Forgery in Cyberspace: The Spoof Could Be on You!

Spoofing is one of the newest forms of cyber-attack, a technological methodology adapted to mask the identity of spammers who have faced hostile reaction in response to bulk, unsolicited, electronic mail messages.[1] Sending Spam, however, is no longer the only reason for deception, as crackers have taken pleasure in the challenge of manipulating computer systems and, additionally, find recreational enjoyment in doing so. In this legal Note, the author’s intent is to show that criminal, rather than civil liability is the best way to effectively deter and punish the spoofer. The injury that results when a computer system’s technological safety measures fail to adequately safeguard the system affects not only the owner of the hijacked e-mail address, but also the Internet Service Provider, and the Network as a whole. Current Anti-Spam Legislation is arguably ineffective at targeting these particular types of malicious attacks, and a different legal approach is suggested

Experimental Case Studies for Investigating E-Banking Phishing Techniques and Attack Strategies

Phishing is a form of electronic identity theft in which a combination of social engineering and web site spoofing techniques are used to trick a user into revealing confidential information with economic value. The problem of social engineering attack is that there is no single solution to eliminate it completely, since it deals largely with the human factor. This is why implementing empirical experiments is very crucial in order to study and to analyze all malicious and deceiving phishing website attack techniques and strategies. In this paper, three different kinds of phishing experiment case studies have been conducted to shed some light into social engineering attacks, such as phone phishing and phishing website attacks for designing effective countermeasures and analyzing the efficiency of performing security awareness about phishing threats. Results and reactions to our experiments show the importance of conducting phishing training awareness for all users and doubling our efforts in developing phishing prevention techniques. Results also suggest that traditional standard security phishing factor indicators are not always effective for detecting phishing websites, and alternative intelligent phishing detection approaches are needed

Technology Corner: Analysing E-Mail Headers for Forensic Investigation

Electronic Mail (E-Mail), which is one of the most widely used applications of Internet, has become a global communication infrastructure service. However, security loopholes in it enable cybercriminals to misuse it by forging its headers or by sending it anonymously for illegitimate purposes, leading to e-mail forgeries. E-mail messages include transit handling envelope and trace information in the form of structured fields which are not stripped after messages are delivered, leaving a detailed record of e-mail transactions. A detailed header analysis can be used to map the networks traversed by messages, including information on the messaging software and patching policies of clients and gateways, etc. Cyber forensic e-mail analysis is employed to collect credible evidence to bring criminals to justice. This paper projects the need for e-mail forensic investigation and lists various methods and tools used for its realization. A detailed header analysis of a multiple tactic spoofed e-mail message is carried out in this paper. It also discusses various possibilities for detection of spoofed headers and identification of its originator. Further, difficulties that may be faced by investigators during forensic investigation of an e-mail message have been discussed along with their possible solutions

DDoS-Capable IoT Malwares: comparative analysis and Mirai Investigation

The Internet of Things (IoT) revolution has not only carried the astonishing promise to interconnect a whole generation of traditionally “dumb” devices, but also brought to the Internet the menace of billions of badly protected and easily hackable objects. Not surprisingly, this sudden flooding of fresh and insecure devices fueled older threats, such as Distributed Denial of Service (DDoS) attacks. In this paper, we first propose an updated and comprehensive taxonomy of DDoS attacks, together with a number of examples on how this classification maps to real-world attacks. Then, we outline the current situation of DDoS-enabled malwares in IoT networks, highlighting how recent data support our concerns about the growing in popularity of these malwares. Finally, we give a detailed analysis of the general framework and the operating principles of Mirai, the most disruptive DDoS-capable IoT malware seen so far

Considerations Regarding the Security and Protection of E-Banking Services Consumers’ Interests

A significant number of breaches in the security of electronic banking (e-Banking) system is reported each year, drawing attention to the need to protect and inform customers about the risk of exposure to malicious actions initiated by cyber-criminals. Financial institutions and consumers recognize the fact that attacks and financial frauds are becoming more complex and are perpetrated by a different class of criminal. This class is increasingly sophisticated and uses technology as part of their strategy. Furthermore, the specialists forecast that the current global recession is likely to increase the frequency of internal fraud and security breaches. The present research tries: (1) to analyze the potential dangers threatening the security of e- Banking services through a comprehensive investigation of the relevant literature; (2) to identify the tools and methods that can ensure the consumers’ protection in E-Banking, (3) to present the results of a pilot study regarding the Romanian consumer perception on the protection and security related to E-Banking servicesE-Banking services, security, consumer protection, cyber-attack