Institute of Chartered Accountants of India Name: Babita Duragaram Mitharwal Address: 301,3rd floor, Milan apartment,
railway station road, anjurphata Bhiwandi Contact No: 9168763914 Registration No: WRO0660665 Name of IT Centre & Branch: THANE 12/17/219 Branch Code: WI020 Batch Code: Thane 12/17/219 Project Name: Cyber Crime Date: 16 Dec,2017 Signature of Student: Babita
CYBERCRIME
CYBER CRIME
Table of Contents Introduction5 Page 2
CYBERCRIME Classification9 Fraud And Financial Crimes 9 Cyberterrorism 10 Cyberextortion 11 Computer as a target12 Computer as a tool13 Obscene or Offensive content14 Harassment15 Drug Trafficking18 Unauthorized Access & Hacking19 Web Hijacking20 Pornography21 Child Pornography21 Cyber Stocking22 Denial of Service Attack24 Virus Attack25 Software privacy 26 Salami Attacks27 Phishing 27 Sale of Illegal articles28 Online gambling28 Emails Spoofing29 Cyber Defamation30 Forgery30 Page 3
CYBERCRIME Theft of Information contain in Electronic Form31 Email Bombing31 Internet Time Theft31 Theft of Computer Systems31 Physical Damaging a computer system32 Breach of Privacy & Confidentiality32 Data Diddling33 E- Commerce / Investment Frauds33 Cyber Terrorism33 Counter Measures36 Technical37 Counter terrors – Social Network Analysis & Internet Recognition39 Economic 42 Legal 43 Conclusion 45
Page 4
CYBERCRIME
INTRODUCTION
"Cyberspace" is a very wider term. Most of us have a limited knowledge of "Cyberspace" and the crimes occurring in "cyberspace", known as cybercrime, which happens on computer and the Internet, however, cybercrime has a severe potential for remarkable impact on the lives of individuals and our society. Therefore, a detailed introduction of cybercrime needs to be understood. There are many terms used to describe cybercrime. The former descriptions were "computer crime", "computer-related crime" or "crime by computer". With the pervasion of digital technology, some new terms like "high-technology" or "information-age" crime were added to the definition. Cyber crime, or computer related crime, is crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Cybercrimes can be defined as: "Offences that are committed against individuals or groups of Page 5
CYBERCRIME individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm, or loss, to the victim directly or indirectly, using modern telecommunication networks such as Internet (networks including but not limited to Chat rooms, emails, notice boards and groups) and mobile phones (Bluetooth/SMS/MMS)". Cybercrime may threaten a person or a nation's security and financial health. Issues surrounding these types of crimes have become high-profile, particularly those surrounding hacking, copyright infringement, unwarranted masssurveillance, child pornography, and child grooming. There are also problems of privacy when confidential information is intercepted or disclosed, lawfully or otherwise. Also, Internet brought other new terms, like "cybercrime" and "net" crime and Other forms include "digital", "electronic", "virtual", "IT", "High-tech" and Technology-enabled" crime. However, on the one hand, each of them didn't cover the whole meaning of cybercrime, because there is no incorporation of networks. On the other hand, terms such as "high-tech" or "electronic" crime might be too broad to specify that the crime is the exact cybercrime, since other fields also have "hi-tech" developments like nanotechnology and bioengineering. Currently, although no one term has become totally dominant in use, "cybercrime" is the term used most pervasively. In general, cybercrime has three categories: 1. Target cybercrime: the crime in which a computer is the target of the offense. 2. Tool cybercrime: the crime in which a computer is used as a tool in committing the offense. 3. Computer incidental: the crime in which a computer plays a minor role in committing the offense. Page 6
CYBERCRIME Debarati Halder and K. Jaishankar further define cybercrime from the perspective of gender and defined 'cybercrime against women' as "Crimes targeted against women with a motive to intentionally harm the victim psychologically and physically, using modern telecommunication networks such as internet and mobile phones". The history of cybercrime is short compared with traditional crimes. The first published report of cybercrime occurred in the 1960s, when computers were large mainframe systems. Since mainframes were not connected with other ones and only few people can access them, the cybercrimes were always "insider" cybercrimes, which means employment allowed them to access into mainframe computers. Actually, in the 1960s and 1970s, the cybercrime, which was "computer crime" in fact, was different from the cybercrime we faced with today, because of no Internet in that era. In following decades, the increasing of computer network and personal computers transformed "computer crime" into real cybercrime. Since Internet was invented, people began to exchange information based on networks of computers, also keep data in computer rather than paper. At the same time, the cybercrime was not only restricted in target cybercrime, but expanded into tool cybercrime and computer incidental. This process is similar to the process of learning one language. In childhood, we learn language itself; then, when we grow up and are good at it, we will use it to communicate with each other but itself is not a prime element. In general, current consensus on the classification of cybercrime is to divide it into three categories that are said in the first paragraph above. We can set another analogy: target cybercrime is like crossword, which focuses on the magic of language itself; tool cybercrime is similar to fraud or harassment on street or in other face-to-face ways, but the place in which tool cybercrime happens is not physical environment but cyberspace; computer incidental Page 7
CYBERCRIME including some electronic proof is saved in computer or the camera captures the criminal withdrawing money in a bank. Generally, these three categories are elaborated in the three following sections and in each section some latest cases will be studied. A report (sponsored by McAfee) estimates that the annual damage to the global economy is at $445 billion; however, a Microsoft report shows that such survey-based estimates are "hopelessly flawed" and exaggerate the true losses by orders of magnitude. Approximately $1.5 billion was lost in 2012 to online credit and debit card fraud in the US. In 2016, a study by Juniper Research estimated that the costs of cybercrime could be as high as 2.1 trillion by 2019.
CLASSIFICATION
Page 8
CYBERCRIME
Computer crime encompasses a broad range of activities.
Fraud and financial crimes Main article: Internet fraud Computer fraud is any dishonest misrepresentation of fact intended to let another to do or refrain from doing something which causes loss. In this context, the fraud will result in obtaining a benefit by: • Altering in an unauthorized way. This requires little technical expertise and is common form of theft by employees altering the Page 9
CYBERCRIME data before entry or entering false data, or by entering unauthorized instructions or using unauthorized processes; • Altering, destroying, suppressing, or stealing output, usually to conceal unauthorized transactions. This is difficult to detect; •
Altering or deleting stored data;
Other forms of fraud may be facilitated using computer systems, including bank fraud, carding, identity theft, extortion, and theft of classified information. A variety of internet scams, many based on phishing and social engineering, target consumers and businesses.
Cyberterrorism Main article: Cyberterrorism Government officials and information technology security specialists have documented a significant increase in Internet problems and server scans since early 2001. But there is a growing concern among government agencies such as the Federal Bureau of Investigations (FBI) and the Central Intelligence Agency (CIA) that such intrusions are part of an organized effort by cyberterrorists, foreign intelligence services, or other groups to map potential security holes in critical systems.[9] A cyberterrorist is someone who intimidates or coerces a government or an organization to advance his or her political or social objectives by launching a
Page 10
CYBERCRIME computer-based attack against computers, networks, or the information stored on them. Cyberterrorism in general can be defined as an act of terrorism committed through the use of cyberspace or computer resources (Parker 1983). As such, a simple propaganda piece in the Internet that there will be bomb attacks during the holidays can be considered cyberterrorism. There are also hacking activities directed towards individuals, families, organized by groups within networks, tending to cause fear among people, demonstrate power, collecting information relevant for ruining peoples' lives, robberies, blackmailing etc.
Cyberextortion Main article: Extortion Cyberextortion occurs when a website, e-mail server, or computer system is subjected to or threatened with repeated denial of service or other attacks by malicious hackers. These hackers demand money in return for promising to stop the attacks and to offer "protection". Page 11
CYBERCRIME According to the Federal Bureau of Investigation, cyberextortions are increasingly attacking corporate websites and networks, crippling their ability to operate and demanding payments to restore their service. More than 20 cases are reported each month to the FBI and many go unreported in order to keep the victim's name out of the public domain. Perpetrators typically use a distributed denial-ofservice attack. An example of cyberextortion was the attack on Sony Pictures of 2014. Main article: Cyberwarfare The U.S. Department of Defense (DoD) notes that the cyberspace has emerged as a national-level concern through several recent events of geo-strategic significance. Among those are included, the attack on Estonia's infrastructure in 2007, allegedly by Russian hackers. "In August 2008, Russia again allegedly conducted cyberattacks, this time in a coordinated and synchronized kinetic and non-kinetic campaign against the country of Georgia. Fearing that such attacks may become the norm in future warfare among nation-states, the concept of cyberspace operations impacts and will be adapted by warfighting military commanders in the future.
Computer as a target These crimes are committed by a selected group of criminals. Unlike crimes using the computer as a tool, these crimes require the technical knowledge of the perpetrators. As such, as technology Page 12
CYBERCRIME evolves, so too does the nature of the crime. These crimes are relatively new, having been in existence for only as long as computers have—which explains how unprepared society and the world in general is towards combating these crimes. There are numerous crimes of this nature committed daily on the internet: Crimes that primarily target computer networks or devices include: •
Computer viruses
•
Denial-of-service attacks
•
Malware (malicious code)
Computer as a tool Main articles: Internet fraud, Spamming, Phishing, and Carding (fraud) When the individual is the main target of cybercrime, the computer can be considered as the tool rather than the target. These crimes generally involve less technical expertise. Human weaknesses are generally exploited. The damage dealt is largely psychological and intangible, making legal action against the variants more difficult. These are the crimes which have existed for centuries in the offline world. Scams, theft, and the likes have existed even before the development in high-tech equipment. The same criminal has simply been given a tool which increases his Page 13
CYBERCRIME potential pool of victims and makes him all the harder to trace and apprehend. Crimes that use computer networks or devices to advance other ends include: • Fraud and identity theft (although this increasingly uses malware, hacking or phishing, making it an example of both "computer as target" and "computer as tool" crime) •
Information warfare
•
Phishing scams
•
Spam
• Propagation of illegal obscene or offensive content, including harassment and threats The unsolicited sending of bulk email for commercial purposes (spam) is unlawful in some jurisdictions. Phishing is mostly propagated via email. Phishing emails may contain links to other websites that are affected by malware. Or, they may contain links to fake online banking or other websites used to steal private account information.
Obscen or offensive content The content of websites and other electronic communications may be distasteful, obscene or offensive for a variety of reasons. In some instances these communications may be legal. Page 14
CYBERCRIME
The extent to which these communications are unlawful varies greatly between countries, and even within nations. It is a sensitive area in which the courts can become involved in arbitrating between groups with strong beliefs. One area of Internet pornography that has been the target of the strongest efforts at curtailment is child pornography, which is illegal in most jurisdictions in the world.
Harassment Whereas content may be offensive in a non-specific way, harassment directs obscenities and derogatory comments at specific individuals focusing for example on gender, race, religion, nationality, sexual orientation. This often occurs in chat rooms, through newsgroups, and by sending hate e-mail to interested parties. Harassment on the internet also includes revenge porn. There are instances where committing a crime using a computer can lead to an enhanced sentence. For example, in the case of United States v. Neil Scott Kramer, Kramer was served an enhanced sentence according to the U.S. Sentencing Guidelines Page 15
CYBERCRIME Manual §2G1.3(b)(3) for his use of a cell phone to "persuade, induce, entice, coerce, or facilitate the travel of, the minor to engage in prohibited sexual conduct." Kramer argued that this claim was insufficient because his charge included persuading through a computer device and his cellular phone technically is not a computer. Although Kramer tried to argue this point, U.S. Sentencing Guidelines Manual states that the term computer "means an electronic, magnetic, optical, electrochemically, or other high speed data processing device performing logical, arithmetic, or storage functions, and includes any data storage facility or communications facility directly related to or operating in conjunction with such device." Connecticut was the U.S. state to pass a statute making it a criminal offense to harass someone by computer. Michigan, Arizona, and Virginia and South Carolina have also passed laws banning harassment by electronic means. Harassment as defined in the U.S. computer statutes is typically distinct from cyber bullying, in that the former usually relates to a person's "use a computer or computer network to communicate obscene, vulgar, profane, lewd, lascivious, or indecent language, or make any suggestion or proposal of an obscene nature, or threaten any illegal or immoral act," while the latter need not involve anything of a sexual nature. Although freedom of speech is protected by law in most democratic societies (in the US this is done by the First Amendment), it does not include all types of speech. In fact spoken Page 16
CYBERCRIME or written "true threat" speech/text is criminalized because of "intent to harm or intimidate", that also applies for online or any type of network related threats in written text or speech. The US Supreme Court definition of "true threat" is "statements where the speaker means to communicate a serious expression of an intent to commit an act of unlawful violence to a particular individual or group".
Page 17
CYBERCRIME
Drug trafficking Darknet markets are used to buy and sell recreational drugs online. Some drug traffickers use encrypted messaging tools to communicate with drug mules. The dark web site Silk Road was a major online marketplace for drugs before it was shut down by law enforcement (then reopened under new management, and then shut down by law enforcement again). After Silk Road 2.0 went down, Silk Road 3 Reloaded emerged. However, it was just an older marketplace named Diabolus Market, that used the name for more exposure from the brand's previous success.
Page 18
CYBERCRIME
Unauthorized Access and Hacking. Unauthorized access means any kind of access without the permission of either of the rightful or person in charge of the computer, computer system or computer network. Hacking means an illegal intrusion into a computer system and/or network. Every act committed towards breaking into a computer and/or network is hacking. Hackers write or use readymade computer programs to attack the target computer. They possess the desire to destruct and they get the kick out of such destruction. Some hackers hack for personal monetary gains, such as to stealing the credit card information, transferring money from various bank accounts to their own account followed by withdrawal of money. Government websites are the most targeted sites for the hackers. A hacker is an unauthorized user who attempts to or gains access to an information system. Hacking is a crime even if there is no visible damage to the system, since it is an invasion in to the privacy of data. There are different classes of Hackers. a) White Hat Hackers- They believes that information sharing is good, and that it is their duty to share their expertise by facilitating access to information. However there are some white hat hackers who are just joy riding" on computer systems. Page 19
CYBERCRIME b) Black Hat Hackers- They cause damage after intrusion. They may steal or modify data or insert viruses or worms which damage the system. They are also called crackers. c) Grey Hat Hackers- Typically ethical but occasionally violates hacker ethics Hackers will hack into networks, stand-alone computers and software. Network hackers try to gain unauthorized access to private computer networks just for challenge, curiosity, and distribution of information. Crackers perform unauthorized intrusion with damage like stealing or changing of information or inserting malware (viruses or worms).
Web Hijacking. Web hijacking means taking forceful control of website of others. In this case the owner of the website loses control over his website and its content.
Page 20
CYBERCRIME
Pornography. Pornography means showing sexual acts in order to cause sexual excitement. The definition of pornography also includes pornographic websites, pornographic magazines produced using computer and the internet pornography delivered over mobile phones.
Child Pornography. The Internet is being highly used as a medium to sexually abuse children. The children are viable victim to the cybercrime. Computers and internet having become a necessity of every household, the children have got an easy access to the internet. There is an easy access to the pornographic contents on the internet. Page 21
CYBERCRIME Pedophiles lure the children by distributing pornographic material and then they try to meet them for sex or to take their nude photographs including their engagement in sexual positions. Sometimes pedophiles contact children in the chat rooms posing as teenagers or a child of similar age and then they start becoming friendlier with them and win their confidence. Then slowly pedophiles start sexual chat to help children shed their inhibitions about sex and then call them out for personal interaction. Then starts actual exploitation of the children by offering them some money or falsely promising them good opportunities in life. The pedophiles then sexually exploit the children either by using them as sexual objects or by taking their pornographic pictures in order to sell those over the internet.
Page 22
CYBERCRIME
Cyber Stalking In general terms, stalking can be termed as the repeated acts of harassment targeting the victim such as following the victim, making harassing phone calls, killing the victims pet, vandalizing victims property, leaving written messages or objects. Stalking may be followed by serious violent acts such as physical harm to the victim. Cyber stalking means repeated acts of harassment or threatening behavior of the cybercriminal towards the victim by using internet services. Both kinds of stalkers i.e., Online & Offline have desire to control the victims life. How do Cyber Stalkers operate? a) They collect all personal information about the victim such as name, family background, telephone numbers of residence and work place, daily routine of the victim, address of residence and place of work, date of birth etc. If the stalker is one of the acquaintances of the victim he can easily get this information. If stalker is a stranger to victim, he collects the information from the internet resources such as various profiles, the victim may have filled in while opening the chat or e-mail account or while signing an account with some website. b) The stalker may post this information on any website related to sex-services or dating services, posing as if the victim is posting this information and invite the people to call the victim on her telephone numbers to have sexual services. Stalker even uses very filthy and obscene language to invite the interested persons. Page 23
CYBERCRIME c) People of all kind from nook and corner of the World, who come across this information, start calling the victim at her residence and/or work place, asking for sexual services or relationships. d) Some stalkers subscribe the e-mail account of the victim to innumerable pornographic and sex sites, because of which victim starts receiving such kind of unsolicited e-mails. e) Some stalkers keep on sending repeated e-mails asking for various kinds of favors or threaten the victim. f) In online stalking the stalker can make third party to harass the victim. g) Follow their victim from board to board. They hangout on the same as their victim, many times posting notes to the victim, making sure the victim is aware that he/she is being followed. Many times they will flame their victim (becoming argumentative, insulting) to get their attention. h) Stalkers will almost always make contact with their victims through email. The letters may be loving, threatening, or sexually explicit. He will many times use multiple names when contacting the victim. i) Contact victim via telephone. If the stalker is able to access the victim telephone, he will many times make calls to the victim to threaten, harass, or intimidate them. j) Track the victim to his/her home.
Page 24
CYBERCRIME
Denial of service Attack. This is an attack in which the criminal floods the bandwidth of the victim network or fills his e-mail box with spam mail depriving him of the services he is entitled to access or provide. This kind of attack is designed to bring the network to crash by flooding it with useless traffic. Another variation to a typical denial of service attack is known as a Distributed Denial of Service (DDoS) attack wherein the perpetrators are many and are geographically widespread. Many DoS attacks, such as the Ping of Death and Teardrop attacks, exploit limitations in the TCP/IP protocols. For all known DoS attacks, there are software fixes that system administrators can install to limit the damage caused by the attacks. But, like Virus, new DoS attacks are constantly being dreamed up by Hacker.
Page 25
CYBERCRIME
Virus Attacks.
Viruses are the programs that have the capability to infect other programs and make copies of it and spread into other program. Programs that multiply like viruses but spread from computer to computer are called as worms. These are malicious software that attaches them to other software. Virus, worms, Trojan horse, Time bomb, Logic Bomb, Rabbit and Bacterium are the malicious. Viruses usually affect the data on a computer, either by altering or deleting it. On the other hand worms merely make functional copies of them and do this repeatedly till they eat up all the available. Trojan horse is a program that acts like something useful but do the things that are quiet damping. Trojans come in two parts, a Client part and a Server part. When the victim (unknowingly) runs the server on its machine, the attacker will then use the Client to connect Page 26
CYBERCRIME to the Server and start using the Trojan. TCP/IP protocol is the usual protocol type used for communications, but some functions of the Trojans use the UDP protocol as well.
Software Piracy.
Software piracy refers to the illegal copying of genuine programs or the counterfeiting and distribution of products intended to pass for the original. This kind of crimes also include copyright infringement, trademarks violations, theft of computer source code, patent violations etc. Domain names are also trademarks and protected by ICANN domain dispute resolution policy and also under trademark laws. Cyber squatters register domain name Page 27
CYBERCRIME identical to popular service provider name to attract their users and get benefit from them.
Salami Attacks. These attacks are used for the commission of financial crimes. The key here is to make the alteration so insignificant that in a single case it would go completely unnoticed. E.g. a bank employee inserts a program, into the bank servers, that deducts a small amount of money (say Rs. 5 a month) from the account of every customer. No account holder will probably notice this unauthorized debit, but the bank employee will make a sizable amount of money every month.
Phishing. Phishing is the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user information. By spamming large groups of people, the phisher counted on the e-mail being read by a percentage of people who actually had listed credit card numbers with legitimately. Page 28
CYBERCRIME
Sale of illegal articles. This category of cybercrimes includes sale of narcotics, weapons and wildlife etc., by posting information on websites, auction websites, and bulletin boards or simply by using email communication.
Online gambling.
There are millions of websites; all hosted on servers abroad, that offer online gambling. In fact, it is believed that many of these websites are actually fronts for money laundering. Cases of hawala transactions and money laundering over the Internet have been reported.
Email spoofing. Page 29
CYBERCRIME E-mail spoofing is e-mail activity in which the sender addresses and other parts of the e-mail header are altered to appear as though the email originated from a different source. E-mail spoofing is sending an e-mail to another person in such a way that it appears that the e-mail was sent by someone else. A spoof email is one that appears to originate from one source but actually has been sent from another source. Spoofing is the act of electronically disguising one computer as another for gaining as the password system. It is becoming so common that you can no longer take for granted that the e-mail you are receiving is truly from the person identified as the sender. Email spoofing is a technique used by hackers to fraudulently send email messages in which the sender address and other parts of the email header are altered to appear as though the email originated from a source other than its actual source. Hackers use this method to disguise the actual email address from which phishing and spam messages are sent and often use email spoofing in conjunction with Web page spoofing to trick users into providing personal and confidential information.
Cyber Defamation. When a person publishes defamatory matter about someone on a website or sends e-mails containing defamatory information to all of that person friends, it is termed as cyber defamation.
Page 30
CYBERCRIME
Forgery. Computers, printers and scanners are used to forge counterfeit currency notes, postage and revenue stamps, mark sheets etc. These are made using computers, and high quality scanners and printers.
Theft of information contained in electronic form. This includes theft of information stored in computer hard disks, removable storage media etc.
Email bombing. Page 31
CYBERCRIME Email bombing refers to sending a large number of emails to the victim resulting in the victim’s email account (in case of an individual) or mail servers (in case of a company or an email service provider) crashing.
Internet time theft. Internet time refers to usage by an unauthorized person of the Internet hours paid for by another person.
Theft of computer system. This type of offence involves the theft of a computer, some part(s) of a computer or a peripheral attached to the computer.
Physically damaging a computer system. This crime is committed by physically damaging a computer or its peripherals.
Page 32
CYBERCRIME
Breach of Privacy and Confidentiality. Privacy refers to the right of an individual/s to determine when, how and to what extent his or her personal data will be shared with others. Breach of privacy means unauthorized use or distribution or disclosure of personal information. Confidentiality means nondisclosure of information to unauthorized or unwanted persons. In addition to Personal information some other type of information which useful for business and leakage of such information to other persons may cause damage to business or person, such information should be protected. Generally for protecting secrecy of such information, parties while sharing information forms an agreement about the procedure of handling of information and to not to disclose such information to third parties or use it in such a way that it will be disclosed to third parties. Many times party or their employees leak such valuable information for monitory gains and causes breach of contract of confidentiality. Special techniques such as Social Engineering are commonly used to obtain confidential information.
Page 33
CYBERCRIME
Data diddling. Data diddling involves changing data prior or during input into a computer. The information is changed from the way it should be entered by a person typing in the data, a virus that changes data, the programmer of the database or application, or anyone else involved in the process of having information stored in a computer file. It also includes automatic changing the financial information for some time before processing and then restoring original information.
Electronic / Investment Frauds An offering that uses false or fraudulent claims to solicit investments or loans, or that provides for the purchase, use, or trade of forged or counterfeit securities. Merchandise or services that were purchased or contracted by individuals online are never delivered. The fraud attributable to the misrepresentation of a product advertised for sale through an Internet auction site or the nondelivery of products purchased through an Internet auction site. Investors are enticed to invest in this fraudulent scheme by the promises of abnormally high profits.
Cyber Terrorism
Page 34
CYBERCRIME
Targeted attacks on military installations, power plants, air traffic control, banks, trail traffic control, telecommunication networks are the most likely targets. Others like police, medical, fire and rescue systems etc. Cyber terrorism is an attractive option for modern terrorists for several reasons. A) It is cheaper than traditional terrorist methods. B) Cyber terrorism is more anonymous than traditional terrorist methods. C) The variety and number of targets are enormous. D) Cyber terrorism can be conducted remotely, a feature that is especially appealing to terrorists. E) Cyber terrorism has the potential to affect directly a larger number of people.
Page 35
CYBERCRIME
COUNTER MEASURES Cyber crime, or computer crime, refers to any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Netcrime refers, more precisely, to criminal exploitation of the Internet. Issues surrounding this type of crime have become high-profile, particularly those surrounding hacking, copyright infringement, identity theft, childpornography, and child grooming. There are also Page 36
CYBERCRIME problems of privacy when confidential information is lost or intercepted, lawfully or otherwise. On the global level, both governments and non-state actors continue to grow in importance, with the ability to engage in such activities as espionage, and other cross-border attacks sometimes referred to as cyber warfare. The international legal system is attempting to hold actors accountable for their actions, with the International Criminal Court among the few addressing this threat. A cyber countermeasure is defined as an action, process, technology, device, or system that serves to prevent or mitigate the effects of a cyber attack against a victim, computer, server, network or associated device. Recently there has been an increase in the number of international cyber attacks. In 2013 there was a 91% increase in targeted attack campaigns and a 62% increase in security breaches. A number of countermeasures exist that can be effectively implemented in order to combat cyber-crime and increase security.
Page 37
CYBERCRIME
Technical. There are a variety of different technical countermeasures that can be deployed to thwart cybercriminals and harden systems against attack. Firewalls, network or host based, are considered the first line of defense in securing a computer network by setting Access Control Lists (ACLs) determining which what services and traffic can pass through the check point. Page 38
CYBERCRIME Antivirus can be used to prevent propagation of malicious code. Most computer viruses have similar characteristics which allow for signature based detection. Heuristics such as file analysis and file emulation are also used to identify and remove malicious programs. Virus definitions should be regularly updated in addition to applying operating system hot fixes, service packs, and patches to keep computers on a network secure. Cryptography techniques can be employed to encrypt information using an algorithm commonly called a cipher to mask information in storage or transit. Tunneling for example will take a payload protocol such as Internet Protocol (IP) and encapsulate it in an encrypted delivery protocol over a Virtual Private Network (VPN), Secure Sockets Layer (SSL), Transport Layer Security (TLS), Layer 2 Tunneling Protocol (L2TP), Point-to-Point Tunneling Protocol (PPTP), or Internet Protocol Security (IPSec)to ensure data security during transmission. Encryption can also be employed on the file level using encryption protocols like Data Encryption Standard (DES), Triple DES, or Advanced Encryption Standard (AES)to ensure security of information in storage. Additionally, network vulnerability testing performed by technicians or automated programs can be used to test on a fullscale or targeted specifically to devices, systems, and passwords used on a network to assess their degree of secureness. Furthermore, network monitoring tools can be used to detect intrusions or suspicious traffic on both large and small networks.
Page 39
CYBERCRIME Physical deterrents such as locks, card access keys, or biometric devices can be used to prevent criminals from gaining physical access to a machine on a network. Strong password protection both for access to a computer system and the computer's BIOS are also effective countermeasures to against cyber-criminals with physical access to a machine. Another deterrent is to use a bootable bastion host that executes a web browser in a known clean and secure operating environment. The host is devoid of any known malware, where data is never stored on the device, and the media cannot be overwritten. The kernel and programs are guaranteed to be clean at each boot. Some solutions have been used to create secure hardware browsers to protect users while accessing online banking.
Page 40
CYBERCRIME
Counter-Terror Social Network Analysis and Intent Recognition. The Counter-Terror Social Network Analysis and Intent Recognition (CT-SNAIR) project uses the Terrorist Action Description Language (TADL) to model and simulate terrorist networks and attacks. It also models links identified in communication patterns compiled from multimedia data, and terrorists’ activity patterns are compiled from databases of past terrorist threats.[19] Unlike other proposed methods, CT-SNAIR constantly interacts with the user, who uses the system both to investigate and to refine hypotheses. Multimedia data, such as voice, text, and network session data, is compiled and processed. Through this compilation and processing, names, entities, relationships, and individual events are extracted from the multimedia data. This information is then used to perform a social network analysis on the criminal network, through which the user can detect and track threats in the network. The social network analysis directly influences and is influenced by the intent recognition process, in which the user can recognize and detect threats. In the CT-SNAIR process, data and transactions from prior attacks, or forensic scenarios, is compiled to form a sequential list of transactions for a given terrorism scenario. The CT-SNAIR process also includes generating data from hypothetical scenarios. Since they are imagined and computergenerated, hypothetical scenarios do not have any transaction data Page 41
CYBERCRIME representing terrorism scenarios. Different types of transactions combine to represent the types of relationships between individuals. The final product, or target social network, is a weighted multiplex graph in which the types of edges (links) are defined by the types of transactions within the social network. The weights within these graphs are determined by the content-extraction algorithm, in which each type of link is thought of as a separate graph and “is fed into social network algorithms in part or as a whole.” Links between two individuals can be determined by the existence of (or lack of) the two people being mentioned within the same sentence in the compiled multimedia data or in relation to the same group or event. The final component in the CT-SNAIR process is Intent Recognition (IR). The goal of this component is to indicate to an analyst the threats that a transaction stream might contain. Intent Recognition breaks down into three subcategories: detection of “known or hypothetical target scenarios,” prioritization of these target scenarios, and interpretation “of the resulting detection.”
Economic. The optimal level of cyber-security depends largely on the incentives facing providers and the incentives facing perpetrators. Providers make their decision based on the economic payoff and Page 42
CYBERCRIME cost of increased security whereas perpetrators decisions are based on the economic gain and cost of cyber-crime. Potential prisoner’s dilemma, public goods, and negative externalities become sources of cyber-security market failure when private returns to security are less than the social returns. Therefore, the higher the ratio of public to private benefit the stronger the case for enacting new public policies to realign incentives for actors to fight cyber-crime with increased investment in cyber-security.
Page 43
CYBERCRIME
Legal. In the United States a number of legal statutes define and detail the conditions for prosecution of a cyber-crime and are used not only as a legal counter-measure, but also functions as a behavioral check against the commission of a cyber-crime. Many of the provisions outlined in these acts overlap with each. Namely: a) The Computer Fraud and Abuse Act. b) The Digital Millennium Copyright Act. c) The Electronic Communications Privacy Act. Page 44
CYBERCRIME d) The Stored Communications Act. e) Identity Theft and Aggravated Identity Theft. f) Identity Theft and Assumption Deterrence Act. g) Gramm-Leach-Bliley Act. h) Internet Spyware Prevention Act.
Page 45
CYBERCRIME
Page 46
CYBERCRIME
Page 47
CYBERCRIME
Conclusion 1. The key to protecting yourself is being aware. 2. Not all cybercriminals are “hackers.” 3. There is a whole other world that exists in cyberspace… make sure that your information travels safely. 4. Technology is destructive only in the hands of people who do not realize that they are one and the same process as the
Page 48
CYBERCRIME
Page 49