Siksha Sarovar

Siksha Sarovar (sikshasarovar.com) is a free educational web application that helps students in India learn programming and prepare for academic and competitive exams. The platform offers structured coding courses (C, C++, Python, Java, HTML, CSS, PHP, Power BI, AI, Machine Learning, Data Science), complete university curriculum notes for BCA/MCA students with previous year question papers, Class 10 and Class 12 CBSE/HBSE school notes, and dedicated preparation material for SSC, UPSC, Banking, Railway and other government exams. Browsing the site is completely free and requires no account. Users may optionally sign in with Google solely to save their learning progress, quiz scores and personal preferences across devices.

Privacy Policy | Terms of Service | Contact Siksha Sarovar | About Siksha Sarovar

v4.0.9 · PWA
Siksha Sarovar logo
Siksha Sarovar
Your Learning Universe

Siksha Sarovar is a free e-learning platform for coding courses, BCA university notes and competitive exam preparation. Optional Google sign-in saves your learning progress across devices.

Initializing knowledge base…
Compiling modules 0%

Cyber Threats, Cyberwarfare, Cyberstalking & Botnets

Lesson 4 of 15 in the free Cyber Security notes on Siksha Sarovar, written by Rohit Jangra.

Cyber Threats, Cyberwarfare, Cyberstalking & Botnets

This lesson explores the four major threat categories in Unit I's advanced coverage: the broader taxonomy of cyber threats, the emerging domain of cyberwarfare between nation-states, the personal crime of cyberstalking, and the technical infrastructure of botnets used by criminals.

---

Taxonomy of Cyber Threats

A cyber threat is any potential malicious action targeting digital systems, data, or the people who use them. The NIST Cybersecurity Framework categorizes threats as:

Threat CategoryDescriptionExample AttackImpact LevelDifficulty to Defend
MalwareMalicious software designed to harmRansomware, spyware, wormsVery HighMedium
Social EngineeringManipulating humans to reveal informationPhishing, vishing, pretextingHighHigh
Network AttacksExploiting network protocolsMan-in-the-middle, ARP spoofingHighMedium
Denial of ServiceOverwhelming systems to cause downtimeDDoS via botnetHighMedium
Advanced Persistent ThreatLong-term, stealthy intrusion campaignsNation-state espionageCriticalVery High
Insider ThreatsThreats from authorized usersData theft by employeesVery HighVery High
Supply Chain AttacksCompromising trusted third-party softwareSolarWinds, Log4ShellCriticalHigh
Zero-Day ExploitsAttacking previously unknown vulnerabilitiesStuxnet exploited 4 zero-daysCriticalExtremely High

---

Cyberwarfare

Cyberwarfare refers to state-sponsored or state-directed cyber operations against other nations. The objective may be espionage, sabotage, disruption of critical infrastructure, disinformation, or financial damage. Unlike conventional war, cyberwarfare is:

  • Asymmetric: A small team can cause massive damage to a superpower's infrastructure
  • Deniable: Attacks can be attributed to criminal groups, making retaliation politically difficult
  • Pervasive: Digital attacks can happen simultaneously across thousands of targets
  • Persistent: APT groups maintain access for months or years before executing their primary objective

Key Historical Cyberwarfare Events:

EventYearAttackerTargetMethodImpact
Stuxnet2010US/Israel (attributed)Iran nuclear centrifugesPLC-targeting wormDestroyed ~1000 centrifuges
Sony Pictures Hack2014Lazarus Group (N. Korea)Sony EntertainmentDestructive malware$35M damage, data leak
Ukraine Power Grid2015–16Sandworm (Russia)Ukrainian power infrastructureSCADA attackPower outages affecting 230,000+
NotPetya2017Sandworm (Russia)Ukraine (spread globally)Destructive wiper$10 billion global damage
SolarWinds2020APT29 (Russia)18,000+ US govt + private orgsSupply chain compromiseOngoing espionage
Exam Tip: Stuxnet is considered the world's first cyberweapon. It specifically targeted Siemens PLCs controlling Iran's uranium enrichment centrifuges. Stuxnet exploited 4 Windows zero-day vulnerabilities simultaneously — unprecedented at the time.

---

Cyberstalking

Cyberstalking is the use of digital technology — internet, email, social media, GPS tracking, spyware — to harass, intimidate, surveil, or threaten an individual. Unlike physical stalking, cyberstalking can occur from any location globally and operates 24/7.

How Cyberstalking Works:

  1. Information gathering — Aggregating public information from social media, data brokers, public records
  2. Monitoring — Installing spyware/stalkerware on victim's device; tracking location via GPS apps
  3. Contact — Sending threatening emails, messages, fake accounts, impersonation
  4. Escalation — Publishing private information (doxxing), filing false complaints, contacting victim's employer

Legal Framework:

JurisdictionLawSectionOffensePenalty
IndiaIT Act 2000Section 66EVoyeurism, privacy violation3 years + fine
IndiaIPCSection 354DStalking1–3 years imprisonment
IndiaIT Act 2008Section 67Publishing private images5 years + ₹10L fine
USAVAWAFederal lawInterstate cyberstalkingUp to 5 years federal prison
EUGDPR + national lawsVariousData-enabled stalkingHeavy fines + imprisonment

---

Botnets — The Criminal Infrastructure

A botnet (robot network) is a collection of internet-connected devices (called bots or zombies) that have been infected with malware and are controlled by an attacker (the botmaster) through a Command and Control (C2) server, without the device owners' knowledge.

How a Botnet is Built (Step-by-Step):

  1. Infection: Attacker distributes malware via phishing emails, malicious downloads, drive-by downloads, or exploiting vulnerabilities
  2. Persistence: Malware installs itself at startup, hides from antivirus using rootkit techniques
  3. Registration: Infected device contacts C2 server and registers itself as a bot
  4. Command Delivery: Botmaster sends commands (via IRC, HTTP, peer-to-peer) to all bots simultaneously
  5. Execution: Bots execute commands — spam campaign, DDoS attack, crypto mining, credential theft
  6. Monetization: Botmaster earns through ransomware payments, selling botnet access, crypto profits

Botnet Use Cases:

Use CaseHow Botnets Enable ItReal ExampleRevenue ModelScale
DDoS AttackAll bots flood target simultaneouslyMirai botnet (620 Gbps attack on Krebs)Extortion, competitor sabotage100,000s of devices
Spam CampaignsBots send millions of emailsCutwail botnet (51B spam/day)Sell spam services1.5M bots
Credential TheftKeyloggers and form grabbers on each botZeus botnetSell credentials on dark web3.6M bots (peak)
Crypto MiningUse victims' CPU/GPU for miningSmominru (524,000 Windows servers)Cryptocurrency~$3.6M mined
Click FraudBots simulate ad clicksVarious botnetsFraudulent ad revenueBillions of clicks
Ransomware DistributionBots deliver ransomware payloadEmotet → Ryuk delivery chainRansom paymentsEnterprise targets

---

Study Deep: Advanced Threat Analysis

  1. C2 infrastructure has evolved: First-generation botnets used centralized IRC servers (easily shut down). Modern botnets use peer-to-peer C2 (no single point of failure), domain generation algorithms (DGA) (generate thousands of random domain names as fallback), and fast flux DNS (constantly changing IP addresses).
  1. Nation-state actors and cybercriminals converge: The line between cybercrime and cyberwarfare is blurring. North Korea's Lazarus Group conducts financial cybercrime (stealing ~$3 billion in crypto since 2017) to fund the state while also conducting espionage operations. Iran and Russia similarly leverage criminal groups as proxies.
  1. Cyberstalking enablers are everywhere: Commercial "stalkerware" products marketed as parental controls or employee monitoring tools are routinely misused for intimate partner surveillance. The Coalition Against Stalkerware documents thousands of cases annually. Such tools bypass standard malware detection because they're "legitimate" commercial software.
  1. Botnet takedowns require international cooperation: Botnets operate across dozens of countries. Takedown operations (like the FBI/Europol operation against GameOver Zeus in 2014) require multinational law enforcement collaboration, court orders in multiple jurisdictions, and ISP cooperation to sinkhole C2 traffic.
  1. The Mirai botnet changed IoT security forever: In 2016, Mirai infected 600,000 IoT devices (IP cameras, routers) by scanning for devices with default usernames/passwords. The resulting DDoS attack disrupted major internet services including Twitter, Netflix, and Reddit. The source code was published online, leading to many derivative botnets. This event accelerated IoT security regulations.
Exam Tip: Botmaster controls the botnet; C2 server (Command and Control) sends instructions; Zombies/Bots are infected devices that execute commands. Botnets are used for DDoS, spam, credential theft, and ransomware delivery. The infected machines' owners are unaware their device is part of a botnet.