3. History
-The first recorded cyber crime took place in the year
1820.
-The first spam email took place in 1978 when it was
sent over the Arpanet
-The first VIRUS was installed on an Apple computer in
1982
4. History
• In 1983, Kevin Mitnick did an intrusion on a Pentagon’s computer
• Robert Tappan Morris created the first worm and sent it from MIT
to the web and caused $50,000 of damages
• In 1994, Vladimir Levin intruded in an American bank computer and
stole 10 millions dollars
• Jonathan James “c0mrade”, 16 years old, infiltrated a NASA
computer in 1999 and had access to data worth 1,7 millions dollars
• Today (CSI Report, 2007):
– 46% of companies have admitted to suffering financial losses due to
security incidences. The reported loss amounted to a total of
approximately $66,930,000.
– 39% of companies have been unable (or unwilling) to estimate the
cost of their losses.
• Financial Losses, Personal losses, Privacy losses, Data
Losses, Computer Malfunction and more…..
6. Hacking
Hacking, in simple terms, means illegal intrusion
into a computer system without permission of the computer
owner / user.
DENIAL OF SERVICE ATTACK
This is an act by the criminal who floods the bandwidth of the
victim’s network or fills his e-mail box with spam mail
depriving him of the services he is entitled to access or
provide
7. VIRUS DISSEMINATION
Virus is a malicious software that attaches itself to other software
and causes break down of the operating systemin extreme cases. The
kinds of viruses are –
worms,
Trojan Horse,
Time bomb virus,
Logic Bomb,
True Love
Spyware
Malware
Hoaxes
8. SOFTWARE PIRACY
• Theft of software through illegal copying of
original programs and distribution of the
products intended to pass for the original.
• Retail revenue losses worldwide are ever
increasing due to this crime.
• This can be done in various ways -
End user copying,
Hard disk loading,
Illegal downloads from the internet etc.
9. PORNOGRAPHY
Pornography is the first consistently successful e-commerce
product.
Deceptive marketing tactics and mouse trapping technologies
used in Pornographic sites encourage PORNOGRAPHY
customers to access these sites.
Anybody, irrespective of age, can fall prey to the pornographic
sites at a click of mouse.
Publishing, transmitting any material in electronic form
which is lascivious or appeals to the prurient interest is an
offence under the provisions of section 67 of I.T. Act -2000.
10. IRC CRIME
Internet Relay Chat (IRC) servers have chat rooms in
which people from any corner of the world can come together
and chat with each other.
Criminals use it for meeting co-conspirators.
Hackers use it for discussing their exploits / sharing the
Techniques
Pedophiles use chat rooms to allure small children
Cyber Stalking - In order to harass a female, her
telephone number is shared pseudonymously with others
as if she craves to befriend males.
11. CREDIT CARD FRAUD
You simply have to type credit card
number into www page of the
vendor for online transaction.
If electronic transactions are not
secured, the credit card umbers can
be stolen by the hackers who can
misuse this card by impersonating
the credit card owner.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21. NET EXTORTION
Copying the company’s confidential data in order to extort huge amounts
of money from the said company.
PHISHING
It is the technique of pulling out confidential information of the account
holders from their banks /financial institutions by deceptive means.
22.
23. Phishing E-mail
From : ICICI Bank
[mailto:support@icici.com]
Sent : 08 June 2004 03:25
To : India
Subject : Official information from ICICIBank
Dear valued ICICI Bank Customer !
For security purposes your account has been randomly chosen for verification. To
verify your account information we are asking you to provide us with all the data we are
requesting.Otherwise we will not be able to verify your identity and access to your
account will be denied. Please click on the link below to get to the ICICI secure page and
verify your account details.
Thank you.
https://infinity.icicibank.co.in/Verify.jsp
ICICI Bank Limited
24.
25. Spoofing
A technique used to gain unauthorized access to computers,
whereby the intruder sends hoax messages to a computer
with such an IP address which indicates that the message is
coming from trusted host.
26. CYBER DEFAMATION
• Sending defamatory messages through e-mail
to the victim or his relatives, friends, etc. or
posting of the defamatory material on a
website.
---(Disgruntled employee may do this against
boss, exboyfriends against a girl and divorced
husband against his wife, to name a few.)
27. SALAMI ATTACK
A “salami attack” is a form of cyber crime usually used for the
purpose of committing financial crimes in which criminals steal money
or resources a bit at a time from financial accounts on a system. A
single transaction of this kind would usually go completely unnoticed.
In such a crime, the perpetrator introduces minor changes to the
program or a software which are so insignificant that they go almost
unnoticed and derive huge benefit out of the
same.
e.g. Criminal makes such program that deducts small amount like Rs.
2.50 per month from the account of all the customer of the Bank and
deposit the same in his account.
In this case no account holder will approach the bank for such small
amount but criminal gains huge amount.
28. • American Lottery
• UK Lottery
• Yahoo Lottery
• Microsoft Lottery • Hotel Industry
• RBI Lottery • Hospital • RBI
• Google Lottery • MNC Companies • ICICI Bank
• Canada Mobile draw • International Job offer • HDFC Bank
• Coca Cola Lucky draw • Shipping Industry • Axis Bank
• BMW Lottery • Reputed Universities • State Bank of India
• Vodafone Lucky draw • Canada Mobile draw • Royal Bank of Scottland
29.
30.
31.
32.
33. Cyber security
-Involvesprotection of sensitive personal &
business information through prevention,
detection and response to different online
attacks
-Protects from attacks by detecting and
preventing
34.
35. Loss of Personal Information
• Human error, 32%
• Software corruption, 25%
• Virus attack (malware), 22%
• Hardware failure, 13%
• Natural disasters, 2%
36. Finding an IP Address via Instant Messengers
Case: If you are chatting on messengers like MSN, YAHOO etc. then the
following indirect connection exists between your system and your friend’s
system:
Thus in this case, you first have to establish a direct connection with your
friend’s computer by either sending him a file or by using the call feature.
Then, goto MSDOS or the command line and type:
C:>netstat -n
This command will give you the IP Address of your friend’s computer.
37. Finding an IP Address via Instant Messengers
Countermeasures
Do not accept File transfers or calls from unknown people
Chat online only after logging on through a Proxy Server.
A Proxy Server acts as a buffer between you and the un-trusted network known as
the Internet, hence protecting your identity.
Some good Proxy Servers are:
Wingate (For Windows Platform)
Squid (For Unix Platforms)
38. Finding an IP Address via your website
One can easily log the IP Addresses of all visitors to their website by using
simply JAVA applets or JavaScript code.
Countermeasures
One should surf the Internet through a Proxy Server.
One can also make use of the numerous Free Anonymous Surfing Proxy
Services.
For Example, www.anonymizer.com
39. DOS Attacks: Ping of Death Attack
The maximum packet size allowed to be transmitted by TCPIP
on a network is 65 536 bytes.
In the Ping of Death Attack, a packet having a size greater than
this maximum size allowed by TCPIP, is sent to the target system.
As soon as the target system receives a packet exceeding the
allowable size, then it crashes, reboots or hangs.
This attack can easily be executed by the ‘ping’ command as
follows:
ping -l 65540 hostname
40. Threats from Sniffers and Key Loggers
Sniffers: capture all data packets being sent across the
network in the raw form.
Commonly Used for:
Traffic Monitoring
Network Trouble shooting
Gathering Information on Attacker.
For stealing company Secrets and sensitive data.
Commonly Available Sniffers
tcpdump
Ethereal
Dsniff
41. Threats From Key Logger
Key loggers: Record all keystrokes made on that system and store
them in a log file, which can later automatically be emailed to the
attacker.
Countermeasures
Periodic Detection practices should be made mandatory.
A Typical Key Logger automatically loads itself into the memory,
each time the computer boots.
Thus, the start up script of the Key Logger should be removed.
E.g. 1.SpyAgent
2.WebWatcher
3.PC Pandora
42. Default Settings
Default Settings
• Many access points arrive with no security
mechanism in place
• Changing the default settings before
deployment should be a matter of
organizational practice
43. • An Employee/user may unknowingly infect
the network by using an infected device.
Malicious downloads, infected files, corrupted
images and other threats can easily spread via
portable devices.
44. Attack Via Social network
Social network users can expect more threats to travel virally,
infecting everyone on a user's friends list.
viruses are likely be designed to steal or delete users' personal
information, which can be sold in numerous black markets and
used to acquire credit card and bank information
45.
46. Attacker uses multiple transparent or opaque layers to trick users into revealing
confidential information, or taking control of a user's computer when they were
intending to click on the top level page. Thus, the attacker is "hijacking" clicks
meant for their page and routing them to other another page, most likely . Expect
to see an increase of this malicious behavior over the next few years.
Using a similar technique, keystrokes can also be hijacked. With a carefully
Crafted combination of stylesheets, iframes, and text boxes, a user can be led
to believe they are typing in the password to their email or bank account, but
are instead typing into an invisible frame controlled by the attacker.
Clickjacking attack allows to perform an action on victim website, Mostly
Facebook and Twitter accounts are targetable.
47. Clickjacking is a term first introduced by Jeremiah Grossman and
Robert Hansen in 2008 to describe a technique whereby an attacker
tricks a user into performing certain actions on a website by hiding
clickable elements inside an invisible iframe.
Using a similar technique, keystrokes can also be hijacked. With a
carefully crafted combination of stylesheets, iframes, and text boxes, a
user can be led to believe theyare typing in the password to their
email or bank account, but are instead typing into an invisible frame
controlled by the attacker
48. One of the more persistent threats of 2010 was fake anti-virus, also
commonly known as “scareware” or “rogueware.
The user receives a warning that their system is infected with some
nasty malware and forced to pay for a “full” version of the software to
remove the threat
In most cases there’s no real danger, and in many cases they’re actually
installing additional malware on the system and taking your credit
card information. With this kind of data handed over so freely, cyber
crooks can drain your bank account or completely take over your
identity.
49. • The search engine is our gateway to the Web, and cyber crooks are
skilled at manipulating search results from the engines such as
Google, Bing and Yahoo!
• Best partner for SQL injection is . We can find the
Vulnerable websites(hackable websites) using Google Dork list.
google dork is searching for vulnerable websites using the google
searching tricks. There is lot of tricks to search in google. But we are
going to use "inurl:" command for finding the vulnerable websites.
• Find live webcams by searching for: inurl:view/view.shtml
How hackers attack webcams
Most hackers utilize so-called Trojan horse attacks, says Stiennon. When we
click on an attachment or download a piece of music or video infected with
malware, and a hacker is able to remotely control your PC’s functions.
--Do look for the indicator light.
50. -Install a firewall , pop-up blocker
-Ensure your virus definitions are up to date
-Use strong passwords , don’t give personal information unless
required(not even phone number)
-Use secure connections
-Disable file sharing , turn off internet when not in use
-Use spam filters , delete spam immediately
-Use various passwords for various accounts
-Don’t believe in everything you read online
-Open attachments carefully
-Beware of promises to make fast profits
-Be smart , don’t act foolish and help in spreading spam