Define cyber crime?

“Any crime that involves a computer and a network is called a “Computer Crime” or “Cyber
Crime”.
For this purpose a computer may have been used to commit such crime or simply a computer
may be the target.
Another term called “Internet crime” refers to criminal activities for exploiting the internet.
These crimes include and is not limited to identity theft, threatening a nation‘s security,
copyright infringement and child pornography. These crimes have become a threat to
individual privacy, where confidential data, individual‘s identity or photos and videos etc. is
stolen or intercepted by the attacker.
In ―Cyber Crime‖ such as identity theft, financial theft, espionage mostly non-state agents
and government organizations are involved.

state and explain the defference cyber crime and cyber fraud?

1. Hacking

By definition, hacking is the unauthorized accessing of a single device (such as a laptop or a

smartphone) or a computer network, and those who engage in the activity are called hackers.

Keep in mind, though, that in the strictest sense of the word, hacking is not illegal in and of
itself, and is therefore not a crime. It is simply a skill, and it is what people can do with this
skill that may be illegal.

2. Cyberstalking

Cyberstalking is the use of the internet and various online platforms within as well as other
electronic devices to stalk, harass, or blackmail any person or group. In some cases,
cyberstalking can escalate to physical violence, rape, and even murder.

Just like actual stalking, cyberstalking is considered a crime in most parts of the world. In the
United States, for example, cyberstalking is a federal crime under Title 47 of the U.S. Code.

3. Online identity theft

This is when a person is able to steal your personal information (Social Security number,
credit card information, bank account numbers) through online means. It can be achieved in a
variety of ways such as email phishing, malware injection, and brute force hacking.

In terms of financial loss as well as the serious hassle it causes, identity theft is one of the
most destructive forms of cybercrime. In one fell swoop, a cybercriminal can take over your
finances and take your money.

4. Online child abuse

This is, without a doubt, the most heinous type of cybercrime. There are many activities that
constitute online child abuse including the downloading, selling, and distribution of child
pornography through websites and forums and the solicitation of children for sex via
chatrooms.

Along with cyberstalking, online child abuse (and child abuse in general) is a federal crime
under the U.S. Code.

5. Ransomware attack

A ransomware attack is when a cybercriminal injects a specific kind of malware (called

ransomware) into your device. Ransomware gets its name because it is designed to block
access to your data until a certain amount is paid, thereby holding it for ransom. In most
cases, ransoms are demanded to be paid in bitcoins or other cryptocurrencies.

Ransomware attacks also cause significant financial damage. In 2017, it was reported that the
global cost of ransomware exceeded $5 billion dollars.

6. Internet fraud (online scams)

The purpose of an online scam is for you the victim, into willingly giving up money under
false pretenses. One typical scenario is called the ―charity fraud‖. Here, a criminal appeals to
your sense of righteousness by posing as a representative of a charitable organization
dedicated to a meaningful cause like cancer or AIDS research. After spinning you around, the
perpetrator will then ask for a hefty donation, which can be a either a one-time payment or a
series of payments.

Explain what is cyber stalking

Cyberstalking is the use of the internet and various online platforms within as well as other
electronic devices to stalk, harass, or blackmail any person or group. In some cases,
cyberstalking can escalate to physical violence, rape, and even murder.

Just like actual stalking, cyberstalking is considered a crime in most parts of the world. In the
United States, for example, cyberstalking is a federal crime under Title 47 of the U.S. Code.

Explain clearly who are termed as cyber criminals?

A cybercriminal is an individual who commits cybercrimes, where he/she makes use of the
computer either as a tool or as a target or as both.

Cybercriminals use computers in three broad ways:

  Select computer as their target: These criminals attack other people's computers to
perform malicious activities, such as spreading viruses, data theft, identity theft, etc.
 Uses computer as their weapon: They use the computer to carry out "conventional
crime", such as spam, fraud, illegal gambling, etc.
 Uses computer as their accessory: They use the computer to save stolen or illegal
data.

Cybercriminals often work in organized groups. Some cybercriminal roles are:

 Programmers: Write code or programs used by cybercriminal organization

 Distributors: Distribute and sell stolen data and goods from associated cybercriminals
 IT experts: Maintain a cybercriminal organization's IT infrastructure, such as servers,
encryption technologies and databases
 Hackers: Exploit systems, applications and network vulnerabilities
 Fraudsters: Create and deploy schemes like spam and phishing
 System hosts and providers: Host sites and servers that possess illegal contents
 Cashiers: Provide account names to cybercriminals and control drop accounts
 Money mules: Manage bank account wire transfers
 Tellers: Transfer and launder illegal money via digital and foreign exchange methods
 Leaders: Often connected to big bosses of large criminal organizations. Assemble and
direct cybercriminal teams, and usually lack technical knowledge

Explain Botnets and how they can be overcome?

The word ‗botnet‘ is a combination of two words, ‗robot‘ and ‗network.‘ Here, a
cybercriminal who performs the role of a botmaster uses Trojan viruses to breach the security
of several computers and connect them into a network for malicious purposes. Each computer
on the network acts as a ‗bot‘ and is controlled by a scammer to transmit malware or spam or
malicious content in order to launch the attack. A botnet is also known as a Zombie Army as
the computers involved are being controlled by someone other than their owner.
The origin of botnets was mainly to serve as a tool in internet relay chat (IRC) channels.
Eventually, spammers exploited the vulnerabilities present in IRC networks and developed
bots. This was intentionally done to perform malicious activities such as keystroke logging,
password theft, etc. [6]

Botnet Structure
The structure of the botnet usually takes one of two forms: Client-server model or Peer-to-
peer model.

Client-server model
In the client-server botnet structure, a basic network is established with one server acting as a
botmaster. The botmaster controls the transmission of information from each client to
establish command and control (C&C) of the client devices. The client-server model works
with the help of special software and allows the botmaster to maintain control. This model
has a few drawbacks such as it can be located easily and has only one control point. In this
model, if the server is destroyed, the botnet perishes.
Peer-to-peer
To overcome the drawback of relying on one centralized server, botnets have evolved. New
botnets are interconnected in the form of peer-to-peer structure. In the P2P botnet model,
each connected device works independently as a client and a server, coordinating among each
other to update and transmit information between them. The P2P botnet structure is stronger
because of the absence of a single centralized control.

Types of Botnet Attacks

Distributed Denial of Operations Service:
A botnet can be used for a distributed denial of operations service (DDoS) attack to destroy
the network connectivity and services. This is done by overburdening the computational
resources or by consuming the bandwidth of the victim. The most commonly implemented
attacks are TCP SYN and UDP flood attacks. DDoS attacks are not limited only to the web
servers but can be targeted to any service connected to the internet. The severity of the attack
can be increased by using recursive HTTP-floods on the victim‘s website which means that
the bots follow all the links on the HTTP link in a recursive way. This form is called
spidering which is practiced to increase the load effectively.
One of the biggest DDoS botnet attacks of the year was IoT-related and used the Mirai
botnet virus. The virus targeted and controlled tens of thousands of less protected internet
devices and turned them into bots to launch a DDoS attack. Mirai spawned many derivatives
and continued to expand, making the attack more complex. It changed the threat landscape
forever in terms of the techniques used. [1]

Spamming and Traffic Monitoring:

A bot can be used as a sniffer to identify the presence of sensitive data in the infected
machines or zombies. It can also locate competitor botnets if installed in the same machine
and can be hijacked by the commander. Some bots may offer to open a SOCKS v4/v5 proxy
(generic proxy protocol for TCP /IP based network). When the SOCKS proxy is enabled on a
compromised machine, it can be used for various purposes like spamming. Bots use a packet
sniffer to watch for the information or data been passed by the compromised machine. The
sniffer can retrieve sensitive information such as a username and password.

Grum is the type of spam which is hard to detect as it infects files used by Autorun registries.
This botnet has attracted the researches as it is relatively small with only 600,000 members
but accounts for 40 billion spam-emails per day which is approximately 25% of the total
spam emails. [2]

Keylogging:
With the help of keylogger, it becomes easy for a botmaster to retrieve sensitive information
and steal data. Using a keylogger program, an attacker can gather only the keys typed that
come in the sequence of interesting words like PayPal, Yahoo, etc.

A kind of spyware identified as OSX/XSLCmd ported from Windows to OS X includes

keylogging and screen capture capabilities. [3]

Mass Identity Theft:

Different kinds of bots can be mixed to perform large-scale identity theft which is one of the
fastest growing crimes. [7] Spam emails are sent by bots to direct the traffic towards fake
websites representing bots to harvest personal data. Bots can be used to appear as a legitimate
company and ask the user to submit personal details like bank account password, credit card
details, taxation details, etc. Mass identity theft can be performed using phishing emails that
trick victims into entering login credentials on websites like eBay, Amazon, or even their
banks.

Pay-per-click abuse:
Google‘s AdSense program allows websites to display Google advertisements and thereby
earn money from them. Google pays money to the website owners on the basis of the number
of clicks their advertisements gather. Compromised machines are used to automatically click
on a site, inflating the number of clicks sent to the company with the ad.

Explain in brief attack vectors?

These are attacks that go straight to our devices or hosts in general. We‘ll mention only some
of the best known.

 Malware: Includes all programs that introduce malicious codes (viruses, worms,
Trojans) on our computers, causing multiple and invaluable damage.
 Keyloggers:
Employs programs to collect everything that the user types via keyboard. They can
even take screenshots.
 Social engineering: Obtaining confidential information from a person or organization
to use it for malicious purposes. The most striking examples are phishing and spam.
o
 Phishing: Consist in deceiving the users to obtain their confidential
information by spoofing the identity of a body or Internet website.
 Spam: Unsolicited messages, commonly in the shape of ads, sent in a
massive and repetitive manner. Email is the most used means for such
attacks; but also instant messaging programs; and even unsolicited
calls via cell phone.

Cybersecurity attack vectors: Network

Computer networks are the favorite means of many hackers to steal information to sell to the
highest bidder white; or causing sabotage aimed at slowing down the network‘s traffic. They
can be active and passive attacks.

So, active attacks occur when an intruder manages to install malicious codes aimed to
sabotage the good performance of networks and computers; while on the other hand,
the passive attack occurs when an attacker gets into a network and
intercepts data exchange on the network.
Attack vectors in cybersecurity: Active attacks

 Spoofing: Addresses to the use of techniques for identity theft.

 Modification: Consists in modifying the routing table so that the sender sends
message through longer paths causing major delays.
 DDoS: Attack of Denial of Service (DDoS) is to keep busy consuming network
bandwidth with constant messages that disrupt normal service delivery.
 Fabrication: False routing message generated to prevent information of reaching its
destination.

Attack vectors in cybersecurity: Passive attacks

 Sniffing or traffic analysis: An attacker detects the communication path between

sender and receiver. Following, finds the amount of data moving between sender and
receiver. There are no changes in the data.
 Eavesdropping: Occurs in the ad-hoc mobile network. The main objective of this
attack is finding out secret or confidential information by intercepting the means of
communication.
 Supervision: Attack where hackers can read confidential data, but cannot edit it.

State clearly what is IT act 2000?

The Government of India enacted its Information Technology Act 2000 with the objectives
stating officially as:

“to provide legal recognition for transactions carried out by means of electronic data
interchange and other means of electronic communication, commonly referred to as
“electronic commerce”, which involve the use of alternatives to paper-based methods of
communication and storage of information, to facilitate electronic filing of documents with
the Government agencies and further to amend the Indian Penal Code, the Indian Evidence
Act, 1872, the Bankers’ Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934
and for matters connected therewith or incidental thereto.”

What does IT Act 2000 legislation deals with?

The Act essentially deals with the following issues:

Legal Recognition of Electronic Documents

Legal Recognition of Digital Signatures

Offenses and Contraventions

Justice Dispensation Systems for cyber crimes.

Why did the need for IT Amendment Act 2008 (ITAA) arise?
The IT Act 2000, being the first legislation on technology, computers, e-commerce and e-
communication, the was the subject of extensive debates, elaborate reviews with one arm of
the industry criticizing some sections of the Act to be draconian and other stating it is too
diluted and lenient. There were some obvious omissions too resulting in the investigators
relying more and more on the time-tested (one and half century-old) Indian Penal Code even
in technology based cases with the IT Act also being referred in the process with the reliance
more on IPC rather on the ITA.

Thus the need for an amendment – a detailed one – was felt for the I.T. Act. Major industry
bodies were consulted and advisory groups were formed to go into the perceived lacunae in
the I.T. Act and comparing it with similar legislations in other nations and to suggest
recommendations. Such recommendations were analyzed and subsequently taken up as a
comprehensive Amendment Act and after considerable administrative procedures, the
consolidated amendment called the Information Technology Amendment Act 2008 was
placed in the Parliament and passed at the end of 2008 (just after Mumbai terrorist attack of
26 November 2008 had taken place). The IT Amendment Act 2008 got the President assent
on 5 Feb 2009 and was made effective from 27 October 2009.

Notable features of the ITAA 2008 are:

Focusing on data privacy

Focusing on Information Security

Defining cyber café

Making digital signature technology neutral

Defining reasonable security practices to be followed by corporate

Redefining the role of intermediaries

Recognizing the role of Indian Computer Emergency Response Team

Inclusion of some additional cyber crimes like child pornography and cyber terrorism

Authorizing an Inspector to investigate cyber offenses (as against the DSP earlier)

Structure of IT Act

How is IT Act structured?

The Act totally has 13 chapters and 90 sections. Sections 91 to 94 deal with the amendments
to the four Acts namely Indian Penal Code 1860, The Indian Evidence Act 1872, The
Bankers‘ Books Evidence Act 1891 and the Reserve Bank of India Act 1934. The Act has
chapters that deal with authentication of electronic records, electronic signatures etc.
Elaborate procedures for certifying authorities and electronic signatures have been spelt out.
The civil offence of data theft and the process of adjudication and appellate procedures have
been described. Then the Act goes on to define and describe some of the well-known cyber
crimes and lays down the punishments therefore. Then the concept of due diligence, role of
intermediaries and some miscellaneous provisions have been described.

What is the applicability of IT Act?

The Act extends to the whole of India and except as otherwise provided, it also applies to any
offence or contravention there under committed outside India by any person.
Rules and procedures mentioned in the Act have also been laid down in a phased manner,
defined as recently as April 2011.
For the sake of simplicity, here we will be only discussing the various penalty and offences
defined as per provisions of ITA 2000 and ITAA 2008. Please note that wherever the terms IT
Act 2000 or 2008 are used, they refer to same act because the IT Act now includes
amendments as per IT 2008 Amendment Act.
Specific exclusion(s) to the Act where it is not applicable are:

Negotiable instrument (other than a cheque) as defined in section 13 of the Negotiable

Instruments Act, 1881;

A power-of-attorney as defined in section 1A of the Powers-of-Attorney Act, 1882;

A trust as defined in section 3 of the Indian Trusts Act, 1882

A will as defined in clause (h) of section 2 of the Indian Succession Act, 1925 including any
other testamentary disposition

Explain with an example what is credit card fraud?

Credit and debit card fraud is a form of identity theft that involves an unauthorized taking of
another's credit card information for the purpose of charging purchases to the account or
removing funds from it. This theft can occur physically when the actual credit and debit card
is taken, or the theft can occur when just the numbers are stolen from an unprotected website
or a card reader at a gas station.

Continue on to learn more about credit card fraud, the federal and state laws that apply to it,
and the possible penalties you could face if convicted of the crime.

Elements of Credit Card Fraud

Debit/credit card fraud can be committed in a variety of ways, such as when a person:

1. Fraudulently obtains, takes, signs, uses, sells, buys, or forges someone else's credit or
debit card or card information;
 2. Uses his or her own card with the knowledge that it is revoked or expired or that the
account lacks enough money to pay for the items charged; or
3. Sells goods or services to someone else with knowledge that the credit or debit card
being used was illegally obtained or is being used without authorization.

State and Federal Laws

Credit and debit card fraud has become a huge problem, and both the states and the federal
government have passed laws in attempt to address the problem.

State Laws

Each state has credit card fraud laws that prohibit the illegal possession and use of a credit or
debit card. They have statutes for the physical possession and use of a stolen card. Then there
are statutes if just the account number information is stolen, referred to as identity theft. For
instance, Alabama Code § 13A-9-14 punishes credit or debit card theft, while § 13A-8-
192 punishes identity theft or the possession of identifying information.

Some states have passed more protections that other states. California has been on the
forefront of passing numerous laws to try to prevent credit card and identity theft, as can be
seen in the following sections from the California Penal Code:

 Section 484e (stealing credit cards)

 Section 484f (forging credit card information)
 Section 484g (fraudulent use of a credit card)
 Section 484h (credit card fraud by a retailer)
 Section 484i (counterfeiting credit cards)
 Section 484j (publishing credit card information)

Federal Law

Federal credit card fraud laws focus on interstate and foreign commerce, making it illegal to
use a stolen or fraudulently obtained credit or debit card. The penalties for such use shall be
fined not more than $10,000 and/or imprisoned not more than ten years. Here is a list of
federal statutes addressing credit card fraud:

 15 U.S.C. § 1644 (federal fraudulent credit card)

 15 U.S.C. §1693n (federal fraudulent debit card)
 18 U.S.C. §1028 (federal fraudulent identity)

Types of Credit Card Fraud

Credit fraud is a broad term for the use of a credit card (or any comparable type of credit) to
buy goods or services with the intention of evading payment. While it is simple to understand
the physical theft of a credit or debit card from a wallet or purse, today it is much more
common to just have information stolen and not the card itself. There are several forms of
credit card fraud with new and ingenious methods being devised almost daily. The most
common types of credit fraud include:

 Opening new accounts with stolen identification

  Taking over an existing account
 Making purchases without the card being present
 Using a counterfeit card
 Using a fake card
 Using a lost or stolen card

Identity Theft

One of the most damaging forms of credit card fraud is identity theft, because once personal
identifying information is taken it can be used for numerous fraudulent activities. Several
credit card frauds depend on identity theft. If a bad actor steals a person's identifying
information they can open new accounts or they can contact credit card companies and
change addresses to take over an existing account.

Data Breach

Sometimes the identity theft falls short of stealing a person's complete identity. The thief may
just get the number from one card. This sometimes happens when a company has its customer
information hacked in a data breach. Companies that store a customer's credit card
information sometimes have that information stolen. The thief can then use the credit card
number to make telephone or on-line purchases without the credit card being present.

Stolen Credit Card Imprints

It used to be that when you used a credit card an impression of the card was made on carbon
paper. Then when the carbon paper was discarded, the credit card numbers could be stolen.
That does not happen very often these days, but a modern version of that is electronic credit
card skimmers that can read the credit card information from the magnetic strip on the credit
card. There are a couple of forms of electronic card skimmers.

One type is a portable reader that can read cards carried in pockets and purses of people as
they walk down the street. Another type is a reader that is affixed to a stationary location,
such as an ATM machine or a gas station pump. The credit or debit card imprint can then be
used to make a counterfeit or fake credit card that will function just like the real thing.

Stolen Credit/Debit Card

Then, of course, there is the old stand-by for credit card fraud and that is the physical stealing
of the card itself. A purse or wallet can be stolen, but the card can also be simply lost. There
are a number of ways a card can be stolen. They can be taken from mailboxes or as part of a
house burglary or a car break-in. A waiter can take in the information at a restaurant. Often,
this type of theft will result in a fraud spree, where the perpetrator racks up charges as quickly
as possible before the victim has a chance to report the card lost or stolen.

Defenses to Credit Card Fraud

The state and federal laws require that someone has an intent to defraud or steal to be guilty
of credit card fraud. Mistakenly using someone else's card or unintentionally using a
cancelled or expired card is not grounds to hold someone criminally liable for credit card
fraud.
 Illustrate what is phishing attack?

Phishing is the fraudulent use of electronic communications to deceive and take advantage of
users. Phishing attacks attempt to gain sensitive, confidential information such as usernames,
passwords, credit card information, network credentials, and more. By posing as a legitimate
individual or institution via phone or email, cyber attackers use social engineering to
manipulate victims into performing specific actions—like clicking on a malicious link or
attachment—or willfully divulging confidential information.

Both individuals and organizations are at risk; almost any kind of personal or organizational
data can be valuable, whether it be to commit fraud or access an organization‘s network. In
addition, some phishing scams can target organizational data in order to support espionage
efforts or state-backed spying on opposition groups.
Phishing Methods
Phishing attempts most often begin with an email attempting to obtain sensitive information
through some user interaction, such as clicking on a malicious link or downloading an
infected attachment.

 Through link manipulation, an email may present with links that spoof legitimate URLs;
manipulated links may feature subtle misspellings or use of a subdomain.
 Phishing scams may use website forgery, which employs JavaScript commands to make a
website URL look legitimate.
 Using covert redirection, attackers can corrupt legitimate websites with malicious pop-up
dialogue boxes that redirect users to a phishing website.
 Infected attachments, such as .exe files, Microsoft Office files, and PDF documents can
install ransomware or other malware.
Phishing scams can also employ phone calls, text messages, and social media tools to trick
victims into providing sensitive information.

Explain buffer overflow attack?

A buffer overflow is a situation where a running program attempts to write data outside the
memory buffer which is not intended to store this data. When this happens we are talking
about a buffer overflow or buffer overrun situation. A memory buffer is an area in the
computer‘s memory (RAM) meant for temporarily storing data. This kind of buffers can be
found in all programs and are used to store data for input, output and processing.
An example of data stored in buffers are login credentials or the hostname for an FTP server.
Also other data temporarily stored before processing can be stored in buffers. This literally
could be anything from user input fields such as username and password fields to input files
used to import certain configuration files. When the amount of data written to the buffer
exceeds the expected amount of data, the memory buffer is overrun. This happens for
example when a username with a maximum of 8 bytes is expected and a username of 10
bytes is given and written to the buffer. In this case the buffer is exceeded by 2 bytes and an
overflow will occur when it‘s not prevented from happening. This often happens due to bad
programming and the lack of input sanitization.

An example of a buffer overflow when writing 10 bytes of data (username12) to an 8 byte

buffer.
What happens when a buffer overflow occurs?

When a memory buffer overflow occurs and data is written outside the buffer, the running
program may become unstable, crash or return corrupt information. The overwritten parts of
memory may have contained other important data for the running application which is now
overwritten and not available to the program anymore. Buffer overflows can even run other
(malicious) programs or commands and result in arbitrary code execution.

Arbitrary code execution and privilege escalation

When a buffer overflow vulnerability is used to write malicious data in the memory and the
attacker is able to take control of the execution flow of a program, we are dealing with a
serious security vulnerability. Buffer overflows can then become serious security issues.
These security issues can be exploited by hackers to take (remote) control of a host, perform
privilege escalation or a lot more bad things as a result of arbitrary code execution. Arbitrary
code execution is the process of injecting code in the buffer and get it to execute.

Privilege escalation is performed through exploiting a buffer overflow vulnerability to

execute arbitrary code in a program that is running with system privileges. The executed code
can be shellcode which gives the attacker an OS shell with administrative privileges for
example, or even add a new (administrator) user to the system. Also with buffer overflows
the executed code happens in the context of the running application. This means that when
the exploited application runs under with administrative privileges, the malicious code will
also be executed with administrative privileges.

Denial of Service (DoS)

Not all buffer overflow vulnerabilities can be exploited to gain arbitrary code execution. Also
(remote) Denial of Service attacks can be performed when they only crash the running
program. As buffer overflows vulnerabilities can occur in any software DoS attacks are not
just limited to services and computers. Also routers, firewalls IoT devices and anything else
running an OS can be targeted. An example of this situation is the recent Cisco ASA IKEv1
and IKEv2 Buffer Overflow exploits lately. Some of these remote exploits only crash and
force reboot the firewall resulting in a couple minutes downtime.

Difference between virus and worm?

Explain in brief DOS and DDOS attack?

 Denial of Service attacks (DoS) are becoming highly popular mode of web attack
these days.
 It involves making the computer systems inaccessible by flooding servers, networks,
or even end user systems with useless traffic so that legitimate users can no longer
gain access to those resources
  A popular form of DoS attacks which happens worldwide is DDoS(Distributed Denial
of Service) wherein multiple computer (also called zombies) participate in sending the
traffic.

 DoS attacks exploit the asymmetric nature of certain types of network traffic. .
Therefore DoS attacks can be classified into three categories

DDoS is short for Distributed Denial of Service.

 DDoS is a type of DOS attack where multiple compromised systems, which are often
infected with a Trojan, are used to target a single system causing a Denial of Service
(DoS) attack.
 Victims of a DDoS attack consist of both the end targeted system and all systems
maliciously used and controlled by the hacker in the distributed attack.
 Not all hackers are out to steal your identity or even your money. Sometimes, like
real-life street vandals, hackers just want to disrupt business-as-usual for a company
for no reason other than just to do it.
 That's the idea behind an attack known as a Distributed Denial of Service, or "DDoS."
 A DDoS is aimed at disrupting the normal function of a specific website. That means
the attack isn't random, such as a launched virus that's aimed at everyone and anyone
but no one in particular.
 A DDoS is planned and coordinated, and the goal is to make an entire website
unavailable to its regular visitors or customers.
What does "Distributed" mean?

 What makes the attack distributed is the focused effort within a team ofdisruptors who
share the common goal of preventing targeted Web servers (and, therefore, targeted
websites) from working normally.
 The attack is distributed among hundreds or thousands of computers.
 When that happens, the website's regular customers are denied the service they want.
Even worse, the company that runs the website is denied the money they'd earn for
the day. And they may also lose some customers forever who get frustrated or worried
about coming back to the site.

DoS vs. DDoS

 The differences between DoS and DDoS are substantive and worth noting.
 In a DoS attack, a perpetrator uses a single Internet connection to either exploit a
software vulnerability or flood a target with fake requests—usually in an attempt to
exhaust server resources (e.g., RAM and CPU).
 On the other hand, distributed denial of service (DDoS) attacks are launched from
multiple connected devices that are distributed across the Internet.
 These multi-person, multi-device barrages are generally harder to deflect, mostly due
to the sheer volume of devices involved.
 Unlike single-source DoS attacks, DDoS assaults tend to target the network
infrastructure in an attempt to saturate it with huge volumes of traffic.
 DDoS attacks also differ in the manner of their execution. Broadly speaking, DoS
attacks are launched using homebrewed scripts or DoS tools (e.g., Low Orbit Ion
Canon), while DDoS attacks are launched from botnets—large clusters of connected
devices (e.g., cellphones, PCs or routers) infected with malware that allows remote
control by an attacker.
How DDoS Attacks Work

 According to this report on eSecurityPlanet, in a DDoS attack, the incoming traffic

flooding the victim originates from many different sources – potentially hundreds of
thousands or more.
 This effectively makes it impossible to stop the attack simply by blocking a single IP
address; plus, it is very difficult to distinguish legitimate user traffic from attack
traffic when spread across so many points of origin.

Types of DDOS Attacks

1. Application layer
 Application layer attacks (a.k.a., layer 7 attacks) can be either DoS or DDoS threats
that seek to overload a server by sending a large number of requests requiring
resource-intensive handling and processing.
 Among other attack vectors, this category includes HTTP floods, slow attacks (e.g.,
Slowloris or RUDY) and DNS query flood attacks.

 The size of application layer attacks is typically measured in requests per second
(RPS), with no more than 50 to 100 RPS being required to cripple most mid-sized
websites.

2. Network layer attacks

 Network layer attacks (a.k.a., layer 3–4 attacks) are almost always DDoS assaults set
up to clog the ―pipelines‖ connecting your network. Attack vectors in this category
include UDP flood, SYN flood, NTP amplification and DNS amplification attacks,
and more.
 Any of these can be used to prevent access to your servers, while also causing severe
operational damages, such as account suspension and massive overage charges.
 DDoS attacks are almost always high-traffic events, commonly measured in gigabits
per second (Gbps) or packets per second (PPS). The largest network layer assaults can
exceed 200 Gbps; however, 20 to 40 Gbps are enough to completely shut down most
network infrastructures.
3. Traffic attacks
  Traffic flooding attacks send a huge volume of TCP, UDP and ICPM packets to the
target.
 Legitimate requests get lost and these attacks may be accompanied by malware
exploitation.

4. Bandwidth attacks

 This DDos attack overloads the target with massive amounts of junk data.
 This results in a loss of network bandwidth and equipment resources and can lead to a
complete denial of service.

write down in brief the different security issues or challenges faced by mobile devices?

The mobile computing is the communication between computing devices without a physical
connection between them through wireless networks, which mean there are some of new
mobile security issues that are originated from wireless security issues. The security issues
and threats of mobile computing can be divided into two categories: security issues that
related to transmission of information over wireless networks, and the issues that related to
information and data residing on mobile devices.
A General Security Issue Confidentiality: Preventing unauthorized users from gaining
access to critical information of any particular user.
Integrity: Ensures unauthorized modification, destruction or creation of information cannot
take place.
Availability: Ensuring authorized users getting the access they require.
Legitimate: Ensuring that only authorized users have access to services.
E. Accountability: Ensuring that the users are held responsible for their security related
activities by arranging the user and his/her activities are linked if and when necessary.
B Wireless Security Issues
The security issues that related of wireless networks are happened by intercepted of their
radio signals by hacker, and by non-management of its network entirely by user because most
of wireless networks are dependent on other private networks which managed by others, so
the user has less control of security procedures. There are some of the main security issues of
mobile computing, which introduced by using of wireless networks are:
Denial of Service (DOS) attacks: It's one of common attacks of all kinds of networks and
specially in wireless network, which mean the prevent of users from using network services
by sending large amounts of unneeded data or connection requests to the communication
server by an attacker which cause slow network and therefore the users cannot benefit from
the use of its service.
Traffic Analysis: It's identifying and monitoring the communicating between users through
listening to traffic flowing in the wireless channel, in order to access to private information of
users that can be badly used by attacker.
Eavesdropping: The attacker can be log on to the wireless network and get access to
sensitive data, this happens if the wireless a network was not enough secure and also the
information was not encrypted. Session Interception and Messages Modification: Its
interception the session and modify transmitted data in this session by the attacker through
scenario which called: man in the middle which inserts the attacker‘s host between sender
and receiver host.
Spoofing: The attacker is impersonating an authorized account of another user to access
sensitive data and unauthorized services.
Captured and Re transmitted Messages: Its can get some of network services to attacker
by get unauthorized access through capture a total message and replay it with some
modifications to the same destination or another
C Device Security Issues Mobile devices are vulnerable to new types of security attacks and
vulnerable to theft not because of the get these devices itself, but because of get to sensitive
data That exists within its devices. Mobile computing, like any computer software may
damage by malware such as Virus, Spyware and Trojan. A virus is a real part of malicious
software and Spyware is gathering information about the user without his knowledge. Some
of main new mobile computing security issues introduced by using mobile devices include:
Pull Attacks: In pull Attack, the attacker controls the device as a source of data by an
attacker which obtained data by device itself.
Push Attacks: It's creation a malicious code at mobile device by attacker and he may spread
it to affect on other elements of the network.
Forced De-authentication: The attacker convinces the mobile end-point to drop its
connection and re-connection to get new signal, then he inserts his device between a mobile
device and the network. Multi-protocol Communication: It is the ability of many mobile
devices to operate using multiple protocols, e.g. a cellular provider‘s network protocol, most
of the protocols have a security holes, which help the attacker to exploit this weakness and
access to the device.
Mobility: The mobility of users and their data that would introduce security threats
determined in the location of a user, so it must be replicate of user profiles at different
locations to allow roaming via different places without any concern regarding access to
personal and sensitive data in any place and at any time. But the repetition of sensitive data
on different sites that increase of security threats.
Disconnections: When the mobile devices cross different places it occurs a frequent
disconnections caused by external party resulting hand off.

Explain what is social engineering with relevent eg.?

Social engineering is the art of manipulating people so they give up confidential information.
The types of information these criminals are seeking can vary, but when individuals are
targeted the criminals are usually trying to trick you into giving them your passwords or bank
information, or access your computer to secretly install malicious software–that will give
them access to your passwords and bank information as well as giving them control over your
computer.
Criminals use social engineering tactics because it is usually easier to exploit your natural
inclination to trust than it is to discover ways to hack your software. For example, it is much
easier to fool someone into giving you their password than it is for you to try hacking their
password (unless the password is really weak).
Security is all about knowing who and what to trust. It is important to know when and when
not to take a person at their word and when the person you are communicating with is who
they say they are. The same is true of online interactions and website usage: when do you
trust that the website you are using is legitimate or is safe to provide your information?
Ask any security professional and they will tell you that the weakest link in the security chain
is the human who accepts a person or scenario at face value. It doesn‘t matter how many
locks and deadbolts are on your doors and windows, or if have guard dogs, alarm systems,
floodlights, fences with barbed wire, and armed security personnel; if you trust the person at
the gate who says he is the pizza delivery guy and you let him in without first checking to see
if he is legitimate you are completely exposed to whatever risk he represents.
What Does a Social Engineering Attack Look Like?

Email from a friend

If a criminal manages to hack or socially engineer one person‘s email password they have
access to that person‘s contact list–and because most people use one password everywhere,
they probably have access to that person‘s social networking contacts as well.
Once the criminal has that email account under their control, they send emails to all the
person‘s contacts or leave messages on all their friend‘s social pages, and possibly on the
pages of the person‘s friend‘s friends.
Taking advantage of your trust and curiosity, these messages will:
 Contain a link that you just have to check out–and because the link comes from a
friend and you‘re curious, you‘ll trust the link and click–and be infected with malware
so the criminal can take over your machine and collect your contacts info and deceive
them just like you were deceived
 Contain a download of pictures, music, movie, document, etc., that has malicious
software embedded. If you download–which you are likely to do since you think it is
from your friend–you become infected. Now, the criminal has access to your
machine, email account, social network accounts and contacts, and the attack spreads
to everyone you know. And on, and on.
Email from another trusted source
Phishing attacks are a subset of social engineering strategy that imitate a trusted source and
concoct a seemingly logical scenario for handing over login credentials or other sensitive
personal data. According to Webroot data, financial institutions represent the vast majority of
impersonated companies and, according to Verizon's annual Data Breach Investigations
Report, social engineering attacks including phishing and pretexting (see below) are
responsible for 93% of successful data breaches.

identify these attacks, avoiding them will be MUCH easier!

1. Phishing: Phishing is the leading form of social engineering attacks that are typically
delivered in the form of an email, chat, web ad or website that has been designed to
impersonate a real systems and organisation. Phishing messages are crafted to deliver
a sense of urgency or fear with the end goal of capturing an end user‘s sensitive data.
A phishing message might come from a bank, the government or a major corporation.
The call to actions vary. Some ask the end user to ―verify‖ their login information of
an account, and include a mocked-up login page complete with logos and branding to
look legitimate. Some claim the end user is the ―winner‖ of a grand prize or lottery
and request access to a bank account in which to deliver the winnings. Some ask for
charitable donations (and wiring instructions) after a natural disaster or tragedy.
2. Baiting: Baiting involves offering something enticing to an end user, in exchange for
login information or private data. The ―bait‖ comes in many forms, both digital, such
as a music or movie download on a peer-to-peer site, and physical, such as a corporate
branded flash drive labeled ―Executive Salary Summary Q3 2016‖ that is left out on a
desk for an end user to find. Once the bait is downloaded or used, malicious software
is delivered directly into the end users system and the hacker is able to get to work.
3. Quid Pro Quo: Quid pro quo involves a hacker requesting the exchange of critical
data or login credentials in exchange for a service. For example, an end user might
receive a phone call from the hacker who, posed as a technology expert, offers free IT
assistance or technology improvements in exchange for login credentials. Another
common example is a hacker, posed as a researcher, asks for access to the company‘s
network as part of an experiment in exchange for £100. If an offer sounds too good to
be true, it probably is quid pro quo.
4. Pretexting: Pretexting, the human equivalent of phishing, is when a hacker creates a
false sense of trust between themselves and the end user by impersonating a co-
worker or a figure of authority well known to an end user in order to gain access to
 login information. An example of this type of scam is an email to an employee from
what appears to be the head of IT Support or a chat message from an investigator who
claims to be performing a corporate audit.
5. Piggybacking: Piggybacking, also called tailgating, is when an unauthorised person
physically follows an authorised person into a restricted corporate area or system. One
tried-and-true method of piggybacking is when a hacker calls out to an employee to
hold a door open for them as they‘ve forgotten their RFID card. Another method
involves a person asking an employee to ―borrow‖ his or her laptop for a few minutes,
during which the criminal is able to quickly install malicious software.