Information security definitions and others

In order to recover or prevent virus attacks:

Avoid potentially unreliable websites/emails. System Restore. Re-install operating system. Use and maintain anti-virus software.

Botnet is used for what?

Botnets are primarily used to launch attacks against other computers - flood the internet with spam messages - commit fraud against advertisers, and - perform so-called distributed denial of service attacks on companies and governments.

There are four stages in a worm attack:

- The first stage is when the worm probes other machines looking for a vulnerability that can be exploited to copy itself to - The second stage is to penetrate the vulnerable machine by performing the operations for exploiting the vulnerability. • For example, the worm might detect an open network connection, through which it can get the remote machine to execute arbitrary instructions. - In the third stage, the worm will download itself to the remote machine, and store itself there. This is often called the 'persist' stage. - In the fourth stage, the worm will propagate itself by picking new machines to attempt to probe.

The majority of virus programs are designed to harm users, by

- corrupting their data or attacking the operating system itself, - providing an exploitable 'backdoor', giving attackers access to the computer.

Phishing: Counterfeit Email

. A seemingly trustworthy entity asks for sensitive information such as credit card numbers, login IDs, password, date of birth, via e-mail. • A criminal activity using social engineering techniques. • An attempt to acquire sensitive data, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. • Typically carried out using email or an instant message.

What does Call forwarding look like?

A cybercriminal gets the phone company to forward our client's cell number to their cell phone so they can impersonate our client when we, or any other financial institution our client conducts business with, calls them back for verification before transferring funds or opening accounts.

Information Assets

A risk management strategy calls on information security professionals to know their organization's _____., Valuable or sensitive data is 'Information asset' • Examples - Confidential information about employees - Information about commercial contracts - Production information of factories • Categorize information assets - Highly valuable financially - Sensitive but not financially valuable • Reputation • Political • Identification of assets should be a relatively straightforward • Valuation of assets is more of a challenge.

Worms

Another type of self-replicating malware is the worm; like a virus it is designed to make copies of itself; • Unlike a virus, a worm is a standalone application • Worms spread through network connections, accessing uninfected machines and then hijacking their resources to transmit yet more copies across the network. Worms were invented as a curiosity and have even been suggested as ways of testing networks or distributing software patches across a network; • Even the most 'benign' worm consumes resources and can affect the performance of a computer system.

The practice is similar to eavesdropping but is not limited to gaining access to data

Disclosure or snooping

What's the impact of Credential Replay?

Our client's account is compromised, and the cybercriminal can quickly re-use their credentials to access other accounts, and steal additional funds and confidential data before detection.

Security Concepts

Owners, usefulness, availability, assets, Risk, threat, vulnerability, exploit, countermeasures, attackers

Internet bot

Known as web robots, are automated internet applications controlled by software agents § These bots interact with network services intended for people, carrying out monotonous tasks and behaving in a humanlike manner (i.e., computer game bot) § Bots can gather information, reply to queries, provide entertainment, and serve commercial purposes. § Botnet - a network of "zombie" computers used to do automated tasks such as spamming or reversing spamming

Logic Bombs

Logic Bomb: Malware logic executes upon certain conditions. The program is often used for otherwise legitimate reasons. Examples: • Software which malfunctions if maintenance fee is not paid. • Employee triggers a database erase when he is fired.

How does Malware work?

Malicious software is created to damage/disable computer systems, steal data, or gain unauthorized access to networks or computing resources.

If Everythingabovecangowrong

Need recovery contingency plan/policy

What is the most common form of Social Engineering

Phishing

What is the technique used for phishing

Social engineering

Attackers

Those who execute attacks, or cause them to be executed, are called attackers

Trojan Horses

Trojan Horse: Masquerades as a benign program while quietly destroying data or damaging your system. example . Download a game: It may be fun but contains hidden code that gathers personal information without your knowledge. A Trojan disguises itself as an entirely legitimate program (such as a screensaver), but behind the scenes it is causing damage such as, - Allowing someone else to gain control of the computer, - Copying personal information, deleting information, monitoring keystrokes - Using email software to pass itself on to other computers. Unlike viruses and worms, Trojans are not self-replicating, they rely on their apparent usefulness to spread between computers. • SomeTrojansworkinisolation. • Some rely on networks, either to transmit stolen information - such as passwords, bank account details or credit card numbers - or to act as back doors to compromised computers. • Theyallowattackerstobypasstheoperatingsystem'ssecurityfeatures and gain access to data or even control the machine over a network.

What's the impact of phishing?

Victims of phishing may have malware installed on their computer systems or have their identity stolen.

What does Spoofing look like?

We receive an email from a cybercriminal who impersonates one of our clients and confirms a fraudulent wire transfer request.

What does Malware look like?

§ Hostile, intrusive, or damaging software or program code ("malicious" + "software") • Examples of malware include viruses, worms, Trojan horses, ransomware, and spyware.

What does Social engineering look like?

• A cybercriminal befriends one of our clients and builds trust over time, until they are able to solicit sensitive information from them. • That information can then be used to commit fraud.

Example of Masquerading or spoofing

- If a user tries to log into a computer across the Internet but instead reaches another computer that claims to be the desired one, the user has been spoofed. - Similarly, if a user tries to read a file, but an attacker has arranged for the user to be given a different file, another spoof has taken place.

What is disclosure?

- Snooping • Is unauthorized access to or interception of information • The practice is similar to eavesdropping but is not limited to gaining access to data • Can be unauthorized observance of data that belongs to someone else. • The unauthorized interception of information, is a form of disclosure. • It is passive, suggesting simply that some entity is listening to (or reading) communications or browsing through files or system information. • Wiretapping, or passive wiretapping, is a form of snooping in which a network is monitored.

trust

. One party (trustor) is willing to rely on the actions of another party (trustee) • The trustor (voluntarily or forcedly) abandons control over the actions performed by the trustee. • As a consequence, the trustor is uncertain about the outcome of the other's actions • The uncertainty involves the risk of failure or harm to the trustor if the trustee will not behave as expected. • Trust means an act of faith; confidence and reliance in something that's expected to behave or deliver as promised. • It is a belief in the competence and expertise of others, such that you feel you can reasonably rely on them to care yours needs • We trust a system less if it gives us insufficient information about its expertise. • We trust a system less when we don't have much control over our assets.

Spoofing examples

. Spammers can attack a mail system by changing the information stored in email 'envelopes' which enclose the messages themselves. • This is known as 'spoofing' and allows a spammer to disguise their actual address by writing new addresses for the sender (such as replacing their own address with that of TrustedBank) and the destination for receipts. • Simple spoofing is now being challenged by technologies that allow genuine senders to authenticate messages which can be checked by the recipient's mail server, Internet service providers and companies have to buy far more bandwidth and storage than they will ever need for legitimate purposes.

Rootkit

* Upon penetrating a computer, a hacker may install a collection of programs, called a rootkit. * May enable: - Easy access for the hacker (and others)into the enterprise - Keystroke logger * Eliminates evidence of break-in. * Modifies the operating system.

Importance of Cyber Security

- The internet allows an attacker to work from anywhere on the planet. - Risks caused by poor security knowledge and practice: IdentityTheft MonetaryTheft Legal Ramifications (for yourself and your organization) Sanctions or termination if policies are not followed. - According to the SANS Institute, the top vectors for vulnerabilities available to a cyber criminal are: *WebBrowser *Instant Messaging (IM) Clients #Instant messaging (IM) technology is a type of online chat that offers real-time text transmission over the Internet #WhatsUp, Viber, etc. *WebApplications *ExcessiveUserRights *Socialmedia.

Adware

**Advertising-supported software is any software package which automatically plays, displays, or downloads advertising material to a computer after the software is installed on it or while the application is being used. **Adware is software integrated into or bundled with a program, typically as a way to recover programming development costs through advertising income

What's is Botnet

*A botnet is a number of compromised computers used to create and send spam viruses or flood a network with messages as a denial of service attack. *The compromised computers are called zombies.

How does viruses happen?

*A virus attaches itself to a program, file, or disk. *When the program is executed, the virus activates and replicates itself. *The virus may be benign or malignant but executes its payload at some point (often upon contact). -Viruses can cause computer crashes and loss of data.

Example of Denial of Receipt

- A customer orders an expensive product, but the vendor demands payment before shipment. - The customer pays, and the vendor ships the product. - The customer then asks the vendor when he will receive the product. - If the customer has already received the product, the question constitutes a denial of receipt attack. - The vendor can defend against this attack only by proving that the customer did, despite his denials, receive the product.

Example of Repudiation of origin

- A customer sends a letter to a vendor agreeing to pay a large amount of money for a product. - The vendor ships the product and then demands payment. - The customer denies having ordered the product - The customer has repudiated the origin of the letter. - If the vendor cannot prove that the letter came from the customer, the attack succeeds.

Mechanisms/Countermeasures

- A security mechanism is a method, tool, or procedure for enforcing a security policy. - Supporting mechanisms assumed to be working correctly - What concrete actions we should take under an attack or withstand threats?

policy

- A security policy is a statement of what is, and what is not, allowed. - This defines 'security' for the site/system/computer/data/information, etc. - It is about imposing rules to reduce risks to assets at an acceptable level - A security policy is a specification of what security requirements/goals the countermeasures are intend to achieve - "Perfect security" is not necessary and costly, even not possible - Secure against what, from whom, and when? - Unambiguously partition system states - Correctly capture security requirements - Composition of policies • If policies conflict, discrepancies may create security vulnerabilities

Assets: Functionality, Information, Risks, Security ( One of the goals of security is about regulating access to assets)

- Access to information, or - Access to functionality. • Computer system provides two assets: functionality and information - Compute GPA (functionality) - GPA (information) • Functionality comes with certain risks - What are the risks of computing GPA? • Intentional incorrect computing of GPA • Information has also risks - Privacy • GPAleakage - Integrity of GPA • Modification of GPA) • Security is about identifying, managing, and minimizing risks.

attack

- Anattackisanytypeofoffensivemaneuverthattargetsinformationassets,computingassets, computer infrastructures, computer resources, etc. - Acyberattackcouldbeemployedbynations,states,individuals,groups,societyororganizations. - Acyberattackmayoriginatefromananonymoussource. - Anattackhasanimplicitconceptof"intent" - Routermis-configurationorservercrashcanalsocauselossofavailability,buttheyarenot attacks.

threat

- Athreatisapotentialviolationofsecuritymechanismsorundesirableeventthatmaybe malicious. - Athreatisanintentiontoinflictharm,damage,orotherhostile/unauthorizedactiononsomeone's assets - Apersonoranentityislikelytoposethreatstoassets.

Non-repudiation for accountability

- Authorized users cannot deny actions (received a message, sent a message)

Vulnerability

- AvulnerabilityisaweaknessinthesystemswhichcanbeexploitedbyaThreatActor,suchasan attacker, to perform hostile/unauthorized actions such as attacks. - Toexploitavulnerability,anattackermusthaveatleastoneapplicabletoolortechniquethatcan be used.

How bot net work?

- Botnets spread through viruses and worms • Once installed on the victim's computer, they use the internet to make contact with a controller computer • The infected computer (often called a zombie) will do nothing more except periodically check for instructions from the controller computer • Over time, more and more computers are recruited to the incipient botnet until it may contain tens of thousands of zombies, • These zombies don't raise suspicion as they appear to be doing nothing • The controller computer will issue a command for the botnet to wake up and begin doing something. • Often the people who created the botnet itself have either sold or rented the botnet to another group who want to use its capabilities.

Disruption/Usurpation

- Denial of service • A long-term inhibition of service, is a form of usurpation, although it is often used with other mechanisms to deceive. • The attacker prevents a server from providing a service.

Hoe botnet is created?

Botnets are created using malware that gives an attacker control over a group of computers and commonly use them to gather information from the computers (e.g., usernames and passwords), Botnets spread through viruses and worms

In order to recover or prevent worm attacks:

Computer with proper password policy Current security update Antivirus or security software Secured shares are protected from infections

Who is Cracker?

Computer-savvy programmer creates attack software

Securitypolicy - Goals/objectives

Confidentiality

Criminals

Create & sell bots -> generate spam Sell credit card numbers, etc...

Human vulnerabilities

Cyber security training including social engineering, passwords, best practices, etc. We are vulnerable because our information technology is fragile and susceptible to a wide range of threats including: § Natural disasters. § Structural failures. § Cyber attacks. § Human errors. § Human attitude. § Technology failures. § Complex interactions. § Financial constraints. § Lack of expertise. § Out of control technologies and environments.

What does Credential Replay look like?

Cybercriminals hope to access a few accounts by using a large cache of stolen login credentials to access a firm's online accounts.

What is phishing.

Cybercriminals pretend to be a trustworthy source in order to acquire sensitive personal information such as usernames, passwords, date of birth, passport details, and credit card details.

Phishing carried out what.

Email, instant messaging

Securitycountermeasures/mechanisms

Encrypt data • Use DES encryption

What's the impact of Malware?

Malware can delete files or directory information, or it may allow attackers to covertly gather personal data, including financial information, and usernames and passwords.

How does Malware happen?

Malware may be installed on a computer when a user clicks an unsafe link, opens an infected file, or visits a legitimate website that could contain adware/malware.

privacy

Privacy - Individual or organization cannot be identified with sensitive information. - 25, Bank street, Doha (Public) - Address of Khaled is: 25, Bank street, Doha (Privacy issue) - Anonymity is related to privacy. 16

SANS

SANS is one of the he most trusted sources for information security training, certification, and research.

What's the impact of Spoofing?

Similar to the other cyberattacks we've discussed, our client's money is stolen, and they become the victim of fraud and/or identity theft.

Identifying Security Compromises

Symptoms: Antivirus software detects a problem. Disk space disappears unexpectedly. Pop-ups suddenly appear, sometimes selling security software. Files or transactions appear that should not be there. The computer slows down to a crawl. Unusual messages, sounds, or displays on your monitor. Stolen laptop: 1 stolen every 53 seconds; 97% never recovered. The mouse pointer moves by itself. The computer spontaneously shuts down or reboots. Often unrecognized or ignored problems.

What is Call forwarding?

The cybercriminal has arranged, either through the phone company or a compromised phone, for all calls to our client's home and/or cell phone number to be forwarded to their phone.

call forwarding

The cybercriminal has arranged, either through the phone company or a compromised phone, for all calls to our client's home and/or cell phone number to be forwarded to their phone.

Pharming - Counterfeit Web Pages

The fraudulent practice of directing users to a bogus website in order to obtain personal information

risk analysis

The process by which an organization assesses the value of each asset being protected, estimates the probability that each asset might be compromised, and compares the probable costs of each being compromised with the costs of protecting it.

Other Security Objectives to Identify Threats/Attacks

There are more "security" objectives - Traceability and Auditing - Monitoring and Surveillance - Security Assurance - that the security goals are met • "information assurance"

Defense and control : Example Security Technologies

These technologies may be provided by the infrastructure/platform an application builds on, - Networking infrastructure • which may use SSL - Operating system or database system • providing e.g. access control - Programming platform • for instance Java or .NET sandboxing

Threat Model

A threat model is a diagram and description that tells a story of how an attacker could exploit the vulnerability. This is a narrative approach to the attack that should help guide the mitigation techniques that need to be put in place to protect the system at that point. It can define the security of an application and reduces the number of vulnerabilities. It also has the 2 steps of identifying and prioritizing the vulnerabilities. Assumption about the adversary • Capability of the adversary, the knowledge of the adversary... - Assumption about the legitimate users • Choose strong password, will not send their password in email,.... - Assumptions about the certificate authorities • They are trustworthy, perfectly secure...

Spoofing

Masking the source of a communication (phone or email) to look like a reputable source (e.g. government, call within a company, etc.).

What is Spoofing?

Masking the source of a communication (phone or email) to look like a reputable source (e.g. government, call within a company, etc.).

Who's Script Kiddies:?

Unsophisticated computer users who know how to execute programs

Spyware

§ A broad category of software designed to intercept or take partial control of a computer's operation without the informed consent of that machine's owner or legitimate user § In simpler terms, spyware is a type of program that watches what users do with their computer and then sends that information over the internet § Spyware can collect many different types of information about a user: • Records the types of websites a user visits • Records what is typed by the user to intercept passwords or credit card numbers • Used to launch "pop up" advertisements § Many legitimate companies incorporate forms of spyware into their software for purposes of advertisement(Adware)

What is Viruses?

• A virus is a piece of software that has been written to insert copies of itself into applications and data and onto crucial parts of a computer's hard disk. • Even where no harm is intended, viruses consume memory, disk space and processing power.

What does phishing look like?

• An email, phone call or text message from a seemingly legitimate email address or number instructs you to click on a link to take action (e.g., "validate your account," "confirm your identity," "access your tax refund", "reset your paswwrod," etc.) • The link brings you to a website requiring you to enter your personal/sensetive/secret information.

Authenticity Attack - Fabrication

• Authentication - Information really came from the right person we think it came from - Verification of the identity of the person. • Authenticityattack - Unauthorized assumption of other's identity - Generate and distribute objects under this identity.

Implementing Security Objectives? AAAA

• Authentication - Who are you? - Prove what you claim you are. • Authorization/Access control - Control who is allowed to do what to the information assets - Are you allowed to do this and that? Under which condition(s)? • Auditing - Check if anything went wrong • Action - If so, take action to rectify the 'wrong.'

Access Control to Assets

• Authentication (Prove what you claim you are.) - Submit credentials to access an asset (function, information) • e.g., password, fingerprint, identification card • Authorization (Prove you have permission to do this) - Must be authorized to gain access to specific data, other computing resources. • e.g., file systems, firewalls, application authorization model • Various levels of granularity

Sources of Software Vulnerabilities

• Bugs in the application or its infrastructure - Doesn't do what it should do • access flag can be modified by user input • Inappropriate features in the infrastructure - Does something that it shouldn't do • functionality winning over security • a search function that can display other users info • Inappropriate use of features provided by the infrastructure • Main causes: - Complexity of these features • functionality winning over security, again - Ignorance of developers

Spyware Symptoms

• Changes to your browser homepage/start page. • Ending up on a strange site when conducting a search. • System-based firewall is turned off automatically. • Lots of network activity while not particularly active. • Excessive pop-up windows. • New icons, programs, favorites which you did not add. • Frequent firewall alerts about unknown programs when trying to access the Internet. • Poor system performance.

Security Objectives: CIA Triad

• Confidentiality (or secrecy) - Unauthorized users cannot read information - Ensuring information is disclosed to, and reviewed exclusively by intended recipients / authorized individuals - Authenticity of the user. • Integrity - Ensuring the accuracy and completeness of information and processing methods - Unauthorized users cannot alter/tamper information • Availability - Authorized users can always access to their computing assets (information and functions) - Ensuring that information and associated assets are accessible, whenever necessary, by authorized individuals

Defense and control: Non-IT Related Countermeasures

• Countermeasures can be non-IT related - Physical security of building and computers - Screening of personnel - Legal framework to deter criminals - Training employee.

How does Call forwarding happen?

• Cybercriminals scam the phone company into forwarding phone calls. • They may also use scanners, eavesdrop, clone our client's phone identity, and sell bogus ringtones or other gadgets to access our client's phone.

Attack on Availability

• Destroy hardware (cutting fiber) or software • Modify software in a subtle way • Corrupt packets in transit • Blatant denial of service (DoS): - Crashing the server - Overwhelm the server (use up its resource)

Defense and control : Example Security Technologies (mechanisms/countermeasures)

• Encryption - To ensure confidentiality and integrity - To ensure secure communication and storage. • Access control - To withstand threats related to misbehaving users - Role-based access control (RBAC) - Attribute-based access control (ABAC), etc. • Language-based security - To defeat threats related to misbehaving programs • Memory-safety • Sandboxing - Java, .NET/C#

Computer Defense Today

• Encryption • Multiple controls: - System Perimeter: Defines „inside/outside" - Preemption: Attacker scared away - Deterrence: Attacker could not overcome defenses - Faux Environment (e.g. honeypot, sandbox): attack deflected towards a worthless target (but the attacker doesn't know about it!) - Layered Defense * Multilevel defense * Defense in depth (ideal!): a concept in which multiple layers of security controls are placed through redundancy • Software controls • Hardware controls • Policies and procedures • Physical controls.

How does Credential Replay happen?

• If the cybercriminal is not stealing these credentials themselves, they can easily purchase large numbers of stolen login credentials from the dark web. • These large volumes of credentials typically come from data breaches (e.g. Yahoo, Verizon, LinkedIn, etc.).

What is Credential Replay

• Most people re-use passwords and usernames (aka 'credentials'). • Cybercriminals obtain these login credentials, test them in large numbers against financial institutions' websites to find matches, and then request fraudulent fund transfers. • Alternatively, they may resell this information to other cybercriminals to make a profit. • Those cybercriminals may then use this information to commit fraud.

How does Social engineering happen?

• Often cybercriminals contact victims by phone, email, or through social media.

Methods of Defense

• Prevention - Measures to stop breaches of security goals - Prevent attackers from violating security policy • Detection - measures to detect breaches of security goals - Detect attackers' violation of security policy • Deter attack - Make attack harder (can't make it impossibleL) • Deflect attack - Make another target more attractive than this target • Reaction - measures to recover assets, repair damage, and persecute (and deter) offenders - Continue to function correctly even if attack succeeds • Good prevention does not make detection & reaction redundant - Breaking into any house with windows is made impossible - Despite this prevention, detection (CCTV) & reaction (Alarm) still deter burglars.

Public vs. privacy

• Public - Already a matter of public record or knowledge - Freely distributed and accessible by anyone. • Privacy - Personal information (often called PII - personally identifiable information) - Information that can NOT be used on its own or with other information to identif contact, or locate an individual, or to identify an individual in context. - Privacy is strongly related to confidentiality, but these two are not same. - Identity information, financial records, healthcare records, etc. - Internal plans and other operating information that should not be made public

security evaluation

• Security Capability Maturity Model • The Orange Book • Common Criteria Standard • NICE • The Rainbow Series

What is NOT a Security Issue

• Software may crash • Networks may go down • Hardware components may fail • Human operator may make mistake • Any failures not attributed to some deliberate human actions • Accidental failures would count as reliability issue • Operating mistakes might be a usability issue • Security is concerned with intentional failures • It is a people problem, cannot be solved by technology alone.

Spam

• Spamming is the abuse of electronic messaging systems to send unsolicited, undesired bulk messages • Spam media includes: • e-mail spam (most widely recognized form) • Instant messaging spam • Usenet newsgroup spam • Web search engine spam • Spam in blogs • Mobile phone messaging spam

. Stakeholders • Assets • Stakeholders own assets • Threats to assets • Attack to assets • Mechanisms/Countermeasures • Vulnerability

• Stakeholders - owners, individual, companies,... • Assets - data, functionality, service, software,... • Stakeholders own assets - medical data is owned by patient • Threats to assets - intention to erase, steal, modify,... • Attack to assets - already erased, stolen, modified,... • Attackers who pose threats or launched attacks to assets - employees, clients, script kiddies, criminals, anyone,... • Mechanisms/Countermeasures to protect assets - encryption, password,... • Vulnerability is the weakness in the mechanisms/countermeasures - weak password,...

Integrity Attack - Tampering With Messages

• Stop the flow of the message • Delay and optionally modify the message • Release the message again

What's the impact of Social engineering?

• The criminal commits fraud, steals our client's money, and then they disappear.

How does phishing happen?

• The cybercriminal masquerades as a legitimate source (e.g., financial institution employee, client, banker) • You believe the request is from a trusted source and you unwittingly oblige when they ask you for your personal information.

How does Spoofing happen?

• There are easy tools available to cybercriminals that help to mask the source/sender. • For example, the cybercriminal can create an email address nearly identical to our client's email address (i.e., off by a character), so that, at-a-glance, the email address appears legitimate. • The cybercriminal is relying on our lack of attention to detail in order to commit the fraud.

Purpose of Botnets

• These botnet attacks might be sending spam emails, or flooding a website with so many requests for content that the server cannot cope, which is known as a denial-of- service attack. • A single piece of malware can cause enormous damage, but when thousands, or even millions of computers run the same program, their effects can be devastating. - The effects of a coordinated attack can mean websites struggle to remain online while the botnet targets their computers. • There are also a number of harmless botnets used for such purposes as the Internet Relay Chat (IRC) text messaging program, but the vast majority are created by malware.

What is Social engineering?

• This involves the psychological manipulation of people in order to establish a level of trust that leads to the individual taking action - Divulging sensitive and private information, initiating funds disbursement request, etc. • The most common form is "phishing."

Eavesdropping - Message Interception (Attack on Confidentiality)

• Unauthorized access to information • Illicit copying of files and programs • Packet sniffers and wire tappers - A packet analyzer (also known as a packet sniffer) is an act that can intercept and log traffic that passes over a network. - Packet sniffer is the process of intercepting and logging traffic. - As data streams flow across the network, the sniffer captures each packet - The sniffer decodes the packet's raw data, finding the values of various fields in the packet - The sniffer also analyzes data content of the packet to understand the values of information. - This can be with specific objective or without any objective.

What's the impact of Call Forwarding?

• Your phone is compromised, your conversations may be accessed, and your identity may be stolen. • In the end, our client's assets may be stolen because the fraudster requested and authorized a transaction.