case study on cyber crime

UNIVERSAL COLLEGE
OF
ENGINEERING &
TECHNOLOGY

• PREPARED BY :
PARAS KANSAGARA
MECHANICAL BRANCH
ENROLLMENT NO:
130460119039
GUIDED BY :
AAKASH BHATT SIR

MAHANAGAR TELECOM NIGAM LIMITED
MTNL MUMBAI WEBSITE HACKED
ON 14TH AUGUST 2013

WHO IS BEHIND THIS?
Hacker group "Anonymous"
STATE-RUN TELECOM MTNL's WEBSITE MUMBAI WAS HACKED BY A
PAKISTANI HACKER OPERATING FROM Palestine Australia.
Mr.Creepy
from Napsters CrEw

TYPE OF ATTACK
• Anonymous took down the MTNL website through a massive
Distributed Denial of Service (DDoS) attack.
• WHAT IS DDOS?
• A Distributed Denial of Service (DDoS) attack is an attempt to make an
online service unavailable by overwhelming it with traffic from
multiple sources.
• After the attack, MTNL's corporate website could not be accessed.

•How DDoS Attacks Work
• According to this report on eSecurityPlanet, in a DDoS attack, the
incoming traffic flooding the victim originates from many different
sources – potentially hundreds of thousands or more. This effectively
makes it impossible to stop the attack simply by blocking a single IP
address; plus, it is very difficult to distinguish legitimate user traffic
from attack traffic when spread across so many points of origin.

•The Difference Between DoS and DDos Attacks
• A Denial of Service (DoS) attack is different from a DDoS attack. The
DoS attack typically uses one computer and one Internet connection
to flood a targeted system or resource. The DDoS attack uses multiple
computers and Internet connections to flood the targeted resource.
DDoS attacks are often global attacks, distributed viabotnets.

HOW TO HACK? & WHAT TO DO?
• The attacker hacked the website with a Remotely Administrated
Trojan (RAT) written in a Perl script. Perl is a high-level scripting
language supporting the UNIX operating system, which is a computer
operating system like Windows and MacOS.
• The script was used to hold an executable code that delivered specific
functional commands of the attackers via a command and control
(CnC) server.

• This particular RAT came with a server and client file, and attached
itself to an empty port in MTNL’s systems, making the server file
‘listen’ to incoming connections and data going through the ports.
When someone ran the client file, it gave out the IP address and the
trojan starting receiving commands from the attacker and running
them on MTNL computers,”.
• when an MTNL employee clicked on the file that may have arrived as,
say, an innocuous email, the trojan downloads itself onto the system
and enters MTNL’s internal command centre, allowing the attacker to
take control of the user database.

• The Napsters Crew also operate a Facebook profile called ‘CreepAt
Localhost’ where they have put up amessage that reads, “Lol, just
rooted MTNL server, feeling excited”. In another Facebook message,
the group said, “I told you, I am back and unstoppable.
• Hacked homepage if in cache of that customer, should be refreshed,
otherwise it will continue to show old page," MTNL spokesperson had
said.

This type of message leave on the page

• The hacked sites also carried a picture of a young
Pakistani posing with an inappropriate hand gesture
and face painted with the colour of Pakistan’s National
flag with Indian soldiers holding the tricolour standing
in the background.

HOW MANY WEBSITES HACKED BY
ANONYMOUS?
• http://delmarefoods.com/ (Still defaced)
• http://iilgroup.com.pk/ (Still defaced)
• http://inceptapharmapk.com/ (Still defaced)
• http://xoniacream.com/ (Still defaced)
• http://skincarepakistan.com/ (restored)

CONCLUSION/RESULT
• AFTER DDOS ATTACK FIRST KEEP SHUT DOWN SITE IMMEDIATELY.
• BUILD LAYER SECURITY AROUND YOUR SITE
• SWITCH TO HTTP
• USE STRONG PASSWORD AND CHANGE REGULARLY

case study on cyber crime

More Related Content

What's hot

Viewers also liked

Similar to case study on cyber crime

Recently uploaded

case study on cyber crime