1

Presented By
• Ghanshyam K. Patel

It 5th Sem 2
 Computer Crimes
“The public streets and highways of the
internet have become like
neighborhoods where it is no longer
safe to venture. Hackers, scammers,
virus builders and other Web predators
are looming in the shadows.”
 Flow of the session
• Historical perspective
• Threats and Attacks
– Threats
– Types of Attacks
 Types of Non-authorized Users
• Hacker: people who access a computer resource,
without authorization
• Crackers: a hacker who uses his or her skills to
commit unlawful acts, or to deliberately create
mischief
• Script Kiddies: a hacker who downloads the
scripts and uses them to commit unlawful acts, or
to deliberately create mischief, without fully
understanding the scripts.
How Many Types Of Hackers?
There are six types of hackers:
• 1) CODERS
• 2) ADMINS
• 3) SCRIPT KIDDIES
• 4) WHITE HAT HACKER
• 5) BLACK HAT HACKER
• 6) GREY HAT HACKER
 CODERS:-
• The Real Hackers are the
Coders, the ones who revise
the methods and create tools
that are available in the
market.
• Admins are the computer guys who use
the tools and exploits prepared by the
coders. They do not develop their own
techniques, however they uses the tricks
which are already prepared by the coders.
 SCRIPT KIDDIES:
• Script Kiddies are the
bunnies who use script
and programs developed
by others to attack
computer systems and
Networks.
WHITE HAT HACKER:

• They are also known as an

Ethical Hacker or a
Penetration Tester. They
focus on Securing and
Protecting IT systems.
 BLACK HAT HACKER:
• A Black Hat Hacker is computer
guy who performs Unethical
Hacking. These are the Criminal
Hackers or Crackers who use their
skills and knowledge for illegal or
malicious purposes.
GREY HAT HACKER:
• A Grey Hat Hacker is a
Computer guy who sometimes
acts legally, sometimes in good
will, and sometimes not.
• They are hybrid between White
Hat and Black Hat Hackers.
 Cyber Terrorist
• They are Hackers who are
called Cyber Terrorists, who
attack government computers
or public utility infrastructures,
such as power stations and air-
traffic-control towers
 Attack Method For Web Server
• Web Ripping
• Google Hacking
• Cross Site Scripting (XSS)
• SQL Injection
• PHP Remote Code Execution
• Directory Access controls
 Web Ripping
• Web Ripping is finding and
extracting pictures and other
media files from specific
website URLs and save them
to your hard drive.
 Google Hacking
• Google hacking involves using Advance
Search Operators in the Google search engine
to locate specific strings of text within search
results. Some of the more popular examples
are finding specific versions of Vulnerable
Web Applications.
 Cross Site Scripting
• Cross-Site Scripting (XSS) is a type of
computer security vulnerability
typically found in web applications
which allow code injection by
malicious web users into the web
pages viewed by other users.
Examples of such code include HTML
code and client-side scripts.
 SQL Injection
• A SQL injection attack exploits
vulnerabilities in a web server
database that allow the attacker to
gain access to the database and
read, modify, or delete
information.
 PHP Remote Code Execution
• This attack provides the means
for a Hacker to execute his or
her system level code on a target
web server. With this capability,
an attacker can compromise the
web server and access files with
the same rights as the server
system software.
 Directory Access Controls
• Properly controlling access to web
content is crucial for running a
secure web server. Directory
Traversal is an HTTP exploit which
allows attackers to access restricted
directories and execute commands
outside of the web server's root
directory.
 Attack With Trojans
• A Trojan is a malicious program
misguided as some very important
application.
• Many Trojans are used to manipulate
files on the victim computer, manage
processes, remotely run commands,
intercept keystrokes, watch screen images,
and restart or shut down infected hosts.
 Some Famous Trojans
• Pro Rate •Beast
• Girl Friend •Back Orifice
• Netbus •Sub Seven
 Types of Attacks
• Attacks on computer systems using the computers
– Web-site defacement or
– Revealing the data to unauthorized persons/theft of
sensitive information/ stealing information
like
• stealing credit card numbers
• bank frauds or
– Damage to data through
• Hacking or
• Virus/Worms
 Types Of Attacks [continue…]
• Hoax Letters: Examples
• Malicious code (viruses and trojan horses)
• Urban myths
• Scam letters to entrap the receiver
• Internet gambling
• Internet Pornography
• Link Flooding
• Packet Intercepting, Password Sniffing
 Types Of Attacks [continue…]
• propagate false routing entries (“black holes” and
“sink holes”)
• domain hijacking
• Phishing attacks: use e-mails that often appear to
come from a legitimate e-mail address and include
links to spoofed Web addresses. The receiver
responds to the link, which takes the receiver to a
site, other than what the receiver thinks he is going
to. (announced by MS on 16 Dec 2003, as a problem
with Internet Explorer).
 o u
k Y
a n
Th