Documente Academic
Documente Profesional
Documente Cultură
Paradigm Shift In
Cyber Crime
By SRIKANTA SEN
Certified Ethical Hacker
This book explains, how cybercrime has changed over the past 5 years and
what kind of cyber crime we can expect in next 5 years with possible solution
Thanks to Team
Special Thanks To
Copyright Notice
THE TOPICS DISCUSSED IN THIS BOOK SHOULD NOT BE COPIED
OR REPRODUCED UNLESS SPECIFIC PERMISSIONS HAVE BEEN
GIVEN TO YOU BY THE AUTHOR SRIKANTA SEN.
ANY UNAUTHORIZED USE; DISTRIBUTION OF FULL OR ANY
PART OF THIS BOOK IS STRICTLY DISCOURAGED.
Liability Disclaimer
THE TERM HACKING SHOULD BE READ AND UNDERSTOOD
AS ETHICAL HACKING.
ETHICAL HACKING AND PENETRATION TESTING ARE
INTERCHANGEABLY USED IN THIS BOOK.
AUTHOR IS NOT AGAINST OR IN FAVOR OF ANY
ORGANIZATION OR COUNTRY.
NO SUGGESTION OR CRITISISM TO ANY COUNTRY OR
ORGANIZATIONS BUSINESS POLICY BY THE AUTHOR.
THE INFORMATION PROVIDED IN THIS EBOOK IS FOR
EDUCATIONAL PURPOSES ONLY.
THE EBOOK CREATOR IS NOT RESPONSIBLE FOR ANY MISUSE
OF THE INFORMATION PROVIDED.
THE INTENTION OF THIS EBOOK IS TO AWARE WHAT CYBER
CRIME IS AND HOW IT IS CHANGING.
WHENEVER REQUIRED THE AOUTHOR GAVE REFERENCE
ABOUT THE SOURCE INFORMATION OF PICTURE AND
CONTENT.
Contents at a Glance
-----------------------------------------------------------------------------------------Introduction ............................................................................................1-4
APT is the new TAP................................................................................5-8
The Advent Of AVT................................................................................9-10
Bye Bye Office Device..........................................................................11-13
Criminals Are In Cloud Nine.................................................................14-17
Hack-Economy.......................................................................................18-21
Crosswords Puzzles..............................................................................22-24
Cyber stalking Cyber Bullying...............................................................25-28
Silicon Valley Vs Film Studios..............................................................29-32
Mobile apps and webpage giving high five with HTML5....................33-34
Internet of Threats..................................................................................38-39
Needle-In-Haystack................................................................................40-41
Bug bunny..............................................................................................42-44
Online Teller Machine...........................................................................45-46
Open Source is a Open Game................................................................47-50
Run some Awareness.............................................................................51-54
Cybersquatting.......................................................................................55-56
Inside Out...............................................................................................57-58
Social murder using Internet Archive....................................................59-61
Spear-phishing A New Weapon in Cyber Terrorism...........................62-65
Speed bolt...............................................................................................66-68
PAIN with VPN......................................................................................69-71
My phone is un-smart phone..................................................................72-75
Introduction
Two incidents in 2014 inspired me to write this book.
Sony Pictures Entertainment hack:
This was a release of confidential data belonging to Sony Pictures
Entertainment on November 24,2014.The data included personal
information about Sony Pictures employees and their families, e-mails
between employees, information about executive salaries at the company,
copies of (previously) unreleased Sony films, and other information. The
hackers called themselves the "Guardians of Peace" or "GOP" and
demanded the cancellation of the planned release of the film "The
Interview", a comedy about a plot to assassinate North Korean leader Kim
Jong-un. United States intelligence officials, evaluating the software,
techniques, and network sources used in the hack, allege that the attack was
sponsored by North Korea.
Sony Corp's movie studio could face tens of millions of dollars in costs
from the massive computer hack that hobbled its operations and exposed
sensitive data, according to cyber security experts who have studied past
breaches.
Losses in that range would not mean a big financial setback to Sony
Pictures Entertainment, But other effects, such as the loss of trade secrets,
their future plan, projection and many things, Hackers have released
documents that include contracts and marketing plans that could influence
competitors' strategies. Actually it will be difficult to measure in monetary
terms.
Edward Snowden leak
Edward Snowden, a former contractor for the CIA, left the US in late May
after leaking to the media details of extensive internet and phone
surveillance by American intelligence. Mr Snowden, who has been granted
temporary asylum in Russia, faces espionage charges over his actions.
The 10 biggest Edward Snowden leaks that I collected from internet is as
follows.
1
Solution
According to a report by Gartner (http://www.gartner.com/)in
2013,enterprises spent more than $13 billion on firewalls, intrusion
prevention systems (IPSs),endpoint protection platforms and secure Web
gateways. But advanced targeted attacks, advanced malware attack
continue to grow.
APT is a dangerous threat because of its nature.APT malware is designed to
evade detection from firewalls, IDS, IPS, endpoint protection platforms and
secure Web gateways. Hence conventional defense is not going to work.
But awareness can provide needed protection.
Another view on APT is that, APT threats are better encountered through
the use of behavior analysis tools that can not only scan for known threats
but can also identify a series of actions that may create a threat. Heuristic
analysis is important in this case.
According to a report published [www.gartner.com] on "How To Deploy
the Most Effective Advanced Persistent Threat Solutions" Lawrence Orans,
research director at Gartner, provided Five Styles of Advanced Threat
Defense Framework, as follows.
Style one Network Traffic Analysis: The style considers inspecting DNS
flow traffic in analysis; in other words, conducting in-depth network traffic
monitoring and analysis with Net Flow Traffic Analyzer software.
Style two Network Forensics: The style considers using a Network
Forensic Analysis Tool (NFAT) to detect and analyze security incidents
solutions that mount efficient and effective post-incident response
investigations.
Style three Payload Analysis: The style deems this technique can provide
detailed reports about malware behavior from sandbox analysis, either as a
solution on-premises or cloud-based.
Style four Endpoint Behavior Analysis: The style sees Endpoint Security
and Control that provide intelligence and correlation for behavior analysis
to block malware and fend off zero-day attacks, if not as a strategy for ATA
defense.
7
Solution
As conventional Anti Virus file scanning methods cannot identify AVTs,
RAM-monitoring techniques will be required to detect an AVT attack in
real-time. Indirect sources like mail server, web log can be scanned for
signs of AVT.
10
11
SOLUTION IN BYOD
Implementing a complete ban on BYOD is not possible, because the
work/life barrier has shifted, IT staff also does not have enough time to
check everyones devices, like os is updated? or patch is installed for any
particular application. But following steps can be taken to control the risk
associated with BYOD.
Mitigate BYOD risks with hybrid cloud computing.
Cloud computing means on demand delivery of IT resources via the
internet with pay-as-you-go pricing. where Public cloud allows users to
access the systems and services easily to general public for example IBM,
Microsoft ,Google, etc. The Private cloud allows the accessibility of
systems and services within the organization. Private cloud is operated only
within a particular organization.
The Hybrid cloud is the mixture of public and private cloud. where Noncritical activities are performed by public cloud and critical activities are
performed by private cloud. Employees can use Hybrid cloud to separate
personal and corporate data.
A multidisciplinary team should develop a well coordinated BYOD policy
This multidisciplinary team should include IT experts, human resources
people and legal experts who can implement a BYOD policy. These group
of people should frame a policy before allowing employees to bring their
own devices to work.
These includes, teaching employees how to separate work data with an
employee's personal data. How to encrypt and secure the access of
corporate data from non employees, such as family members. If employee
loses a device or resigns what to do with corporate data stored in their
personal device.
Well defined BYOD policy can help employees to clearly understand their
responsibilities while connecting their devices to the company IT systems
.An security audit should also be carried out on the types of personal data to
be accessed and the devices to be used.
12
13
14
15
The client can patch the operating systems, update the internet browsers
and other software applications to protect against new vulnerabilities and
malware, can install anti-virus software, install firewalls to protect against
unauthorized access.
Cloud computing providers may also implement multifactor authentication
to strengthen authentication checks.
Encrypt the data travelling between the cloud and the browser.
Encrypt the data stored in the cloud.
Cloud service providers can use intrusion detection and prevention systems
and network
17
Hack-Economy
Few years back "Khoo Boon Hui", who served as President of INTERPOL
from 2008 to 2012 said that "organized international gangs are behind most
internet scams and that cyber crimes estimated cost is more than that of
cocaine, heroin and marijuana trafficking put together".
He also said that 80 per cent of crime committed online is now connected
to organized gangs operating across borders". They are using Nation-state
tactics.
Today's hackers are more organized and work in groups, many blackmarket sites exist where hackers exchange stolen information. Credit-card
data is sold in bulk by "carders" and phishing scams are a growing concern.
Malware viruses, Trojan horse programs and worms -- generates more
money than the entire computer security industry.
The terms "Attack-as-a-Service,Crime-as-a-Service,Malware-as-aService,Fraud-as-a-Service has now become a new business model.
Today almost anyone can become a cyber-criminal, the concept is if you
can't do it, hire professionals to do it. Today's Cyber criminal gangs offer
botnet and control infrastructures, hosted on cloud for lease or sale or rent
to its customer. Cybercriminals also sell or rent their co-workers hacking
service, to conduct illegal activities.
cybercrime-as-a-service will continue to accelerate and mature,
Cybercrime-as-a-service providers are now offering free trials, money back
guarantees and discounts for repeat business to retain their old customer
and also to lure new customer.
In 2014 Internet Organized Crime Threat Assessment (iOCTA) reported
that service-based criminal industry is developing to the point where an
increasing number of criminals are operating from virtual underground or
dark net.
Cybercrime-as-a-Service can be categorized in 4 sectors
Research-as-a-Service : These kind of service try to sale of zero-day
vulnerabilities to organizations or individuals.
18
Cross o s
w
rd
Puzzles
Cross-platform gives you reusability of code, all this means you have
reduced development costs when making apps for multiple platforms. The
mobile application development cost associated with most (if not all) crossplatform software is lower than the required expenses for native apps. This
automatically enhances the financial viability of the former type of
applications.
Why Cyber criminals are targeting cross platform Os.
Gartner Says by 2016, More Than 50 Percent of Mobile Apps Deployed
Will be Hybrid.
Hackers targeting the same vulnerabilities in applications commonly found
on both platforms, because they can hop from platform to platform, and
can damage more victim, not only the original victim, but also the victims
other devices, or even the network that they connect to ,ultimately it infects
all systems connected in the network. It is a kind of chain reaction. The
damage would be exponential if left unchecked.
Majority of user nowadays use inter-connectivity between mobile devices
and laptops/desktops, they transfer/data file between these devices. This
connectivity also raises the threat. The economy is simple, they can make
profits twice from the same malware. As the development domain is
leaning towards hybrid application, hackers are also changing their modus
operandi. They started rewriting their malware suitable for this hybrid
platform.
ANDROIDOS_USBATTACK.A, a malicious app that pretends to be a
cleaning utility for Android devices. It acts as an information stealer, but
also downloads an auto run malware onto the affected mobile devices SD
card. If the user connect his mobile device to a Windows PC, the malware
would then automatically run, infecting the PC. The malware itself records
the users voice with the PCs microphone feature.
[source: trendmicro.com]
23
Solution
Their users must also be educated about these threats. Security solutions
exist for nearly every platform, but users are not aware of this. Cross
platform attack is not dominant today comparing the native Os attack. We
have to wait and watch for it.
24
25
The survey also indicated that 22% of children reported mean or unfriendly
treatment, 29% were made fun of or teased and 25% were called mean
names.
According to the 'Tweens, Teens and Technology 2014 Report' by McAfee,
50 percent of Indian youth have had some experience with cyber-bullying
(been cyber-bullied online or witnessed others being so treated), out of
which one-third (36 percent) have themselves been cyber-bullied. Offline
harassment, threat, defamation are also in radar of some researcher. It is
astonishing to know that India is one of the few countries where the rates
of online and offline bullying were equal.
What is Cyber Bullying?
Cyber bullying is the harming or harassing via information technology
networks in a repeated and deliberate manner. According to U.S. Legal
Definitions, "cyber-bullying could be limited to posting rumors or gossips
about a person in the internet bringing about hatred in others minds; or it
may go to the extent of personally identifying victims and publishing
materials severely defaming and humiliating them".[wikipedia]
"Cyber bullying is a typical type of online harassment, which can be
defined as hurling harsh, rude, insulting, teasing remarks through the
message box or in open forums targeting one's body shape and structure,
educational qualifications, professional qualifications, family, gender
orientation, personal habits and outlook,"
[Defined by Debarati Halder, advocate and managing director, Centre
for Cyber Victim Counseling]
Cyber bullying vs. Cyber stalking.
"Cyber bullying" is when a child, preteen or teen is tormented, threatened,
harassed, humiliated, embarrassed or otherwise targeted by another child,
preteen or teen using the Internet, interactive and digital technologies or
mobile phones. It has to have a minor on both sides, or at least have been
instigated by a minor against another minor. Once adults become involved,
it is plain and simple cyber-harassment or cyber stalking. Adult cyberharassment or cyber stalking is NEVER called cyber bullying.
26
28
Piracy as a whole cost the Indian movie industry $1.1 billion in 2012,
according to a report by KPMG. The consulting firm doesnt have more
recent numbers to share.
In 2013, India ranked 6th in the world in terms of the number of
unauthorized P2P connections translating into films becoming available on
Bit Torrent, cyber locker or web-based file hosting sites within hours of the
films release, and sometimes even before that.
According to the 2014 Report on Copyright Protection and Enforcement by
the International Intellectual Property Alliance, India was among the top 10
countries where Internet piracy of film and television content is rampant.
India topped in the list of countries where the movie "Fast & Furious 7"
was illegally downloaded from the Internet after its release ,with 578,000
downloads.
Film fans ware waiting for Ketan Mehtas Nawazuddin Siddiqui-starrer
Manjhi: The Mountain Man,a high-definition copy of the entire film,was
found on many torrent sites before it was released. Earlier, Malayalam
blockbuster film "Premam" was leaked online, before it is released. Kamal
Haasan's movie "Papanasam" pirated copy also leaked online after its
release.
More hand held devices, faster network and popularity of a video streaming
service will truly become a challenge for the movie industry in coming
years.
India lags far behind countries like the US when it comes to fighting piracy.
The government can ban porn sites but how to kill piracy? We can easily
find road side shops selling pirated CD/DVD of movies, games, os and
many software.
Piracy is not new, initially it was for most tech-savvy people, as we know
that today's youngsters are more net-savvy, tech-savvy than anybody they
use the most of it. Peer-to-peer (P2P),online file sharing poses a much
bigger risk. Today Many of the viewers prefer to go to a cinema hall to
watch the movie if it wasn't available on YouTube or in torrent.
30
"Producers lose around 10 per cent of revenues with content going online,"
said Rajeev Kamineni, executive director of PVP Cinema, Mukesh Bhatt
said his film "Aashiqui 2" suffered huge revenue loss. Bhatt co-produced it
with T-Series. He said "For 'Aashiqui 2',more than 40% of my revenue was
lost to internet piracy, When I go to work, I feel I am not working for
myself, I am working for a pirate and that breaks my heart..."
Solution
Film piracy is an organized crime, whenever you purchased a movie ticket
government collects some entertainment tax for each ticket. different
country has different tax rates, but when it is being copied and uploaded in
net it becomes global and anybody can enjoy it tax-free.
According to a statistical data collected in 2013 due to piracy, nearly 800
theatres across the state Andhra Pradesh were closed down in the last few
years,News flashes regularly in tv and papers that flim produces and actors
are threaten by underworld people on extortion and when the money is not
paid they used to upload a copy of the movie in net.
Every Indian knows where these underworld people stay and form which
country they operate. In India recently digital rights management (DRM) is
introduced to provide adequate protection for copyrighted material in the
online digital environment.
A cohesive strategy including consumers, judiciary and policymakers
should be there to fight this piracy on a proactive basis. Heavy punishment
should be there in legal ecosystem for online piracy.
The iMovieCop app was officially launched in 2013 and inaugurated by
Nancy Powell, the then US ambassador to India.
"Indian Movie Cop (IMC) is a proactive initiative by the Indian film
industry to spread awareness about movie piracy. IMC provides seamless
coordination, collective action, and cooperation between stake holders,
enforcement agencies and concerned movie lovers by providing all relevant
information.
31
32
33
Attack on HTML5
HTML5 an increasingly popular web language will be the next big target
for cybercriminals.HTML5's new features has increased the attack surface.
Recently A group of Italian researchers have come up with new obfuscation
techniques that can be used to dupe malware detection systems and allow
malicious actors to execute successful drive-by download attacks. The
researchers' obfuscation techniques are based on some functionalities of the
upcoming HTML5 standard, and can be leveraged through the various
JavaScript-based HTML5 APIs.HTML 5 hides a lot of this detail from
software writers making it harder to distinguish between good and bad
sites. The other major security flaw for HTML 5 is integration of GPS with
mobile which can identify a person's location.
Solution
As the adoption of cloud computing changed the vulnerability surface,
same will happen with the adoption of HTML5.Gartner an American
information technology research and advisory firm recently published a
report predicting that over 50% of the mobile apps are likely to be based on
HTML5 by 2016.HTML5,DOM and embedded JavaScript are the
technologies of next generation applications. Great amount of attention is
required towards HTML5 security and developers needs to be trained on
the new features of HTML5 and also on the secured coding.
34
Internet of Threats
IOT is internet of things. The concept behind IOT is to connect
commonplace machines and appliances say, your microwave or air
conditioner at home, or the traffic lights of your entire city to each other
and then use their ability to exchange information to make our lives
easier. It is possible through the interconnection of devices with embedded
computer chips inside it. IOT is a buzzword of choice and part of key
business strategy for major technology players like Google, Samsung,
Coca-Cola, General Electric, Dominos Pizza and many more.
The IOT is not a new concept. In 1999 Bill Joy of Sun and Kevin Ashton of
the Auto-ID Center at MIT proposed ideas that would become the Internet
of Things, though the phrase itself is attributed to the Kevin Ashton.
Some examples of IOT include smart climate control systems, home
surveillance system, onboard computers in a vehicle providing real-time
traffic information.
[source http://www.3g.co.uk/]
35
>In 2008, there were already more things connected to the Internet than
people.
>It is expected that by 2020, at least 14 per cent of the consumers would
have purchased some form of Internet connected things.
>By 2020 the amount on things connected to the Internet will reach over 50
billion, raking up $19 trillion in profit.
>Wireless communication is the present and future. Many IOT devices are
communicating in short-range wireless communications technologies such
as RFID, NFC, Bluetooth, Wi-Fi. This kind of connected devices are
expanding at exponential rate.
How IOT will change cybercrime domain
Not many are aware of the concept of Internet of Things. Studies say that
about half of the Americans right now[2015] dont know about smart
thermostats and smart refrigerators, but according to a report published by
"EMC/IDC Digital Universe" in 2014 predicts that, around 40 percent of all
data will be machine generated by 2020,where as it was 11 percent in 2005.
General Electric estimates that the IOT will add $15 trillion to global GDP
over next 20 years. McKinseys Global Institute published a report in may
2013 suggests an economic impact of $2.7 trillion to $6.2 trillion annually
by 2025mainly in health care, infrastructure, and public sector services.
From all statistics it is clear that money matters and we know that objects
under computer control or accessible via the internet can be "hacked" or
compromised. Cyber criminals are definitely going to explore this avenue.
In fact Internet security firm "Proofpoint" said on January 2014 that it has
found some compromised gadgetswhich included everything from
routers and smart televisions to at least one smart refrigeratorsent more
than 750,000 malicious emails to targets between December 26, 2013 and
January 6, 2014.This was the first major attack on Internet of Things
devices.
36
36
38
Hacking your computer, mobile phones, social networking sites are old
concept. Its now expanded to wearable medical devices, street lights,
traffic system, our cars, and our homes.
Solution
First step in protecting IOT devices is to change the default
passwords. Next if you dont need your device connected to the
Internet, then dont connect it or put it behind your personal router
and firewall in your environment. I mean some extra layer of
protection.
Do not blame the interface, A very secure LINUX or Android OS
can be developed but most of the user are not aware of this secured
feature available in OS. So user training is important.
Till today IOT ecosystem is unstructured, vendors are supplying
software that runs on different sets of hardware and firmware. One
inherent solution is this unstructured IOT ecosystem. A lack of
standardization means the potential scale and impact of a cyberattack against connected devices in a home or business is limited.
Be sure that firmware and software running on the devices could be
updated and that upgrade are made through secure processes that
avoid any modification/substitution.
Many smart devices provide a Wireless Access Point
functionality, like Smart TV, and it is necessary to adopt strong
encryption algorithms and security best practices (i.e. disabling the
broadcast of SSID).
IOT devices could be integrated with cloud services for sharing data.
As the Internet of Things expands, industry and government must
collaborate to boost security of critical systems, not all the
knowledge resides in any one organization; we need a collaborative
system where people come together to work through
If IOT paradigm is
Sensors +Networks + Cloud Infrastructure + wireless devices +
Machine generated data.
A new cyber security model will be adopted soon.
Big data analytics + Existing security technologies = stronger
cyber defense
39
Needle-In-Haystack
2014 was a major wake-up call for the cyber-security professionals after the
Sony leak incidents and leak of "snowden" news. Really nothing is safe
anymore. Individuals and Businesses need to take every possible steps to
keep their assets secure.
"Snowden" did many revelations, among all of these the two most
important was
a) XKeyscore tool: Using XKeyscore the NSA uses to search "nearly
everything a user does on the Internet" by intercepting data across the
world.
b)collecting it all: Not only Internet data. The NSA, following its
unofficial motto of "collecting it all," and intercepts 200 million text
messages every day worldwide through a program called Dishfire.NSA
described the collected messages as a "goldmine to exploit" for all kinds of
personal data.
Now question is what NSA was doing with these data or information?
Collecting any crucial or confidential information from these data set is like
searching needle-in-a-haystack.
Human beings today create around 2.5 quintillion bytes of data every day.
The rate of data creation has increased so much that 90% of the data in the
world today has been created in the last two-three years. This acceleration
and the production of huge data requires some special skill and
technologies to process and is called Big data analytics.
Now the data can be categorized into three areas, structured data like
data in tabular format, semi-structured format like data stored in XML
format, unstructured format like this paragraph. Five years back Cybercriminals were only targeting the tabular data, but today having on top of
the latest technologies ,they think that along with structured data,
unstructured and semi-structured data is a new gold mine and then started
filtering the massive data generated from number of events occurring across
40
the world from wide variety of data sources like traditional log and audit
files or more emerging sources such as audio, videos, images, social media,
email.
Criminals use Big data analytics to collect massive amounts of data
generated inside and outside the organization to find hidden
relationships, and patterns.
Today's Cyber-criminals are not interested about historical data, they are
more focused about collecting real-time, sensor-based data, passive
data(like geographic location, access time, access location, organizational
roles and privileges of a device etc).
Solution
When an attack does happen, organizations cant necessarily isolate a
system because the cost and impact of shutting it down may be greater than
the cost of an infection.
Cyber security model need a shift from prevention to prediction &
remediation. Because cyber forensic is the last option, it is better to be
proactive than reactive. Traditional security monitoring systems are not
enough. Today many organizations rely on approaches to Security
Information and Event Management (SIEM) which is based on off-theshelf SQL databases or proprietary data stores, that were not designed nor it
can keep pace with the massive amount of data, organizations generate with
today.
This new model [Big data analytics + Existing security technologies =
stronger cyber defense ]will offer intelligent guessing, heuristics
calculation, statistical and behavior models, correlation rules, and threat
intelligence feeds into organizations security surveillance to strengthen
their security infrastructure.
The Worldwide Intelligence Network Environment (WINE) provides a
platform for conducting data analysis at large scale. WINE loads, samples,
and aggregates data feeds originating from millions of hosts around the
world and keeps them up-to-date. WINE is currently used by Symantecs
engineers and by academic researchers. This allows researchers to conduct
experiments on real-world data and compare the performance of different
algorithms against reference data sets archived in WINE.
41
Bug bunny
Denial of service(DOS),Distributed Denial of service(DDOS) is old
concept because it requires large number of compromised computers to
execute the attack, plus it can be detected and prevented by most of
traditional anti-DoS tools.
Recently one more attack with HTTP protocol as a shield becoming
popular, this kind of attack works in low-and-slow mode. In Low and
Slow attack it appears that apparently legitimate traffic is arriving, but at
slow rate.This works in layer 7(application layer) and is called slow HTTP
Denial of Service (DoS).
Anatomy of attack
Slow HTTP attacks rely on HTTP protocol, Slow HTTP Post DoS attack
was officially revealed by "Wong Onn Chee" and "Tom Brennan" together
at the Open Web Application Security Project (OWASP) conference, where
they demonstrated this particular attack.
In HTTP protocol, the client submits an HTTP request message to the
server and the server, returns a response message to the client. by design, it
requires requests to be completely received by the server before it is
processed, but if an http request is not complete, or if comes at very low
rate, say one byte every 110 seconds, the server keeps its resources busy
waiting for the rest of data packets .If the server keeps too many resources
busy, this creates a denial of service attack.
Attack tools such as Slowloris, R.U.D.Y. can produce legitimate packets at
a slow rate.
Slow HTTP Headers (Slowloris): Attacker sends partial HTTP headers at a
very slow rate (less than the idle connection timeout value on the server),
but never completes the request. The headers are sent at regular intervals to
keep sockets from closing, thereby keeping the server resources occupied.
Slow HTTP Post (RUDY): As the name suggests, an attacker will slowly
POST the data to Form fields. The request contains all the headers with a
legitimate Content-Length header (usually with a high value) making the
server aware of the amount of data expected.
42
The attacker now injects the data in the Form at a very slow rate, forcing
the server to keep its resources busy expecting more data to arrive.
Eventually the server runs out of resources.
Slow Read: The client sets up a connection to the server and sends a full
HTTP request. Holding the connection open, the client reads the response
from the server at a low-speed. For example, it sends a Zero Window to the
server before reading the response, misleading the server into thinking that
the client is busy. Until the connection is about to time out, the client reads
only one byte of the response. In this way, the client drains connections to
the server and consumes its memory resources.
Danger of this attack
As the HTTP protocol does not require a check on the request content
before the request is received, the low-and-slow attacks can still succeed
even if the request body is empty.
These types of attack are easy to execute because with a single machine
thousands of connections to a server is possible which can generate
thousands of unfinished HTTP requests, that means using minimal
bandwidth and minimal resources Low & Slow application attacks can
create significant damage. Such attack can bring down a Web server,
irrespective of its hardware capabilities
These attacks can look like normal requests which is taking a long time, so
it's hard to detect and prevent them by using traditional anti-DoS tools.
Slowloris, R.U.D.Y (R U Dead Yet?) are some popular tools that can
produce legitimate looking packets at a slow rate, these packets do not
violate any network standard, security policy or any lower-level security
devices policy and can pass traditional mitigation strategies undetected.
Existing IPS/IDS solutions that rely on signatures generally cannot
recognize the attack.
43
Solution
This attack can be detected by performing network behavioral analysis on
the network during normal operation and comparing the data gathered
during a Slow-Rate attack.
Long and relativity idle open network connections might imply that the
server may be under attack.
44
These are software products available with its source code under an opensource license to study, change, and improve its design. Examples of some
popular open-source software products are Mozilla Firefox, Google
Chromium, Android, LibreOffice and the Apache OpenOffice Suite
[Source: wiki]
What is closed source development
In closed-source model source code is not released to the public. Closedsource software is maintained by a team who produces their product in a
compiled-executable state.
How open source software development changes cybercrime domain
Research firm Gartner predicts in 2008 that "80 percent of all commercial
software applications will include open-source components by 2012". Open
source is the preferable choice for many developers today because of low
cost of ownership and high return on investment. At present around 75
percent companies run part or all of its operations on Open Source.
Open source is ever-changing because many individuals are working with
the source code of these projects and contributors frequently change
features and code. Critics always say that open source require so many
patches to stay secure.
Cyber-criminals focusing on the popular open-source Web content
management platform and its ecosystem of plug-in because plug-in
developers lacks security awareness. Brute-force password-guessing attacks
and exploitation of vulnerable plug-in are two common kind of attack in
these open source platform.
Wordpress, drupal, joomla, magento are most popular content management
system(CMS) and is used by many developers today. WordPress powers
over 22% of the top 10 Million websites on the internet, Magento An Open
Source Framework dedicated for the E-commerce Websites and Joomla is
King of CMS.
48
In 2014, more attacks against WordPress sites were recorded than the
attacks against all other platforms combined, stated in a report published by
security firm Imperva.
Android is another popular open source. Majority of smart phone users
adopting Android as their mobile platform. According to security solutions
firm Quick Heal, over 4 lakh Android malware were detected during the
January-March 2014.
[osvdb.org]website stores Open Sourced Vulnerability for researcher &
developers. Its Database has around 120,980 vulnerabilities, spanning
198,973 products and that is huge.
Solution
When an application or a platform becomes popular, hackers understand the
ROI from hacking these platforms or applications, so they spend more time
in researching and exploiting these applications, either to steal data from
that or to use the hacked systems as zombies in a botnets.
Open source software development needs financial support, or cyber
security will suffer.
The main concern about free and open source software (Foss) development
is that, it is built by communities of developers with source code publically
available, which give open access to hackers and malicious users.
49
51
[source: http://mkbusnet.com/multimedia/imagenes/ransomware.png]
.[source: labs.bitdefender.com]
52
>Do not download attachment from unwanted email and scan the file
online before download
>Take data Backup frequently.
>Always update your AV software from original sources.
>Dont provide financial information by submitting details into a
suspicious Website.
>Always scan your system using your familiar, legitimate Anti Virus
software.
54
Cybersquatting
Few days back my eye stuck to a news "Boston-based Sanmay Ved bought
Google.com for a minute or so for 12$".What a news!.This is an example of
Cybersquatting or domain squatting. His intention was not bad, he just
conducted an experiment. Actually it was a technical glitch that showed the
"Google" domain name as "available". Thankfully Google, canceled this
transaction immediately. Sanmay was awarded by Google and he donated
the entire amount in charity.
what is Cybersquatting
Cybersquatting is occupying a domain name that rightly belongs to
someone else, by doing this cybersquatters steal your business identity and
make profit.
According to United States federal law, Cybersquatting or domain squatting
is registering, trafficking in, or using an internet domain name with bad
faith intent to profit from the goodwill of a trademark belonging to
someone else.
The cyber squatter then offers to sell the domain to the person or company
who owns a trademark contained within the name at an inflated price.
History of Cybersquatting
It was the vision of some prudent, entrepreneurial people, who realized the
potential of the internet for business marketing. They know that all
companies will be online very soon, so they paid and registered the domain
names using the trademarks of several businesses.
When these companies thought of going online, found that their company
names had already been taken by these cyber squatters. Companies like
Fry's Electronics, Panasonic, Avon and Hertz were among the first big
victims of cybersquatting.
Since 1999, more than thirty thousand cybersquatting complaints have been
filed with the World Intellectual Property Organization and there was a two
percent growth rate in the number of domain name cases filed between
2013 and 2014.
55
The USA, France and the UK are the top three countries filing domain
name cases. The retail industry files the most domain name cases by
industry, followed by banking and finance and the fashion industry
respectively. In 2014, tobacco giant Philip Morris was the company that
filed the most domain name cases over the false usage of its Marlborough
Cigarette brand name used in domains set up by cyber squatters. [source
informationsecuritybuzz.com]
Following chart shows which companies filed the most complaints about
illegitimate use of their trademarks in domain names in 2014.
Solution
The process of registration of domain name is not as strict as that of
trademark, again it is distributed in first come, first serve basis. Anyone can
approach a Domain Name Registrar & register any available domain name.
So there must be some uniform law regarding this. Cyber security
professionals and cyber lawyer should sit together and draw some plan.
56
Inside Out
Story 1: Rajat Kumar Gupta is an Indian born, American businessman and
philanthropist who is serving a two-year term in U.S. federal prison for
insider trading.
Story 2: Stephen Elop, who previously headed Microsofts business
division, became Nokias chief executive in 2010 and was the first nonFinnish chief in the companys 149-year history. Nokias annual revenue,
profits and share price fell dramatically during Elops tenure, and he was
instrumental in the companys decision to ditch its long-held Symbian
software for Microsofts Windows Phone. Elop was then the driving force
behind negotiations to sell Nokias struggling mobile phone business to
Microsoft, which resulted in his move to be head of Microsofts new
Devices unit that includes the acquired Nokia business renamed Microsoft
Mobile Oy.
Elop
Elop
In simple way [Microsoft]------ -->[Nokia]------ ---->[Microsoft + Nokia]
[source: http://www.theguardian.com/ ,by Samuel Gibbs, 29/04/ 2014 ]
Story 3:Yasir Majid was a senior most employee in Bharti Airtel working
from the past ten years in Jammu & Kashmir. When he was transferred to
Odisha on March 2 this year(2015) as the distribution head of the circle,
nobody expected his resignation in a months period. He resigned to his job
on April 13 to be effective April 24 and then joined the companys soon tobe launched rivals Reliance Jio infocomm headed by Mukesh Ambani on
April 27. Before leaving the company, the former had reportedly stolen the
confidential data from Bharti Airtel, Indias biggest mobile operator.
Now Airtel has lodged an FIR at the Infocity police station in
Bhubaneswar, Odisha on June 22.
[source: http://www.andhrawishesh.com/,by Manohar]
Story 4: Edward Snowden case is the best example of insiders threat.
No comment on these four stories, just facts disclosed.
Most of us think that, threats to our computer systems are viruses, malware,
distributed denial of service (DDoS) and had originated from outside of
organization, but some of the most dangerous attacks come from the inside.
57
58
59
With piles of name in database they start sending mail as it came from
CEO, company client or even the company boss. like subject as "a major
financial error that could cost you your job, download the spreadsheet and
rectify it", and victim probably not going to think twice about opening it.
Unfortunately the sheet has a malware embedded in it.
Money transfer in social media
Frances second largest bank by customers "Groupe BPCE said in an
11/09/2014 September statement that all Twitter users in France
irrespective of their bank will be able to simply tweet money to one
another thanks to the S-money service developed by Groupe BPCE from 1
October 2014.
In INDIA Kotak Mahindra Bank Ltd announced the launch of KayPay, a
money transfer procedure for Facebook users within friend circle, without
needing net banking, or knowing various bank account related details of the
payee.
Pockets by ICICI Bank in INDIA offers the convenience of banking on
Facebook. The app uses Facebook credentials to log into your account on
Facebook then can send an amount it to your friend via SMS/Email/Facebook personal notification. Your friend can redeem the same
instantly in his any bank account by authenticating himself and the job's
done.
Now some interesting news follows. I am not saying that all these are
influenced by social media, but definitely it has some percentage of
contribution.
According to a news published in "http://www.securityweek.com/" by Mike
Lennon dated February 15, 2015 "A multinational gang of cybercriminals
infiltrated more than 100 banks across 30 countries and made off with up to
one billion dollars over a period of roughly two years, Kaspersky Lab said
on Saturday."
In an another news published in "http://www.telegraph.co.uk/" by Martin
Evans, dated 15 Feb 2015 "Hackers steal 650 million in world's biggest
bank raid
60
61
Depending on the scope of the spear phishing, criminals may also create
entire fraudulent websites as bait.
Whale Phishing (Whaling)
whale phishing is a targeted attack, it is specifically aimed at corporate
officers or high-level executives. The content of these attacks is designed to
arouse the interest or alarm of senior management, providing motivation for
them to click the link.
Introduction: Spear phishing attacks
According to the experts at Trend Micro security firm, spear phishing is the
attack method used in some 91 percent of cyber attacks.
The Operation Aurora attack (2010), the hack (2011), the Target breach
(2013), and the most recent Sony Entertainment (2014) and the cyber
attacks operated by Operation Carbanak and the Syrian Electronic Army
are just a few examples of offensives that relied on spear phishing as an
infection method.
Spear phishing and terrorism
a) Terrorists can run a spear phishing attack for information gathering
Terrorist groups like ISIS and Al Qaeda have become more tech-savvy, and
their members have deep knowledge of hacking techniques, including
social engineering and spear phishing.
It is reported that Islamic State in Iraq and Syria (ISIS) uses spear phishing
attacks against a Syrian citizen media group known as Raqqah is being
Slaughtered Silently (RSS). The hackers of ISIS run the spear phishing
campaign to find the location of the militants of the RSS with the intent to
kill them.
b) Terrorists/criminals can run a spear phishing attack to conduct online
frauds or scams.
63
64
65
Speed bolt
Internet speed is going to increase and cheaper, If you search internet on
"cyber crime capital". Ramnicu Valcea will appear. It is a small Romanian
town and the cyber-crime capital of the world. According to a report in
2014 Ramnicu Valcea has booming cyber-crime industry with more than
100 gangs operating in the town of 127,000 people. Despite being a poor
town, it boasts a Mercedes Benz dealership and shopping mall where the
fraudsters can spend their cash. Law enforcement agencies across the world
call it Hackerville.
If you go to the following link [http://www.romaniainsider.com/broadband-internet-romania/147305/] a news published in
April 22, 2015 saying that Nine cities in Romania are among the top 15
cities in the world with the highest download speed of fixed broadband
internet connections.
Ploiesti, a city 60 kilometers north of the capital Bucharest, has the fastest
broadband internet in Romania, with an average download speed of 102.35
Mbps, as of April 22, 2015. Ploiesti also ranks third in the world, after
Singapore and Hong Kongs central district.
Iasi has the second fastest broadband connection in Romania and the fifth
fastest in the world, with an average speed of 101.43 Mbps.
The capital Bucharest comes next, with an average download speed of
95.18 Mbps, followed by Timisoara (86.55 Mbps), Galati (83.24 Mbps),
Constanta (77.73 Mbps), Cluj-Napoca (75.14 Mbps) Oradea (70.95 Mbps)
and Brasov (66.73 Mbps).
All these Romanian cities are in the top 15 in the world ranked on the
average download speed provided by fixed broadband connections, ahead
of Tokyo, Seoul, and New York, among others.
The average download speed of fixed broadband connections in Romania is
72.15 Mbps, the third highest in the world, after those in Singapore and
Hong Kong. The average download speed of fixed broadband connections
worldwide is 23 Mbps.
66
Internet Speed
Akamai's measurements revealed
an average speed of 6.1 Mbps and
an average peek speed of 35.1
Mbps. Once again, Russia places
higher than in other European
countries, including Spain, Italy
and the Netherlands. Jul 3, 2014
report
The national average internet speed
(excluding Hong Kong) for Q4
2013 reached 3.45Mb/s, up 33.2
percent from the previous year.
68
[source: nerpsa.com]
Why VPN in preferred by many today?
VPNs can create a single network that combine two or more offices
securely over the public Internet.
Installation of VPN is Cheaper than a dedicated leased line
connection today.
VPNs use a combination of dedicated connections and encryption
protocols to generate virtual P2P connections
69
Modern VPN hardware and software are easier to deploy and can be
installed and configured within one hour. Windows, Linux and Mac
computers, as well as most mobile devices, have the built-in ability
to connect business networks via a VPN.
A VPN can also prevents man-in-the-middle attacks.
VPNs helps users to work from home, on the way, or at a branch
office because Data is encrypted for confidentiality, and packets that
might be intercepted on the shared or public network are
indecipherable without the correct encryption keys
VPNs allow individuals to hide their physical location(user's actual
IP address) which is replaced by VPN providers address So, you
may live in India but appear to live in Indonesia and can bypass
government filters.
Cyber criminals prefer VPN more than TOR.
"The Onion Router" was the preferred choice for hackers, because it
is an anonymous proxy service and designed to protect their privacy
online. The software is free to install and use. But nowadays hackers
prefer VPN over TOR because of the following advantages.
VPN Connection speed is a lot faster than Tor.
VPN provides better privacy and security than Tor.
Some VPN providers include malware protection in the client
software.
A good VPN service costs 50$-60$/year provides lots of feature.
There are also free VPN services.
RSA Research has recently(in 2015) discovered a malware-supported VPN
network known as Teracotta. Teracotta is commercially marketed in the
People's Republic of China under several different brand names. According
to RSA Terracotta VPN may represent the first exposure of a PRC-based
VPN operation that maliciously, efficiently and rapidly enlists vulnerable
servers around the world.
70
RSA also claims that 'Terracotta VPN' have 1500 Windows nodes from 300
organizations distributed across China, the US, and South Korea. among
those, 1095 are found in China, 572 in the US, two in Britain, and one in
Australia.VPN services see a lucrative market in China, South korea.
Solution
Because the vpn server is configured to never log any user activity and
because many customers are using same IP address in vpn, it is impossible
to find the source. Till today we have no solution, but at least we can learn
from dubai police. Recently a high level Dubai Police official has made it
clear that use of Virtual Private Networks (VPN) in United Arab Emirates
(UAE) is strictly prohibited under countrys cyber laws. India can also
follow the way. Threats like Teracotta will emerge in rapid pace and high
volumes in future. Countries should be ready with Cyber-Army and
infrastructure of their own.
71
My phone is
un-smart phone
72
73
74
75