Cybercrime Issues

• The various forms of cybercrime and their implications in the digital world.

• The week begins by examining Trojans and backdoors, followed by an analysis of

Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks.

• Further discussions include phishing tactics, SQL injections, and buffer overflow
vulnerabilities, shedding light on their impact and prevention strategies.
1. Trojans and Backdoors
Types of Trojan horse viruses include:

[Link] Trojans: Install a backdoor on your computer, granting

remote access to cybercriminals.
[Link] Trojans: Overlap with backdoor Trojans and are used for
distributed denial of service attacks.
[Link] Trojans: Serve as the first step to larger attacks.
[Link] Trojans: Encrypt data on the compromised system and
demand payment for decryption.
[Link] Trojans: Conceal themselves and provide unauthorized
access.
Backdoor Attack:

The backdoor attack is one of the most threatening

aspects that businesses face in the present times.

An attacker, through hidden access points into systems,

bypasses every layer of security and manages
unauthorized entry into sensitive areas.
2. DoS and DDoS
[Link]
[Link] injections
[Link] Overflow

• A buffer is a temporary area for data storage. When more data

(than was originally allocated to be stored) gets placed by a
program or system process, the extra data overflows. It causes
some of that data to leak out into other buffers, which can
corrupt or overwrite whatever data they were holding.

• In a buffer-overflow attack, the extra data sometimes holds

specific instructions for actions intended by a hacker or
malicious user; for example, the data could trigger a response
that damages files, changes data or unveils private information.
BITE413L-Cyber Security

Faculty :
[Link] [Link](IT),[Link](IT) Ph.D
SCORE-VIT Vellore Campus
Cybercrime and Cyber
Law-Part 2
1. Cybercrime in India: Case Studies
 2. Proxy Servers and Anonymizers
Proxy Servers
• A proxy server acts as a Main Uses:
middleman between your device
and the internet. •Hiding your IP address (to some
• When you use a proxy, your extent).
internet traffic is routed •Content filtering (like blocking
through the proxy first. The YouTube at school).
proxy then connects to the
website you want to visit. •Access control (businesses
controlling employee web access).
•Load balancing (managing lots of
• Main purposes:
• Privacy: Hides your IP address
traffic efficiently).
from the websites you visit. •Caching (saving frequent websites for
• Security: Can filter malicious faster loading).
sites or monitor traffic
(especially in companies).
• Access Control: Schools or
workplaces often use proxies to
block certain websites.
• Caching: Proxies can store copies
of popular websites, making them
load faster.

• Example: You send a request →

Proxy Server → Website → Proxy
Server → You.
Anonymizers
• An anonymizer is a service or tool that
specifically focuses on hiding your identity
online.
• A proxy can be an anonymizer, but not all proxies
are focused on anonymity.
• Main purposes:
• Hide IP address: To prevent tracking.
• Bypass censorship: Access blocked content in restricted
regions.
• Protect privacy: Make it harder for websites,
governments, or hackers to trace your activity.
• Some anonymizers use multiple layers to make
tracking extremely difficult.
• Example: When you use Tor, your data is encrypted
and passed through several random volunteer-run
servers worldwide before reaching its destination.
[Link]: Tactics, Risks and Defences
[Link] Cracking: Tools and
Techniques
[Link] and Spyware: Threats and
Defences

Keyloggers
•Definition:
A keylogger is a type of malicious software (or
hardware) that records every keystroke you make on your
device — passwords, messages, credit card numbers,
everything.
•Types:
• Software-based: Hidden programs installed on your
system.
• Hardware-based: Physical devices plugged between
your keyboard and computer.
•Threats:
• Theft of sensitive information (passwords, PINs,
credit cards).
• Identity theft.
• Corporate espionage (stealing company secrets).
•Examples:
Spyware
•Definition:
Spyware is malicious software designed to gather information about you
without your consent. It might track browsing habits, steal files, record
audio/video, or monitor applications.
•Types:
• Adware (shows ads, tracks activity).
• System monitors (log all user activity).
• Trojans (disguise themselves as legitimate programs).
•Threats:
• Loss of privacy.
• Financial theft (by accessing your banking info).
• Device slowdown (because spyware runs in the background).
• Unauthorized surveillance (camera/microphone access).
•Examples:
• Clicking malicious links.
• Installing free software bundled with spyware.
• Visiting compromised websites.
BITE413L-Cyber Security

Faculty:
[Link] [Link](IT),[Link](IT) Ph.D
SCORE-VIT Vellore Campus
Cybercrime and Cyber
Law
1. Understanding Modus
Operandi(MO) of Cybercriminals
a) Common Cybercrimes
b) Identifying and Recognising Cybercrimes
c) Real-World Cases of Cybercrime
o Case Study 1: Loan Fraud in Telangana
o Case Study 2: Phishing Attack Targeting a Journalist
o Case Study 3: Fake Loan Apps in Mumbai
o Case Study 4: Copyright Infringement Involving Free Images
o Case Study 5: Unemployment Insurance Fraud During the COVID-19
Pandemic
o Case Study 6: Fraudulent Debit Card Withdrawal in Bangalore
[Link] and Mitigation
Measures in Cybersecurity
• Remedial Measures
• Preventive Measures
• Cybersecurity Technologies and Tools
• Policies and Procedures Development
3. Overview of Information
Technology Act ITA 2000 (ITA
2000)
• Key Provisions of ITA 2000
• Strengths and Achievements of ITA 2000
• Protection Against Cybercrimes
• Safeguarding Digital Signatures
• Enforcement Mechanism
• Amendments to ITA 2000
4. Understanding ITA 2000
Amendments
• Foundation of ITA 2000
• Amendments to ITA 2000 (2008)
• Recent Developments in Cyber Law
• Sector Specific Regulations
• Key Sections of the ITA 2000
[Link] of Cybercrime Offences
and Organisations
• Legal Challenges in Addressing Cybercrime
BITE413L-Cyber Security

Faculty:
[Link] [Link](IT),[Link](IT) Ph.D
SCORE-VIT Vellore Campus

43
 Understanding
Computer Forensics

44
[Link] on Wireless Networks
Importance of Wireless Network Security
Strong encryption protocols and secure
authentication mechanisms are crucial to protect
sensitive data and maintain network integrity.
Key Elements of Wireless Network Security
confidentiality, integrity and authentication (CIA).
Security Requirements for Wireless Networks
Susceptibility to Theft and Unauthorised Access
Vulnerability Due to Open Radio Interface
Heterogeneous Operation of Mobile Service Networks
Proactive and Reactive Security Measures
45
• Types of Attacks on Wireless Networks
Man-in the-middle attacks
Denial-of-service attacks
LOIC
• Vulnerabilities in Wireless Network Protocols
• Challenges in Mobile Networks
• Mobile Device Security
• Mobile Malware Threats
• Environmental Threats to Mobile Devices
• Computer Security (COMPUSEC) Threats
• Communications Security (COMSEC) Threats
• Techniques for Detecting and Preventing
Security Threats
46
2. Introduction to Cyber
Forensics
Reasons for Cyber Forensics Investigations
Excessive Internet Usage
Inappropriate Use of Email
Non-Work-Related Usage of Company Resources
Information Theft
Security Violations
Intellectual Property (IP) Infractions

47
• Legal and Ethical Considerations in Cyber
Forensics
• Practical Applications and Examples
• Cyber Forensics in Investigating Cybercrimes
• Technological Advancements in Cyber Forensics

48
3. Digital Forensics Life
Cycle (DFLC)
Essential Principles for Digital Evidence
Admissibility in Court Authenticity
Completeness
Reliability
Understandability
Believability

49
Phases
of DFLC:

50
4. Introduction to Network
Forensics
Evolution of Network Forensics:
1. Early Beginnings (1990s – early 2000s)
2. 2. Emergence as a Discipline (Mid 2000s)
3. Real-Time Monitoring and Intrusion Detection (2010s)
4. Cloud and IoT Era (Late 2010s – early 2020s)
5. AI and Automation (2020s – Present)
6. Future Directions
• Quantum-safe forensics: Preparing for encryption/decryption in
a post-quantum world.
• Zero Trust Environments: Forensics will adapt to decentralized
authentication models.
• Cyber Threat Intelligence Integration: Closer alignment with
global threat intelligence networks.
51
52
Types of Network-Based Attacks

1. Denial of Service (DoS) & Distributed Denial of Service (DDoS)

 Goal: Overwhelm network resources to make services unavailable.

2. Man-in-the-Middle (MitM) Attacks

 Goal: Intercept and potentially alter communication between two parties.

3. Malware Injection via Network

 Goal: Deliver malicious payloads through network protocols.

4. Packet Sniffing (Eavesdropping)

 Goal: Capture data packets to extract sensitive information.

53
5. Session Hijacking

 Goal: Take over an active session between client and server.

[Link] Scanning and Enumeration

 Goal: Identify open ports and running services.

7. Phishing Over Network

 Goal: Trick users into revealing credentials or downloading malware.

9. Firewall/IDS Evasion

 Goal: Bypass perimeter defenses.

54
BITE413L-Cyber Security

Faculty:
[Link] [Link](IT),[Link](IT) Ph.D
SCORE-VIT Vellore Campus

3/5/2025 55
 Week 8: Tools and
Methods Used in
Cybercrime

3/5/2025 56
1.E-mail security
Importance of Email Security
• Protection of Sensitive Information
• Regulatory Compliance
General Data Protection Regulation (GDPR) in the European Union
Health Insurance Portability and Accountability Act (HIPAA) in the United
States

• Operational Continuity and Productivity

unable to access its email system due to a ransomware attack

3/5/2025 57
Email Breaches and Their Consequences
Financial and Reputational Damage
Compliance Violations
Email Architecture and Security
Mail Transfer System (MTS)
Mail Transfer Agents (MTAs)
Message User Agents (MUAs)
Message Delivery Agents (MDAs)
Privacy Enhanced Mail (PEM)

3/5/2025 58
Securing Email Content : Techniques for Email
Cryptographic Message
Syntax (CMS) Security:
Encapsulation and Triple Encryption
Wrapping Digital Signatures
MIME and S/MIME
Email Filtering
Threats and Best Practices for Email
Vulnerabilities: Security :
Common Email Threats – Regular Updates and
Malware, Email Spoofing:
Mitigation Strategies - Monitoring
Email Authentication User Awareness and Training
Protocols, Employee Compliance and
Training, Advanced Threat
Protection (ATP). Configuration -enforcing
3/5/2025
SSL/TLS for email traffic
59
2. Trojans and Backdoors
Distribution methods:
Email Attachments
• Fake Websites
• Software Bundling
• Drive-By Downloads
• Removable Media
• Social Engineering

3/5/2025 60
Backdoor:
A backdoor is a hidden method of bypassing
normal authentication or security mechanisms in
a computer system, software application, or
network. Once a backdoor is installed or
discovered, attackers can access the system
without detection, execute commands, steal data,
or install additional malware.
Purpose of Backdoors
• Malicious Use: For unauthorized access by
cybercriminals or nation-state actors.
• Legitimate Use: Developers may install
backdoors for remote troubleshooting (though
this is dangerous and discouraged).
• Espionage or Surveillance: Governments may use 61
3/5/2025
Types of Backdoors
1. Software Backdoors
• Hidden in code—sometimes deliberately by developers or maliciously
added.
• Example: A hardcoded username/password in an application.
2. Operating System Backdoors
• Exploit OS vulnerabilities or install rootkits.
• Give attackers admin-level access.
3. Hardware Backdoors
• Found in firmware, chips, or devices like routers.
• Often invisible to software scans.
4. Cryptographic Backdoors
• Weak encryption keys or algorithms that allow unauthorized
decryption.
• Sometimes introduced via flawed implementations (e.g., weakened
random number generators).
5. Remote Access Trojans (RATs)
• Malware that gives attackers remote control of a system.
• Can record keystrokes, access the webcam.
3/5/2025 62
Common Backdoor Techniques
• Rootkits: Modify OS components to hide files,
processes, or network activity.
• Polymorphic Code: Changes appearance to evade
signature detection.
• Command-and-Control (C2): Attackers communicate
with infected systems via encrypted channels.
• Fake Services or Processes: Mask the backdoor
as legitimate system processes.
• Abuse of Legitimate Tools: Tools like
PowerShell or SSH are used to create
persistent, low-profile backdoors.

3/5/2025 63
Risks and Detection Methods
Consequences •Signature-based Scanning: Detects
• Data Breaches known backdoor code using antivirus
or anti-malware tools.
• Ransomware •Heuristic Analysis: Detects
Deployment
suspicious behavior even without a
• Espionage known signature.
• Loss of Reputation •File Integrity Monitoring: Watches
• Financial Damage for unauthorized changes in system
files.
• Regulatory Penalties
•Network Traffic Analysis:
Identifies unusual outbound traffic
to attacker-controlled servers.
•Sandboxing: Executes suspicious
files in isolated environments to
study behavior.
3/5/2025 64
•SIEM Tools: Aggregates logs and
Prevention and Mitigation:
[Link] Audits – Regularly review software for
backdoor code.
[Link] Management – Fix vulnerabilities
promptly.
[Link] Control – Apply least privilege
principles.
[Link] Detection/Prevention Systems
(IDS/IPS) – Identify and block abnormal
activities.
[Link] Detection and Response (EDR) –
Monitors endpoint behavior in real time.
[Link] Segmentation – Limit lateral movement.
[Link]
3/5/2025 – Secure data at rest and in 65
3. Steganography

Steganography is a covert communication technique that embeds

malicious or confidential data inside ordinary, seemingly harmless
files such as:
• Images (JPEG, PNG)
• Audio files (MP3, WAV)
• Video files (MP4)
• Text documents (PDF, DOCX)
• Network protocols (like DNS or HTTP headers)
• Unlike encryption, which hides the content, steganography hides
the existence of the content.

3/5/2025 66
Type Medium Common Use/Technique
Image PNG, JPG LSB manipulation
LSB or frequency
Audio MP3, WAV
manipulation
Frame/audio layer
Video MP4, AVI
embedding
Whitespace, formatting,
Text TXT, DOCX
patterns
Data hidden in protocol
Network/Protocol Packets, Headers
fields
File System Disk structures Slack space, NTFS ADS
Hidden messages in
Email Email structure
3/5/2025 content/headers 67
4. SQL Injections
• SQL Injection (SQLi) is a web security
vulnerability that allows an attacker to
interfere with the queries that an application
makes to its database. It is one of the most
common and dangerous vulnerabilities, often
used to steal data, bypass logins, or execute
administrative operations on a database.

3/5/2025 68
 What Attackers Can Do with SQL
Injection
[Link] authentication
[Link] sensitive data (credit
cards, passwords, etc.)
[Link] or delete database records
[Link] administrative operations
(like DROP TABLE)
[Link] access to the underlying OS
(in some cases)
[Link] persistent backdoors

3/5/2025 69
Real-World Examples
• Heartland Payment Systems (2008): SQLi led to a
breach of 100M+ credit card records.
• Sony Pictures (2011): Hackers used SQLi to
steal sensitive data from movie databases.
• LinkedIn (2012): A SQLi vulnerability exposed
millions of user accounts.

3/5/2025 70
[Link] Overflow
• A buffer overflow is a vulnerability in low-
level programming (especially in languages like
C and C++) where a program writes more data to
a memory buffer than it can hold. This excess
data can overwrite adjacent memory, leading to
unpredictable behavior, crashes, or arbitrary
code execution by attackers.

3/5/2025 71
Type Description

Overwrites data on the stack, such as

Stack Overflow
return addresses.

Overwrites memory in the heap segment

Heap Overflow
(dynamically allocated memory).

Arithmetic error leads to buffer

Integer Overflow
miscalculation.

Exploits functions like printf when

Format String Exploits
format strings are user-controlled.

3/5/2025 72
 • How to Prevent Buffer Overflow:

• Programming Defenses:
• Use Safe Functions: Replace gets() with fgets(), strcpy() with strncpy().
• Bounds Checking: Always validate input lengths.
• Use High-Level Languages: Languages like Python or Java are memory-safe.
• Stack Canaries: Extra values placed on the stack to detect overwrites.
• Address Space Layout Randomization (ASLR): Randomizes memory addresses.
• Data Execution Prevention (DEP): Marks memory regions as non-executable

3/5/2025 73