CYBER SECURITY UNIT-III

Unit-III
Tools and Methods Used in Cyberline
STAGES OF AN ATTACK ON NETWORK
1) Initial covering: two stages

Reconnaissance- social networking websites Uncovers information on company’s IP

2) Network probe Ping sweep- seek out potential targets Port scanning

3) Crossing the line toward electronic crime: Commits computer crime by exploiting possible holes on
the target system

4) Capturing the network: Attackers attempts to own the network Uses tools to remove any evidence
of the attack Trojan horses, backdoors

5) Grab the data: Attacker has captured the network Steal confidential data, customer CC information,
deface WebPages…

6) Covering the attack: Extend misuse of the attack without being detected. Start a fresh
reconnaissance to a related target system Continue use of resources Remove evidence of hacking

PROXY SEVERS AND ANONYMIZERS

PROXY SERVER

➢ A proxy server is a dedicated computer or a software system running on a computer that acts as
an intermediary between an endpoint device, such as a computer, and another server from which a
user or client is requesting a service.

➢ A client connects to the proxy server, requesting some service, such as a file, connection, web page,
or other resource available from a different server and the proxy server evaluates the request as a
way to simplify and control its complexity.

Purpose of a proxy server

➢ Improve Performance:

➢ Filter Requests

➢ Keep system behind the curtain

➢ Used as IP address multiplexer

➢ Its Cache memory can serve all users Attack on this: the attacker first connects to a proxy server-
establishes connection with the target through existing connection with the proxy.

An Anonymizer
 An anonymizer or an anonymous proxy is a tool that attempts to make activity on the Internet
untraceable.

 It is a proxy server computer that acts as an intermediary and privacy shield between a client
computer and the rest of the Internet.

SMT.KUMUDBEN DARBAR COLLEGE OF COMM, SCI & MGT STUDIES,VIJAYAPUR 1|P A G E

 CYBER SECURITY UNIT-III

 It accesses the Internet on the user's behalf, protecting personal information by hiding the
client computer's identifying information.

 For example, large news outlets such as CNN target the viewers according to region and give
different information to different populations

PHISHING

➢ Stealing personal and financial data

➢ Also can infect systems with viruses

➢ A method of online ID theft

Work flow of phishing/How Phishing works?

1. Planning : use mass mailing and address collection techniques- spammers

2. Setup : E-Mail / webpage to collect data about the target

3. Attack : send a phony message to the target

4. Collection: record the information obtained

5. Identity theft and fraud: use information to commit fraud or illegal purchases

Example of phishing :

Sometimes spammers create fake pages that look like the Facebook login page. When you
enter your email and password on one of these pages, the spammer records your information and
keeps it. This is called phishing. The fake sites, like the one below, use a similar URL to Facebook.com
in an attempt to steal people’s login information. The people behind these websites, then use the
information to access victims’ accounts and send messages to their friends, further propagating the
illegitimate sites. In some instances, the phishers make money by exploiting the personal information
they’ve obtained.

Password Cracking
 password cracking is the process of recovering passwords from data that have been stored in
or transmitted by a computer system.

 A common approach (brute-force attack) is to try guesses repeatedly for the password and
check them against an available cryptographic hash of the password.

The purpose of password cracking

 help a user recover a forgotten password

 to gain unauthorized access to a system,

 or as a preventive measure by System Administrators to check for easily crackable passwords

SMT.KUMUDBEN DARBAR COLLEGE OF COMM, SCI & MGT STUDIES,VIJAYAPUR 2|P A G E

 CYBER SECURITY UNIT-III

Manual Password Cracking Algorithm

 Find a valid user
•Create a list of possible passwords
•Rank the passwords from high probability to low
•Key in each password
•If the system allows you in - Success
•Else try till success

Examples of guessable passwords

 Blank

 Words like “passcode” ,”password”, “admin”

 Series of letters “QWERTY”

 User’ s name or login name

 Name of the user’s friend/relative/pet

 User’s birth place, DOB

 Vehicle number, office number ..

 Name of celebrity

 Simple modification of one of the precedings, suffixing 1 …

Password cracking tools

• www.defaultpassword.com: Default Password(s)
• www.oxid.it/cain.html Cain & Abel (Password recovery Tool)
• www.openwall.com/john John & Ripper (Fast Password Cracker)
• www.l0phtcrack.com LophtCrack (Crack windows password)
• www.airsnort.shmoo.com AirSnort (Recover encryption keys)

Categories of password cracking attacks:

 Online attacks

 Offline attacks

 Non-electronic attacks

◦ Social engineering

◦ Shoulder surfing

◦ Dumpster diving

Online attacks
 An attacker may create a script- automated program- to try each password

 Most popular online attack;- man-in-the-middle attack or bucket-brigade attack

SMT.KUMUDBEN DARBAR COLLEGE OF COMM, SCI & MGT STUDIES,VIJAYAPUR 3|P A G E

 CYBER SECURITY UNIT-III

 Used to obtain passwords for E-mail accounts on public websites like gmail,yahoomail. Also,
to get passwords for financial websites

Offline attacks
 Are performed from a location other than the target where these passwords reside or are
used

 Require physical access to the computer and copying the password

Types of Password Attacks

◦ Dictionary attack: Attempt to match all the words from dictionary to get the password

◦ Hybrid attack: Substitutes numbers and symbols to get the password

◦ Brute force attack: Attempts all possible permutation-combinations letters, numbers

and special characters.

Weak passwords
 The password contains less than eight characters

 The password is a word found in a dictionary (English or foreign)

 The password is a common usage word such as:

 Names of family, pets, friends, co-workers, fantasy characters, etc.

 Computer terms and names, commands, sites, companies, hardware, software.

 The words "<Company Name>", "sanjose", "sanfran" or any derivation.

 Birthdays and other personal information such as addresses and phone numbers.

 Word or number patterns like aaabbb, qwerty, zyxwvuts, 123321, etc.

 Any of the above spelled backwards.

 Any of the above preceded or followed by a digit (e.g., secret1,1secret

Strong Passwords
 Contain both upper- and lower-case characters (e.g., a-z, A-Z)

 Have digits and punctuation characters as well as letters e.g., 0-9, @#$%^&*()_+|~-
=\`{}[]:";'<>?,./)

 Are at least eight alphanumeric characters long.

 Are not a word in any language, slang, dialect, jargon, etc.

 Are not based on personal information, names of family, etc.

 Passwords should never be written down or stored on-line.

 Try to create passwords that can be easily remembered.

SMT.KUMUDBEN DARBAR COLLEGE OF COMM, SCI & MGT STUDIES,VIJAYAPUR 4|P A G E

 CYBER SECURITY UNIT-III

 One way to do this is create a password based on a song title, affirmation, or other phrase.

 For example, the phrase might be: "This May Be One Way To Remember"

 and the password could be: "TmB1w2R!" or "Tmb1W>r~" or some other variation.

Random passwords
 Secure Password Generator

 Password Length:

 Include Symbols:( e.g. @#$% )

 Include Numbers:( e.g. 123456 )

 Include Lowercase Characters:( e.g. abcdefgh )

 Include Uppercase Characters:( e.g. ABCDEFGH )

 Exclude Similar Characters:( e.g. i, l, 1, L, o, 0, O )

 Exclude Ambiguous Characters:( { } [ ] ( ) / \ ' " ` ~ , ; : . < > )

 Generate On The Client Side:( do NOT send across the Internet )

 Auto-Select:( select the password automatically )

 Save My Preference:( save all the settings above for later use )

 Load My Settings Anywhere:URL to load my settings on other computers quickly

 Your New Password:Remember your password:

 Remember your password with the first letters of each word in this sentence.

 To prevent your passwords from being hacked by social engineering, brute force or dictionary
attack method, you should notice that:

1. Do not use the same password for multiple important accounts.

2. Use a password that has at least 16 characters, use at least one number, one uppercase letter,
one lowercase letter and one special symbol.

3. Do not use the names of your families, friends or pets in your passwords.

4. Do not use postcodes, house numbers, phone numbers, birthdates, ID card numbers, social
security numbers, and so on in your passwords.

5. Do not use any dictionary word in your passwords.

6. Do not use something that can be cloned ( but you can't change ) as your passwords, such as
your fingerprints.

7. Do not let your Web browsers (FireFox, Chrome, Safari, Opera, IE) store your passwords, since
all passwords saved in Web browsers can be revealed easily.

8. Do not log in to important accounts on the computers of others, or when connected to a public
Wi-Fi hotspot, Tor, free VPN or web proxy.

SMT.KUMUDBEN DARBAR COLLEGE OF COMM, SCI & MGT STUDIES,VIJAYAPUR 5|P A G E

CYBER SECURITY UNIT-III

9. Do not send sensitive information online via HTTP or FTP connections, because messages in
these connections can be sniffed with very little effort. You should use encrypted connections
such as HTTPS and SFTP whenever possible.

10. When travelling, you can encrypt your Internet connections before they leave your laptop,
tablet, mobile phone or router. For example, you can set up a private VPN on your own server
(home computer, dedicated server or VPS) and connect to it. Alternatively, you can set up an
encrypted SSH tunnel between your router and your home computer (or a remote server of your
own) with PuTTY and connect your programs (e.g. FireFox) to PuTTY. Then even if somebody
captures your data as it is transmitted between your device (e.g. laptop, iPhone, iPad ) and your
server with a packet sniffer, he'll won't be able to steal your data and passwords from the
encrypted streaming data.

11. How secure is my password? Perhaps you believe that your passwords are very strong, difficult
to hack. But if a hacker has stolen your username and the MD5 hash value of your password from
a company's server, and the rainbow table of the hacker contains this MD5 hash, then your
password will be cracked quickly.

 To check the strength of your passwords and know whether they're inside the popular
rainbow tables, you can convert your passwords to MD5 hashes on this MD5 hash generator,
then decrypt your passwords by submitting these hashes to an online MD5 decryption service.
For instance, your password is "0123456789A", using the brute-force method, it may take a
computer almost one year to crack your password, but if you decrypt it by submitting its MD5
hash( C8E7279CD035B23BB9C0F1F954DFF5B3 ) to a MD5 decryption website, how long will
it take to crack it? You can perform the test yourself.

12. It's recommended to change your passwords every 10 weeks.

13. It's recommended that you remember a few master passwords, store other passwords in a
plain text file and encrypt this file with 7-Zip, GPG or a disk encryption software such as BitLocker,
or manage your passwords with a password management software.

14. Encrypt and backup your passwords to different locations, then if you lost access to your
computer or account, you can retrieve your passwords back quickly.

15. Turn on 2-step authentication whenever possible.

16. Do not store your critical passwords in the cloud.

17. Access important websites( e.g. Paypal ) from bookmarks directly, otherwise please check its
domain name carefully, it's a good idea to check the popularity of a website with Alexa toolbar to
ensure that it's not a phishing site before entering your password.

18. Protect your computer with firewall and antivirus software, download software from
reputable sites only, and verify the MD5 or SHA1 checksum of the installation package whenever
possible.

19. Be careful when using online paste tools and screen capture tools, do not let them to upload
your passwords to the cloud.

20. If there are important files on your computer, and it can be accessed by others, check if there
are hardware keyloggers( e.g. wireless keyboard sniffer ), software keyloggers and hidden cameras
when you feel it's necessary.

SMT.KUMUDBEN DARBAR COLLEGE OF COMM, SCI & MGT STUDIES,VIJAYAPUR 6|P A G E

 CYBER SECURITY UNIT-III

21. If you're a webmaster, do not store the users passwords in the database, you should store the
salted hash values of passwords instead

Keyloggers
 Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of
recording (or logging) the keys struck on a keyboard, typically in a covert manner so that the
person using the keyboard is unaware that their actions are being monitored.

 It has uses in the study of human–computer interaction.

 There are numerous keylogging methods, ranging from hardware and software-based
approaches to acoustic analysis.

Software-based keyloggers
 Software-based keyloggers use the target computer’s operating system in various ways,
including: imitating a virtual machine, acting as the keyboard driver (kernel-based), using the
application programming interface to watch keyboard strokes (API-based), recording
information submitted on web-based forms (Form Grabber based) or capturing network
traffic associated with HTTP POST events to steal passwords (Packet analyzers).

 Usually consists of two files DLL and EXE

Hardware keyloggers
 installing a hardware circuit between the keyboard and the computer that logs keyboard
stroke activity (keyboard hardware).

 Target- ATMs

Acoustic keylogging
 Acoustic keylogging monitors the sound created by each individual keystroke and uses the
subtly different acoustic signature that each key emits to analyze and determine what the
target computer’s user is typing.

AntiKeylogger
 An anti-keylogger (or anti–keystroke logger) is a type of software specifically designed for the
detection of keystroke logger software; often, such software will also incorporate the ability
to delete or at least immobilize hidden keystroke logger software on your computer.

SMT.KUMUDBEN DARBAR COLLEGE OF COMM, SCI & MGT STUDIES,VIJAYAPUR 7|P A G E

 CYBER SECURITY UNIT-III

Benefits of Antikeyloggers

Spywares
 Spyware is software that aims to gather information about a person or organization without
their knowledge and that may send such information to another entity without the
consumer's consent, or that asserts control over a computer without the consumer's
knowledge

Virus and Worms

 A computer virus is a malware program that, when executed, replicates by inserting copies of
itself (possibly modified) into other computer programs, data files, or the boot sector of the
hard drive; when this replication succeeds, the affected areas are then said to be "infected".

Some typical virus actions

 Display a message to prompt an action
 Delete files in the system
 Scramble data on a hard disk
 Cause erratic screen behavior
 Halt the system
 Replicate themselves to propagate further harm

Virus spread through

 The internet
 A stand alone PC
 Local networks
SMT.KUMUDBEN DARBAR COLLEGE OF COMM, SCI & MGT STUDIES,VIJAYAPUR 8|P A G E
 CYBER SECURITY UNIT-III

Difference between virus and worm

Types of viruses
 Boot sector viruses

 Program viruses

 Multipartite viruses

 Stealth viruses

 Polymorphic viruses

 Macroviruses

 Active X and Java contrl

Boot sector viruses

 A boot sector virus is a computer virus that infects a storage device's master boot record
(MBR).

 It is not mandatory that a boot sector virus successfully boot the victim's PC to infect it.

 As a result, even non-bootable media can trigger the spread of boot sector viruses.

SMT.KUMUDBEN DARBAR COLLEGE OF COMM, SCI & MGT STUDIES,VIJAYAPUR 9|P A G E

 CYBER SECURITY UNIT-III

 These viruses copy their infected code either to the floppy disk's boot sector or to the hard
disk's partition table. During start-up, the virus gets loaded to the computer's memory. As
soon as the virus is saved to the memory, it infects the non-infected disks used by the system.

 The propagation of boot sector viruses has become very rare since the decline of floppy disks.
Also, present-day operating systems include boot-sector safeguards that make it difficult for
boot sector viruses to infect them.

Program viruses
 A program virus becomes active when the program file (usually with extensions .BIN, .COM,
.EXE, .OVL, .DRV) carrying the virus is opened.

 Once active, the virus will make copies of itself and will infect other programs on the
computer.

Multipartite viruses
 A multipartite virus is a fast-moving virus that uses file infectors or boot infectors to attack the
boot sector and executable files simultaneously.

 Most viruses either affect the boot sector, the system or the program files.

 The multipartite virus can affect both the boot sector and the program files at the same time,
thus causing more damage than any other kind of virus.

 When the boot sector is infected, simply turning on the computer will trigger a boot sector
virus because it latches on to the hard drive that contains the data that is needed to start the
computer. Once the virus has been triggered, destructive payloads are launched throughout
the program files.

 A multipartite virus infects computer systems multiple times and at different times. In order
for it to be eradicated, the entire virus must be removed from the system.

 A multipartite virus is also known as a hybrid virus.

Stealth viruses
 A stealth virus is a hidden computer virus that attacks operating system processes and averts
typical anti-virus or anti-malware scans. Stealth viruses hide in files, partitions and boot
sectors and are adept at deliberately avoiding detection.

 Stealth virus eradication requires advanced anti-virus software or a clean system reboot.

Polymorphic viruses
 A polymorphic virus is a complicated computer virus that affects data types and functions.

 It is a self-encrypted virus designed to avoid detection by a scanner.

 Upon infection, the polymorphic virus duplicates itself by creating usable, albeit slightly
modified, copies of itself.

 Polymorphism, in computing terms, means that a single definition can be used with varying
amounts of data. In order for scanners to detect this type of virus, brute-force programs must
be written to combat and detect the polymorphic virus with novel variant configurations.
SMT.KUMUDBEN DARBAR COLLEGE OF COMM, SCI & MGT STUDIES,VIJAYAPUR 10 | P A G E
 CYBER SECURITY UNIT-III

Macroviruses
 A macro virus is a computer virus that "infects" a Microsoft Word or similar application and
causes a sequence of actions to be performed automatically when the application is started
or something else triggers it.

Active X and Java contrl

 ActiveX and Java were created for web page designers to incorporate a wide array of
impressive effects on web pages, giving movement and added dimension to the previously
"flat" web pages.

 To operate properly, these ActiveX controls and Java applets need to gain access to your hard
disk. Insufficient memory and bandwidth problems necessitate this approach. Although this
desktop access provides a wealth of beneficial applications of these controls and applets,
malicious code developers have the same access. They are now using it to read and delete or
corrupt files, access RAM, and even access files on computers attached via a LAN.

Trojan horses and Backdoors

 A Trojan horse, or Trojan, in computing is generally a non-self-replicating type of malware
program containing malicious code that, when executed, carries out actions determined by
the nature of the Trojan, typically causing loss or theft of data, and possible system harm

Examples of threats by trojans

 Erase, overwrite or corrupt data on a computer

 Help to spread other malware such as viruses- dropper trojan

 Deactivate or interface with antivirus and firewall programs

 Allow remote access to your computer- remote access trojan

 Upload and download files

 Gather E-mail address and use for spam

 Log keystrokes to steal information – pwds, CC numbers

 Copy fake links to false websites

 slowdown, restart or shutdown the system

 Disable task manager

 Disable the control panel

Backdoors
 A backdoor in a computer system is a method of bypassing normal authentication, securing
unauthorized remote access to a computer, obtaining access to plaintext, and so on, while
attempting to remain undetected.

SMT.KUMUDBEN DARBAR COLLEGE OF COMM, SCI & MGT STUDIES,VIJAYAPUR 11 | P A G E

 CYBER SECURITY UNIT-III

 Also called a trapdoor. An undocumented way of gaining access to a program, online service
or an entire computer system.

 The backdoor is written by the programmer who creates the code for the program. It is often
only known by the programmer. A backdoor is a potential security risk.

Allows an attacker to
 create, delete, rename, copy or edit any file

 Execute commands to change system settings

 Alter the windows registry

 Run, control and terminate applications

 Install arbitrary software and parasites

 Control computer hardware devices,

 Shutdown or restart computer

Functions of backdoors
 Steals sensitive personal information, valuable documents, passwords, login name…

 Records keystrokes, captures screenshots

 Sends gathered data to predefined E-mail addresses

 Infects files, corrupts installed apps, damages entire system

 Distributes infected files to remote computers

 Installs hidden FTP server

 Degrades internet connection and overall system performance

 Decreases system security

 Provides no uninstall feature, hides processes, files and other objects

Examples of Backdoor trojans

 Back Orifice : for remote system administration

 Bifrost : can infect Win95 through Vista, execute arbitrary code

 SAP backdoors : infects SAP business objects

 Onapsis Bizploit: Onapsis Bizploit is an SAP penetration testing framework to assist security
professionals in the discovery, exploration, vulnerability assessment and exploitation phases
of specialized SAP security assessment

SMT.KUMUDBEN DARBAR COLLEGE OF COMM, SCI & MGT STUDIES,VIJAYAPUR 12 | P A G E

 CYBER SECURITY UNIT-III

How to protect from Trojan Horses and backdoors

 Stay away from suspect websites/ links

 Surf on the web cautiously : avoid P2P networks

 Install antivirus/ Trojan remover software

Steganography
 Steganography (from Greek steganos, or "covered," and graphie, or "writing") is the hiding of
a secret message within an ordinary message and the extraction of it at its destination.

 Steganography takes cryptography a step farther by hiding an encrypted message so that no

one suspects it exists. Ideally, anyone scanning your data will fail to know it contains encrypted
data.

 Other names: data hiding, information hiding, digital watermarking

SMT.KUMUDBEN DARBAR COLLEGE OF COMM, SCI & MGT STUDIES,VIJAYAPUR 13 | P A G E

 CYBER SECURITY UNIT-III

Digital watermarking
 Digital watermarking is the act of hiding a message (trademark) related to a digital signal (i.e.
an image, song, video) within the signal itself.

 It is a concept closely related to steganography, in that they both hide a message inside a
digital signal.

 However, what separates them is their goal.

 Watermarking tries to hide a message related to the actual content of the digital signal,

 while in steganography the digital signal has no relation to the message, and it is merely used
as a cover to hide its existence.

Difference between steganography and cryptography

 Cryptography is the study of hiding information, while Steganography deals with composing
hidden messages so that only the sender and the receiver know that the message even exists.

 In Steganography, only the sender and the receiver know the existence of the message,
whereas in cryptography the existence of the encrypted message is visible to the world.

 Due to this, Steganography removes the unwanted attention coming to the hidden message.

 Cryptographic methods try to protect the content of a message, while Steganography uses
methods that would hide both the message as well as the content.

 By combining Steganography and Cryptography one can achieve better security.

Steganalysis
 Steganalysis is the study of detecting messages hidden using steganography;

 The goal of steganalysis is to identify suspected packages, determine whether or not they have
a payload encoded into them, and, if possible, recover that payload.

DoS and DDoS attacks

 In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an
attempt to make a machine or network resource unavailable to its intended users.

 A DoS attack generally consists of efforts to temporarily or indefinitely interrupt or suspend

services of a host connected to the Internet.

Symptoms of DoS attacks

 Slow network performance

 Unavailability of a particular website

 Inability to access any website

 Dramatic increase in number of Spam E-mails received+

SMT.KUMUDBEN DARBAR COLLEGE OF COMM, SCI & MGT STUDIES,VIJAYAPUR 14 | P A G E

 CYBER SECURITY UNIT-III

A DoS attack may do the following

 Flood the traffic, thereby preventing network traffic

 Disrupt connections between two systems- preventing access to service

 Prevent a particular individual from accessing a service

 Disrupt service to a specific system or person

Classification of DoS
 Bandwidth attacks

 Logic attacks

 Protocol attacks

 Unintentional DoS attack

Bandwidth attacks
 The most common DoS attacks

 target the computer's network bandwidth or connectivity.

 Bandwidth attacks flood the network with such a high volume of traffic, that all available
network resources are consumed and legitimate user requests cannot get through.

Logic attacks
 An attacker sends more requests to a server than it can handle, usually in a relentless manner,
until the server buckles and gives in to the attacker. Once this type of attack ends, the server
can return to normal operation.

 Generally, a logic attack requires your server to have a discoverable weakness that the
attacker can locate and then use against it.

 Because of this prerequisite, it is usually easy to prevent by keeping your server software and
hardware up-to-date with the latest security patches and firmware respectively

Protocol attacks
 Denial of service attacks may take advantage of certain standard protocol features.

 Several attacks capitalize on the fact that IP source addresses can be spoofed.

 In addition, connection depletion attacks take advantage of the fact that many connection-
oriented protocols require servers to maintain state information after a connection request is
made but before the connection is fully established.

 The most common connection depletion attack is SYN flooding

Unintentional DoS attack

 This describes a situation where a website ends up denied, not due to a deliberate attack by
a single individual or group of individuals, but simply due to a sudden enormous spike in
popularity.

SMT.KUMUDBEN DARBAR COLLEGE OF COMM, SCI & MGT STUDIES,VIJAYAPUR 15 | P A G E

 CYBER SECURITY UNIT-III

 This can happen when an extremely popular website posts a prominent link to a second, less
well-prepared site, for example, as part of a news story.

Types or levels of DoS attacks

 Flood attack

 Ping of death attack

 SYN attack

 Teardrop attack

 Smurf attack

 nuke

Flood attack
 Flooding is a Denial of Service (DoS) attack that is designed to bring a network or service down
by flooding it with large amounts of traffic.

 Flood attacks occur when a network or service becomes so weighed down with packets
initiating incomplete connection requests that it can no longer process genuine connection
requests.

 By flooding a server or host with connections that cannot be completed, the flood attack
eventually fills the hosts memory buffer. Once this buffer is full no further connections can be
made, and the result is a Denial of Service.

ping of death attack

 ping of death is a denial of service (DoS) attack caused by an attacker deliberately sending an
IP packet larger than the 65,536 bytes allowed by the IP protocol.

SYN attack

 A SYN flood occurs when a host sends a flood of TCP/SYN packets, often with a forged sender
address.

 Each of these packets are handled like a connection request, causing the server to spawn a
half-open connection, by sending back a TCP/SYN-ACK packet (Acknowledge), and waiting for
a packet in response from the sender address (response to the ACK Packet).

 However, because the sender address is forged, the response never comes. These half-open
connections saturate the number of available connections the server can make, keeping it
from responding to legitimate requests until after the attack ends

SMT.KUMUDBEN DARBAR COLLEGE OF COMM, SCI & MGT STUDIES,VIJAYAPUR 16 | P A G E

 CYBER SECURITY UNIT-III

SYN attack

Teardrop attack
 A teardrop attack is a denial of service (DoS) attack conducted by targeting TCP/IP
fragmentation reassembly codes.

 This attack causes fragmented packets to overlap one another on the host receipt;

 the host attempts to reconstruct them during the process but fails.

 Gigantic payloads are sent to the machine that is being targeted, causing system crashes.

Smurf attack
 A smurf attack is a type of denial-of-service attack in which a system is flooded with spoofed
ping messages.

 This creates high computer network traffic on the victim’s network, which often renders it
unresponsive.

Nuke
 A Nuke is an old denial-of-service attack against computer networks consisting of fragmented
or otherwise invalid ICMP packets sent to the target, achieved by using a modified ping utility
to repeatedly send this corrupt data, thus slowing down the affected computer until it comes
to a complete stop.

SMT.KUMUDBEN DARBAR COLLEGE OF COMM, SCI & MGT STUDIES,VIJAYAPUR 17 | P A G E

 CYBER SECURITY UNIT-III

DDoS attack
 A Distributed Denial of Service (DDoS) attack is an attempt to make an online service
unavailable by overwhelming it with traffic from multiple sources.

 They target a wide variety of important resources, from banks to news websites, and present
a major challenge to making sure people can publish and access important information.

How to prevent DOS/DDOS attacks

 Filtering: Routers at the edge of the network can be trained to spot and drop DDOS
connections, preventing them from slowing the network or the server.

 Moving: If the attack is pointed at a specific IP address, the site’s IP can be changed.

 Blackholing: A host may simply “blackhole” a site that is being DDOSed, directing all traffic to
it to an address that doesn’t exist. This is normally a last resort.

SQL Injection
 SQL injection is a code injection technique, used to attack data-driven applications, in which
malicious SQL statements are inserted into an entry field for execution (e.g. to dump the
database contents to the attacker).

SMT.KUMUDBEN DARBAR COLLEGE OF COMM, SCI & MGT STUDIES,VIJAYAPUR 18 | P A G E

 CYBER SECURITY UNIT-III

 It is the type of attack that takes advantage of improper coding of your web applications that
allows hacker to inject SQL commands into say a login form to allow them to gain access to
the data held within your database.

What an attacker can do?

* ByPassing Logins : by obtaining username and passwords

* Accessing secret data : reconnaissance

* Adding new data or Modifying contents of website: INSERT/UPDATE

* Shutting down the My SQL server

Steps for SQL Injection attack

Step 1: Finding Vulnerable Website:

find the Vulnerable websites(hackable websites) using Google Dork list.

google dork is searching for vulnerable websites using the google searching tricks

use “inurl:” command for finding the vulnerable websites.

Some Examples:
inurl:index.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:pageid=

How to use?
copy one of the above command and paste in the google search engine box.
Hit enter.
You can get list of web sites.
We have to visit the websites one by one for checking the vulnerability.

Step 2: Checking the Vulnerability:

Now we should check the vulnerability of websites.

In order to check the vulnerability ,add the single quotes(‘) at the end of the url and hit
enter.

For eg:
http://www.victimsite.com/index.php?id=2'

If the page remains in same page or showing that page not found or showing some other
webpages. Then it is not vulnerable.

If it showing any errors which is related to sql query, then it is vulnerable.

Step 3: Finding Number of columns:

Now we have found the website is vulnerable.

Next step is to find the number of columns in the table.

SMT.KUMUDBEN DARBAR COLLEGE OF COMM, SCI & MGT STUDIES,VIJAYAPUR 19 | P A G E

 CYBER SECURITY UNIT-III

For that replace the single quotes(‘) with “order by n” statement

Change the n from 1,2,3,4,,5,6,…n. Until you get the error like “unknown column “.

For eg:

http://www.victimsite.com/index.php?id=2 order by 1
http://www.victimsite.com/index.php?id=2 order by 2
http://www.victimsite.com/index.php?id=2 order by 3
http://www.victimsite.com/index.php?id=2 order by 4

…..

http://www.victimsite.com/index.php?id=2 order by 8(error)

so now x=8 , The number of column is x-1 i.e, 7.

Step 4: Displaying the Vulnerable columns:

Using “union select columns sequence” we can find the vulnerable part of the table.
Replace the “order by n” with this statement.

And change the id value to negative

Replace the columns_sequence with the no from 1 to x-1(number of columns) separated

with commas(,).

For eg:
if the number of columns is 7 ,then the query is as follow:

http://www.victimsite.com/index.php?id=-2 union select 1,2,3,4,5,6,7—

Blind SQL injection

 Blind SQL Injection is used when a web application is vulnerable to an SQL injection but the
results of the injection are not visible to the attacker.

 The page with the vulnerability may not be one that displays data but will display differently
depending on the results of a logical statement injected into the legitimate SQL statement
called for that page.

 This type of attack can become time-intensive because a new statement must be crafted for
each bit recovered.

 There are several tools that can automate these attacks once the location of the vulnerability
and the target information has been established

How to prevent SQL Injection attacks

 Input validation

◦ Replace all single quotes to two single quotes

◦ Sanitize the input: clean characters like ;, --, select, etc

◦ Numeric values should be checked while accepting a query string value

◦ Keep all text boxes and form fields short

SMT.KUMUDBEN DARBAR COLLEGE OF COMM, SCI & MGT STUDIES,VIJAYAPUR 20 | P A G E
 CYBER SECURITY UNIT-III

 Modify error reports

◦ SQL errors should not be displayed to the outside world

 Other preventions

◦ Never use default system accounts for SQL server 2000

◦ Isolate database server and webserver: different machines

◦ Extended stored procedures, user defined functions should be moved to an isolated

server.

Buffer overflow
 In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly
where a program, while writing data to a buffer, overruns the buffer's boundary and
overwrites adjacent memory. This is a special case of violation of memory safety.

 This may result in erratic program behavior

 Buffer overflows are not easy to discover and even when one is discovered, it is generally
extremely difficult to exploit.

 In a classic buffer overflow exploit, the attacker sends data to a program, which it stores in an
undersized stack buffer. The result is that information on the call stack is overwritten,
including the function's return pointer.

 The data sets the value of the return pointer so that when the function returns, it transfers
control to malicious code contained in the attacker's data.

 At the code level, buffer overflow vulnerabilities usually involve the violation of a
programmer's assumptions.

 Many memory manipulations functions in C and C++ do not perform bounds checking and can
easily overwrite the allocated bounds of the buffers they operate upon.

 Even bounded functions, such as strncpy(), can cause vulnerabilities when used incorrectly.

 The combination of memory manipulation and mistaken assumptions about the size or
makeup of a piece of data is the root cause of most buffer overflows.

Example
 The code in this example also relies on user input to control its behavior, but it adds a level of
indirection with the use of the bounded memory copy function memcpy().

 This function accepts a destination buffer, a source buffer, and the number of bytes to copy.
The input buffer is filled by a bounded call to read(), but the user specifies the number of bytes
that memcpy() copies.

... char buf[64], in[MAX_SIZE];

printf("Enter buffer contents:\n");

read(0, in, MAX_SIZE-1);

SMT.KUMUDBEN DARBAR COLLEGE OF COMM, SCI & MGT STUDIES,VIJAYAPUR 21 | P A G E

 CYBER SECURITY UNIT-III

printf("Bytes to copy:\n");

scanf("%d", &bytes);

memcpy(buf, in, bytes); ...

 Note: This type of buffer overflow vulnerability (where a program reads data and then trusts
a value from the data in subsequent memory operations on the remaining data) has turned
up with some frequency in image, audio, and other file processing libraries.

Types of buffer overflow

 Stack-based buffer overflow

 Heap buffer overflow

 NOPs

Stack-based buffer overflow

 A stack-based buffer overflow condition is a condition where the buffer being overwritten is
allocated on the stack

 Attack may exploit this to manipulate the program by

◦ Changing the local variable

◦ Changing the return address

◦ Changing the function pointer or exception handler

Heap buffer overflow

 A heap overflow is a type of buffer overflow that occurs in the heap data area.

 Heap overflows are exploitable in a different manner to that of stack-based overflows.

 Memory on the heap is dynamically allocated by the application at run-time and typically
contains program data.

 Exploitation is performed by corrupting this data in specific ways to cause the application to
overwrite internal structures such as linked list pointers.

 The canonical heap overflow technique overwrites dynamic memory allocation linkage (such
as malloc meta data) and uses the resulting pointer exchange to overwrite a program function
pointer.

NOP-sled
 A NOP-sled is the oldest and most widely known technique for successfully exploiting a stack
buffer overflow.

 It solves the problem of finding the exact address of the buffer by effectively increasing the
size of the target area.

SMT.KUMUDBEN DARBAR COLLEGE OF COMM, SCI & MGT STUDIES,VIJAYAPUR 22 | P A G E

 CYBER SECURITY UNIT-III

 To do this, much larger sections of the stack are corrupted with the no-op machine instruction.
At the end of the attacker-supplied data, after the no-op instructions, the attacker places an
instruction to perform a relative jump to the top of the buffer where the shellcode is located.

 This collection of no-ops is referred to as the "NOP-sled" because if the return address is
overwritten with any address within the no-op region of the buffer it will "slide" down the no-
ops until it is redirected to the actual malicious code by the jump at the end.

How to minimize buffer overflow

 Assessment of secure code manually

 Disable stack execution

 Compiler tools

 Dynamic run-time checks

 Various tools are used to detect/ defend buffer overflow

◦ stackGaurd

◦ Propolice

◦ LibSafe

Attacks On Wireless Network

In security breaches, penetration of a wireless network through unauthorized access termed as
wireless cracking

Traditional techniques

➢ Sniffing

➢ Spoofing

➢ DoS

➢ Man-in-the-middle attack

➢ Encryption cracking

How to secure the wireless n/w

1. Change the default settings of all the equipment’s/ components of wireless network

2. Enable WPA/WEP encryption

3. Change the default SSID

4. Enable MAC address filtering

5. Disable remote login

6. Disable SSID broadcast

7. Disable the features that are not used in AP

SMT.KUMUDBEN DARBAR COLLEGE OF COMM, SCI & MGT STUDIES,VIJAYAPUR 23 | P A G E

 CYBER SECURITY UNIT-III

8. Avoid providing the n/w a name which can be easily identified

9. Connect only to secured wireless n/w

10.Upgrade router’s firmware periodically

11. Assign static IP address to devices

12. Enable firewalls on each computer & the router

13. Position the router or AP safely

14. Turn off the n/w during extended periods when not in use

15. Periodic and regular monitor wireless n/w security

PHISHING: phishing is a type of deception designed to steal your identity

Methods of Phishing Attack
These techniques are briefed in the following:

i. Dragnet Method: This method involves the use of spammed emails, bearing falsified corporate
identification (e.g., trademarks, logos, and corporate names), that are addressed to a large class of
people (e.g., customers of a particular financial institution or members of a particular auction site) to
websites or pop-up windows with similarly falsified identification to trigger immediate response.

ii. Rod-and-Reel method: This method targets prospective victims with whom initial contact is already
made. Specific prospective victims so defined are targeted with false information to them to prompt
their disclosure of personal and financial data.

iii. Lobsterpot Method: It consists of creation of websites similar to legitimate corporate websites
which narrowly defined class of victims by phishers. Smaller class of prospective victims identified in
advance, but no triggering of victim response. It is enough that the victims mistake the spoofed
website as a legitimate and trust worthy site and provides information of personal data.

iv. Gillnet phishing: In gillnet phishing; phishers introduce malicious code into emails and websites.
They can, for example misuse browser functionality by injecting hostile content into another site’s pop
– up window. Merely by opening a particular email, or browsing a particular website, Internet users
may have a Trojan horse introduced into their systems. In some cases, the malicious code will change
settings in user’s systems, so that users who want to visit legitimate banking websites will be
redirected to a lookalike phishing site. In other cases, the malicious code will record user’s keystrokes
and passwords when they visit legitimate banking sites, then transmit those data to phishers for later
illegal access to users’ financial accounts.

Phishing techniques
The attacker can attack on any website in different ways. Some of them are as follows

URL (weblink) manipulation: This type of phishing is possible by making some changes in the link
provided by the spoofed page. A number of phishing attacks use technical deception process which is
designed to make a link in an email that appears to the spoofed organization link. It is possible by
doing misspell the URLs or by the use of subdomains to target the web user. For example, in the URL

SMT.KUMUDBEN DARBAR COLLEGE OF COMM, SCI & MGT STUDIES,VIJAYAPUR 24 | P A G E

 CYBER SECURITY UNIT-III

http://www.mybank.services.com/, it appears that the URL is asking to login the ‘mybank.services’

part of the website, which is actually a phishing URL of the legitimate site.

Website forgery: An phishing attack can use flaws in a trusted website’s scripts tags against the web
user. This type of phishing attack which is also known as cross-site scripting is very problematic,
because they redirect the user to sign in at bank or services column of web page. In that page
everything from the web address to the security certificates appears original and legitimate.

Filter evasion: Images can also be used for the phishing attack. By the use of image in place of text, it
is very difficult to trace the phishing webpage. The filter evasion technique uses this methodology
while making the phishing webpage. This type of phishing web page takes less time to prepare the
spoofing websites, and uses less number of coding tags on the webpage.

Phone phishing: Since the mobile users are increasing rapidly and the internet access from mobile is
also increasing, so the phishing attacks are targeting the mobile user to steal the confidential
information. In the mobile phishing, the messages looks link coming from the mobile that claimed to
be from a bank which told users to dial a number regarding the problems with their bank account

Flash phishing: anti phishing toolbar is install/enabled to check the web page content for signs of
phishing but have limitations & they don’t analyze flash objects at all phishers use it to emulate the
legitimate website. Netizens believe that the website is “clean “and is real website because anti
phishing toolbar is unable to detect it

Social phishing: reveal sensitive data by other means and it works in a systematic manner

➢ Phisher send a mail as if it is sent by bank asking to call them back because there was a security
breach

➢ The victim calls the bank on phone displayed in the mail

➢ The phone number they provided is fake so the victim is redirected to phisher

➢ Phisher speaks with victim in the similar manner/style as bank employee and gets all his information
like account number, password etc…

Classification of phishing scams

Phishing attacks can be classified into various types according to the way attack is done. According to
many researchers the various types of phishing attacks has been described below.

Deceptive Phishing- Messages about the need to verify account information, system failure requiring
users to re-enter their information, fictitious account charges, undesirable account changes, new free
services requiring quick action, and many other scams are broadcast to a wide group of recipients with
the hope that the victim will respond by clicking a link to or signing onto a bogus site where their
confidential information falls in this category.

Malware-Based Phishing- Refers to scams that involve running malicious software on users' PCs.
Malware can be introduced as an email attachment, as a downloadable file from a web site, or by
exploiting known security vulnerabilities.

Key loggers and Screen loggers This type of malware tracks the input from the keyboard and the
relevant information will be send to the hackers through internet. They go into the users' browsers as

SMT.KUMUDBEN DARBAR COLLEGE OF COMM, SCI & MGT STUDIES,VIJAYAPUR 25 | P A G E

 CYBER SECURITY UNIT-III

a small program and run automatically when the browser is started as well as into system files as
device drivers or screen monitors.

Session Hijacking: This deals with monitoring the activities of the users until they sign in to the account
or transaction and create their important information. At that point the infected software will perform
unauthorized actions, such as transferring funds, without the user's knowledge.

Web Trojans- They pop-up invisibly when users are attempting to log in. They collect the user's
credentials locally and transmit them to the phisher.

Pharming
DNS-Based Phishing -With a pharming scheme, hackers tamper with a company's hosts files or
(DNS)domain name system so that requests for URLs or name service return a bogus address and
subsequent communications are directed to a fake site.

Hosts File Poisoning- When a user types a URL to visit a website it must first be translated into an IP
address before it is transmitted over the Internet. The majority of SMB(small and medium business
organizations) users' PCs running a operating system look up these "host names" in their "hosts" file
before undertaking a Domain Name System (DNS) lookup. By "poisoning" the hosts file, hackers have
a bogus address transmitted, taking the user unwillingly to a fake website where their information can
be stolen.

System Reconfiguration Attacks- Modify settings on a user's PC for malicious purposes. For example:
URLs in a favourites file might be modified to direct users to look alike websites. For example: a bank
website URL may be changed from "www.gmail.com" to "www.gmai1.com".

Data Theft Sensitive data’s will be stored in Pcs. These data’s will be taken by the victims without
knowing to the user. Commonly, this information is user information such as passwords, social security
numbers, credit card information, other personal information, or other confidential corporate
information By stealing confidential communications, design documents, legal opinions, employee
related records, etc., thieves profit from selling to those who may want to embarrass or cause
economic damage or to competitors.

Content-Injection Phishing- It describes the situation where hackers replace part of the content of a
legitimate site with false content designed to mislead or misdirect the user into giving up their
confidential information to the hacker. For example, phisher may insert malicious code to log user's
credentials or an overlay which can secretly collect information and deliver it to the phisher.

Man-in-the-Middle Phishing- In these attacks phisher positions themselves between the user and the
legitimate website or system. They record the information being entered but continue to pass it on so
that users' transactions are not affected. Later they can sell or use the information or credentials
collected when the user is not active on the system.

Search Engine Phishing- Occurs when phishers create websites with attractive (often too attractive)
sounding offers and have them indexed legitimately with search engines. Users find the sites in the
normal course of searching for products or services and are fooled into giving up their information.
For example, scammers have set up false banking sites offering lower credit costs or better interest
rates than other banks. Victims who use these sites to save or make more from interest charges are

SSL certificate phishing: advanced type of scam. Targets on web server with ssl certificate to create
duplicitous website with fraudulent webpage displaying similar “lock “icon

SMT.KUMUDBEN DARBAR COLLEGE OF COMM, SCI & MGT STUDIES,VIJAYAPUR 26 | P A G E

 CYBER SECURITY UNIT-III

Spear phishing is an attempt to entice a specifically targeted victim to open a malicious attachment
or visit a malicious website with the intent of gaining insight into confidential data and/or acting on
nefarious objectives against the victim's organization.

Phishing countermeasures

➢ Keep antivirus up to date

➢ Do not click on hyperlinks in E-Mails

➢ Take advantage of anti-Spam software

➢ Verify https (SSL)

➢ Use anti-spyware software

➢ Use firewall

➢ Do not enter sensitive or financial information into pop-up windows

➢ Protect against DNS pharming attacks

Identity Theft
Refers to the fraud that involves pretending to de some else to steal money or get other benefits. Id
theft is punishable offense under the Indian IT Act. Identity theft is a term used to refer to fraud that
involves stealing money or getting other benefits by pretending to be someone else. As the result, the
someone whose identity has been stolen can suffer various consequences when he/she is held
responsible for the perpetrator's actions. This is why in many countries specific laws make it a crime
to use another person's identity for personal gain.

Personally Identifiable Information (PII)

PII has four common variants based on personal, personally, identifiable and identifying.

The fraudsters attempt to steal the elements mentioned below, which can express the purpose of
distinguishing individual identity:

1. Full Name;
2. National identification Number (e.g., SSN)
3. Telephone number and mobile phone number;
4. Driver’s licence number;
5. Credit card number;
6. Digital identity (E-Mail address, online account ID and password)
7. Birth date/ birth day
8. Birth place
9. Face and fingerprint

SMT.KUMUDBEN DARBAR COLLEGE OF COMM, SCI & MGT STUDIES,VIJAYAPUR 27 | P A G E

 CYBER SECURITY UNIT-III

The information can be further classified as:

1. Non-Classified information
a. Public information: Public record
b. Personal information: Address, telephone number email-id
c. Routine business information: About routine business
d. Private information: SSN, Credit card number etc.,
e. Confidential business information: Sales and marketing plans, new product plan,
notes associated with potential inventions.
2. Classified information
a. Confidential: information about strength of armed forces, technical information
about weapons.
b. Secret: National security policy, military plans, intelligent operations
c. Top Secret: vital defence plans and cryptologic intelligent system.

Types Of Identity Theft

➢ Financial Identity Theft- another's identity to obtain goods and services includes credit card fraud,
tax refund fraud, mail fraud etc

➢ Criminal Identity Theft- posing as another when apprehended for a crime, drug trafficking,
smuggling, money laundering

➢ Identity cloning - another's information to assume his or her identity in daily life

➢ Business Identity Theft -another's business name to obtain credit

➢ Medical Identity Theft

➢ Synthetic Identity Theft

➢ Child Identity Theft

Techniques of ID Theft
 Human based methods: These methods are techniques used by an attacker without and/or
minimal use of technology
 Direct access to information
 Dumpster diving
 Theft of a purse or wallet
 Mail theft and rerouting
 Shoulder surfing
 False or disguised ATMs (Skimming)
 Dishonest or mistreated employees
 Telemarketing and fake telephone calls

SMT.KUMUDBEN DARBAR COLLEGE OF COMM, SCI & MGT STUDIES,VIJAYAPUR 28 | P A G E

 CYBER SECURITY UNIT-III

 Computer based methods: These techniques are attempts made by the attackers to exploit
the vulnerabilities within existing process and /or systems.
 Backup theft
 Hacking unauthorized access to systems and database theft
 Phishing
 Pharming
 Redirectors
 Hardware

Identity theft Countermeasures

 Monitor your credit closely
 Keep records of your financial data and transactions
 Install security software
 Use an updated web browser
 Be wary of E-mail attachments and links in both E-mail and instant messages
 Store sensitive data securely
 Protect your PII
 Stay alert to the latest scams

How to protect your online identity

 www.giantmatrix.com: Anti Tracks
 www.privacyeraser.com: Privacy Eraser Pro
 www.reputationdefender.com: MyPrivacy
 www.suicidemachine.org: Web 2.0 Suicide Machine
 www.seppukoo.com: Seppukoo

The Legal Perspectives

 Cybercrime is the largest illegal industry. It involves massive, coordinated attacks against the
information infrastructure of a country.
 Cyberlaw is essential for people who may directly or indirectly interact with networked
services either over the Internet or other proprietary networks of business and enterprises of
any other types.

Why Do We Need Cyberlaws: The Indian Context?

 It is essential to address the gap through a suitable law given in increasing use of Internet &
Other computer technologies in India.
 There is a need to have some legal recognition to the Internet as it is one of the most
dominating sources of carrying out business in today’s world.
 Cyber terrorism includes the use of disruptive activities with the intension to future social ,
ideological, religious, etc.,
Indian parliament passed the information technology bill on 17 May 2000. knows as ITA 2000. It talks
about cyberlaws and forms the legal framework for electronic records and other activities done by
electronic means. A legal framework for the cyberworld was conceived in India, in the form of a draft
E-Commerce Act 1998.

SMT.KUMUDBEN DARBAR COLLEGE OF COMM, SCI & MGT STUDIES,VIJAYAPUR 29 | P A G E

 CYBER SECURITY UNIT-III

The Indian IT Act

 This act was published in the year 2000 with the purpose of providing legal recognition for
transactions carried out by means of electronic data interchange and other means of
electronic communication, commonly referred to as electronic commerce.
 Another purpose of the Indian IT Act was to amend the Indian Penal Code (IPC), the Indian
Evidence Act 1872, the Bankers Books Evidence Act 1891, the Reserve Bank of India Act 1934
and the matter concern with therewith or incidental thereto.

The Indian ITA 2000

Chapter Chapter Title Name of the sections in the chapter
Number

CHAPTER I Preliminary 1. Short title, extend, commencement and applications

2. Definitions of key terms mentioned in the Act

CHAPTER II Digital signature and 3. Authentication of electronic records

electronic signature

CHAPTER III Electronic 4. Legal recognition of electronic records

Governance 5. Legal recognition of electronic signature
6. Use of electronic records and digital signatures in government
and its agencies
7. Retention of electronic records etc..,

CHAPTER XI Offences 65. Tampering with computer source documents

66A Punishment for 66. Computer related offences
offensive messages 67. Punishment for publishing, transmitting obscene material in
66B Punishment for electronic form
dishonestly 70. Protected system
receiving stolen 71. Penalty for misrepresentation
computers etc., 72. Penalty for breach of confidentiality and privacy
73. Penalty for publishing Digital Signature Certificate false in
certain particulars
74. Publication for fraudulent purpose

CHAPTER XII Intermediaries not 79. Exemption from liability of intermediary in certain cases
to be Liable in
certain cases

Sections of Indian IT 2000

Section Description

Section 65 Tampering with computer source documents

Section 66 Computer related offences

Section 67 Punishment for publishing or transmitting obscene material in electronic form

Section 71 Penalty for misrepresentation

SMT.KUMUDBEN DARBAR COLLEGE OF COMM, SCI & MGT STUDIES,VIJAYAPUR 30 | P A G E

 CYBER SECURITY UNIT-III

Section 72 Penalty for breach of confidentiality and privacy

Section 73 Penalty for publishing Digital Signature Certificate false in certain particulars

Section 74 Publication for fraudulent purpose

Digital Signature and the Indian IT Act

 A digital Signature is a type of electronic Signature that is used to guarantee the integrity of
the data. It is also known as an electronic signature.
 Digital Signature is a process that guarantees that the contents of a message have not been
altered in transit. When you, the server, digitally sign a document, you add a one-way hash
(encryption) of the message content using your public and private key pair.
 A digital signature guarantees the authenticity of an electronic document or message in digital
communication and uses encryption techniques to provide proof of original and unmodified
documentation.
 Digital signatures are used in e-commerce, software distribution, financial transactions and
other situations that rely on forgery or tampering detection techniques.

A digital signature is applied and verified, as follows:

• The document or message sender (signer) or public/private key supplier shares the public key
with the end user(s).
• The sender, using his private key, appends the encrypted signature to the message or
document.
• The end user decrypts the document and verifies the signature, which lets the end user know
that the document is from the original sender.

Public –Key Certificate

 It is a digitally signed statement from one entity, saying that the public key of another entity
has some specific value. The digital signature linked to the identity of the signer using security
token such as X.509.
 An X.509 certificate contains information about the certificate subject and the certificate
issuer. A certificate is encoded in Abstract Syntax Notation One (ASN.1), a standard syntax for
describing messages that can be sent or received on a network.
 A certificate includes
 X.509 Version information
 A serial number that uniquely identifies the certificate
 A common name that identifies the subject
 The public key associated with the common name
 The name of the user who created the certificate, known as the subject name
 Information about the certificate issuer
 Signature of the issuer
 Information about the algorithm used to sign the certificate
 Some optional X.509 version 3 extensions.

SMT.KUMUDBEN DARBAR COLLEGE OF COMM, SCI & MGT STUDIES,VIJAYAPUR 31 | P A G E

 CYBER SECURITY UNIT-III

Representation of Digital Signature in the ITA 2000

 ITA 2000 had prescribed digital signatures based on asymmetric cryptosystem and Hash
system as the only acceptable form of authentication of electronic documents recognized as
equivalent to signature in paper form.
 In section 35, subsection (3), which made it mandatory for an applicant of a digital signature
certificate to enclose a certificate practice statement along with his application.
 One of the major deficiencies in the bill, which could delay implementation, is the provisions
regarding the role and function of Certifying Authorities as well as the process of issuing digital
certificates.

Amendment to the Indian IT act

 A welcome change is heralded by the amendments to the Indian IT act. In the amended Indian
IT Act, that is ITA 2008, there is addition of several new offences that are apt with the ne
paradigm in today’s net centric digital economy.
 Section 66 has now been expanded to include sections 66A(Offensive messages), 66B
(receiving stolen computer) etc.,
 The new legal definition that given to the term cybersecurity under the newly inserted Section
2(nb) (Inserted Vide ITAA 2008)- Cybersecurity means protecting information, equipment,
devices, computer, computer resource, communication device and information stored therein
from unauthorized access, use, disclosure, disruption, modification or destruction.
 Section 66B: It states punishment for dishonestly receiving stolen computer resource or
communication device. Whoever dishonestly receives or retains any stolen computer
resource or communication device knowing or having reason to believe the same to be stolen
computer resource or communication device shall be punished with imprisonment of either
description for a term which may extend to three years or with fine which may extend to
rupees 1 lakh or with both
 Section 78 and 80: The authority of investigation is brought down from the previous level of
DSPs to the level of inspectors. The police need to work overtime as well as get trained in the
handling of cybercrime.
 Section 43(j): The cases where compensation can be claimed to cases of a person without the
permission of the owner of a computer, computer resource “steals, conceals, destroys or alter
or causes any person to steel, conceal or alter any computer source code used for a computer
resource with an intension to cause damage.
 Section 72A: There is a provision for criminal prosecution for breach of information security.
This section states Save as otherwise provided in this Act or any other law for the time being
in force, any person including an intermediary who while providing services under the terms
of lawful contract, has secured access to any material containing personal information about
another person with the intent to cause or knowing that he is likely to cause wrongful gain
discloses, without the consent of the person concerned or in breach of a lawful contract, such
material to any other person shall be punished with imprisonment for a term, which may
extend to 3 years or with a fine, which may extend to 5 lakh rupees or with both.
 Section 85: Further under the section 85, the company as well as its Directors or officers in-
charge of business shall be held guilty of the offense committed by the company. Thus the
vicarious liability on the companies for data protection has been hardened.

SMT.KUMUDBEN DARBAR COLLEGE OF COMM, SCI & MGT STUDIES,VIJAYAPUR 32 | P A G E

 CYBER SECURITY UNIT-III

Cybercrime and Punishment

1. Reliance on terrestrial laws may not be a reliable approach: Despite the progress being made
in many countries, most countries still rely on standard terrestrial law to prosecute
cybercrimes. A majority of countries are relying on archaic statutes that predate the birth of
cyberspace and have not yet been tested in court.
2. Weak penalties limit deterrence: The weak penalties in most updated criminal statutes
provide limited deterrence for crimes that can have large-scale economic and social effects.
3. Self-protection remains the first line of defence: The general weakness of statutes increases
the importance of private sector efforts to develop and adopt strong and efficient technical
solutions and management practices for information security.
4. A global patchwork of laws creates little certainty: Little consensus exists among countries
regarding exactly which crimes need to be legislated against. In the networked world no island
is an island. Unless crimes are defined in a similar manner across jurisdictions coordinated
efforts by law enforcement officials to combat cybercrime will be complicated.
5. A model approach is needed: Most countries, particularly those in the developing world, are
seeking a model to follow. These countries recognize the importance of banning malicious
computer-related acts in a timely manner to promote a secure environment for E-Commerce.
But a few have the legal and technical resources necessary to address the complexities of
adapting terrestrial criminal statutes to cyberspace. A coordinated public-private partnership
to produce a model approach can help eliminate the potential danger from the inadvertent
creation of cybercrime havens.

Cyberlaw Technology & Students: Indian Scenario

 India has a peculiar scenario given the current educational system. Most technology students
have either nil or low exposure to law and most law students have only limited exposure to
information technology.
 A computer science stream student in a college is taught how to develop programs that can
be automatically transmit data across the Internet riding on a TCP/IP packet, without altering
him on cybercrimes such as hacking or virus introduction.
 The topic of secure coding is not included in most syllabi. The law students should taught
about Trade Mark and Copyrights without recognizing their implications on the electronic
documents. As a result, neither the technologist nor the lawyer is trained in his formative
years to understand cyberlaw.
 In future Engineering, Commerce and Management colleges need to teach cyberlaw as an
extension of computer science, commerce and Management education, even while the law
colleges try to extend their coverage of criminal laws and IPR laws to the cyberworld.

SMT.KUMUDBEN DARBAR COLLEGE OF COMM, SCI & MGT STUDIES,VIJAYAPUR 33 | P A G E