gdpr-cookie-consent domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u570418163/domains/altechbloggers.com/public_html/wp-includes/functions.php on line 6131Computer crime: also known as cybercrime, e-crime, high-tech crime, and electronic crime — can include many different types of crime. If a computer or network is the source, target, device, or location of the crime, it is considered a type of computer crime. Other crimes that can be facilitated by computer crime are fraud, theft, blackmail, forgery, and embezzlement.
1.Hacking • Unauthorized access to data held on a computer system. • Often by employees who have gained access to others’ passwords/IDs. • Motives can be mischievous or malicious • Criminal offense — punishable by prison.
2. Fraud • False representation of a legitimate enterprise. • Payment taken for a purchase when a product has not been delivered. • Pyramid schemes. • False claims, making a product appear better than it is in reality.
3. Money Theft • Credit card fraud. • Fraudulent purchases using the card.
4. Logic bomb • Similar to a virus. • Sometimes distributed via a virus. • Specially written to destroy or subtly alter the contents of a computer system or documents. • Usually requires a trigger to activate. • Has been used to extort money from businesses.
5. Virus • Program developed to cause harm or inconvenience to computer users. • ‘Caught from infected floppy disks, e-mail attachments, exe programs on internet pages’. • Spreads very fast from one computer to another. The virus is capable of reproducing itself. • May display strange messages, use up all the computer memory, destroy data files or cause serious system errors. • Effects can be devastating such as the ‘I love you’ virus of 2000. • Can remain dormant until a certain date such as the Friday the 13th virus.
6. Data Theft • Theft of computer hardware, with the theft of data. • Hacking and stealing data for industrial espionage — to sell to competitors or use for one’s own benefit.
Computer crimes are covered under both federal and state laws. Due to the nature of technology, including the use of the Internet, computer crimes often cross state borders and therefore involve federal laws and federal prosecution. These can be classified into two distinct categories of crimes; one in which the target is the network or computer, and the other in which the crimes are perpetrated or quickly carried out by a computer. Due to the use of the Internet for e-commerce and the complete dependence of many businesses on technology, computer crimes are projected to increase. As new technologies take hold, criminal elements will infiltrate systems for their own benefit.
Ever since the Act came into existence, there have been several demands for changes to ensure that the Act makes provisions to curb the menace of cybercrime, issues of data leaks and personal privacy have also started making news. These demands for change were further strengthened by the BPO industry in India, which had to submit certificates of data security and privacy in India to bid for international projects being outsourced from western countries. A major amendment was made to the Act from 6 February 2003 as a result of the passage of the relevant legislation called the Negotiable Instruments Amendment Act, 2002. The amendment to the Negotiable Instruments Act, 2002 recognised cheques in electronic form for the first time.
Despite these changes, the Government of India, understanding the changing scenario of online interactions, constituted an Expert Committee under the Ministry of Information Technology to suggest amendments to the Act to keep it relevant. The main reasons for considering changes in the Act were, a. The subject matter is information technology, which is evolving at a rapid pace; b. It adopts a more in-depth approach as opposed to the usual framework for regulating information technology. The committee pointed out several loopholes in the Act and proposed amendments in a report submitted to the Ministry of Information Technology. The result was the Information Technology Amendment Bill, 2006 based on the report submitted by the expert committee. Meanwhile, a Personal Data Protection Bill was introduced in the Rajya Sabha in 2006 to provide protection against data leaks and personal privacy. However, this bill is yet to be passed. The Information Technology Act 2000 Amendment Bill 2006 has since been passed by the Indian Parliament on 23 December 2008.
Cyber crimes are crimes committed in electronic means where mens rea is not required. Cambridge dictionary defines cyber crimes as crimes related to computers committed with the use of computers or especially through the internet. Cyber crime is an unlawful act in which the computer is either a tool or target or both. Cyber crime is a general term, which refers to all criminal activities committed using computers, internet cyberspace and the worldwide medium. Cyber crimes are crimes that take place in digital space, which is the aggregation of virtual spaces arising from the transaction space and connections within each connected computer. In short cyber crimes can be defined as any offence or contravention under any law committed using electronic documents.
Cyber crime is a mixture of two words: ‘cyber’ — relating to the internet or other electronic networks and ‘crime’ — criminal activity. According to Oxford Learner’s Dictionary the word cyber literally means: “connected with an electronic communication network, especially the internet.” The term cyber is commonly misunderstood as a term relating only to the web and the Internet; it also includes other communication networks, electronic networking devices such as cellular networks and devices, telephones and many other e-devices. The term crime as defined by the Merriam-Webster dictionary is: “An act or omission to do a thing which is prohibited or which is ordered by a public law and which makes the offender liable to punishment by that law. The Oxford dictionary also defines crime as: ‘An act punishable by law.’
Cybercrime includes all criminal offences which are committed with the help of communication devices in a network. It may be the Internet, telephone lines or mobile networks for example. It is also known as computer crime and involves the use of computers to carry out illegal purposes such as committing fraud, trafficking in child pornography and intellectual property, stealing identities or violating privacy. Cybercrime, especially through the Internet, has grown in importance as computers have become central to commerce, entertainment and government. In his book ‘What is Cybercrime? In 2005, author Nagpal R. defines it as: “unlawful act in which the computer is either a tool or a target or both”.
At the Tenth United Nations Congress on the Prevention of Crime and the Treatment of Offenders, in a workshop devoted to issues of crimes related to computer networks, cybercrime was divided into two categories and defined as follows: a. Cybercrime (computer crime) in the narrow sense: Any illegal behaviour directed through electronic operations that targets the security of computer systems and the data processed by them. b. Cybercrime (computer-related crime) in the broad sense: Any illegal behaviour committed through or in relation to a computer system or network; including crimes such as illegal possession (and) offering or distribution of information through a computer system or network.
Cyberspace is the most coveted place for e-commerce, entertainment, social networking, information and many more things. But, due to evil minded people ‘netizens’ (a combination of internet and citizens for persons using internet) nowadays this technology is being used to commit crimes, which we call cybercrime. Some examples of cyber crimes are hacking, spamming, identity and privacy theft, fraud, viral and worm attacks, e-mail bombing, cyber tort, cyber terrorism, smuggling, pornography etc. These crimes in cyberspace have been a nuisance and a burden on the pockets of other users since the early days. In the early centuries only the developing countries and mainly the US had accepted computers and the internet and they were the early victims of the cyber villains. However, in the contemporary world there is hardly a village left that has not been affected by some form of cyber crime.
Cyber crime is an evil that has originated from the increasing dependence on computers in modern life. A simple but strong definition of cyber crime would be “unlawful act in which the computer is either a tool or target or both”. It would be inappropriate to define cyber crimes as “acts punishable by the Information Technology Act”, as the Indian Penal Code also includes many cyber crimes, such as e-mail spoofing, cyber defamation etc.
Against the economy—In the present world cyberspace has become the place where commerce and transfer of money is taking place, which is very attractive for criminals
Equipped with technological sophistication, it has become very easy for criminals to broadcast their activities in the cyber world. Some of these crimes are as follows:
All intellectual property systems must be supported by a strong judicial system to deal with both civil and criminal offences, staffed by an adequate number of judges with appropriate background and experience. Intellectual property disputes are among the main matters to be decided under civil law and the judicial system must make every effort to deal with them not only fairly but also expeditiously. Without a proper system to enforce rights and to enable individuals to oppose the grant of rights to others, the intellectual property system will be of no value. Digital technology allows perfect reproduction and easy dissemination of print, graphics, sound and multimedia combinations. Theft and infringement of intellectual property rights is one of the most serious crimes committed in cyberspace. Section 2(o) of the Copyright Act, 1957 provides copyright protection in India to the term ‘literary work’ which includes computer programs, tables and compilations including computer databases and criminal proceedings can be initiated under Sections 63–70 of the Act.
Cyber warfare is Internet-based conflict that involves politically motivated attacks on information and information systems. Cyber warfare attacks can disable official websites and networks, disrupt or disable essential services, steal or alter classified data, and cripple financial systems — among many other possibilities. Cyber warfare has gained so much support among military strategists that most militaries around the world have dedicated cyber warfare teams for defensive and offensive operations. Defense planners around the world are investing heavily in means of information warfare — disrupting the information technology infrastructure of defense systems.
Over the past 20 years the technology of electronic data processing — computers — has come to play a major role in business and government. It would be hard to imagine a person whose life is not affected by computers in one way or another, since virtually everyone who has a bank account, engages in any type of credit transaction, or transacts with the government or any large organization is affected by computers in one way or another. Computers are now an indispensable tool for banking, corporate records and various activities of the government. The following diagram shows the many different ways in which cyber criminals can make money by hacking. But the very features of technology that make it a boon to society also increase the possibility of its misuse. The absence of a tangible printed record of credit transactions is evidence of the efficiency of computers, yet it leaves the auditor without the accustomed “paper trail” to verify accounts. The computer need not be operated at any particular location but can be operated remotely using telecommunication facilities. This too may increase the possibility of misuse, as now the thief need not be near the crime scene but can make off with the wealth confined to electronic impulses from the relative safety of a computer terminal. Computer related crimes covered under IPC and special laws:
One of the biggest lacunae in the field of cyber crime is the lack of comprehensive legislation anywhere in the world. The problem has become even more severe due to the disproportionate growth ratio of the internet and cyber laws. Though a beginning has been made with the enactment of the Information Technology Act and amendments in the Indian Penal Code, problems associated with cyber crimes still persist.
1. Jurisdiction is a highly debatable issue with regard to the maintainability of any suit filed. Today with the growing branches of cyberspace the territorial boundaries seem to be vanishing. Thus the concept of territorial jurisdiction as envisaged under Section 16 of Cr PC and Section 2 of IPC has to give way to an alternate method of dispute resolution.
2. Loss of evidence is a very common and expected problem as all data is destroyed regularly. Moreover, collection of data outside the territorial boundary also cripples the system of crime investigation.
3. Cyber Army: There is also an imperative need to build a high technology crime and investigation infrastructure with high tech staff at the other end.
4. A law regulating cyber-space, which India has enacted.
5. Though Section 75 provides for extra-territorial operation of this law, they can be meaningful only if there are provisions recognising information orders and warrants issued by competent authorities outside their jurisdiction and measures for cooperation among law enforcement agencies for sharing of material and evidence of computer crimes.
6. Cyber-savvy judges are the need of the hour. Judiciary plays a vital role in shaping the enactment as per the order of the day. One such case, which needs appreciation, is the Public Interest Litigation, which has been accepted by the Kerala High Court through email. ‘Perfect’ is a relative term. Nothing is perfect in this world. The persons who make laws and bye-laws are also not perfect. Hence the laws made by them cannot be perfect. Cyber law has emerged from the womb of globalisation. It is on the threshold of evolution. In its approach to the varied and complex issues it would become a part of the law of its time.
Cyber crime cases have increased significantly in India. However, there is a lack of awareness among the general public as well as the police and judicial system regarding cyber law and cyber crimes. As a result, most cyber crimes go unreported. Even if some cyber crimes are reported, they are not properly investigated and result in very few cyber crime convictions. In most cases, lack of conviction for cyber crime is the primary result of the lack of proper legal aid to prosecute cyber crimes. We have very few cyber law firms in India that are actually cyber law firms. Perry4Law is one of the best cyber law firms in India providing cyber law and other tech legal services. In fact, Perry4Law’s Techno Legal Segment, known as Perry4Law’s Techno Legal Base (PTLB), is managing India’s exclusive techno legal cyber crime investigation center. Cyber Crime Investigation Centre is playing a pivotal role in conducting cyber crime investigations in India and providing techno legal services to victims of cyber crimes and cyber frauds.
With the rapid digitization of businesses and increasing cyber attacks, organizations and governments are justifiably concerned about the security of computer networks and infrastructure. A deeper and richer understanding of the principles and objectives; necessary and sufficient conditions for web attacks; and patterns of origin and targets will help managers as well as national and international policy makers to formulate strategies to combat such crimes. India’s cyber laws are contained in the Information Technology Act 2000. The Act came into force after the Information Technology Bill, 2000 was approved by both the Houses of Parliament in May, 2000. The Bill received the assent of the President of India in August, 2000 (Information Technology Act 2000). The purpose of the Information Technology Act 2000 is to provide the legal infrastructure for e-commerce in India. At this juncture, it is relevant to understand what the Information Technology Act 2000 provides and what are its various approaches.
During the recent financial crisis, no issue has aroused more passions than the bailout of financial institutions. The standard rationale for the bailout has been one of necessity and fear: federal regulatory agencies must have more authority to respond to the crisis, or else the public will face dire consequences. But does this rationale hold up on closer inspection? The country’s federal financial regulators and politicians claim to have saved the U.S. economy. The truth is that they have done everything within their power to increase their influence — often away from the eyes of the public and the media. Rather than openly explain their actions, bailout agencies have attempted to prevent the public from reviewing their decision-making, often at a cost to taxpayers. Identity theft and fraud are crimes in which someone wrongfully obtains another person’s personal data and uses it for financial gain through fraud or deceit. To avoid these types of crimes, one should avoid giving out personal details to others.
Another category of money-related crime is credit card fraud. Here too one’s credit card can be wrongly used for personal gain. This risk has increased manifold as people shop online through their credit cards. Websites offering products take all the details of the credit card and store the information on the server. So anyone who can access the server can use the credit card details for financial gain. Also, financial fraud includes market manipulation schemes, issuing false stocks, online gambling, selling of illegal goods.
The term fraud is not defined in the Indian Penal Code. However, the term ‘fraudulently’ is defined in Section 25 of the IPC as, no fraud can take place unless there is an intent to cheat. Wherever the words such as cheating, intent to cheat or committing an offence by fraud occur in the definition of an offence under the IPC, at least two elements are necessary for committing that offence. 1. Cheating or intention to cheat, and 2. Intention to cause either actual injury or potential injury or exposure of any person to actual or potential injury. Both the essential requirements of fraud, viz., intention to cheat or defraud, and actual or threatened injury to a person are present in all situations where the objective is to obtain a gain at the risk of causing harm to others.
Computer is now emerging as a new crime tool. The growing threat from crimes committed against computers or against information present on computers is attracting the attention of various countries. The unprecedented growth of computer and internet services has led to the problem of cyber crime proliferation due to investigation difficulties and lack of strong evidence. Moreover, the existing laws and preventive measures are not effective in curbing such crimes. This lack of legal protection demands businesses and governments to adopt concrete technological measures to protect themselves from those who would steal, deny access to or destroy valuable information. This article discusses the effects of cyber crime, including current and emerging forms of computer-related illegalities and the tools and techniques used in such crimes. In addition, some preventive measures are suggested that can be adopted by corporate houses and law enforcement agencies, including the creation of new laws and the issues that arise thereafter.
Computer crime is an expanding division of criminal activity. Also known as cyber crime, its cases include intrusion/intrusion, financial and identity theft, espionage, and cyber warfare. Computer crime may also include child pornography and copyright infringement as well as any other illegal activity done with the aid of computers. The law is not only for the people but the people are also on the side of the law. Prevention is better than cure and hence the common people should take some preventive measures to avoid the evil eye of cyber crimes. First comes ‘vigilance.’ The enemy cannot be fought without knowing him. Thus, people need to be aware and alert about the dark crevices of cyberspace and the crimes happening within it. Netizens should be updated with information about the cyber world and the techniques to use them. Moreover, the authorities should also be aware of these areas of the internet so that they can manipulate the law to solve the problems of cyberspace. Cyber insurance should also be done for the companies so that their losses can be compensated.
Thousands of cyber crimes take place in the country every year. Yet, not a single Indian insurance company offers a comprehensive anti-cybercrime policy for the corporate sector. “The number of people taking cyber crime insurance in India is very low, mainly because of the high cost compared to their risk. These policies are high priced and are customised for banks at the request of some brokers. We sell one or two policies a year,” an HDFC ERGO official told IANS. Anti-virus software should be updated regularly and firewalls and spyware should be installed in every computer system. Every site should not be blindly provided with information. One should trust only those sites he trusts. Keeping an eye on children by parents can serve as an anti-pornography drive.
It will be good for both children as well as parents to eliminate cyber crime. Backups should be kept for important data so that viral contamination cannot destroy any important information. Another milestone in ensuring the safety of people through advanced means of information technology was added with the launch of Cyber Crime Investigation Cell by the Governor of Punjab and Administrator, Union Territory, Chandigarh, Gen (Retd) S. F Rodrigues, at an impressive ceremony at the police station. This cell, set up by Chandigarh Police in partnership with NASSCOM and Punjab Engineering College, Chandigarh, will help in investigating computer-related crimes such as unauthorized access to computers, online banking frauds, “phishing”, sale of illegal items like wildlife products, drugs, etc., pornography, online gambling, e-mail spoofing and cyber stalking. A new law should be made which deals with the evils of cyber crime comprehensively covering all areas of cyberspace and appointing officers who have legitimate qualifications fully proficient in cyberspace and crimes committed therein. By following some of these methods, the world of cyberspace can be in safe hands and cyber crimes can be prevented more efficiently.
1.Children: Children should not give out identifying information such as name, home address, school name or telephone number in chat rooms. They should not share pictures with anyone on the net without first checking or informing parents or guardians. They should not respond to messages that are obscene, offensive, confrontational or threatening, and should not arrange face-to-face meetings without informing parents or guardians. They should remember that people online are probably not what they seem.
2. Parents: Parents should use content filtering software on PCs to protect children from pornography, gambling, hate speech, drugs and alcohol.
There is also software to set time controls for the use of Limpets (for example blocking use after a particular time) and allow parents to see which sites their children have visited. Parents can use this software to monitor the type of activities children are doing.
3. General information: Do not delete harmful communications (emails, chats, etc.). They will provide important information about the system and the address of the person behind them: Try not to panic. Contact your local police if you feel any immediate physical danger. Avoid getting into big arguments online during chats and discussions with other users. Remember that all other internet users are strangers; you do not know who you are chatting with. So be careful. Be extremely careful when sharing personal information about yourself online. Choose your chatting nickname carefully just like others. Do not share personal information online in a public place; do not give it to strangers. Be extremely careful when meeting a person introduced online. If you want to meet then meet in a public place with a friend. Log off if the situation online becomes hostile and contact the local police if the situation makes you afraid. Preserve all communications for evidence. Do not edit it in any way. Also, keep a record of your contacts and inform law enforcement authorities.
The computer is now emerging as a new crime tool. The growing threat from crimes committed against computers or against information present on computers is attracting the attention of various countries. The unprecedented growth of computer and internet services has led to the problem of cyber crime proliferation due to investigation difficulties and lack of strong evidence. Moreover, the existing laws and preventive measures are not effective in curbing such crimes. This lack of legal protection demands businesses and governments to adopt concrete technological measures to protect themselves from those who would steal, deny access to or destroy valuable information. This article discusses the effects of cyber crime, including current and emerging forms of computer-related illegalities and the tools and techniques used in such crimes. In addition, some preventive measures are suggested that can be adopted by corporate houses and law enforcement agencies, including the formulation of new laws and the issues that arise thereafter.
Computer crime is an expanding division of criminal activity. Also known as cybercrime, cases include intrusion/intrusion, financial and identity theft, espionage, and cyber warfare. Computer crime can also include child pornography and copyright infringement, as well as any other illegal activity carried out with the aid of a computer.
1.Physical Security: Overview: If an intruder gets physical access to a computer, he can easily gain access to the information stored on the computer. Methods include putting the computer under your arm and collecting data from it at your leisure, using a ‘rescue disk’ or some other method of turning on the computer without a password, removing the hard drive and turning it on to your computer with full access to the information stored on the drive. Most operating systems have some method of starting the computer without a password — this is done intentionally, as most organizations lose or forget important passwords at one time or another. This can only be done if someone is physically present at the computer, however — operating system designers rely on the user being aware of this fact, and keeping the computer room secure. Most operating systems have ways to disable the ‘no password’ start — if you want to implement them, be extremely careful and document the passwords thoroughly. But keep a copy of the password safe. Physical security is the most sensitive component, because cybercrime prevention Computer networks must be protected from access by unauthorized persons.
2. Access Control: In simple terms, the term ˝access control˝ describes any technology used to control entry or exit to an area. Standard locks using a brass key can be considered a simple form of ˝access control system˝. Over the years, access control systems have become more and more sophisticated. Nowadays, the term ˝access control system˝ is often used to describe computer-based, electronic card access control systems. An electronic card access control system uses a special “access card” instead of a brass key to allow access to a secured area.
Access control systems are commonly used to control entry to exterior doors of buildings. Access control systems can also be used to control entry to certain areas located in the interior of buildings. The purpose of an access control system is to provide quick and convenient access to authorized individuals, while restricting access to unauthorized persons. Very few employers allow all of their employees access to all facilities every time. This is why more and more people are using electronic access control to limit employees’ access to their facilities. At a minimum, an electronic access control system can be used to allow only employees to enter the building after work hours, and it provides excellent documentation of when and where employees enter and exit. Access control is the only technology that actively attempts to keep unauthorized individuals out of areas within a building or facility, and it is an ideal complement to video surveillance, burglar and fire systems in a comprehensive security solution offering. Access control systems are typically implemented using firewalls, which provide a centralized point from which entry is permitted. Firewalls allow only authorized communication between internal and external networks.
3. Password: A password is a blank sequence of characters used to determine that a computer user requesting access to a computer system is in fact that particular user. Typically, users of multiuser or securely protected single-user systems claim a unique name (often called a user ID) that can be generally known. To verify that the person entering the user ID is in fact that person, a second identity, the password, known only to that person and the system, is entered by the user. Passwords are usually between 4 and 16 characters long, depending on how the computer system is set up. When a password is entered, the computer system is careful not to display the characters on the display screen, as others may see them. Proof of identity is an essential component of identifying intruders. The most common security uses of passwords for network systems include servers, routers, and firewalls. Almost all systems are programmed to ask for a username and password for access to the computer system. This provides authentication of the user. The password should be changed at regular intervals and should be alpha-numeric and difficult to guess.
4. Finding loopholes in the network: Exploits on the Internet have caused billions of dollars in damages. These exploiters are intelligent cyber terrorists, criminals and hackers whose war chest contains a plethora of tools ranging from spyware, root kits, Trojans, viruses, worms, bots and zombies to various other assorted threats.
Exploits can be developed and harvested the same day the security hole is announced—in so-called “zero-day attacks”—so preventing them is becoming increasingly difficult. Open source malware code freely available on the Internet is making this phenomenon possible and cannot be reversed. Although the number and type of exploits “in the wild” continue to grow rapidly, there are less than a dozen main methods used for their implementation and dissemination. Most exploits can be removed, but some exist indefinitely and can only be destroyed or removed with loss of data — you’ve probably heard of these “root kits.” If security holes, also known as common vulnerabilities and exposures (CVEs), are not removed, most exploits will re-infect the host. System managers should find holes before intruders do. Many networking product manufacturers are not particularly vigilant about information about security flaws in their products. Organizations should therefore work hard to detect security flaws, bugs, and vulnerabilities and report their findings when confirmed.
5. Using a network scanning program: Network scanning is the process of identifying active hosts on a network, either for the purpose of attacking them or for network security assessment. Scanning processes, such as ping sweeps and port scans, return information about which IP addresses correspond to active live hosts on the Internet and what services they provide. Another scanning method, inverse mapping, returns information about which IP addresses do not map to live hosts; this enables the attacker to make assumptions about viable addresses.
Scanning is one of three components of intelligence gathering for an attacker. In the foot printing phase, the attacker builds a profile of the target organization, including information such as its Domain Name System (DNS) and e-mail servers and its IP address ranges. Most of this information is available online. In the scanning phase, the attacker gets information about the specific IP addresses that can be accessed on the Internet, their operating systems, system architecture, and the services running on each computer. In the enumeration phase, the attacker collects information such as network user and group names, routing tables and Simple Network Management Protocol (SNMP) data.
There is a security administration tool called UNIX, which is available free of cost on the Internet. This utility scans and collects information about any host on the network, regardless of what operating system or service the host is running. It checks for known vulnerabilities including bugs, security weaknesses, inadequate password protection, etc. Another product called COPS (Computer Oracle and Password System) is available. It scans for bad passwords, dangerous file permissions and dates of key files older than the dates of CERT security advisories.
6. Using Intrusion Alert Programs: This tool is designed to facilitate interactive analysis of alerts reported by intrusion detection systems (IDS). It was started as a prototype system and was developed to validate the method of correlating intrusion alerts based on the pre-requisites and consequences of known attacks (see our paper in CCS ’02). Now it is serving as a platform to test and validate our techniques for intrusion analysis. Who would like to turn our techniques into a practical tool that helps in intrusion analysis in real-world applications. TIAA is written in Java. The current version is an offline tool interacting with DBMS. Since it is important to identify and close the existing security loopholes, you also need to put some watchdogs into service. There are some intrusion programs, which identify and report suspicious activity so that necessary action can be taken. They need to work continuously so that all abnormal behavior on the network can be caught immediately.
7. Using encryption: Encryption is a process that is applied to text messages or other important data, and alters it to make it humanly unreadable, except by someone who knows how to decrypt it. The complexity of the algorithms used means that a strongly encrypted message can require thousands of years of processing by very fast computers to break the encryption.
The most popular use of encryption is to secure web servers that are accessed by the https protocol rather than http, so that data such as credit card details can be sent securely over the Internet. Encryption is converting data into a form, called cipher text, that cannot be easily understood by unauthorized people. Decryption is the process of converting encrypted data back into its original form, so that it can be understood. Encryption/decryption is particularly important in wireless communications. This is because wireless circuits are easier to tap than their hard-wired counterparts. Nevertheless, encryption/decryption is a good idea when making any type of sensitive transaction, such as making a credit card purchase online, or discussing company secrets between different departments of an organization. The stronger the cipher — that is, the harder it is for unauthorized people to break — the better in general. However, as the strength of encryption/decryption increases, so does the cost.
Encryption is able to transform data into a form that makes it nearly impossible to read without the right key. This key is used to provide controlled access to information to selected people. Information can be passed on to anyone but only those with the right key are able to view the information. Encryption allows confidential documents to be sent by e-mail or confidential information to be saved on a laptop computer without fear that the data will become public if someone steals it. With the right encryption/decryption software installed, it will connect to the mail program and automatically encrypt/decrypt messages without user interaction.
1.Jurisdiction: The power or authority of a legal or political agency to exercise its authority over a person, subject matter or territory. Jurisdiction over a person relates to the right to prosecute him as a defendant. Jurisdiction over a subject matter relates to the authority derived from the constitution or laws of the country to consider a particular case. Jurisdiction over a territory relates to the geographical area over which the court has the authority to decide cases. Concurrent jurisdiction exists where two courts have simultaneous responsibility for the same case. Cyber attacks have benefited from jurisdictional arbitrage. Due to sophistication and novelty, jurisdictional arbitrage is higher for cyber crimes than for other traditional crimes. Only the US and the UK have laws that are adequate in defining cyber crimes and prescribing penalties. Lack of strong rule of law is associated with the origin of more cyber attacks. A strong rule of law is characterised by effective penalties for violators and regulatory sanctions for defectors, increasing the ability to successfully prosecute fraudulent online transactions. There are international differences in terms of laws to reduce vulnerability to cyber attacks
Organized cybercrime often originates from countries that have little or no laws against cybercrime and little ability to enforce existing laws. For example, when a Filipino hacker launched the “Love Letter” virus in 2000, the estimated damages in the US were between 4–15 billion dollars. But the US government could not do anything to prosecute the hacker or recover damages because the Philippines at that time had not enacted laws that prohibit such crimes. However, many countries around the world have enacted cybercrime laws. The laws of a country also determine what is considered a cybercrime. National laws also facilitate or restrict the ability of law enforcement agencies to act on potential elements related to cybercrime. For example, in the US, the FBI has deemed militant Islamist websites legitimate, as even the most hateful internet speech is permitted under the First Amendment, provided they do not directly incite violence or raise funds. In contrast, in a cyber conflict with an NGO called Think Centre (Asia) in Singapore, state authorities reportedly used surveillance and intimidation. There are reports that the Singapore government actively scans and monitors e-mails and that a number of computers used by various groups and individuals have been hacked. Law enforcement agencies’ responses to different types of cybercrimes also vary. Experts argue that law enforcement authorities in some countries do not take heavy-handed action against hackers who attack international websites and are more interested in protecting national security.
2. Motivation: Internal and external factors stimulate the desire and energy in people to have a sustained interest in and commitment to a job, role, or subject, or to exert effort to achieve a goal.
Motivation arises from the interaction of both conscious and unconscious factors such as (1) the intensity of the desire or need, (2) the incentive or reward value of the goal, and (3) the expectations of the individual and his or her peers. These factors are the reason why a person behaves in a certain way. An example of this is a student who spends extra time preparing for a test because he wants a better grade in the class.
Given the diversity of computer-related crimes, it is not surprising that the different types of behavior discussed above arise from a variety of motives. Some of these are as old as human society itself, including greed, lust, revenge, and curiosity. Revenge in the modern era may also involve an ideological dimension. Quite important, if not unique, to computer-related crime is the intellectual challenge of defeating a complex system. The motivation of hackers and crackers may be the theft of information or other assets, or simply an act of power, in which he or she feels powerful in being able to break into a system representing a large business or government organization.
3.Opportunity: Definition: An exploitable set of circumstances with an uncertain outcome, which requires a commitment of resources and involves risk.
Examples of opportunity: 1. You will have an opportunity to ask questions after the presentation. 2. When the opportunity came for her to prove she could do the job, she was ready. 3. I had the rare opportunity to speak to the President. 4. Studying abroad provides a great opportunity to learn a foreign language. 5. Job opportunities for graduates this year are low. 6. I would like to take this opportunity to thank all those who helped me with this book. The rapid increase in the connectivity of computing and communications creates parallel opportunities for potential victims. As the Internet becomes a medium for commerce, it will also become a medium for fraud. There are many technologies that reduce the opportunity to commit computer-related crime, such as technologies of authentication, from basic passwords to various biometric devices such as fingerprints or voice recognition technology, and retinal imaging, which greatly increase the difficulty of gaining unauthorized access to information systems. Virus detectors can identify and block malicious computer code; blocking and filtering programs can screen out unwanted material. There now exists a rich variety of commercial software through which access to certain sites can be blocked.
4. Guardianship: Lack of competent guardianship is also a factor in cybercrime. Guardianship against cybercrime includes preventive efforts on the part of potential victims, contributions from members of the general public or commercial third parties, as well as the activities of law enforcement agencies. Indeed, it is often only when private efforts at crime prevention fail that the criminal process is activated. Competent guardianship has evolved throughout human history, from feudalism to the rise of the state and the spread of public institutions of social control, to the postmodern era, in which private security services in many industrial democracies far outnumber sworn police officers. The basic tenets of opportunity theory are that the level of crime is determined by the availability of suitable targets, the presence of motivated offenders, and the absence of competent guardians.
5. Enforcement: At the present time, even where crimes are reported, the prosecution rate is not very high according to worldwide available trends. Criminal justice administration systems are not equipped to deal with the highly technical crimes that occur in the cyber world. In the absence of the required technical knowledge, traditional laws, procedures and systems are unable to understand the nature of crime investigation and evidence in cyberspace. There is a need to enhance understanding of the peculiarities of cyber crimes and cyber evidence by judicial authorities. The final decision on any criminal prosecution rests with the judiciary and unless a level of awareness is raised among them to meet the challenge of increasing cyber crimes, the rate of successful prosecution will remain low. Therefore, there is a need to enhance judicial understanding of cyber issues to deter potential criminals from committing any crimes in cyberspace.
Cyber crime is an evil that has its origins in the increasing dependence on computers in modern life. “A simple but strong definition of cyber crime would be unlawful acts in which a computer is either a tool or a target or both”. It would be inappropriate to define cyber crimes as “acts punishable by the Information Technology Act”, as the Indian Penal Code also includes many cyber crimes, such as e-mail spoofing, cyber defamation, etc. Cyber crime in the narrow sense (computer crime): Any illegal behaviour directed through electronic operations that targets the security of computer systems and the data processed by them. 2. Cyber crime in the broad sense (computer-related crime): Any illegal behaviour committed through or in relation to computer systems or networks, including crimes such as illegal possession [and] offering or distribution of information through computer systems or networks. Cyber crime refers to all activities carried out with criminal intent in cyberspace. These fall into three slots. Against individuals. Against commercial and non-commercial organisations. Crime targeting the government.
Threat perception is defined as a deep sense of vulnerability, perceived as negative, likely to result in harm, and largely beyond the individual’s control. Threat perception is usually viewed as a need to change organizational inertia. The UK has the highest number of infected computers in the world, followed by the US and China. Financial attacks are 16 incidents per 1000, the highest of all types of attacks. The US is the leading source country of attacks but this has declined. China is second and Germany is third. It is difficult to determine where the attack originated. The number of virus and worm variants increased sharply to 7,360 which is an increase of 64% compared to the previous reporting period and an increase of 332% compared to the previous year. There are 17,500 types of Win.3 virus. Threats to confidential information are on the rise, with 54% of the top 50 reporting malicious code with the potential to expose such information, with the number of phishing messages increasing from 1 million to 4.5 million between July and December 2004.
Botnets are becoming a major tool for cybercrime, partly because they can be designed to disrupt targeted computer systems very effectively in a variety of ways, and because a malicious user, without strong technical skills, can initiate these disruptive effects in cyberspace by renting botnet services from a cybercriminal botnet, or “bot network,” which is made up of large numbers of computers that have been infected with malicious code, and can be controlled remotely through commands sent via the Internet. Hundreds or thousands of these infected computers can work together to disrupt or block Internet traffic, collect information, or distribute spam, viruses, or other malicious code to targeted victims. Botnets have been described as the “Swiss Army knives of the underground economy” because they are so versatile.
Botnet code was originally distributed as infected email attachments, but as users became more cautious, cybercriminals turned to other methods. When users click to view spam messages, botnet code can be secretly installed on users’ PCs. A website may be unknowingly infected with malicious code in the form of an ordinary-looking ad banner, or it may contain a link to an infected website. Clicking on either of these can install botnet code. Or, botnet code can be silently uploaded even if the user takes no action while viewing a website, simply through some un-patched vulnerability present in the browser. Firewalls and anti-virus software do not necessarily inspect all data downloaded through the browser. Some bot software can even disable anti-virus protection before infecting a PC. Once a PC is infected, the malicious software establishes a covert communication link to a remote “botmaster” in preparation for receiving new commands to attack a specific target. Meanwhile, the malicious code may also automatically check the infected PC for personal data, or log keystrokes, and transmit the information to the botmaster.
The Shadow Server Foundation is an organization that monitors the number of command and control servers on the Internet, which indicates the number of bots. As of May 2007, about 1,400 command and control servers were found to be active on the Internet. Another security organization, Symantec, reported that the number of individual infected drones controlled by these 1,400 servers reportedly increased from half a million to more than 3 million between March and May 2007, and that it detected 6 million bot-infected computers in the second half of 2006.
Cybercrime is usually committed through a connection to the Internet, but it can also involve the unauthorized deletion of data on small, portable flash drive storage devices. Cybercrime, most commonly in the form of network hacking, involves individuals with strong technical skills, often motivated by a desire to gain popularity among their technology peers. However, a growing trend now is to profit from these network cyberattacks by targeting specific systems, often through collaboration between criminals and technical experts. The objectives driving these cybercriminal groups may now differ from those of their paying clients, who may have little or no technical skills.
New technologies are also overtaking policy for law enforcement. Coordination problems between agencies in different countries, as well as conflicting national policies regarding crime in cyberspace, are advantageous to cybercriminals, who may choose to operate from geographic locations where penalties for certain forms of cybercrime do not yet exist. Sophisticated tools for cyberattacks are now available for sale or rental on the Internet, where highly organized underground cybercrime businesses host websites that advertise a variety of disruptive software products and malicious technical services. High-level cybercrime groups use standard software business development techniques to keep their products updated with the latest antisecurity features, and seek to recruit new and talented software engineering students into their organizations.
Where the illicit profits are potentially huge, some high-level criminal groups have reportedly adopted standard IT business practices to systematically develop more efficient and effective computer code for cybercrime. Studies also show that organized crime groups now actively recruit college engineering graduates and technical expert members of computer societies, and sponsor them to attend more information technology (IT) courses to further their technical expertise. However, in some cases, targeted students may not realize that a criminal organization is behind the recruitment offer. Cyber attacks are now being designed to steal information silently, so as not to cause any harm to the user. These types of attacks attempt to avoid detection in order to remain on the host system for a long time. It is also expected that as mobile communication devices become more incorporated into everyday life, they will become an increasing target for attack by cybercriminals in the future.
1. Malicious Code: Definition: Malicious code is the term used to describe any code in any part of a software system or script that is intended to cause unwanted effects, security breaches or damage to a system. Malicious code describes a broad category of system security terms that include attack scripts, viruses, worms, Trojan horses, backdoors and malicious active content.
Malicious code such as viruses or Trojan horses is used to infect a computer to make it available for takeover and remote control. Malicious code can infect a computer if the user opens an email attachment, or clicks on an innocent-looking link on a website. For example, users who visited the popular MySpace and YouTube websites in 2005, and who did not have critical software security patches, could have their PCs infected if they clicked on a banner ad that silently installed malicious code on their computer to log keystrokes or capture sensitive data. During the first half of 2006, the Microsoft security team reported that it had removed 10 million malicious software from approximately 4 million computers and web servers. More recently, Google’s analysis tested the presence of malicious software on several million web pages, and found that 4.5 million of the web pages examined were of suspicious nature. After further testing of the 4.5 million web pages, it was found that more than 1 million downloaded malicious software, and more than two thirds of those programs were “bot” software that, among other things, collected data on banking transactions and then emailed the information to a temporary email account.
Researchers at Finjan Inc., a San Jose, California-based security firm, found after reviewing security data from the first quarter of 2007 that more malware is hosted on servers in countries such as the US and the UK than in other countries with less developed e-crime law enforcement policies. The findings of the Finjan 2007 Web Security Trends Report are based on an analysis of over 10 million unique websites from Internet traffic recorded in the UK, and include the following: 1. Attacks involving the use of code obfuscation through various randomization techniques are becoming more numerous and complex, making them virtually invisible to the pattern matching/signature-based methods used by traditional anti-virus products. 2. Criminals are demonstrating an increasing level of sophistication when embedding malicious code within legitimate content with less reliance on unlawful servers in unregulated countries. Finjan found that 90% of the websites it examined containing malware were located on servers based in the U.S. or U.K. “The results of this study shatter the myth that malicious code is being hosted primarily in countries where e-crime laws are less developed,” Finjan CTO Yuval Ben-Itzhak reportedly said.
2. Identity theft: Botnets and other instances of malicious code can serve to aid cybercriminals in identity theft. Current FBI estimates are that identity theft costs U.S. businesses and consumers $50 billion a year. Individual users are often tempted to click on tempting links they find in emails or while visiting websites. Clicking on titles such as “Buy Rolex watches cheap,” or “See my new photos” can put malicious software on a user’s system by taking advantage of web browser vulnerabilities, which allows a cybercriminal to collect personal information from a user’s computer. Malicious code can scan the victim’s computer for sensitive information, such as name, address, place and date of birth, social security number, mother’s maiden name, and telephone number. Complete identities obtained this way are then purchased and forged in online marketplaces. False identity documents can then be created from this information using home equipment such as digital cameras, color printers, and laminating devices, creating official-looking driver’s licenses, birth certificates, reference letters, and bank statements.
Inadequate computer security practices within organizations also make the identity theft of thousands of victims possible. MasterCard International reported that computer hackers had access to more than 40 million credit card numbers of U.S. consumers in 2005. Some of these account numbers were reportedly being reported on a Russian website, and some consumers have reported fraudulent charges on their statements. Officials at UFJ Bank in Japan reportedly said that some of that bank’s customers may also have been victims of fraud related to the theft of MasterCard information. In June 2006, U.S. Department of Energy officials acknowledged that the names and personal information of more than 1,500 employees of the National Nuclear Security Administration (NNSA) were stolen in a network intrusion that apparently occurred in 2004. The NNSA did not discover the security breach until a year after the incident.
Some sources report that stolen credit card numbers and bank account information are traded online in a highly structured arrangement involving buyers, sellers, intermediaries, and service industries. Services include offering to easily change the theft victim’s billing address through manipulation of a stolen PIN or password. Observers estimated that the cost of such services was between $42 and $72 for each stolen MasterCard number in 2005. Other news articles reported that a stolen credit card number sold online for as little as $1 in 2007, and a complete identity, including U.S. bank account number, credit card number, date of birth, and government-issued identification number, now sells for as little as $14 to $18.
As of January 2007, 35 states have enacted data security laws that require businesses experiencing potential identity theft-related intrusions to notify affected individuals and improve security to protect restricted data. However, existing federal and state laws that impose obligations on information owners may need harmonization to provide more uniform protection.
3. Cyber Espionage: Cyber espionage involves unauthorized probing of a target computer to test its configuration or evaluate its system security, or unauthorized viewing and copying of data files to test the configuration of a target computer or evaluate its system security. However, if a terrorist group, nation, or other organization uses computer hacking techniques for political or economic purposes, their deliberate intrusion may also quality them as cyber criminals. If there is disagreement about this, it is probably because technology has outpaced policy in labeling actions in cyberspace. Indeed, industrial cyber espionage may now be considered a necessary part of global economic competition, and covert monitoring of the computerized actions and capabilities of potential adversary nations may also be considered essential to national defense.
The proportion of cybercrime that may be directly or indirectly attributable to terrorists is difficult to determine. However, links exist between terrorist groups and criminals that allow terrorist networks to expand internationally by taking advantage of computer resources, money laundering activities or transit routes operated by criminals. For example, the 2005 subway and bus bombings in Britain, and the 2007 attempted car bombing in Britain itself, provide evidence that terrorist groups are already operating clandestinely in countries with large communications networks and computerized infrastructure, as well as a large highly skilled IT workforce. London police officers reportedly believe that the terrorists obtained the high-quality explosives used in the 2005 British bombings through criminal groups based in Eastern Europe.
A recent trial in Britain revealed significant links between Islamic terrorist groups and cybercrime. In June 2007, three British residents, Tariq al-Daour, Waseem Mughal and Younes Tsouli, pleaded guilty and were sentenced for using the Internet to incite murder. The men used credit card information stolen from online web stores to purchase items to aid fellow jihadists in the region—such as night vision goggles, tents, global positioning satellite devices, hundreds of prepaid cell phones, and more than 250 airline tickets, using 110 different stolen credit cards. Another 72 stolen credit cards were used to register more than 180 Internet web domains at 95 different web hosting companies. The group also laundered money charged from more than 130 stolen credit cards through online gambling websites. In total, the trio made fraudulent charges totaling more than $3.5 million from a database containing 37,000 stolen credit card numbers, which included account holders’ names and addresses, birth dates, credit balances, and credit limits.
Cybercriminals have formed alliances with drug traffickers in Afghanistan, the Middle East, and other places where illicit drug money or other profitable activities such as credit card theft are used to support terrorist groups. Drug traffickers are reportedly among the most extensive users of encryption for the Internet, messaging, and are able to employ high-level computer experts to help them evade law enforcement, coordinate drug shipments, and launder money. Major drug market regions such as Western Europe and North America also have optimal technology infrastructure and open commercial centers, increasingly meeting the international smuggling needs of both criminal and terrorist groups. US Drug Enforcement Agency (DEA) officials reported in 2003 that 14 of the 36 groups found on the US State Department’s list of Foreign Terrorist Organizations were also involved in drug trafficking. A 2002 report by the Federal Research Division of the Library of Congress revealed “the growing involvement of Islamic terrorist and extremist groups in drug trafficking” and limited evidence of cooperation between various terrorist groups involved in both drug trafficking and arms smuggling. As a result, DEA officials reportedly argued that the war on drugs and the war on terrorism are and should be linked.
State Department officials at a Senate hearing in March 2002 also indicated that some terrorist groups are using drug trafficking to obtain financing while at the same time weakening their enemies in the West by exploiting their desire for addictive drugs. Afghanistan’s opium crop reportedly supplies the resin for more than 90% of the world’s heroin production, generating an estimated $3.1 billion drug trade. Reports indicate that money from drug trafficking in Afghanistan is used to help fund terrorist and insurgent groups operating in that country. Subsequently, in 2007, US intelligence reports stated that al-Qaeda in Afghanistan “has been revived and restored to pre-11 September 2001 levels, and may now be in a better position to attack Western countries.”
Drug traffickers have the financial strength to hire computer experts who have the skills to use technologies that make Internet messages difficult or impossible to decipher, and that allow terrorist organizations to cross borders and operate internationally with little chance of detection. Many of the highly trained technical experts who offer themselves for hire come primarily from countries in the former Soviet Union and the Indian subcontinent. Some of these technical experts reportedly will not voluntarily work for criminal or terrorist organizations, but may be misguided or unaware of their employers’ political motives. Still, others will agree to provide assistance because other well-paying legitimate employment is scarce in their area.
1. Links between computer hackers and terrorists, or terrorist sponsoring countries, can be difficult to confirm: Membership of the most proficient computer hacker groups is sometimes very exclusive and limited to individuals who develop, demonstrate, and share only with each other their most closely guarded set of sophisticated hacker tools. These specialized hacker groups do not want to attract attention because maintaining secrecy allows them to operate more effectively. Some hacker groups may also have political interests that go beyond the national, or be based on religion or other socio-political ideologies, while other hacker groups may be motivated by profit, or be linked to organized crime, and be willing to sell their computer services regardless of political interests. Information about computer vulnerabilities is now available for sale online in hacker “black markets”. For example, a list of 5,000 addresses of computers that are already infected with spyware and that are waiting to be controlled remotely as part of an automated “bot network” can reportedly be obtained for about $150 to $500. Information about computer vulnerabilities for which no software patches are yet available reportedly costs $1,000 to $5,000.
2. Terrorist capabilities for cyberattacks: Some experts estimate that advanced or structured cyberattacks against multiple systems and networks, including target surveillance and testing of sophisticated new hacker tools, may require two to four years of preparation, while complex coordinated cyberattacks that cause massive disruption against integrated, heterogeneous systems may require 6 to 10 years of preparation. This feature, where hackers spend a great deal of time doing detailed and extensive planning before launching a cyberattack, has also been described as a “hallmark” of past physical terrorist attacks and bombings launched by Al Qaeda. It is difficult to determine the level of interest or capabilities of international terrorist groups to conduct an effective cyberattack. A 1999 report by the Center for the Study of Terrorism and Irregular Warfare at the Naval Postgraduate School concluded that it is likely that any serious cyberattacks experienced by industrialized countries in the near future will be used by terrorist groups as a supplement to more traditional physical terrorist attacks.
Some observers have stated that Al Qaeda does not consider cyberattacks vital to the achievement of its goals, preferring attacks that cause human casualties. Other observers believe that the groups most likely to consider and implement cyberattacks and cyberterrorism are terrorist groups operating in post-industrial societies (such as Europe and the United States), rather than international terrorist groups operating in developing regions where there is limited access to high technology.
3. Potential effects of a coordinated cyber attack: In March 2007, researchers at Idaho National Laboratories (INL) conducted an experiment called the “Aurora Generator Test” to demonstrate the consequences of a simulated cyber attack on power networks. In a video released by the Department of Homeland Security, an electric generator turbine, similar to many turbines now in use throughout the United States, is forced to dramatically overheat and shut down after receiving malicious commands from a hacker. The INL researchers were investigating the consequences of a potential cyber attack against a vulnerability that has reportedly been fixed. The vulnerabilities in the video could also potentially be neutralized in the same way. In July 2002, the US Naval War College hosted a war game called “Digital Pearl Harbor” to develop scenarios for a coordinated cyberterrorism event, where simulated attacks conducted by computer security experts against critical infrastructure systems simulated state-sponsored cyber warfare. The simulated cyber attacks revealed that the most vulnerable infrastructure computer systems were the Internet itself, and computer systems that are part of the financial infrastructure. It was also determined that attempts to cripple the U.S. telecommunications infrastructure would be unsuccessful, as the redundancy of the underlying system would prevent the damage from being too extensive. The conclusion of this exercise was that the likelihood of a “digital Pearl Harbor” in the United States was very low.
However, in 2002, a major weakness was found in switching equipment software that threatened the infrastructure of large parts of the Internet, a flaw in the Simple Network Management Protocol (SNMP) allowed attackers to take over Internet routers and cripple network telecommunications equipment globally. Network and equipment vendors around the world rushed to fix their products before the problem could be exploited by hackers, which could have had worldwide consequences. US government officials also reportedly attempted to keep information about this major vulnerability secret until necessary repairs were implemented on vulnerable Internet systems. According to an assessment allegedly written by the FBI, the security flaw could be exploited to cause a number of serious problems, such as bringing down a wide telephone network and preventing the exchange of control information between ground and aircraft flight control systems.
Describing potential offensive strategies for military cyber operations, Defense Department officials reportedly said the U.S. could use cyberattacks to open the floodgates, take control of traffic lights, or disrupt banking systems in other countries, thereby confusing enemies. Similarly, some Chinese military journals speculate that cyberattacks could disable U.S. financial markets. However, China is as dependent on these American markets as the United States, and could potentially suffer even more from financial disruption. As for cyberattacks against other U.S. critical infrastructure, the amount of potential damage they could cause if carried out by a nation state is relatively negligible compared to the cost of detection. However, this restriction does not apply to non-state actors such as al-Qaeda, making cyberattacks a potentially useful tool for groups that reject the global market economy.
4. Organised Cybercrime: Some of the larger cybercriminal groups are international, namely Shadow-Crew, Carderplanet and Darkprofits, Individuals in these groups reportedly operate from locations around the world, working together in a very highly structured, organised network to hack systems, steal credit card information and sell identities. Organised crime is also recruiting teenagers who indicate they feel safer committing illegal activity online than on the street. A recent report by the McAfee security organisation, titled ‘Virtual Criminology Report’, is based on inputs from Europe’s leading high-tech crime units and the FBI, and suggests that criminal organisations are targeting top students from leading academic institutions and helping them gain more skills, which is necessary to commit high-tech crime on a large scale. In the future, we may see new and different methods of criminal organisation developing in cyberspace. Cyberspace frees individuals from many of the constraints that apply to activities in the physical world, and current forms of criminal organization may not translate well to online crime. Cybercrime requires fewer personal contacts, less formal organization, and no control over a geographic territory. Therefore, some researchers argue that the classical hierarchical structures of organized crime groups may be inappropriate for organized crime on the Internet. As a result, online criminal activity may emphasize lateral relationships and networks rather than hierarchies.”
Rather than assuming a stable personnel configuration that persists for years, online criminal organizations may incorporate the “swarm” model, in which individuals come together for a limited time to conduct a specific task, or set of tasks, and then go their separate ways. The task of law enforcement may therefore become more difficult. If cybercriminals evolve into the “modern-day mafia” or “modern-day cartels,” the police will lose the advantage of identifying a permanent group of participants who engage in regular illegal activities, and this will contribute to the future success of organized cybercrime. Cyberterrorists prefer to use cyberattack methods because it has several advantages: It is cheaper than traditional methods. It is very difficult to track the action. They can hide their personalities and location. There are no physical barriers or checkpoints to cross. They can do it remotely from anywhere in the world. They can use this method to attack a large number of targets. They can affect a large number of people.
Read Also:
NASA stands for National Aeronautics and Space Administration. NASA was started on October 1, 1958,…
Bank accounts are one of the most essential pillars of modern financial systems, serving as…
Selling a bank account means a way in which people or organizations transfer ownership or…
The number of internet users in India is more than 560 million, which is the…
Cyber crime is a crime that involves computers and networks. Finding any computer at a…
As the world is moving forward in the field of digitalization, the threat of cyber…