An overview of differentCyber Attacks

Cyber Crime

Learning Goal’s

• Demystifying Cyber Crime.

• Common Scenarios in Cyber Crime.

• Cyber Crime in India.

• Cyber Attacks.

• Cyber Laws in India.

• Securing Yourself – Do’s and Don’ts

• DCS – Doubt Clearing Session.

• Salutations.

DEMYSTIFYING CYBER CRIME

Cyber Crime

• “Crimes are not to be measured by the issue of events, but by the bad intensions of men.”

• “The greatest crimes donot arise from a want offeeling for others but froman over sensibility forourselves and anover indulgence in our owndesires.”

What is Cyber Crime ?

• Cyber Crime is a term used to broadly describe criminal activity inwhich computers or computer networks are a tool, a target, or aplace of criminal activity and include everything from electroniccracking to denial of service attacks. It is also used to includetraditional crimes in which computers or networks are used to

enable the illicit activity.

• Computer crime mainly consists of unauthorized access to computersystems data alteration, data destruction, theft of intellectualproperty.

• Cyber crime in the context of national security may involve hacking,traditional espionage, or information warfare and related activities.

Unauthorized access: This occurs when a user/hacker

deliberately gets access into someone else’s network either

to monitor or data destruction purposes

Denial of service attack: It involves sending of

disproportionate demands or data to the victims server

beyond the limit that the server is capable to handle and

hence causes the server to crash

Virus, Worms and Trojan attacks: Viruses are basically

programs that are attached to a file which then gets

circulated to other files and gradually to other computers in

the network.

Worms unlike Viruses do not need a host for attachments

they make copies of themselves and do this repeatedly

hence eating up all the memory of the computer.

Trojans are unauthorized programs which functions from

inside what seems to be an authorized program, thereby

concealing what it is actually doing.

Common scenarios in Cyber Crime

Cyber Crimes in India

The major Cyber Crimes reported, in India,

are Denial of Services, Defacement of Websites, Spam, Computer

Virus and Worms, Pornography, Cyber Squatting, Cyber

Stalking and Phishing.

India stands 11th in the ranking for Cyber Crime in the World,constituting 3% of the Global Cyber Crime.

Cyber Crime in India : Statistics

Why India ?

A rapidly growing online user base

121 Million Internet Users

65 Million Active Internet Users, up by 28% from 51 million in 2010

50 Million users shop online on Ecommerce and Online Shopping Sites

46+ Million Social Network Users

346 million mobile users had subscribed to Data Packages.

Source: IAMAI; Juxt; wearesocial 2011

The majority of cybercrimes are centered on forgery, fraud and Phishing,

India is the third-most targeted country for Phishing attacks after the US and the UK,

Social networks as well as ecommerce sites are major targets, 6.9 million bot-infected systems in 2010, 14,348 website defacements in 2010, 6,850 .in and 4,150 .com domains were defaced during 2011, 15,000 sites hacked in 2011, India is the number 1 country in the world for generating spam.

Cyber Crime In India

Wednesday, 25 February 2015

Cyber Crime in India

A total number of 90, 119, 252 and 219 Government websites tracked by the Indian Computer Emergency Response Team (CERT-In) were hacked / defaced by various hacker groups in the year 2008, 2009, 2010 and Jan–Oct 2011 respectively

CYBER ATTACKS

Think before you Click

Nigerian 419 Fraud Scheme

• It is a type of Confidence trick or using SE (Social Engineering)

• The term “419 “ comes from the Section of the Nigerian Penal Code.

• Persuade someone to give out a sum of money using scam or false promises.

• Methods :-

– False Company Job Scam.

– Online Buy/Sell Goods

– Online Dating Services.

Packet Sniffing

• Packet Sniffing is a method of tapping each packet as it flows across the networks.

• User sniffs data belonging to other users in the network.

• Packet Sniffers can be used as a hacking tool.

• Network Sniffers can capture passwords and other sensitive information through the network.

• Tools of Packet Sniffing : Wireshark, tcpdump, Ettercap etc.

Phishing & Spoofing Attacks

• ‘Spoof’ word came into existence from a game invented by Arthur Roberts in 19th century.

• Spoofing means personating as some other authorized vendor to trick

users into believing a system

as legitimate.

• Types –

– Email Spoofing

– IP-Spoofing

– DNS-Spoofing

..contd.

• Spoofing attacks used to trick people into revealing confidential data is Phishing.

• “Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.” --- Wikipedia

..contd.

• IP spoofing can be accomplished using proxy servers and simple PHP scripts that are readily and freely available.

• Email spoofing is where spammers try to trick spam filters by making spam look like it comes from a legitimate address. They do this by manipulating the email header to display your email in the “from” address, hence why you get bounces back and others believe the junk mail is coming from you.

DNS Spoofing

• DNS spoofing (or DNS cache poisoning) is a computer hacking attack, whereby data is introduced into a Domain Name System (DNS) resolver's cache, causing the name server to return an incorrect IP address, diverting traffic to the attacker's computer (or any other computer).

Piggy Backing

• Access Wireless connection authorized to another individual without rightful permission.

• It is used as a means to hide illegal activities like identity theft, pornography etc.

• Piggybacking != Wardriving

• Wardrivers collect info about unsecured wi-fi access while driving in a vehicle. It involves logging and mapping of access points.

Software Piracy

• Software Piracy is the illegal distribution, unauthorized reproduction of software for business or personal use.

• Its Illegal and Punishable by law.

• Huge impact on global economy.

• In 2007, IT Industry suffered a loss of $39.6 Billion

Anti- copyright infringement organizations

1. Business Software Alliance (BSA)

2. Canadian Alliance Against Software Theft (CAAST)

3. Federation Against Software Theft (FAST) and more …

Pod Slurping

• An act of using a portable data storage device to facilitate data theft.

• Increasing Security risk.

• Stores malicious code or program that steal credentials or other personalized data.

Source Code Poisoning

• Embed Malicious Code in chunks in a Software’s code.

• Software’s can be trojanized.

• Can be done by developers or testers or contributors.

• Prevention is achievable with proper design of Compilers.

CYBER LAWS IN INDIA

Cyber Laws in India

• The Information Technology Act, 2000

• The Information Technology Amendment Act, 2008

Section 66E - Punishment for violation of privacy.

“Whoever, intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her consent, under circumstances violating the privacy of that person, shall be punished with imprisonment which may extend to three years or with fine not exceeding two lakh rupees, or with both”

SECURING YOURSELF DO’S & DON’TS

DO’s

• Install and use a firewall, pop-up blockers and spyware detectors.

• Use an up-to-date Anti Virus.

• Create backups of important files and folders

• Use Strong Passwords.

• Encrypt the Network traffic. (Use a Paid VPN)

• Change Passwords after some interval.

• Do not store passwords or bank logins in your OS.

• Clear Spams regularly.

Etc. etc.

Don’ts

• Give unnecessary details about your being and current living status.

• Hand over your credit card to any person.

• Auto Connect to Open Wi-fi

• Save Passwords in web browsers.

• Open Emails if not sure about it.

• Open email Attachments with unsatisfactory details.

QUESTIONS ? DOUBTS ?

THANK YOU