The document discusses different types of spoofing attacks including IP spoofing, email spoofing, and web spoofing. It provides examples of how these spoofing techniques work, such as modifying web pages and form submissions in web spoofing attacks. The document also discusses the legal implications of spoofing under Indian law and provides a case study of the first US federal criminal prosecution of spoofing in futures market trading. Overall, the document aims to educate about different spoofing attacks, how they are carried out, examples of real cases, and legal consequences.

1. Submitted to:
Mr. Mahesh Joshi
Submitted by:
Rajat Gupta
11EGJIT041

2.  Spoofing is a security attack that allows an adversary
to observe and modify all web pages sent to the
victim's machine, and observe all information entered
into forms by the victim.
 The attacker can observe and modify all web pages
and form submissions, even when the browser's
"secure connection" indicator is lit. The user sees no
indication that anything is wrong.
 After your browser has been fooled, the spoofed web
server can send you fake web pages or prompt you
to provide personal information such as login Id,
password, or even credit card or bank account
numbers.

3.  IP Spoof
 E-mail Spoof
 Web Spoofing
 Non Technical Spoof

4.  The creation of IP packets with a forged source. The purpose of it is to
conceal the identity of the sender or impersonating another computing
system.
 Some upper layer protocols provide their own defense against IP
spoofing.
 For example, TCP uses sequence numbers negotiate with the remote
machine to ensure that the arriving packets are part of an established
connection. Since the attacker normally cant see any reply packets,
he has to guess the sequence number in order to hijack the
connection.

6.  IP spoofing is almost always used in what is currently one of
the most difficult attacks to defend against – denial of service
attacks, or DoS. Since hrackers are concerned only with
consuming bandwidth and resources, they need not worry
about properly completing handshakes and transactions.
Rather, they wish to flood the victim with as many packets as
possible in a short amount of time. In order to prolong the
effectiveness of the attack, they spoof source IP addresses
to make tracing and stopping the DoS as difficult as possible.
When multiple compromised hosts are participating in the
attack, all sending spoofed traffic; it is very challenging to
quickly block traffic.

7.  E-mail spoofing is the forgery of an e-mail header so
that the message appears to have originated from
someone or somewhere other than the actual source.

9.  It has happened that the media printed false
stories based on spoofed e-mails.
 In October 2013, an e-mail which looked like
it was from the Swedish company Fingerprint
Cards was sent to a news agency, saying
that Samsung offered to purchase the
company. The news spread and the stock
exchange rate surged by 50%. But the e-
mail was from someone else.

10.  Don’t click links in emails instead always copy and
paste, or even better manually type the URL in.
 When entering personal or sensitive information, verify
the URL is as you expect, and the site’s SSL certificate
matches that URL.
 Look at the IP information of the email header. If an
email originated from inside your network, the sender
should have very similar IP address.

11.  Pretending to be a legitimate site
 Attacker creates convincing but false copy of the
site
 Stealing personal information such as login ID,
password, credit card, bank account, and much
more. aka Phishing attack
 False Web looks and feels like the real one
 Attacker controls the false web by surveillance
 Modifying integrity of the data from the victims

13.  These non-computer based techniques are
commonly referred to as social engineering. This can
be as simple as the attacker calling someone on the
phone saying that he is a certain person.

15.  Web spoofing is increasing at a rapid pace
› According to a study by Gartner Research
› Two million users gave such information to
spoofed web sites.
› About $1.2 billion direct losses to U.S. Bank and
credit card issuers in 2003
› And about $400 million to $1 billion losses from
the victims

16. Under Information Technology (Amendment) Act, 2008,
Section 66-D and Section 417, 419 & 465 of Indian
Penal Code, 1860 also applicable. Spoofing offence is
cognizable, bailable, compoundable with permission of
the court before which the prosecution of such offence
is pending and triable by any magistrate.

17.  WASHINGTON (Reuters) - High-frequency trader
Michael Coscia was charged with manipulating
commodity futures prices in the first U.S. federal
criminal prosecution of the practice of "spoofing," the
Justice Department said on Thursday.
 Coscia and his high-speed trading firm, Panther Energy
Trading, were fined $3.1 million by regulators in the
United States and Britain in July 2013 for market
manipulation and ordered to disgorge $2.7 million in
profits.

18.  It was the first criminal federal prosecution for
'spoofing' - creating the false impression of
market demand by rapidly placing orders and
then canceling them - which is explicitly banned
by the 2010 Dodd-Frank Wall Street reform act.
 "In August 2011, Coscia began a high-frequency
trading strategy in which he entered large-volume
orders that he intended to immediately cancel
before they could (be) filled by other traders," the
Department of Justice said.

19.  "By entering large orders that he ... canceled
before other traders could fill them, Coscia
made a profit by buying 14 contracts at 14288
ticks and selling them at 14289 ticks less than
one second later," the Department said.
 Futures markets, regulated by the Commodity
Futures Trading Commission, are a common
hunting ground for high-speed traders, and the
agency is probing the sector for any breaches.

20.  Follow a three part strategy:
 Disable JavaScript in your browser so the attacker will be
unable to hide the evidence of the attack;
 Make sure your browser’s location line is always visible;
 Pay attention to the URLs displayed on your browser’s
location line, making sure they always point to the server
you think you are connected to.

21.  We should remain updated in this fields.
 Daily there will be new challenges as the
hackers seek out weakness and vulnerabilities
in our systems.

22.  ANY QUERIES???