PHLASHING

BY:- AKANSHA RATHORE

CYBER CRIME
activities done with criminal intent in cyberspace.
Types of cybercrimes : Unauthorized access

denial of service attack

Virus , worms or trojan attacks Web jacking E-mail bombing

WHAT IS PHLASHING?

Type of DOS attack

Also known as Permanent DOS Exploits network enabled firmware updates

by using Fuzzy Tools.

DENIAL OF SERVICE ATTACK

Also known as distributed DOS
Carried out with large number of systems Attacks a specific victim Makes information unavailable to intended host Example:- BOTNET

DIFFERENCE B/W DDOS AND PDOS

PDOS is pure hardware targeted
Much faster Requires fewer resources Requires replacement of hardware More effective and cheaper

HOW PDOS ATTACKS A SYSTEM?

Electronic devices rely on firmware to run
Firmware needs to be updated periodically(flashing) Poor security protocols Replaces vulnerable devices firmware with modified ,

corrupt or defective firmware image

CAUSES ?
Large number of NEEDS across corporate/gov.

networks
NEEDS ignored during audits Poor security updation Lack of solutions

PHLASH DANCE
is a generic fuzzing framework
Phlash Dance tool fuzzes binaries in firmware and the

firmwares update application protocol to cause a PDOS, and it detects PDOS weaknesses across multiple embedded systems.

VARIOUS ACTS TO PREVENT PHLASHING

Computer Misuse Act
National Information infrastructure Protection Act

1996
Information Technology Act 2000

COMPUTER MISUSE ACT

Consists of laws such as: Fine of $30000 and imprisonment for 4 years for unauthorized access and disclosing password
Fine of $20000 and imprisonment for 3 years for any

damage

NIIPA
Enacted by U.S govt.
Consists of several subsections against:-

Unauthorized access
Extraction of information Bans accessing computers without permission

IT ACTS 2000
Accept files in digital format
Legalizes E-mails Digital signature and records E-governance

IT ACT 2000(CONT.)
Internet services on license
Sets territorial jurisdiction of Adjudicating officers

for cyber crimes and cyber regulations

SOME CRIMES AND THEIR SECTIONS

Sending threatening message by email

S. 506
Forgery of electronic records

S.465
Bogus websites, cyber frauds, phishing

S.420
Email spoofing

S. 465, 419

DRAWBACKS OF IT ACT
Doesnt talk about rights and liabilities of DNS holder
Electronic payment gateway Internet is a borderless medium Lacks implementation

POSITIVE ASPECTS OF IT ACT

Legal recognition of E-mails
E-commerce using legal infrastructure Use of digital signatures Statutory remedy for damage by compensation

GREY AREAS OF IT ACT 2000

E-Commerce based on domain names
Does not include cyber crimes such as

cyber theft
Chat room abuse Misuse of credit card numbers implimentation

CONCLUSION
The new legislation which can cover all the aspects of

the Cyber Crimes should be passed so the grey areas of the law can be removed.
The softwares are easily available for download should

be restricted by the Government by appropriate actions.

FUTURE SCOPE
Indian needs a good techno-legal expertise to tackle the growing menace of cyber crimes.

REFERENCES
1.http://arstechnica.com/security/news/2008/05/phlash ing-attacks-could-render-network-hardwareuseless.ars 2.http://www.darkreading.com/authentication/16790107 2/security/clientsecurity/211201088/permanentdenial-of-service-attack-sabotages-hardware.html 3.http://www.infosecwriters.com/text_resources/pd f/Defense_DDoS.pdf

THANK

YOU

QUERIES??