Soft Criminals
A computer cannot recognize crimes, only zeros and ones. People cannot be classified into good and bad. They change colours to good upon necessity and to bad upon opportunity. A crime will happen only when the opportunity avails itself. Networking computers opens up a plethora of opportunities for people. Information in computers like water flows, but unlike it, in both directions as naturally. Restricting this flow makes productive use of it. People act with tools available to them. The sharper the knife, the deeper the wound. Technologies are morally neutral, until people apply them. “Intent” of a person is the factor to decide the act committed.
Page 1 of 13
Below are presented the viewpoints of different simulated characters to justify the actions they do and a brief analysis of their actions.
Hacker’s Perspective
As I await my turn, to list hobbies, a hundreds of thoughts are running in my mind. Should I tell Madame about it? What will she think? Can she comprehend? And if so, can she appreciate it? “I like to paint”, Madame. “Good, what is your best painting?”; “Robin Hood”, came the reply without a thought. He is the hero of my life and will be the one if I have to paint. Back home, I pilot my aeroplane, my computer. Mom and Dad are scientists and are in a lab, theirs is a love marriage.
As I finish checking mails, the daemon programs configured at startup get me the list of IIS servers; and the boy at the store rings the door and delivers my chicken pizza. The vulnerability that I have discovered in IIS allows me to get into the corporate Intranets. There I leave a worm, similar to the Haiku, telling that Robin Hood has visited them. It has already come up in the Internet and shall percolate to media sooner. There shall be lot of hype and the pursuit is thrilling. Soon they will discover it as a bug and will work on a fix, and the software evolves, and so do i. This is my hobby and I am a hacker. Doing actions without revealing identity is what I do, anonymity is the name of the game.
Hackers are highly intellectual people and mostly prodigies. They are benefactors of evolution. There is also a certain ego satisfaction in identifying oneself as a hacker. Hacking pursuits do not intend to condone damage on the systems that are hacked.
However to err, is human. After gaining control over a system, unintentional operations may cause damage to the existing infrastructure. Loss could be accrued for which there is a liability. The Indian Act discourages unauthorized access, a fraud prevention activity. Intrusion Detection Softwares are evolving to detect fraud. A skilled intruder will avoid extensive connection time on a victim machine at all costs. He will do this by disabling the
Page 2 of 13
record operations into history files. Only when a file cannot be browsed or database queried will a skilled intruder resort to file transfer.
System Administrator’s perspective
Experience is what we get when we do not get what we want. 5 years of experience did not leave my table cleaner. System Administration is hard work rather than intelligent work. Installing the same software on 50 machines makes it monotonous. And it is a thankless job too. People come to doctors, police, lawyers and system administrators only when there is a problem. My experience says that offences are committed due to negligence of users and the entire network is in a soup.
People use passwords that are same as user name, some don’t, some share passwords among colleagues, bosses divulge them to sincere subordinates, some shout them over. Some companies have floppies on all systems and no restrictions at entry. This is due to lack of security policy. Intellectual property is the main tangible asset of a company; it has to be protected. where as mostly it lies in the network, unencrypted and open to prying eyes.
Systems have to be in place for prevention rather than detection. Chat clients like Yahoo, MSN and ICQ reveal the IP address of the receptor over the Internet, which can further be used to commit crimes. Virus Protection Software, Firewalls, Proxies and Gateways can be erected but unless there is a change in attitude, there is a high probability of offences being conducted. System Administration is everybody’s job.
Cyber Terrorist Leader’s Perspective
They have not captivated our heroes, but our spirit of freedom and happiness. They have bombed our cities like we sow seeds in our farms. Now, the time has come for them to reap the fruits of their actions. An email shall be sent at 11:45 PM today to all the network points
Page 3 of 13
indicating the target EFT servers. That is the time when their business day gets started as usual, but this day will be unusual for them. Once you get the command list, start the attack. As soon as the task assigned to you is complete, send a confirmation mail. In case of an incomplete task, send a void mail. The tasks at all domains shall be completed by 2 AM.
I advice you to have a peaceful sleep. The toil of sleepless nights is over. As the sun rises in our region, it brings hope and freedom and by the time it sets in their region, will dawn their money with technologies. They realize that money that went into the bytes can never be reconverted. Our mission will be accomplished and our dreams fulfilled. Allah has sent us to punish the wicked and so shall they not go unpunished, as we hit them where it hurts the most. Jihaaad.
Distributed Denial of Service (DDoS) can mean more harm than what the name conveys. Not only is unavailability of service the target of well-planned terrorists but a higher harm can be contemplated. One country cannot by itself enact laws the comprehensively address the problems of Internet offences without the cooperation from other countries. Never before has it been so easy to commit an offence in one jurisdiction while hiding behind the jurisdiction of another.
Employee’s perspective
Ours is one of the world’s leading MNC. We develop state-of-the-art softwares. With branches in 70 countries, we feel at home in any point of the globe. Most of the communication formal, semi formal, supplier, vendor and the 360 degree one is done through emails. Each country’s office has a group id to which if a mail sent, will be delivered to all the personnel in that country. The HR and Management use this account to communicate if there is any point prominent to make. Some times emotional professionals use this to bid adieu to their colleagues.
Page 4 of 13
Monday, the day of return to routines and I start checking the mails, sipping a cup of coffee, as is our trend. A mail from our CEO, Umm!
Are we making profits?
And, astonishing
news. “ Are you aware of the affair between Celina and Douglas? Do you think it is love?”. Holy Shit! Why will our CEO send such a mail? It is the act of some idiot. But who are these Celina and Douglas? As these thoughts run on my mind, they run on the minds of all our employees and soon it is known that they are the Project Manager and Software Engineer of the product, “Zombie Protection System”. The V.P commissions them to his office and asks them for an explanation of their acts that has resulted in such a mail, for which they reply by submitting their resignation letters. The System Admin is called and he remains silent, as he could not say, “ It has been done, as it could be done”. Now my company cannot start training sessions on professional ethics and policies on whistling, shouts the V.P in a fit of temper.
Defamation, a cheap tricked played by people who are jealous, is the cause of unnecessary discussion and sometimes panic across the company.
Competition exists across companies producing similar items in the market. An E-commerce site gives provision to its customers, while shopping, to select any Payment gateway among the multiple gateways it supports. A Company corrupts its rival gateway by denial of service. As transaction translates to money, it is a loss for the company not just in terms of transaction failure, but loss of goodwill of the customer who never selects a failed payment gateway for the next transaction.
Cracker’s Perspective
Crackers are never caught and those that are caught are not crackers, they are playing the game in a silly manner. Some are real kiddies below 15. The police catch them and do not know what to do with them. They are sympathized; not to say admired by the society. A cracker is always two steps ahead of the police and intrusion detection systems. He is committing offences that have not yet been recorded in books.
Page 5 of 13
SYN flood attacks, UCP flood attacks and ICMP flood attacks are old ways of doing things. And there are people who get success using these techniques too. Not all have taken care to protect their networks. And there are network security companies selling their softwares, containing vulnerability analysis of known bugs and making a good business. They can never know what the crackers do, as the new methods created by them to break the networks have not yet been named.
History is full of stories of strong systems conquering the weaker ones. Rama listening to Vibhishana hits Ravana in his weak point, and so does Bheema to Duryodhana, Drona to Ekalavya and Yudhistira to Drona. So, for survival one always has to be better than his enemy. There are five types of people in the world, people that make news, people that write news, people that read news, people that ask what’s happening and people that are not bothered. The fourth and fifth are always the target. Crackers belong to the first group. Public Key Infrastructure which is conceived as demi-god equivalent in terms of trust has also got the weaknesses. They are compromise on the part of private key, certifying authority and breakage of cryptographic algorithm. For any system all that the “ker”s do is know the weakness and attack.
A cracker has a philosophy that is intoxicatingly convincing and a cracker will never say that he is one. Strength and weakness are two corners of a scale with the world within. So is good and bad. An offence has multi dimensional factors to scale. There are strong systems and weak systems in the Internet. There are people with right intentions and wrong intentions. When ever a strong system is in the hands of wrong people or a good system in a weak condition there is vulnerability.
HR Manager’s Perspective
Recruitment of IT professionals is on the rampage. The concept of a temporary job is becoming permanent. This year new costs are expected from the HR field, apart from costs of recruiting; that is the cost of retaining. People are jumping from one company to another like monkeys. A typical strategy by an employee is to show an appointment letter of his new
Page 6 of 13
job and get a salary hike from us and show the hike to his recruiter and start off on a higher note. While all of this is fine as long as the management concedes and there are people worth the mettle, we are busier than ever. Conducting recruitment drives on weekends, and moving to new cities for newer talents is very common. Another concept that is in action is the concept of flexible timings. Time difference between our country and our business partners has made such changes imperative. The employees working in night shifts are less monitored than their counterparts.
Few bachelors are eager to stay in the company on Saturdays and Sundays in the pretext of acquiring new skills. Such people are admired or sympathized but never monitored. Tonnes of songs and other unwanted material is downloaded and put on the network in a computer other than the employee’s and sometimes in a hidden format. These employees assume privileges on resources such as printers, Internet and most importantly the corporate network.
Valuable IP of the company resides there. While some people make the best advantage of these resources for the benefit of themselves and their company, all are not so. And it is virtually impossible to filter the wheat from the chaff. To make a general observation, it is observed that the element of “namak” is missing in the new generation techies. One unmonitored and disgruntled employee can cause havoc to the company. As HR Managers we know it better.
September 11th is the day on which a point has been made. Aeroplane and Building are used as tools. Hearts of Americans are struck with terror. Computers can be used as tools to commit offences that are traditional in nature. This opens up new combinations. Murder using computer, Credit thefts are not unheard of. A system cannot be made foolproof as nature always produces a better fool. Often a new technology or infrastructure is conceived as a remedy for existing weakness, but a new technology comes with it’s own set of loopholes for the explorer to exploit. IP address is a basic information obtained in any internet transaction. Most offences are committed based upon IP Addresses. A reverse
Page 7 of 13
lookup on the IP address tracks down the system and also the route to the offence. Software such as Samspade, tracert, or Visual Route can be used for the purpose. Information is a valuable asset. Not only is the transfer of information, but even unauthorized viewing may diminish its value. If a system is connected to the Internet there is every chance of it being attacked. Once IP address is known, DOS attacks such as Ping of Death, Smurf, UDP flooding or modem disconnection can be committed. Control over a system is acquired by looking at open ports on an IP. An offence is termed as a crime only when proved in a court of law. Law does not distinguish between crime and mischief, cracker and hacker.
Security is an overhead for the network but it gives protection to the resources. Network security becomes important, as companies will be viewed as units. Developing a corporate policy for security is also vital. To maintain a secure operation, one has to stay a step ahead of the “ker”s. Keeping up to date on software patches is critical to any security plan. The vast computing infrastructure constructed by private industry can be utilized to lodge a massive attack.
Another example of attack is that of an open access point in a Wireless network. Wireless access points have been added to many corporate networks without proper renovation of overall security policy. War Driving is a mechanism of sniffing 802.11 networks that have open ports. Each network card is associated with a MAC (Media Access Control) address, which uniquely identifies the device. A macof program can be used to cause a switch to fail open and mailsnorf program to capture emails that reach any person into one’s system. Both the tools are from Dsniff suite. The CAM (Content Addressable Memory) is where the switch stores the MAC info and when this fills up, the switch begins to flood the unknown MAC addresses to every port on the VLAN, in effect failing open. This could be made use of by the offender to access all the data that goes into and out of the network.
An offence always starts in the mind of the aggressor and ends in the mind of the victim. The stages in the life cycle of an offence are intended (but not committed), committed (but
Page 8 of 13
not permitted), permitted (but not identified), identified (but not conveyed), conveyed (but not tracked), tracked (but not convicted), convicted but loss not recovered.
No computer or network could ever be 100% secure but understanding and prevention is the key factor. One weak node could compromise the entire network. Most computer criminals thrive not on knowledge but blossom due to ignorance on the part of System Administrators. There are countless cyber crimes that are not made public due to private industry’s reluctance to publicize its vulnerabilities and government’s concern for security. There are bugs in various software’s and exploitation of these bugs result in a hack. Computer crime is a low risk, high profit affair. Information for some organizations is an asset, like money. Crimes are classified as done against a person or an organization. A stalker may post a controversial message on the board under the name, phone number, email of the victim resulting in subsequent responses being sent to the victim. This is an example of using personal information to commit offences. Most entities provide services requesting information from users, but never authenticate this information. This could be the cause for a lot of crimes as anonymity is respected here. Accidental, Negligent and unauthorized misuse has to be distinguished. It is always possible to prove the presence of errors, not their absence. There is no internationally recognized definition for cyber crime. When someone fires a bullet from a gun, it is actually the bullet that does the killing while the actual physical firing is pulling the trigger on the instrument. Similarly bits of data that have been set into action from a computer is an extension of an actor’s person. Computer crime and security may not just be hardware or software problem but a people-ware problem.
Fraud Detection Fraud detection has three aspects to it; intrusion detection, intrusion identification and assigning intrusion to fraud. Using specialized software such as BlackIce, Snort, NetRanger it is possible to sniff intrusion. It can be seen that a number of users, robots and other entities will be constantly accessing the system once the computer is on the Internet. However not all of these intrusions are with false intent. Even most softwares give false alerts and it is essential to keep a person to check this. Answering the questions, ”Why will
Page 9 of 13
anybody be interested in my network”, Who will be interested and What will he be interested in?” will help the filtration process. Intrusion Detection is based on the assumption that avoiding each and every security breach is practically impossible. Instead, Intrusion Detection stresses the need to identify-preferably in real time-attempts to breach security and to assess the damage they've caused. An Intrusion Detection System (IDS) tries to detect attempted intrusions into a system or network and alert users. An IDS constantly works away in the background in your system, notifying you only when it detects something it considers suspicious or illegal. However, whether that notification will be of any use to you will depend entirely on how well IDS is configured!
Anomaly detection: The most common approach for sniffing out an intrusion in a network is through identifying statistical anomalies. The idea is to measure a 'baseline' of statistics, like CPU utilization, disk activity, user logins, file activity and so on. The system can then trigger off whenever there's a deviation from this baseline. The good thing about this approach is that it can detect the anomalies without having to understand the cause. Let's say you monitor the traffic from individual workstations. The system notes that at 2 AM, many of these workstations start logging into the servers and carrying out tasks. This may be something interesting to act on. Signature recognition: Most commercial IDSs examine network traffic, looking for wellknown patterns of attack. This means for every hacker technique, engineers code something into the system. This can be as simple as a pattern match can. The classic example is to check every packet on the wire for the pattern '/cgi-bin': this may indicate that somebody was trying to access this vulnerable CGI script on a Web server. Some IDSs are built from large databases with hundreds (or thousands) of such strings. They just plug into the wire and trigger on every packet they see having one of these strings.
A Cyber Crime Common Body of Knowledge (CC-CBOK) is presented below Data diddling: This kind of an attack involves altering the raw data just before it is processed by a computer and then changing it back after the processing is completed Trojan Horse Attack: A program that hits the machine at an unexpected time and remains hidden from the user.
Page 10 of 13
Logic Bomb: A virus that has been configured to attack the system at a specified time. Dumpster Diving: Looking at dustbin for gathering valuable data. IP Spoofing: Making false pretensions of a different IP address. Masquerading: Moving hidden in networks as though wearing a mask. Password Suiting: Guessing of a password based upon common sense logic. Worm: A software program that multiplies like a virus but causes no harm. Salami Technique: A technique using which the developers credit the fractional amounts in a financial transaction into their accounts. Information Warfare: Application of destructive force on large-scale information systems. The vulnerable infrastructures that are targeted are Power Grid, Communications, Financial and Transportation. Chipping: Malicious alterations of computer hardware. Spamming: A junk mailing activity. Cyber Stalking: The Oxford dictionary defines stalking as "pursuing stealthily". Cyber stalking involves following a person's movements across the Internet by posting messages (sometimes threatening) on the bulletin boards frequented by the victim, entering the chatrooms frequented by the victim, constantly bombarding the victim with emails etc.
Page 11 of 13
References •
Cyber Crime- Impact in the new Millenium- Dr.R.C. Mishra, IPS
•
Cyber Crimes, Notorious Aspects of humans and the Net. Yogesh Barua and Denzyl P. Dayal (Dominant Publications, New Delhi)
•
Intrusion Detection Systems by Anuradha Gupta
•
Hacker’s Challenge 2 – Tata Mc Graw Hill
•
Network Security, A hacker’s perspective- Ankit Fadia- Macmillan
Page 12 of 13
Author:
Avinash Mangipudi (MBA)
Current Designation: Student University: Hyderabad Central University Course: Cyber Laws and Legal Information Systems Contact Email:
[email protected]
Page 13 of 13