1
Identity Theft on Internet
Identity Theft on Internet
2
Identity Theft on Internet
Login and Password stealing is common in cybercrime world on Internet. There are
several techniques by which an attacker can attack a victim and steal their confidential and
personal data. Techniques such as phishing, DDOS attack, Session stealing, bypassing and SQL
injection. Attackers steal login and password and decrypt them in order to use them such as use
of credit card information for retrieving money over internet. In E-Banking fraud cases, attackers
generally use proxy address to hide their identity and get access to victim’s account by
controlling it remotely using stolen user credentials such as login and password.
In one of the case study in which a group of black hat hackers steal more than a billion
records having username, password, sessions, cookies, credit card information and email
addresses from 450,000 websites. Hackers had stolen millions of credit card information
including social security number, license number and insurance identification numbers from
various sites, which lead to heavy loss to the individuals (Craig Anderson). These black hat
hackers targeted small scale and large scale business companies but they haven’t sold a single of
them, instead of selling they used this information for spreading spam. The attackers are using
Botnet to spread these spam over internet. With the advancement in technology, threats are also
increasing to the business operations such as: security threats and privacy threats. So, it has to be
ensured that business operations should be performed within secure environment with minimum
risk of getting attacked from attackers. There are several methods in which an organization can
be attacked by attackers resulting in theft of confidential data as well as damage of valuable
resources. Major type of attacks which an attacker performs to gain access on servers or
resources such as: DoS, DDos, phising and session hijacking. DoS attack can be performed by
finding vulnerabilities within the web server, website, DNS server or FTP servers, so that
malicious packets can be injected to that specific server (Qijun Gu). Large number of servers
response to requests without any authentication process and always accept incoming connections
without any packet or IP filtering process making them easier to attack. So as to protect an
organization from such attacks various measures has to be taken care so as to provide maximum
security to the firm.
Social Networking sites prone to attacks
Generally, attackers use several tools or software to steal login credentials or other
sensitive data from social networking websites. There are tools such as Pony, Haviz which are
available free for gathering user’s information. Social media sites are more prone to attacks
because more than billion users share their information over these sites such as Facebook,
Twitter, and Linkedin etc. A common tool used by attackers named Pony collects millions of
login details and email address daily. These types of malicious tools are automatically
downloaded on the system that is having Internet and then an attacker remotely access victim’s
system. In 2011, Facebook was attacked by a worm named Ramnit worm which steals login
credentials such as cookies, username and password and a link will be posted on their wall that
can lead to Ramnit worm. In recent days, hackers attacked Sony pictures and steal their billions
of records and sensitive data. Millions of records including credit card and bank details of
employees of Sony Pictures were stolen and they were threatened not to release the movie.
3
Identity Theft on Internet
Trojans and their adverse effects
In a report by security researchers in which they have introduced a Trojan named
Pandemiya which is similar Zeus malware. This Trojan can steal login details, bank passwords
and credit card details. The code of this Trojan was originally written in C having thousand of
lines and which can be injected in victim’s machine. The Trojan is injected into the system by
injecting the code into system’s DLL files and these DLL files will be executed whenever new
process will be processed such as any browser based application was executed. There is only a
way to protect against this type of Trojan is by manually deleting registry files having infected
DLL files using Regedit tool.
There are large number of Trojans that can steal sensitive data from user’s machine
without even noticed such as carberp, Zeus, Citadel and SpyEye. This Carberp Trojan can steal
online bank details and login details. This Trojan is having a rootkit through which it will be
unnoticed on victim’s computer. The Trojan also has a feature to deactivate antimalware
detection software from the victim’s machine and can encrypt stolen data. Citadel Trojan can
block security methods on a victim’s machine and perform attack. Zeus Trojan attacked millions
of machines in US and theft millions of dollars. It has been said by director of technical solution
marketing at McAfee, that 130 million malware programs have been found by the company since
year 2007 and it is increasing very rapidly(Craig Anderson).
Type of Attacks that can steal login credentials
A Denial of Service (DoS) is a type of attack in which network is flooded with unwanted
traffic or making it inaccessible to users on that server or website. It has been summarized that
these types of attacks are performed by attackers to disrupt the whole network by injecting
malicious codes within the server or by sending large number of malicious packets to the server
by increasing traffic load on the server which leads to server down (Bruce Upbin Forbes Staff).
These attacks are performed by increasing the traffic load rate in even gigabytes resulting in
crashing the network. In a case study, a 15 year Canadian boy hacked various E-Commerce sites
including Amazon and EBay using DoS attack in the year 2000 resulting in shutting down of the
site which leads to loss of nearly $1.7 billion. When these types of attacks are performed by a
single machine then it is called DoS attack but when multiple machines are sending large number
of requests to a single network making it slow to response to such large number of requests
called Distributed Denial of Service. This type of attack can be performed by finding
vulnerabilities within the web server, website, DNS server or FTP servers, so that malicious
packets can be injected to that specific server. Large number of servers response to requests
without any authentication process and always accept incoming connections without any packet
or IP filtering process making them easier to attack. In order to perform DoS attack, attackers
first finds all ports that are open using port scanners available. After getting opened port of that
specific IP address, attacker decides to perform TCP connection with the server and sends
unwanted requests. One of the recent cyber attack which was happened few months before in
Los Angeles in which attackers has breached security protocols of country medical facilities and
stolen data of 1,68500 patients(Abby Sewell). Attackers had stolen records including social
security number, address, birth details and diagnosis reports. Phishing is one of common kinds of
attack in which victim has been taken to some fake website similar to original site, by which his
data will be captured and send to attacker’s server (Pabich, K). In US, it has been found that
4
Identity Theft on Internet
owner of Universal PC services had filed a case against fake website which is similar to original
website.
Buffer Overflow is one of the most widely used exploitation method used by attackers to
breach the security levels. The reason for existence of such vulnerability is due to faults in
programming while designing the software or application. In Buffer overflow method, users are
allowed to input data to a buffer more than the capacity of a buffer to store. Attackers generally
aim at overwriting data of a buffer and sometimes they choose victim’s machine to execute the
data by overflowing the buffer. Buffer overflows can be implemented using Stacks because in
programming world stacks are mostly used for storing data. So, by writing more data to a buffer
more than its capacity may crash the system or application by overwriting its content. Buffer
overflows can also be implemented using Heap. Buffer overflow using heap is done by allocating
chunks of memory and writing data to memory without bound checking resulting in overwriting
of heap headers and dynamic object pointers. In one of the report, it has been found that Russian
hackers had attacked organizations which are in 500 fortunes and stolen 1.2 billion username and
passwords and more than 400 million email records (Nicole Perlroth). Alex Holden of Hold
Security told in his interview that Russian attackers not only targeting US companies but those
companies which are under 500 fortunes and small business organizations.
Smartphone Vulnerable to attacks
With the increasing number of Smartphone users, privacy to the data within the devices
becomes an issue of concern. Smartphone users are installing various applications without even
noticing their privacy policies. These applications can access their personal data without their
legal permission which makes their device to be vulnerable to several attacks. In various
application stores vulnerable apps getting uploaded by attackers and these malicious apps can
harm your device by installing unknown apps and erase your personal data (Cooney). There are
numerous tools available online which can prevent Smartphone from getting attacked or
unauthorized access to their confidential data such as PDroid, XPrivacy and Privacy Shield.
Others applications are also available that can provide security to your data and applications
from getting accessed like OpenPDroid, AppLock, cyanogenmod and Norton Security Lite.
These applications have different privacy policies and conditions which protects device against
access by unknown application or user.
Defending Against Attacks
Multilayered security approach is one of the most widely used methods for protecting
sensitive data over Internet. It has been noticed that even multiple password is not sufficient for
securing data. Two factor authentication techniques are used for maximizing the security levels
by prompting user to give a secret numeric code before a password. So as to secure data
passwords has to be layered with more security measures such as encryption, automation and
authentication. Authentication prevents unauthorized access to the data. The data that is
transferred over Internet should be encrypted using strong encryption methods and downloaded
data has to be encrypted before usage. This multilayered approach can be proved to be a better
solution for most of business organizations which perform online business operations having
large number of clients all over the globe. Firewalls should be well configures and MAC
addresses should be monitors in order to know user’s information using DHCP (Dynamic Host
Control Protocol). Security protocols such as SSH and SSL should be used while accessing data.
5
Identity Theft on Internet
For implementing this multilayered approach various methods can be used such as updating
system software and operating systems regularly and server passwords has to be changed after a
regular interval of time. Security to systems and laptops has to consider with all possible ways of
protecting systems from attacks or getting accessed by unauthorized member. The first and
foremost thing is to have difficult password for your laptop and network. The network in which
you are connected should have difficult password with the high encryption level with at least two
levels of authentication. The passwords should be changed regularly and should not be stored on
local machine. Network sharing is one of the threats, so as to protect only authorized members
are allowed for network sharing. Private network should be enabled within the network and by
disabling public access. A case of identity theft which was occurred last year in St. Louis, in
which a women of 21 had used some fake identity and stolen $17,00 from the payroll company
(Staff, K. c). She was penalized with $10,000 for this kind of identity fraud.
The data that is stored on the drive should be encrypted and the data that has to be
transferred from laptop to server or server to laptop has to be encrypted. A secret private key has
to send to receiver so that he can decrypt the messages. Virtual Private Network (VPN) is one of
the effective way in which a network can be secured. Firewalls should be installed on laptops as
well as on Servers so that unauthorized traffic will not be allowed to access the network.
Firewalls are configured in such a way that incoming and outgoing traffic must be filtered and
for IP filtering IP filtering programs should be used on server as well as on laptops. MAC
filtering systems should be used so as to filter MAC addresses. Security protocols have to be
ensured while sending E-Mails such as: SSL and TLS. Antivirus and malware detection systems
have to be installed so that unwanted applications will not be installed on systems (Hedrich). In
order to provide maximum security to an Enterprise various security measures has to be ensured
while communicating with the servers within the network. Secure communication provides
Integrity and privacy to the confidential data and information. There are several security
protocols through which secure communication will be possible between HR and payroll servers.
Secure Socket Layer (SSL) and Transport Layer Security (TLS) has to be used for securing
communication channel between browser and a server. Web services and applications have to be
secured by ensuring that they follow all security protocols. Internet Protocol Security (IPSec) has
to be used while communicating between application server and database server, and also
provides transport level security for communication between two systems.
To protect data sent between client and server, authentication and encryption has to be
ensured by implementing Remote Procedure Call (RPC) protocols. User’s data will be encrypted
before reaching to server so as to protect the data from intruders. Other method for defending
attacks is by validating and encrypting the packet headers. From security researcher’s point of
view, it has been recommended that intrusion detection systems has to be installed within the
internal and external network so that unauthorized incoming and outgoing packets will be
restricted which makes the network more secure. One major step is data backup and recovery, so
that data loss will not occur in any case. Backups have to be taken regularly by setting schedules.
Proper monitoring has to be done regularly by using network monitoring tools such as Cisco
Works and Microsoft Network Monitor. There are many privacy protection laws that prevent
users from unauthorized access. These Privacy Protection act protects various organizations from
secret information to be shared over Internet by any unknown person or an organization without
owner’s permission. Such as an example these laws privacy laws are enforced against child
pornography images that are shared over internet. These laws are enforced against credit card
6
Identity Theft on Internet
fraud cases in which money has been stolen from user’s account without their permission. In one
of the case study in which it is found that more than 55% of internet bank users are victims of
credit card theft cases. In one of the case study of credit card fraudulent case in which a credit
card company is sending the user a statement having outstanding balance of $25000, but that
user is even not having an account with. These privacy protection laws are acted by federal
government that provides protection against personal data and sensitive data of an organization.
Computer Security Act of 1987 (PL 100-235) and Computer Matching and Privacy Act which
deals with securing of personal information that are stored in federal computer systems. This law
is responsible for planning of security standards for protecting data against theft.
Conclusion
In the virtual world of internet, user’s identity can be stolen by thousands of ways by
attackers. An attacker can simply access login credentials of a user just by doing some social
engineering task, using Denial of service, session hijacking and sometimes phishing. Mostly
login credentials are stolen from social networking sites which have more than millions of user.
Attackers generally use user’s identity for accessing unauthorized data or just for their personal
usage. Some times by accessing account credentials an attacker can steals data from an
organization or can delete records which are important to an organization. Attackers some time
threaten users by demanding their needs otherwise they will post the confidential data to public
sites. One of the widely used methods for attacking victim is phishing and session hijacking. In
phishing, users are provided with fake web pages on which their user credentials are taken and
redirected to official site stealing their login credentials. Phishing is done by sending fake emails
to the users and asking them to perform tasks such as: asking for bank details and credit card
details and easy loan availabilities. Some other identity theft cases come into picture via ECommerce sites because large number of user data is stored on their site. An attacker targets
these websites for stealing data of users from web server and uses their credentials to buy items
online.
There are large number of cases of cybercrimes in which attackers had stolen millions of
login credentials and bank and credit card details. In now days, there are large number of
Smartphone users which have many applications installed on it which can steal their personal
data and can even send their sensitive data to the server on which attacker has hosted the code.
The login credentials of bank accounts can be stolen by attackers by sending malicious
applications to the users and when the vulnerable application get installed it starts transferring
sensitive and personal data to the attacker. In order to secure a network or mail services, use of
VPN (Virtual Private Network) is must. VPN provides security by providing an encrypted tunnel
while transmitting data from and out of organization. There should be firewall that has to be
installed in separate network with intrusion detection system. In many surveys conducted in US
and other countries it has been found that more than 60 percent of E-Commerce sites are
vulnerable to attacks and attackers already steals lot of money by accessing payment gateways
such as PayPal. The data that is transferred over Internet should be encrypted using strong
encryption methods and downloaded data has to be encrypted before usage. This multilayered
approach can be proved to be a better solution for most of business organizations which perform
online business operations having large number of clients all over the globe. Firewalls should be
well configures and MAC addresses should be monitors in order to know user’s information
7
Identity Theft on Internet
using DHCP (Dynamic Host Control Protocol). Security protocols such as SSH and SSL should
be used while accessing data. For implementing this multilayered approach various methods can
be used such as updating system software and operating systems regularly and server passwords
has to be changed after a regular interval of time.
For providing maximum security to these E-Commerce payment systems, various
techniques can be implemented such as use of SSL (Secure Socket Layer), TLS (Transport Layer
Security), Secure Hyper Text Transfer Protocol (S-HTTP) and use of encryption methods while
transaction processing such as: Data Encryption Standard (DES) and Advanced Encryption
Standard (AES). The confidential data has not to be put over cloud because it makes the data
more vulnerable. E-Mail and network filtering systems should be installed to keep eyes on
unauthorized access.
8
Identity Theft on Internet
References
[1].J. Craig Anderson, The Arizona Republic (2013). Identity theft growing, costly to victims.
Retrieved from http://www.usatoday.com/story/money/personalfinance/2013/04/14/identitytheft-growing/2082179/.
[2]. Sewell, A. (2014). Computers with L.A. County patients’ personal data are stolen. Retrieved
from http://articles.latimes.com/2014/mar/06/local/la-me-patient-data-stolen-20140307.
[3]. NICOLE PERLROTH and DAVID GELLES (2014). Russian Hackers Amass Over a Billion
Internet Passwords. Retrieved from http://www.nytimes.com/2014/08/06/technology/russiangang-said-to-amass-more-than-a-billion-stolen-internet-credentials.html?_r=1.
[4]. Staff, K. c. (2013). 21 year old stole business ,information from payroll company. Retrieved
from
http://www.kmov.com/news/crime/21-year-old-charged-with-identity-theft-stealingbusiness-bank-info-from-payroll-check-233667101.html.
[5].
. (2013).
cloning websites:
breach to
security.
Retrieved from
http://www.nbc15.com/home/headlines/Cyber-ID-theft-hits-local-business-240370191.html.
[6]. Bruce Upbin Forbes Staff (2014). The Internet’s Aswarm In Denial Of Service Attacks And
It’s Getting Worse. Retrieved from http://www.forbes.com/sites/bruceupbin/2014/06/18/wereaswarm-in-denial-of-service-attacks-and-its-getting-worse/.
[7]. Hedrich, W. 2014. Using a Multilayered, Defense-in-Depth Security Approach to Stymie
Growing Threats & Risks. Retrieved from http://blog.cdw.com/using-a-multilayered-defense-indepth-security-approach-to-stymie-growing-threats-risks/#.VDJQB_mSz0g.
[8]. Qijun Gu, PhD. Assistant Professor Department of Computer Science Texas State University
– San Marcos, & Peng Liu, PhD. Associate Professor School of Information Sciences and
Technology Pennsylvania State University (2007). Denial of Service Attacks. Retrieved from
http://s2.ist.psu.edu/paper/DDoS-Chap-Gu-June-07.pdf
[9]. Cooney, M. (2012). 10 common mobile security problems to attack. Retrieved from
http://www.pcworld.com/article/2010278/10-common-mobile-security-problems-to-attack.html.