Tools and Methods Used In Cyber Crimes | Proxy Servers and Anonymizers | AKTU B.Tech 2nd year Cyber Security Unit 3 Notes

 

Introduction to Tools and Methods in Cybercrime

Cybercrime Landscape: The cyber landscape is evolving rapidly, and so are the tools and methods employed by malicious actors. Understanding these elements is essential for defending against cyber threats. Here, we'll delve into three prominent areas of concern.

Proxy Servers

Proxy Server Basics:

• Definition:

  • An intermediate server between a user's device and the internet.
  • Manages requests and responses between the user and websites.

• Functionality:

  • User's request ➔ Proxy server ➔ Website.
  • Website's response ➔ Proxy server ➔ User's device.

Benefits of Proxy Servers:

1. Anonymity:

   • Conceals user's identity by presenting the proxy's IP address to websites.

2. Security:

   • Acts as a buffer against malware, viruses, and online attacks.

3. Access Control:

   • Configurable to block or allow specific types of traffic, enhancing control.

Types of Proxy Servers:

1. Forward Proxy:

   • Sits between client and internet.
   • Forwards client's requests to the internet.

2. Reverse Proxy:

   • Sits between internet and server.
   • Forwards internet requests to the appropriate server.

3. Transparent Proxy:

   • Passes traffic without modifying requests or responses.
   • Often used in corporate environments for monitoring.

4. Anonymous Proxy:

   • Conceals user's IP address, adding an extra layer of privacy.

Anonymizers:

An anonymizer is a tool that is used to conceal a user's identity when accessing the internet. Anonymizers work by hiding the user's IP address, making it difficult for websites to track the user's online activity.

1. VPN (Virtual Private Network):

   • Creates encrypted connection between device and internet.
   • Conceals IP address and enhances security.

2. TOR (The Onion Router):

   • Routes traffic through a network of servers.
   • Designed for robust identity concealment.

3. Web-based Anonymizers:

   • Online tools routing traffic through third-party servers.
   • Enhances privacy by obscuring IP addresses.

Benefits of Anonymizers:

1. Privacy Layer:

   • Conceals online activity, safeguarding user privacy.

2. Security Shield:

   • Protects against malware and viruses through encryption.

3. Access Unblocker:

   • Enables access to restricted content or websites.

4. Identity Protection:

   • Guards against tracking and monitoring by third parties.

5. Performance Boost:

   • Improves browsing speed by reducing load times and bandwidth usage.

Drawbacks of Anonymizers:

1. Malicious Intent:

   • Some anonymizers may be created with malicious intent.

2. Limited Compatibility:

   • May not work with all internet activities or websites.

3. Speed Reduction:

   • Encryption processes can lead to a reduction in internet speed.

4. Effectiveness Limitations:

• Some restrictions may persist, especially against advanced blocking techniques.

Phishing:

Phishing is a type of cyber attack where attackers use deceptive tactics, often through emails or fake websites, to trick individuals into revealing sensitive information such as usernames, passwords, or financial details. The goal is to exploit human trust and manipulate people into unknowingly providing confidential data.

Social Engineering Techniques:

• Manipulation:

  • Exploits human psychology to gain trust and manipulate victims.
  • Creates a false sense of urgency or fear.

• Impersonation:

  • Pretends to be a trustworthy entity like a colleague, boss, or service provider.
  • Mimics legitimate communication.

Email Phishing:

• Method:

  • Attackers send deceptive emails to trick recipients into revealing confidential information.
  • Often includes urgent requests or alarming content.

• Example:

  • A fake email posing as a bank, requesting immediate password verification.

Website Spoofing:

• Tactic:

  • Cybercriminals create fake websites mimicking legitimate ones.
  • Users unknowingly provide sensitive information on these fraudulent sites.

• Example:

• A fake login page resembling a popular social media platform.

Password Cracking:

Password cracking is the process of attempting to uncover a password or passphrase by systematically guessing or deciphering it. Attackers use various methods to gain unauthorized access to user accounts, applications, or systems by exploiting weaknesses in password security.

Types of Password Cracking Attacks:

1. Brute Force Attacks:

   • Method:
     • Repeatedly trying all possible combinations until the correct one is found.
   • Example:
     • Trying every combination of characters until the password is discovered.
   • Prevention:
     • Enforce strong, complex passwords and implement account lockout policies.

2. Dictionary Attacks:

• Method:
  • Using a pre-built list of common passwords or words from dictionaries to crack passwords.
• Example:
  • Trying words like "password," "123456," etc., from a dictionary.
• Prevention:
• Encourage users to use unique, uncommon passwords.

Keylogger: A keylogger, short for keystroke logger, is a type of software or hardware designed to record and log every keystroke made on a computer or mobile device. The purpose of a keylogger is to covertly monitor and capture user inputs, including passwords, usernames, credit card numbers, and other sensitive information.

Types of Keyloggers:

1. Software Keyloggers:

   • Installed as malicious software on a computer.
   • Can be part of a malware package or installed intentionally by an attacker.

2. Hardware Keyloggers:

   • Physical devices connected between the keyboard and the computer.
   • Capture keystrokes in real-time and store the data for retrieval later.

3. Memory-injecting Keyloggers:

• Inject malicious code into the computer's memory.
• Capture keystrokes without the need for a separate physical or software entity.

Spyware:

Spyware is a type of malicious software (malware) designed to secretly monitor and collect information from a user's device without their knowledge or consent. It can gather a wide range of data, including browsing habits, login credentials, personal details, and more. Spyware often operates in the background, making it challenging for users to detect its presence.

Types of Spyware:

1. Adware:

   • Displays unwanted advertisements, often in the form of pop-ups.
   • Tracks user behavior to deliver targeted ads.

2. Tracking Cookies:

   • Small pieces of data stored on a user's device.
   • Track user activity and preferences for marketing and advertising purposes.

3. System Monitors:

• Monitor system activities and collect information on user behavior.
• Can capture keystrokes, login credentials, and other sensitive data.
• 
  
4. Virus:

A computer virus is a type of malicious software (malware) that attaches itself to legitimate programs or files and spreads from one computer to another. It is typically designed to execute malicious actions, such as corrupting or deleting data, stealing information, or disrupting normal computer operations.

Characteristics:

1. Attachment to Host Files:

   • Viruses attach themselves to executable files or documents.
   • They can infect programs, scripts, or even the boot sector of a computer.

2. Self-Replication:

• Viruses have the ability to replicate themselves and spread to other files, programs, or systems.
• Replication can occur through user actions like sharing infected files or through automated means.

1. Worms:

1. A computer worm is a standalone, self-replicating program that doesn't need to attach itself to other files to spread. Worms spread independently by exploiting vulnerabilities in networked computers, often through the internet. They can replicate and distribute themselves across multiple systems without requiring user intervention.

   Characteristics:

1. Self-Replication:

   • Worms have the ability to replicate independently and spread across networks.
   • They exploit vulnerabilities to gain unauthorized access to other systems.

2. No Host Attachment:

   • Unlike viruses, worms do not need to attach themselves to host files.
   • They operate as standalone programs.

3. Network Transmission:

   • Spreads through networks, exploiting weaknesses in operating systems or software.
   • Often uses network services to propagate.

4. Autonomous Action:

• Worms can perform actions autonomously, such as sending copies of themselves to other computers without user interaction.

5. Key Differences:

• Attachment:

  • Viruses attach themselves to host files.
  • Worms operate independently and do not require host files.

• Spread Mechanism:

• Viruses spread through infected files and require user actions to propagate.
• Worms spread independently through networks, exploiting vulnerabilities without user intervention.

• Trojan Horse: A Trojan horse, or simply a Trojan, is a type of malicious software that disguises itself as a legitimate or benign program but carries a hidden malicious payload. Unlike viruses and worms, Trojans do not self-replicate. Instead, they rely on social engineering tactics to trick users into installing them willingly.

  Characteristics:

1. Deceptive Appearance:

   • Appears as a legitimate or desirable program to entice users into installing it.

2. Non-Self-Replicating:

   • Does not have the ability to self-replicate like viruses or worms.

3. Payload:

   • Carries a malicious payload that can range from stealing sensitive information to providing unauthorized access to the infected system.

4. Delivery Methods:

   • Trojans are often delivered through deceptive email attachments, malicious links, or disguised as legitimate software.

5. User Interaction:

• Relies on user actions for installation, as users inadvertently execute the Trojan, believing it to be a harmless or beneficial application.

6. Backdoors:

   A backdoor is a hidden method of bypassing normal authentication or gaining unauthorized access to a computer system, application, or network. Backdoors are often created by attackers or even by developers for legitimate maintenance purposes, but they pose a significant security risk if discovered and exploited by malicious actors.

   Characteristics:

   1. Unauthorized Access Point:

      • Provides a secret entry point into a system, allowing unauthorized access without going through normal authentication procedures.

   2. Hidden Nature:

      • Backdoors are intentionally concealed to avoid detection by regular security measures.

   3. Purpose:

      • Can be used for various purposes, including remote control, data theft, or facilitating other malicious activities.

   4. Creation:

      • Backdoors can be created intentionally by attackers or unintentionally due to software vulnerabilities.

   5. Persistence:

      • Backdoors may remain undetected for extended periods, providing ongoing access for attackers.

   Prevention of Backdoors:

• Regularly perform security audits and scans to detect any unauthorized access points.
• Keep software and systems updated to patch vulnerabilities that could be exploited for backdoor creation.
7. Steganography:
• Steganography is the practice of concealing information within other non-secret data in a way that does not attract attention. Unlike encryption, which focuses on making the content of a message unreadable, steganography aims to hide the existence of the message itself.

6. Why Use Steganography? People use steganography for different reasons. Sometimes it's just for fun or to protect digital art with a hidden signature. But, in some cases, people might use it to send secret messages or hide information they don't want others to find easily.

   Examples:

1. Hidden Messages:

   • You can hide a message in a picture and share it without anyone knowing there's a secret inside.

2. Digital Watermarking:

   • Artists might hide a tiny mark in their pictures to show they created it, like a hidden signature.

3. Covert Communication:

• In spy movies, characters might use steganography to send messages without others knowing.

7. DoS (Denial of Service) Attack:

   Definition: A Denial of Service (DoS) attack is when a malicious actor tries to make a website, service, or network unavailable to its users by overwhelming it with a flood of traffic. The goal is to disrupt normal operations and make the targeted system or service inaccessible.

   Key Characteristics:

   • Volume-Based Attack:
     • Overwhelms the target by flooding it with a massive volume of traffic.
   • Resource Depletion:
     • Exhausts the target's resources, such as bandwidth or system memory.
   • Service Disruption:
     • Results in temporary or prolonged unavailability of the targeted service.

   Prevention:

   • Traffic Filtering:
     • Implement filters to detect and block malicious traffic.
   • Load Balancers:
     • Distribute incoming traffic evenly to prevent overwhelming a single server.
   • Firewalls:
     • Configure firewalls to block suspicious traffic patterns.

   ---

   DDoS (Distributed Denial of Service) Attack:

   Definition: A Distributed Denial of Service (DDoS) attack is an advanced form of DoS where multiple compromised devices, often part of a botnet, are used to simultaneously flood a target with traffic. DDoS attacks are more challenging to mitigate because they come from various sources.

   Key Characteristics:

   • Distributed Sources:
     • Attack traffic originates from multiple, often geographically dispersed, sources.
   • Coordination:
     • Orchestrated by a central command, often utilizing a botnet.
   • Amplification Techniques:
     • Uses techniques to amplify the attack's impact, such as reflection or amplification attacks.

   Prevention:

   • Traffic Scrubbing Services:
     • Employ services that filter and scrub incoming traffic to remove malicious elements.
   • Anomaly Detection:
     • Implement systems that can detect unusual patterns in network traffic.
   • Content Delivery Networks (CDNs):
   • Use CDNs to distribute content and absorb traffic, reducing the impact of DDoS attacks.
   A botnet is a network of compromised computers, known as bots or zombies, that are under the control of a single entity, the botmaster. These compromised computers, often infected with malware, can be remotely manipulated to perform various malicious activities, such as launching coordinated cyber attacks, spreading malware, or engaging in fraudulent schemes

   ---

   SQL Injection:

   Definition: SQL Injection is a type of cyber attack where an attacker injects malicious SQL (Structured Query Language) code into input fields of a web application, exploiting vulnerabilities in the application's database layer. The goal is to manipulate the database and retrieve, modify, or delete sensitive information.

   Key Characteristics:

• Input Manipulation:
  • Exploits improper handling of user input in web forms or URL parameters.
• Unauthorized Access:
  • Allows attackers to access or modify database content.
• Data Leakage:
• Can lead to the exposure of sensitive information stored in the database.
• 
  

8. Attacks on Wireless Networks:

   Wireless networks are vulnerable to various security threats, and two common issues include:

1. Wireless Eavesdropping:

   • Description: Unauthorized individuals intercept and monitor wireless communications to gather sensitive information.
   • Prevention: Use encryption protocols like WPA3 to secure wireless communications, employ strong passwords, and implement Virtual Private Networks (VPNs).

2. Wi-Fi Spoofing (Evil Twin Attacks):

• Description: Attackers set up rogue Wi-Fi networks with names similar to legitimate ones, tricking users into connecting to the malicious network.
• Prevention: Verify the legitimacy of Wi-Fi networks before connecting, and use network security features like WPA3.

2. Identity Theft (ID Theft):

   Introduction to Identity Theft:

   Definition: Identity theft occurs when someone unlawfully acquires and uses another person's personal information, such as Social Security numbers, financial details, or other identifying data, to commit fraud or other malicious activities.

   Common Techniques:

   1. Phishing for Personal Information:

      • Attackers use phishing techniques to trick individuals into providing personal information that can be used for identity theft.

   2. Data Breaches:

      • Criminals exploit security vulnerabilities to gain unauthorized access to databases containing personal information.

   3. Social Engineering:

      • Manipulating individuals through deception or psychological tactics to divulge personal information.

   Prevention of Identity Theft:

   • Monitor Accounts Regularly:
     • Regularly check bank statements, credit reports, and other financial accounts for unusual activities.
   • Use Strong Passwords:
     • Create complex passwords and change them regularly.
   • Secure Personal Information:
     • Be cautious about sharing personal information online and offline, and only provide it to trusted entities.