How Cybercrime Prevention Tools are Used to Commit Cybercrime

Instructor: Clifton Krahenbill

Cliff has taught online for ten years and has a master's degree in technology from Capella University. Cliff has a second masters in cybersecurity from UMUC.

In this lesson, you will gain an understanding of why the very tools used to 'fix' a cybercrime can also be used to commit a cybercrime. As you will see in this lesson, even the most innocuous networking or cybersecurity tools can be used for cybercrime.

Tools and Methods Used in Cybercrime

Cybersecurity professionals and cybercriminals all seem to use the same bag of tools. But where did the tools come from? A lot of tools began as command line tools or utilities that come preinstalled with the operating system. There are few if any networking or cybersecurity tools that cannot be used for nefarious reasons.

Command line Tools

The most basic of all the command line tools would be PING. The PING program was written in 1983 by Mike Muuse, who at the time was working as an employee for the U.S. military. The author states that from his point of view, PING is not an acronym for Packet InterNet Grouper, but a reference to the sound a sonar makes as the 'ping' reflects and returns. The author wrote the program to help diagnose some odd network behavior he had encountered while troubleshooting a network.

The PING command sends a small packet of information containing an ICMP ECHO_REQUEST to the targeted computer, and if the computer receives the packet, it then sends an ECHO_REPLY packet in return.

Since its creation, PING has become an integral part of UNIX and many other operating systems to include Microsoft Windows and Linux and others. Over the years this simple innocuous bit of code has become synonymous with the Denial of Server (DoS) attack.

A simple Denial of Service attack is relatively harmless thanks to the advances in modern hardware design and better preventive measure but, when performed using a modern-day Distributed Denial-of-Service (DDoS) attack with a botnet of hundreds possibly thousands of highjacked computers, this attack can still be very effective.

In the early years of network computing, a simple DoS attack came to be known as the PING of Death.

To launch PING, we first open a command prompt for Windows or a terminal window in Linux. In the following example, we see a Windows command prompt has been open and at the greater than sign (>), we typed in the word PING followed by a forward slash (/) and a question mark (?). The ? mark shows us all the different variables we can use with the PING command.

Fig. 1 The PING Command
PING command and switches

In the past, older computers could not handle an ICMP packet larger than the default size. The larger packets being sent had to be broken down into smaller chunks. As these smaller chunks arrived, they would be reassembled. Because the malformed packets were so large, they would quickly overflow the allocated buffer space causing the machine to crash and making the machine vulnerable to an injection or malware attacks.

Vulnerability Assessment Utilities

Both the pentester (penetration tester) and the hacker need to assess their targets for vulnerabilities. Once the network has been identified, the next step is to find targets to assess with vulnerabilities that can be exploited. Assessing targets is done by scanning the network for devices with open ports and gathering information pertaining to their operating system and installed programs.

Vulnerability scanners such as NESSUS and OpenVAS are commonly used for this very purpose, but you would be hard pressed to find a pentester or hacker that does not rely on the free open source utility know as Network Mapper (Nmap). This utility comes in two flavors, the command line or its graphical user interface (GUI) version, Zenmap.

In this example, we have launched Nmap using a Kali Linux terminal. There are any number of switches that can be used to scan a target for vulnerabilities and information. We had added the -sV switch followed by the IP address of the target. Depending on the switch or switches used, we can obtain as little or as much information about the targeted machine as we want. Additional switches can be combined to obtain even more in-depth target data.

For the sake brevity, we show a single switch being used with Nmap to perform a standard service check of what is running on the target.

Fig. 3 Nmap Scan Results.
Nmap scan results

We can discern from the scan results this machine is a very rich target. The take away from all this is you are seeing the same results as the cybercrime prevention specialist and the cybercrime criminal. It's the same tool, and the same results, but used by human agents with different purposes.

To unlock this lesson you must be a Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use

Become a member and start learning now.
Become a Member  Back
What teachers are saying about
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 200 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create an account