Ethical Hacking, Cyber Security and Indian Cyber Law

1. Table of Contents
Ch. No. Title Page No
1. What is cyber security? 1
1.1Why do we need cyber security? 1
1.2Cyber Law India. 1
2. Internet Threats 2-15
2.1 E-mail Threats. 2-4
2.2 Website Threats. 5-8
2.3 Network Threats. 9-11
2.4 Phone Threats 12
2.5 Debit and credit card threats. 13-14
2.6 Trojans, spywares and viruses. 15-16
2.7 Wi-Fi Security. 17
3. Some common methods used in attacks. 18-19
3.1 Phishing. 18
3.2 Password Cracking. 19
4. Security on Internet. 20
5. Career in Cyber Security. 21

2. What is Cyber Security? Cyber security is information security as applied to computers and networks. The field covers all the processes and mechanisms by which computer-based equipment, information and services are protected from unintended or unauthorized access, change or destruction. Computer security also includes protection from unplanned events and natural disasters. Why do we need cyber security? There are many numbers of reasons. The cyber community changes in an unbelievable pace. The nature of the Internet as a tool for communication and education has been used and misused for personal gain, which resulted in cyber-attacks and unprecedented rise in cyber-crime rates. These rates are expected to increase more rapidly in the coming years if cyber security is not put in place. 1-Hackers are everywhere, they find loopholes and vulnerabilities in our system and thus they can read or manipulate our private data or confidential information. Moreover, they can create backdoors so that they could access our system whenever they want. 2- Internet scams and frauds are rampant. These include phishing, a very organized cyber-crime, which deceives people into giving their banking details. 3- Viruses, worms and malwares are very harmful for our computers and systems. They can slow down our systems and even damage it. Malwares could send our logs to other person (hacker). 4- Spyware, as the name hints, can spy on you. A computer program automatically installed on your computer, spyware tracks personal information you entered and sends it to its creator. Cyber Law India: With anonymously growing of internet, it has become necessary to make a body that has controls over the internet. Because one can miss use it and can commit crimes. India also has a cyber-law. It covers these areas:- 1. The basic of Internet Security. 2. Basic information on Indian Cyber Law. 3. Impact of technology aided crime. 4. Indian IT act on covering the legal aspect of all online activities. 5. Types of Internet policies required for an organization. 6. Minimum Hardware and software, security measures required for an organization to protect data.

3. Internet Threats:- E-Mail Threats Electronic mail (email) is a widely used communication mechanism that can be categorized into two basic types of web-based service: an open web-based email service and a closed web-based service. The first category provides web-based email accounts to anyone for free or at a fee. The second category provides email accounts that are managed by organizations for employees, students, and members only. Commercial and social websites rely on the security of email accounts. Large amounts of email exchanges are occurring daily, some of which contain personal information, company secrets, and sensitive information. This makes email accounts very valuable and becomes one of the main causes of email hacking. Email spam As rules that govern unsolicited emails tighten, spammers attempt to find new ways around them. Attackers often send massive email broadcasts with a hidden or misleading incoming IP address and email address. Some users may open the spam, read it, and possibly be tempted by whatever wares or schemes are offered. If the spammer were to get a hold of a company‘s sending email and IP address, the impact on the company's business would be devastating. The

4. company‘s Internet connection would be terminated by its Internet Service Provider (ISP) if its email and IP address are added to the black list of known spamming addresses. Effectively, this would shut down the company‘s online business because none of the emails would reach their destination. Virus Some emails incorporate a virus as a means of transportation. The Sobig virus is an example of such technology, creating a spamming infrastructure by taking over unwilling participants‘ PC. This was a major threat to email security as spam will continue to spread and trigger dangerous viruses for malicious intent. Phishing
This type of attack uses email messages from legitimate businesses that the user may be associated with. Although the messages look authentic with all the corporate logos and similar format as the official emails, they ask for verification of personal information such as the account number, password, and date of birth. 20% of unsuspecting victims respond to them, which may result in stolen accounts, financial loss, and even worse, identity theft.

5. Email Privacy To maintain privacy of your Email and to Protect our Email ID from being hacked we must follow some basic steps as follows, 1. Enable two step verification in your Email accounts. 2. Enable Login-notification for your email and get notification in your mobile whenever you login. 3. Set a strong password with a mix of alphabets, numbers and special characters. 4. Enable login- notification for you Facebook accounts to prevent unauthorized access. 5. Enable HTTPS in your email settings and your Facebook account settings. 6. Never share your password with anyone. Even to your closest person. 7. Setup a recovery question which is difficult to answer and never setup an easy & guessable answer to your security question. 8. Never click on any links sent through mail or chat. It may be a link which can steal your cookie or inject any viruses. 9. Always check your address bar for proper website address before logging in. 10. Whenever you Need to Forward an Email to More than One Person use the BCC Option to Write Addresses. 11. If you are Unable to Access Your Email Account Immediately Report it to the Service Provider. They Give You a Option of Forgot Password/Account Hacked etc. 12. Avoid Using FREE WIFI Access At Public Places.

6. Website Threats:- Website is set of related webpages hosted by a webserver, accessible via a network such as the Internet or a private local area network through an Internet address known as a Uniform resource locator. All publicly accessible websites collectively constitute the World Wide Web. A website is scripted or written in languages like HTML, PHP, .net, XHTML, CSS, java script, J query etc. Most used webservers are:- Apache IIS Google NGINX Authentication Process of websites: Most of the websites today requires the user to sign up for their services. And then we have to sign-in each time when we need the service. Some common examples are Facebook, Gmail, twitter, forums, shopping websites, internet banking, online storage, etc. Each website gets the username and password from the user and sends it to the server, where it is verified by comparing it with the details in its database and then the user is allowed to use the specific service offered by the website. All these things happen in few seconds over the internet.

7. Attacks on Websites & Web Applications There are several Attacks performed on websites and web-based applications every minute, and most of the attacks are due to improper coding and poor programming skills. Some of the common attacks performed on website / web- applications are as follows 1. SQL Injection 2. XSS 3. RFI & LFI Attacks
SQL Injection Attacks- An SQL injection is probably the most abundant programming flaw that exists on the internet at present. It is the vulnerability through which an unauthorized person can access various critical and private data. The SQL injection is not a flaw in the web or DB server, but is a result of the poor and inexperienced programming practices. And it is one of the deadliest as well as easiest attacks to execute from a remote location.
Let's see an example, where the username ‗admin‘ with the password ‗i3indya‘ can log into the site. Suppose the SQL query for this is carried out as below: SELECT USER from database WHERE username=' admin' AND password='amity'

8. If the above SELECT command evaluates true, the user will be given access to the site otherwise disallowed. Think what we could do if the script is not sanitized.. This opens a door for the hackers to gain illegal access to the site. In this example, the attacker can enter the following user data in the login form: Username: a or 1=1— Password: blank So, this would make our query as: SELECT USER from database WHERE username=' a' or 1=1-- ' AND password='' Cross Site Scripting Attack ( XSS ) Cross Site Scripting or XSS is an attack which allows a hacker to insert malicious codes into the webpage either temporarily or permanently. These codes which are inserted mostly run on client side ( The end-user or victim ) and some on the server side ( Affecting all users of that website ). It is a common vulnerability found in several web applications , Due to breaches of browser security, XSS enables attackers to inject client-side script into Web pages viewed by other users. There are two types of XSS, 1. Persistent XSS ( Stored XSS ) 2. Non-Persistent XSS ( Reflected XSS ) Stored XSS Stored XSS vulnerability is a more devastating variant of a cross-site scripting flaw, it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users who normally visit that page. A classic example of this is with online message boards where users are allowed to post HTML formatted messages for other users to read. This is a severe threat to the users of that website. Reflected XSS Reflected XSS vulnerability is the most common type of XSS. These vulnerabilities show up when the data provided by a web client, most commonly in HTTP query parameters or in HTML form submissions, is used immediately by server-side scripts to parse and display a page of results for and to that user, without properly sanitizing the request.

9. It is most commonly found in the search box of several websites which doesn‘t sanitize the input given by the users. Which means it accepts special characters and other variables and allow script to be run using the search box or other holes.
RFI & LFI Attacks Remote File Inclusion ( RFI ) Remote File Inclusion (RFI) is a type of vulnerability of website which allows an attacker to include a remote file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation. This can be used just to display contents of a file and can also be used for the following attacks- A. Code execution on the web server B. Code execution on the client-side such as JavaScript which can lead to other attacks such as cross site scripting (XSS). C. Denial of Service (DoS) D. Data Theft/Manipulation Local File Inclusion ( LFI ) Local File Inclusion ( LFI ) is a vulnerability where the local files of the webserver can be accessed by anybody by using their website in a browser. The attacker can traverse the entire directory of the webserver therefore allowing access to sensitive data and password files. The LFI can be exploited by using ―../‖ to traverse one directory up in a webserver. Therefore if multiple ―../‖ is used then the attacker can access the root directory of the webserver and view sensitive files such as the passwords. Usually in Unix servers the folder containing the passwords is in ―etc/passwords‖ file.Suppose if a site is vulnerable to LFI , then the example below will display the contents of the password file of a Unix server. www.examplesite.com/index.php?page=../../../../../../../etc/password This is the RFI & LFI Attacks these can be prevented by restricting the access to folders and by sanitizing the user inputs.

10. Countermeasures:- 1- Secure Programming is needed for programmers to prevent website and website users from being attacked 2-Users must be careful not to click on any unwanted links in websites. 3-Never use same password for different websites, even if one is compromised, you are safe. 4-Inputs must be sanitized in the web applications and web forms.

11. Network Attacks:- A computer network or data network is a telecommunications network that allows computers to exchange data. In computer networks, networked computing devices (network nodes) pass data to each other along data connections. The connections (network links) between nodes are established using either cable media or wireless media. The best-known computer network is the Internet.
Footprinting Footprinting is the act of gathering information about a computer system and the companies it belongs to. Footprinting is the first step hackers take in their hacking process. Footprinting is important because to hack a system the hacker must first know everything there is to know about it.First, a hacker would start gathering information on the targets website. Things a hacker would look for are e-mails and names. This information could come in handy if the hacker was planning to attempt a social engineering attack against the company. Port Scanning The point of port scanning a server is to detect its open ports the port‘s listening services. Once a hacker knows all the services running on your server, he could search for possible vulnerabilities they may have and exploit them to take control of our website. Along with finding out what ports are running, the hacker needs to also find out what operating system the server is running. There

12. are always a lot of operating system vulnerabilities out there to choose from. So by knowing the operating system, the hacker‘s chances of taking over the server go up. Denial-of-Service (DoS) – There are many types of DoS attacks, but they all have one purpose: to make the target server unavailable for legitimate users. The most common type of DoS attack is when the hacker sends a flood of information to the target server causing it to use up all of its resources, and in return pushing it offline, or causing it to deny requests from legitimate users trying to access it. Buffer Overflow (BoF) – A buffer overflow happens when a program attempts to store more data into a buffer, or a data storage area, then it was meant to hold. Because the buffer was only meant to hold a certain amount of data, the extra information overflows into other buffers causing them to be overwritten with malicious code created by the hacker. Once this code is executed, the hacker can receive full control of the server.
ARP spoofing- It is a technique whereby an attacker sends fake (―spoofed‖) Address Resolution Protocol (ARP) messages onto a Local Area Network. Generally, the aim is to associate the attacker‘s MAC address with the IP address of another host (such as the default gateway), causing any traffic meant for that IP address to be sent to the attacker instead. ARP spoofing may allow an attacker to intercept data frames on a LAN, modify the traffic, or stop the traffic altogether. Often the attack is used as an opening for other attacks, such as denial of service, man in the middle, or session hijacking attacks.[2]The attack can only be used on networks that make use of the Address Resolution Protocol (ARP), and is limited to local network segments. There are a few things we can do to stay secure from network hacking attempts- 1. Keep all your software up to date. There will always be new vulnerabilities coming out, and your responsibility is to patch them immediately after a patch comes out. 2. Implement a firewall. This will keep most of the bad data out and good data in. 3. Install anti-virus software. 4. Scan your system with a vulnerability scanner. This may reveal possible vulnerabilities in your system.

13. Phone Hacking:- Phone hacking is the practice of intercepting telephone calls or voicemail messages, often by accessing the voicemail messages of a mobile phone without the consent of the phone's owner. All smartphones, as computers, are preferred targets of attacks. These attacks exploit weaknesses related to smartphones that can come from means of communication like SMS, MMS, wifi networks, and GSM. Malware Apps -Just as malware downloaded from the Internet can crack open our computer, malware apps can leave our phone exposed. The major app stores usually try to prevent malware apps from getting spread through their platforms, but malware apps do get through and can even be distributed through Web pages as a download. Common sense is a fair barrier against malware. Right now, the true extent of malware app penetration is unknown and may be exaggerated. Phishing-Phishing may be actually more effective on a mobile Internet browser because the smaller address bar makes it less likely that a user will carefully check the address before entering information. The best way to protect yourself from phishing is to enter important addresses – those for sites where you will be entering private information – from scratch. GSM encryption Algorithm –Sometimes algos used by GSM services could be cracked and lead to voicemail hacking. Nohl working with others around the Internet -- has created a guidebook for cracking the Global System for Mobile communication's 64-bit A5/1 algorithm, which was adopted in 1988. 3G networks use 128-bit encryption to protect Relevant Products/Services caller privacy and the new A5/3 algorithm is being "phased in," GSM Association. Countermeasures:- Being skeptical-A user should not believe everything that may be presented, as some information may be phishing or attempting to distribute a malicious application. It is therefore advisable to check the reputation of the application that you want to buy before actually installing it. Permissions given to applications-The mass distribution of applications is accompanied by the establishment of different permissions mechanisms for each operating systems. It is necessary to clarify these permissions mechanisms to users, as they differ from one system to another, and are not always easy to understand. Mobile Antivirus- Many antiviruses for cell phones are available. E.g. Avast Mobile Security, Quick Heal, Kasper Sky, etc.

14. Credit Card & Debit Card Hacking:- Nowadays Internet banking and credit cards are very common methods of funds transfer and online shopping. And the most interesting thing is that it is done over SSL. So people always have a misconception that their accounts cannot be hacked as their transactions are secured by extra security Layer i.e. SSL but its quite easy to break the SSL. So its always better to secure your computer and internet connection rather than depending on payment sites. The fatal flaw that enabled the sensitive information to be stolen is possible when an end-user is not properly educated on an easy to do and well-known SSL exploit – SSL MITM. The hackers take benefit of that to get access your sensitive data. Hacker runs a series of utilities to redirect other user‘s data through his machine. He runs a number of other utilities to sniff the data, act as an SSL Certificate Server and to be the Man-the-Middle. He send us a fake SSL certificate, thus we actually connect to his machine instead of bank‘s system. In this case, our credentials are being transmitted between our browser and the hacker‘s machine. The hacker is able to grab that traffic, and, because he gave us the certificate to encrypt the data/credentials, he can use that same certificate to decrypt our data/credentials.

15. Phising is also used to steal credentials. Countermeasures:- Educate the end-user on the Security Alert and how to react to it. Utilize One Time Passwords, such as RSA Tokens, to prevent the reuse of sniffed credentials. When using SSL VPN, utilize mature products with advanced features, such as Juniper‘s Secure Application Manager or Network Connect functionality.

16. Trojans, Spywares and Viruses A Trojan or a Trojan Horse is a is a malicious application that acts like a legitimate file or helpful program but whose real purpose is, for example, to grant a hacker unauthorized access to a computer. Trojans do not attempt to inject themselves into other files like a computer virus. Trojan horses may steal information, or harm their host computer systems. Trojans are mostly embedded with legitimate software or downloaded from websites by some Ads etc., It is a very dangerous form of Malware which can perform advanced operations like the following, 1. Use of the machine as part of a botnet (e.g. to perform automated spamming or to distribute Denial-of-service attacks) 2. Electronic money theft 3. Data theft (e.g. retrieving passwords or credit card information) 4. Installation of software, including third-party malware 5. Downloading or uploading of files on the user's computer 6. Modification or deletion of files 7. Keystroke logging 8. Watching the user's screen 9. Crashing the computer 10. Anonymizing internet viewing Viruses A computer virus is a type of malware that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or the boot sector of the hard drive; when this replication succeeds, the affected areas are then said to be "infected". Your computer may be infected if you recognize any of these malware symptoms:  Slow computer performance  Erratic computer behavior  Unexplained data loss  Frequent computer crashes

17. Spywares Spyware is software that aids in gathering information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge. Spyware can collect almost any type of data, including personal information like Internet surfing habits, user logins, and bank or credit account information. Spyware can also interfere with user control of a computer by installing additional software or redirecting Web browsers. Some spyware can change computer settings, which can result in slow Internet connection speeds, un-authorized changes in browser settings, or changes to software settings. Worms A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. Unlike a computer virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer. Security Against Malwares 1. Install a good antivirus. Free or Paid is good, but don‘t used cracked or pirated versions. 2. Install real-time anti-spyware protection 3. Update your Anti-virus programs daily. 4. Perform scans on your computer daily. 5. Disable autorun to prevent infection from pendrives.

18. Wi-Fi Security. Wireless/Wi-Fi is a technology which allows devices to connect with each other to exchange data in a computer network or for connecting to high speed internet. It is also called WLAN. Wi- Fi devices can connect to each other or to an access point to connect with each other and to the internet. Wi-Fi devices works are based on IEEE 802.11 standards. There are three types of Wi-Fi securities available- 1- Open Wi-Fi. 2- WEP. 3- WPA/WPA2. WEP Cracking- Wired Equivalent Privacy (WEP) is a security algorithm for IEEE 802.11 wireless networks. WEP, recognizable by the key of 10 or 26 hexadecimal digits, was at one time widely in use and was often the first security choice presented to users by router configuration tools. WEP can be easily hacked using sniffing. Packet sniffing allows individuals to capture data as it is transmitted over a network. Packet sniffer programs are commonly used by network professionals to help diagnose network issues and are also used by malicious users to capture unencrypted data like passwords and usernames in network traffic. Once this information is captured, the user can then gain access to the system or network. Tools like Aircrack-ng and Backtrack OS are capable of hacking any WEP encrypted network easily. WPA/WPA2- It is an advancement to WEP . WPA2 also improves the security of Wi-Fi connections by requiring use of stronger wireless encryption than what WPA requires. Specifically, WPA2 does not allow use of an algorithm called TKIP (Temporal Key Integrity Protocol) that has known security holes (limitations) in the original WPA implementation. Several different forms of WPA2 security keys exist. WPA2 Pre-Shared Key (PSK) utilizes keys that are 64 hexadecimal digits long and is the method most commonly used on home networks. Security Tips:- 1. Change Default Administrator Passwords (and Usernames). 2. Turn on (Compatible) WPA / WEP Encryption. 3. Change the Default SSID. 4. Enable MAC Address Filtering. 5. Disable SSID Broadcast. 6. Assign Static IP Addresses to Devices. 7. Enable Firewalls On Each Computer and the Router 8. Turn Off the Network During Extended Periods of Non-Use.

19. Some Common methods used in attacks 1- Phishing Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting public. 1. Attacker convinces the victim to click on the link of fake login page which resembles a genuine login page.
2. Victim enters his credentials in fake login page that goes to attacker. 3. Victim is then redirected to an error page or genuine website depending on attacker. Countermeasures:-  Do not reply to emails that request financial information, even if it appears to be from a trusted source.  Do not reply to emails from unrecognized senders.  Secure websites are indicated by a lock on the browser's status bar or the prefix "Https://" instead of Http://. "  Information from an email is temporarily stored on a computer's local disk and can be retrieved by another user if it is not properly deleted.  If your browser has a pop-up blocker, enable it.  Do not copy any website addresses from a pop-up window into your browser.

20. Password Cracking Nowadays, passwords are the only form of security on most websites and computer systems. It has become one of the most common and easiest ways for a hacker to gain unauthorized access to your computer or network. Social Engineering – Social engineering is when a hacker takes advantage of trusting human beings to get information from them. Dictionary Attack- A dictionary attack is when a text file full of commonly used passwords, or a list of every word from the dictionary is used against a password database. Strong passwords usually aren‘t vulnerable to this kind of attack. Brute-force attack- Brute-force attacks can crack any passwords. Brute-force attacks try every possible combination of letters, numbers, and special characters until the right password is found. Brute-force attacks can take a long time. The speed is determined by the speed of the computer running the cracking program and the complexity of the password. Rainbow Tables- A Rainbow table is a huge pre-computed list of hash values for every possible combination of characters. A password hash is a password that has gone through a mathematical algorithm that transformed it into something absolutely foreign. A hash is a one way encryption so once a password is hashed there is no way to get the original string from the hashed string. A very common hashing algorithm used as security to store passwords in website databases is MD5.Well when we login and submit our username and password, a script takes our password and runs it through the md5 algorithm. The outcome hash is compared to the hash stored in the database. If they are the same, we are admitted. If I were to run the word ―cheese‖ through the md5 algorithm, the outcome would be fea0f1f6fede90bd0a925b4194deac11. Countermeasures:-  Use strong passwords upto atleast 10 characters with combinations of uppercase, lowercase, numbers and symbols. E.g. – P@5$w0rD_)(*  Never ever use name, pet name, any relative‘s name, phone number, car number in password which could be easily guessed.  Never use any password in more than one account or IDs.  Never click on any unknown link sent by any person, it could be phishing or cookie- grabbing.  Never share password with any person.

21. Security on Internet. Hacking is another side of Cyber. Some people are very notorious and net savvy. They love to keep, update themselves and bring innovative ideas. Hacker is one of them, spending almost all time on internet and doing illegal activities and spreading it all over the world. Thus infecting the internet and making people to do like those ultimately increasing cybercrimes. Staying Safe on Internet Internet is the playground of Hackers and Malicious programs, To be safe on the internet we have to follow some basic rules. 1. Always Use Genuine Antivirus/Internet Security Software Regularly Updated with Internet. 2. Keep your Firewall ON and Updated. 3. The Browser should be kept free from toolbars which get automatically installed on your browser. 4. Never Save Your Passwords on your Browsers and Instant Messengers like Yahoo, Google, and Skype etc. 5. Keep your Browser Temporary Cache, Cookies Clear on Regular Basis. 6. While Browsing Don't Install Shortcuts and Toolbars from Pop Ups and Ads. 7. Don't Download Pirated Stuff from Untrusted Sites. (e.g. Music, Videos, Free Software) 8. Always Install Software's Available at the Parent Sites. 9. Don't Click on Suspicious Links/Hyperlinks Which Are Luring and Tempting.

22. Career in Cyber security According to naukri.com there are 5800 vacancies in field of cyber security and network security. Cybersecurity is one of the hottest fields in technology today and the trend will continue for the foreseeable future. As noted in a ―Best Jobs‖ article on the CNN Money website, cyber security is among the top ten fastest growing careers in America, with a 27% growth rate. All industries, from retail sales to hospitals to power plants, are dependent on information technology (IT), and cybersecurity is critical to ensuring IT assets are protected. The Certified Ethical Hacker is a professional certification provided by the International Council of E-Commerce Consultants (EC-Council.) An ethical hacker is usually employed by an organization who trusts him or her to attempt to penetrate networks and/or computer systems, using the same methods as a hacker, for the purpose of finding and fixing computer security vulnerabilities. Unauthorized hacking (i.e., gaining access to computer systems without prior authorization from the owner) is a crime in most countries, but penetration testing done by request of the owner of the victim system(s) or network(s) is not. A Certified Ethical Hacker has obtained a certification in how to look for the weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a hacker. Companies like Google, Yahoo, IBM, etc. always look for people who can find vulnerability and bugs in their systems and pay a lot of money. Government organizations like CBI, NIA, Indian Army and other defense services hire many cyber security analysts every year and an ethical hacker can always build his own career as a white hat.
By:- Neeraj Negi (neerajnegi@live.co.uk)