Documente Academic
Documente Profesional
Documente Cultură
Cybercrimes
- Madhura Vyawahare
Phases of Attack
1. Reconnaissance
2. Scanning and scrutinizing the gathered information
3. Launching the attack
● Shoulder surfing
○ Gathering information such as username and password by watching over a person’s shoulder
● Dumpster diving
○ Looking into trash
○ Scavenging is another term
○ Dumpstering is more common. Its like phishing rather than diving
● Fake email
○ phishing
● Email Attachments
○ Sending malicious attachments
○ Viruses, trojans and worms
● Pop-up windows
○ Pop-up windows with special offers or free stuff can encourage a user to unintentionally install
malicious software
1. Gathering personal info of victim: name, family background, date of birth, contact
details like phone number, email address, residential address etc.
2. Established contact with victim through phone or via E-mail or on social media.
3. Stalker starts sending loving messages or threatening or abusive messages. Stalker
may use multiple names while contacting victim
4. Continues threaten mail or messages to victim to get some information or some favour
etc.
5. The stalker may post victim's personal photo and information on social site or porn
website saying victim providing dating service or sex-worker posing as victim has
posted it. The posts invites people to call victim for the services by using bad and
attractive language.
6. One who comes across the information, starts calling victim
7. Some stalker subscribe or register the email account of the victim to some unwanted
Madhura Vyawahare (30-09-2019)
services
Cybercafe and Cybercrime
● There was a time when cybercafe were very popular.
● Most of the crowd in cybercafe were teenagers and that to majority of male
● Cybercafes were largely used for the illegal purposes like: stealing bank
password and related frauds, terrorism and all different cybercrimes
● Risk using cybercafe was very large as its difficult to check what softwares
are installed in the system. Shoulder surfing was easy.
○ No updated antiviruses
○ Use of Pirated softwares and OS
○ Deep freeze type of softwares were used to clear the history for security measures but later it
was misused by cyber criminals
○ Illegal websites were not blocked
○ Less awareness about IT security
Leaving internet connection on and unprotected is like leaving the front door of the
house open
1. Attack by email.
2. Attachment.
3. Attack by deception (trick)
4. Hackers and crackers
5. Heedless guest (attack by webpage): attacker make fake website to extract
personal information, such website look genuine.
6. Attack of the worms.
a. Many worms are delivered as Email attachment.
b. worms are using holes of network protocol ( Provides list of flaws )
7. Malicious macros : MS word and MS excel.
8. Virus
1. Applications and data can be accessed from anywhere and any time. Data is
not present on user's computer
2. Bring hardware cost down but need internet connection.
3. Organization need not buy set of software for every employee. Instead it can
pay the metered fee to cloud computing company
4. Organization do not have to rent a physical space to store server and
databases.
5. Save money on IT support. Only desktop and internet connection has to be
maintained.
Introduction
● In this modern era, with increased use of electronics devices such as PDA,
Smartphone security threats have also increased. Which brought new security
challenges
● Number of people using PDA and mobile phones and smartphones have
increased drastically.
● Devices belong to different companies and uses services from various service
providers
● Personal devices are being used at office place
● Portable computer: Can easily be moved from one place to another but
cannot be used while in transit. Mostly due to need of AC power supply.(don't
work on battery)
● Tablet PC: Lacks in keyboard. Looks like a paper notebook, as features like
touchscreen, handwriting recognition software etc.
● Internet Tablet: Does not have much computing power like Tablet PC and
application suit is also limited. Its an internet application in tabular format. It
typically feature an MP3 and video player, web browser, cat application and
picture viewer Madhura Vyawahare (30-09-2019)
Proliferation of mobile and wireless devices
● Personal Digital Assistant(PDA): Small usually pocket size computer with
limited functionality. It is intended to supplement desktop giving access to
contacts, address book, notes email and other features
● Ultra Mobile PC: It is a full featured PDA size computer running a general
purpose operating system. A class of laptop whose specifications were
launched by Microsoft and Intel in spring 2006.
● Smartphone
● Carputers - It is a computing device installed in an automobile. It operates as
a wireless device, sound system, GPS and DVD players.
● Fly Fusion Pentop computer : It is computer device with the size and shape
of pen. It functions as a writing device, language translator, digital storage
device and calculators.
Madhura Vyawahare (30-09-2019)
PDA Portable Computer Madhura Ultra
Vyawahare (30-09-2019)
mobile PC
Trend in Mobility
● Skull Trojan
○ It targeted series 60 phone with symbian OS
○ Symbian OS is discontinued mobile operating system (OS) and computing
platform designed for smartphones
○ Series 60 platform is a software platform for smartphones that runs on top of the
Symbian operating system. It was created by Nokia based on the 'Pearl' user
interface.
○ Skulls is distributed in a malicious SIS file named "Extended theme.SIS"
○ Software Installation Script,SIS files are an archive, containing installation
instructions Madhura Vyawahare (30-09-2019)
Attacks against 3G
● trojan will replace the system applications with
non-functional versions, so that all but the phone
functionality will be disabled.
● It will also cause all application icons to be replaced
with picture of skull and cross bones; the icons don't
refer to the actual applications anymore so none of
the phone's normal applications will be able to start
● It also affected other Symbian devices, for example
Nokia 9500, which is a Series 80 device.
● But risk was less because installation file was
designed for S60
Madhura Vyawahare (30-09-2019)
Attacks against 3G
● Cabir Worm
○ First dedicated mobile worm targeting symbian OS.
○ The message "Cabir" is displayed on the phone's display, and is
displayed every time the phone is turned on.
○ The worm then attempts to spread to other phones in the area using
wireless Bluetooth signals
○ Worm sends copy of itself to vulnerable phone.
Overbilling attack : Hijack the subscriber’s IP address and then use it to initiate
the download. Madhura Vyawahare (30-09-2019)
Attacks on Android
● All mobile phones are open for many attacks happening through internet
(links, downloaded files etc.)
● Most of the attacks are happening through downloaded apps.
● Many apps ask for dangerous permissions and contain trackers embedded
within them.
● When survey was conducted it was concluded that in many cases at least, the
user simply isn't getting what the apps promised in their Play Store
descriptions. While 47% of the apps failed the testing regime in some way,
serious security flaws were uncovered.
● Truecaller, shareit are popular apps and they collects user information and
reveals user data. Madhura Vyawahare (30-09-2019)
Attacks on Android
Man-in-the-Disk attack
● Every app uses two types of memory. Internal and external memory.
● Many apps uses internal memory. But many also asks for permission to access external memory.
● The Man-in-the-Disk attack works because of two reasons:
○ First, any app can tamper with another app's External Storage data
○ Second, because almost all apps ask for this permission, users are generally willing to give it and
unaware of any security risks.
● Researchers say they were able to carry out two types of attacks:
○ To crash other apps
○ To update other apps to malicious versions.
( Do’s)
● Traditional Technique:
○ ID theft: impersonate as another valid user
○ Financial Fraud: Individual gives false information about his or her
financial status to aquire card
● Modern Techniques:
○ Triangulation:
■ It means using multiple ways to acquire something. In this method, criminal create a fake
website and offer goods with heavy discount. Once victim reisters and enter details,
details are stolen. Then criminal purchase more using this credit card details.
■ Usually criminals close such websites within 2-3 weeks before anyone can track him.
○ Credit Card Generation.
■ Softwares are used to generate valid credit card number and expiry date
Madhura Vyawahare (30-09-2019)
Security Challenges faced by mobile device
● Two main challenges due to mobility:
○ On hand held device, Information is being taken outside the physically controlled environment.
○ Remote access back to protected environment is granted
● Technical challenges in mobile security.
○ Managing the registry setting and configuration.
○ Authentication service security
○ Cryptography security.
○ LDAP security (LDAP protocol is responsible for accessing and maintaining distributed
directory information services over an Internet Protocol (IP) n/w.
○ RAS security. ( Remote Access Service , Windows OS system uses RAS to connect client to
server)
○ Media player control security.
○ API security.