Unit-2

Tools and Methods Used in Cybercrimes

Syllabus

Tools and Methods used in Cyber Crime.

Introduction, Proxy Servers and Anonymizers, Phishing, Password cracking,
Key loggers and Spywares, virus and worms, Trojan horses and
Backdoors, Stegonagraphy, DoS and DDoS attacks.
Phishing and Identity Theft: Introduction, Phishing, Identity Theft (ID Theft)
Introduction
Network attack incidents reveal that attackers are often very systematic in
launching their attacks.
The basic stages of an attack are described here to understand how an
attacker can compromise a network here:
Initial uncovering
Network probe
Crossing the line toward electronic crime(E-crime)
Capturing the network
Grab the data
Covering tracks
 Initial uncovering
Two steps are involved here
Reconnaissance (information gathering)
The attacker un cover as much information as possible on the company’s
internal network.
Such as
Internet domain
Machine name and company internet protocol address ranges
Network probe
At this stage, the attacker trying to get network IP address (ping) and ports
(using port scanning tools) to discover exactly which services are running
on the target system.
At this point, the attacker has still not done any thing that would be consider
as an abnormal activity.
Crossing the line toward electronic
crime(E-crime)
Now the attacker is toward committing what is
technically a “ Computer Crime”.
He/she does this by exploiting possible holes on the
target system.
The attacker usually goes through several stages of
exploits to gain access to the system.
Certain Programming errors (Buffer overflow)
Default logins
Once the attacker are able to access a user account
without many privileges, they will attempt further
exploits to get an administrator or root access.
Capturing the network
At this stage an attacker attempts to own the network.
By compromising low priority systems.
The next step is to remove any evidence of attack.
Install a set of tools that replace existing files and services with Trojan
files and services that have backdoor password.
There are number of hacking tools which can cleanup log files and
remove any trace of intrusion( individual programs written by
hackers)
Such tools provides copies of system files that look and act like real
thing , but in fact they provide the attacker a back door entry into
the system and hide process he/she might be running on that
system and his/her user information.
Grab the data
Now the attacker has “ captured the network” he/she takes advantage of
his/her position to steal
Confidential data.
Customer credit card information
Deface web pages
Alter processes
Launch attacks at other sites from your network.
Covering tracks

This is the last step in any cyber attack, which refers to

the activities undertaken by the attacker to extend
misuse of the system without being detected.
The attacker can remain undetected for long period or
use this phase either to start a fresh reconnaissance
to the related target system or continued use of
resources, removing evidence of hacking, avoiding
legal action.
Tools used to cover tracks
ELSlave, WinZapper, Evidence eliminator, traceless, tracks
Eraser Pro
Proxy Servers and Anonymizers

Proxy server is a computer on a network which acts as

an intermediary for connections with other computers
on that network.
The attacker first connects to a proxy server and establishes a
connection with the target system through existing connection
with proxy.
This enables an attacker to surf on the web anonymously
and/or hide the attack.
A client connects to the proxy server and requests some
services available from a different server.
The proxy server evaluates the request and provides the
resource by establishing the connection to the respective
server and/or requests the required service on behalf of the
client.
Using a proxy server can allow an attacker to hide ID.
A proxy server has following purposes:
Keep the systems behind the curtain.
Speed up access to a resource(through “caching”). It is usually used to cache the webpages from
a web server.
Specialized proxy servers are used to filter unwanted content such as advertisements.
Proxy server can be used as IP address multiplexer to enable to connect number of computers on
the Internet, whenever one has only one IP address.
Listed are few websites where free proxy servers can be found.
www.proxy4free.com
www.publicproxyservers.com
www.proxz.com
www.annonymitychecker.com
www.surf24h.com
www.hidemypass.com
Anonymizer

An Anonymizer or an anonymous proxy is a tool that

attempts to make activity on the Internet untraceable.
It accesses the Internet on the user’s behalf, protecting
personal information by hiding the source computer’s
identifying information.
Anonymizers are services used to make web surfing
anonymous by utilizing a website that acts as a proxy
server for the web client.
The Anonymizers hides/removes all identifying
information from a user’s computer while the user
surfs on the Internet, which ensures the privacy of the
user.
Listed are few websites where more information about Anonymizers can be
found:
www.anonymizer.com
www.browzar.com
www.anonymize.net
www.anonymouse.ws
www.anonymouseindex.com
Phishing
Phishing- to stealing personal and financial data- and can infect systems with
viruses and also a method of online ID theft in various cases.
Most people associate phishing with E-Mail messages that spoof or mimic
banks, credit card companies or other business such as Amazon and eBay.
These messages look authentic and attempt to get users to reveal their
personal information.
How Phishing Works

Phishers work in the following:

Planning:
phishers decide the target (specific business/business house/
an individual).
Determine how to get E-Mail address of that target or
customers of that business.
Phishers often use mass mailing and address collection
techniques as spammers.
Setup:
Once phishers know which business/business house to spoof
and what their victims are, they will create methods for
delivering the message and to collect the data about the
target.
Most often this involves E-Mail addresses and webpage.
Attacks :
This is the step people are most familiar with-the phisher sends a phony message that appears to
be from a reputable source.
Collection:
phishers record the information of victims entering into webpages or pop-up windows.
Identify theft and fraud:
Phishers use the information that they have gathered to make illegal purchases or commit fraud.
Phishing started off as being part of popular hacking culture.
Password Cracking

Password is like a key to get an entry into computerized systems like a lock.
Password cracking is a process of recovering passwords from data that have
been stored in or transmitted by a computer system.
Usually, an attacker follows a common approach- repeatedly making guesses
for the password.
The purpose of password cracking is as follows:
To recover a forgotten password
As a preventive measure by system administrator to check for easily crackable passwords.
To gain unauthorized access to a system.
Manual password cracking is to attempt to logon with different passwords. The
attacker follows the following steps:
Find a valid user account such as an administrator or guest
Create a list of possible passwords
Rank the passwords from high to low probability.
Key-in each password
Try again until a successful password is found
Passwords can be guessed sometimes with knowledge
of users personal information. Examples of guessable
passwords include:
Blank
The words like “password”, “passcode” and “admin”
Series of letters from the “QWERTY” key board.
Users name or login name
Name of users friend/relative/pet
Users birth place or date of birth, or relative’s or friend’s.
User’s vehicle number; office number, residence number or
mobile number;
Name of the celebrity who is considered to be an idol(actors,
spiritual gurus) by the user.
Simple modifications of one of the preceding, such as suffixing
a digit, particularly1, or reversing the order of letters.
An attacker can also create a script file (i.e. automated program) which will be
executed to try each password in a list.
Password cracking attacks can be classified under three categories as follows:
Online attacks;
Offline attacks;
Non-electronic attacks (e.g., social engineering, shoulder surfing and dumpster diving )
Online attacks

An attacker can create a script file (i.e. automated

program) that will be executed to try each password in
a list and when matches, an attacker can gain the
access to the system.
The most popular online attack is man-in-the
middle(MITM) attack, also termed as “bucket-brigade
attack” or sometimes “janus attack.”
This type of attack is used to obtain the passwords for
E-Mail accounts on public websites such as Yahoo,
Hotmail and Gmail and can also used to get the
passwords for financial websites that would like to gain
the access to banking websites.
Offline attacks

Mostly offline attacks are performed from a location other than the target (i.e.,
either a computer system or while on the network) where these passwords
reside or are used.
Offline attacks usually require physical access to the computer and copying
the password file from the system onto removable media. Different types of
offline password attacks are Dictionary attack, Hybrid attack, Brute force
attack.
Types of password cracking methods
Type of Attack Description Example of password
Dictionary Attack Attempt to match all Administrator
the words from the
dictionary to get the
password.
Hybrid attack Substitutes numbers Adm1n1stator
and symbols to get the
password
Brute force attack Attempt all possible Adm!n@09
permutations –
combinations of
letters numbers and
special charecters.
Strong, Weak and Random
Passwords
A weak password is one , which could be easily guessed, short, common and
a system default password that could be easily found by executing brute
force attack and by using a subset of all possible passwords, such as words
in the dictionary, proper names and words based on the username or
common variations on these themes.
Examples of “weak Passwords”:
Susan: Common personal names;
Aaaa: repeated letters, can be guessed;
Rover: common name for a pet, also a dictionary word;
Abc123: can be easily guessed;
Admin: can be easily guessed;
1234: can be easily guessed;
QWERTY: a sequence of adjacent letters on many keyboards;
12/3/35: date, possibly of personal importance;
Nbusr123: probably a username, and if so, can be very easily
guessed;
p@$$\/\/0rd: simple letter substitutions are preprogrammed into
password cracking tools.
Password: used very often-trivially guessed
December12:using date
A strong password is long enough, random or otherwise difficult to guess –
producible only by the user who choose it
Some examples of strong passwords:
Convert_$100 to Euros!
382460943aH
4pRet@13
MoOoOfln2356
T3wasno23436@
Random Passwords
Password is stronger if it includes a mix of upper and lower case
letters, numbers and other symbols, when allowed , for the same
number of characters.
The difficulty in remembering such a password increases the
chance that the user will write down the password, which makes
it more vulnerable to a different attack.
Forcing the users to use system created random passwords
ensures that the password will have no connection with that user
and should not be found in any dictionary.
Several OSs have included such a feature. Almost all the OSs also
include password aging; the users are required to choose new
passwords regularly, usually after 30 or 45 days.
The general guidelines applicable to the password policies, which
can be implemented organization-wide, are as follows:
Passwords and user logon identities(IDs) should be unique to each authorized user.
Passwords should consists of a minimum of eight alphanumeric characters.
These should be computer-controlled lists of prescribed password rules and periodic testing to
identify any password weaknesses.
Passwords should be kept private, that is , not shared with friends, colleagues, etc. they shall not
be coded into programs or noted down anywhere.
Passwords shall be changed every 30/45 days or less. Most operating systems can enforce a
password with an automatic expiration and prevent repeated or reused passwords.
User accounts should be frozen after five failed logon attempts. All erroneous password entries
should be recorded in an audit log for later inspection and action, as necessary.
Sessions should be suspended after 15 mins of inactivity and require the passwords to be re-
entered.
Successful logons should display the date and time of the last logon and logoff.
Logon IDs and passwords should be suspended after a specified period of non-use.
Similarly,netzens should practice password guidelines to avoid being victim of
getting their personal E-Mail accounts hacked/attcked by the attackers.
passwords used for business E-Mail accounts, personal E-Mail accounts(Yahoo/Hotmail/Gmail)
and banking/Financial user accounts (eg.,online banking/securities trading accounts) should
be kept separate.
Passwords should be of minimum eight alphanumeric characters (common names or phrases
should be phrased).
Passwords should be changed every 30/45 days.
Passwords should not be shard with relatives and/or friends.
Password used previously should not be used while renewing the password.
Passwords of personal E-Mail accounts (Yahoo/ Hotmail/Gmail and banking /Financial user
accounts (eg.,online banking/securities trading accounts) should be changed from a secured
system, within couple of days, if these E-Mail accounts has been accessed from public internet
facilities such as cybercafes/hotels/libraries.
Passwords should not be stored under mobile phones, PDA'sas these devices are also prone to
cyber-attacks
In the case of receipt of an E-mail from banking/financial institutions, instructing to change the
passwords, before clicking the web links displayed in the E-Mail, legitimacy of the E-Mail
should be ensured to avoid being a victim of phishing attacks
Similarly, in case of receipt of SMS from banking/financial institutions, instructing to change the
Passwords, legitimacy of the E-Mail should be ensured to avoid being a victim of Smishing
attacks
In case E-Mail accounts/user accounts have been hacked, respective agencies/institutes should
be contacted immediately.
KEYLOGGERS and SPYWARES
Keystroke logging, often called keylogging, is the practice of noting (or
logging) the key struck on a keyboard, typically in a covert manner so that
the person using the keyboard is unaware that such actions are being
monitored
keystroke or keylogger is quicker and easier way of capturing the passwords
and monitoring the victim's IT savvy behaviour.
it can be classified as software keylogger or hardware keylogger.
SOFTWARE KEYLOGGERS:
Software keyloggers are software programs installed on the
computer systems which usually are located between the
OS and the keyboard hardware, and every keystroke is
recorded. Software keyloggers are installed on a computer
system by Trojans or viruses without the knowledge of the
user.
Cybercriminals always install such tools on the insecure
computer systems available in public places and can obtain
the required information about the victim very easily.
A Keylogger usually consists of two files that are installed in
the same directory: a dynamic link library(DLL)file and an
EXEcutable(EXE)file that installs the DLL file and triggers it
so work. DLL does all the recording of keystrokes.
website
http://www.soft-central.net
http://kgb-spy-
software.es.softonic.com
Brief Description
SC-Keylog PRO:
It allows to secretly record computer
user activities such as E-Mails, chat
conversions, visited websites,
clipboard usage. etc
KGB Spy:
1. Widely used by both regular users
and IT security specialists.
2. It records all typed data/all
keyboard activity.
3. It can be used to monitor
children’s activity at home .
4. Ensure employees do not use
company’s computers
inappropriately.
website Brief Description
http://www.spy- Spy Buddy:
guide.net/spybuddy-spy- This, along with keylogger, has the following
software.html features:
1. Internet conversation logging
2. Disk activity logging
3. Window activity logging
4. Application activity logging
5. Clipboard activity logging
6. Internet explorer history
7. Printed documents logging
8. Websites activity logging
9. Screenshot capturing

http://www.spytech-web.com Spytech SpyAgent Stealth

www.relytec.com All In One Keylogger

www.stealtheylogger.org Stealth Keylogger
www.blazingtools.com Perfect keylogger
www.elite-keylogger.com Elite Keylogger
www.cyberspysoftware.com CyberSpy
www.mykeylogger.com Powered Keylogger :Can be used as
follows:
Surveillance: it is for anyone to control
what happens on the computer when the
computer’s owner is away.
Network administration:
To control outgoing traffic and sites
visited
Shared PC activity tracking
Parental control
Employee productivity monitoring.
www.x-pcsoft.com XPC Spy
HARDWARE KEYLOGGERS

To install these keyloggers, physical access to the

computer system is required.
Hardware Keyloggers are small hardware devices.
These are connected to the PC and/or to the Keyboard
and save every Keystroke into a file or in the memory
of the hardware device.
Cybercriminals install such devices on ATM machines to
capture ATM cards's PINs.
Each keypress on the keyboard of the ATM gets
registered by these keyloggers look like an integrated
part of such systems; hence, bank customers are
unaware of their presence.
Listed are few websites where more information about hardware keyloggers
can be found:
1.http://www.keyghost.com
2.http://www.keylog.com
3.http://www.keydevil.com
4.http://www.key katcher.com
ANTIKEYLOGGER

Antikeylogger is a tool that can detect the keylogger installed on the computer
system and also can remove the tool.

For more info visit

www.anti-keyloggers.com
ADVANTAGES of using antikeyloggers are as follows:
Firewalls cannot detect the installations of keyloggers on the systems; hence,antikeyloggers can
detect installations of keylogger.
this software does not require regular updates of signature bases to work effectively such as
other antivirus.
Prevents internet banking frauds. Passwords can be easily gained with the help of installing
keyloggers.
It prevents ID theft
It secures E-Mail and instant messaging/chatting.
SPYWARES
Spyware is a type of malware that is
installed on computers which collects information about users without their
knowedge. The presence of Spyware is typically hidden from the user;
it is secretly installed on the user's personal computer.
Sometimes Spywares such as keyloggers are installed by the owner of
shared, corporate or public computer on purpose to secretly monitor other
users.
007 Spy (www.e-spy-software.com)
Spector Pro, eBlaster (www.spectorsoft.com)
Remotespy (www.remotespy.com)
Stelth Record Pro (www.topofbestsoft.com)
Stealth Website Logger (www.amplusnet.com)
Flexispy (www.flexispy.com)
Wiretap profesional (www.wiretappro.com)
PC PhoneHome (www.pcphonehome.com)
SpyArsenal Print Monitor Pro (www.spyarsenal.com)
Virus and worms

Computer virus is a program that can “infect” legitimate programs by modifying

them to include a possibly “evolved” copy itself.
Virus spread them selves without knowledge of the users.
Viruses can often spread without any readily visible symptoms.
A virus can start on event-driven effects, time driven effects or can occur at
random.
Virus can take some typical actions:
Display a message to prompt an action which may set of the virus.
Delete files inside the system into which virus enter.
Scramble data on a hard disk
Cause erratic screen behavior
Halt the system(PC)
Just replicate themselves to propagate further harm.
The term virus is also commonly but erroneously used to refer to other types of –malware,
Adware and Spyware programs that do not have reproductive ability.
Worms:
A worm spreads itself automatically to other computers through networks by exploiting security
vulnerabilities.
It may do without any user intervention.
Worms almost always cause at least some harm to the network, if only by consuming band width.
Example: Morries worm, ILOVEYOU, Nimda, Code red, Melisa(List.Doc), MSBlast, Sobing,
strom worm, etc.
E-mail with the following subject:
Approved, Details, My Details, ThankYou, That Movie
S.No Facet Virus Worm
1. Different Types Stealth virus, self-modified E-Mail worms, instant
virus, encryption with variable messaging worms,
key virus, polymorphic code Internet worms, IRC
virus, metamorphic code virus worms, file-sharing
networks worms.
2. Spread mode Need a host program to spread Self, without user
intervention
3. What is it? Is a software program that can Is a software program,
copy itself and infect the data or self replicating in
information, without the users nature, which spreads
knowledge. through a network.
It can send copies
through the network
with or without user
intervention.
4. Inception The creeper virus was The name worm
considered as the first known originated from the
virus. Shockwave Rider
5. Prevalence Over 100,000 known computer Prevalence for virus is
viruses have been there through very high as against
not all have attacked computers. moderate prevalence
for a worm.
Types of Viruses- 07
Can be categorized based on attacks on various elements
of the system.
1. Boot sector virus:
It infect the storage media on which OS is stored and which is used
to start the computer system.
The entire data/programs are stored on the floppy disks and hard
drives in smaller sections called sectors.
The first sector is called the BOOT and it carries the master boot
record(MBR).
If a virus attacks an MBR or infects the boot record of a disk, such
floppy disk infects victims’s hard drive when he/she reboots the
system while the infected disk is in drive.
Once the victim’s hard drive is infected all the floppies that are
being used in the system will be infected.
2. Program viruses:
These virus become active when the program file is executed( .bin, .com, .exe, .ovl,.drv).
Once these program files get infected, the virus makes copies of itself and infects the other
programs on the computer system.
3. Multipartite viruses:
It is a hybrid of boot sector and program virus.
It infects program files along with the boot record when the infected program is active.
When the victim starts the computer system next time, it will infect the local drive and other
programs on the victim’s computer system.
Symptoms:
Multipartite viruses tend to work fast and some of the
infections are subtle and are unnoticed. The following
symptoms, may indicate an infection from a multipartite
virus:
➢Drive controllers will no longer be present in Device
Manager.
➢Constant notification about virtual memory being low.
➢Screen content will appear as if it is melting.
➢Applications and files sizes continually change.
➢Hard drive reformats itself.
➢Word processing document extensions modified
from DOC to DOT.
➢Program may or may not execute, and will experience
much longer loading times.
The following steps are suggested to
prevent a virus infection:
Install trusted quality antivirus software.
Maintain updated virus definitions in the
antivirus software.
Never open attachments from unsolicited
messages.
Take caution when visiting/downloading
from a website that may or may not be
trusted.
4. Stealth viruses:
A stealth virus is a hidden computer virus that attacks
operating system processes and averts (to prevent
something bad from happening) typical anti-virus or anti-
malware scans. Stealth viruses hide in files, partitions
and boot sectors and are adept at deliberately avoiding
detection.
It masks itself
so detecting this type of virus is very difficult.
It can disguise (mask) itself such a way that antivirus
software also cannot detect it.
It alters its file size and conceals(keep secret.) itself in the
computer memory to remain in the system undetected.
The first computer virus, named as Brain, was a stealth
virus.
A good antivirus detects a stealth virus lurking ( to wait or
move in a secret way so that you cannot be seen) on the
victim’s system by checking the areas the virus must have
infected by leaving evidence in memory
5. Polymorphic viruses: The first polymorphic virus was the 1260
virus, which was developed by Mark Washburn in 1990 in the United
States.
A polymorphic virus is a complicated computer virus that affects data
types and functions. It is a self-encrypted virus designed to avoid
detection by a scanner. Upon infection, the polymorphic
virus duplicates itself by creating usable, albeit(even if) slightly
modified, copies of itself.
It acts like a “chameleon” (a type of lizard that can change the color of
its skin to look like the colors that are around it. : a person who often
changes his or her beliefs or behavior in order to please others or to
succeed.) that changes its virus signature every time it spreads
through the system.
Polymorphic generators are the routines ( small programs) that can be
linked with existing viruses.
These generators are not viruses but the purpose of these generators
is to hide actual viruses under the cloak(cover/hide) of
polymorphism.
Ex: mutation engine(MtE), Dark Angel’s Multiple Encyptor (DAME),
Darwinian Genetic Mutation Engine(DGME),Dark Slayer Mutation
Engine(DSME) etc..
6. Macro viruses:
Macro virus is a virus that is written in a macro language: a programming language
which is embedded inside a software application (e.g., word processors (to allow
users to repeat sequences of commands easily) and spreadsheet applications).
Some applications, such as Microsoft Office, allow macro programs to be
embedded in documents such that the macros are run automatically when the
document is opened, and this provides a distinct mechanism by which malicious
computer instructions can spread. This is one reason it can be dangerous to open
unexpected attachments in e-mails. Many antivirus programs can detect macro
viruses, however they are still difficult to detect.
A macro is a series of commands and actions that helps automating some tasks -
usually a quite short and simple program.
Many applications, such as MSWord, MSExcel, support MACROs.
These macros are programmed as a macroembedded in a document.
Once a macro virus gets onto a victims computer then every document he/she
produces will become infected.
This type of virus is relatively new and may get slipped by the antivirus software if
the user does not have the most recent version installed on his/her system.
7. Active X and Java Control:
All the web browsers have settings about Active X and Java Controls.
Little awareness is needed about managing and controlling these settings of a web browser to
prohibit and allow certain functions to work- such as enabling or disabling pop-ups,
downloading files and sound- which invites the threats for the computer system being targeted
by unwanted software(s) floating in cyberspace.
Examples: Conficker, INF/AutoRun,
Win32PSW, Win32/Agent, etc.
Virus spreads through the Internet
Virus spreads through stand-alone system
In spite of different platforms(OS/Applications) a typical definition of computer
virus/worms might have various aspects such as :
1. A virus attacks specific file types(files).
2. A virus manipulates a program to execute tasks unintentionally.
3. An infected program produces more viruses.
4. An infected program may run without error for a long time.
5. Viruses can modify themselves and may possibly escape detection this way.
Trojan Horses and Backdoors
Trojan Horse:
Is a program in which malicious or harmful code in a program or
data in such a way that it can get control and cause harm.
A Trojan Horse may get widely redistributed as part of a computer
virus.
Like spyware and Adware, Trojans can get into the system in a
number of ways, from a web browser, E-Mail, S/W downloaded
from internet.
Unlike viruses/worms, Trojans do not replicate themselves but
they can equally destructive.
Example : waterfalls.scr- screen saver associated with a malware
and become a Trojan to unload a hidden program and allow
unauthorized access to the user’s PC.
Some typical examples of threats by Trojans are as follows:
1. They erase, overwrite or corrupt data on a computer.
2. They help to spread other malware such as virus.
3. They deactivate or interface with antivirus and firewall programs.
4. They allow remote access to your computer.
5. They upload and download files without your knowledge.
6. They gather E-Mail address and use them for spam
7. They log keystrokes to steal information such as passwords and credit card numbers.
8. They copy fake links to false websites
9. They slow down, restart or shutdown the system.
10. They reinstall themselves after being disabled.
11. They disable task manager
12. They disable the control panel.
Backdoor
A backdoor is a means of access to a computer program
that bypass security mechanisms.
A backdoor works in background and hides from the
user.
Most backdoors are autonomic malicious programs.
It allows a malicious person to perform any possible
action on a compromised system.
A programmer may sometimes install a back door so
that the program can be accessed for troubleshooting
or other purposes.
Attacker often discover these undocumented features
and use them to intrude into the system.
What a Backdoor Does?

Some functions of backdoor.

1. It allows an attacker to create, delete, rename, copy or edit any file, execute various
commands change any system settings; alter the windows registry; run, control and
terminate applications install arbitrary software and parasites.
2. It allows an attacker to control computer hardware devices, modify related settings,
shutdown or restart a computer without asking for user permission.
3. It steals sensitive personal information, valuable documents, passwords, login names, ID
details; logs user activity and tracks web browsing habits.

4. It records key strokes that a user types on a computer’s keyboard and captures screenshots.

5. It sends all gathered data to a predefined E-Mail address, uploads it to a predetermined FTP
server or transfers it through a background Internet Connection to a remote host.

6. It infects files, corrupts installed applications and damages the entire systems.
7. It distributes infected files to remote computers with
certain security vulnerabilities and performs attacks
against hacker-defined remote hosts.
8. It installs hidden FTP server that can be used by
malicious persons for various illegal purposes.
9. It degrades internet connection speed and overall
system performance, decreases system security and
causes software instability.
10. It provides no uninstall feature, and hides processes,
files and other objects to complicate its removal as
much as possible.
Following are a few examples of backdoor Trojans:
1. Back Orifice: for remote system administration. Enables user to
control a computer running the MS Windows OS from a remote
location.
2. Bifrost: can infect Windows 95 trough vista. Server- client.
3. SAP backdoors – SAP is an Enterprising Resource Planning
(ERP) system.
4. Onapsis Bizploit : it is the open source ERP penetration testing
frame work. developed by the onapsis labs. Bizploit assist
security professionals in the discovery, vulnerability
assessment and exploitation phases of ERP penetration tests..

How to protect from Trojan Horses and Backdoors

Stay away from suspect websites/weblinks
Surf on the Web cautiously
Install antivirus/Trojan remover software
 Steganography
▶ Steganography is a Greek word that means “
sheltered(protecting) writing”.(Hides the message in
unexpected places)
▶ It is a method that attempts to hide the existence of a
message or communication.
The different names for Steganography are data hiding, information hiding and
digital water marking.
For example, in a digital image the least significant bit of each word can be used to
comprise a message without causing any significant change in the image.
Digital Applications of Steganography
Can be hidden in digital data
MS Word (doc)
Web pages (htm)
Executables (exe)
Sound files (mp3, wav, cda)
Video files (mpeg, avi)
Digital images (bmp, gif, jpg)
The term “cover” or “cover medium” is used to describe the original, innocent
message, data, audio, video and so on.
It is the medium that hides the secret message.
It must have parts that can be altered or used without damaging or noticeably
changing the cover media.
If the cover media are digital, these alterable parts are called “redundant bits”.
These bits are a subset can be replaced with the message that is intended to
be hidden.
When Steganography is used to place a hidden “trademark” in images, music
and software, the result is a technique referred to as “ watermarking”.
Steganography tools:
DiSi-Steganograph (used PCX images to embed data)
Invisible Folders: it has the ability to make any file or folder invisible to anyone using your PC even on
a network.
Stealth Files: it hides any type of file in almost any other type of file.
Hermetic Stego:
It allow to encrypt and hide contents of any data file in another file so that the addition of the data to
the container file will not noticeably change the appearance of that file.
DriveCrypt Plus (DCPP): it has the following features:
It allows secure hiding of an entire OS inside the free space of another OS.
MP3Stego:
It hides information in MP3 files during the compression process. The data is first compressed,
encrypted and then hidden in the MP3 bit stream.
MSU Stego Video: it allows hiding any file in a vedio sequence.
DoS and DDoS Attacks

A denial-of-service or distributed denial-of-service attack is an attempt to make

a computer resource unavailable to its intended users.
DoS Attacks

In this type of criminal act, the attacker floods the bandwidth of the victims’s
network or fills his E-Mail box with Spam mail depriving him of the services
he is entitled to access or provide.
The attackers typically target sites or services hosted on high-profile web
servers such as banks, credit card payments gateways, mobile phone
networks and even root name servers.
The united states computer Emergency Response Team defines symptoms of
DoS attacks to include:
Unusually slow network performance
Unavailability of a particular website
Inability to access any website
Dramatic increase in the number of Spam E-Mails received
The goal of DoS is not to gain unauthorized access to systems or data, but to
prevent intended users of a service from using it. A DoS attack may do the
following:
Flood a network with traffic, thereby preventing legitimate network traffic
Disrupt connections between two systems, there by preventing access to a service.
Prevent a particular individual from accessing a service
Disrupt service to a specific system or person.
Classification of DoS Attacks

Bandwidth attacks
The attacker consume all the bandwidth, thus, the site becomes
out of service.
Logic attacks
These kind of attacks can exploit vulnerabilities in network
software such as webserver or TCP/IP stack.
Protocol attacks
Exploit a specific feature or implementation bug of some
protocol installed at the victim’s system to consume excess
amounts of its resources.
Unintentional DoS attack
Simply due to a sudden enormous spike in popularity.
Types or Levels of DoS Attacks

There are several types or levels of DoS attacks as follows:

Flood attack
Ping of death attack
SYN attack
Teardrop attack
Smurf attack
Nuke
Flood attack:
This is the earliest form of DoS attack and is also known as ping flood.

It is based on an attacker simply sending the victim overwhelming number of ping packets,
usually by using the “ping” command, which result into more traffic than the victim can handle.

This requires the attacker to have a faster network connection than the victim. It is very simple to
launch, but to prevent it completely is the most difficult.
▶ Ping of death attack
▶ The ping attack sends oversized Internet Control Message Protocol (ICMP) packets, and it is
one of the core protocols of the IP suite.
▶ It is mainly used by networked computers OS’s to send error messages indicating datagrams
to the victim.
SYN attack:
It is also termed as TCP SYN Flooding.
In the Transmission Control Protocol (TCP), handshaking of network connections is done with
SYN and ACK messages.
An attacker initiates a TCP connection to the server with an SYN.
The server replies with an SYN-ACK. The client then does not send back an ACK, causing the
server to allocate memory for the pending connection and wait.
This fills up the buffer space for SYN message on the target system, preventing other systems on
the network from communicating with the target system.
Teardrop attack:
The teardrop attack is an attack where fragmented
packets are forged to overlap each other when the
receiving host tries to reassemble them.
IP’s packet fragmentation algorithm is used to send
corruption packets to confuse the victim and may hang
the system.
This attack can crash various OSs due to a bug in their
TCP/IP fragmentation reassembly code.
Windows 3.1x, Windows95 and Windows NT OSs as
well as versions of Linux are vulnerable to this attack.
Smurf attack:
It is a way of generating significant computer network traffic on a victim network.
This is a type of DoS attack that floods a target system via spoofed broadcast ping messages.
This attack consists of a host sending an ICMP echo request (ping) to a network broadcast
address.
Every host on the network receives the ICMP echo request and sends back and ICMP echo
response inundating the initiator with network traffic.
On a multi-access broadcast network, hundreds of machines might reply to each packet. This
creates a magnified DoS attack of ping replies, flooding he primary victim.
Nuke:
Nuke is an old DoS attack against computer networks consisting of
fragmented or otherwise invalid ICMP packets sent to the target.
It is achieved by using a modified ping utility to repeatedly send this corrupt
data, thus slowing down the affected computer until it comes to a complete
stop.
A specific example of a nuke attack that gained some prominence is the
WinNuke, which exploited the vulnerability in the NetBIOS handler in
Windows 95.
Tools Used to Launch DoS Attack

S.No Tool Brief Description

1. Jolt2 The vulnerability allows remote attackers to cause
a DoS attack against Windows-based machines-
the attack causes the target machine to consume
100% of the CPU time on Processing of illigal
packets.
2. Nemesy This program generates random packets of
spoofed source IP to enable the attacker to launch
DoS attack.
3. Targa It is a program that can be used to run eight
different DoS attacks. The attacker has the option
to launch either individual attacks or try all the
attacks until one is successful.
4. Crazy This tool could send large packets of ICMP to a
Pinger remote target network.
5. Some It is a remote flooder and bomber. It is developed
Trouble in Delhi.
DDoS Attacks
A DDoS attack is a distributed DoS where in a large number of zombie
systems are synchronized to attack a particular system.
The zombie systems are called “secondary victims” and the main target is
called “primary victim”.
Malware, Trojans are helped by allowing the attacker to download a zombie
agent to carry DoS/DDoS attacks.
Botnet is the popular medium to launch DoS/DDoS attacks.
Tools used to launch DDoS attack

S.No Tool Brief Description

1 Trinoo It is a set of computer programs to conduct a
DDoS attack. It is believed that Trinoo networks
have been set up on thousands of systems on
the internet that have been compromised by
remote buffer overrun exploit.
2 Tribe Flood It is a set of computer programs to conduct
Network various DDoS attacks such as ICMP fllod, SYN
(TFN) flood, UDP flood and smurf attack.
3 Stacheldraht It is written by Random for Linux and Solaris
systems, which acts as a DDoS agent. It
combines features of Trinoo with TFN and adds
encryption.
4 Shaft It is a packet flooding attack and the client
controls the size of the flooding packets and
duration of the attack.
5 Mstream It uses spoofed TCP packets with the ACK flag
set to attack the target.
Communication is not encrypted and is
performed through TCP and UDP packets.
 Tool for detecting DoS/DDoS attacks
S.No Tool Brief Description

1. Zombie Zapper It is a free, open-source tool that can tell a

zombie system to stop flooding.
2. Remote Intrusion It detects the presence of Trinoo, TFN, or
Detector Stacheldraht clients.
3. Security Auditors’s It gathers information about remote hosts
Research Assistant and networks by examining network
services. This includes network information
services, security flaws, well-known bugs.
4. Find_DDoS It is a tool that scans a local system that
likely contains a DDoS program. It can
detect several known DoS attack tools.
5. SSoSPing It is a remote network scanner for the most
common DDoS programs. It can detect
Trinoo, stacheldraht and Tribe Flood
Network programs running with their default
settings.
How to Protect from DoS/DDoS
Attacks
Computer Emergency Response Team Coordination Center (CERT/CC) offers
many preventive measures from being a victim of DoS attack.
Implement router filters. This will lessen your exposure to certain DoS attacks.
If such filters are available for your system, install patches to guard against TCP SYN Flooding.
Disable any unused or inessential network service. This can limit the ability of an attacker to take
advantage of these services to execute a DoS attack.
Enable quota systems on your OS if they are available.
Observe your systems performance and establish baselines for ordinary
activity.
Use the base line to gauge unusual levels of disk activity, central processing
unit(CPU) usage or network.
Use tripwire or a similar tool to detect changes in configuration information or
other files.
Invest in and maintain” hot spares”-machines that can be placed into service
quickly if a similar machine is disabled.
Invest in redundant and fault-tolerant network configurations
Establish and maintain regular backup schedules and policies, particularly for
important configuration information.
Establish and maintain appropriate password policies, especially access to
highly privileged accounts such as Unix root or Microsoft Windows NT
Administrator.
Phishing

Phishing is the use of social engineering tactics to trick users into revealing
confidential information.
Phishing

Topics to be covered:

Methods of phishing
Phishing techniques
Spear phishing
Types of phishing scams
Phishing toolkits and spy phishing
Phishing countermeasures
Phishing

Wikipedia:
It is the criminally fraudulent process of attempting to acquire sensitive information such as
usernames, passwords and credit card details by masquerading as a trustworthy entity in an
electronic communications.
Webopedia:
It is an act of sending an E-Mail to a user falsely claiming to be an established legitimate
enterprise in an attempt to scam the user into surrendering private information that will be
used for ID theft.
TechEncyclopedia:
It is a scam to steal valuable information such as credit card and social security numbers, user
IDs and passwords.
An official-looking E-Mail is sent to petential victims pretending to be from their bank or retail
establishment.
E-Mails can be sent to people on selected lists or any list, expecting that some percentage of
recipients will actually have an account with the organization.
Phishing is a type of deception designed to steal your identity.
In phishing schemes, the phisher tries to get the user to disclose valuable
personal data-such as credit card numbers, passwords, account data or
other information- by convincing the user to provide it under false
pretenses.
E-Mail is the popular medium used in the phishing attacks and such E-Mails
are also called as Spams.
Two such E-Mails:
Spam E-Mails
Hoax E-Mails
Spam E-Mails:
Also known as “junk E-Mails” they involve nearly identical messages sent to
numerous recipients.
Types of spam E-mails are as follows:
Unsolicited bulk E-Mail(UBE): unsolicited E-Mail sent in large quantities.
Unsolicited commercial E-Mail(UCE):are sent in large quantities from
commercial perspective(ads).
Spam E-mails proved to be a popular medium for phishers to scam users to
enter personal information on false websites using E-Mailing forged to look
like as if it is from a bank or other organizations such as:
HSBC, Standarder, Common Wealth Bank
eBay
Amazon
Facebook
The phisher might employ any or all of the following tactics:
Names of legitimate organizations
From a real employee
URLs that “look right”
Urgent messages
Here are a few examples of phrases used to entice the user to take the action:
Verify your account
You have won the lottery
If you don’t respond within 48 hours, your account will be closed.
Let us understand the ways to reduce the amount of
Spam E-Mails we receive:
Share personal E-Mail address with limited people and/or on
public websites- the more it is exposed to the public, the more
Spam E-Mails will be received.
Never reply or open any spam E-Mails.( Existance, validity).
Disguise the E-Mail address on public website or groups by
spelling out the sign “@” and the DOT(.);
Ex : munwarATgmailDOTcom
Use alternate E-Mail address to register for any personal or
shopping website. Never use business E-mail address for
these sites but rather use E-Mail addresses that are free from
Yahoo, Hotmail or Gmail.
Do not forward any E-Mails from unknown recipients.
Make a habit to preview an E-Mail before opening it before opening it.
Never use E-Mail address as the screen name in chat groups or rooms.
Never respond to a Spam E-Mail asking to remove your E-Mail address from
the mailing distribution list. More often it confirms to the phishers that your
E-Mail address is active.
Hoax E-Mails
These are deliberate attempt to deceive or trick a user into believing or accepting that something
is real, when the hoaxer knows it is false.
Hoax E-Mails may or may not be spam E-Mails.
It is difficult to identify wherher an E-Mail is a “spam or a hoax”.
Methods of phishing
Frequent methods used by the phishers.
Dragnet:
This method involves the use of spammed E-Mails, bearing falsified corporate identification
(corporate names, logos, and trademark) in websites or pop-up windows with similar falsified
identification.
Clicking on links in the body of the E-Mail to take the victims to the website or pop-up windows
where they are requested to enter bank or credit card account data or other personal data.
Dragnet phishers do not identify specific prospective victims in advance.
Rod-and-reel:
In this method, phishers identify specific prospective victims in advance, and convey false
information to them to prompt their disclosure of personal and financial data.
Ex: on the phony web page, availability of similar item for better price.
Lobsterpot:
This method focuses upon use of spoofed websites.
It consists of creating of bogus websites similar to legitimate corporate ones, targeting a narrowly
defined class of victims, which is likely to seek out.
The phisher places a web link into an E-Mail message to make it look more legitimate.
Gillnet:
Phishers introduce Malicious Code into E-Mails and websites.
By opening a particular E-Mail or Browsing a particular website, netizens may have a Trozan
Horse/virus/keyloggers
Phishing Techniques

The techniques used by phishers to launch phishing attacks.

URL (weblink) manipulation:
In this attack, these URLs are usually supplied as misspelled.
Phishers use Lobsterpot method of phishing and make a difference of one or two letters in the
URLs, which is ignored by netizens.
This makes a big difference and it directs users to fake/bogus website or a web page.
Filter evasion:
This technique use graphics instead of text to prevent from netting such E-Mails by anti-Phishing
filters.
Ex: Microsoft phishing filter, Google Phishing filter, Opera phishing filter.

Website forgery:
In this technique the phisher directs the netizens to the website designed and developed by him,
to login into website, by altering the browser address bar through JavaScript commands.
Flash phishing:
Anti-Phishing toolbars are installed/enabled to help checking the web page content for signs of
phishing, but have limitations that they do not analyze flash objects at all.
Phishers use it to emulate the legitimate website.
Netizens believe that the website is clean and is a real website because anti-Phishing toolbar is
unable to detect it.
Phone Phishing:
Phisher can use a fake caller ID data to make it appear that the call is received from a trusted
organization to entice the users to reveal their personal information such as account numbers
and passwords.
Social Phishing:
It works in a systematic manner.
Phisher sends a mail as if it is sent by a bank asking to call them back because there was a
security breach.
The victim calls the bank on the phone numbers displayed in the mail.
The phone number provided in the mail is a false number and the victim gets redirected to the
phisher.
Phisher speaks with the victim in the similar fashion/style as a bank employee, asking to verify
that the victim is the customer of the bank.
Spear Phishing

Is a method of sending a Phishing message to a

particular organization to gain organizational
information for more targeted social engineering.
Spear Phishing scams work to gain access to
company’s entire computer system.
How it works:
Send an E-Mail that appears genuine all the employees.
Whaling: form of phishing targeting executives from the
top management in the organizations, usually from
private companies.
Types of phishing Scams
Deceptive Phishing:
E-Mails are broadcasted to a wide group of netizens asking about the need to verify banking
account information/system failure requiring users to reenter their personal information.
Malware-based Phishing:
Malware can be launched as an E-Mail attachment or as a downloadable file from a website or by
exploiting known security vulnerability.
Keyloggers:
Malware can embed a keylogger to track keyboard input and send relevant information to the
phisher.
Session hijacking:
It is an attack in which netizens activities are monitored until they establish their bonafide
credentials by signing into their account or begin the transaction and at that point the malicious
code takes over and comport unauthorized actions such as transferring funds without netizens
knowledge.
In session phishing:
It is a phishing attack based upon one web browsing session being able to detect the presence of
another session on the same web browser and then a pop-up window is launched that
pretends to be open from the targeted session.
Web Trojans:
It pops up to collect netizens credentials an transmit them to the phisher while netizens are
attempting to log in.
Pharming:
Following techniques are used:
Hosts file poisoning:
Poison the host files to redirect the netizens to a fake/bogus website.
DNS based Phishing:
Tamper with a DNS so that requests for URLs or name service returns fake address and
subsequently netizens are directed to fake site.
System reconfiguration attacks:
Phisher can intrude into the netizens system to modify the settings for malicious purposes.
Ex: URLs saved under favorites in the browser might be modified to redirect the netizen to a
fake/bogus “look alike” websites.
Data theft:.
Unsecure systems( computers enabled with the Internet facility and with inappropriate security
settings) are often found to be inappropriately maintained from cyber security perspective.
When such systems are connected, the web servers can launch an attack with numerous
methods and techniques to steal our data.
Content – injection phishing:
In this type of scam, phisher replaces part of the content of legitimate website with false content
to mislead the netizen to reveal the confidential personal information.
Man-in-the middle phishing:
In this type of attack, phisher positions himself between the netizen and legitimate website or the
system.
Phisher records the input being provided by the netizen but continues to pass it on to the web
server so that netizens transactions are not affected.
Search engine Phishing:
It occurs when phishers create websites with attractive sounding offers and have them indexed
legitimately with search engines.
SSL certificate Phishing:
It is advanced type of scam.
Phishers target web servers with SSL certificates to create a duplicitous website with fraudulent
web pages displaying familiar lock in.
It is difficult to recognize such websites.
Distributed Phishing Attack(DPA)
Distributed Phishing attack is an advanced form of
Phishing attack that works as per victims
personalization of the location of sites collecting
credentials and a covert transmission of credentials to
a hidden coordination center run by the phisher.
In this attack a large number of fraudulent web hosts are
used for each set of lured E-Mails.
Each server collects only a tiny percentage of the
victim’s personal information.
This minimizes the possibility that the phisher shutdown
the fraudulent web host within hours of initial mailing
due to risk of detection of the origin of the fraudulent
E-Mail.
Avoiding Spear Phishing Scams:
Never reveal personal or financial information in a response to an E-Mail request, no matter who
appears to have sent it.
If you receive an E-Mail message That appears suspicious, call the person or organization listed
in the from line before you respond or open any attached files.
Never click links in an E-Mail message that requests personal of financial information. Enter the
web address into your browser window instead.
Report any E-Mail that you suspect might be a spear phishing campaign within your company.
Use the phishing filter –it scans and helps identify suspicious websites, and provides up-to-the
hour updates and reports about known phishing sites.
Phishing Toolkits and Spy fishing
A phishing toolkit is a set of scripts/programs that allows
a phisher to automatically set up phishing websites
that spoofs the legitimate websites of different brands
including the graphics displayed in the websites.
Most of the phishing kits are advertised and distributed
at no charge and usually these free Phishing kits- also
called DIY(Do It Yourself) phishing kits- may hide
backdoors through which the phished information is
sent to recipients other than the intended users.
Following are few examples of such tool kits
S. no Tool kit
1 Rock Phish
2 Xrenoder Trojan Spyware
3 Cpanel Google
Description
It allows nontechies to launch
phishing attacks.
The kit allows a single website with
multiple DNS names to host a variety
of phished web pages, covering
numerous Organizations and
institutes.
It resets the homepage and/or the
search settings to point to other
websites usually for commercial
purposes or porn traffic.
It is a Trojan spyware that modifies
the DNS entry in the host’s file to
point to its own website.
If Google gets redirected to its
website, a netizen may end up having
a version of a website prepared by the
phisher.
Phishing Counter measures
Keep antivirus up to date
Do not click on hyperlinks in E-
Mails
Take advantage of anti-spam
software
Verify https
Use anti-Spyware software
Get educated
Use the Microsoft Baseline Security
Analyzer( free tool available on
Microsoft's website)
Firewall
Use backup system images
Do not enter sensitive or financial
information into pop-up windows
Secure the hosts files( compromise
the hosts file on desktop system
and send a netizen to a fraudulent
site)
Protect against DNS Pharming
attacks.
SPS Algorithm to Thwart phishing
Attacks
It is based on a simple filtering algorithm, Sanitizing Proxy System(SPS).
The key idea behind SPS is that web Phishing attack can be immunized by
removing part of the content that entices the netizens into entering their
personal information.
Characteristics of SPS in the following
points:
Two-level filtering:
SPS employs two-level filtering composed of strict URL filtering and HTTP response sanitizing.
By combining two filtering methods, netizens can be protected from revealing their personal
information on Phishing sites.
Flexibility of the rule set:
By filtering HTTP responses, the algorithm distinguishes between legitimate websites and
suspicious websites based on a rule set written by the operator of SPS.
Simplicity of the filtering algorithm:
A simple two-level filtering algorithm can be described into 20 steps and can easily apply the SPS
functions into existing proxy implementations, browser plugins or personal firewalls.
Accountability of HTTP response sanitizing
SPS prevents netizens from disclosing their personal information to phishing sites by removing
malicious HTTP headers or HTML tags from HTTP responses.
Robustness against both misbehavior of novice users and evasion techniques:
An SPS built-in proxy server can protect netizens from almost all deceit cases of web Spoofing,
regardless of netizen’s misbehavior and evasion techniques used by the phisher.
Identity Theft (ID Theft)

This term is used to refer to fraud that involves someone pretending to be

someone else to steal money or get other benefits.
Federal Trade Commission has provided the statistics about identity fraud:
Credit card fraud(26%)
Bank fraud (17%)
Employment fraud(12%)
Government fraud(9%)
Loan fraud(5%)
Myths and facts about Identity theft
There is no way to protect yourself from identity theft.
Identity theft is only a financial crime.
Its my banks fault if I become a victim of identity theft
It is safe to give your personal information over the phone if
your caller ID confirms that it is your bank.
Checking your credit report periodically or using a credit report
periodically or using a credit monitoring service is all you
need to do to protect yourself from identity theft.
My contact information is not valuable to an identity thief
Shredding my mail and other personal documents will keep me
safe.
I don’t use the internet so my personal information is not
exposed online
Social networking is safe
It is not safe to shop or bank online.
Identity Theft (ID Theft)

Topics to be covered:
Personally identifiable Information (PII)
Types of Identity Theft
Techniques of ID theft
Identity Theft: Countermeasures
How to Efface your Online Identity
Personally identifiable Information
PII has four common variants based on personal,
personally, identifiable and identifying.
The fraudsters attempts to steal the elements mentioned
below, which can express the purpose of
distinguishing individual identity:
Full name
National identification numbers
Telephone number and mobile phone number.
Drivers license number
Credit card numbers
Digital identity
DOB
Birth place
Face and fingerprints.
The information can be further classified as
Non-classified and classified
Non – classified information
Public information
Information that is a matter of public record or knowledge
Personal information
Information belongs to a private individual but the individual commonly may
share this information with others for personal or business
reasons.(address,ph, email)
Routine business information
Business information that do not require any special protection and may be
routinely shared with anyone inside or out side of the business.
Private information
Information that can be private if associated with an individual and individual
can object in case of disclosure. (credit card and financial)
Confidential business information
Information which, if disclosed, may harm the business.
(marketing plans, new product plans)
Classified information
Confidential
Information that requires protection and unauthorized disclosure
could damage national security.(strength of armed forces, info
about weapons)

Secret
Information that requires substantial protection and authorized
disclosure could seriously damage national security.(national
security policy, military plans and intelligence operations)

Top secret
information that requires the highest degree of protection and
unauthorized disclosure could severely damage national
security. (vital defense plans , cryptologic intelligence
systems.)
Types of Identity Theft

Financial identity theft

Criminal identity theft
Identity cloning
Business identity theft
Medical identity theft
Synthetic identity theft
Child identity
Financial identity theft

Includes bank fraud, credit card fraud, tax refund fraud, mail fraud..etc
For example: the fraudster fraudulently can open a new credit card account in
the victims name and the card charges up, payment neglected, leaving the
victim with bad credit history.
The process of recovering from the crime is often expensive, time-consuming
and psychologically painful.
Criminal Identity Theft
It involves taking over someone else’s identity to commit a crime such as enter
into a country, get special permits, hide one’s own identity or commit acts of
terrorism, these criminal activities can include:
Computer and cybercrimes
Organized crime
Drug trafficking
Alien smuggling
Money laundering
Individuals who commit ID theft are not always out to steal the victim’s money or ruin victim’s
credit.
Identity Cloning

Identity cloning may be the scariest variation of all ID

theft.
Instead of stealing the personal information for financial
gain or committing crimes in the victim’s name, identity
clones compromise the victim’s life by actually living
and working as the victim.
Identity clones want as much personal information about
the victim as they can attain.
This enables them to answer questions in an informative
manner when they are on the move or asked about
the victims life.
Business Identity theft

Theft of Business Sensitive Information.

Business sensitive information is about the business/organization, privileged in
nature and/or proprietary information which, if it is compromised through
alteration, corruption, loss, misuse, or unauthorized disclosure, could cause
serious damage to organization.
It’s a kind of intellectual property theft.
Business Identity Theft-
countermeasures
Secure your business premises with locks and alarms.
Put your business records under lock and key.
Shred, shred, shred
Be cautious on the phone
Limit access to your IT Systems
Protect the IT systems from hackers.
Create the awareness that the internet is a dangerous place
Avoid broadcasting information
Create and enforce a organization-wide information security
policy
Disconnect the access of ex-employees immediately
Medical Identity Theft

Medical ID theft can be dangerous not only from financial perspective but also
from a medical perspective.
If the fraudster has successfully stolen the victims identity and received
treatment, the record can become part of a victim’s permanent record.
Synthetic Identity Theft

The fraudster will take parts of informational from many victims and combine
them.
The new identity is not any specific person, but all the victims can be affected
when it is used.
Child Identity Theft

Parents might sometimes steal their children’s identity to open credit card
accounts, utility accounts, bank accounts and even to take out loans or
secure leases because their own credit history is insufficient or too
damaged to open such accounts.
Techniques of ID Theft

Human-based methods: Computer-based technique

Direct access to information Backup theft
Dumpster diving Hacking, unauthorized access
Theft of a purse or wallet to systems and database
Mail theft or rerouting theft
Shoulder surfing Phishing
False or disguised ATMs Pharming
Dishonest or mistreated Redirectors
employees
hardware
Telemarketing and fake
telephone calls
Identity Theft : Countermeasures
Monitor your credit closely
Keep records of your financial data and transactions
Install security software
Use an updated web browser
Beware of E-Mail attachments
Store sensitive data securely
Shared documents
Protect your PII
Stay alert to the latest scams
How to Efface Your Online Identity
Every time details about your identity and/or about your personal information
are revealed on the Internet, you are prone to be victim for ID theft/fraud.
Hence, netizens may think to either protect their identity and/or would like to
erase their identity, that is every footprint available on the Internet.
Some tools which we can use to erase our footprint.
S.No website Brief Description
1 www.giantmatrix.com Anti Tracks: helps to hide system’s IP
address, locking and hiding important
files and folders.
2 www.privacyeraser.com Privacy Eraser Pro:
Erase Browser Cache Files, Browser
History, Cookies, Browser address Bar
History and Browser AutoComplete
Memory.
Cleaning Free Disk Space
Speed up the system.
3 www.reputaiondefende MyPrivacy: It removes your personal
r.com Information such as name, address, age,
phone, past address and any other
related information. It also helps by
continuously monitoring the Internet or
remove the footprint available on the
Internet.
4 www.suicidemachine.c It completely roots out your identity from
om the servers of social networking sites
such as MySpace, Twitter and LinkedIn.
 Any Q?

Thank you