Skip to main content

An Overview of Cybercrime, its Precautions and the Preventions


Noman Akhter & Asad Iqbal
Federal Urdu University of Arts, Science & Technology, Pakistan
nomanakhter2020@gmail.com, asadiqbal89@yahoo.com


Abstract

Network security has been a significant for many years. Computer is now becoming as a new crime tool. The growing threat from crimes committed against computers, or against information on computers, is getting the attention of various nations. The excellent role of computer intimated criminals and terrorists to make it their preferred tool for attacking their targets. The internet has provided a virtual battleground for countries having problems with each other such as Israel against Palestine, Taiwan against China, India against Pakistan, China against the US, and many other countries.
This makeable change in the methods of terrorism from traditional methods to electronic methods is becoming one of the biggest challenges to modern societies. The main classes of cyber crime include data diddling, theft of information, hacking, virus attacks, web jacking, Trojan attacks etc.
This paper discusses a complex consequence of cyber crime including discussion on current and emerging forms of computer Related illegalities and techniques and tools used in such crimes. In addition, some preventive measures are discussed that can be taken.
Keywords:
Cyber crime, cyber security, internet fraud, viruses detection, volunerebities, hacking,

Introduction
The terms ‘Computer illegelities’,‘Computer related crimes’ Internet Crime, ‘tech crimes’, , and ‘Cyber Crimes’ are being used interchangeably. The internet is growing fatly. It has given rise to new opportunities in every field we can think of – be it entertainment, business or education. There are two sides to a coin. Internet also has its own disadvantages Naturally, with the growing benefits of technology, the Internet and network configurations comes the growing menace of security breaches, identity theft and cyber crimes.
"The unlawful use of force or violence against persons or property to intimidate or coerce a government, the civilian population, or any segment thereof, in furtherance of political or social objectives."[2]
One of the major demerits is Cybercrime – illegal activity committed on the internet. The internet, along with its advantages, has also exposed us to security risks that come with connecting to a large network. Computers today are being misused for illegal activities like credit card fraud, e-mail espionage, spams, and software piracy and so on, which invade our privacy and hurt our senses. Criminal activities in the cyberspace are on the peak.

"The modern thief can steal more with a computer than with a gun. Tomorrow's terrorist may be able to do more damage with a keyboard than with a bomb".[3]

Spamming is the misuse of electronic communication systems to send unsolicited messages, which are generally undesired. While the most widely identified form of spam is email spam, the term is applied to similar abuses in other media: instant messaging spam, Usenet newsgroup spam, Web search engine spam, and spam in blogs, phone messaging spam, internet frum spam and junk fax transmissions.
Hacking in simple terms means illegal intrusion into a computer system without the permission of the computer owner. The most authentic definition of hacking is the act of illegal access to a computer or computer network. A hacker first attacks an easy target, and then uses it to hide his or her traces for launching attacks at more reliable sites. The target of an attack is to gain complete control of the system (so you can edit or execute any file in any user’s directory), often by accessing to a "super-user" account. This allows both maximum access and the ability to hide your presence.
          Most of the attacks are based on software bugs that an attacker can use to give him or her super-user status. Above example was used by West German hacker "Pengo" who utilized the fact that many systems came with default usernames and passwords which some buyers deny to alter. He succeeds by persistence.
A further method of hacking is to email someone a program that either automatically runs, or that execute when they click on an attachment. This can install a program that will give you cope of their computer. Lopht Heavy Industry’s Back Orifice 2000 (a crude parody of Microsoft’s Office 2000) allows someone to have nearly complete control (running programs, deleting files, viewing the screen, logging typed keys, etc.) over the target computer without being noticed.. 
Spoofing One difficult method of hacking, recognized as IP spoofing, is to get one computer to pretend that it is another one which is trusted by the target system, thus accessing privileges of the latter. Spoofing is the creation of TCP/IP packets using somebody else's IP address. Routers use the "destination IP" address so as to forward packets through the Internet, but discount the "source IP" address. That address is merely used by the destination machine when it responds back to the source. 
Phishing is basically an online con game, and phishes are nothing too much tech-savvy con artists and identity thieves. They use fake Web sites, spam, crime ware and other techniques to trap people into divulging account sign-in information 
A computer virus is a program that can copy itself and infect a computer without consent or knowledge of the user. The original may amend the copies or the copies may modify themselves. A virus can only spread from one system to another when its host is taken to the uninfected computer, such as by a user sending it over a network or carrying it on a removable medium such as a floppy disk, CD, or USB drive. 
A computer worm is a self-replicating program. It uses a network to send copies of itself to other nodes and it may do so without any user intervention. Unlike a virus, it does not need to affix itself to an existing program. Worms constantly damage the network (if only by consuming bandwidth), whereas viruses always infect or corrupt files on a targeted computer. 
Trojan horse is a vicious program that masquerades as a benevolent application. Unlike viruses, Trojan horses do not duplicate themselves but they can be just as destructive. One of the most menacing types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.
Types of Computer Trojan:
Remote Access Trojan: Abbreviated as RATs, Remote Access Trojan is one of seven chief types of Trojan horse designed to provide the attacker with complete control of the sufferers system. Attackers generally hide these Trojan horses in games and other small programs that unsuspecting users then execute on their PCs.
 Data Sending Trojan: A type of a Trojan horse designed to provide the attacker with sensitive data such as passwords, credit card information, e-mail address, log files lists. These Trojans can look for definite pre-defined data (e.g., just credit card information or passwords), or they could install a key logger and send all recorded keystrokes back to the attacker.
 Destructive Trojan: A type of Trojan horse designed to destroy and delete files, and is like a virus than any other Trojan. It can often go unnoticed by antivirus software.
Proxy Trojan: A form of Trojan horse designed to use the victim's computer as a proxy server. This gives the attacker the prospect to do everything from your computer, including the opportunity of conducting credit card fraud and other illegal activities, or even to use your system to launch malevolent attacks against other networks.
FTP Trojan: A type of Trojan horse designed to open port 21 (the port for FTP transfer) and lets the attacker attach to your computer using File Transfer Protocol (FTP).
   Security Software Disabler Trojan: A type of Trojan horse designed stop or destroy security programs such as an antivirus program or firewall without the user perceptive. This Trojan type is normally combined with another type of Trojan as a payload.
 Denial-of-Service Attack Trojan: Short for denial-of-service attack, a type of attack on a network that is designed to bring the network to its knees by flooding it with inadequate traffic. Many DoS attacks, such as the Ping of Death and Teardrop attacks, exploit restrictions in the TCP/IP protocols. For all known DoS attacks, there are software fixes that system administrators can install to limit the damage caused by the attacks. But, like viruses, new DoS attacks are continuously being dreamed up by hackers.
Pornography the first consistently successful ecommerce product. With deceiving marketing strategy and mouse trapping technologies, Pornography persuades customers to access their websites. Anybody as well as children can log on to the internet and access websites with pornographic contents with a click of a mouse. Publishing, transmitting any material in electronic form which is lascivious or appeals to the prurient interest is an offence under the provisions of section 67 of I.T. Act -2000.  
Theft of software through the illegal copying of genuine programs or the counterfeit and circulation of products intended to pass for the original. Retail returns losses worldwide are ever increasing due to this crime. Can be done in various ways-End user copying, Counterfeiting, Hard disk loading, Illegal downloads from the internet etc..
Cyber defamation: The Criminal sends emails containing defamatory matters to all concerned off the victim or post the defamatory matters on a website. Annoyed employee may do this against boss, ex-boys friend against girl, separated husband against wife etc.
Threatening: The Criminal sends ominous email or comes in contact in chat rooms with victim. (Any one irritated may do this against boss, friend or official)
Salami Attack: In such crime criminal makes irrelevant changes in such a manner that such changes would go unobserved. Criminals make such program that deducts small amount like Rs. 2.50 per month from the account of all the customer of the Bank and deposit the same in his account. In that case no account holder will advance the bank for such small amount but criminal gains massive amount. Example citation..
Cyber Stalking: The Criminal follows the victim by sending emails, entering the chat rooms normally.
Sale of Narcotics: There are web sites which propose sale and shipment off contrabands drugs. They may possibly use the techniques off stenography for hiding the messages.
The 7 worst cyber threats in history (that we know about)
We acquire a little taste of cyber threats all the time — but what about full-on cyber warfare? Recently the true harsh potential of a cyber attack became frighteningly clear:
1. Titan Rain
Target: U.S. military Intel
Attacker: China
Damages: In 2004, a Sandia National Laboratories employee, Shawn Carpenter (pictured above), revealed a series of large "cyber raids" carried out by what is believed were government-supported cells in China. "Titan Rain" is the name given to these attacks by the FBI, and it was found that numerous sensitive computer networks were infiltrated by the hackers, such as those at Lockheed Martin and Sandia (owned by Lockheed), but also at the likes of NASA. Titan Rain is considered one of the largest cyber threats in history.                                                                                                                                                            2. Moonlight Maze 
Target: Military maps ,U.S. troop configurations, schematics
Attacker: Russia (Denies involvement)
Damages: Much like Titan Rain, Moonlight Maze represents an action in which hackers penetrated American computer systems and could pretty much raid at will. It's also one of the earlier major cyber infiltrations that we know of, starting in 1998 and continuing on for two whole years while military data was plundered from the NASA,  Pentagon, the Department of Energy and even from universities and research labs.
3. The Estonian Cyber war
Target: Estonia
Attacker: The Nashi, a pro-Kremlin youth group in Transnistria
Damages: What happened to Estonia in 2007 is measured a model of how vulnerable a nation can be to cyber attacks during a clash. In a very short period of time, a variety of methods were used to take down key government websites, news sites and generally flooded the Estonian network to a point that it was useless. The attack is one of the prime after Titan Rain, and was so complex that it's thought that the attackers must have  supported from the Russian government and large telecom companies.
4. Presidential-level Espionage
Target: Obama, McCain presidential campaigns
Attacker: China or Russia (Suspected)
Damages: No one desires to get a message from the FBI saying, "You have a problem way bigger than what you understand," but that's exactly what happened to both Obama and McCain during their run for the 2008 presidency. What was first thought of as simple cyber attacks on the computers used by both campaigns was revealed to be a more concentrated attempt from a "foreign source" that accessed emails and sensitive data. The FBI and secret service swooped in and confiscated all computers, phones and electronics from the campaigns and — with the kind of stuff that gets dug up on the campaign trail — there are probably plenty of folks hoping the FBI keep them.
5 China's "750,000 American zombies"
Target: U.S. computer networks, all levels
Attacker: Chinese hackers (Government-supported, organized crime related, cyber gangs)
Damages: The most horrible fallout from a cyberattack can be what it leaves behind, such as malicious software that can be activated later. That, compounded with current efforts by hackers to infect as many machines as possible using bogus email offers, harmful website code and what-have-you can leave a lot of "zombified" machines. Those machines can then be made into cyber weapons, which can overload a network, website or other machine with a deluge of data known as a DDoS, or distributed denial of service attack. Even back in '07, former senior U.S. information security official Paul Strassmann estimated that there were over 730,000 compromised computers "infested by Chinese zombies.
6. The Original Logic Bomb
Target: Siberian gas pipeline in Soviet Russia
Attacker: U.S. Central Intelligence Agency
Damages: One of the scariest implications of cyber warfare is that the harm isn't always limited to networks and systems. In 1982, the CIA showed just how dangerous a "logic bomb" — a piece of code that changes the workings of a system and can cause it to go haywire — can be. The agency caused a Soviet gas pipeline in Siberia to explode in what was described by an air force secretary as "the most monumental non-nuclear explosion and fire ever seen from space," without using a missile or bomb, but a string of computer code. Today, with the proliferation of computer control, the probable targets are virtually endless.
7. "The Most Serious Breach"
Target: U.S. military computer network
Attacker: "Foreign intelligence agency" (unspecified)
Damages:  one of the worst on an American network happened in 2008. Did it involve thousands of zombie machines and the muscle of a national telecom giant? Nope, you could have held it in the palm of your own hand: a corrupt flash drive. Inserted into a military laptop in the Middle East, the malicious code on the drive created a — according to Deputy Secretary of Defense William Lynn— "digital beachhead, from which data could be transferred to servers under foreign control." The attack acted as another reality check in security, and prompted the Pentagon to form a special cyber military command.
Prevention methods:
Defending Against Spoofing
There are a few precautions that can be taken to limit IP spoofing risks on your network, such as:
Filtering at the Router - Implementing ingress and egress filtering on your border routers is a great place to establish your spoofing defense. It will necessitate implementing an ACL (access control list) that blocks private IP addresses on downstream interface. Moreover, this interface should not accept addresses with internal range as the source, as this is a common spoofing technique used to avoid firewalls. On the upstream interface, restrict source addresses outside valid range, which will prevent someone on your network from sending spoofed traffic to the Internet.
Encryption and Authentication - Implementing encryption and validation will also reduce spoofing threats. Both of these features are included in Ipv6, which will remove current spoofing threats. Additionally, you should abolish all host-based authentication measures, which are sometimes common for machines on the same subnet. Ensure that the proper authentication measures are in place and carried out over a secure channel.

Simple steps to avoid being phished
  • Never respond to emails that request personal financial information
    Banks or e-commerce companies generally personalise emails, while phishers do not. Phishers often include false but sensational messages ("urgent - your account details may have been stolen") in order to get an immediate reaction. Reputable companies don't ask their customers for passwords or account details in an email. Even if you think the email may be legitimate, don't respond - contact the company by phone or by visiting their website. Be cautious about opening attachments and downloading files from emails, no matter who they are from.
     
  • Visit banks' websites by typing the URL into the address bar
    Phishers often use links within emails to direct their victims to a spoofed site, usually to a similar address such as mybankonline.com instead of mybank.com. When clicked on, the URL shown in the address bar may look genuine, but there are several ways it can be faked, taking you to the spoofed site. If you suspect an email from your bank or online company is false, do not follow any links embedded within it.
     
  • Keep a regular check on your accounts
    regularly log into your online accounts, and check your statements. If you see any suspicious transactions report them to your bank or credit card provider.
     
  • Check the website you are visiting is secure
    Before submitting your bank details or other sensitive information there are a couple of checks you can do to help ensure the site uses encryption to protect your personal data:

    Check the web address in the address bar. If the website you are visiting is on a secure server it should start with "https://" ("s" for security) rather than the usual "http://".

    Also look for a lock icon on the browser's status bar. You can check the level of encryption, expressed in bits, by hovering over the icon with your cursor.

    Note that the fact that the website is using encryption doesn't necessarily mean that the website is legitimate. It only tells you that data is being sent in encrypted form.

  • Be cautious with emails and personal data
    Most banks have a security page on their website with information on carrying out safe transactions, as well as the usual advice relating to personal data: never let anyone know your PINS or passwords, do not write them down, and do not use the same password for all your online accounts. Avoid opening or replying to spam emails as this will give the sender confirmation they have reached a live address. Use common sense when reading emails. If something seems implausible or too good to be true, then it probably is.
  • Keep your computer secure
    Some phishing emails or other spam may contain software that can record information on your internet activities (spyware) or open a 'backdoor' to allow hackers access to your computer (Trojans). Installing anti-virus software and keeping it up to date will help detect and disable malicious software, while using anti-spam software will stop phishing emails from reaching you. It is also important, particularly for users with a broadband connection, to install a firewall. This will help keep the information on your computer secure while blocking communication from unwanted sources. Make sure you keep up to date and download the latest security patches for your browser. If you don't have any patches installed, visit your browser's website, for example users of Internet Explorer should go to the Microsoft website.
  • Always report suspicious activity
    If you receive an email you suspect isn't genuine, forward it to the spoofed organisation (many companies have a dedicated email address for reporting such abuse).
Firewalls:
These are programs, which protect a user from unauthorized access attacks while on a network. They provide access to only known users, or people who the user permits.
Frequent password changing:
With the advent of multi-user systems, security has become dependent on passwords. Thus one should always keep passwords to sensitive data secure. Changing them frequently and keeping them sufficiently complex in the first place can do this.
Safe surfing:
This is a practice, which should be followed by all users on a network.
Safe surfing involves keeping ones e-mail address private, not chatting on open systems, which do not have adequate protection methods, visiting secure sites. Accepting data from only known users, downloading carefully, and then from known sites also minimizes risk.
Frequent virus checks:
One should frequently check ones computer for viruses and worms. Also any external media such as floppy disks and CD ROMS should always be virus checked before running.
Email filters:
These are programs, which monitor the inflow of mails to the inbox and delete automatically any suspicious or useless mails thus reducing the chances of being bombed or spoofed.
CONCLUSION
With the outgrowth of computers and internet, cyber crimes are also growing proportionately, and to prevent it steps must be taken faster than criminals to control the cyber crimes.
We all agree that more businesses are converting their data to e format.
Hacking, spamming, spoofing, virus, worms, pornography, cyber stalking etc as part of cyber crime is definitely moving forward, with new tools to hack and new viruses to spread coming
out every day. The urgent need of information security, ethical education and awareness programs cannot be emphasize enough in order to achieve the maximum protection from the hackers and also to protect Cyber world from our own abusive use.
“The result of the "under-reporting" was a lack of reliable information about cyber crimes, which hampered action against cyber criminals, which in turn reinforced the idea that there was little to be gained by reporting them to the authorities”,
Future Predictions
Imagine 2020 china symbol of power..
Offensive disrupt the communications capabilities of the U.S., Japan and their allies.
Chinese military's 60,000-strong cyber warfare group deeply penetrates U.S. military, government and corporate networks. Crushing denial-of-service attacks hamper the Pentagon's efforts to mobilize conventional forces. Deliberately injected misinformation is sent to field commanders and to ships at sea.
The scenario is described in a report by Christopher Bronk, a former U.S. diplomat and an IT policy specialist at Rice University's Baker Institute.

“Prevention is better than cure”
"The modern thief can steal more with a computer than with a gun. Tomorrow's terrorist may be able to do more damage with a keyboard than with a bomb".

REFERENCES

[1] Foote D. (2002, March). Good Ethics at Work Lie in the Hiring. Computerworld. Retrieved July23, 2004 from
http://www.computerworld .com/printthis/2002/0, 4814,68719,00.html
[2] Harvey B. (2004). Computer hacking and ethics. University of California, Berkeley. Retrieved July23, 2004 from http://www. cs.berkeley.edu/ ~bh/hackers.html
[3] Internet Stuff. (2004, May, 25). 2004 ECrime Watch Survey. Retrieve dJuly23,2004 from http://www.cert.org/about/ecrime.html)
[4] Internet Stuff. (2004). Threats and protection by Homeland
Security. Retrieved July23, 2004 fromhttp://www.dhs.gov/dhspublic/ display?theme=30&content=3813

Federal Urdu University of Arts, Science & Technology, Pakistan

Popular posts from this blog

Technology Is Changing

Technology Is Changing!

Details of Alkaram Dealers in Pakistan

Al-Karam dealers in Abbotabad Bombay Cloth House: Main Bazar 099-2330769 Libaas-e-Khaas Cloth House: Jadoon Plaza, Mandiyaan 0300-9353320 Rabi Collection: Supply Bazar, Mandiyaan 099-2342422 Stylo Fabrics: Najam Plaza, Mandiyaan 0302-8107945 Al-Karam dealers in Ali Pur Aamir Cloth: Bano Bazar 0333-7679585 Al-Karam dealers in Badin Shafi Khati Cloth: 0333-2523244 Noman Cloth Store: 0346-3755590 Al-Karam dealers in Bhawalpur Karam Cloth Centre: Bhawalpur Trade Centre 062-2880212 Wahab Fabrics: AB Centre, Galla Mandi Road, Modern Town B 0300-9682564 Pasha Fabrics: Satellite Town, Commercial Area, 45-C 0300-9683429  Al-Karam dealers in Burewala Saab Jee Fabrics: Rail Bazar 067-3773355 Al-Karam dealers in Chicha Watni Arab cloth House: Main Bazar 040-5486325 Bhular Cloth House: Main Bazar Al-Karam dealers in Chistiyaan Fancy Cloth House: Main Bazar Al-Karam dealers in Dadu Raja Asad Cloth Store: 0254-612102 Al-Karam dealers in Deepalpur Mu...

All EBooks Collection of Wrox Press

Collection of useful eBooks for I.T Professionals. all files in pdf format. You can download only one book if you want after adding torrent in your client and select the file you want to download. There are 9 parts of  file saver links below: ASP.NET 2.0 Instant Results.pdf 10.16 MB ASP.NET 2.0 Visual Web Developer 2005 Express Edition Starter.Kit.pdf 12.05 MB Beginning ActionScript 2.0.pdf 12.02 MB Beginning Ajax.pdf 4.03 MB Beginning ASP.NET 3.5 In C# and VB.pdf 35.59 MB Beginning C# 2005 Databases.pdf 6.20 MB Beginning C# 2008.pdf 9.81 MB Beginning Database Design.pdf 6.92 MB Beginning Expression Web.pdf 11.72 MB Beginning Infopath 2003.pdf 12.03 MB Beginning Microsoft Visual C Sharp 2008.pdf 17.40 MB Beginning Regular Expressions.pdf 24.24 MB Beginning Shell Scripting.pdf 8.85 MB Beginning SQL Server 2005 Administration.pdf 5.18 MB Beginning SQL.pdf 8.94 MB Beginning Unix.pdf 8.16 MB Beginning Visual Basic .NET Database Programming.pdf 6.70 MB Beginning Visual Basic 2005 Datab...