Q 1​. Elaborate the idea, how Botnet can be used as a fuel to Cyber crime?

​ [CO 1 &2
Blooms Level 6]​ ​Marks 4
Q 2.​Discuss the countermeasures to be practiced for possible attacks on mobile/cell phones?
[CO 3 Blooms Level 6]​ ​Marks 4
Q 3​. Explain Blind SQL injection attack? Discuss about the preventive measure of this ?​ [CO 4
Blooms Level 5]​ ​Marks 4
Q 4.​Discuss about the different techniques of ID theft? ​[CO 5 Blooms Level 5]​ ​Marks 4
Q 5​. Create a overview on punishment for cyber criminals? Is it possible to punish them? If not,
Predict what are the differing factors in India as well as globally? ​ [CO 6 Blooms Level 6]
Marks 4

Name: Arghya Deep Manna

Class Roll No: 23
University Roll: 12200216054
University Registration No: 161220110073 OF 2016-17
Examination: B.Tech. 4th Year 2nd Sem
Subject Name: Cyber Law & Security Policy
Subject Code: IT 802B
Dept: Information Technology
Date: 07/07/2020

ANSWERS
1. A botnet is a collection of internet
connected devices, which may include PCs,
mobile devices that are infected and controlled
by a common type of malware. Users are often
unaware of a botnet infecting their system.
Infected devices are remotely
controlled by cybercriminals and are used for
specific functions, so the malicious operations
stay hidden to the user. Botnets are commonly
used to send email spam, click fraud and
generate malicious traffic for Distributed
(DDoS) attacks.
The botnet malware typically looks for
vulnerable devices across the internet, rather
than targeting specific individuals, companies.
The objective of creating a botnet is to infect as
many connected devices as possible.
2. ​Countermeasures for possible attacks on mobile/cell phones:-
i) ​Security Software:- ​An antivirus software can be installed in a device to verify that it is
not infected by threats.
ii) ​Biometric Authentication:- ​By using biometric user can avoid to remember a
password to authenticate and prevent malicious users from accessing their device.
iii) ​Battery:- ​Some malware is aimed at exhausting the battery of a mobile phone.
Monitoring the energy consumption of a device is a way to detect malware applications.
iv)​Memory:-​ If a substantial portion of memory is used by an application it can be a
malicious application.

3. ​Blind SQL injection attack:​-

Blind SQL injection is a type of SQL injection attack that asks the database true or false
questions and determines the answer based on the application’s response. This attack is often
used when the web application is configured to show generic error messages, but has not
mitigated the code that is vulnerable to SQL injection.

Preventive Measures:-
i) ​Input Validation:- ​Using data input validation is the best way to spot incorrect
characteristics in the database. A string can be defined to sanitize by filtering user data
according to the context.
ii) ​Use a web Application Firewall:- ​By filtering potentially dangerous web requests,
web application firewalls can catch and prevent SQL injections.
iii) ​Use Stored Procedures:- ​Stored procedures make it much more difficult for
attackers to execute their SQL , as it is unable to be dynamically inserted within queries.

4.​ Different Techniques of ID theft:-

i) ​Mail Theft:- ​ This is stealing credit card bills and junk mails directly from a victim’s mailbox.
ii) ​Phishing:-​ By pretending to be financial institution or companies, thieves can send spam or
pop-up messages to get our personal information.
iii) ​Dumpster Diving:-​ Identity thieves go through our trash to get personal information, credit
card bills etc.

iv) ​Pretexting:-​ Thieves use false pretenses to get our personal information from financial
institution or companies.
v) ​Skimming:- ​By the use of skimmers thieves can get our debit and credit card information.