Chapter 2: Cyber Offenses and

Cybercrimes
- Madhura Vyawahare

Madhura Vyawahare (30-09-2019)

How Criminals Plan the Attack
● Identify the target (individual or/and organization)
● Decide motive
● Identify vulnerabilities of target
● Decide the type of attack (active or passive)
● Decide mode of attack (inside or outside)

Phases of Attack

1. Reconnaissance
2. Scanning and scrutinizing the gathered information
3. Launching the attack

Madhura Vyawahare (30-09-2019)

1. Reconnaissance

● Reconnaissance is an act of reconnoitering- explore often with the

goal of finding something or somebody
● It is the act of gathering information about the victim
● It involves accumulating data about the target's environment
● Objective of the phase is to understand the system, its networking
ports and services, and other aspects of its security that are needful to
launch the attack

Madhura Vyawahare (30-09-2019)

Active and Passive Attacks
● Passive attacks attempt to gain the information about the
target
● Passive attack is attack on confidentiality
● Active attacks are usually used to alter the system
● Active attacks targets availability, integrity and authenticity

Madhura Vyawahare (30-09-2019)

Active Attack
● Attacker tries to modify the information or create false message
● Precaution is difficult due to broad range of potential physical, network and
software vulnerabilities
● It emphasizes on detection and recovery
● Need more efforts to perform
● Dangerous and can be violent
● Victim understands when attacked and hence can report or take action
● Forms
○ Interruption
○ Modification
○ Fabrication

Madhura Vyawahare (30-09-2019)

Active Attack
● Masquerade: Masquerade attack takes place when one entity pretends to be
different entity to gain access or higher privileges than they are authorised for
● Modification of messages: It means that some portion of a message is
altered or that message is delayed or reordered to produce an unauthorised
effect.
● Denial of Service: It prevents normal use of communication facilities. This
attack may have a specific target.
● Insertion of virus or worm in the system by forcefully getting access to
unauthorised system and destroying data, information, software or some part
of memory

Madhura Vyawahare (30-09-2019)

Active Attack
● Session Replay: It involves the passive capture of a message and its
subsequent transmission to produce an authorized effect.
○ Maliciously “repeat” or “delay” a valid data transmission.
○ An attacker steals a valid session ID of a user, and reuses it to
impersonate as an authorized user to perform fraudulent
transactions/activities.
○ A user becomes a victim of session replay attack when session ID’s have
no session expiration time set, or the session data is stored in
unencrypted form.
○ It can be done using Cookies or URLs

Madhura Vyawahare (30-09-2019)

Passive Attack
● Attacker indulges in unauthorised eavesdropping just for monitoring
transmission or gathering information
● Eavesdroppers does not make any change in data
● Difficult to detect
● Victim usually don't understand when being attacked as it does not involve
any alteration
● Prevention is preferred over detection
● Recovery is not applicable

Madhura Vyawahare (30-09-2019)

Passive Attack
● Release of message content: Content of private message or email is
captured
● Traffic analysis:
○ Network packets are captured
○ Attacker observes and identify the pattern of encryption and retrieves the
information
● Password sniffing or cracking

Madhura Vyawahare (30-09-2019)

 Active Vs. Passive Attack
Active Attack Passive Attack

1. Modifies the message 1. No modification in data or content

2. Huge amount of harm 2. Does not cause harm
3. Threat to integrity & availability 3. Threat to Confidentiality
4. Attacked entity is aware of attack 4. Attacked entity does not get any
being performed clue of attack
5. Performed by gaining physical 5. Attacker just observes and does
control not take physical control
6. Emphasises on detection and 6. Emphasises on prevention
recovery 7. Example: Industrial spying,
7. Example: Email spoofing, Password sniffing
Computer sabotage, DoS
Madhura Vyawahare (30-09-2019)
 Tools for Passive Attack
● Nslookup: Finds DNS details
● Traceroute
● HTTrack: This tool acts as a offline browser. It can mirror
the entire website to a desktop. One can analyse the
entire website by being offline
● Website Watcher: This tool can be used to keep track of
website for an update
● eMailTrackerPro: Analyses the email header and
provides ip address of system that sent mail
Madhura Vyawahare (30-09-2019)
 Tools for Passive Attack
● TCP SYN scan- This half-open scan was developed to evade IDS systems,
although most now detect it. Open ports reply with a SYN/ACK, whereas
closed ports respond with a RST/ACK
● According to RFC( request for comments) 793: "Traffic to a closed port should always
return RST". RFC 793 also states if a port is open and segment does not
have flag SYN, RST or ACK set. The packet should be dropped. It could be
an old datagram from an already closed session.
● TCP NULL scan- there should be some type of flag in the packet but a NULL
scan sends a packet with no flags set. Open port does not understand how to
react to these packets and hence discard it silently. Closed ports returns a
RST.
● TCP FIN scan - An adversary uses a TCP FIN scan to determine if ports are
closed on the target machine. This scan type is accomplished by sending
TCP segments with the FIN bit set in the packet header. Madhura Vyawahare (30-09-2019)
 Tools for Active Attack
● Ping/fping: Standard network utility to send ICMP packet
to target host.
● TCPdump: It is a network tool for the protocol packet
capture and dumper program
● Traceroute: This can also be used for active attack
● URLsnarf: This is a network auditing tool to capture HTTP
traffic on a local subnet

Madhura Vyawahare (30-09-2019)

 Tools for Active Attack
● Dig: Used to perform detailed queries about DNS records and zones,
extracting configuration, administrative information about a network or
a domain
● Bing: It is used for bandwidth ping. It is point to point bandwidth
measurement tool
● Arping: Its a network tool that broadcasts ARP packets and receives
replies similar to ping
● Hmap: Hmap is web server fingerprinting tool. It is used to obtained
detailed fingerprinting of web server to identify vendor, version, patch
level etc.

Madhura Vyawahare (30-09-2019)

2. Scanning and scrutinizing Gathered Information
● Scanning is a key to examine intelligently while gathering information about
the target
● Objectives of scanning:
○ Port Scanning: identify open/close ports and services
○ Network scanning: Understand IP addresses and related information about the computer
network system
○ Vulnerability scanning: Understand the existing weaknesses in the system.
● Scrutinizing phase: It is always called as enumeration in the hacking world
● Objective of Scrutinizing:
○ Identify The valid user accounts or group
○ Identify network resources and/or shared resources
○ OS and different applications that are running on the OS.

Madhura Vyawahare (30-09-2019)

 3. Attack
Usually most attackers consume 90% of their time in scanning, scrutinizing and
aterin information on a target and 10% of their time in launcin attack.

● Crack the password

● Exploit the privileges
● Execute the malicious commands/applications
● Hide the files
● Cover the tracks- delete the access logs

Madhura Vyawahare (30-09-2019)

 Social Engineering
● Social engineering is an art of exploiting trust of people, which is not
doubted while speaking in normal manner
● Social engineers study human behaviour and psychology: desire to be
helpful, attitude to trust, fear of getting into trouble etc.
● It's easy to trick a person than break the security
● People are weak link in security and this principle makes social engineering
possible
● Social engineer uses telecommunication or internet to make the victim do
something which is against the security practice
● Gaining important information or unauthorized access
● Goal is to fool someone and get valuable information

Madhura Vyawahare (30-09-2019)

 Classification of Social Engineering
1. Human-Based social engineering

● Impersonating an employee or valid user

○ Taking advantage of helping nature of people
○ Pretending to be valid user
○ Asking about the computer lab
○ Asking help to enter in unauthorised area by saying forgot card
● Posing as an important user
○ Pretending to be a CEO or higher level manager who needs immediate assistance
○ Victim can be help-desk worker
● Using a third person
○ Attacker pretends to have permission from an authorised source to use a system when
authorised person is not accessible

Madhura Vyawahare (30-09-2019)

 Classification of Social Engineering
● Calling technical support
○ Calling technical support for assistance

● Shoulder surfing
○ Gathering information such as username and password by watching over a person’s shoulder

● Dumpster diving
○ Looking into trash
○ Scavenging is another term
○ Dumpstering is more common. Its like phishing rather than diving

Madhura Vyawahare (30-09-2019)

 Classification of Social Engineering
2. Computer based social engineering

● Fake email
○ phishing
● Email Attachments
○ Sending malicious attachments
○ Viruses, trojans and worms
● Pop-up windows
○ Pop-up windows with special offers or free stuff can encourage a user to unintentionally install
malicious software

Madhura Vyawahare (30-09-2019)

 Cyberstalking
● Cyberstalking is the use of information and communication technology,
particularly internet by an individual or group of individuals to harass another
individual or group of individuals or organization
● Following a person, leaving written messages, making phone calls, False
accusation, monitoring, transmission of threats etc.
● Majority of cyber stalkers are men and majority of their victims are women
● Some cases are reported where women are cyberstalking and men are
victim, where few cases of same gender have been identified.

Madhura Vyawahare (30-09-2019)

 Cyberstalking
● Types of stalkers:
1. Online stalkers:
a. They interact with victim directly with the help of Internet.
b. Mode of Interaction : E-mail, chat room, social media.
c. Stalker makes victim to understand about the attack
d. Stalker can make use of third party to harass victim.
2. Offline stalker :
a. Stalker may attack on victim by following him and observing his Daily routine.
b. searching personal website /blogs, online chats, tweets, posts etc.
c. Visiting victim organization.

Madhura Vyawahare (30-09-2019)

 Cyberstalking
How stalking works ?

1. Gathering personal info of victim: name, family background, date of birth, contact
details like phone number, email address, residential address etc.
2. Established contact with victim through phone or via E-mail or on social media.
3. Stalker starts sending loving messages or threatening or abusive messages. Stalker
may use multiple names while contacting victim
4. Continues threaten mail or messages to victim to get some information or some favour
etc.
5. The stalker may post victim's personal photo and information on social site or porn
website saying victim providing dating service or sex-worker posing as victim has
posted it. The posts invites people to call victim for the services by using bad and
attractive language.
6. One who comes across the information, starts calling victim
7. Some stalker subscribe or register the email account of the victim to some unwanted
Madhura Vyawahare (30-09-2019)
services
 Cybercafe and Cybercrime
● There was a time when cybercafe were very popular.
● Most of the crowd in cybercafe were teenagers and that to majority of male
● Cybercafes were largely used for the illegal purposes like: stealing bank
password and related frauds, terrorism and all different cybercrimes
● Risk using cybercafe was very large as its difficult to check what softwares
are installed in the system. Shoulder surfing was easy.
○ No updated antiviruses
○ Use of Pirated softwares and OS
○ Deep freeze type of softwares were used to clear the history for security measures but later it
was misused by cyber criminals
○ Illegal websites were not blocked
○ Less awareness about IT security

Madhura Vyawahare (30-09-2019)

 Cybercafe and Cybercrime
● Tips for safety and security while using the computer in a cybercafe.
○ Always logout.
○ Stay with the computer.
○ Clear history and temporary file.
○ Be alert.
○ Avoid online financial transaction.
○ Change password.
○ Virtual keyboard ( icici bank provides it to enter secret pin/3D secure
code / credit card no.)
○ Security warning : warning should consider during accessing
financial/banking site.
Madhura Vyawahare (30-09-2019)
 Botnets: The fuel for cybercrime
● Bot means an automated computer program for doing some particular task,
often over a network
● Botnet : A botnet is a network of inflected or compromised computers that
allow attacker to control machine remotely
● Botnet is used to refer to a group of compromised computers also called
zombie computers. Personalised computers under the control of attacker.
● Compromised computer will appear to be working normally
● Infected machines are controlled remotely
● Low maintenance cost and diminishing knowledge made botnet popular
● Its being used as business to earn money by criminals

Madhura Vyawahare (30-09-2019)

Botnets

Madhura Vyawahare (30-09-2019)

 Prevention guideline ( Botnet )
By limiting access to the system chances of becoming bot can be reduced

Leaving internet connection on and unprotected is like leaving the front door of the
house open

Following guidelines can be followed:

● Use antivirus and anti-spyware and keep it up-to-date.

● Download security patches
● Use firewall to protect system from hacking attacks while it is connected on
the internet.
● Disconnect internet when you are away from your computer.
● Download freeware from trusted website.
● Check regularly folders of sent item and outbox of your mail account.
● Take an immediate action if your system is inflected.Madhura Vyawahare (30-09-2019)
 Attack Vector
● An attack vector is a path or means by which an attacker can gain access to a
computer or to network server to deliver a payload or malicious code
● Attack vector enable attacker to exploit system vulnerabilities including the
human element
● Attack vector include virus, E-mail attachment, web page, pop up window,
instant message, chat room.
● To some extent, attack vector can be block using firewalls and antivirus.
● But no method is attack proof

Madhura Vyawahare (30-09-2019)

 Attack Vector
List of attack vector

1. Attack by email.
2. Attachment.
3. Attack by deception (trick)
4. Hackers and crackers
5. Heedless guest (attack by webpage): attacker make fake website to extract
personal information, such website look genuine.
6. Attack of the worms.
a. Many worms are delivered as Email attachment.
b. worms are using holes of network protocol ( Provides list of flaws )
7. Malicious macros : MS word and MS excel.
8. Virus

Madhura Vyawahare (30-09-2019)

 Cloud Computing
Concept of cloud computing
● Cloud Computing is a technology that uses the internet and central remote
servers to maintain data and applications
● Term Cloud is used as metaphor for the internet
● It hosts services over internet
● Businesses that cannot afford the same amount of hardware and storage
space as a bigger company. Small companies can store their information in
the cloud, removing the cost of purchasing and storing memory devices
● Characteristics:
○ It is sold on demand
○ Elastic in terms of usage
○ Service is fully managed by the provider Madhura Vyawahare (30-09-2019)
 Cloud Computing
● Types of clouds
○ There are different types of clouds that you can subscribe to depending on your needs.
○ As a home user or small business owner, you will most likely use public cloud services.

1. Public Cloud - A public cloud can be accessed by any subscriber with an

internet connection and access to the cloud space.

2. Private Cloud - A private cloud is established for a specific group or organization

and limits access to just that group.

3. Community Cloud - A community cloud is shared among two or more

organizations that have similar cloud requirements.

4. Hybrid Cloud - A hybrid cloud is essentially a combination of at least two clouds,

where the clouds included are a mixture of public, private, or community.
Madhura Vyawahare (30-09-2019)
 Cloud Computing
Types of services:

1. Infrastructure as a service (IaaS): Amazon Web Services provide virtual server

with unique IP addresses, Different API are provided
2. Platform as a service (PaaS): Cloud provides platform to host your services.
Development tools are hosted on cloud platform. Google Apps is one of the
most famous PaaS provider.
3. Software as a service (SaaS): Provides software to use without purchasing.
Web-based email to applications such as Twitter.

Cloud Computing service provider

- Amazon , 3 Tera, Force.com, Flexiscale, Google-App Engine, Go grid.

Madhura Vyawahare (30-09-2019)
 Cloud Computing
Advantages of cloud computing

1. Applications and data can be accessed from anywhere and any time. Data is
not present on user's computer
2. Bring hardware cost down but need internet connection.
3. Organization need not buy set of software for every employee. Instead it can
pay the metered fee to cloud computing company
4. Organization do not have to rent a physical space to store server and
databases.
5. Save money on IT support. Only desktop and internet connection has to be
maintained.

Madhura Vyawahare (30-09-2019)

 Cloud Computing
Security challenges in Cloud computing
● Cloud Computing is next target of cyber criminals.
● Cloud computing servers are outside of organization security perimeter.
● Risks and remedies:
○ Data processed or brought from outside is not trustworthy. It may bring
inherent level of risk.
■ Customer should obtain as much information as possible about the
service provider
○ Location of data is unknown. Where and in which country it is located
may be hidden.
■ User should make sure service providers follow local privacy
requirements and store and process data in the specific
Madhura jurisdiction
Vyawahare (30-09-2019)
 Cloud Computing
● Risks and remedies:
○ Segregation and Security level may not be disclosed.
■ User should be aware of the arrangements of segregation of data
and its encryption standards
○ Multiple user logging in and logging out of the host which makes it difficult
to trace illegal activity
■ logs should be provided by organization on frequent intervals
○ In case of any major change in cloud computing service provider like
merger, partnership breakage etc. data with service provider is also at
risk
■ Service provider should ensure getting data in case of such major
events Madhura Vyawahare (30-09-2019)
 Cybercrime : Mobile and Wireless Device

Introduction

● In this modern era, with increased use of electronics devices such as PDA,
Smartphone security threats have also increased. Which brought new security
challenges
● Number of people using PDA and mobile phones and smartphones have
increased drastically.
● Devices belong to different companies and uses services from various service
providers
● Personal devices are being used at office place

Madhura Vyawahare (30-09-2019)

 Proliferation of mobile and wireless devices
● Trend is moving to smaller devices with more processing power
● This advancement brought Mobile Computing & Wireless Computing

Type of Mobile devices:

● Portable computer: Can easily be moved from one place to another but
cannot be used while in transit. Mostly due to need of AC power supply.(don't
work on battery)
● Tablet PC: Lacks in keyboard. Looks like a paper notebook, as features like
touchscreen, handwriting recognition software etc.
● Internet Tablet: Does not have much computing power like Tablet PC and
application suit is also limited. Its an internet application in tabular format. It
typically feature an MP3 and video player, web browser, cat application and
picture viewer Madhura Vyawahare (30-09-2019)
Proliferation of mobile and wireless devices
● Personal Digital Assistant(PDA): Small usually pocket size computer with
limited functionality. It is intended to supplement desktop giving access to
contacts, address book, notes email and other features
● Ultra Mobile PC: It is a full featured PDA size computer running a general
purpose operating system. A class of laptop whose specifications were
launched by Microsoft and Intel in spring 2006.
● Smartphone
● Carputers - It is a computing device installed in an automobile. It operates as
a wireless device, sound system, GPS and DVD players.
● Fly Fusion Pentop computer : It is computer device with the size and shape
of pen. It functions as a writing device, language translator, digital storage
device and calculators.
Madhura Vyawahare (30-09-2019)
PDA Portable Computer Madhura Ultra
Vyawahare (30-09-2019)
mobile PC
 Trend in Mobility

● Mobile computing is moving into 3G and 4G which promises greater

variety in applications and have highly improved usability as well as
speedier networking
● Apple and android phones are the examples of this new trend
● This smart mobile technology is rapidly gaining popularity and attention
of the attackers
● Trends in mobile computing helps users to realize seriousness of
cybersecurity
Madhura Vyawahare (30-09-2019)
 Types of mobility
● User mobility:
○ User should be able to move from one physical location to another location and use the same
service.
○ The service could be in the home network or a remote network.
○ Example: a user travels for business and uses corporate services and applications as if the
user were in the office.
○ user interaction model is changed
● Device mobility:
○ Smaller, battery driven devices, multiple heterogeneous networks
○ User should be able to move from one device to another using same services
○ Example: Sales executive uses software and service on desktop and continue using it on
mobile while moving or traveling

Madhura Vyawahare (30-09-2019)

 Types of mobility
● Network mobility:
○ User should be able to move from one network to another and still be able to use the same
service
○ User moving from one country to another or even from mumbai to outside (MTNL will cane to
BSNL)
● Session mobility
○ A user session should be able to move from one user agent environment to another
○ Example: A user is using some service trou mobile phone, loses the connection and ence
continue the session from desktop after reaching office.
● Service mobility
○ User should be able to move from one service to another
○ While performing one task user can open another application or browser to perform other task
● Mobile devices are facing various threats.
Madhura Vyawahare (30-09-2019)
 Attacks against 3G
Malware, viruses and worms:

● Skull Trojan
○ It targeted series 60 phone with symbian OS
○ Symbian OS is discontinued mobile operating system (OS) and computing
platform designed for smartphones
○ Series 60 platform is a software platform for smartphones that runs on top of the
Symbian operating system. It was created by Nokia based on the 'Pearl' user
interface.
○ Skulls is distributed in a malicious SIS file named "Extended theme.SIS"
○ Software Installation Script,SIS files are an archive, containing installation
instructions Madhura Vyawahare (30-09-2019)
 Attacks against 3G
● trojan will replace the system applications with
non-functional versions, so that all but the phone
functionality will be disabled.
● It will also cause all application icons to be replaced
with picture of skull and cross bones; the icons don't
refer to the actual applications anymore so none of
the phone's normal applications will be able to start
● It also affected other Symbian devices, for example
Nokia 9500, which is a Series 80 device.
● But risk was less because installation file was
designed for S60
Madhura Vyawahare (30-09-2019)
 Attacks against 3G
● Cabir Worm
○ First dedicated mobile worm targeting symbian OS.
○ The message "Cabir" is displayed on the phone's display, and is
displayed every time the phone is turned on.
○ The worm then attempts to spread to other phones in the area using
wireless Bluetooth signals
○ Worm sends copy of itself to vulnerable phone.

Madhura Vyawahare (30-09-2019)

Madhura Vyawahare (30-09-2019)
 Attacks against 3G
● Brador Trojan
○ The first backdoor Trojan for PDAs running under PocketPC
○ Windows CE is an operating system developed by Microsoft and designed for small footprint
devices or embedded system
○ It affect the Windows CE OS by creating svchost.exe file in windows startup folder which allow to
take full control of mobile device.
○ It opens the infected machine for remote administration.
○ Brador then identifies the machine's IP address and sends it to the author, informing the
author that the handheld is connected to the Internet and the backdoor is active.
○ Finally, Brador opens port 2989 and awaits further commands full control over the infected PDA
via this port.
○ Like all backdoors, Brador cannot spread by itself: It can only arrive as an e-mail attachment,
be downloaded from the Internet or uploaded along with other data from
Madhura a desktop.(30-09-2019)
Vyawahare
● Brador Trojan

Madhura Vyawahare (30-09-2019)

 Attacks against 3G
Mosquito Trojan :

● It affect the Series 60 Smartphone with symbian OS and it is cracked version

of mobile phone game “Mosquitos”.
● The victims of the virus are mobile phone users who have knowingly
downloaded an illegal version of the game 'Mosquitos' to play on their
handset.
● Trojan that infects the phone and sends the costly SMS messages without the
owner realising -- until their next bill arrives
● Mostly teenagers became victim of this

Madhura Vyawahare (30-09-2019)

 Attacks against 3G
Lasco Worm :

● It targets PDA which runs on symbian OS , this worm released in 2005.

● Lasco arrives on a system through a bluetooth transmission. The user must
then choose to install the software coming through.
● Lasco searches for all files with a .sis extension and places a copy of itself in
them.
● Lasco will then search for other bluetooth devices and send a copy of itself to
them, regardless of their OS

DoS : Objective of this attack is make system unavailable to intended user by

flooding targeted server.

Overbilling attack : Hijack the subscriber’s IP address and then use it to initiate
the download. Madhura Vyawahare (30-09-2019)
 Attacks on Android
● All mobile phones are open for many attacks happening through internet
(links, downloaded files etc.)
● Most of the attacks are happening through downloaded apps.
● Many apps ask for dangerous permissions and contain trackers embedded
within them.
● When survey was conducted it was concluded that in many cases at least, the
user simply isn't getting what the apps promised in their Play Store
descriptions. While 47% of the apps failed the testing regime in some way,
serious security flaws were uncovered.
● Truecaller, shareit are popular apps and they collects user information and
reveals user data. Madhura Vyawahare (30-09-2019)
 Attacks on Android
Man-in-the-Disk attack

● Every app uses two types of memory. Internal and external memory.
● Many apps uses internal memory. But many also asks for permission to access external memory.
● The Man-in-the-Disk attack works because of two reasons:
○ First, any app can tamper with another app's External Storage data
○ Second, because almost all apps ask for this permission, users are generally willing to give it and
unaware of any security risks.
● Researchers say they were able to carry out two types of attacks:
○ To crash other apps
○ To update other apps to malicious versions.

Madhura Vyawahare (30-09-2019)

 Attacks on Android
Spearphone Attack: Spy On Calls, Voice Notes, and Multimedia
● Dubbed Spearphone: A new side-channel attack that could allow malicious apps to eavesdrop on
the voice coming out of your smartphone's loudspeakers without requiring any device permission.
● It takes advantage of a hardware-based motion sensor, called an accelerometer, which comes built
into most Android devices and can be unrestrictedly accessed by any app installed on a device even
with zero permissions.
● An accelerometer is a motion sensor that lets apps monitor the movement of a device, such as tilt,
shake, rotation, or swing, by measuring the time rate of change of velocity with respect to magnitude
or direction.
● the attack can be triggered when the victim either places a phone or video call on the speaker
mode, or attempts to listen to a media file, or interacts with the smartphone assistant.

Madhura Vyawahare (30-09-2019)

Credit Card Fraud in Mobile and Wireless Computing Era
● Mobile banking and mobile commerce are becoming popular in this mobile era
● Availability of people using mobile devices have increased
● Wireless credit card processing devices have brought ease in life
● Credit card companies started offering better tools to customers for monitoring
their accounts and limit high risk transactions
● Close loop environment for wireless can be used (is being used)
○ Merchant sends a transaction to bank
○ Bank transmits the request to authorized card holder
○ Card holder approves the request (password protected)
○ Bank merchant is notified
○ Credit card transaction completed
Madhura Vyawahare (30-09-2019)
Credit Card Fraud in Mobile and Wireless Computing Era
Tips to prevent credit card fraud.

( Do’s)

○ Put signature on back side of card.

○ Make a photocopy of card.
○ Carry details of bank and Helpline no. to contact in case of emergency
○ Change default PIN after receiving card and change password regularly.
○ Ensure the legitimacy of the website before using the card.
○ Preserve receipts and compare and check monthly statement
○ Destroy all receipts after verification
Madhura Vyawahare (30-09-2019)
Don’t’s

● Don’t Store card no and PIN no together in mobile

● Don’t Give your card to anyone.
● Don’t Leave card or transaction receipt laying around.
● Don’t sign blank receipt or unclear receipt.
● Don’t Write a card no /pin no on postcard or the outside of an envelope.
● Don’t Give out immediately your number over phone.
● Don’t Drop credit card receipt into garbage box /dustbin.

Madhura Vyawahare (30-09-2019)

 Credit Card Fraud
Types and Techniques of credit Card fraud.

● Traditional Technique:
○ ID theft: impersonate as another valid user
○ Financial Fraud: Individual gives false information about his or her
financial status to aquire card
● Modern Techniques:
○ Triangulation:
■ It means using multiple ways to acquire something. In this method, criminal create a fake
website and offer goods with heavy discount. Once victim reisters and enter details,
details are stolen. Then criminal purchase more using this credit card details.
■ Usually criminals close such websites within 2-3 weeks before anyone can track him.
○ Credit Card Generation.
■ Softwares are used to generate valid credit card number and expiry date
Madhura Vyawahare (30-09-2019)
 Security Challenges faced by mobile device
● Two main challenges due to mobility:
○ On hand held device, Information is being taken outside the physically controlled environment.
○ Remote access back to protected environment is granted
● Technical challenges in mobile security.
○ Managing the registry setting and configuration.
○ Authentication service security
○ Cryptography security.
○ LDAP security (LDAP protocol is responsible for accessing and maintaining distributed
directory information services over an Internet Protocol (IP) n/w.
○ RAS security. ( Remote Access Service , Windows OS system uses RAS to connect client to
server)
○ Media player control security.
○ API security.

Madhura Vyawahare (30-09-2019)

 Managing the registry setting and configuration.
● Registry setting is important because with which various applications allow a free flow
of information.
● The registry or Windows Registry contains information, settings, options, and other
values for programs and hardware installed on all versions of Microsoft Windows
operating systems.
● ActiveSync utility can act as gateways between Server and Mobile/PC.
● This utility is used to fetch user data (Email, calendar note, business related info, music,
pictures) when users are away from PC.
● ActiveSync can synchronize directly with microsoft exchange server to keep things
updated wirelessly
● Group policy is used to manage registry setting
● Another dimension to mobile security: antiviruses to protect against spyware, viruses,
worm, malware etc.
● Microsoft tries to develop solutions as fast as possible and keep updated
● Windows does not provide baseline security configuration
Madhura Vyawahare (30-09-2019)
 Authentication Service Security
● Security components in mobile computing :
○ Security of Devices.
○ Security in networks.
● Mutual authentication take place between device and base station or web
service.
● Authentication allow legitimate user to access resources.
● Mobile devices are subjected to push attack, pull attack, crash attack
● Attacks via wireless networks are: DoS attack, traffic analysis,
eavesdropping, man-in-middle attack.
Madhura Vyawahare (30-09-2019)
 Security Challenges
● Cryptographic security for mobile devices
○ Cryptographically generated address (CGA) is IPV6 address generated by hashing owner’s
public key address
○ CGA-based authentication can be used to protect IP-layer signaling protocols including
neighbor discovery and mobility protocols

● Media player control security

○ Young generation uses hand held devices to access information for entertainment.
○ Music players and online music are major sources
○ Various leading software development organizations kept warning users about potential
security attacks on mobile device through music gateways
○ Many examples or attack via windows media player are reported.
Madhura Vyawahare (30-09-2019)
 Attack on mobile /cell phone
● Mobile phones were luxury and now have become necessity
● Mobile phone Theft
● Increasing functionalities and connectivity are the reasons behind increase in
attack on mobile phones (SMS, MMS, Bluetooth, infrared, Multiple
connection)
● Mobile Virus
○ Corrupting mobile data and application.
○ Mobile virus get spread through – Bluetooth and MMS.
○ MMS virus sends copy of itself to all the contact list present in mobile.
● Mishing: Combination on mobile phone and phishing
● Vishing: Using social engineering over telephone
● Smishing: Criminal offense conducted by using SMS and phishing
Madhura Vyawahare (30-09-2019)
 Vishing
● Usually used to steal credit card details or other related data used in ID theft
● Vishing via voicemail: Victim is forced to call on the provided phone number
once he/she listens to voice call
● Vishing via direct phone call:
○ Criminal gathers information
○ Make call to pretend panic situation
○ Ask credit/debit card details
● Case studies at pae no. 102
● How to protect from Vishing Attacks
○ Be suspicious about unknown callers
○ Do not trust caller ID - caller ID spoofing is easy
○ Be aware and ask questions, in case someone is asking for your personal information
○ If someone is asking for personal information, call them back
○ Report vishing calls to nearest cyber cell with number and name that appeared on caller ID
Madhura Vyawahare (30-09-2019)
 Hacking Bluetooth
● Bluetooth is a wireless technology standard used for communication over
short distances
● When bluetooth is enable it shows its availability which makes attacker’s job
easier
● Attacker can download address book information, photos, calendar, SIM card
details, make longer distance phone calls etc.
● Bluetooth hacking tools:
○ BlueScanner: This tool enables to search for bluetooth enabled devices and will try to extract
as much information as possible for each newly discovered device after connecting with target
○ BlueSniff: This is GUI-based utility for finding discoverable as well as hidden bluetooth
enabled devices
○ Bluesnarfer: it connects with bluetooth enabled phone without alerting the owner and gain
access to restricted portion of stored data
○ BlueDiving: it tests bluetooth penetration. It implements attacks like BlueSnarf and Bluebug
Madhura Vyawahare (30-09-2019)
Mobile devices : Security Implications for Organizations

● Managing diversity and proliferation of

handheld devices
○ Manager or CEO needs to make decisions about
security policies like: registered devices are only
allowed in premises, accessibility of network to
outside devices etc.
● Unconventional/Stealth devices
● Threats through lost and stolen devices

Madhura Vyawahare (30-09-2019)