other to exchange
data in a computer network or for connecting to high speed internet. It is also called WLAN. WiFi devices can connect to each other or to an access point to connect with each other and to the
internet. Wi-Fi devices works are based on IEEE 802.11 standards.
There are three types of Wi-Fi securities available1- Open Wi-Fi.
WEP Cracking- Wired Equivalent Privacy (WEP) is a security algorithm for IEEE 802.11
wireless networks. WEP, recognizable by the key of 10 or 26 hexadecimal digits, was at one
time widely in use and was often the first security choice presented to users by router
configuration tools. WEP can be easily hacked using sniffing. Packet sniffing allows individuals
to capture data as it is transmitted over a network. Packet sniffer programs are commonly used
by network professionals to help diagnose network issues and are also used by malicious users to
capture unencrypted data like passwords and usernames in network traffic. Once this information
is captured, the user can then gain access to the system or network. Tools like Aircrack-ng and
Backtrack OS are capable of hacking any WEP encrypted network easily.
WPA/WPA2- It is an advancement to WEP . WPA2 also improves the security of Wi-Fi
connections by requiring use of stronger wireless encryption than what WPA requires.
Specifically, WPA2 does not allow use of an algorithm called TKIP (Temporal Key Integrity
Protocol) that has known security holes (limitations) in the original WPA implementation.
Several different forms of WPA2 security keys exist. WPA2 Pre-Shared Key (PSK) utilizes keys
that are 64 hexadecimal digits long and is the method most commonly used on home networks.
Change Default Administrator Passwords (and Usernames).
Turn on (Compatible) WPA / WEP Encryption.
Change the Default SSID.
Enable MAC Address Filtering.
Disable SSID Broadcast.
Assign Static IP Addresses to Devices.
Enable Firewalls On Each Computer and the Router
Turn Off the Network During Extended Periods of Non-Use.
Some Common methods used in attacks
Phishing is the act of attempting to acquire information such as usernames, passwords, and
credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy
entity in an electronic communication. Communications purporting to be from popular social
web sites, auction sites, banks, online payment processors or IT administrators are commonly
used to lure unsuspecting public.
1. Attacker convinces the victim to click on the link of fake login page which resembles a
genuine login page.
2. Victim enters his credentials in fake login page that goes to attacker.
3. Victim is then redirected to an error page or genuine website depending on attacker.
Countermeasures: Do not reply to emails that request financial information, even if it appears to
be from a trusted source.
Do not reply to emails from unrecognized senders.
Secure websites are indicated by a lock on the browser's status bar or the prefix
"Https://" instead of Http://. "
Information from an email is temporarily stored on a computer's local disk and
can be retrieved by another user if it is not properly deleted.
If your browser has a pop-up blocker, enable it.
Do not copy any website addresses from a pop-up window into your browser.
Nowadays, passwords are the only form of security on most websites and computer systems. It
has become one of the most common and easiest ways for a hacker to gain unauthorized access
to your computer or network.
Social Engineering – Social engineering is when a hacker takes advantage of trusting human
beings to get information from them.
Dictionary Attack- A dictionary attack is when a text file full of commonly used passwords, or
a list of every word from the dictionary is used against a password database. Strong passwords
usually aren‘t vulnerable to this kind of attack.
Brute-force attack- Brute-force attacks can crack any passwords. Brute-force attacks try every
possible combination of letters, numbers, and special characters until the right password is found.
Brute-force attacks can take a long time. The speed is determined by the speed of the computer
running the cracking program and the complexity of the password.
Rainbow Tables- A Rainbow table is a huge pre-computed list of hash values for every possible
combination of characters. A password hash is a password that has gone through a mathematical
algorithm that transformed it into something absolutely foreign. A hash is a one way encryption
so once a password is hashed there is no way to get the original string from the hashed string. A
very common hashing algorithm used as security to store passwords in website databases is
MD5.Well when we login and submit our username and password, a script takes our password
and runs it through the md5 algorithm. The outcome hash is compared to the hash stored in the
database. If they are the same, we are admitted.
If I were to run the word ―cheese‖ through the md5 algorithm, the outcome would be
Countermeasures: Use strong passwords upto atleast 10 characters with combinations of uppercase,
lowercase, numbers and symbols. E.g. – P@5$w0rD_)(*
Never ever use name, pet name, any relative‘s name, phone number, car number in
password which could be easily guessed.
Never use any password in more than one account or IDs.
Never click on any unknown link sent by any person, it could be phishing or cookiegrabbing.
Never share password with any person.
Security on Internet.
Hacking is another side of Cyber. Some people are very notorious and net savvy. They love to
keep, update themselves and bring innovative ideas. Hacker is one of them, spending almost all
time on internet and doing illegal activities and spreading it all over the world. Thus infecting the
internet and making people to do like those ultimately increasing cybercrimes.
Staying Safe on Internet
Internet is the playground of Hackers and Malicious programs, To be safe on the internet we
have to follow some basic rules.
1. Always Use Genuine Antivirus/Internet Security Software Regularly Updated with
2. Keep your Firewall ON and Updated.
3. The Browser should be kept free from toolbars which get automatically installed on your
4. Never Save Your Passwords on your Browsers and Instant Messengers like Yahoo,
Google, and Skype etc.
5. Keep your Browser Temporary Cache, Cookies Clear on Regular Basis.
6. While Browsing Don't Install Shortcuts and Toolbars from Pop Ups and Ads.
7. Don't Download Pirated Stuff from Untrusted Sites. (e.g. Music, Videos, Free Software)
8. Always Install Software's Available at the Parent Sites.
9. Don't Click on Suspicious Links/Hyperlinks Which Are Luring and Tempting.
Career in Cyber security
According to naukri.com there are 5800 vacancies in field of cyber security and
network security. Cybersecurity is one of the hottest fields in technology today
and the trend will continue for the foreseeable future. As noted in a ―Best Jobs‖
article on the CNN Money website, cyber security is among the top ten fastest
growing careers in America, with a 27% growth rate. All industries, from retail
sales to hospitals to power plants, are dependent on information technology
(IT), and cybersecurity is critical to ensuring IT assets are protected.
The Certified Ethical Hacker is a professional certification provided by the
International Council of E-Commerce Consultants (EC-Council.)
An ethical hacker is usually employed by an organization who trusts him or her
to attempt to penetrate networks and/or computer systems, using the same
methods as a hacker, for the purpose of finding and fixing computer security
vulnerabilities. Unauthorized hacking (i.e., gaining access to computer systems
without prior authorization from the owner) is a crime in most countries, but
penetration testing done by request of the owner of the victim system(s) or
network(s) is not.
A Certified Ethical Hacker has obtained a certification in how to look for the
weaknesses and vulnerabilities in target systems and uses the same knowledge
and tools as a hacker.
Companies like Google, Yahoo, IBM, etc. always look for people who can find
vulnerability and bugs in their systems and pay a lot of money.
Government organizations like CBI, NIA, Indian Army and other defense
services hire many cyber security analysts every year and an ethical hacker can
always build his own career as a white hat.
By:Neeraj Negi (email@example.com)