Professional Documents
Culture Documents
CHAPTER – 1
1.1 Introduction
Just like real-world criminals and con artists, online thieves can use impersonation as
a means to steal important information or get access to bank accounts. This practice is
called spoofing — an umbrella term that includes IP address spoofing (sending
messages to a computer using an IP address that makes it look as if the message is
coming from a trusted source), email spoofing (forging an e-mail header to make it
look like it came from somewhere or someone other than the actual source) and DNS
spoofing (modifying the DNS server in order to reroute a specific domain name to a
different IP address).
Books –
Page |2
2) Dr. Farooq Ahmad, Cyber Law in India (Law on Internet), New Era Law
Publications
This book critically examines the provisions of IT Act. It also analyzes the
scope of electronic commerce in the light of IT Act and Indian Contract Act,
and all the problems and developing crimes that has been developing in the
cyber space and addresses it in today’s time.
Given a study of this kind, this research project has been written using the doctrinal
or principled method of research, which involves the collection of data from
secondary sources, like articles found in journals and websites.
CHAPTER -2
Spoofing is covered in India under section 416 1, 4172 and 4633 of Indian Penal Code,
1860.
It takes place when the attacker pretends to be someone else (or another computer,
device, etc.) on a network in order to trick other computers, devices or people into
performing legitimate actions or giving up sensitive data. Some common types of
spoofing attacks include ARP spoofing, DNS spoofing and IP address spoofing. These
types of spoofing attacks are typically used to attack networks, spread malware and to
access confidential information and data.
1 Cheating by personation.
2 Punishment for Cheating.
3 Forgery.
Page |4
How does spoofing work?4 It’s pretty simple. Consider the practice of CEO fraud:
Using email software, spoofers change the sender’s name, address, and source IP (the
computer’s social security number) to make it appear as if the email is from a
company’s CEO. With either an alluring or generic header, the email travels to the
receiver’s inbox.
In this example, the hackers hope to trick the recipient to transfer funds or hand over
sensitive information, believing they are following the CEO’s instructions. The
average employee receives 121 emails each day, so spoofed email stands a decent
chance of bypassing filters and going unnoticed—especially considering that 54.8
and 66.4 percent of U.S. companies have poor SPF (Sender Policy Framework) and
DKIM (Domain Keys Identified Mail) practices, respectively.
While CEO is the most frequently spoofed job position, according to a recent study,
managing director comes in a not-so-close second. CFO and finance director also are
among the most targeted positions.
As you can see, spoofing can be dangerous if left unchecked. Not only can it harm the
economy by targeting individual SMBs, but it can influence national markets. In
2016, a London-based futures trader pleaded guilty to U.S. fraud and spoofing charges
in connection with a multiple-year scheme that contributed to the 2010 “flash crash,”
when the Dow Jones Industrial Average plunged 600 points in five minutes.
Of course, not all spoofing activity is rooted in the workplace. Another study revealed
that more than 50 percent of open-access journals accepted a spoofed medical paper
that was filled with errors.
Email spoofing is the easiest to recognize as it targets users directly. Any strange
email that requests sensitive information could be a spoof, especially if it asks for
usernames and passwords. Remember, legitimate sites will never ask for these. You
can also check the email address to make sure it’s from a legitimate account.
However, you may never know if you’re the victim of IP or DNS spoofing, although
keeping keen eye out for small changes or unusual behaviour could clue you in. When
in doubt, it’s better to play it safe to keep from making any disastrous mistakes.
Since spoofing is a type of impersonation, it’s not really something you can remove.
Instead, you can protect yourself by using a little bit of common sense and discretion
when browsing or answering emails, even if you think they’re trustworthy.
Email spoofing is one of the best known spoofs. Since core SMTP fails to offer
authentication, it is simple to forge and impersonate emails. Spoofed emails may
request personal information and may appear to be from a known sender. Such emails
request the recipient to reply with an account number for verification. The email
spoofer then uses this account number for identity theft purposes, such as accessing
the victim's bank account, changing contact details and so on.
The attacker (or spoofer) knows that if the recipient receives a spoofed email that
appears to be from a known source, it is likely to be opened and acted upon. So a
spoofed email may also contain additional threats like Trojans or other viruses. These
programs can cause significant computer damage by triggering unexpected activities,
remote access, deletion of files and more.
Page |6
CHAPTER – 3
1) IP Spoofing
IP (Internet Protocol) forms the third layer of the ISO model. It is the network
protocol which is used for the transmission of messages over the internet.
Every email message sent has details in the message header of the IP address of
the sender (source address). Hackers and scammers alter the header details to
mask their true identity by editing the source address. The emails then appear to
have been transmitted by a trusted source.
Non-blind Spoofing – This type of attack takes place when the attacker is on
the same subnet as the victim. The sequence and acknowledgement numbers
can be sniffed, eliminating the potential difficulty of calculating them
accurately. The biggest threat of spoofing in this instance would be session
hijacking. This is accomplished by corrupting the data stream of an
established connection, then re-establishing it based on correct sequence and
acknowledgement numbers with the attack machine. Using this technique, an
attacker could effectively bypass any authentication measures taken place to
build the connection.
blindly, enabling full access for the attacker who was impersonating a trusted
host.
The malicious host controls the flow of communication and can eliminate or
alter the information sent by one of the original participants without the
knowledge of either the original sender or the recipient. In this way, attacker
can a fool a victim into disclosing confidential information by “spoofing” th
identity of the original sender, who is presumably trusted by the recipient.
Denial of Service Attack – In this practice, the message packet between the
sender and the recipient is intercepted and the source address is spoofed. The
connection is literally hijacked. The recipient is then flooded with more
packets than their bandwidth or resources can handle. This overloads and
effectively shuts down the victim's system.
Being a significant part of the network, India too, can be a victim or a source
of the DoS attack5. Though the said attack is not made a criminal offence
under the Act, it is included in Chapter IX and thus Section 43(f) defines it:
(f) denies or causes the denial of access to any person authorized to access
any computer, computer system or computer network by any means.
5 Talat Fatima, Cyber Crimes, 2nd edition, Eastern Book Company, Pg: 195.
Page |8
2) ARP Spoofing
This type of spoofing attack occurs when a malicious attacker links the
hacker’s MAC address with the IP address of a company’s network. This
allows the attacker to intercept data intended for the company computer. ARP
spoofing attacks can lead to data theft and deletion, compromised accounts and
other malicious consequences. ARP can also be used for DoS, hijacking and
other types of attacks.
LANs (Local Area Networks) that use Address Resolution Protocol (ARPs) are
susceptible to ARP spoofing attacks. The ARP is used for the resolution of IP
addresses on a network to MAC (Media Access Control) addresses. In this
instance, the malicious party transmits spoofed messages across the local
network. A response maps the victim MAC address with his IP address. This
information is used to intercept messages for the intended host. The attack
results in messages intended for the host being sent to the malicious third party.
Passive Sniffing: This happens when traffic is sent to the user’s default
gateway through their IP address.
Page |9
There also are useful, non-malicious usages for ARP spoofing, such as hotels
utilizing the technique to allow guests to access the Internet from their laptops.
3) DNS Spoofing Attack - The Domain Name System (DNS) is responsible for
associating domain names to the correct IP addresses. When a user types in a
domain name, the DNS system corresponds that name to an IP address,
allowing the visitor to connect to the correct server. For a DNS spoofing attack
to be successful, a malicious attacker reroutes the DNS translation so that it
points to a different server which is typically infected with malware and can be
used to help spread viruses and worms. The DNS server spoofing attack is also
sometimes referred to as DNS cache poisoning, due to the lasting effect when a
server caches the malicious DNS responses and serving them up each time the
same request is sent to that server.
Thanks to the DNS server, you do not have to remember Yahoo!’s or AOL’s IP
addresses, much less any other domain’s. The DNS (domain name system)
server is a database made up of public IP addresses and corresponding
hostnames. DNS spoofing occurs when hackers mix these up. Instead of going
to Google’s search page when you enter appropriate URL, hackers direct you to
a spoofed domain.
Google is in the process of removing spoofed domains from its search engine,
but keeping an eye out for inconsistencies and errors on sites helps to identify
DNS spoofing.
A hacker can design a web page very similar to that of any legitimate website
and then use that facade to collect the information that users usually input into
that page. This can be relatively harmless data such as an email address or the
username and password for that particular site. However, content spoofing can
P a g e | 10
dupe people into revealing more sensitive information like bank account
numbers, Social Security numbers, birth dates, credit card numbers, mailing
addresses and so on.
Content spoofing by itself is not inherently harmful, but the identity theft that
may follow can be devastating and difficult to reverse. The best way to avoid
these false websites is to question even seemingly legitimate emails from
trusted sites.
There are very few legitimate reasons for email spoofing to exist. Whistle
blowing, or reporting an immoral or illegal activity, may prompt an individual
to engage in email spoofing and remain anonymous. However, the primary
reasons for email spoofing involve advertising, but are just considered
nuisances. Unfortunately, misleading or corrupt emails are more common than
legitimately spoofed emails.
Spammers use open relay as a method for sending email spoofs. An incorrectly
configured SMTP server, known as open relay, is vulnerable to the use of
P a g e | 11
spammers since it is easy to manipulate to and from areas of the emails. This
lends itself well to those who send spam and phishing emails.
Some U.S. states are beginning to enact laws against email spoofing where the
use of third-party emails is a crime. Another legislative safeguard against email
spoofing is the CAN SPAM Act, which prohibits unsolicited emails containing
false headers or disguised impertinent subject lines. Yet the irony of this law is
evident when one considers that the act of spoofing deliberately disguises the
real sender’s identity. This can cause problems when trying to identify and stop
those responsible for the email spoofing. Even so, the Federal Trade
Commission encourages reporting instances of email spoofing.
There are various methods with which to carry out a spoof attempt, one of the
most popular of which is through VOIP (voice over internet protocol), which
allows users to make calls over the internet while configuring their outbound
display ID to their own specification. A very simple motivation for caller ID
spoofing could be to mislead the call recipient into thinking a call is coming
from a specific location, in which case that location’s area code might be
displayed in order to manipulate the recipient into believing that.
P a g e | 12
CHAPTER – 4
Packet filtering should be implemented so that all packets are filtered and
scanned for inconsistencies. As a result, packets with inconsistencies are
blocked, which can effectively prevent spoofing attacks from being
successful.
P a g e | 13
1) Packet Filtering –
4) Cryptographic Methods –
CONCLUSION
Just like real-world criminals and con artists, online thieves can use impersonation as
a means to steal important information or get access to bank accounts. This practice is
called spoofing — an umbrella term that includes IP address spoofing (sending
messages to a computer using an IP address that makes it look as if the message is
coming from a trusted source), email spoofing (forging an e-mail header to make it look
P a g e | 15
like it came from somewhere or someone other than the actual source) and DNS
spoofing (modifying the DNS server in order to reroute a specific domain name to a
different IP address).
With these prevention methods and some cyber know-how as mentioned in the project,
you can mitigate spoofing attacks and keep your business, employees, and customers
safe. Although there is no single-hand solution, staying up to date on the latest
spamming tactics allows you to be proactive and bounce back should spoofers strike.
BIBLIOGRAPHY
Secondary Source:
Books:
2. Dr. Farooq Ahmad, Cyber Law in India (Law on Internet), New Era Law
Publications
P a g e | 16
Websites: