Abstract
Cybercrimes are in charge of the interference of ordinary PC works and has been known to cause the ruin of numerous organizations and individual elements. This examination paper plans to talk about after parts of Cybercrimes: the definition, why they happen, laws overseeing them, techniques for perpetrating cybercrimes, who they influence, and cybercrime aversion strategies. All the more particularly, this paper will dig into one primary case of cybercrime "hacking". The report will demonstrate the use and movement of innovation has increased distinctive kinds of wrongdoings, for example, burglary violations and psychological warfare. Additionally, this report will show factual information which will give a thought of how far cybercrimes has increment over the time of ten years or more.
Introduction
In our cutting edge innovation driven age, keeping our own data private is winding up more troublesome. In all actuality, exceptionally characterized subtle elements are winding up more accessible to open databases, since we are more interconnected than any other time in recent memory. Our information is accessible for nearly anybody to filter through because of this interconnectivity. This makes a negative disgrace that the utilization of innovation is risky in light of the fact that for all intents and purposes anybody can get to one's private data at a cost. Innovation keeps on promising to facilitate our day by day lives; nonetheless, there are perils of utilizing innovation. One of the fundamental perils of utilizing innovation is the danger of cybercrimes.
Normal web clients might be uninformed of cybercrimes, not to mention what to do on the off chance that they fall casualty of digital assaults. Numerous honest people succumb to cybercrimes around the globe, particularly since innovation is developing at a fast pace. Cybercrimes are any wrongdoings that reason mischief to another individual utilizing a PC and a system. Cybercrimes can happen by issues encompassing entrance of protection and secrecy. Whenever protection and secret data is lost or hindered by unlawfully people, it offers approach to prominent violations, for example, hacking, digital fear mongering, undercover work, budgetary robbery, copyright encroachment, spamming, digital fighting and numerous more wrongdoings which happen crosswise over fringes. Cybercrimes can transpire once their data is rupture by an unlawful client. (webopedia.com)
As indicated by Norton, "in the course of the most recent year and a half, an inauspicious change has cleared over the web. The risk scene once ruled by the worms and infections released by unreliable programmers is presently controlled by another type of cybercriminals. Cybercrime is roused by extortion, exemplified by the sham messages sent by "phishers" that mean to take individual data" (Cybercrime 2011) Cybercrimes are in charge of the accomplishment of their particular criminal resources and the ruin of numerous organizations and individual elements.
Cybercrimes make an over whelming errand for law requirement departments since they are greatly mechanical wrongdoings. Law authorization associations must have people prepared in PC controls and PC criminology with a specific end goal to precisely research PC wrongdoings or cybercrimes that have been carried out. Also, numerous states must modernize and produce enactment, which denies cybercrimes and frameworks appropriate punishments for those wrongdoings. Cybercrimes will probably turn out to be more incessant with the entry of propel advances. It is vital that regular citizens, law authorities, and different partners of the equity framework are very much educated about cybercrimes keeping in mind the end goal to decrease the danger that they cause.
Defining the Problem
Currently, when individual talk about cybercrime, they may not understand the extent of these crimes. Many questions arise when the term cybercrime is brought into question. Some questions that arise are, “Does cybercrimes only done via the internet?â€, “Cybercrimes are done via computers only?†and so on, however, traditional crimes such as theft and fraud that have been done via physical ways are now been converted into digital resources and are now considered as cybercrimes. But what are cybercrimes?
A commonly accepted definition of this term is that a cybercrime is a “crime committed using a computer and the internet to steal a person's identity or sell contraband or stalk victims or disrupt operations with malevolent programs†(Definition of Cybercrimes).However, other definitions have constraints to an expansive meaning to more closely describe the word “cybercrimeâ€.
Laws of Cybercrimes
In this section of this paper we’ll discusses Laws and legislation that governs cybercrime in the United State and within other countries worldwide. This section will highlight some laws and let people know some of the laws that are out there to protect them and some of the amendments to these laws to keep up with the different advancement in technology.
Internationally
All laws aren't the same in numerous nations particularly with regards to cybercrimes. For various nations have particular laws representing issues, for example, cybercrimes. For instance, in a few nations, for example, Indiscriminate Information Technology Act which was passed and implement in 2000 on Electronic Commerce by the United Nations Commission on Trade Law. In any case, the Act expresses that it will sanction web based business and supplementary alter the Indian Penal Code 1860, the Act 1872, the Banker's Book Evidence Act1891 and the Reserve Bank of India Act 1934. The Information Technology Act deals with the various cybercrimes. From this Act, the important sections are Ss. 43,65,66,67. Section 43 which explain and enforce the unlawful access, transferring, virus outbreaks causes harm for example Stuxnet worm, DOA, intrusion with the service availed by anyone. However, other sections combats against source files via workstations being altered which can end result imprisoned up to 3 year or be fined stated by Section 65 whereas in Section 66 it pretends to consent access with systems, crimes that go against criminals can be imprisoned up to 3 years or fine which goes up to 2 years or more.
Causes of Cybercrimes & methods of committing
There are many ways or means where cybercrimes can occur. Here are a few causes and methods of how cybercrimes can be committed on a daily basis: Hacking, Theft of information contained in electronic form, Email bombing, Data diddling, Salami attacks, Denial of Service attack, Virus / worm attacks, Logic bombs,
Trojan attacks, Internet time theft, and web jacking.
• Hacking: In other words can be referred to as the unauthorized access to any computer systems or network. This method can occur if computer hardware and software has any weaknesses which can be infiltrated if such hardware or software has a lack in patching, security control, configuration or poor password choice.
• Theft of information contained in electronic form: This type of method occur when information stored in computer systems are infiltrated and are altered or physically being seized via hard disks; removable storage media or other virtual medium.
• Email bombing:This is another form of internet misuse where individuals directs amass numbers of mail to the victim or an address in attempt to overflow the mailbox, which may be an individual or a company or even mail servers there by ultimately resulting into crashing. There are two methods of perpetrating an email bomb which include mass mailing and list linking.
• Data diddling: Is the changing of data before or during an intrusion into the computer system. This kind of an occurrence involves moving raw data just before a computer can processes it and then altering it back after the processing is completed.
• Salami attacks: This kind of crime is normally consisting of a number of smaller data security attacks together end resulting in one major attack. This method normally takes place in the financial institutions or for the purpose of committing financial crimes. An important feature of this type of offence is that the alteration is so small that it would normally go unnoticed. This form of cybercrime is very common in banks where employees can steal small amount and it’s very difficult to detect or trace an example is the “Ziegler case†where in a logic bomb penetrated the bank’s system, which deducted only 10 cents from every account and deposited it in one particular account which is known as the “penny shavingâ€.
• Denial of Service attack: Is basically where a computer system becomes unavailable to it’s authorize end user. This form of attack generally relates to computer networks where the computer of the victim is submerged with more requests than it can handle which in turn causing the pc to crash. E.g. Amazon, Yahoo. Other incident occurs November, 2010 whistle blower site wikileaks.org got a DDoS attack.
• Virus / worm attacks: Viruses are programs that can embed themselves to any file. The program then copies itself and spreads to other computers on a network which they affect anything on them, either by changing or erasing it. However, worms are not like viruses, they do not need the host to attach themselves to but make useful copies of them and do this constantly till they consume up all the available space on a computer's memory. E.g. love bug virus, which affected at least 5 % of the computers around the world.
• Logic bombs: They are basically a set of instructions where can be secretly be execute into a program where if a particular condition is true can be carried out the end result usually ends with harmful effects. This suggests that these programs are produced to do something only when a specific event (known as a trigger event) occurs. E.g. Chernobyl virus.
• Trojan attacks: The term suggests where a program or programs mask themselves as valuable tools but accomplish damaging tasks to the computer. These programs are unlawful which flaccidly gains control over another’s system by assuming the role as an authorised program. The most common form of a Trojan is through e-mail. E.g. lady film director in the U.S.
• Internet time thefts: This form is kinds of embezzlements where the fraud the Internet surfing hours of the victim as their own which can be complete access to the login ID and the password, an example is Colonel Bajwa’s case- in this incident the Internet hours were used up by a unauthorized person.
• Web jacking: This is where the hacker obtains access and can control web site of another person, where he or she can destroy or alter the information on the sites they see fit to them. This type of method of cybercrime is done for satisfying political agendas or for purely monetary means. An example of such method was MIT (Ministry of Information Technology) was hacked by the Pakistani hackers whereas another was the ‘gold fish’ case, site was hacked and the information relating to gold fish was altered and the sum of $ 1 million was demanded. http://www.naavi.org/pati/pati_cybercrimes_dec03.htm
In terms of companies losing money due to cybercrimes here are some cases where cybercrimes had the upper hand. For example, in 2007 it was reported that TJX systems network was illegally accessed. Reportedly 45.6 million credit and debit card numbers were stolen over a period of more than 18 months by an unknown number of intruders who leave was relieved to be Albert Gonzalez. In the wake of that breach, several analysts have estimated TJX's costs could run as high as $1 billion, including legal settlements and lost sales. Another example was a former network engineer at Gucci was charged with hacking into the company's network, deleting data and shutting down servers and networks. Sam Yin, 34, of Jersey City, N.J., used an account he secretly created while employed by the luxury retailer to access the network after he was fired in May 2010. Yin created a VPN token in the name of a fictional employee and took it with him after being fired. On Nov. 12, Yin broke into Gucci's network and deleted several virtual servers, shut down a storage area network and erased from an email server a disk containing corporate mailboxes. Yin's actions cost Gucci more than $200,000 in diminished productivity, restoration and remediation expenses. Then another case was with David L. Smith in Aberdeen Township, New Jersey created the Melissa virus first appeared on the internet in March of 1999. It spread rapidly throughout computer systems in the United States and Europe. It's estimated that the virus caused 80 million dollars in damages to computers worldwide. Listed below is a graph of how cybercrimes affected individuals around the U.S. in recent times:
Figure 1 – Top 10 IFCC taken from IC3 reports
According to the IC3 report the following chart above show the top ten (10) complaints or attack that is surfacing the internet today and throughout the years of 2001-2010 However, each year was different from each other mainly to deal with the latest in technology at the time and how easy some infrastructure could have been penetrated at the time. However, what is stable all through the years was the cyber-attack of Auction Fraud which is almost 41.03 %. This attack is very popular due to many individuals using the internet to purchase goods and services throughout the world on a daily basis for any needs and essentials.
The next popular attack and still is the Nigerian Letter Fraud, here goods or services that were acquired by individuals online those were never sent or the seller never receive payment for goods. The rest of the different attacks are range from .89 % to 7.99 % however, still play a big role in cybercrimes such as credit card fraud which was a next upcoming major attack in today society where it is the unlawful use of a credit/debit card to falsely attain money or property. Credit/debit card numbers can be stolen from leaky web sites, or can be obtained in an identity theft scheme.
The chart above showed the complaint category from 2006. From the chart it can be seen that most of all the complaints came from auction fraud which can be easily taken placed on any website such as eBay or Amazon for such base cybercrime attacks. The chart above is basically stating the percentage of each top ten complaints category that has been surfacing the internet throughout the year of 2006. At the time, cybercrime or attacks like child pornography, investment fraud, identity theft, financial institution fraud, confidence fraud, and computer fraud was at a minimum. However, Auction fraud and non-delivery cybercrime attacks was on a rise during that year.
Figure 3 – Yearly loss, complaints, and referrals – IC3 reports
The charts above show the different years ranging from 2000 -2009. Each chart has its diverse representation from yearly comparison of the top complaints and the amount of money lost acquired by the IC3 reports. Pay close attention to figure 2 where the chart shows how much money being lost by companies throughout yearly. There is a great significant as the year’s progress so does the amount being lost due to cybercrimes. This is because of new crimes being committed via credit card and auction fraud attacks via internet.
The image above shows the top ten (10) states and countries perpetrators locations. The image on the previous page basically shows the location of perpetrators location via countries and states. According to the image most of all the cyber-attacks took place in the United States followed by Nigeria, Canada, South Africa, Romania, Spain, Indonesia, Russia, Netherlands, and Togo. However, in the United States most of all the crimes are documented in California the most state that undergo a lot of cyber-attack. The other states are New York, Florida, Texas, Illinois, Pennsylvania, Ohio, Arizona, New Jersey and Michigan.
Prevention and Procedure
In this modern age, it seems almost impossible to avoid being a victim of cybercrime, with all the advancements in technology which make it easy for someone to perform cybercrimes. In light of this, there are some ways however to avoid becoming a victim of cybercrime. Most internet browsers email service, and Internet providers provide a spam-blocking feature to prevent unwanted messages, such as fraudulent emails and phishing emails, from getting to your inbox. However, every user must ensure to turn them on and do not turn them off whatsoever. Also, users must install and keep up-to-date antivirus programs, firewalls and spyware checkers. Along with keeping them up to date, users must make sure that they run the scans regularly. There are many companies out there that provide free software, but there are other you can purchase, along with that of the many produced by the leading companies providers; in addition, those companies provide free version of their paid or subscription antivirus software. Encryption of information that you do not want anyone to have unauthorized access to is a good way to avoid some cybercrimes; information such as password and credit card information for example. Encryption software runs your data through encryption algorithms to make it unintelligible to anyone who tries to hack into your computer.
Another good precaution is to be weary of who you divulge your personal information to. Try to avoid unknown websites, in particular those that ask for your name, mailing address, bank account number or social security number. When doing online shopping make sure website is secure, look for urls that starts with “httpsâ€and/or have the Trustee or VeriSign seal. If you do not see these anywhere on the site, you run the risk of submitting credit card information and other personal information to a site that maybe a fraud.
Another way to avoid being a victim of cybercrimes is to avoid being susceptible to common frauds, such as inherences letter, letter asking for your help in placing large sums of money in overseas bank accounts, foreign lotteries, and phony sweepstakes. Those mentioned activities are all methods used by cyber criminals to get your personal information and money. If it sounds too good to be true, it probably is.
Educate children about the proper use of the computer and internet and make sure to monitor their online activities at home and school alike. They should only have access to a computer located in a central area of your home and you should regularly check all browser and email activity. A wise thing to is to use parental control software that limits the type of sites the user can gain access to. In schools, there should be restricted websites and other user restrictions that will help protect the user and entity from cybercrime. Likewise, companies should educate and have written policies governing the workplace pc and its network use to diminish the risk of cybercrime against the company.
One definite way to ensure that you don’t fall victim of cybercrimes is to disconnect your computer entirely from the internet. If there is no network, then you don’t have to worry about any cyber-attacks. However, this option is not the most viable one in our interconnected society. The truth is, it is up to you to take the necessary precautions to avoid potential cybercrimes.
Conclusion
Cybercrimes will always be an ongoing challenge despite the advancements being made by numerous countries. Most countries have their own laws to combat cybercrimes, but some doesn’t have any new laws but solely relies on standard terrestrial law to prosecute these crimes. Along with outdated laws to combat cybercrime, there are still feeble penalties set in place to punish criminals, thus doing no major prevention of cybercrimes’ which affect the economy and people’s social lives on a large scale by those criminals. Consequently, there is a desperate need for countries on a global scale to come together and decide on what constitute a cybercrime, and develop ways in which to persecute criminals across different countries.
It is recommend that until sufficient legal actions can be put in place where individual countries and global ways of persecution criminals, self-protection remains the first line of defense. The everyday individuals and businesses need to make sure they are educated on what to do in terms of prevent in becoming the next victim of cybercrimes. This basic awareness can help prevent potential cybercrimes against them.
It is almost impossible to reduce cybercrime from the cyber-space. Looking back on the many different acts passed, history can be witness that no legislation has thrived in total elimination of cybercrime from the world. The only possible step is to make people aware of their rights and duties and further making more punishable laws which is more stringent to check them. Undoubtedly, the different Acts were and still are historical steps in the virtual world as we know it. This further suggests that there is a need to convey modifications in the Information Technology Act so it can be more effective to fight cybercrimes. Caution should be employed for the pro-legislation educational institutions that the requirements of the cyber laws are not prepared so rigorous that it may delay the growth of the commerce and demonstrate to be counter-productive to many. Remember, cybercriminals are evolving as well in terms of computer knowledge per technological advancement made.
Nevertheless, business should employ practices where their employees follow proper safety practices to ensure that integrity and confidentially of stored information is kept at all times to combat cybercrimes. Safety practices like ensuring that staying off game sites on company time where viruses can be downloaded, forwarding chain emails, leaving workstation unattended or password sharing over virtual mediums should be prohibited. With all these safety practices implemented, it can be said that the safety of many clients stored information is optimal.
References
1. Center, Finjan Malicious Code Research. "Web Security Trends Report." Securing your web (1996-2008): 1-20.
2. eSecurity Planet. 2011. 16 January 2011 <http://www.esecurityplanet.com/trends/article.php/3871456/Cyber-Crooks-Doubled-Their-Take-in-09-FBI.htm>.
3. eSecurity Planet. n.d. 16 January 2011 <http://www.esecurityplanet.com/features/article.php/3872326/FBI-Underboss-Says-Cyber-Criminals-the-New-Mafia.htm>.
4. Justice, Bureau of Justice Assistance U.S. Department of. "Internet Crime Complaint Center." 2009 Internet Crime Report (2008): 1-26.
5. Phil Williams, Cert Coordination Center. "Implications for Business." Organized Crime and Cyber-crime (2002): 1-7.
6. SOPHOS. "SOPHOS." Security Threat Report 2009 (2008): 1-20.
7. Vanlalnunsanga, M. (n.d.). Statistical Report on Cyber Crime. Retrieved 01 29, 2011, from Scribd: http://www.scribd.com/doc/19720457/Statistical-Report-of-Cyber-Crime
8. KSHETRI, NIR. "Positive Externality, Increasing Returns, and the Rise in Cybercrimes." Communications of the ACM 52.12 (2009): 141-144. Academic Search Premier. EBSCO. Web. 22 Jan. 2011.
9. Wall, David S. "Policing Cybercrimes: Situating the Public Police in Networks of Security within Cyberspace." Police Practice & Research 8.2 (2007): 183-205. Academic Search Premier. EBSCO. Web. 25 Jan. 2011.
10. "TREND MICRO 2011 THREAT PREDICTIONS." Computer Security Update 12.1 (2011): 1-3. Academic Search Premier. EBSCO. Web. 14 Jan. 2011.
11. Wall, David S. "Catching Cybercriminals: Policing the Internet." International Review of Law, Computers & Technology 12.2 (1998): 201-218. Academic Search Premier. EBSCO. Web. 19 Jan. 2011.
12. Denning, D., “Cyberterrorismâ€, Testimony before the Special Oversight Panel of Terrorism Committee on Armed Services, US House of Representatives, 23 May 2000. (http://www.cs.georgetown.edu/~denning/infosec/cyberter ror.html)
13. Ghosh, Sumit. "The Nature of Cyber-attacks in the Future:A Position Paper." Information Systems Security 13.1 (2004): 18-33. Academic Search Premier. EBSCO. Web. 19 Jan. 2011.
14. Stephens, Gene. "CYBERCRIME IN THE YEAR 2005." Futurist July 2008: 32+. Academic Search Premier. EBSCO. Web. 15 Jan. 2011.
15. Wall, David S. "Cybercrime, media and insecurity: The shaping of public perceptions of cybercrime." International Review of Law, Computers & Technology 22.1/2 (2008): 45-63. Academic Search Premier. EBSCO. Web. 18 Jan. 2011.
16. Hansen, Brian, and Adriel Bettelheim. "Cybercrime: Congress Addresses the Breach In Online Security." CQ Weekly 60.26 (2002): 1761. Academic Search Premier. EBSCO. Web. 15 Jan. 2011.