DDoS: Distributed Denial of Service Attack

DDoS attack is considered as one of the biggest attacks on the Internet in today's cyberspace. DDoS stands for "Distributed Denial of Service". The DDoS attack is launched using a botnet, I discussed about botnets in the previous post. With the regular increase in the Internet traffic it's pretty easy for the attackers to acquire huge number of systems and convert them into bots and then use them to launch a botnet attack on any desired target. The most popular target of DDoS attacks are websites.

The basic agenda behind launching a DDoS attack is to take down  a web site so that users can't access the services provided by that website. Now if a website provides all it's services online or is a e-commerce website like Amazon the website downtime is equal to closed store which can result in huge revenue losses and lost in customer confidence.

How is a DDoS attack launched?

Following steps are involved in a DDoS attack:

1. The attacker sends a command to all the bot clients to redirect their internet traffic to a specific web address which the attacker is trying to target (say www.xyz.com).
2. The bot clients receive the command, execute it and redirect their internet traffic to the target website. 
3. When the internet traffic rate crosses the bandwidth limit of the target website the website goes down and remains down until attacker finishes the attack.

BOTNETS: Is it really that big of a problem?

Botnets are one of the most sophisticated and popularly committed cybercrime in today's cyberspace. They allow attackers to control of many computers at a time using a backdoor, and turn them into "bot clients", which act as soldiers in the attackers zombie army or bot army and are used for various cyber attacks like DDoS, spread viruses, generate spam, etc..

Some commonly associated terms with botnets are:

• Bot Herder/ Bot Master: The attacker who launches the attack and controls the botnet.
• Command & Control: A command and control server (C&C server) is the centralized computer that issues commands to bot clients and receives reports back from them. IRC server is a most common example of a C&C server.
• Bot Clients: These are the systems of normal users which are infected by the attacker and are now part of the botnet. These are also known as zombies.

The botnet is a multipurpose weapon for attackers as it can be used to launch various types of attacks. Due to this property of botnets they are continuously in huge demand and are easily available for rent and purchase in the dark-web marketplace. Bot masters try to make easy and big bucks by selling or renting their botnet to interested parties which are most likely: terrorist organizations, governments, national agencies.

This post was just an introduction to botnets in consecutive posts I'll be writing about some popular types of attacks associated with botnets: Distributed Denial of Service (DDoS), Malware Distribution, Spam and Phishing Scam and the last post will be dedicated on safety against botnet attacks.

How To Stay Safe Online (An Independence Day Special) 🇮🇳

First of all a very Happy Independence Day to all the Indians 🇮🇳 and my apologies for not being active for so long.

Recently, TechCrunch published an exclusive story on what many are stating to be the largest series of hacks ever revealed  in their latest report. Hackers may have used malware to collect more than 32 million Twitter login credentials that are now being sold on the dark web. Which even included the login credentials of Mark Zuckerberg.Twitter said that its systems have not been breached. The hack was performed by Russian hackers by infecting popular browsers like Firefox and Chrome with malware.

The dark-web marketplace is filled with these kinds of sales of confidential information.

To help at that level, I have made a list of 8 tips that can help you minimize the risks of your information being stolen and increase your safety online.

1. Use two-factor authentication whenever possible.

Two-factor authentication adds another layer of security when logging into a website, be it e-mail, banking, or other websites.  Some websites, such as Google, will text you a code when you login to verify your identity, while others have small devices that you can carry around to generate the code.  Authenticator apps are also available on all major smartphone platforms. Other types of two-factor authentication do exist as well, so look in the settings of your banking, shopping, and e-mail hosts for the option.

2. Signup for login notifications

This security layer is often used in place of two-factor authentication, including by websites such as Facebook.  If your account is accessed from an unfamiliar location, a notification is sent via e-mail, app, or text-message to the account holder.  This is a great layer of security that offers you on-the-go protection.  This feature, if offered, can usually be found in the security settings of the website, such as banking and social media, you are accessing.

3. Use a secure password

We have all signed up for some website with a basic password, thinking there is no way that someone would want to hack our account.  But that may not be the case.  Setting an easy password on one website often leads to that password being used across many websites.  The easier you make it for a thief to brute-force access your account, the more likely you are to have your other accounts hacked.  By establishing a mixture of characters, numbers, and letters into a password, recommended to be 10 characters or more, you add a high level of difficulty for any brute-force password theft.

4. Change your passwords regularly

There is a reason your office requires regular password changes for your e-mail.  Even if your password is compromised, by changing it regularly across all your accounts, you remove the chance of your account being accessed.  A pro-tip would be to set a reminder for every 90 days on your calendar with a link to all your accounts settings pages.  It makes it easiest to click through and make the changes regularly.

5. Only access your accounts from secure locations

It might only be 30 seconds of access to your bank account on that free WiFi at the coffee shop, but if the network has been compromised, that is more than enough time to collect all the data needed for a thief.  While the convenience factor is there, if you must access the accounts, you might want to look into a VPN (Virtual Private Network) to ensure an encrypted connection to your home or work network.

6. HTTPS access

In most browsers and information heavy websites, there is a way to force a HTTPS connection when available.  This connection adds another level of encrypted security when logging in, making it even more difficult for data thieves to gather your information when logging in.  To check if you are on a HTTPS connection, look for a padlock in the URL bar in the browser or check the URL itself for it to begin with HTTPS.

7. Increase junk filtering and avoid clicking through on e-mails

You just received an e-mail letting you know that you have a new deposit pending and need to login and verify.  Many phishing schemes start with something looking very innocent and official, but lead unassuming users to websites designed to collect the information direct from you.  If you receive an e-mail from one of the account-holding websites, open a new tab and go direct to the website instead of clicking the links provided.  It adds only a few seconds to the access, but keeps you out of any legit-looking phishing websites. Most legitimate services will never ask you for your login credentials, so make sure to avoid giving out this information.

By increasing your level of junk filtering with your e-mail client as well, many of these e-mails will be caught before making it to your inbox.

8. Use an up-to-date security program

Security programs are designed to keep the malicious files such as keyloggers and data-miners off your computer and the user protected.  This direct layer of security ensures your devices, from phones to tablets to computers, are all protected when you are downloading and accessing files.  Note that some programs, such as Webroot SecureAnywhere, are always up-to-date and require no further action from the user.

While the threats to online accounts are out there, the tips to staying safe can help you stay protected and utilize features often already available by the companies and their websites, and most without costing you additional money. The tips above should help ensure your security online while still providing the convenience online access offers.

CYBER STALKING

#17

Cyberstalking, simply put, is online stalking. It has been defined as the use of technology, particularly the Internet, to harass someone. Common characteristics include false accusations, monitoring, threats, identity theft, and data destruction or manipulation. Cyberstalking also includes exploitation of minors, be it sexual or otherwise.

The harassment can take on many forms, but the common denominator is that it's unwanted, often obsessive, and usually illegal. Cyberstalkers use email, instant messages, phone calls, and other communication devices to stalk, whether it takes the form of sexual harassment, inappropriate contact, or just plain annoying attention to your life and your family's activities.

Kids use the term "stalking" to describe following someone's activities via their social network. My own children accuse me of being their "stalker" for keeping tabs on their digital lives. It's important that we not devalue the serious nature of the crime of cyberstalking by using the term incorrectly. A recent television commercial for a major cellular provider depicts a young woman spying on her crush through his bedroom window while she monitors his online activities on her cell phone. While it's meant to be a humorous ad, it's extremely unsettling when stalking occurs in the real world.

Interestingly, this same ad points to an important fact about cyberstalking; it is often perpetrated not by strangers, but by someone you know. It could be an ex, a former friend, or just someone who wants to bother you and your family in an inappropriate way.

How Cyberstalking Harms

Cyberstalking can be terribly frightening. It can destroy friendships, credit, careers, self-image, and confidence. Ultimately it can lead the victim into far greater physical danger when combined with real-world stalking. Yes, we're talking serious stuff here. Victims of domestic violence are often cyberstalking victims. They, like everybody else, need to be aware that technology can make cyberstalking easy. Spyware software can be used to monitor everything happening on your computer or cell phone, giving tremendous power and information to cyberstalkers.

Anti-Stalking Tips

Here are a few important pointers to help you thwart cyberstalking, whether it's directed at you, your PC, or your family:

Maintain vigilance over physical access to your computer and other Web-enabled devices like cell phones. Cyberstalkers use software and hardware devices (sometimes attached to the back of your PC without you even knowing) to monitor their victims.
Be sure you always log out of your computer programs when you step away from the computer and use a screensaver with a password. The same goes for passwords on cell phones. Your kids and your spouse should develop the same good habits.
Make sure to practice good password management and security. Never share your passwords with others. And be sure to change your passwords frequently! This is very important.
Do an online search for your name or your family members' now and then to see what's available about you and your kids online. Don't be shy about searching social networks (including your friends' and colleagues'), and be sure to remove anything private or inappropriate.
Delete or make private any online calendars or itineraries--even on your social network--where you list events you plan to attend. They could let a stalker know where you're planning to be and when.
Use the privacy settings in all your online accounts to limit your online sharing with those outside your trusted circle. You can use these settings to opt out of having your profile appear when someone searches for your name. You can block people from seeing your posts and photos, too.
If you suspect that someone is using spyware software to track your everyday activities, and you feel as if you're in danger, only use public computers or telephones to seek help. Otherwise, your efforts to get help will be known to your cyberstalker and this may leave you in even greater danger.
As always, use good, updated security software to prevent someone from getting spyware onto your computer via a phishing attack or an infected Web page. Check the app store for your mobile devices to see what security software is available. Or visit the Norton Mobile page to see what programs are available for your device's platform. Security software could allow you to detect spyware on your device and decrease your chances of being stalked.

Report It

If you're being cyberstalked, remember to keep a copy of any message or online image that could serve as proof. In fact, show your children how to use the "print screen" or other keyboard functions to save screenshots.

Most important, don't be afraid to report cyberstalking to the police. Many police departments have cybercrime units, and cyberstalking is a crime.

**Credits Norton Inc.

IDENTITY THEFT

#16

As the world of electronics continues to become more and more advanced, cybercriminals continue to find new ways of tracking down and stealing your identity. By stepping up their game, cybercriminals are able to steal your identity and use it in ways that would scare you more than even the most horrifying haunted house.

Identity theft is becoming more common by the minute. In the face of this reality, many of you may have a paper shredder at home to ensure that your personal information that's down on paper is safe. While this is a good practice, every time you turn on your computer you put yourself at risk. A cybercriminal could be snooping around your computer at any time, with the goal to set traps to capture your personal information and your identity. The ways in which these criminals discover and use your identity are downright horrifying.

Everyone knows a little about the black market and knows that such a market is illegal and not something to mess with in general. However, for cybercriminals, the online black market is a festival funhouse where they can trade and sell your stolen identity to people around the world. Cybercriminals make a killing off of the millions of identities stolen each year. They have created quite a market for buying and selling your credit card information, bank account information or just about anything else you value.

Once your identity has been stolen, cybercriminals access an invitation-only Internet Relay Chat site with around 100,000 other cybercriminals and begin auctioning off your identity – and you are part of their online trick or treat. They have tricked you into giving away your identity, and in return, they are treated to a large lump sum of cash. Sadly, your identity only goes for around $10 on the open market, which means they need to steal a lot of identities to make a profit. In addition to credit card information, cybercriminals are always on the lookout for Social Security numbers (SSN), which can be used to establish additional lines of credit.

No matter where your identity ends up, the person falsely using your name, date of birth, SSN and address can bury you six feet under by the time you realize you identity has been stolen and work through the recovery process. To ensure you don't end up in next year's haunted house insane asylum, never open a random email, never give any of your personal information away to third party groups and always report lost credit cards immediately.

Identity theft is one of the fastest growing crimes in the world because it takes very little time to accomplish, and if it's done correctly, it is almost impossible to track. Take the steps necessary to avoid the horrors of identity theft, and as always, keep your computers up to date with privacy and anti-virus software.

Cyber Stalking

#15

Although there is no universally accepted definition of cyberstalking, the term is used in this report to refer to the use of the Internet, e-mail, or other electronic communications devices to stalk another person. Stalking generally involves harassing or threatening behavior that an individual engages in repeatedly, such as following a person, appearing at a person's home or place of business, making harassing phone calls, leaving written messages or objects, or vandalizing a person's property. Most stalking laws require that the perpetrator make a credible threat of violence against the victim; others include threats against the victim's immediate family; and still others require only that the alleged stalker's course of conduct constitute an implied threat.(1) While some conduct involving annoying or menacing behavior might fall short of illegal stalking, such behavior may be a prelude to stalking and violence and should be treated seriously.

Nature and Extent of Cyberstalking

An existing problem aggravated by new technology

Although online harassment and threats can take many forms, cyberstalking shares important characteristics with offline stalking. Many stalkers - online or off - are motivated by a desire to exert control over their victims and engage in similar types of behavior to accomplish this end. As with offline stalking, the available evidence (which is largely anecdotal) suggests that the majority of cyberstalkers are men and the majority of their victims are women, although there have been reported cases of women cyberstalking men and of same-sex cyberstalking. In many cases, the cyberstalker and the victim had a prior relationship, and the cyberstalking begins when the victim attempts to break off the relationship. However, there also have been many instances of cyberstalking by strangers. Given the enormous amount of personal information available through the Internet, a cyberstalker can easily locate private information about a potential victim with a few mouse clicks or key strokes.

The fact that cyberstalking does not involve physical contact may create the misperception that it is more benign than physical stalking. This is not necessarily true. As the Internet becomes an ever more integral part of our personal and professional lives, stalkers can take advantage of the ease of communications as well as increased access to personal information. In addition, the ease of use and non-confrontational, impersonal, and sometimes anonymous nature of Internet communications may remove disincentives to cyberstalking. Put another way, whereas a potential stalker may be unwilling or unable to confront a victim in person or on the telephone, he or she may have little hesitation sending harassing or threatening electronic communications to a victim. Finally, as with physical stalking, online harassment and threats may be a prelude to more serious behavior, including physical violence. 

BREAKING PASSWORDS

#14

In very general terms, password crackers typically have two approaches. One is to literally try a pre-compiled list of possible passwords. These usually start from very common passwords (like password or qwerty) and work their way down to less common terms, and eventually use a list of words compiled from an online dictionary and other sources. This approach is more likely to find passwords that are valid words or variants on them, even if they’re obscure.

Another password-cracking approach is to try valid sequences of letters, numbers, and symbols, regardless of their meaning. A password cracker using this approach might start with aaaaaaaa for an eight-character password, then try aaaaaaab then aaaaaaac and so on up the alphabet, through mixes of upper and lower case, and throwing in numbers and symbols. This approach is more likely to find passwords that are “machine-friendly” or randomly generated. A passcode like 4De78Hf1 isn’t any more difficult to find this way than teenager would be.

So, what are the odds of a password being guessed? Most systems these days enable users to create passwords using letters (upper and lower case), numbers, and a selection of symbols. Allowable symbols often vary between systems (some allow almost anything, others allow only a handful), but for our purposes let’s assume that means each character in a password can be one of about 80 values — two alphabets at 26 letters each, ten numerals, and 18 symbols. (In theory at least 127 values should be available for every character, but in practice it’s a smaller number.)

Using a purely brute force approach, that means it would take a maximum of 80 guesses to randomly figure out a one-character password. A four-character password could take over 40 million guesses (80 × 80 × 80 × 80 = 40,960,000) and an eight character password could take over 1.6 quadrillion guesses (1,677,721,600,000,000).

If a password cracker were able to make 1,000 guesses a second, it would need about a month to run all combinations of a four-character password, and over 53,000 years to run all the combinations of an 8 character password. That seems pretty secure, right?

Well, not really. In purely statistical terms, a cracker has a 50/50 chance of finding the password in half that time. More troubling, the folks who make password crackers have other ways of improving their odds. Remember how password was one of the worst passwords to use? Guess what’s also a very bad password? Passw0rd, substituting a number zero for a letter O. While password crackers are running their common words from a dictionary, they’re also trying common variants on those words, substituting zeros for O’s, @ signs and 4’s for A’s, 3’s for E’s, 1’s and !’s for I’s, 7’s for T’s 5’s for S’s, and so on. Similarly, 0qww294e is a terrible password — that’s just password shifted up one row on a standard English keyboard. These techniques prey on users’ preference for easy-to-remember passwords. Unfortunately, by substituting (or capitalizing) a character or two in an easy-to-remember term people are mostly making their passwords more obscure, but not much more secure. In fact, typical user-selected eight-character passwords with mixed case, numbers, and symbols usually only have about 30 bits of entropy, or a little over a billion possible combinations. Why? Because the list of terms people on which people base their passwords is far smaller than the total possible combinations of letters, numbers, and symbols.

How fast can passwords be broken? Trying 1,000 passwords a second might seem impossible — after all, most services tend to lock us out of our own accounts if we mistype a password three or four times, often resetting the password and requiring us to answer security questions to make a new one. These “gateway” techniques do improve account security, and incidentally, are also a great blindingly easy way to annoy people.

However, attackers intent on breaking passwords aren’t knocking on a service’s front door and trying (literally) millions of times to log into the same account. They’re either using less-public authentication methods that aren’t subject to lockouts (like a private API for partners or apps), spreading their attacks across a broad range of accounts to avoid lockout periods, or (best case scenario) applying password cracking techniques to stolen password data. Most systems encrypt the password data they store, but those encrypted files are only as secure as the system itself. If attackers can get their hands on the encrypted password file (through a security hole, compromised machine, or social engineering, for starters) they can attack it very rapidly once it’s on their own systems. That’s why stories about attackers obtaining account information (like Stratfor, Epsilon, Sony,  and Zappos) are troubling. Once the encrypted data has been pried loose, attackers can apply much more powerful tools to crack it open.

In the real world, that means the figure of 1,000 passwords per second is extremely conservative. Typical desktop computing hardware these days can test millions of passwords a second against common encryption technologies. Similarly, there are now password-cracking tools that leverage graphics processors, and criminal botnet operators are also in the password cracking business. They can spread the workload across thousands of computers. Combine this raw power with sophisticated heuristics (like trying numbers-and-letters variants on common words) and it’s not unusual to crack a typical eight-character user password in under half an hour.

Our next post will explain how you can set a strong password. Stay tuned..!!!!!

Brute Force Cracking

#13

Brute force  is a hit and trial method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies. Just as a criminal might break into, or "crack" a safe by trying many possible combinations, a brute force cracking application proceeds through all possible combinations of legal characters in sequence. Brute force is considered to be an infallible, although time-consuming, approach.

Crackers are sometimes used in an organization to test network security, although their more common use is for malicious attacks. Some variations, such as L0phtcrack from L0pht Heavy Industries, start by making assumptions, based on knowledge of common or organization-centered practices and then apply brute force to crack the rest of the data. 

CYBER CRIME

#12

Cybercrime is defined as crimes committed on the internet using the computer as either a tool or a targeted victim. It is very difficult to classify crimes in general into distinct groups as many crimes evolve on a daily basis. Even in the real world, crimes like rape, murder or theft need not necessarily be separate. However, all cybercrimes involve both the computer and the person behind it as victims, it just depends on which of the two is the main target. 

Hence, the computer will be looked at as either a target or tool for simplicity’s sake. For example, hacking involves attacking the computer’s information and other resources. It is important to take note that overlapping occurs in many cases and it is impossible to have a perfect classification system.

• Computer as a tool

When the individual is the main target of Cybercrime, the computer can be considered as the tool rather than the target. These crimes generally involve less technical expertise as the damage done manifests itself in the real world. Human weaknesses are generally exploited. The damage dealt is largely psychological and intangible, making legal action against the variants more difficult. These are the crimes which have existed for centuries in the offline. Scams, theft, and the likes have existed even before the development in high-tech equipment. The same criminal has simply been given a tool which increases his potential pool of victims and makes him all the harder to trace and apprehend.

• Computer as a target
These crimes are committed by a selected group of criminals. Unlike crimes using he computer as a tool, these crimes requires the technical knowledge of the perpetrators. These crimes are relatively new, having been in existence for only as long as computers have - which explains how unprepared society and the world in general is towards combating these crimes. There are numerous crimes of this nature committed daily on the internet. 

Cyber Warfare

#11

Cyberwarfare is Internet-based fight involving personally/politically motivated attacks on information and information systems. Cyber Warfare attacks can disable official websites and networks, disrupt or disable essential services, steal or alter classified data, and crippled financial systems -- among many other possibilities.

Cyber warfare against India has always been confused with minor cyber breaches like websites defacements and cracking into e-mail accounts. India has also been very late in recognising the need for a robust cyber security. Even the national cyber security policy of India 2013 (NCSP 2013) was declared belatedly and it is still waiting for its implementation. India has no cyber warfare policy till date.

International legal issues of cyber attacks, cyber terrorism, cyber espionage, cyber warfare and cyber crimes in general and international legal issues of cyber attacks and Indian perspective in particular must be understood thoroughly by Indian government to fight against cyber warfare.

The Department of Information Technology created the Indian Computer Emergency Response Team (CERT-In) in 2004 to thwart cyber attacks in India. That year, there were 23 reported cyber security breaches. In 2011, there were 13,301. That year, the government created a new subdivision, the National Critical Information Infrastructure Protection Centre[page needed] (NCIIPC) to thwart attacks against energy, transport, banking, telecom, defence, space and other sensitive areas. However, there is no public face of NCIPC and some experts believe that NCIPC has failed to materialise and perform its job. It was also reported that National Technical Research Organisation (NTRO) would protect the critical ICT infrastructures of India. However, critical infrastructure protection in India has its own challenges (Pdf) that Indian government has not appreciated till now.

The Executive Director of the Nuclear Power Corporation of India (NPCIL) stated in February 2013 that his company alone was forced to block up to ten targeted attacks a day. CERT-In was left to protect less critical sectors.

A high-profile cyber attack on 12 July 2012 breached the email accounts of about 12,000 people, including those of officials from the Ministry of External Affairs, Ministry of Home Affairs, Defence Research and Development Organisation (DRDO), and the Indo-Tibetan Border Police (ITBP). A government-private sector plan being overseen by National Security Advisor (NSA) Shivshankar Menon began in October 2012, and intends to beef up India's cyber security capabilities in the light of a group of experts findings that India faces a 470,000 shortfall of such experts despite the country's reputation of being an IT and software powerhouse.

In February 2013, Information Technology Secretary J. Satyanarayana stated that the NCIIPC[page needed] was finalizing policies related to national cyber security that would focus on domestic security solutions, reducing exposure through foreign technology.Other steps include the isolation of various security agencies to ensure that a synchronised attack could not succeed on all fronts and the planned appointment of a National Cyber Security Coordinator. As of that month, there had been no significant economic or physical damage to India related to cyber attacks.

References - Wikipedia [Case Study]