STUDENT GUIDE

Paradigm Shift In
Cyber Crime
By SRIKANTA SEN
Certified Ethical Hacker

This book explains, how cybercrime has changed over the past 5 years and
what kind of cyber crime we can expect in next 5 years with possible solution

About the Author

Srikanta Sen is an EC-Council certified Ethical hacker, penetration tester,
python code developer, Data analyst professional and an independent cyber
security researcher. His research interest is His research interest is
"use of big data analytics in cyber security".
Srikanta Sen presently teaching in a college affiliated to Maulana Abul
Kalam Azad University of Technology in Westbengal, India. He has more
than decades of experience in teaching computer related subjects at
university level. He is also working in cyber security domain for last 5
years.
Srikanta Sen lives in Kolkata, India with his wife and son. He loves
traveling, reading.

Thanks to Team

Special Thanks To

Mr. Sandeep Sengupta

Mr. Abir Atarthy
For Their Constant Inspiration

Copyright Notice
THE TOPICS DISCUSSED IN THIS BOOK SHOULD NOT BE COPIED
OR REPRODUCED UNLESS SPECIFIC PERMISSIONS HAVE BEEN
GIVEN TO YOU BY THE AUTHOR SRIKANTA SEN.
ANY UNAUTHORIZED USE; DISTRIBUTION OF FULL OR ANY
PART OF THIS BOOK IS STRICTLY DISCOURAGED.
Liability Disclaimer
THE TERM HACKING SHOULD BE READ AND UNDERSTOOD
AS ETHICAL HACKING.
ETHICAL HACKING AND PENETRATION TESTING ARE
INTERCHANGEABLY USED IN THIS BOOK.
AUTHOR IS NOT AGAINST OR IN FAVOR OF ANY
ORGANIZATION OR COUNTRY.
NO SUGGESTION OR CRITISISM TO ANY COUNTRY OR
ORGANIZATIONS BUSINESS POLICY BY THE AUTHOR.
THE INFORMATION PROVIDED IN THIS EBOOK IS FOR
EDUCATIONAL PURPOSES ONLY.
THE EBOOK CREATOR IS NOT RESPONSIBLE FOR ANY MISUSE
OF THE INFORMATION PROVIDED.
THE INTENTION OF THIS EBOOK IS TO AWARE WHAT CYBER
CRIME IS AND HOW IT IS CHANGING.
WHENEVER REQUIRED THE AOUTHOR GAVE REFERENCE
ABOUT THE SOURCE INFORMATION OF PICTURE AND
CONTENT.

Any words can be mailed to [srikantasen@gmail.com]

Date: 01-jan-2016

Contents at a Glance
-----------------------------------------------------------------------------------------Introduction ............................................................................................1-4
APT is the new TAP................................................................................5-8
The Advent Of AVT................................................................................9-10
Bye Bye Office Device..........................................................................11-13
Criminals Are In Cloud Nine.................................................................14-17
Hack-Economy.......................................................................................18-21
Crosswords Puzzles..............................................................................22-24
Cyber stalking Cyber Bullying...............................................................25-28
Silicon Valley Vs Film Studios..............................................................29-32
Mobile apps and webpage giving high five with HTML5....................33-34
Internet of Threats..................................................................................38-39
Needle-In-Haystack................................................................................40-41
Bug bunny..............................................................................................42-44
Online Teller Machine...........................................................................45-46
Open Source is a Open Game................................................................47-50
Run some Awareness.............................................................................51-54
Cybersquatting.......................................................................................55-56
Inside Out...............................................................................................57-58
Social murder using Internet Archive....................................................59-61
Spear-phishing A New Weapon in Cyber Terrorism...........................62-65
Speed bolt...............................................................................................66-68
PAIN with VPN......................................................................................69-71
My phone is un-smart phone..................................................................72-75

Introduction
Two incidents in 2014 inspired me to write this book.
Sony Pictures Entertainment hack:
This was a release of confidential data belonging to Sony Pictures
Entertainment on November 24,2014.The data included personal
information about Sony Pictures employees and their families, e-mails
between employees, information about executive salaries at the company,
copies of (previously) unreleased Sony films, and other information. The
hackers called themselves the "Guardians of Peace" or "GOP" and
demanded the cancellation of the planned release of the film "The
Interview", a comedy about a plot to assassinate North Korean leader Kim
Jong-un. United States intelligence officials, evaluating the software,
techniques, and network sources used in the hack, allege that the attack was
sponsored by North Korea.
Sony Corp's movie studio could face tens of millions of dollars in costs
from the massive computer hack that hobbled its operations and exposed
sensitive data, according to cyber security experts who have studied past
breaches.
Losses in that range would not mean a big financial setback to Sony
Pictures Entertainment, But other effects, such as the loss of trade secrets,
their future plan, projection and many things, Hackers have released
documents that include contracts and marketing plans that could influence
competitors' strategies. Actually it will be difficult to measure in monetary
terms.
Edward Snowden leak
Edward Snowden, a former contractor for the CIA, left the US in late May
after leaking to the media details of extensive internet and phone
surveillance by American intelligence. Mr Snowden, who has been granted
temporary asylum in Russia, faces espionage charges over his actions.
The 10 biggest Edward Snowden leaks that I collected from internet is as
follows.
1

PRISM : Snowden described Prism as a program for collecting user data,

audio, video, email, photographs, documents, connection logs, etc from
Microsoft, Google, Facebook, Skype and several other major internet
companies for further analysis.NSA officials motto was "collect them all",
NSA officials described Prism as the single biggest source of information
used to prepare intelligence reports.
Bulk phone metadata collection program: A secret court order in favor
of NSA for collecting daily phone metadata records from U.S. phone
companies.
Xkeyscore: The Guardian described Xkeyscore as a program that lets the
NSA collect virtually any information about an individual's Internet activity
anywhere in the world.
Tempora: Tempora is a massive data collection program, which is run by
Britain's Government Communications Headquarters (GCHQ) in
cooperation with the NSA. The NSA had assigned 250 analysts and the
GCHQ had 300 to process the data gathered under Tempora.
Efforts to weaken data encryption: The NSA and GCHQ to
systematically weaken the commercial encryption tools designed to protect
everything from emails to highly sensitive documents. The methods
included building backdoors into technology projects, using sophisticated
supercomputers to crack encryption algorithms and forcing vendors to hand
decryption keys using secret court orders.
Tapping smartphones: In addition to collecting phone metadata and
Internet data, the NSA and the GCHQ are also capable of harvesting data
directly from BlackBerrys, iPhones, Android-powered phones and other
smartphones.
NSA hacked 50,000 computers worldwide: An elite NSA hacking unit
infected at least 50,000 computers worldwide with specialized malware
referred to as "implants". The implants were likened to sleeper cells that
could be activated at any time with a single click.
Role of private companies in NSA data collection: RSA leader in
cryptography, encryption technique, might have enabled a backdoor in one
of its encryption technologies after forced by NSA.
2

NSA spies on world leaders: U.S. secretly monitors the phone

conversations of at least 35 world leaders including German Chancellor
Angela Merkel, Brazilian President Dilma Rousseff and Mexico's former
president Felipe Calderon.
NSA tracks and hacks systems administrators: NSA aspired to build an
international hit list of system administrators who work for foreign
telecommunications and Internet companies as part of its surveillance
effort.
Sony hack is a crime, but what you call about the Edward Snowden leaks!
The cyber crime paradigm is changing gradually and it is the tip of the
iceberg, more will come soon,2014 is a wakeup call for all cyber security
professional, cyber crime is now moving towards organized crime industry,
state sponsored crime, out sourced crime and finally towards a cyber war.
As reported by the 2013 Europol Serious & Organized Threat Assessment,
the Total Global Impact of Cyber Crime in US is$3 Trillion, making it
more profitable than the global trade in marijuana, cocaine and heroin
combined.
The McAfee security firm also estimated in 2013 that cybercrime and cyber
espionage are costing the US economy $100 billion per year and the global
impact is nearly $300 billion annually. Considering that the World Bank
estimated that global GDP was about $70,000 billion in 2011, the overall
impact of cybercrime is 0.04 percent of global income and that is an
amazing figure!
According to a news published in [www.zdnet.com] by "Ellyne Phneah"
July 23, 2013 the side effect of cyber crime activity is the loss of 500,000
jobs in the U.S. due to various factors such as reputation damage, consumer
losses and service disruption costs.
Thats mainly caused by theft of intellectual property, which wiped out the
technological gap of U.S. Companies against Asian competitors.
According to one more news published in the news paper "THE HINDU"
dated 29 jan,2014 "Pakistani hackers defaced more than 2,000 Indian
websites on Republic Day in what is being termed as a major cyber attack."
3

When we search ranking of India, in education, health, football we find

ourselves in the back bench, but do you know India is ranked fifth in the
worldwide ranking of countries affected by cyber crime, according to a
report submitted by the Security and Defense Agenda (SDA) sponsored by
and famous cyber security firm McAfee.
In India, we went straight from no telephones to the latest in mobile
technology, with 3rd largest smart phone market in the world, the number
of mobile Internet users in India is projected to double and cross the 300
million mark by 2017 from 159 million users at present[report by Internet
and Mobile Association of India (IAMAI) and consultancy firm
KPMG].Speed is also increasing, there were approximately 82 million 3G
subscribers in India by the end of 2014 and the number is projected to reach
284 million by end of year 2017.
Unfortunate thing is that majority of these users don't even know the basic
facts about cyber security. Every day we find incidents of ATM fraud
cases. Everywhere pirated os/ software are used. News floated that some
governments officials were using gmail.com,yahoo.com to communicate
for official purpose. There is a demand of around 5,00,000 of cyber security
professional, but at present only 50,000 are working. Cyber security is still
not a compulsory paper in technical colleges and university.
This book is like a story book on hacking, describing future of hacking and
consequences and solution of that.

APT Is The New TAP

Story 1: Security firm "Mandiant" released an interesting report (in 2013)
that reveals an enterprise-scale computer espionage campaign dubbed as
APT1.The alleged Chinese Cyber-Espionage with its Advanced Persistent
Threats caused the stealing of hundreds of terabytes of data from at least
141organizations across a diverse set of industries beginning as early as
2006.
Story 2: According to a news published in (http://indiatoday.intoday.in)
"Heartbleed" computer virus stayed undetected for 2 years. Hackers could
crack email systems, security firewalls and possibly mobile phones through
the "Heartbleed" computer bug.
Story 3: SONY Pictures Entertainment incident (2014) can be described as
the perfect Advanced Persistent Threat (APT) attack . The SONY attack
targeted personal identifying information stored on the network.
What is APT
APTs is Advance Persistent Threat, where attacker launch cyber-attacks
against an organization and its digital assets. Few years back cyber attack
means, defacing a site, or downloading some confidential data from site, or
phishing, today's cyber criminals use a different tactics, they upload a data
stealing malware to steal data and mail it in a particular email id, Keylogging malware to capture keystrokes in the site and silently monitor every
activity on the site for long time, may be for years. The concept is to steal
sensitive, confidential information, without damaging the network or
organization.APT attacks target organizations with high-value information,
like bank, e-commerce site, national defense etc.
APTs are designed to gain access to a network, acquire data, and secretly
monitor the targeted computer systems. This is something new concept.
The attacker patiently search security loophole or weakness that can be
compromised.
Why APT is dangerous
In APT some unauthorized persons gain access of a network and stays there
undetected for a long period. These peoples are highly skilled
cybercriminals and harvest information over the long time, APTs mainly
5

target messaging and content delivery servers, where an attacker delivers a

malware in an attempt to extract information from the source.
This type of cyber attack are well-coordinated and funded by state, country,
corporate or organized crime syndicates with specific objectives. Security
researchers reporting not only organized crime syndicates but also
government agencies are involved in traditional espionage using advanced
persistent threats.
How APT works
The concept of APT is to gain access to systems without any detection.
a) APT attack can be launched by sending infected emails to a group of
people within an organization for phishing purpose. The mail has a
malicious link, or a downloadable file embedded with a malware.
b) A cyber criminal can enter through a back door in a OS. Like The Admin
framework in Apple OS X (10.9.x and older) contains a hidden backdoor
API to get root privileges. Apple has now released OS X 10.10.3 where the
issue is resolved.
c) Other possible methods are botnet or malware.
d) Kaspersky Labs Global Research and Analysis Team (GReAT) found
cloud technology gives APT hackers another way to attack systems and
hide more effectively.
FUTURE of APT
Computer based APT are moving towards mobile-specific APT malware.
Most of the user are cautious about using latest anti-virus software and
next-gen firewalls, but tend to be less careful when using their smart
phones, mobile devices, or at the time of downloading apps, games from
cloud. Criminals are going attack this weakness.
Internet of Things is on the way, which will connect every possible device
into internet, offices are encouraging "Bring Your Own Device" ,"Bring
Your Own Apps" policy, Social media is booming, all these create a new
security threat.
6

Solution
According to a report by Gartner (http://www.gartner.com/)in
2013,enterprises spent more than $13 billion on firewalls, intrusion
prevention systems (IPSs),endpoint protection platforms and secure Web
gateways. But advanced targeted attacks, advanced malware attack
continue to grow.
APT is a dangerous threat because of its nature.APT malware is designed to
evade detection from firewalls, IDS, IPS, endpoint protection platforms and
secure Web gateways. Hence conventional defense is not going to work.
But awareness can provide needed protection.
Another view on APT is that, APT threats are better encountered through
the use of behavior analysis tools that can not only scan for known threats
but can also identify a series of actions that may create a threat. Heuristic
analysis is important in this case.
According to a report published [www.gartner.com] on "How To Deploy
the Most Effective Advanced Persistent Threat Solutions" Lawrence Orans,
research director at Gartner, provided Five Styles of Advanced Threat
Defense Framework, as follows.
Style one Network Traffic Analysis: The style considers inspecting DNS
flow traffic in analysis; in other words, conducting in-depth network traffic
monitoring and analysis with Net Flow Traffic Analyzer software.
Style two Network Forensics: The style considers using a Network
Forensic Analysis Tool (NFAT) to detect and analyze security incidents
solutions that mount efficient and effective post-incident response
investigations.
Style three Payload Analysis: The style deems this technique can provide
detailed reports about malware behavior from sandbox analysis, either as a
solution on-premises or cloud-based.
Style four Endpoint Behavior Analysis: The style sees Endpoint Security
and Control that provide intelligence and correlation for behavior analysis
to block malware and fend off zero-day attacks, if not as a strategy for ATA
defense.
7

Style five Endpoint Forensics: The style serves as an endpoint security

tool that helps detect hidden malware and other signs of compromise or
irregular activities on endpoints across the enterprise. It can be used to
identify attacker behavior, investigate and respond to cyber-attacks on the
endpoint before critical data loss occurs.
The most effective approach, Gartner says, is to use a combination of
styles. For example, one can use network/payload, payload/endpoint or
network/endpoint.

The Advent Of AVT

APT attack is disk-resident (persistent) that resides in the victims machine.
whereas AVT is a RAM-only (volatile) attack and disappear without any
trace as soon as the PC is turned off. But recently it has been separated
from APT and renamed as Advanced Volatile Threats. It is far more
stealthy that APT because it erases fingerprints before leaving the device.
security vendor "Triumfant" first coined the term AVTs, says that up to
10% of current attacks are AVT, but it is impossible to know how many
AVT attacks have gone unnoticed. "Triumfant" also analyzed and said that
Chinese, Iranians and Russians hackers are behind the AVT attack. This
kind of attack is not new, like APT it also remain unnoticed, but for a
shorter period of time.
AVT can be deployed through a drive-by download or by The Meterpreter,
which is a exploitation tool included as part of the Metasploit Framework.
It allows developers to write their own dll file that can be injected into a
running process on the target computer for corporate espionage and steal
classified information and intellectual property and finally escape the
detection. It is a real-time attacks.
Why AVT is difficult to trace
In AVT no file is saved on disc, in fact it doesnt touch the registry, leaves
no physical traces in the system, this makes AVTs a dangerous threat and
attractive to malware developers and government-sponsored attackers.
State-sponsored attacks require deniability. Attacker source can easily be
tracked if the malware resides and persists on the disk. but if malware is
undetected, the attacker source is also remain undetected. Forensic
investigation on that particular machine returns void to researchers.
Is it really difficult to trace AVT
Many researchers agree that though it leaves no traces but it's presence can
be identified from indirect sources, for example If malware is delivered by
an email attachment, then records remain on the mail server. If its
memory-to-memory transfer by drive-by or waterhole(Watering Hole is a
computer attack strategy identified in 2012 by RSA Security),then there
will be some valuable data in the web server's logs.
9

Solution
As conventional Anti Virus file scanning methods cannot identify AVTs,
RAM-monitoring techniques will be required to detect an AVT attack in
real-time. Indirect sources like mail server, web log can be scanned for
signs of AVT.

10

Bye Bye Office Device

What is BYOD?
BYOD (bring your own device) is defined as the use of employee-owned
mobile devices such as smart phones and tablets to access business
enterprise content or networks.
[Source: wiki]
Why enterprises embrace BYOD
An effective use of BYOD strategy has number of benefits for businesses,
like flexibility to use company resources, increasing employee job
satisfaction, It can also improve productivity and response times, and
encourages employees to be more engaged with their work. BYOD can also
provide cost savings from initial device purchase as employees invest in
their own devices.
Danger in BYOD
The use of personal devices in the workplace continues to rise. In BYOD
not only employee owns the device but also maintains and supports the
device. As a result, company will have less control over the device in
comparison to a device owned by the company.
With unsanctioned consumer apps and devices continue to creep into the
workplace, data breaches can happen quickly. An infected personal phone
or tablet can bypass defenses of corporate firewall, VPN as soon as the
device logs onto the corporate WiFi.
A recent IBM research finds that BYOD devices are leaving enterprises
vulnerable because of installation of unsecure mobile apps and logging
public Wi-Fi networks, hackers are targeting BYOD devices opting to gain
business data access via BYOD.
As BYOD increases data protection risks, so businesses need to think
carefully about BYOD and put in place appropriate policies and processes
to tackle these issues and thereby minimize the risks associated with
BYOD.

11

SOLUTION IN BYOD
Implementing a complete ban on BYOD is not possible, because the
work/life barrier has shifted, IT staff also does not have enough time to
check everyones devices, like os is updated? or patch is installed for any
particular application. But following steps can be taken to control the risk
associated with BYOD.
Mitigate BYOD risks with hybrid cloud computing.
Cloud computing means on demand delivery of IT resources via the
internet with pay-as-you-go pricing. where Public cloud allows users to
access the systems and services easily to general public for example IBM,
Microsoft ,Google, etc. The Private cloud allows the accessibility of
systems and services within the organization. Private cloud is operated only
within a particular organization.
The Hybrid cloud is the mixture of public and private cloud. where Noncritical activities are performed by public cloud and critical activities are
performed by private cloud. Employees can use Hybrid cloud to separate
personal and corporate data.
A multidisciplinary team should develop a well coordinated BYOD policy
This multidisciplinary team should include IT experts, human resources
people and legal experts who can implement a BYOD policy. These group
of people should frame a policy before allowing employees to bring their
own devices to work.
These includes, teaching employees how to separate work data with an
employee's personal data. How to encrypt and secure the access of
corporate data from non employees, such as family members. If employee
loses a device or resigns what to do with corporate data stored in their
personal device.
Well defined BYOD policy can help employees to clearly understand their
responsibilities while connecting their devices to the company IT systems
.An security audit should also be carried out on the types of personal data to
be accessed and the devices to be used.
12

Employers should also consider the use of a sandbox or ring-fencing of

data
Employers should also consider the use of a sandbox or ring-fencing of
data, such as by keeping data contained within a specific app, as well as
ensuring that, if the device is lost, the data on it is kept confidential and
retained via a backup facility.
Monitoring the internet traffic on personal device.
The monitoring includes like recording the geo-location of the personal
devices or the internet traffic on the personal devices. Though remote
monitoring is obviously not ethical when it comes to personal devices.
Employees might also engage in jailbreaking their devices so they can
effectively hide their activities and work around corporate policy. Increased
monitoring at work on employees personal devices can also backfire .But
companies must inform employees of the extent of the monitoring and can
also assure that not violating any privacy policy.

13

Criminals Are In Cloud Nine

Few years back the Megaupload cloud storage service was stopped by
police following allegations of illegal piracy. Kim Dotcom and his
colleagues were arrested, Megaupload was a low-cost file sharing cloud and
popular for making online backups. When the US authorities closed the
service without warning, businesses were unable to access their documents
and lost data permanently
What is cloud computing
Cloud refers to a Network resources or Internet. Cloud computing means on
demand delivery of IT resources via the internet with pay-as-you-go
pricing.Cloud infrastructures are present at remote location and users have
no idea about the physical infrastructure and the complexities of the system
they are using.
Cloud computing can be defined as the use of computer technology that
harnesses the processing power of many inter-networked computers and at
the same time conceal the infrastructure behind it.
The advantage of cloud computing are given below
a) cloud computing environments are always up-to-date. With cloud based
security all traffic from all devices is directed to the cloud for inspection of
malware, viruses, spam, or other threats.
b) cloud can work in the distributed computing environment.
c)It supports high scalability. That means users can increase or decrease the
capacity of hardware resources any time they want.
d)Multi-Sharing is possible, multiple users and applications can work more
efficiently by sharing common infrastructure.
e) Cloud computing security addresses Unified Endpoint Management
(UEM).At present, device management more focuses on the integration of a
large variety of endpoints such as wearables, IoT, smartphones, and
tablets.

14

f) Cloud security dramatically improves Return on Investment, because

moving your data to the cloud means that deployment costs are minimal,
with no worry about hardware or software.
g) Cloud computing enables the users to access systems using a web
browser regardless of their location or device they use.
h) Cloud offers huge amount of storage capacity like 2000 GB or more
than that if required.
News on cloud hacking
2014 was a wake-up call about the growing dangers of cloud related cybercrime and hacking. one kind of cloud attacks reported in the Christmas Day
2014.It was attack on Microsoft and Sony gaming servers by Lizard Squad.
The attack was a DDOS attack.
On more incident, where the RackSpace Domain Name System affected by
DDoS attack, which affected its DNS setup and caused problems accessing
RackSpace cloud services for 11 hours.
Another attack was reported on Amazon EC2 server that hijacked cloud
servers for Bitcoin mining purposes. In that case, a GitHub user discovered
a bot scanning for Amazon API keys. Once the hacker got the keys, he or
she used them to grab Amazon cloud-based computing resources.
We are also aware of some picture leak incidents from icloud. The moral is
cloud attacks are escalating.
Why cloud preferred be criminals
Cloud-based services are basically anything that relies on server
components on the Internet. Criminals are setting server within ISPs that
are designed specifically to take part in fraud. Security analyst firm McAfee
and Guardian Analytics uncovered the location of servers, it is in eastern
European countries, These servers are located mostly at "bullet proof" ISP
that have lax policies and are re-located frequently to avoid discovery.

15

Now criminals are moving their malware(Remote Access Trojan)from end

user PCs to servers in the cloud. The attack starts with a phishing e-mail,
typically pretending to be from a genuine source like a bank, office, from
IT depratment, placement agency urging the recipient to click a link to
change the account password, or to download an attachment. Once the link
is clicked, victim goes to log into the bank site, and the malware would use
a so-called Web inject technique to overlay what looks like the bank Web
page in the victim's browser. Now all information given to this page goes to
the server rented by hacker .If an attachment is downloaded, a malware
embedded in that attachment is also downloaded onto the victim's computer
and starts stealing the data and sending it off somewhere. This kind of
malware is controlled from the server.
New cloud computing accounts may be created with stolen credentials and
credit card details, this way criminals can hide their identity and create
difficulties in tracking down the source of the attack, particularly when it is
cross border. Accounts created or compromised in such a way can be
controlled as part of a botnet. Cloud botnets are cheaper than PC, criminals
gradually will move all botnets from residential PCs, to the cloud and
mobile, to support their spam, DDoS attacks, Ad-click fraud, Bitcoin
mining and other illegal activity.
Cloud computing users may be subject to domain name system (DNS)
attacks. Pharming and DNS-poisoning involve diverting visitors to spoofed
websites by poisoning the DNS server or the DNS cache on the users
computer.
Solution
The cloud security market is growing leaps and bounds, going from $4.20
billion in 2014 to a predicted $8.71 billion in 2019 with a CAGR of 15.7%
during the forecast period 2014-2019.we can say that,2015 is not year of
the cloud its also the year of cloud security.
User training is the most important, users of cloud computing service
should be aware of what not to do with cloud service as the infrastructure is
at far away.
16

The client can patch the operating systems, update the internet browsers
and other software applications to protect against new vulnerabilities and
malware, can install anti-virus software, install firewalls to protect against
unauthorized access.
Cloud computing providers may also implement multifactor authentication
to strengthen authentication checks.
Encrypt the data travelling between the cloud and the browser.
Encrypt the data stored in the cloud.
Cloud service providers can use intrusion detection and prevention systems
and network

17

Hack-Economy
Few years back "Khoo Boon Hui", who served as President of INTERPOL
from 2008 to 2012 said that "organized international gangs are behind most
internet scams and that cyber crimes estimated cost is more than that of
cocaine, heroin and marijuana trafficking put together".
He also said that 80 per cent of crime committed online is now connected
to organized gangs operating across borders". They are using Nation-state
tactics.
Today's hackers are more organized and work in groups, many blackmarket sites exist where hackers exchange stolen information. Credit-card
data is sold in bulk by "carders" and phishing scams are a growing concern.
Malware viruses, Trojan horse programs and worms -- generates more
money than the entire computer security industry.
The terms "Attack-as-a-Service,Crime-as-a-Service,Malware-as-aService,Fraud-as-a-Service has now become a new business model.
Today almost anyone can become a cyber-criminal, the concept is if you
can't do it, hire professionals to do it. Today's Cyber criminal gangs offer
botnet and control infrastructures, hosted on cloud for lease or sale or rent
to its customer. Cybercriminals also sell or rent their co-workers hacking
service, to conduct illegal activities.
cybercrime-as-a-service will continue to accelerate and mature,
Cybercrime-as-a-service providers are now offering free trials, money back
guarantees and discounts for repeat business to retain their old customer
and also to lure new customer.
In 2014 Internet Organized Crime Threat Assessment (iOCTA) reported
that service-based criminal industry is developing to the point where an
increasing number of criminals are operating from virtual underground or
dark net.
Cybercrime-as-a-Service can be categorized in 4 sectors
Research-as-a-Service : These kind of service try to sale of zero-day
vulnerabilities to organizations or individuals.
18

Crime ware-as-a-Service : These kind of service try to develop tools and

exploits and sell that to organizations or individuals.
Cybercrime Infrastructure-as-a-Service: These kind of service lease or
sale or rent co-workers hacking resource to its customer
Hacking-as-a-Service: They simply perform hacking with their resources and
charge for it.

Typical structure of a well organized cyber crime syndicate

(Source: ICT Pulse)
Here comes some interesting statistics collected from internet where
Attacks-as-a-Service, is on rent or sell. The majority of these services are
presented in the underground economy. This black market offers bulletproof hosting or rent compromised machines belonging to huge botnets,
hacking services, and of course, customer support.
Consulting services such as botnets setup, $350-$400
Infection/spreading services, under $100 per a thousand installs
19

 Botnets and rental, Direct Denial of Service (DdoS),$535 for 5 hours a

day for one week, email spam, $40 per 20,000 emails, and Web spam, $2
per thirty posts.
Black hat Search Engine Optimization (SEO), $80 for 20,000 spammed
back links.
Inter-Carrier money exchange and mule services, 25% commission.
CAPTCHA breaking, $1 per a thousand CAPTCHAs, done by recruited
humans.
Crime ware upgrade modules: Using Zeus modules as an example, they
range anywhere from $500 to $10,000.
$150 and $400 to crack e-mail passwords in less than 48 hours.

The hierarchy of the digital mob. Image credit: Finjan

20

Finjan describes the employee structure that these cybercrime companies

employ as being similar to the Mafia. In both cases, there is a "boss" who
operates as a business entrepreneur and doesn't commit the (cyber)crimes
himself, with an "underboss" who manages the operation, sometimes
providing the tools needed for attacks. In the Mafia, several "capos" operate
beneath the underboss as lieutenants leading their own section of the
operation with their own soldiers, and in cybercrime, "campaign managers"
lead their own attacks to steal data with their "affiliation networks." The
stolen data are sold by "resellers," similar to the Mafia's "associates." Since
these individuals did not partake in the actual cybercrime, they know
nothing about the original attacks. They do, however, know about
"replacement rules" (for example, stolen credit cards that have been
reported) and other company-specific policies, just like the sales
representatives you talk to in your average store.
[Content credit: Finjan ]
Solution
What will cybercrime-as-a-Service landscape look like in 2020? Its
difficult to predict because technologies evolve at impressive speed and
invention of new technology means new opportunity to the criminals.
Analyzing the cyber crime ecosystem is a very complex task, due to the
multitude of entities involved, and their different means and methods.
cyber-criminals are mostly using tools such as Botnet, Zombie Computer,
Fast Flux, Skimmers, Tor, VPN, Encryption techniques and virtual
currencies to carry out illegal activities. The future adoption of Big Data,
wearable devices, the Internet of Things and the move to IPv6 will offer up
new kind of attack vectors to hackers, in fact researchers found that cyber
criminals are more technologically advanced than those trying to stop them.
Companies and the government should take a radically different approach
to cyber security. which goes beyond installing antivirus software and
training employees. Like a common legal framework that is recognized
globally. More International and cross-border collaboration if law
enforcement is to be successful, exchange of relevant information and
intelligence, disruption of the criminal infrastructures behind illicit online
services. Adopting Big data in cyber security model is crucial in next few
years, more over A wider debate is required across society as to how 21st
Century policing will deal with dark net cyber crime.
21

Cross o s
w

rd

Puzzles

Phil Spencer, Microsofts head of games, said at the Game Developers

Conference that the company continues to invest in a cross-platform
ecosystem that allows people to play titles across Windows 10 PC, Xbox
console, and Microsoft mobile devices.
That means that Microsoft will launch new tools so that developers can
create games that will run across Microsofts family of devices. That
includes Windows 10, Windows phone, and Xbox consoles.
Why cross platform is on rise
In general, the main goal for cross platform application is to acquire as
many customers as possible and deliver highest quality engagement within
a target market.
As a business owner, you would want to have an mobile application which
is adaptable on various platforms so people can use it on the go, wherever
they go, however they go. Two most popular mobile platforms today are
iOS and Android. Also, you should always keep in mind that developing an
application for BlackBerry and Windows mobile is also worth thinking.
Ability of a programming language (such as Java) that enables
programmers to develop software for several competing platforms by
writing a program only once. Cross-platform software can run on most or
all systems with little or no modification. Also called multi-platform.
Apps with cross-platform compatibility features require only a single set of
coding. That, in turn, makes the task of mobile application developers
easier. If separate, customized versions have to be developed for
Blackberry, iOS and Android platforms, risks of a coding error cropping up
also becomes higher. Tools like Eclipse and PhoneGap have reduced this
problem to some extent . HTML5,visual c++, c# xamarin (visual studio
2015) can also develop cross platform application.
22

Cross-platform gives you reusability of code, all this means you have
reduced development costs when making apps for multiple platforms. The
mobile application development cost associated with most (if not all) crossplatform software is lower than the required expenses for native apps. This
automatically enhances the financial viability of the former type of
applications.
Why Cyber criminals are targeting cross platform Os.
Gartner Says by 2016, More Than 50 Percent of Mobile Apps Deployed
Will be Hybrid.
Hackers targeting the same vulnerabilities in applications commonly found
on both platforms, because they can hop from platform to platform, and
can damage more victim, not only the original victim, but also the victims
other devices, or even the network that they connect to ,ultimately it infects
all systems connected in the network. It is a kind of chain reaction. The
damage would be exponential if left unchecked.
Majority of user nowadays use inter-connectivity between mobile devices
and laptops/desktops, they transfer/data file between these devices. This
connectivity also raises the threat. The economy is simple, they can make
profits twice from the same malware. As the development domain is
leaning towards hybrid application, hackers are also changing their modus
operandi. They started rewriting their malware suitable for this hybrid
platform.
ANDROIDOS_USBATTACK.A, a malicious app that pretends to be a
cleaning utility for Android devices. It acts as an information stealer, but
also downloads an auto run malware onto the affected mobile devices SD
card. If the user connect his mobile device to a Windows PC, the malware
would then automatically run, infecting the PC. The malware itself records
the users voice with the PCs microphone feature.
[source: trendmicro.com]

23

Solution
Their users must also be educated about these threats. Security solutions
exist for nearly every platform, but users are not aware of this. Cross
platform attack is not dominant today comparing the native Os attack. We
have to wait and watch for it.

24

Cyber stalking Cyber Bullying

A sad story of a young girl named Rebecca Sedwick just 11 years old, who
lived in Florida jumped off of her towns water tower to her death after
been extensively cyberbullied by her classmates Over the last few years.
Rebecca contact school administrators and also switch school but the cyber
bullying persisted.
About 1.8 billion teens worldwide are effected by Cyber bullying.
Facebook, Ask.fm and Twitter were found to be the most likely sources of
cyber bullying. Cyberbullied victims suffer silently from low self-esteem,
depression, drop out of school and also suffer from suicidal tendencies.
In last few years lots of Cases of cyber bullying had reported all over the
world and from India. Many of the suicides among Indian adolescents are
due to the trauma of cyber bullying suffered by the victims. India Ranks
Third on Global Cyber Bullying List.
According to a recent Mobile Internet in India 2014 report released by the
Internet & Mobile Association of India (IAMAI) and IMRB International
there were around 173 million mobile internet users in India in December
2014.which is expected to reach 213 million by June 2015.If you look at
the picture(SOURCE IAMAI and IMRB) in rural India around 53 million
are connected to internet by June 2015 and in urban India around 160
million users are connected to internet.
Also according to a new study, the biggest of chunk of the users are in the
age group between 16 to 18 years and these numbers have gone from 5% in
2012 to 22% this year, which is around four-fold increase.
To understand the global impact of online bullying. Microsoft researcher
asked children of 25 countries about the negative experiences theyve had
online and asked them to raise on any incident which had an adverse effects
in their online presence.
According to Microsofts Global Youth Online Behavior Survey out of
these 25 countries, India ranked third (behind China (70%) and Singapore
(58%) with 53% of respondents (children aged between 8-17) saying they
have been threatened or being harassed online.

25

The survey also indicated that 22% of children reported mean or unfriendly
treatment, 29% were made fun of or teased and 25% were called mean
names.
According to the 'Tweens, Teens and Technology 2014 Report' by McAfee,
50 percent of Indian youth have had some experience with cyber-bullying
(been cyber-bullied online or witnessed others being so treated), out of
which one-third (36 percent) have themselves been cyber-bullied. Offline
harassment, threat, defamation are also in radar of some researcher. It is
astonishing to know that India is one of the few countries where the rates
of online and offline bullying were equal.
What is Cyber Bullying?
Cyber bullying is the harming or harassing via information technology
networks in a repeated and deliberate manner. According to U.S. Legal
Definitions, "cyber-bullying could be limited to posting rumors or gossips
about a person in the internet bringing about hatred in others minds; or it
may go to the extent of personally identifying victims and publishing
materials severely defaming and humiliating them".[wikipedia]
"Cyber bullying is a typical type of online harassment, which can be
defined as hurling harsh, rude, insulting, teasing remarks through the
message box or in open forums targeting one's body shape and structure,
educational qualifications, professional qualifications, family, gender
orientation, personal habits and outlook,"
[Defined by Debarati Halder, advocate and managing director, Centre
for Cyber Victim Counseling]
Cyber bullying vs. Cyber stalking.
"Cyber bullying" is when a child, preteen or teen is tormented, threatened,
harassed, humiliated, embarrassed or otherwise targeted by another child,
preteen or teen using the Internet, interactive and digital technologies or
mobile phones. It has to have a minor on both sides, or at least have been
instigated by a minor against another minor. Once adults become involved,
it is plain and simple cyber-harassment or cyber stalking. Adult cyberharassment or cyber stalking is NEVER called cyber bullying.

26

How cyber bullying works

There are two kinds of cyber bullying,
a) Direct cyber bullying: Some messages sent to a victim directly by
another kid.
b) Proxy cyber bullying: Seeking help from others including adults to sent
message to a victim. The creator of the message or picture don't come to
front.it is much more dangerous.
According to cyber law expert Pavan Duggal "Under Section 66 (A) of the
IT Act, 2000, cyber bullying is a bail able offence, punishable with three
years of imprisonment and fine".
Solution
Should the Law Treat Kids and Adults differently? Though cyber bullying
is a bail able offence, punishable with three years of imprisonment and fine,
but the fundamental question is, are children capable of understanding the
consequences of their actions? Cyber bullying involves activities of teen,
preteen and adolescence is one of the reason. Actually adolescents' brain
can be likened to a car with no brakes. There is an area of the brain called
the pre-frontal cortex that controls our decision making. which isn't fully
developed until the early to mid-twenties. Parents and Schools have an
important role to play. In India,3 out of 10 parents say that their children
have been victims of cyber bullying, but have no clue on how to tackle it.
According to me Some solutions are as follows
1) As most of cyber bullying originate from fake accounts, you can ask
your child to create a maintain a genuine account in social networking sites
and not to create any fake account.
2) Teach them not to send any damaging messages in public forum. Also
warned them, that if any damaging/defamation comes from their post they
may lose internet connectivity for a while.
3) Schools can invite cyber security professionals to educate their students
on cyber ethics and the cyber law.
27

4) Schools can arrange psychological counseling sessions for every student

in the school periodically.
5) Encourage teens to report incidents of cyber bullying to an adult.
6) Teach your child how to use "STOP", "BLOCK" or "report abuse"
options available in social sites. Best effective method is to stop cyber
bullying at the source, before the damage was done!
Conclusion
Trisha Prabhu (A 14-year-old freshman at Neuqua Valley High School in
Naperville, Illinois) one day came home from school and read the news of
Rebecca Sedwick.
She was shocked to read the news and created and patented a product
"ReThink" that can stop cyber bullying before the bullying occurs. It had
been found that with use of "Rethink", adolescents change their mind 93%
of the time and decide not to post an offensive message.
She was selected as Google Global Science Fair Finalists 2014 for her work
on "ReThink". See the site [http://www.trishaprabhu.com/]

28

Silicon Valley Vs Film Studios

According to "Internet and Mobile Association of India" and consulting
firm KPMG the faster growing market of smart mobile phones in India and
the number of mobile Internet users which is expected to cross the 300
million mark by 2017 will definitely shift the battleground of film piracy.
The battle is likely to be more intense with the adoption of 4G.4G services
can offer peak speeds of 45 Mbps, making downloads faster and smoother.
Telecom service providers promise a very-fast downloads of Internet
content, like downloading a full movie in just 3 minutes posing a real threat
to Indias Rs.52,430 crore film and television industry, which provides
income of around 1.8 million people.
DAP is a popular software which can be used to download clips and moves
from YouTube and permanently stores it in computer for entire life.
peer-to-peer file-sharing(torrent) websites have had access to high quality
illegal content.
Not only these, Google rolled out YouTube offline viewing feature that
allows users of India, Indonesia and the Philippines to temporarily store
videos offline for the next 48 hours and then watch later without any
internet connectivity. But trust me this app can be tweaked to extend the
viewing beyond 48 hours.
In 2010 Google start allowing certain users to upload videos that were
longer than 15 minutes Now pirates use it to upload entire movies.
Uploading pirated movies on legitimate sites like You-Tube has a long
lasting negative impact on revenues.
According to Motion Pictures Distributors Associations Internet Piracy
Studies India is the 4th largest global hub of online film piracy, behind
United States, Britain and Canada, with Delhi, Bangalore and Mumbai
accounting for the major share of illegal downloads.
In 2013 Ernst & Young last estimated that Indian film industry loses about
Rs 5,000 crore in revenues and over 50,000 jobs a year because of piracy.
29

Piracy as a whole cost the Indian movie industry $1.1 billion in 2012,
according to a report by KPMG. The consulting firm doesnt have more
recent numbers to share.
In 2013, India ranked 6th in the world in terms of the number of
unauthorized P2P connections translating into films becoming available on
Bit Torrent, cyber locker or web-based file hosting sites within hours of the
films release, and sometimes even before that.
According to the 2014 Report on Copyright Protection and Enforcement by
the International Intellectual Property Alliance, India was among the top 10
countries where Internet piracy of film and television content is rampant.
India topped in the list of countries where the movie "Fast & Furious 7"
was illegally downloaded from the Internet after its release ,with 578,000
downloads.
Film fans ware waiting for Ketan Mehtas Nawazuddin Siddiqui-starrer
Manjhi: The Mountain Man,a high-definition copy of the entire film,was
found on many torrent sites before it was released. Earlier, Malayalam
blockbuster film "Premam" was leaked online, before it is released. Kamal
Haasan's movie "Papanasam" pirated copy also leaked online after its
release.
More hand held devices, faster network and popularity of a video streaming
service will truly become a challenge for the movie industry in coming
years.
India lags far behind countries like the US when it comes to fighting piracy.
The government can ban porn sites but how to kill piracy? We can easily
find road side shops selling pirated CD/DVD of movies, games, os and
many software.
Piracy is not new, initially it was for most tech-savvy people, as we know
that today's youngsters are more net-savvy, tech-savvy than anybody they
use the most of it. Peer-to-peer (P2P),online file sharing poses a much
bigger risk. Today Many of the viewers prefer to go to a cinema hall to
watch the movie if it wasn't available on YouTube or in torrent.
30

"Producers lose around 10 per cent of revenues with content going online,"
said Rajeev Kamineni, executive director of PVP Cinema, Mukesh Bhatt
said his film "Aashiqui 2" suffered huge revenue loss. Bhatt co-produced it
with T-Series. He said "For 'Aashiqui 2',more than 40% of my revenue was
lost to internet piracy, When I go to work, I feel I am not working for
myself, I am working for a pirate and that breaks my heart..."
Solution
Film piracy is an organized crime, whenever you purchased a movie ticket
government collects some entertainment tax for each ticket. different
country has different tax rates, but when it is being copied and uploaded in
net it becomes global and anybody can enjoy it tax-free.
According to a statistical data collected in 2013 due to piracy, nearly 800
theatres across the state Andhra Pradesh were closed down in the last few
years,News flashes regularly in tv and papers that flim produces and actors
are threaten by underworld people on extortion and when the money is not
paid they used to upload a copy of the movie in net.
Every Indian knows where these underworld people stay and form which
country they operate. In India recently digital rights management (DRM) is
introduced to provide adequate protection for copyrighted material in the
online digital environment.
A cohesive strategy including consumers, judiciary and policymakers
should be there to fight this piracy on a proactive basis. Heavy punishment
should be there in legal ecosystem for online piracy.
The iMovieCop app was officially launched in 2013 and inaugurated by
Nancy Powell, the then US ambassador to India.
"Indian Movie Cop (IMC) is a proactive initiative by the Indian film
industry to spread awareness about movie piracy. IMC provides seamless
coordination, collective action, and cooperation between stake holders,
enforcement agencies and concerned movie lovers by providing all relevant
information.
31

IMC encourages citizens and movie lovers to fight piracy by sharing

relevant information with the concerned authorities in real time. IMC
provides a platform for people to promote and protect creativity and
recognizes and rewards such efforts".

32

Mobile apps and webpage giving high five with HTML5

Web browser developers, mobile OS developers, browser based games
developers and large companies operating on the internet all are pushing for
the adoption of new technologies like HTML5 for the development of rich
web-based client applications.
Although the World Wide Web Consortium W3C only approved HTML5
as a standard in October 2014,its adoption started many years ago.
Presently, almost 30% of the Fortune 500 companies, which include tech
giants like Google, Facebook, Netflix and Microsoft are using it.
Recently software developer wing of Adobe Systems announced that it is
ending development of its Flash Player plug-in for mobile devices, because
Adobe believes that HTML 5 technology offered the "best solution" and it
is "universally supported". Google introduced Google Swiffy to convert
Flash animation to HTML5, a tool Google would use to automatically
convert Flash web ads for mobile devices. In 2015, YouTube also switched
to HTML5 technology on all devices.
HTML5 is still in development phase but some applications already support
it. The power of HTML5 allows developers to create almost full-fledged
web applications, not just structured content.HTML 5 is developed to
improve the functionalities of websites, it removes the need for plug-ins
such as Java and Flash and bring the storage capacity of the cloud to the
browser.HTML5 also helps in creating games for both mobile devices and
PCs, plus the game doesnt have to be installed on device. One reason for
its popularity is largely cross-platform. It allows developers to create apps
for various platforms including iOS, Android, Windows, Mac and web
applications.
Basically browsers can store relatively small amounts of data, mainly
cookies which can track and remember the user's preferences in the
websites, but with HTML5 more data can be stored in the browser and
cybercriminals could create super-cookies to track people's web behavior.

33

Attack on HTML5
HTML5 an increasingly popular web language will be the next big target
for cybercriminals.HTML5's new features has increased the attack surface.
Recently A group of Italian researchers have come up with new obfuscation
techniques that can be used to dupe malware detection systems and allow
malicious actors to execute successful drive-by download attacks. The
researchers' obfuscation techniques are based on some functionalities of the
upcoming HTML5 standard, and can be leveraged through the various
JavaScript-based HTML5 APIs.HTML 5 hides a lot of this detail from
software writers making it harder to distinguish between good and bad
sites. The other major security flaw for HTML 5 is integration of GPS with
mobile which can identify a person's location.
Solution
As the adoption of cloud computing changed the vulnerability surface,
same will happen with the adoption of HTML5.Gartner an American
information technology research and advisory firm recently published a
report predicting that over 50% of the mobile apps are likely to be based on
HTML5 by 2016.HTML5,DOM and embedded JavaScript are the
technologies of next generation applications. Great amount of attention is
required towards HTML5 security and developers needs to be trained on
the new features of HTML5 and also on the secured coding.

34

Internet of Threats
IOT is internet of things. The concept behind IOT is to connect
commonplace machines and appliances say, your microwave or air
conditioner at home, or the traffic lights of your entire city to each other
and then use their ability to exchange information to make our lives
easier. It is possible through the interconnection of devices with embedded
computer chips inside it. IOT is a buzzword of choice and part of key
business strategy for major technology players like Google, Samsung,
Coca-Cola, General Electric, Dominos Pizza and many more.
The IOT is not a new concept. In 1999 Bill Joy of Sun and Kevin Ashton of
the Auto-ID Center at MIT proposed ideas that would become the Internet
of Things, though the phrase itself is attributed to the Kevin Ashton.
Some examples of IOT include smart climate control systems, home
surveillance system, onboard computers in a vehicle providing real-time
traffic information.

[source http://www.3g.co.uk/]

35

Here comes some interesting facts on IOT

>In 2008, there were already more things connected to the Internet than
people.
>It is expected that by 2020, at least 14 per cent of the consumers would
have purchased some form of Internet connected things.
>By 2020 the amount on things connected to the Internet will reach over 50
billion, raking up $19 trillion in profit.
>Wireless communication is the present and future. Many IOT devices are
communicating in short-range wireless communications technologies such
as RFID, NFC, Bluetooth, Wi-Fi. This kind of connected devices are
expanding at exponential rate.
How IOT will change cybercrime domain
Not many are aware of the concept of Internet of Things. Studies say that
about half of the Americans right now[2015] dont know about smart
thermostats and smart refrigerators, but according to a report published by
"EMC/IDC Digital Universe" in 2014 predicts that, around 40 percent of all
data will be machine generated by 2020,where as it was 11 percent in 2005.
General Electric estimates that the IOT will add $15 trillion to global GDP
over next 20 years. McKinseys Global Institute published a report in may
2013 suggests an economic impact of $2.7 trillion to $6.2 trillion annually
by 2025mainly in health care, infrastructure, and public sector services.
From all statistics it is clear that money matters and we know that objects
under computer control or accessible via the internet can be "hacked" or
compromised. Cyber criminals are definitely going to explore this avenue.
In fact Internet security firm "Proofpoint" said on January 2014 that it has
found some compromised gadgetswhich included everything from
routers and smart televisions to at least one smart refrigeratorsent more
than 750,000 malicious emails to targets between December 26, 2013 and
January 6, 2014.This was the first major attack on Internet of Things
devices.

36

Now question is how attack on IOT was indentified

A security researcher at "Proofpoint" noticed a spike in thousands of
malicious messages sent from a range of IP addresses that she didnt
recognize, being curious, she began pinging the devices and soon realized
that they werent PCs, the usual platform for launching this sort of attack.
Instead, many were otherwise unidentified as devices running a standard
version of Linux. Pinging one device brought up a login screen that said:
Welcome To Your Fridge. She typed in a default passwordsomething
like admin or "adminadmin," and suddenly got access to the heart of
someone's kitchen.
Search engine for Internet connected devices is [shodan.io]

36

Popular searches shodan.io

Searching webcam in shodan.io

38

Hacking your computer, mobile phones, social networking sites are old
concept. Its now expanded to wearable medical devices, street lights,
traffic system, our cars, and our homes.
Solution
First step in protecting IOT devices is to change the default
passwords. Next if you dont need your device connected to the
Internet, then dont connect it or put it behind your personal router
and firewall in your environment. I mean some extra layer of
protection.
Do not blame the interface, A very secure LINUX or Android OS
can be developed but most of the user are not aware of this secured
feature available in OS. So user training is important.
Till today IOT ecosystem is unstructured, vendors are supplying
software that runs on different sets of hardware and firmware. One
inherent solution is this unstructured IOT ecosystem. A lack of
standardization means the potential scale and impact of a cyberattack against connected devices in a home or business is limited.
Be sure that firmware and software running on the devices could be
updated and that upgrade are made through secure processes that
avoid any modification/substitution.
Many smart devices provide a Wireless Access Point
functionality, like Smart TV, and it is necessary to adopt strong
encryption algorithms and security best practices (i.e. disabling the
broadcast of SSID).
IOT devices could be integrated with cloud services for sharing data.
As the Internet of Things expands, industry and government must
collaborate to boost security of critical systems, not all the
knowledge resides in any one organization; we need a collaborative
system where people come together to work through
If IOT paradigm is
Sensors +Networks + Cloud Infrastructure + wireless devices +
Machine generated data.
A new cyber security model will be adopted soon.
Big data analytics + Existing security technologies = stronger
cyber defense
39

Needle-In-Haystack
2014 was a major wake-up call for the cyber-security professionals after the
Sony leak incidents and leak of "snowden" news. Really nothing is safe
anymore. Individuals and Businesses need to take every possible steps to
keep their assets secure.
"Snowden" did many revelations, among all of these the two most
important was
a) XKeyscore tool: Using XKeyscore the NSA uses to search "nearly
everything a user does on the Internet" by intercepting data across the
world.
b)collecting it all: Not only Internet data. The NSA, following its
unofficial motto of "collecting it all," and intercepts 200 million text
messages every day worldwide through a program called Dishfire.NSA
described the collected messages as a "goldmine to exploit" for all kinds of
personal data.
Now question is what NSA was doing with these data or information?
Collecting any crucial or confidential information from these data set is like
searching needle-in-a-haystack.

Human beings today create around 2.5 quintillion bytes of data every day.
The rate of data creation has increased so much that 90% of the data in the
world today has been created in the last two-three years. This acceleration
and the production of huge data requires some special skill and
technologies to process and is called Big data analytics.
Now the data can be categorized into three areas, structured data like
data in tabular format, semi-structured format like data stored in XML
format, unstructured format like this paragraph. Five years back Cybercriminals were only targeting the tabular data, but today having on top of
the latest technologies ,they think that along with structured data,
unstructured and semi-structured data is a new gold mine and then started
filtering the massive data generated from number of events occurring across
40

the world from wide variety of data sources like traditional log and audit
files or more emerging sources such as audio, videos, images, social media,
email.
Criminals use Big data analytics to collect massive amounts of data
generated inside and outside the organization to find hidden
relationships, and patterns.
Today's Cyber-criminals are not interested about historical data, they are
more focused about collecting real-time, sensor-based data, passive
data(like geographic location, access time, access location, organizational
roles and privileges of a device etc).
Solution
When an attack does happen, organizations cant necessarily isolate a
system because the cost and impact of shutting it down may be greater than
the cost of an infection.
Cyber security model need a shift from prevention to prediction &
remediation. Because cyber forensic is the last option, it is better to be
proactive than reactive. Traditional security monitoring systems are not
enough. Today many organizations rely on approaches to Security
Information and Event Management (SIEM) which is based on off-theshelf SQL databases or proprietary data stores, that were not designed nor it
can keep pace with the massive amount of data, organizations generate with
today.
This new model [Big data analytics + Existing security technologies =
stronger cyber defense ]will offer intelligent guessing, heuristics
calculation, statistical and behavior models, correlation rules, and threat
intelligence feeds into organizations security surveillance to strengthen
their security infrastructure.
The Worldwide Intelligence Network Environment (WINE) provides a
platform for conducting data analysis at large scale. WINE loads, samples,
and aggregates data feeds originating from millions of hosts around the
world and keeps them up-to-date. WINE is currently used by Symantecs
engineers and by academic researchers. This allows researchers to conduct
experiments on real-world data and compare the performance of different
algorithms against reference data sets archived in WINE.
41

Bug bunny
Denial of service(DOS),Distributed Denial of service(DDOS) is old
concept because it requires large number of compromised computers to
execute the attack, plus it can be detected and prevented by most of
traditional anti-DoS tools.
Recently one more attack with HTTP protocol as a shield becoming
popular, this kind of attack works in low-and-slow mode. In Low and
Slow attack it appears that apparently legitimate traffic is arriving, but at
slow rate.This works in layer 7(application layer) and is called slow HTTP
Denial of Service (DoS).
Anatomy of attack
Slow HTTP attacks rely on HTTP protocol, Slow HTTP Post DoS attack
was officially revealed by "Wong Onn Chee" and "Tom Brennan" together
at the Open Web Application Security Project (OWASP) conference, where
they demonstrated this particular attack.
In HTTP protocol, the client submits an HTTP request message to the
server and the server, returns a response message to the client. by design, it
requires requests to be completely received by the server before it is
processed, but if an http request is not complete, or if comes at very low
rate, say one byte every 110 seconds, the server keeps its resources busy
waiting for the rest of data packets .If the server keeps too many resources
busy, this creates a denial of service attack.
Attack tools such as Slowloris, R.U.D.Y. can produce legitimate packets at
a slow rate.
Slow HTTP Headers (Slowloris): Attacker sends partial HTTP headers at a
very slow rate (less than the idle connection timeout value on the server),
but never completes the request. The headers are sent at regular intervals to
keep sockets from closing, thereby keeping the server resources occupied.
Slow HTTP Post (RUDY): As the name suggests, an attacker will slowly
POST the data to Form fields. The request contains all the headers with a
legitimate Content-Length header (usually with a high value) making the
server aware of the amount of data expected.
42

The attacker now injects the data in the Form at a very slow rate, forcing
the server to keep its resources busy expecting more data to arrive.
Eventually the server runs out of resources.
Slow Read: The client sets up a connection to the server and sends a full
HTTP request. Holding the connection open, the client reads the response
from the server at a low-speed. For example, it sends a Zero Window to the
server before reading the response, misleading the server into thinking that
the client is busy. Until the connection is about to time out, the client reads
only one byte of the response. In this way, the client drains connections to
the server and consumes its memory resources.
Danger of this attack
As the HTTP protocol does not require a check on the request content
before the request is received, the low-and-slow attacks can still succeed
even if the request body is empty.
These types of attack are easy to execute because with a single machine
thousands of connections to a server is possible which can generate
thousands of unfinished HTTP requests, that means using minimal
bandwidth and minimal resources Low & Slow application attacks can
create significant damage. Such attack can bring down a Web server,
irrespective of its hardware capabilities
These attacks can look like normal requests which is taking a long time, so
it's hard to detect and prevent them by using traditional anti-DoS tools.
Slowloris, R.U.D.Y (R U Dead Yet?) are some popular tools that can
produce legitimate looking packets at a slow rate, these packets do not
violate any network standard, security policy or any lower-level security
devices policy and can pass traditional mitigation strategies undetected.
Existing IPS/IDS solutions that rely on signatures generally cannot
recognize the attack.

43

Solution
This attack can be detected by performing network behavioral analysis on
the network during normal operation and comparing the data gathered
during a Slow-Rate attack.
Long and relativity idle open network connections might imply that the
server may be under attack.

44

Online Teller Machine

Story 1: Conmen have duped private sector Kotak Mahindra Bank (KMB)
of Rs 2.84 crore using credit cards that the bank had never issued, a daily
newspaper report has said.
As per the Times of India, KMB noticed that 1,730 transactions were made
by conmen for online shopping. The transaction, made between July 2 and
September 10, was traced to seven countries Canada, USA, UK,
Germany, Brazil, France and India, the paper said.
It was revealed after an internal probe that the cards were created using fake
customer names by stealing data from a newly created series of unissued
cards, all within the BIN (Bank Identification Number) range, TOI report
said.
BIM is the first four to six digits of a credit card. The bank identification
number identifies the institution issuing the card. It is critical to the correct
matching of transactions to the issuer of the charge card.
KMB has lodged a complaint regarding the transaction fraud while the has
been able to stop all the 580 cards after alerting the MasterCard division
headquarters at New York.
Story 2: An online theft in which a billion dollars has been stolen from
more than a hundred banks in about thirty countries across the world
according to Russian security company Kaspersky Lab. This is said to be
the biggest cyber theft that has ever occurred. The hackers were said to
have been on the go since late 2013 and they stole about $10m from each
bank within two to four months.
Story 3:In late 2013, an ATM in Kiev started dispensing cash at seemingly
random times of day. No one had put in a card or touched a button.
Cameras showed that the piles of money had been swept up by customers
who appeared lucky to be there at the right moment.
But when a Russian cybersecurity firm, Kaspersky Lab, was called to
Ukraine to investigate, it discovered that the errant machine was the least of
the bank's problems.
45

The bank's internal computers, used by employees who process daily

transfers and conduct bookkeeping, had been penetrated by malware that
allowed cybercriminals to record their every move. The malicious software
lurked for months, sending back video feeds and images that told a criminal
group - including Russians, Chinese and Europeans how the bank
conducted its daily routines, according to investigators.
Then the group impersonated bank officers, not only turning on various
cash machines, but also transferring millions of dollars from banks in
Russia, Japan, Switzerland, the US and the Netherlands into dummy
accounts set up in other countries.
Internet security company Kaspersky Lab says the banking industry could
be experiencing a new era in cybercrime. The attacks are unusual because
they target the banks themselves rather than customers and their account
information. The goal is financial gain rather than espionage. Hackers
particularly targets the companies or individuals using internet banking.
Hackers are also targeting banking apps on Apple and Google platforms.
How banks are robbed
Criminal's just need one bank employee to convince and one computer to
poison, rest is simple. Send a mail, with a malware as attachment, convince
the employee to download it. The infected malware then allow
cybercriminals to record every move and sending back video feeds and
images.
Once the hackers become familiar with the banks operations, they use that
knowledge to steal money without raising suspicions, programming ATMs
to dispense money at specific times or setting up fake accounts and
transferring money into them
Solution
Bank's are investing huge money with physical security, but the weakest
part of these security chain is human, proper training is needed to make
them strongest.
46

Open Source is a Open Game

Some companies who believed in closed source development like Sun,
Adobe, Microsoft also now supporting open source development. Sun
liberated the source code for much of the Java development platform,
Microsoft released several important components of its .NET architecture
under its own OSI-approved open-source software licenses. Adobe opened
up some of the underlying pieces of the Flex and Flash infrastructure. In
fact Craig Federighi, Apples senior vice president for software engineering
recently said that We think Swift is going to be the next big programming
language and would make Swift open-source by the end of the year(2015)".
What is Free software movement
The free software movement is a social movement with the goal of
obtaining and guaranteeing certain freedoms for software users, namely the
freedom to run the software, to study and change the software, and to
redistribute copies with or without changes. Richard Stallman formally
founded the movement in 1983 by launching the GNU Project.
[Source: wiki]
What is Open Source Initiative
The Open Source Initiative (OSI) is an organization dedicated to promoting
open-source software. The organization was founded in February 1998 by
Bruce Perens and Eric S. Raymond, part of a group inspired by the
Netscape Communications Corporation publishing the source code for its
flagship Netscape Communicator product. Later, in August 1998, the
organization added a board of directors. Raymond was president from its
founding until February 2005, followed briefly by Russ Nelson and then
Michael Tiemann. In May 2012, the new board elected Simon Phipps as
president and in May 2015 Allison Randal was elected as president
[Source: wiki]
What is open source development
Open-source software development is the process by which open-source
software, or similar software whose source code is publicly available, is
developed.
47

These are software products available with its source code under an opensource license to study, change, and improve its design. Examples of some
popular open-source software products are Mozilla Firefox, Google
Chromium, Android, LibreOffice and the Apache OpenOffice Suite
[Source: wiki]
What is closed source development
In closed-source model source code is not released to the public. Closedsource software is maintained by a team who produces their product in a
compiled-executable state.
How open source software development changes cybercrime domain
Research firm Gartner predicts in 2008 that "80 percent of all commercial
software applications will include open-source components by 2012". Open
source is the preferable choice for many developers today because of low
cost of ownership and high return on investment. At present around 75
percent companies run part or all of its operations on Open Source.
Open source is ever-changing because many individuals are working with
the source code of these projects and contributors frequently change
features and code. Critics always say that open source require so many
patches to stay secure.
Cyber-criminals focusing on the popular open-source Web content
management platform and its ecosystem of plug-in because plug-in
developers lacks security awareness. Brute-force password-guessing attacks
and exploitation of vulnerable plug-in are two common kind of attack in
these open source platform.
Wordpress, drupal, joomla, magento are most popular content management
system(CMS) and is used by many developers today. WordPress powers
over 22% of the top 10 Million websites on the internet, Magento An Open
Source Framework dedicated for the E-commerce Websites and Joomla is
King of CMS.
48

In 2014, more attacks against WordPress sites were recorded than the
attacks against all other platforms combined, stated in a report published by
security firm Imperva.
Android is another popular open source. Majority of smart phone users
adopting Android as their mobile platform. According to security solutions
firm Quick Heal, over 4 lakh Android malware were detected during the
January-March 2014.
[osvdb.org]website stores Open Sourced Vulnerability for researcher &
developers. Its Database has around 120,980 vulnerabilities, spanning
198,973 products and that is huge.

Solution
When an application or a platform becomes popular, hackers understand the
ROI from hacking these platforms or applications, so they spend more time
in researching and exploiting these applications, either to steal data from
that or to use the hacked systems as zombies in a botnets.
Open source software development needs financial support, or cyber
security will suffer.
The main concern about free and open source software (Foss) development
is that, it is built by communities of developers with source code publically
available, which give open access to hackers and malicious users.
49

Another concern is that the community might be slower to issue critical

software patches as vulnerabilities emerge.
People and companies are using the advantage of open source but are not
giving money to keep these project going.
For example OpenSSL project was founded in 1998 to invent a free set of
encryption tools for the code used on the Internet. OpenSSL powers about
75% of the Internet. That's why the Heartbleed bug in OpenSSL affected
some of the biggest tech giants on the planet. Though its software is used
by tech heavyweights to make billions of dollars in profits every quarter.
But OpenSSL Foundation relies on donations rather than charging for its
software. In april 2014 president of OpenSSL Foundation, Steve Marquess
said in a blog post that the organization receives about $2000 in annual
donations. After Heartbleed, the group got some publicity, and received
more than $9000 in just next two weeks.
In another example, Sucuri reported that a popular plugin for WordPress
known as SlimStat, could be used to attack the backend database of
hundreds of thousands of Websites using the vulnerable software. Another
attack against popular WordPress plug-in, FancyBox, with hundreds of
thousands of users was reported few times back.
The problems is in the plug-in development's lean business model, Plug-in
and theme makers are not drawing in large sums of money that can be
reinvested in security
Good news is that open-source developers behind WordPress have locked
down its core platform, but bad news is hackers are targeting plug-insthe
third-party software of the WordPress ecosystem.
Conclusion
Its not just open source code thats vulnerable. Much proprietary software
uses open source components. According to Gartner, 95 percent of all
mainstream IT organizations are influenced by some element of open
source software directly or indirectly. So . bug bounty program for plugin or open source should be encouraged.
50

Run some Awareness

Recently Microsoft announced that Windows 10 will be available in 190
countries as a free upgrade, cybercriminals are just waiting for this news,
with this announcements, cybercriminals soon designed a spam,
campaigning to distribute a piece of ransomware by promising recipients a
free Windows 10 upgrade.
The fake emails carry the subject line Windows 10 Free Update and they
appear to come from update@microsoft.com. The notifications might
appear genuine to some regular users since they also contain a legitimatelooking disclaimer and a note that the message has been scanned for viruses
and dangerous content.
However, a closer look reveals that the sender actually spoofed the
originating email address, and the text of the emails contains several
characters that havent been parsed properly.
The file attached to the bogus notifications, Win10Installer.zip, is not a
Windows 10 installer, but a variant of the CTB-Locker (Critroni)
ransomware. Once its unzipped and executed, the malware encrypts the
victims files and holds them for ransom.
As reported by
Researchers at Cisco
What is ransomware?
Ransomware is a type of malware that prevents or limits users from
accessing their system. This type of malware forces its victims to pay the
ransom through certain online payment methods in order to grant access to
their systems, or to get their data back. Some ransomware encrypts files
(called Cryptolocker). [Trend Micro USA]

51

[source: http://mkbusnet.com/multimedia/imagenes/ransomware.png]

.[source: labs.bitdefender.com]
52

How ransomware works?

It is virus/worm/malware that locks computer or files until you pay money
to the hacker for the code that will supposedly unlock it. Its like
kidnapping for your data.
Ransomware has been around for more than a decade. Older malware are
not effective or relatively easy to defeat. But a new, ransomware emerged
in late 2013 beginning with a version dubbed Cryptolocker is dangerous. it
would display a message with a 72-hour countdown timer telling the victim
to pay a fee (usually around $300) to retrieve the data.
Ransomeware can infect your computing device in following way.
>It encrypts the files on your computers hard drive.
>It locks your hard drive and password is required to unlock it.
>It prevents you from using a particular kind of apps.
How does ransomware spread?
>computers become infected when you do one of the following:
>open an unsolicited email attachment, even if you think you know the
sender.
>Click on a suspicious link in an email.
>Downloading something from peer-to-peer networks.
>Downloading crack file in computer.
How to protect yourself from ransomeware?
>Run a firewall to provide layer of protection between the Internet and you.
>Run a pop-up blocker to filter out unwanted requests on your browser.
>A virtual machine program like VirtualBox or VMware creates virtual
hardware devices that it uses to run an operating system. The other
operating system runs in a window on your desktop. This entire operating
system is essentially sandboxed .Install a vmware and surf net from there.
53

>Do not download attachment from unwanted email and scan the file
online before download
>Take data Backup frequently.
>Always update your AV software from original sources.
>Dont provide financial information by submitting details into a
suspicious Website.
>Always scan your system using your familiar, legitimate Anti Virus
software.

54

Cybersquatting
Few days back my eye stuck to a news "Boston-based Sanmay Ved bought
Google.com for a minute or so for 12$".What a news!.This is an example of
Cybersquatting or domain squatting. His intention was not bad, he just
conducted an experiment. Actually it was a technical glitch that showed the
"Google" domain name as "available". Thankfully Google, canceled this
transaction immediately. Sanmay was awarded by Google and he donated
the entire amount in charity.
what is Cybersquatting
Cybersquatting is occupying a domain name that rightly belongs to
someone else, by doing this cybersquatters steal your business identity and
make profit.
According to United States federal law, Cybersquatting or domain squatting
is registering, trafficking in, or using an internet domain name with bad
faith intent to profit from the goodwill of a trademark belonging to
someone else.
The cyber squatter then offers to sell the domain to the person or company
who owns a trademark contained within the name at an inflated price.
History of Cybersquatting
It was the vision of some prudent, entrepreneurial people, who realized the
potential of the internet for business marketing. They know that all
companies will be online very soon, so they paid and registered the domain
names using the trademarks of several businesses.
When these companies thought of going online, found that their company
names had already been taken by these cyber squatters. Companies like
Fry's Electronics, Panasonic, Avon and Hertz were among the first big
victims of cybersquatting.
Since 1999, more than thirty thousand cybersquatting complaints have been
filed with the World Intellectual Property Organization and there was a two
percent growth rate in the number of domain name cases filed between
2013 and 2014.
55

The USA, France and the UK are the top three countries filing domain
name cases. The retail industry files the most domain name cases by
industry, followed by banking and finance and the fashion industry
respectively. In 2014, tobacco giant Philip Morris was the company that
filed the most domain name cases over the false usage of its Marlborough
Cigarette brand name used in domains set up by cyber squatters. [source
informationsecuritybuzz.com]
Following chart shows which companies filed the most complaints about
illegitimate use of their trademarks in domain names in 2014.

Solution
The process of registration of domain name is not as strict as that of
trademark, again it is distributed in first come, first serve basis. Anyone can
approach a Domain Name Registrar & register any available domain name.
So there must be some uniform law regarding this. Cyber security
professionals and cyber lawyer should sit together and draw some plan.
56

Inside Out
Story 1: Rajat Kumar Gupta is an Indian born, American businessman and
philanthropist who is serving a two-year term in U.S. federal prison for
insider trading.
Story 2: Stephen Elop, who previously headed Microsofts business
division, became Nokias chief executive in 2010 and was the first nonFinnish chief in the companys 149-year history. Nokias annual revenue,
profits and share price fell dramatically during Elops tenure, and he was
instrumental in the companys decision to ditch its long-held Symbian
software for Microsofts Windows Phone. Elop was then the driving force
behind negotiations to sell Nokias struggling mobile phone business to
Microsoft, which resulted in his move to be head of Microsofts new
Devices unit that includes the acquired Nokia business renamed Microsoft
Mobile Oy.
Elop
Elop
In simple way [Microsoft]------ -->[Nokia]------ ---->[Microsoft + Nokia]
[source: http://www.theguardian.com/ ,by Samuel Gibbs, 29/04/ 2014 ]
Story 3:Yasir Majid was a senior most employee in Bharti Airtel working
from the past ten years in Jammu & Kashmir. When he was transferred to
Odisha on March 2 this year(2015) as the distribution head of the circle,
nobody expected his resignation in a months period. He resigned to his job
on April 13 to be effective April 24 and then joined the companys soon tobe launched rivals Reliance Jio infocomm headed by Mukesh Ambani on
April 27. Before leaving the company, the former had reportedly stolen the
confidential data from Bharti Airtel, Indias biggest mobile operator.
Now Airtel has lodged an FIR at the Infocity police station in
Bhubaneswar, Odisha on June 22.
[source: http://www.andhrawishesh.com/,by Manohar]
Story 4: Edward Snowden case is the best example of insiders threat.
No comment on these four stories, just facts disclosed.

Most of us think that, threats to our computer systems are viruses, malware,
distributed denial of service (DDoS) and had originated from outside of
organization, but some of the most dangerous attacks come from the inside.
57

Majority of hacking attacks are successful because employees click on links

in phishing emails, companies fail to apply available patches to known
software flaws or technicians do not configure systems properly. In all
these cases insiders are involved. According to Don Codling (FBI
Computer Intrusion Unit head)there is no patch for careless, greedy or
stupid. Internal threats among the biggest cyber security challenges, said
by FBI investigators.
In internal threat motivations may be pure financial theft (Rajat Gupta
Case) or intellectual property theft(Snowden case),or may be both.
Insiders can be of three types
a)Privileged Users: This includes System Administrator,Network
Administrator,Root users,Domain Administrators.
b)Contractors/Service Provider Employees (Snowden was a contractor)
c)Partners with internal Access.
Solution
Only IT manager or IT administrator stuff, cannot make any company
secure. Firewall, intrusion prevention system also have limitation, because
it works on known signature.
It should be the individual user and their awareness, that can protect from
data breach.
Organization should consider the risk factors regarding insider threats also
the impact if data is leaked. If an insider wants to harm the company,
what(financial data, intellectual data or both) he/she would be targeting and
the volume of damage could be done. Companies should exercise due
diligence in hiring candidates, and conduct thorough background checks
and in-depth interviews.

58

Social murder using Internet Archive

social media is the new social engineering. Hackers today do not target
only Gmail or your facebook account. They try to attack your all online
presence. It can be email account, social media account, professional media
network, cloud storage account, etc. From one service the hacker gets
crucial security information about another and then try to hack other, It is a
controlled chain reaction involving all your linked accounts.
How hackers use social media attack
Most corporate hacker attacks rely on basic social engineering. They
identify the victim and try to search basic information about the person on
facebook, twitter, LinkedIn, Google+, like date of birth, where the person
works, likes and dislikes of that person, hobby etc and then frame the
attack.
"Mat Honan"(a senior staff writer with WIRED, lived in San Francisco)
account was hacked few years back with use of social media. where and the
hackers took control over his Gmail account first, then they took over his
Twitter and Amazon accounts and then his Apple account, unfortunately
hackers deleted everything from his Apple iCloud service also.
In another story of FIN4(the super-coordinated hacker team),targeted only
those company's employees on LinkedIn who share their company email
address.

In "Additional Info" section in LinkedIn people can share a)Interests

b)Personal Details (like birth day) and in c)"Advice for Contacting" section
they can share emil-id, phone numbers etc. Say a hacker finds an
employee's email address in LinkedIn, then start searching other employee
in the same organization, by visiting company's website, social site or other
employee LinkedIn profiles to find as many names as possible. Finally try
to find out a pattern in their corporate email addresses.

59

With piles of name in database they start sending mail as it came from
CEO, company client or even the company boss. like subject as "a major
financial error that could cost you your job, download the spreadsheet and
rectify it", and victim probably not going to think twice about opening it.
Unfortunately the sheet has a malware embedded in it.
Money transfer in social media
Frances second largest bank by customers "Groupe BPCE said in an
11/09/2014 September statement that all Twitter users in France
irrespective of their bank will be able to simply tweet money to one
another thanks to the S-money service developed by Groupe BPCE from 1
October 2014.
In INDIA Kotak Mahindra Bank Ltd announced the launch of KayPay, a
money transfer procedure for Facebook users within friend circle, without
needing net banking, or knowing various bank account related details of the
payee.
Pockets by ICICI Bank in INDIA offers the convenience of banking on
Facebook. The app uses Facebook credentials to log into your account on
Facebook then can send an amount it to your friend via SMS/Email/Facebook personal notification. Your friend can redeem the same
instantly in his any bank account by authenticating himself and the job's
done.
Now some interesting news follows. I am not saying that all these are
influenced by social media, but definitely it has some percentage of
contribution.
According to a news published in "http://www.securityweek.com/" by Mike
Lennon dated February 15, 2015 "A multinational gang of cybercriminals
infiltrated more than 100 banks across 30 countries and made off with up to
one billion dollars over a period of roughly two years, Kaspersky Lab said
on Saturday."
In an another news published in "http://www.telegraph.co.uk/" by Martin
Evans, dated 15 Feb 2015 "Hackers steal 650 million in world's biggest
bank raid
60

Investigators uncover what is thought to be the biggest ever cybercrime

with more than 650 million going missing from banks around the world".
Please try to correlate and understand the severity, the conclusion is When
money is involved, hackers are going to follow.
Conclusion
Social media provide communication facility without borders, Today, we
are using not a few but a huge number of online services to get things done.
Social media and email may be somewhat unimportant to some of you but
what about online banking? It goes without saying how important it is to
secure your banking account. I know there are elderly people who have no
idea what Phishing is or how to create a good password.
Solution
Social media is a great marketing tool for organization, but at the same
time, it is also the preferred destination for hackers. Companies should
understand the risk and should create strict policies about any kind of
posting in social media, both in the official page and employees personal
page.
People responsible for handling the social media accounts should be well
trained on companys security policies.

61

Spear-phishing A New Weapon in Cyber Terrorism

What is Phishing?
Phishing tends to be blind, it has no idea about the target, In Phishing,
attacker attempts to acquire sensitive information from a target, such as
usernames, passwords, personal identification information, or payment card
information. Mostly email is the medium.
Phishers not only collect personal information, they also try to collect
sensitive information about the network, or unknowingly installing
malware in the system. Often attackers use botnets to attack large number
of people in the hope to receive even just one answer.
Types of phishing
a) Phishing: It is an attempt to acquire personal information of user by
crafting a mail and sending it to known person through an electronic
communication. The mail look like a legitimate mail from trusted provider
but that is not correct.
b) Smishing (SMS phishing or SMiShing)
Smishing is a phishing attack that uses SMS (Short Message Service) to
send text messages containing phishing content. A common technique is to
use URL-shortening mechanisms (like bitly or tinyurl) to hide malicious
URLs.
c) Spear Phishing?
The motive is similar to phishing, but it has a much better defined target
.these attacks are targeted at a particular individual or group of people
within an organization. Attacks can come from instant messaging, social
networks, and other forms of electronic communication.
Spear phishing is dangerous ,because attacker will look at the victims social
media profiles and then draft the attack,like if a person love to travel and
frequently upload picture in social media, the attacker pretend to from a
travelling site or may be from a online photography retailer giving some
discount on online travel booking or purchasing a new camera lens.
62

Depending on the scope of the spear phishing, criminals may also create
entire fraudulent websites as bait.
Whale Phishing (Whaling)
whale phishing is a targeted attack, it is specifically aimed at corporate
officers or high-level executives. The content of these attacks is designed to
arouse the interest or alarm of senior management, providing motivation for
them to click the link.
Introduction: Spear phishing attacks
According to the experts at Trend Micro security firm, spear phishing is the
attack method used in some 91 percent of cyber attacks.
The Operation Aurora attack (2010), the hack (2011), the Target breach
(2013), and the most recent Sony Entertainment (2014) and the cyber
attacks operated by Operation Carbanak and the Syrian Electronic Army
are just a few examples of offensives that relied on spear phishing as an
infection method.
Spear phishing and terrorism
a) Terrorists can run a spear phishing attack for information gathering
Terrorist groups like ISIS and Al Qaeda have become more tech-savvy, and
their members have deep knowledge of hacking techniques, including
social engineering and spear phishing.
It is reported that Islamic State in Iraq and Syria (ISIS) uses spear phishing
attacks against a Syrian citizen media group known as Raqqah is being
Slaughtered Silently (RSS). The hackers of ISIS run the spear phishing
campaign to find the location of the militants of the RSS with the intent to
kill them.
b) Terrorists/criminals can run a spear phishing attack to conduct online
frauds or scams.

63

Nigerian scams is an example of this, it involve offering you a share in a

large sum of money on the condition that you will help them to transfer it
out of their country.
These scams are often known as 'Nigerian 419' scams because the first
came from Nigeria. The '419' part of the name comes from the section of
Nigerias Criminal Code which outlaws the practice. These scams now
come from anywhere in the world.
Few days back I got a mail
from: COCACUK2014 <ggjgjhghghhg@libero.it>
reply-to:COCACUK2014 <ggjgjhghghhg@libero.it>
and the content is as follows, clearly it is an example of online frauds or
scams.

64

c) The Energy industry A privileged target for a terrorist attack

In April 2014, security experts at Symantec discovered a cyber espionage
campaign targeting energy companies around the world by infecting them
with a new trojan dubbed Laziok. Also in this case, the attack chain starts
with a spear phishing attack.
Solution
a) Awareness and training is important, it is the best defence. Training
needs to be given also to executives and higher officials in a company as
they are often the primary targets of spear phishing attacks.
b) Government cannot prevent spear-phishing attacks against private firms
or individuals, but can share information on ongoing spear-phishing attacks
and track potentially dangerous threat actors.
c) Effective email filtering in important. However, technical solutions are
not enough to counteract spear phishing attacks; it can only help to
recognize e-mails with malicious attachments.
d) Implementation of effective network monitoring. like Systems
administrators can use tools that can recognize suspicious traffic and can
screen social media use of employees on the network.
e) Do not provide personal or financial information in any response to an email request.
f) Firewalls and malware scans can also fight against spear phishing.
McAfee offers these additional tips:
Keep an eye out for telltale signs. Bad grammar, bad syntax, suspicious
senders and links to misspelled URL addresses are all telltale signs of
phishing.
Also watch for emails from unknown senders or ones asking you for
personal information, especially if its in a threatening manner.

65

Speed bolt
Internet speed is going to increase and cheaper, If you search internet on
"cyber crime capital". Ramnicu Valcea will appear. It is a small Romanian
town and the cyber-crime capital of the world. According to a report in
2014 Ramnicu Valcea has booming cyber-crime industry with more than
100 gangs operating in the town of 127,000 people. Despite being a poor
town, it boasts a Mercedes Benz dealership and shopping mall where the
fraudsters can spend their cash. Law enforcement agencies across the world
call it Hackerville.
If you go to the following link [http://www.romaniainsider.com/broadband-internet-romania/147305/] a news published in
April 22, 2015 saying that Nine cities in Romania are among the top 15
cities in the world with the highest download speed of fixed broadband
internet connections.
Ploiesti, a city 60 kilometers north of the capital Bucharest, has the fastest
broadband internet in Romania, with an average download speed of 102.35
Mbps, as of April 22, 2015. Ploiesti also ranks third in the world, after
Singapore and Hong Kongs central district.
Iasi has the second fastest broadband connection in Romania and the fifth
fastest in the world, with an average speed of 101.43 Mbps.
The capital Bucharest comes next, with an average download speed of
95.18 Mbps, followed by Timisoara (86.55 Mbps), Galati (83.24 Mbps),
Constanta (77.73 Mbps), Cluj-Napoca (75.14 Mbps) Oradea (70.95 Mbps)
and Brasov (66.73 Mbps).
All these Romanian cities are in the top 15 in the world ranked on the
average download speed provided by fixed broadband connections, ahead
of Tokyo, Seoul, and New York, among others.
The average download speed of fixed broadband connections in Romania is
72.15 Mbps, the third highest in the world, after those in Singapore and
Hong Kong. The average download speed of fixed broadband connections
worldwide is 23 Mbps.
66

Ookla is the global leader in broadband testing and web-based network

diagnostic applications. According to Ookla Internet in Romania is cheap,
despite the high performance. The median monthly cost per Megabit per
second (Mbps) in Romania is USD 0.71,Only Bulgaria and Russia have
lower internet prices.
Below comes a interesting statistics collected from [www.bba.org.uk].If
you co-relate, you will certainly accept that internet speed has some
connection with cyber crime.
Cyber crime originated from country
Russia The country has a robust
cybercrime black market, valued at
approximately US$2 billion per year,
and hosts as many as 30 highly capable
cybercrime groups. Russia is also
known for state-sponsored hacking.

China Approximately 30 percent of all

cyber-attacks worldwide are launched
from China. The country has been
accused of perpetrating state-sponsored
attacks against foreign governments
and businesses. China has one of the
largest military groups of cyber experts
in the world
Romania The country is home to a
number of cybercrime organisations
that are suspected of targeting
electronic payment systems. In 2014,
two such attacks led to losses of US$8
million (in an attack targeting
individuals) and US$240 million (in an
attack on financial institutions)
South Korea recorded high levels of
cybercrime and hacking in 2014 Cyber
criminals also launched international
attacks, mainly targeting the US.
67

Internet Speed
Akamai's measurements revealed
an average speed of 6.1 Mbps and
an average peek speed of 35.1
Mbps. Once again, Russia places
higher than in other European
countries, including Spain, Italy
and the Netherlands. Jul 3, 2014
report
The national average internet speed
(excluding Hong Kong) for Q4
2013 reached 3.45Mb/s, up 33.2
percent from the previous year.

According to a top made

by Bloomberg in 2013, Romania is
ranked 5th in the world and 2nd
in Europe in terms of internet
connection speed, being surpassed
by Hong Kong, South
Korea and Japan. Average peak
speed 37.4 Mbit/s
Average internet connection speed
23.1 MB/s

Many countries are investing huge money on internet infrastructure for

super speed in next 2-3 years. Internet security experts say with the
availability of high speed connectivity will draw the attention of
international hackers who were previously put off by the amount of time it
took to break into local websites using slower satellite connections.
While local hackers are also anticipated to increase their activities, the
international hacker community poses the biggest threat to local business
because they are more experienced and talented.
I will finish this with two simple facts " Indias average Internet speed
second worst in Asia-Pacific: Akamai " and A Bank of America Merrill
Lynch report has stated that "India will have 9 crore 4G subscribers and
18 crore 4G smartphones by 2018."

68

PAIN with VPN

What is vpn?
A virtual private network (VPN) is a method for the extension of a private
network across a public network, such as the Internet. It enables users to
send and receive data across shared or public networks as if their
computing devices were directly connected to the private network, and thus
are benefiting from the functionality, security and management policies of
the private network. A VPN is created by establishing a virtual point-topoint connection through the use of dedicated connections, virtual tunneling
protocols, or traffic encryption.
A VPN spanning the Internet is similar to a wide area network (WAN).
From a user perspective, the extended network resources are accessed in the
same way as resources available within the private network. Traditional
VPNs are characterized by a point-to-point topology, and they do not tend
to support or connect broadcast domains.[wiki]

[source: nerpsa.com]
Why VPN in preferred by many today?
VPNs can create a single network that combine two or more offices
securely over the public Internet.
Installation of VPN is Cheaper than a dedicated leased line
connection today.
VPNs use a combination of dedicated connections and encryption
protocols to generate virtual P2P connections

69

 Modern VPN hardware and software are easier to deploy and can be
installed and configured within one hour. Windows, Linux and Mac
computers, as well as most mobile devices, have the built-in ability
to connect business networks via a VPN.
A VPN can also prevents man-in-the-middle attacks.
VPNs helps users to work from home, on the way, or at a branch
office because Data is encrypted for confidentiality, and packets that
might be intercepted on the shared or public network are
indecipherable without the correct encryption keys
VPNs allow individuals to hide their physical location(user's actual
IP address) which is replaced by VPN providers address So, you
may live in India but appear to live in Indonesia and can bypass
government filters.
Cyber criminals prefer VPN more than TOR.
"The Onion Router" was the preferred choice for hackers, because it
is an anonymous proxy service and designed to protect their privacy
online. The software is free to install and use. But nowadays hackers
prefer VPN over TOR because of the following advantages.
VPN Connection speed is a lot faster than Tor.
VPN provides better privacy and security than Tor.
Some VPN providers include malware protection in the client
software.
A good VPN service costs 50$-60$/year provides lots of feature.
There are also free VPN services.
RSA Research has recently(in 2015) discovered a malware-supported VPN
network known as Teracotta. Teracotta is commercially marketed in the
People's Republic of China under several different brand names. According
to RSA Terracotta VPN may represent the first exposure of a PRC-based
VPN operation that maliciously, efficiently and rapidly enlists vulnerable
servers around the world.

70

RSA also claims that 'Terracotta VPN' have 1500 Windows nodes from 300
organizations distributed across China, the US, and South Korea. among
those, 1095 are found in China, 572 in the US, two in Britain, and one in
Australia.VPN services see a lucrative market in China, South korea.
Solution
Because the vpn server is configured to never log any user activity and
because many customers are using same IP address in vpn, it is impossible
to find the source. Till today we have no solution, but at least we can learn
from dubai police. Recently a high level Dubai Police official has made it
clear that use of Virtual Private Networks (VPN) in United Arab Emirates
(UAE) is strictly prohibited under countrys cyber laws. India can also
follow the way. Threats like Teracotta will emerge in rapid pace and high
volumes in future. Countries should be ready with Cyber-Army and
infrastructure of their own.

71

My phone is

un-smart phone

According to a study by Kaspersky Lab about 291,800 new mobile

malware programs were found in the second quarter of 2015, nearly three
times more malware than in 2015's first quarter.
Why hackers target smart phones
Some interesting statistics, A report by IAMAI and KPMG projected that
India will reach 236 million mobile internet users by 2016, and 314 million
by 2017.In India, the number of people who own mobile phones is greater
than the number who own personal computers. The 3G user base in India is
rapidly gaining market, There were approximately 82 million 3G
subscribers in India by the end of 2014 and the number is projected to reach
284 million by end of year 2017.
Today smart phone is integral part of our life. The mobile device is as
convenient as on working on a desktop or laptop. You may forget wear a
wrist watch, but do not forget to carry mobile phone. We use our phones
more than our wallets and laptops. Now smart phones play the same role as
it played by laptop 5 years back. These devices carry lots of our personal
and financial information through banking apps and virtual wallets.
Criminals are finding ways to gain unauthorized access to them. If this
personal device can be hacked, criminals can get your personal mail,
corporate emails, sensitive data, pictures, contact numbers and what not !
Between 1991 and 2011,Symantec identified about 200 million different
virus definitions. In comparison, the company found upwards of 200
million in 2012 alone, where many are smart phone virus, According to
"Roel Schouwenberg", principal security researcher for Kaspersky Labs,
Over the last two years or so, we have seen a huge influx in the number
of hackers targeting smart phones and the threat is getting exponentially
worse.

72

Forget about installing malware in your Os. Richard Stallman, creator of

GNU operating system, recently opined in a post in The Guardian that
"almost every operating system we use today can be qualified as malware".
He also told that "Os software is designed to spy on users, chain them via
DRM and has backdoors for mischievous agendas".
How mobile phones are attacked
Former NSA contractor and global surveillance whistleblower Edward
Snowden told the BBC investigative program that the British intelligence
agency GCHQ has powers to hack any smart phones without their owners'
knowledge. You read it right. The British Spying Agency have special tools
that let them take over your smart phones with just a text message, and
there is "very little" you can do to prevent them.
Just by sending a Text message, the tools
>Listen in to what's happening in the room.
>View files and the web history
>See messages and photos
>Taking secret pictures of smart phone owners
>Pinpoint exactly where a user is (to a much more sophisticated level than
a typical GPS system)
In other words, the tools allow agencies to monitor your every move and
every conversation, even when your smart phone is turned OFF.
The bad guy creates a short video, hides the malware inside it and texts it to
your number, through Messenger app, as soon as it's received by the phone,
it get installed and triggers the vulnerability.
The previous examples are online mode, offline mode is also available, like
you may be tempted to get a new mobile phone in exchange for your old
one, but unethical hackers can crack the personal information that you have
on your gadget, that was highlighted by "Sandeep Sengupta", co-founder
and director of the "Indian School of Ethical Hacking" at "ICT 2014"
organized by the Confederation of Indian Industry.

73

Why Android is targeted most

According to security firm F-Secure, 99 percent of mobile malware threats
in the first quarter of 2014 were designed to run on Android devices,
because it is the most popular mobile operating system and about 80
percent of smart phones run on it.
iPhones are very different from Android phones, for example, Apple runs a
closed system: It controls the hardware and software, The company says 85
percent of iPhone users have the latest operating system, iOS 8.Apples has
App Store, a centralized point of distribution, the App Store provides users
confidence that the apps they are downloading had been tested and
validated by Apple.Apple does not make APIs available to developers, so it
is assumed that iOS operating system has fewer vulnerabilities. Apples
iOS is more locked down, but recent events show that its not
impenetrable, but incidents also reported that if any app behave
suspiciously, Apple suspended the creator's account for a year.
Like Apple, Google provides a centralized market for mobile applications
called Google Play. However, that is offset by the Androids ability to
install apps from third-party sources. Android apps are not as tightly
regulated and can be installed from both the approved Google Play store
and the wider internet. The criminal developers deconstruct and decompile
popular apps like Angry Birds, and publish malicious versions and make
them available for free outside the Google Play store. A teenager, may
think that why, I have to pay for any particular app in the Google Play
store; where I can just download it from this third-party store', without
realizing that malware may be wrapped inside.
Solution
Download only from Googles Play store, do not use third party
sources.
Do not Root your Android.
Lock your screen with a Pin or password instead of going for
patterns.

74

 Install App Lock to protect individual apps, most of us store userid

and password of email, facebook, twitter in mobile, but if it goes in
wrong hand that becomes dangerous, App Lock cant allow them
access the app without the required password.
Do not keep sensitive information such Bank account, on a
removable SD card. Store this data in internal memory with strong
password.

75