CIA3

Ethics and Cyber

Crime in India
Arinjya Jain 21211036
Chander Maurya Kumbkarni 21211051
Charlatan Medhi 21211052
Rahul Balo 21211048
Gautam Menon 21211076
Man-in-the-
Middle Attack
MitM Attack is a cyberattack where the attacker
secretly relays and possibly alters the communications
between two parties who believe that they are directly
communicating with each other
How does a MitM Attack work?

A perpetrator can use various tools to extract information, payment or any other
kind of valuable information to be used for the perpetrator's benefit.
 MitM Attacks in India
A Mumbai-based company exporting medical consumables to a company based in South
America was recently hit by a man-in-the-middle cyberattack. The Indian company was to
receive a payment of RS. 44 Lakhs, which the cyber scammer diverted to his bank
account, as he sent his own account's details disguised with the Indian Companies email.
 • Kali Linux- An Operating System

designed for penetration testing

Tools used • WireShark- Software used to scan

in a MitM network traffic

Attack • ProxyFuzz - Software used to spoof IP

addresses

• Django - Language used to clone a

site
The Modus Operandi
• Identify Victim- A hacker will first identify a victim by

researching businesses of a certain size where that are profitable

to exploit but not big enough to have a Cyber Defence

Department. He will identify vulnerabilities in their systems to

exploit later.

• Clone Site/ Create Email Address- Hacker will create a clone site
of a site that his victim visits frequently like Banking Sites,
PayPal etc. He might create emails similar to other ones that the
business might get from a supplier or client.
The Modus Operandi
• Hijack Connection- The Hacker will then hijack the connection of

the user with the server and redirect all TCP communication
through him and then send his own site's IP address when a DNS

request for the original site is requested or monitor email, and

send one with a payment to his own bank.

• Payday/Collect Data - The Hacker will receive money in virtual

accounts created in banking secrecy countries, or could collect

data from his victim who he can further extort for further money
 Law against MitM Attacks

The Man in the Middle Attacks are cases where an individual impersonates over
individual/organization. Thus, these cases are covered under Section 66C of IT Act.

Section 66 Applies to any conduct that is dishonest or fraudulent.

The focus of this section (Section 66C) is digital signatures, password hacking, and
other forms of identity theft. This section imposes imprisonment upto 3 years along
with one lakh rupees as a fine.
How could you Use a VPN
Use VPN's to mask your IP
protect yourself like NordVPN, ProtonVPN

against this?
Only visit HTTPS sites
Some good preventative methods are
HTTPS are encrypted sites, no
middle user can snoop.

Check e-mail ID's

Verify the e-mail ID of mails you
receive, to check if they are from
the correct source
Questions?