Unit II: Cyber offenses: How criminal plan them: Introduction – How criminal plan the Attacks – Social

Engineering – Cyberstalking – Cybercafe and Cybercrimes – Botnets: The fuel for Cybercrime – Attack vector.
Cybercrime: Mobile and Wireless Devices:Security Challenges posed by Mobile Devices- Authentication
Service Security – Attacks on Mobile/ Cellphones – Organizational Security Policies and measures in Mobile
Computing Era.

CYBER OFFENSES

HOW CRIMINALS PLAN THEM –INTRODUCTION

 Technology is a “double-edged sword” as it can be used for both good and bad purposes
 People with the tendency to cause damages or carrying out illegal activities will use it forbad purpose.
 Computers and tools available in IT are also used as either target of offense.
 In today‟s world of Internet and computer networks, a criminal activity can be carried out across national
borders.
 Chapter 1 provided an overview of hacking, cyber terrorism, network intrusions, password sniffing, computer
viruses, etc. They are the most commonly occurring crimes that target the computer.
 Cybercriminal use the World Wide Web and Internet to an optimum level for all illegal activities to store data,
contacts, account information, etc.
 The criminals take advantage of the widespread lack of awareness about cybercrimes and cyber laws among the
people who are constantly using the IT infrastructure for official and personal purposes.
 People who commit cybercrimes are known as “Crackers” (Box 2.1).

Box 2.1 | Hackers, Crackers and Phreakers

Hacker: A hacker is a person with a strong interest in computers who enjoys learning and
experimenting with them. Hackers are usually very talented, smart people who understand
computers better than others. The term is often confused with cracker that defines someone who
breaks into computers (refer to Box 2.2).
Brute force hacking: It is a technique used to find passwords or encryption keys. Brute force
hacking involves trying every possible combination of letters, numbers, etc., until the code is
broken.
Cracker: A cracker is a person who breaks into computers. Crackers should not be confused
with hackers. The term “cracker” is usually connected to computer criminals. Some of their
crimes include vandalism, theft and snooping in unauthorized areas.
Cracking: It is the act of breaking into computers. Cracking is a popular, growing subject on the
Internet. Many sites are devoted to supplying crackers with programs that allow them to crack
computers. Some of these programs contain dictionaries for guessing passwords. Others are
used to break into phone lines (called “phreaking”). These sites usually display warnings such
as “These files are illegal; we are not responsible for what you do with them.”

Cracker tools: These are programs used to break into computers. Cracker tools are widely
distributed on the Internet. They include password crackers, Trojans, viruses, war dialers and
worms.
Phreaking: This is the notorious art of breaking into phone or other communication
systems.Phreaking sites on the Internet are popular among crackers and other criminals.
 War dialer: Program automatically dials phone numbers looking for computers on the other
end. It catalogs numbers so that the hackers can call back and try to break in. An attacker would
look to exploit the vulnerabilities in the networks, most often so because the networks are not
adequately protected.

 The categories of vulnerabilities that hackers typically search for are the following:
o Inadequate border protection (border as in the sense of network periphery);
o remote access servers (RASs) with weak access controls;
o application servers with well-known exploits;
o misconfigured systems and systems with default configurations.
 To help the reader understand the network attack scenario, Fig. 2.2 illustrates a smallnetwork highlighting
specific occurrences of several vulnerabilities described above.

Box 2.2 | What Color is Your Hat in the Security World?

A black hat is also called a “cracker” or “dark side hacker.” Such a person is a malicious or
criminal hacker. Typically, the term “cracker” is used within the security industry. However,
the general public uses the term hacker to refer to the same thing. In computer terminology, the
meaning of “hacker” can be much broader. The name comes from the opposite of “white hat
hackers.”

A white hat hacker is considered an ethical hacker. In the realm of IT, a “white hat hacker”
is a person who is ethically opposed to the abuse of computer systems. It is said that the term is
derived from American western movies, where the protagonist typically wore a white cowboy
hat and the antagonist typically wore a black one. As a simplified explanation, a “white hat”
generally focuses on securing IT systems, whereas a “black hat” (the opposite) would like to
break into them, so this sounds like an age-old game of a thief and a police.
 A brown hat hacker is one who thinks before acting or committing a malice or non-malice
deed. A grey hat commonly refers to a hacker who releases information about any exploits or
security holes he/she finds openly to the public. He/she does so without concern for how the
information is used in the end (whether for patching or exploiting).

Categories of Cybercrime
Cybercrime can be categorized based on the following:
1. The target of the crime and
2. whether the crime occurs as a single event or as a series of events.
Cybercrime can be targeted against individuals (persons), assets (property) and/or
organizations (government, business and social).
1. Crimes targeted at individuals: The goal is to exploit human weakness such as greed and naivety. These
crimes include financial frauds, sale of non-existent or stolen items, child pornography (explained in Section
1.5.13, Chapter 1), copyright violation, harassment, etc. with the development in the IT and the Internet; thus,
criminals have a new tool that allows them to expand the pool of potential victims. However, this also makes
difficult to trace and apprehend the criminals.
2. Crimes targeted at property: This includes stealing mobile devices such as cell phone, laptops, personal
digital assistant (PDAs), and removable medias (CDs and pen drives); transmitting harmful programs that can
disrupt functions of the systems and/or can wipe out data from hard disk, and can create the malfunctioning of
the attached devices in the system such as modem, CD drive, etc.

3. Crimes targeted at organizations: Cyber terrorism is one of the distinct crimes against organizations/
governments. Attackers (individuals or groups of individuals) use computer tools and the Internet to usually
terrorize the citizens of a particular country by stealing the private information, and also to damage the
programs and fi les or plant programs to get control of the network and/or system (see Box 2.3).
4. Single event of cybercrime: It is the single event from the perspective of the victim. For example,
unknowingly open an attachment that may contain virus that will infect the system (PC/laptop). This is known
as hacking or fraud.
5. Series of events: This involves attacker interacting with the victims repetitively. For example, attacker interacts
with the victim on the phone and/or via chat rooms to establish relationship first and then they exploit that
relationship to commit the sexual assault.
Box 2.3 | Patriot Hacking
Patriot hacking[1] also known as Digital Warfare, is a form of vigilante computer systems‟
cracking done by individuals or groups (usually citizens or supports of a country) against a
real or perceived threat. Traditionally, Western countries, that is, developing countries, attempts
to launch attacks on their perceived enemies.
Although patriot hacking is declared as illegal in the US, however, it is reserved only for
government agencies [i.e., Central Intelligence Agency (CIA) and National Security Agency
(NSA)] as a legitimate form of attack and defense. Federal Bureau of Investigation (FBI) raised
the concern about rise in cyber attacks like website defacements (explained in Box 1.4,
Chapter1) and denial-of-service attacks (DoS – refer to Section 4.9, Chapter 4), which adds as
fuel into increase in international tension and gets mirrored it into the online world.

After the war in Iraq in 2003, it is getting popular in the North America, Western Europe and
Israel. These are countries that have the greatest threat to Islamic terrorism and its
aforementioned digital version.
 The People‟s Republic of China is allegedly making attacks upon the computer networks of the
US and the UK. Refer to Box 5.15 in Chapter 5. For detailed information visit
www.patriothacking.com

HOW CRIMINALS PLAN THE ATTACKS

 Criminals use many methods and tools to locate the vulnerabilities of their target.
 The target can be an individual and/or an organization.
 Criminals plan passive and active attacks
 Active attacks are usually used to alter the system (i.e., computer network) whereas
passive attacks attempt to gain information about the target.
 Active attacks may affect the availability, integrity and authenticity of data whereas
passive attacks lead to violation of confidentiality.

The following phases are involved in planning cybercrime:

1. Reconnaissance (information gathering) is the first phase and is treated as passiveattacks.
2. Scanning and scrutinizing the gathered information for the validity of the information aswell as to identify
the existing vulnerabilities.
3. Launching an attack (gaining and maintaining the system access).

Reconnaissance (reconnaissance= 9ఘa)

 The literal meaning of “Reconnaissance” is an act of finding something or somebody
(especially to gain information about an enemy or potential enemy).
 In the world of “hacking,” reconnaissance phase begins with “Footprinting” – this is the preparation toward
pre-attack phase, and involves accumulating data about the target‟s environment and computer architecture to
find ways to intrude into that environment.
 Footprinting gives an overview about system vulnerabilities and provides a judgment about possible
exploitation of those vulnerabilities.
 The objective of this preparatory phase is to understand the system, its networking ports and services, and any
other aspects of its security that are needful for launching the attack.
 Thus, an attacker attempts to gather information in two phases: passive and active attacks. Let us understand
these two phases.

Passive Attacks
A passive attack involves gathering information about a target without his/her (individual‟s or company‟s)
knowledge. It can be as simple as watching a building to identify what time employees enter the building
premises. However, it is usually done using Internet searches or by Googling (i.e., searching the required
information with the help of search engine Google) an individual or company to gain information.
1. Google or Yahoo search: People search to locate information about employees.
2. Surfing online community groups like Orkut/Facebook will prove useful to gain the information about an
individual.
3. Organization‟s website may provide a personnel directory or information about key employees, for example,
contact details, E-Mail address, etc. These can be used in a social engineering attack to reach the target (see
Section 2.3).
4. Blogs, newsgroups, press releases, etc. are generally used as the mediums to gain information about the
company or employees.
5. Going through the job postings in particular job profiles for technical persons can provide information about
type of technology, that is, servers or infrastructure devices a company maybe using on its network.

Active Attacks
 An active attack involves probing the network to discover individual hosts to confirm the information
(IP addresses, operating system type and version, and services on the network) gathered in the passive attack
phase. It involves the risk of detection and is also called “Rattling the doorknobs” or “Active reconnaissance.”
Active reconnaissance can provide confirmation to an attacker about security measures in place (e.g., whether
the front door is locked?), but the process can also increase the chance of being caught or raise a suspicion.

Scanning and Scrutinizing Gathered Information

Scanning is a key step to examine intelligently while gathering information about the
target.
The objectives of scanning are as follows:
1. Port scanning: Identify open/close ports and services. Refer to Box 2.5.
2. Network scanning: Understand IP Addresses and related information about thecomputer network systems.
3. Vulnerability scanning: Understand the existing weaknesses in the system.

Attack (Gaining and Maintaining the System Access)

After the scanning and enumeration, the attack is launched using the following steps:
1. Crack the password.
2. exploit the privileges.
3. execute the malicious commands/applications.
4. hide the files (if required).
5. cover the tracks – delete the access logs, so that there is no trail illicit activity.

SOCIAL ENGINEERING
 Social engineering is the “technique to influence” and “persuasion to deceive” people to obtain the information
or perform some action.
 Social engineers exploit the natural tendency of a person to trust social engineers‟ word, rather than exploiting
computer security holes.
 It is generally agreed that people are the weak link in security and this principle makes social engineering
possible.
 A social engineer usually uses telecommunication (i.e., telephone and/or cell phone) or Internet to get them to
do something that is against the security practices and/or policiesof the organization.
 Social engineering involves gaining sensitive information or unauthorized access privileges by building
inappropriate trust relationships with insiders.
 It is an art of exploiting the trust of people, which is not doubted while speaking in a normal manner.
 The goal of a social engineer is to fool someone into providing valuable information or access to that
information.
 Social engineer studies the human behavior so that people will help because of the desire to be helpful, the
attitude to trust people, and the fear of getting into trouble.
 The sign of truly successful social engineers is that they receive information without any suspicion.
 A simple example is calling a user and pretending to be someone from the service desk working on a network
issue; the attacker then proceeds to ask questions about what the user is working on, what file shares he/she
uses, what his/her password is, and so on… (see Box 2.6).

Box 2.6 | Social Engineering Example

Mr. Joshi: Hello?
 The Caller: Hello, Mr. Joshi. This is Geeta Thomas from Tech Support. Due to some disk space
constraints on the file server, we will be moving few user‟s home directories to another disk.
This activity will be performed tonight at 8:00 p.m. Your account will be a part of this move and
will be unavailable temporarily.
Mr. Joshi: Ohh … okay. I will be at my home by then, anyway.
Caller: Great!!! Please ensure to log off before you leave office. We just need to check a
couple
of things. What is your username?
Mr. Joshi: Username is “pjoshi.” None of my files will be lost in the move, right?
Caller: No sir. But we will have to check your account to ensure the same. What is the
passwordof that account?
Mr. Joshi: My password is “ABCD1965,” all characters in upper case.
Caller: Ok, Mr. Joshi. Thank you for your cooperation. We will ensure that all the files are
there.
Mr. Joshi: Thank you. Bye.
Caller: Bye and have a nice day.

Classification of Social EngineeringHuman-Based Social Engineering

 Human-based social engineering refers to person-to-person interaction to get therequired/desired
information.
 An example is calling the help desk and trying to find out a password.
1. Impersonating an employee or valid user:
 “Impersonation” is perhaps the greatest technique used by social engineers to deceivepeople.
 Social engineers “take advantage” of the fact that most people are basically helpful, so itseems harmless to
tell someone who appears to be lost where the computer room is located, or to let someone into the
building who “forgot” his/her badge, etc., or pretending to be an employee or valid user on the system.
2. Posing as an important user:
 The attacker pretends to be an important user – for example, a Chief Executive Officer (CEO) or high-level
manager who needs immediate assistance to gain access to a system.
 The attacker uses intimidation so that a lower-level employee such as a help-desk worker will help him/her in
gaining access to the system. Most of the low-level employees will not ask any question to someone who
appears to be in a position of authority.
3. Using a third person:
 An attacker pretends to have permission from an authorized source to use a system. This trick is useful when
the supposed authorized personnel is on vacation or cannot be contacted for verification.
4. Calling technical support:
 Calling the technical support for assistance is a classic social engineering example.
 Help-desk and technical support personnel are trained to help users, which makes them good prey for social
engineering attacks.
5. Shoulder surfing:
 It is a technique of gathering information such as usernames and passwords by watching over a person‟s
shoulder while he/she logs into the system, thereby helping an attacker to gain access to the system.
6. Dumpster diving:
 It involves looking in the trash for information written on pieces of paper orcomputer printouts.
 This is a typical North American term; it is used to describe the practice of rummagingthrough commercial or
residential trash to find useful free items that have been discarded.
 It is also called dumpstering, binning, trashing, garbing or garbage gleaning.
 “Scavenging” is another term to describe these habits.
 In the UK, the practice is referred to as “ binning” or “skipping” and the person doing itis a “binner” or a
“skipper.”

Computer-Based Social Engineering

 Computer-based social engineering refers to an attempt made to get the required/desired information by using
computer software/Internet.
 For example, sending a fake E-Mail to the user and asking him/her to re-enter apassword in a webpage to
confirm it.
1. Fake E-Mails:
 The attacker sends fake E-Mails (see Box 2.7) to users in such that the user finds it as areal e-mail.
 This activity is also called “Phishing”.
 It is an attempt to attract the Internet users (netizens) to reveal their personal information, such as usernames,
passwords and credit card details by impersonating as a trustworthy and legitimate organization or an
individual.
 Banks, financial institutes and payment gateways are the common targets.
 Phishing is typically carried out through E-Mails or instant messaging and often directs users to enter details at
a website, usually designed by the attacker with abiding the look and feel of the original website.
 Thus, Phishing is also an example of social engineering techniques used to fool netizens.
 The term “Phishing” has been evolved from the analogy that Internet scammers are using E-Mails attract to fish
for passwords and financial data from the sea of Internet users (i.e., netizens).
 The term was coined in 1996 by hackers who were stealing AOL Internet accounts by scamming passwords
without the knowledge of AOL users.
 As hackers have a tendency of replacing “f” with “ph,” the term “Phishing” came into being.
2. E-Mail attachments:
 E-Mail attachments are used to send malicious code to a victim‟s system, which will automatically (e.g.,
keylogger utility to capture passwords) get executed.
 Viruses, Trojans, and worms can be included cleverly into the attachments to entice a victim to open the
attachment.
3. Pop-up windows:
 Pop-up windows are also used, in a similar manner to E-Mail attachments. Pop-up windows with special offers
or free stuff can encourage a user to unintentionally install malicious software.

CYBERSTALKING
 The dictionary meaning of “stalking” is an “act or process of following prey stealthily – trying to approach
somebody or something.”
 Cyberstalking has been defined as the use of information and communications technology, particularly the
Internet, by an individual or group of individuals to harass another individual, group of individuals, or
organization.
 The behavior includes false accusations, monitoring, transmission of threats, ID theft, damage to data or
equipment, solicitation of minors for sexual purposes, and gathering information for harassment purposes.
 Cyberstalking refers to the use of Internet and/or other electronic communications devices to stalk another
person.
 It involves harassing or threatening behavior that an individual will conduct repeatedly, for example,
following a person, visiting a person‟s home and/or at business place, making phone calls, leaving written
messages, or vandalizing against the person‟s property. As the Internet has become an integral part of our
personal and professional
lives, cyberstalkers take advantage of ease of communication and an increased access topersonal information
available with a few mouse clicks or keystrokes.
 Types of Stalkers
There are primarily two types of stalkers.
1. Online stalkers:
 They aim to start the interaction with the victim directly with the help of the Internet.
 E-Mail and chat rooms are the most popular communication medium to get connected with the victim, rather
than using traditional instrumentation like telephone/cell phone.
 The stalker makes sure that the victim recognizes the attack attempted on him/her.
 The stalker can make use of a third party to harass the victim.
2. Offline stalkers:
 The stalker may begin the attack using traditional methods such as following the victim, watching the daily
routine of the victim, etc.
 Searching on message boards/newsgroups, personal websites, and people finding services or websites are most
common ways to gather information about the victim using the Internet.
 The victim is not aware that the Internet has been used to perpetuate an attack against them.

Cases Reported on Cyberstalking

 The majority of cyberstalkers are men and the majority of their victims are women.
 Some cases also have been reported where women act as cyberstalkers and men as the victims as well as cases
of same-sex cyberstalking.
 In many cases, the cyberstalker and the victim hold a prior relationship, and the cyberstalking begins when the
victim attempts to break off the relationship, for example, ex-lover, ex-spouse, boss/subordinate, and neighbor.
 However, there also have been many instances of cyberstalking by strangers.

How Stalking Works?

It is seen that stalking works in the following ways:
3. Personal information gathering about the victim: Name; family background; contact details such as cell phone
and telephone numbers (of residence as well as office); address of residence as well as of the office; E-Mail
address; date of birth, etc.
4. Establish a contact with victim through telephone/cell phone. Once the contact is established, the stalker may
make calls to the victim to threaten/harass.
5. Stalkers will almost always establish a contact with the victims through E-Mail. The letters may have the
tone of loving, threatening or can be sexually explicit. The stalker may use multiple names while contacting
the victim.
6. Some stalkers keep on sending repeated E-Mails asking for various kinds of favors or threaten the victim.
7. The stalker may post the victim‟s personal information on any website related to illicit services such as sex-
workers‟ services or dating services, posing as if the victim has posted the information and invite the people to
call the victim on the given contact details (telephone numbers/cell phone numbers/E-Mail address) to have
sexual services. The stalker will use bad and/or offensive/attractive language to invite the interested persons.
8. Whosoever comes across the information, start calling the victim on the given contact details ( telephone/cell
phone nos), asking for sexual services or relationships.
9. Some stalkers subscribe/register the E-Mail account of the victim to innumerable pornographic and sex sites,
because of which victim will start receiving such kind of unsolicited E-Mails.

Real-Life Incident of Cyberstalking Case Study

The Indian police have registered first case of cyberstalking in Delhi – the brief account of the case has been
mentioned here. To maintain confidentiality and privacy of the entities involved, we have changed their
names.
 Mrs. Joshi received almost 40 calls in 3 days mostly at odd hours from as far away asKuwait, Cochin,
Bombay, and Ahmadabad.
 The said calls created havoc in the personal life destroying mental peace of Mrs. Joshiwho decided to
register a complaint with Delhi Police.
 A person was using her ID to chat over the Internet at the website www.mirc.com, mostlyin the Delhi channel
for four consecutive days.
 This person was chatting on the Internet, using her name and giving her address, talkingin obscene language.
 The same person was also deliberately giving her telephone number to other chatters encouraging them to
call Mrs. Joshi at odd hours.
 This was the first time when a case of cyberstalking was registered.
 Cyberstalking does not have a standard definition but it can be defined to mean threatening, unwarranted
behavior, or advances directed by one person toward another person using Internet and other forms of online
communication channels as medium.

Box 2.8 | Cyberbullying

The National Crime Prevention Council defi nes Cyberbullying as “when the Internet,cell phones
or other devices are used to send or post text or images intended to hurt or embarrass another person.”
www.StopCyberbullying.org, an expert organization dedicated to Internet safety, security, and
privacy defi nes cyberbullying as “a situation when a child, tween, or teen is repeatedly „tormented, threatened,
harassed, humiliated, embarrassed, or otherwise targeted‟ by
another child, tween, or teen using text messaging, E-Mail, instant messaging, or any other type of digital
technology.”
The practice of cyberbullying is not limited to children and, while the behavior is identified by the
same definition in adults, the distinction in age groups is referred to as cyberstalking or cyberharassment when
perpetrated by adults toward adults.
Source: http://en.wikipedia.org/wiki/Cyber-bullying (2 April 2009).

CYBERCAFE AND CYBERCRIMES

 In February 2009, Nielsen survey on the profile of cybercafes users in India, it was found that 90% of the
audience, across eight cities and 3,500 cafes, were male and in the age group of 15–35 years; 52% were
graduates and postgraduates, though almost over 50% were students.
 Hence, it is extremely important to understand the IT security and governance practiced in the cybercafes.
 In the past several years, many instances have been reported in India, where cybercafes are known to be used
for either real or false terrorist communication.
 Cybercrimes such as stealing of bank passwords and subsequent fraudulent withdrawal of money have also
happened through cybercafes.
 Cybercafes have also been used regularly for sending obscene mails to harass people.
 Public computers, usually referred to the systems, available in cybercafes, hold two typesof risks.
 First, we do not know what programs are installed on the computer – that is, risk of malicious programs such
as keyloggers or Spyware, which maybe running at the background that can capture the keystrokes to know the
passwords and other confidential information and/or monitor the browsing behavior.
 Second, over-the-shoulder surfing can enable others to find out your passwords. Therefore, one has to be
extremely careful about protecting his/her privacy on such systems, as one does not know who will use the
computer after him/her.
 Indian Information Technology Act (ITA) 2000, does not define cybercafes and interprets cybercafes as
“network service providers” referred to under the Section 79, which imposed on them a responsibility for “due
diligence” failing which they would be liable for the offenses committed in their network.
 Cybercriminals prefer cybercafes to carry out their activities.
 The criminals tend to identify one particular personal computer (PC) to prepare it fortheir use.
 Cybercriminals can either install malicious programs such as keyloggers and/or Spywareor launch an attack
on the target.
 Cybercriminals will visit these cafes at a particular time and on the prescribed frequency, maybe alternate day
or twice a week.
 A recent survey conducted in one of the metropolitan cities in India reveals the following facts:

1. Pirated software(s) such as OS, browser, office automation software(s) (e.g., Microsoft Office) are installed in
all the computers.
2. Antivirus software is found to be not updated to the latest patch and/or antivirus signature.
3. Several cybercafes had installed the software called “Deep Freeze” for protecting the computers from
prospective malware attacks. Deep Freeze can wipe out the details of all activities carried out on the computer
when one clicks on the “restart” button. Such practices present challenges to the police or crime investigators
when they visit the cybercafes to pick up clues after the Interet Service Provider (ISP) points to a particular IP
address from where a threat mail was probably sent or an online Phishing attack was carried out, to retrieve
logged files.
4. Annual maintenance contract (AMC) found to be not in a place for servicing the computers; hence, hard disks
for all the computers are not formatted unless the computer is down. Not having the AMC is a risk from
cybercrime perspective because a cybercriminal can install a Malicious Code on a computer and conduct
criminal activities without any interruption.
5. Pornographic websites and other similar websites with indecent contents are not blocked.
6. Cybercafe owners have very less awareness about IT Security and IT Governance.
7. Government/ISPs/State Police (cyber cell wing) do not seem to provide IT Governance guidelines to cybercafe
owners.
8. Cybercafe association or State Police (cyber cell wing) do not seem to conduct periodic visits to cybercafes –
one of the cybercafe owners whom we interviewed expressed a view that the police will not visit a cybercafe
unless criminal activity is registered by filing an First Information Report (FIR). Cybercafe owners feel that
police either have a very little knowledge about the technical aspects involved in cybercrimes and/or about
conceptual understanding of IT security. There are thousands of cybercafes across India.

In the event that a central agency takes up the responsibility for monitoring cybercafes, an individual should
take care while visiting and/or operating from cybercafe. Here are a few tips for safety and security while using
the computer in a cybercafe:
1. Always logout:
2. Stay with the computer:
3. Clear history and temporary files:
4. Be alert:
5. Avoid online financial transactions:
6. Change passwords:
7. Use Virtual keyboard:
8. Security warnings:

Botnets: The Fuel for Cybercrime

Botnet

 The dictionary meaning of Bot is “(computing) an automated program for doing some particular task, often
over a network.”
 Botnet is a term used for collection of software robots, or Bots, that run autonomously and automatically.
 The term is often associated with malicious software but can also refer to the network of computers using
 distributed computing software.
 In simple terms, a Bot is simply an automated computer program One can gain the control of computer by
infecting them with a virus or other Malicious Code that gives the access.
 Computer system maybe a part of a Botnet even though it appears to be operating normally.
 Botnets are often used to conduct a range of activities, from distributing Spam and viruses to conducting
denial-of-service (DoS) attacks.
 A Botnet (also called as zombie network) is a network of computers infected with a malicious program that
allows cybercriminals to control the infected machines remotely without the users‟ knowledge.
 “Zombie networks” have become a source of income for entire groups of cybercriminals. The invariably low
cost of maintaining a Botnet and the ever diminishing degree of knowledge required to manage one are
conducive to the growth in popularity and, consequently, the number of Botnets.
 If someone wants to start a “business” and has no programming skills, there are plenty of “Bot for sale” offers
on forums.
 „encryption of these programs‟ code can also be ordered in the same way to protect them from detection by
antivirus tools.
 Another option is to steal an existing Botnet. Figure 2.8 explains how Botnets create business.
 One can reduce the chances of becoming part of a Bot by limiting access into the system.
 Leaving your Internet connection ON and unprotected is just like leaving the front door of the house wide
open.

One can ensure following to secure the system:

1. Use antivirus and anti-Spyware software and keep it up-to-date:
2. Set the OS to download and install security patches automatically:
3. Use a firewall to protect the system from hacking attacks while it is connected on the Internet: A firewall is a
software and/or hardware that is designed to block unauthorized access while permitting authorized
communications.
4. Disconnect from the Internet when you are away from your computer:
5. Downloading the freeware only from websites that are known and trustworthy:
6. Check regularly the folders in the mail box – “sent items” or “outgoing” – for those messages you did not send:
7. Take an immediate action if your system is infected:

Box 2.9 | Technical Terms

Malware: It is malicious software, designed to damage a computer system without the
owner‟sinformed consent. Viruses and worms are the examples of malware.
Adware: It is advertising-supported software, which automatically plays, displays, or
downloads advertisements to a computer after the software is installed on it or while the
application is being used. Few Spywares are classifi ed as Adware.
Spam: It means unsolicited or undesired E-Mail messages
Spamdexing: It is also known as search Spam or search engine Spam. It involves a number of
methods, such as repeating unrelated phrases, to manipulate the relevancy or prominence of
resources indexed by a search engine in a manner inconsistent with the purpose of the indexing
system.
DDoS: Distributed denial-of-service attack (DDoS) occurs when multiple systems flood the
bandwidth or resources of a targeted system, usually one or more web servers. These systems
are compromised by attackers using a variety of methods.
Attack Vector
 An “attack vector” is a path, which an attacker can gain access to a computer or to a network server to deliver
a payload or malicious outcome.
 Attack vectors enable attackers to exploit system vulnerabilities, including the human element.
 Attack vectors include viruses, E-Mail attachments, webpages, pop-up windows, instant messages, chat rooms,
and deception. All of these methods involve programming (or, in a few cases, hardware), except deception, in
which a human operator is fooled into removing or weakening system defenses.
 To some extent, firewalls and antivirus software can block attack vectors.
 However, no protection method is totally attack-proof.
 A defense method that is effective today may not remain so for long because attackers are constantly updating
attack vectors, and seeking new ones, in their quest to gain unauthorized access to computers and servers. Refer
to Box 2.10.
 The most common malicious payloads are viruses (which can function as their own attack vectors), Trojan
Horses, worms, and Spyware.
 If an attack vector is thought of as a guided missile, its payload can be compared to the warhead in the tip of the
missile.
 In the technical terms, payload is the necessary data being carried within a packet or other transmission unit – in
this scenario (i.e., attack vector) payload means the malicious activity that the attack performs.
 From the technical perspective, payload does not include the “overhead” data required to get the packet to its
destination. Payload may depend on the following point of view: “What constitutes it?” To a communications
layer that needs some of the overhead data to do its job, the payload is sometimes considered to include that
part of the overhead data that this layer handles. The attack vectors described here are how most of them are
launched.

1. Attack by E-Mail: The content is either embedded in the message or linked to by the message. Sometimes
attacks combine the two vectors, so that if the message does not get you, the attachment will. Spam is almost
always carrier for scams, fraud, dirty tricks, or malicious action of some kind. Any link that offers something
“free” or tempting is a suspect.
2. Attachments (and other files): Malicious attachments install malicious computer code. The code could be a
virus, Trojan Horse, Spyware, or any other kind of malware. Attachments attempt to install their payload as
soon as you open them.
3. Attack by deception: Deception is aimed at the user/operator as a vulnerable entry point. It is not just
malicious computer code that one needs to monitor. Fraud, scams, and to some extent Spam, not to mention
viruses, worms and such require the unwitting cooperation of the computer‟s operator to succeed. Social
engineering are other forms of deception that are often an attack vector too.
4. Hackers: Hackers/crackers are a formidable attack vector because, unlike ordinary Malicious Code, people are
flexible and they can improvise. Hackers/crackers use variety of hacking tools, heuristics, Cyberoffenses: How
and social engineering to gain access to computers and online accounts. They often install a Trojan Horse to
commandeer the computer for their own use.
5. Heedless guests (attack by webpage): Counterfeit websites are used to extract personal information. Such
websites look very much like the genuine websites they imitate. One may think he/she is doing business with
someone you trust. However, he/she is really giving their personal information, like address, credit card
number, and expiration date. They are often used in conjunction with Spam, which gets you there in the first
place. Pop-up webpages may install Spyware, Adware or Trojans.
6. Attack of the worms: Many worms are delivered as E-Mail attachments, but network worms use holes in
network protocols directly. Any remote access service, like file sharing, is likely to be vulnerable to this sort of
worm. In most cases, a firewall will block system worms. Many of these system worms install Trojan Horses.
7. Malicious macros: Microsoft Word and Microsoft Excel are some of the examples that allow macros. A macro
does something like automating a spreadsheet, for example. Macros can also be used for malicious purposes.
All Internet services like instant messaging, Internet Relay Chart(IRC), and P2P fi le-sharing networks rely on
 cozy connections between the computer and the other computers on the Internet. If one is using P2P software
then his/her system is more vulnerable to hostile exploits.
8. Foistware (sneakware): Foistware is the software that adds hidden components to the system with cunning
nature. Spyware is the most common form of foistware. Foistware is partial- legal software bundled with some
attractive software. Sneak software often hijacks your browser and diverts you to some “revenue
opportunity” that the foistware has set up.
9. Viruses: These are malicious computer codes that hitch a ride and make the payload. Nowadays, virus vectors
include E-Mail attachments, downloaded files, worms, etc.

Box 2.10 | Zero-Day Attack

A zero-day (or zero-hour) attack[17] is a computer threat which attempts to exploit computer
application vulnerabilities that are unknown to anybody in the world (i.e., undisclosed to the
software vendor and software users) and/or for which no patch (i.e., security fi x) is available.
Zero-day exploits are used or shared by attackers before the software vendor knows about the
vulnerability.

Sometimes software vendors discover the vulnerability but developing a patch can take time.
Alternatively, software vendors can also hold releasing the patch reason to avoid the flooding
the customers with numerous individual updates. A “zero-day” attack is launched just on or
before the first or “zeroth” day of vendor awareness, reason being the vendor should not get any
opportunity to communicate/distribute a security fix to users of such software. If the
vulnerability is not particularly dangerous, software vendors prefer to hold until multiple updates
(i.e., security fixes commonly known as patches) are collected and then release them together
as a package. Malware writers are able to exploit zero-day vulnerabilities through several
different attack vectors.

Zero-day emergency response team (ZERT): This is a group of software engineers who
work to release non-vendor patches for zero-day exploits. Nevada is attempting to provide
support with the Zeroday Project at www.zerodayproject.com, which purports to provide
information on upcoming attacks and provide support to vulnerable systems. Also, visit the
weblink http://www.isotf.org/zert to get more information about it.

Cloud Computing

 The growing popularity of cloud computing and virtualization among organizations have made it possible, the
next target of cybercriminals.
 Cloud computing services, while offering considerable benefits and cost savings, move servers outside the
organizations security perimeter, which make it easier for cybercriminals to attack these systems.
 Cloud computing is Internet (“cloud”)-based development and use of computer technology (“computing”).
 The term cloud is used as a metaphor for the Internet, based on the cloud drawing used to depict the Internet in
computer networks.
 Cloud computing is a term used for hosted services delivered over the Internet.
 A cloud service has three distinct characteristics which differentiate it from traditional hosting:

1. It is sold on demand – typically by the minute or the hour;

2. It is elastic in terms of usage – a user can have as much or as little of a service as he/she wants
at any given time;
3. The service is fully managed by the provider – a user just needs PC and Internet connection.
 Significant innovations into distributed computing and virtualization as well as improved access speed
over the Internet have generated a great demand for cloud computing.

Why Cloud Computing?

The cloud computing has following advantages.
1. Applications and data can be accessed from anywhere at any time. Data may not be held on a hard drive on one
user‟s computer.
2. It could bring hardware costs down. One would need the Internet connection.
3. Organizations do not have to buy a set of software or software licenses for every employee and the
organizations could pay a metered fee to a cloud computing company.
4. Organizations do not have to rent a physical space to store servers and databases. Servers and digital storage
devices take up space. Cloud computing gives the option of storing data on someone else‟s hardware, thereby
removing the need for physical space on the front end.
5. Organizations would be able to save money on IT support because organizations will have to ensure about the
desktop (i.e., a client) and continuous Internet connectivity instead of servers and other hardware. The cloud
computing services can be either private or public.

Types of Services
Services provided by cloud computing are as follows:
6. Infrastructure-as-a-service (IaaS): It is like Amazon Web Services that provide virtual servers with unique
IP addresses and blocks of storage on demand. Customers benefit from an Application Programmable
Interface (API) from which they can control their
servers. As customers can pay for exactly the amount of service they use, like for electricity or water, this
service is also called utility computing.
7. Platform-as-a-service (PaaS): It is a set of software and development tools hosted on the provider‟s
servers. Developers can create applications using the provider‟s APIs. Google Apps is one of the most famous
PaaS providers. Developers should take notice that there are not any interoperability standards; therefore, some
providers may not allow you to take your application and put it on another platform.
8. Software-as-a-service (SaaS): It is the broadest market. In this case, the provider allows the customer only to
use its applications. The software interacts with the user through a user interface. These applications can
be anything from Web-based E-Mail to applications such as Twitter or Last.fm.

Cybercrime and Cloud Computing

 Nowadays, prime area of the risk in cloud computing is protection of user data. Althoughcloud computing is
an emerging field, the idea has been evolved over few years.
 Risks associated with cloud computing environment are as follows
9. Elevated user access-Any data processed outside the organization brings with itan inherent level of risk
10. Regulatory compliance-Cloud computing service providers are not able and/or notwilling to undergo external
assessments.
11. Location of the data-User doesn‟t know where the data is stored or in whichcountry it is hosted.
12. Segregation of data-Data of one organization is scattered in different locations
13. Recovery of the data-In case of any disaster, availability of the services and datais critical.
14. Information security- violation reports Due to complex IT environment and several customers logging in and
logging out of the hosts, it becomes difficult to trace inappropriate and/or illegal activity
15. Long-term viability- In case of any major change in the cloud computing service provider (e.g., acquisition and
merger, partnership breakage), the service provided is at the stake.
 CYBERCRIME: MOBILE & WIRELESS
DEVICES SECURITY CHALLENGES POSED BY
MOBILE DEVICES
Mobility brings two main challenges to cybersecurity:
1. on the hand-held devices, information is being taken outside the physically controlled environment
and
2. remote access back to the protected environment is being granted
Perceptions of the organizations to these cybersecurity challenges are important in devising
appropriatesecurity operating procedure. As the number of mobile device users increases, two
challenges are presented:
1. at the device level called “microchallenges” and
2. at the organizational level called
“macrochallenges”Some well-known technical
challenges in mobile security are:
 Managing the registry settings and configurations, authentication service security
 Cryptography security
 Lightweight Directory Access Protocol (LDAP) security
 Remote Access Server (RAS) security
 Media player control security
 Networking application program interface (API) security, etc.

REGISTRY SETTINGS FOR MOBILE DEVICES

Let us understand the issue of registry settings on mobile devices through an example:
 Microsoft ActiveSync is meant for synchronization with Windows-powered personal
computers (PCs)and Microsoft Outlook.

 ActiveSync acts as the gateway between Windows-powered PC and Windows mobile-

powered device, enabling the transfer of applications such as Outlook information,
Microsoft Office documents, pictures, music, videos and applications from a user‟s desktop
to his/her device.
 In addition to synchronizing with a PC, ActiveSync can synchronize directly with the
Microsoft exchange server so that the users can keep their E-Mails, calendar, notes and
contacts updated wirelesslywhen they are away from their PCs.
 In this context, registry setting becomes an important issue given the ease with which
various applications allow a free flow of information.
 Figure: Registry value browsing
Thus, establishing trusted groups through appropriate registry settings becomes crucial.
One of the most prevalent areas where this attention to security is applicable is within “group
policy.” Group policy is one of the core operations that are performed by Windows Active
Directory.
There is one more dimension to mobile device security: new mobile applications are
constantly being provided to help protect against Spyware, viruses, worms, malware and other
Malicious Codes that run through the networks and the Internet. The mobile security issues on a
Windows platform is that the baseline security is not configured properly. When you get a
computer installed or use a mobile device for the first time, it may not be 100% secure. Even if
users go through every Control Panel setting and group policy option, they may not get the
computer to the desired baseline security.
For example, the only way to get a Windows computer to a security level that will be near
bulletproof is to make additional registry changes that are not exposed through any interface.
There are many ways to complete these registry changes on every computer, but some are
certainly more efficient than others.
Naïve (Innocent) users may think that for solving the problem of mobile device security
there are not many registry settings to tackle. However, the reality is far different! The reality of
the overall problem becomes prevalent when you start researching and investigating the
abundance of “registry hacks”

AUTHENTICATION SERVICE SECURITY

There are two components of security in mobile computing: security of devices and
security in networks. A secure network access involves mutual authentication between the device
and the base stations or Web servers.
This is to ensure that only authenticated devices can be connected to the network for
obtaining the requested services. No Malicious Code can impersonate (imitate) the service
provider to trick the device into doing something it does not mean to. Thus, the networks also play
a crucial role in security of mobile devices. Some eminent kinds of attacks to which mobile
devices are subjected to are: push attacks, pull attacks and crashattacks.

Figure: Push attack on mobile devices. DDoS implies distributed denial-of-service attack
 Figure: Pull attack on mobile devices

Figure: Crash attack on mobile devices. DoS- Denial-of-service attack

Authentication services security is important given the typical attacks on mobile devices
through wireless networks: DoS attacks, traffic analysis, eavesdropping, man-in-the-middle
attacks and session hijacking.
1. Cryptographic Security for Mobile Devices:
 Cryptographically Generated Addresses (CGA) is Internet Protocol version 6 (IPv6)
that addressesup to 64 address bits that are generated by hashing owner‟s public-key
address.
  The address the owner uses is the corresponding private key to assert address
ownership and to sign messages sent from the address without a public-key
infrastructure (PKI) or other security infrastructure.
 Deployment of PKI provides many benefits for users to secure their financial
transactions initiated from mobile devices.
 CGA-based authentication can be used to protect IP-layer signaling protocols including
neighbor discovery (as in context-aware mobile computing applications) and mobility
protocols.
 It can also be used for key exchange in opportunistic Internet Protocol Security
(IPSec). Palms (devices that can be held in one‟s palm) are one of the most common
hand-held devices used in mobile computing.
 Cryptographic security controls are deployed on these devices.
 For example, the Cryptographic Provider Manager (CPM) in Palm OS5 is a system-
wide suite of cryptographic services for securing data and resources on a palm-powered
device.
 The CPM extends encryption services to any application written to take advantage of
these capabilities, allowing the encryption of only selected data or of all data and
resources on the device.

2. LDAP Security for Hand-held Mobile Computing Devices:

 LDAP is a software protocol for enabling anyone to locate individuals, organizations
and other resources such as files and devices on the network (i.e., on the public Internet
or on the organizations‟s Intranet).
 In a network, a directory tells you where an entity is located in the network.
 LDAP is a light weight (smaller Attacker Launches blended attack over rogue ad hoc
network (802.11, bluetooth, infrared) amount of code) version of Directory Access
Protocol (DAP) because itdoes not include security features in its initial version.

3. RAS Security for Mobile Devices:

RAS (Remote Access Server) is an important consideration for protecting the business-
sensitive data that may reside on the employees‟ mobile devices. In terms of cybersecurity, mobile
devices are sensitive. Below Figure: organization‟s sensitive data can happen through mobile
hand-held devices carried by employees. In addition to being vulnerable to unauthorized access on
their own, mobile devices also provide a route into the systems with which they connect. By using
a mobile device to appear as a registered user (impersonating or masquerading) to these systems, a
would-be cracker is then able to steal data or compromise corporate systems in other ways.
 Another threat comes from the practice of port scanning:

 First, attackers use a domain name system (DNS) server to locate the IP address of a
connected computer.A domain is a collection of sites that are related in some sense.
 Second, they scan the ports on this known IP address, working their way through its
Transmission Control Protocol (TCP)/User Datagram Protocol (UDP) stack to see what
communication ports are unprotected by firewalls.
 For instance, File Transfer Protocol (FTP) transmissions are typically assigned to port 21. If
this port is left unprotected, it can be misused by the attackers.
 Protecting against port scanning requires software that can trap unauthorized incoming data
packets and prevent a mobile device from revealing its existence and ID.
 A personal firewall on a pocket PC or Smartphone device can be an effective protective
screen against this form of attack for the users connecting through a direct Internet or RAS
connection.

4. Media Player Control Security:

Various leading software development organizations have been warning the users about the
potential security attacks on their mobile devices through the “music gateways.” There are many
examples to show how a media player can turn out to be a source of threat to information held on
mobile devices. For example, in the year 2002, Microsoft Corporation warned about this.
 According to this news item, Microsoft had warned people that a series of flaws in its
Windows Media Player could allow a malicious hacker to hijack people‟s computer
systems and perform a variety of actions.

 According to this warning from Microsoft, in the most severe exploit of a flaw, a hacker
could take over a computer system and perform any task the computer‟s owner is allowed
to do, such as opening files or accessing certain parts of a network.

5. Networking API Security for Mobile Computing Applications:

 With the advent of electronic commerce (E-Commerce) and its further off -shoot into M-
Commerce, online payments are becoming a common phenomenon with the payment
gateways accessed remotely and possibly wirelessly.
 Furthermore, with the advent of Web services and their use in mobile computing
applications, the API becomes an important consideration.
 Already, there are organizations announcing the development of various APIs to enable
software and hardware developers to write single applications
  Most of these developments are targeted specifically at securing a range of embedded and
consumer products, including those running OSs such as Linux, Symbian, Microsoft
Windows CE and Microsoft Windows Mobile (the last three are the most commonly used
OSs for mobile devices).
 Technological developments such as these provide the ability to significantly improve
cybersecurity of a wide range of consumer as well as mobile devices. Providing a common
software framework, APIs will become an important enabler of new and higher value
services.

ATTACKS ON MOBILE/CELL PHONES
1. Mobile Phone Theft: Mobile phones have become an integral part of everbody‟s life and
the mobile phone has transformed from being a luxury to a bare necessity. Theft of mobile
phones has risen dramatically over the past few years. Since huge section of working
population in India use public transport, major locations where theft occurs are bus stops,
railway stations and traffic signals. Many Insurance Companies have stopped offering
Mobile Theft Insurance due to a large number of false claims.
When anyone looses his/her mobile phone, more than anything “Contact List” and
“Personally Identifiable Information (PII)”, that really matter, are lost. One might have just
thought that his/her cell phone is much safer than a PC that is very often attacked by
viruses; however, criminals made this thought as false statement. After PC, the criminals‟
(i.e., attackers‟) new playground has been cell phones, reason being the increasing usage of
cell phones and availability of Internet using cell phones. Another reason is increasing
demand for Wi-Fi zones in the metropolitans and extensive usage of cell phones in the
youths with lack of awareness/knowledge about the vulnerabilities of the technology.

The following factors contribute for outbreaks on mobile devices:

1. Enough target terminals: The first Palm OD virus was seen after the number of
Palm OS devices reached 15million. The 1st instance of a mobile virus was
observed during June 2004 when it was discovered that an organization “Ojam” had
engineered an antipiracy Trojan virus in older versions of their mobile phone game
known as Mosquito. This virus sent SMS text messages to the organization without
the user‟s knowledge.
2. Enough functionality: Mobile devices are increasingly being equipped with office
functionality and already carry critical data & applications, which are often
protected insufficiently or not at all. The expanded functionality also increases the
probability of malware.
3. Enough connectivity: Smartphones offer multiple communication options, such as
SMS, MMS, synchronization, Bluetooth, infrared (IR) and WLAN connections.

2. Mobile Viruses:
 A mobile virus is similar to a computer virus that targets mobile
phone data orapplications/software installed in it.
 Virus attacks on mobile devices are no longer an exception or proof-of-concept nowadays.
 In total, 40 mobile virus families and more than 300(+) mobile viruses have been identified.
 First mobile virus was identified in 2004 and it was the beginning to understand that
mobile devicescan act as vectors to enter the computer network.
 Mobile viruses get spread through two dominant communication protocols – Bluetooth and
MMS.
 Bluetooth virus can easily spread within a distance of 10–30 m, through Bluetooth-activated
 phones
 MMS virus can send a copy of itself to all mobile users whose numbers are available
in the infectedmobile phone‟s address book.
Following are some tips to protect mobile from mobile malware attacks:
1. Download or accept programs and content (including ring tones, games, video
clips and photos)only from a trusted source.
2. If a mobile is equipped with Bluetooth, turn it OFF or set it to non-discoverable
mode when it isnot in use and/or not required to use.
3. If a mobile is equipped with beam (i.e., IR), allow it to receive incoming beams,
only from thetrusted source.
4. Download and install antivirus software for mobile devices.

3. Mishing: Mishing is a combination of mobile and Phishing. Mishing attacks are attempted
using mobilephone technology.
 M-Commerce is fast becoming a part of everyday life. If you use your mobile phone
for purchasinggoods/services and for banking, you could be more vulnerable to a
Mishing scam.
 A typical Mishing attacker uses call termed as Vishing or message (SMS) known as Smishing.
 Attacker will pretend to be an employee from your bank or another organization
and will claim aneed for your personal details.
 Attackers are very creative and they would try to convince you with different reasons
why they needthis information from you.

4. Vishing: Vishing is the criminal practice of using social engineering over the telephone
system, most often using features facilitated by VoIP, to gain access to personal and
financial information from the public for the purpose of financial reward. The term is a
combination of V – Voice and Phishing. Vishing is usually used to steal credit card
numbers or other related data used in ID theft schemes from individuals. The most
profitable uses of the information gained through a Vishing attack include:
 ID theft
 Purchasing luxury goods and services
 Transferring money/funds
 Monitoring the victims‟ bank accounts
 Making applications for loans and credit cards

How Vishing Works:

The criminal can initiate a Vishing attack using a variety of methods, each of which
depends uponinformation gathered by a criminal and criminal‟s will to reach a particular
audience.
1. Internet E-Mail: It is also called Phishing mail.
2. Mobile Text Messaging: Text is being messaged in Mobile.
3. Voicemail: Here, Victim is forced to call on the provided phone number, once
he/she listens tovoice mail.
4. Direct phone Call: Following are the steps detailing on how direct phone call works
 The criminal gathers cell/mobile phone numbers located and steals mobile
phone numbersafter accessing cellular company.
 The criminal often uses a dialer to call phone numbers of people from a
specific region, andthat to from the gathered list of phone numbers.
  When the victim answers the call, an automated recorded message is played to
alert the victim that his/her credit card has had fraudulent activity and/or his/her
bank account has had unusualactivity.
 The message instructs the victim to call one phone number immediately.
 The same phone number is often displayed in the spoofed caller ID, under
the name of thefinancial company the criminal is pretending to represent.
 When the victim calls on the provided number, he/she is given automated
instructions to enterhis/her credit card number or bank account details with the
help of phone keypad.
 Once the victim enters these details, the criminal (i.e., visher) has the necessary
information tomake fraudulent use of the card or to access the account.
 Such calls are often used to gain additional details such as date of birth, credit
card expirationdate, etc.
Some of the examples of vished calls, when victim calls on the provided number after
receiving phished E-Mail and/or after listening voicemail, are as follows:
1. Automated message: Thank you for calling (name of local bank). Your business is
important to us. To help you reach the correct representative and answer your query fully,
please press the appropriate number on your handset after listening to options.
 Press 1 if you need to check your banking details and live balance.
 Press 2 if you wish to transfer funds.
 Press 3 to unlock your online profile.
 Press 0 for any other query.
2. Regardless of what the victim enters (i.e., presses the key), the automated system
prompts him to authenticate himself: “The security of each customer is important to us. To
proceed further, we require that you authenticate your ID before proceeding. Please type
your bank account number, followed by thepound key.”
3. The victim enters his/her bank account number and hears the next prompt: “Thank you.
Now please type your date of birth, followed by the pound key. For example 01 January
1950 press 01011950.”
4. The caller enters his/her date of birth and again receives a prompt from the automated
system: “Thank you. Now please type your PIN, followed by the pound key.”
5. The caller enters his PIN and hears one last prompt from the system: “Thank you. We
will now transfer you to the appropriate representative”.

At this stage, the phone call gets disconnected, and the victim thinks there was something
wrong with the telephone line; or visher may redirect the victim to the real customer
service line, and the victim will not be able to know at all that his authentication was
appropriated by the visher.

How to Protect from Vishing Attacks:

1. Be suspicious about all unknown callers.
2. Do not trust caller ID. It does not guarantee whether the call is really coming from
that number, that is, from the individual and/or company – caller ID Spoofing is
easy.
3. Be aware and ask questions, in case someone is asking for your personal or
financial information.
4. Call them back. If someone is asking you for your personal or financial
information, tell them that you will call them back immediately to verify if the
company is legitimate or not. In case someone is calling from a bank and/or credit
 card company, call them back using a number displayed on invoice and/or
displayed on website.
5. Report incidents: Report Vishing calls to the nearest cyberpolice cell with the
number and name that appeared on the caller ID as well as the time of day and the
information talked about or heard in a recorded message.

5. Smishing: Smishing is a criminal offense conducted by using social engineering

techniques similar to Phishing. The name is derived from “SMs phISHING”. SMS – Short
Message Service – is the text messages communication component dominantly used into
mobile phones.
SMS can be abused by using different methods and techniques other than
information gathering under cybercrime. Smishing uses cell phone text messages to deliver
a lure message to get the victim to reveal his/her PI. The popular technique to “hook” the
victim is either provide a phone number to force the victim to call or provide a website
URL to force the victim to access the URL, wherein, the victim gets connected with bogus
website (i.e., duplicate but fake site created by the criminal) and submits his/her PI.
Smishing works in the similar pattern as Vishing.
How to Protect from Smishing Attacks:
1. Do not answer a text message that you have received asking for your PI. Even if the
message seems to be received from your best friend, do not respond, because he/she may
not be the one who has actually sent it.
2. Avoid calling any phone numbers, as mentioned in the received message, to cancel a
membership and/or confirming a transaction which you have not initiated but mentioned in
the message. Always call on the numbers displayed on the invoice and/or appearing in the
bank statements/passbook.

3. Never click on a hot link received through message on your Smartphone or PDA. Hot
links are links that you can click, which will take you directly to the Internet sites.
Smishing messages may have hot links, wherein you click on the link and download
Spyware to your phone without knowing. Once this software has been downloaded,
criminals can easily steal any information that is available on your cell phone and have
access to everything that you do on your cell phone.

6. Hacking Bluetooth: Bluetooth is an open wireless technology standard used for

communication (i.e., exchanging data) over short distances (i.e., using short length radio
waves) between fixed and/or mobile device. Bluetooth is a short-range wireless
communication service/technology that uses the 2.4-GHz frequency range for its
transmission/communication. The older standard – Bluetooth 1.0 has a maximum transfer
speed of 1 Mbps (megabit per second) compared with 3 Mbps by Bluetooth 2.0.
When Bluetooth is enabled on a device, it essentially broadcasts “I‟m here, and I‟m
able to connect” to any other Bluetooth-based device within range. This makes Bluetooth
use simple and straightforward, and it also makes easier to identify the target for attackers.
The attacker installs special software [Bluetooth hacking tools] on a laptop and then
installs Bluetooth antenna.
Whenever an attacker moves around public places, the software installed on laptop
constantly scans the nearby surroundings of the hacker for active Bluetooth connections.
Once the software tool used by the attacker finds and connects to a vulnerable Bluetooth-
enabled cell phone, it can do things like download address book information, photos,
calendars, SIM card details, make long-distance phone calls using the hacked device, bug
 phone calls and much more.
S.No Name of the Tool Description
1. BlueScanner This tool enables to search for Bluetooth enable device and
will try to extract as much information as possible for each
newly discovered device after connecting it with the target.

2. BlueSniff This is a GUI-based utility for finding discoverable and

hidden Bluetooth enabled devices.

3. BlueBugger The buggers exploit the vulnerability of the device and access the
images, phonebook, messages and other personal information

4. Bluesnarfer If a Bluetooth of a device is switched ON, then

Bluesnarfing makes it possible to connect to the phone
without alerting the owner and to gain access to restricted
portions of the stored data.

5. BlueDiving Bluediving is testing Bluetooth penetration. It implements

attacks like Bluebug and BlueSnarf.

Bluejacking, Bluesnarfing, Bluebugging and Car Whisperer are common attacks that have
emerged as Bluetooth-specific security issues.
Bluejacking: It means Bluetooth + Jacking where Jacking is short name for hijack – act of
taking over something. Bluejacking is sending unsolicited messages over Bluetooth to
Bluetooth-enabled devices such as mobile phones, PDAs or computers (within 10-m
radius), Bluejacking is harmless, as bluejacked users generally do not understand what has
happened and hence they may think that their phone is malfunctioning.
Bluesnarfing: It is the unauthorized access from a wireless device through a Bluetooth
connection between cell phones, PDAs and computers. This enables the attacker to access
a calendar, contact list, SMS and E-Mails as well as enable attackers to copy pictures and
private videos.
Bluebugging: It allows attackers to remotely access a user‟s phone and use its features without
user‟s attention.
Car Whisperer: It is a piece of software that allows attackers to send audio to and receive
audio from a Bluetooth-enabled car stereo.
Among the four above-mentioned attacks, Bluesnarfing is claimed to be much more serious
thanBluejacking.

ORGANIZATIONAL SECURITY POLICIES AND MEASURES IN MOBILE COMPUTING

ERA
Importance of Security Policies relating to Mobile Computing Devices:

 Growth of mobile devices used makes the cybersecurity issue harder than what we would tend to
think.
 People (especially, the youth) have grown so used to their mobiles that they are treating
them like wallets!
  For example, people are storing more types of confidential information on mobile
computing devices than their employers or they themselves know; they listen to music
using their hand-held devices
 One should think about not to keep credit card and bank account numbers, passwords,
confidential E- Mails and strategic information about organization & also other valuable
information that could impact stock values in the mobile devices.

 Imagine the business impact if an employee‟s USB, pluggable drive or laptop was lost or
stolen, revealing the sensitive customer data such as credit reports, Social Security
Numbers (SSNs) & contact information.
 This not only the Public Relations (PR) disaster, but it could also violate laws & regulations.
 When controls cannot be implemented to protect data in the event they are stolen, the
simplest solution is to prevent users from storing proprietary information on platforms
deemed to be insufficiently secure.

Operating Guidelines for Implementing Mobile Device Security Policies:

 By using the following steps we can reduce the risk when mobile device lost or stolen
 Determine whether the employees in the organization need to use mobile computing devices or
not.
 Implement additional security technologies like strong encryption, device passwords and physical
locks.
 Standardize the mobile computing devices and the associated security tools being used with them.
 Develop a specific framework for using mobile computing devices.
 Maintain an inventory so that you know who is using what kinds of devices.
 Establish patching procedures for software on mobile devices.
 Label the devices and register them with a suitable service.
 Establish procedures to disable remote access for any mobile.
 Remove data from computing devices that are not in use
 Provide education and awareness training to personnel using mobile devices.
Organizational Policies for the Use of Mobile Hand-Held Devices:
There are many ways to handle the matter of creating policy for mobile devices.
 One way is creating a distinct mobile computing policy.
 Another way is including such devices under existing policy.
There are also approaches in between, where mobile devices fall under both existing
general policies and a new one. There may not be a need for separate policies for wireless, LAN,
WAN etc because a properly written network policy can cover all connections to the company
data, including mobiles & wireless.
LAPTOPS
Laptops, like other mobile devices, enhance the business functions. Their mobile access to
information anytime and anywhere, they also pose a large threat as they are portable. Wireless
capability in these devices has also raised cybersecurity concerns owing to the information being
transmitted over other, which makes it hard to detect.
 The thefts of laptops have always been a major issue, according to the cybersecurity
industry and insurance company statistics. Cybercriminals are targeting laptops that are expensive,
to enable them to fetch a quick profit in the black market. Most laptops contain personal and
corporate information that could be sensitive. Such information can be misused if found by a
malicious user.

Physical Security Countermeasures:

1. Cables and hardwired locks: The most cost-efficient and ideal solution to safeguard any
mobile device issecuring with cables and locks, specially designed for laptops.
2. Laptop safes: Safes made of polycarbonate – the same material that is used in bulletproof
windows, police riot shields and bank security screens – can be used to carry and safeguard
the laptops
3. Motion sensors and alarms: Alarms and motion sensors are very efficient in securing
laptops. Once these devices are activated, they can be used to track missing laptops in
crowded places. Modern alarm systems for laptops are designed wherein the alarm device
attached to the laptop transmits radio signals to a certain range around the laptop. The
owner of the laptop has a key ring device that communicates with the laptop alarm device.
The alarm is triggered when the distance between the laptop alarm device & the key ring
device crosses the specified range.
4. Warning labels and stamps: Warning labels containing tracking information and
identification details can be fixed onto the laptop to deter aspiring thieves. These labels
cannot be removed easily and are a low-cost solution to a laptop theft. These labels have an
identification number that is stored in universal database for verification, which in turn
makes the resale of stolen laptops a difficult process.
5. Other measures for protecting laptops are as follows:
 Engraving the laptop with personal details
 Keeping the laptop close to oneself wherever possible
 Carrying the laptop in a different and unobvious bag
 Creating the awareness among the employees about the sensitive information contained in the
laptop
 Making a copy of the purchase receipt of laptop, serial number & description of laptop
 Installing encryption software to protect information stored on the laptop
 Using personal firewall software to block unwanted access and intrusion
 Updating the antivirus software regularly
 Tight office security using security guards and securing the laptop by locking it
down in lockerswhen not in use
 Never leaving the laptop unattended in public places
  Disabling IR ports and wireless cards when not in use
 Choosing a secure OS

 Registering the laptop with the laptop manufacturer to track down the laptop in case of theft
 Disabling unnecessary user accounts and renaming the administrator account
 Backing up data on
a regular basisA few logical
access controls are as follows:
 Protecting from malicious programs/attackers/social engineering
 Avoiding weak passwords/open access
 Monitoring application security and scanning for vulnerabilities
 Ensuring that unencrypted data/unprotected fi le systems do not pose threats
 Proper handling of removable drives/storage mediums/unnecessary ports
 Password protection through appropriate passwords rules and use of strong passwords
 Locking down unwanted ports/devices
 Regularly installing security patches and updates
 Installing antivirus software/firewalls/intrusion detection system (IDSs)
 Encrypting critical file systems
 Other countermeasures:
 Choosing a secure OS that has been tested & has high security incorporated into it
 Registering the laptop with the laptop manufacturer to track down the laptop in case of
theft
 Disabling unnecessary user accounts & renaming the administrator account
 Disabling display of the last logged in username in the login dialog box
Backing up data on a regular basis