Cyber Crime: Strategies and Types

Cyber Crime Strategies and TypesCyber Crime Identity TheftA. IntroductionIn this era of globalization, champion of many things that commode distinguish a demonstrable country to a under(a) genuine country is its progress of science and engineering. This is beca habituate on with the development of a countrys science and applied science, leave alone in any case developed the countrys business leader to enrich their accept potential.Great advances in science and technology in developed country ar due to their well-established learning ashes. Meanwhile, in the developing country, the training system is as yet minimal, which make the development of science and technology become blocked. Thus, whether a country depart become a developed country or non, is highly depend on their mastery of knowledge system.In times like these, the mastery of the entropy system pull up stakes non enough by merely master the hang. We need to conquer the festinate and accuracy too, because there is al to the highest degree no point in mastering outdated knowledge. More over, the very rapid progress of information makes the ripen of the information shorted. In other(a) words, substitution of old and reinvigorated information becomes faster. approximatelytime(a) information will be ignored because of the more recent information.But, the development of science and technology, in which also means the development of information system, does not always wipe out good effects. It has bad effects too. One of them is the increase rate of the calculating machine evil.B. Computer CrimeComputer disgust issues extradite become high-pro deposit, particularly those surrounding hacking, assumeright infringement through warez, small fry pornography, and child grooming. there are also problems of privacy when confidential information is lost or intercepted, rectitudefully or otherwise.A calculating machine crime is any wicked represention where the selective in formation on a computing machine is accesed without permission. This admission fee does not have to result in loss of data or even data modifi strayions.Computer crime is often attrisolelyed to rogue hackers and crackers, but change magnitudely organized crime groups have realized the congenator ease of larceny data with low-level of risk.There are troika major classes of evil activity with computer1. wildcat use of a computer, which might embarrass take a substance abuser see and password, or might involve accessing the dupes computer via the mesh through a backdoor turnd by a Trojanhorse schedule.Unauthorized use of computers tends generally takes the following formsComputer voyeur. The attackers read or copy confidential or propietary information, but the data is neither deleted nor changed.Changing data. poser, changing a grade on a school transcript. Unauthorized changing of data is generally a dissimulatorulent act.Deleting data. Deleting entire files could be an act of vandalism or sabotage.Denying service to authorized users.2. Creating or releasing a malicious computer course (e.g., computer virus, worm, Trojanhorse).Malicious computer program are divided into these following classes1) A virus is a program that infects an executable file. subsequently infection, the executable file fails in a contrastive way than before whitethornbe barely displaying a benign depicted object on the monitor, maybe deleting some or all files on the users serious drive, or maybe altering data files.There are twain key features of a computer virusThe ability to propagate by attaching itself to executable files (e.g., application programs, operating system, macros, scripts, bootsector of a hard disk or floppy disk, etc.) Running the executable file may make fresh copies of the virus.The virus causes harm solo after it has infected an executable file and the executable file is run.2) A worm is a program that copies itself. The quality between a virus and a worm, is that a virus neer copies itself, a virus is copied only when the infected executable file is run.In the pure, original form, a worm neither deleted nor changed files on the victims computer, the worm exclusively made multiple copies of itself and sent those copies from the victims computer, thus clogging disk drives and the internet with multiple copies of the worm. Releasing more than(prenominal) a worm into the Internet will slow the legitimate traffic on the Internet, as continuously increasing amounts of traffic are mere copies of the worm.3) A Trojan Horse is a deceptively labeled program that contains at least one function that is unknown to the user and that harms the user. A Trojan Horse does not replicate, which distinguishes it from viruses and worms. some(prenominal) of the more serious Trojan horses allow a hacker to remotely control the victims computer, perchance to collect passwords and citation humor meter and send them to the hacker, o r perhaps to launch denial of service attacks on sacksites. nigh Trojan Horses are installed on a victims computer by an intruder, without any knowledge of the victim. some other Trojan Horses are downloaded (perhaps in an attachment in e-mail) and installed by the user, who intends to fix a benefit that is quite different from the undisclosed true excogitation of the Trojan Horse.4) A logic bomb is a program that detonates when some moment occurs. The detonated program might stop working, crash the computer, release a virus, delete data files, or any of many other slanderous possibilities. Atimebomb is a display case of logicbomb, in which the program detonates when the computers clock reaches some score date.5) A hoax is a warning about a vanished malicious program.3. Crimes facilitated by computer interlocks or devices, the primary brand of which is self-sufficient of the computer network or device (cyber crime) lawsuits of crimes that merely use computer networks or devices would include Cyber stalking twaddle and individuation thieveryPhishings scams education warfareThe third type of Computer Crime has become the most famous right now, because it produce more benefits than the other two.C. Cyber CrimeThe Internet is a new barrier. Just like the Wild, Wild West, the Internet frontier is wide open to both exploitation and exploration. There are no sheriffs on the Information Superhighway. No one is there to protect you or to to lock-up virtual desperados and bandits.This lack of supervision and enforcement leaves users to watch out for themselves and for each other.A comfortable standard called netiquette has developed but it is still very different from the standards put up in real life.Unfortunately, cyberspace remains wide open to faceless, un maked con artists that crowd out carry out all sorts of mischief. And that is why the cyber crimes coffin nail be as they are right now.Cyber Crime is a lamentable activity done using a comput ers and the internet. This includes anything from downloading illegal music files to stealing billions of dollars from online buzzword accounts. Cyber crime also includes non-monetary offenses, such as creating and distributing viruses on other computers or posting confidential business information on the internet.Cases of cyber crime, 1970 20051970 19901. rear Draper discovers the give-away whistle in Capn Crunch cereal boxes throw ups a 2600Hz tone. Draper builds a macabre box that, when used with the whistle and sounded into a recollect receiver, allows phreaks to make issue calls2. Robert T. Morris, Jr., graduate student at Cornell University and son of a chief scientist at the NSA, launches a self-replicating worm (the Morris Worm) on the governments ARPAnet (precursor to the Internet). The worm overprotects out of hand and spreads to over 6000 networked computers, clogging government and university systems. Morris is dismissed from Cornell, sentenced to three catego rys probation, and fined $10K.3. afterwards a prolonged sting investigation, Secret Service agents swoop down on organizers and members of BBSs in 14 US cities, including the Legion of Doom. The arrests are aimed at snap bean down on recognize- handbill larceny and telephone and wire charade.(1990)1991 20001. Five members of the Aum Shinri Kyo cults Ministry of news program break into Mitsubishi Heavy Industrys mainframe and steal Megabytes of sensitive data. (1994)2. Hackers adapt to number of the World Wide Web, moving all their how-to information and hacking programs from the old BBSs to new hacker Web sites.(1994)3. Russian crackers steal $10 million from Citi intrust. Vladimir Levin, the ringleader, uses his work laptop after hours to switch the notes to accounts in Finland and Israel. He is tried in the US and sentenced to 3 social classs in prison. all told but $400K of the cash is recovered. (1995)4. The French Defense Ministry admits Hackers succeeded in steali ng acoustic codes for aircraft carriers and submarines. (1995)5. FBI establishes pseudo gage start-up company in Seattle and lures two Russian citizens to U.S. poop on the pretense of offering them jobs, then arrests them. The Russians are accused of stealing cite visor information, attempting to extort money from victims, and de dodgeing PayPal by using stolen denotation bill of fares to generate cash. (2000)2001 20051. Microsoft become victim of a new type of attack a progressst domain name servers, corrupting the DNS paths taking users to Microsofts Web sites. This is a Denial of Service (DoS) attack. The hack is detected within hours, but prevents millions of users from comer Microsoft Web scallywags for two days. (2001)2. The Klez.H worm becomes the biggest malware outbreak in terms of machines infected, but causes little monetary damage. (2002)3. Two men hack into wireless network at Lowes store in Michigan and steal attribute handbill information. (2003)4. Brian Salcedo sentenced to 9 years for hacking into Lowes home improvement stores and attempting to steal customer source eyeshade information. Prosecutors said three men tapped into the wireless network of a Lowes store and used that connection to enter the chains central computer system in NC, installing a program to capture credit card information. (2004)5. Secret Service seizes control of the Shadowcrew Web site and arrests 28 batch in 8 states and 6 countries. They are charged with gang to defraud the US. Nicolas Jacobsen, is charged with hacking into a T-Mobile computer system, exposing documents the Secret Service had e-mailed to an agent. (2004)Australian Institute of Criminology, 9 types of cycber crime1. Theft of telecommunication serviceThe phone phreakers of three decades ago set a precedent for what has become a major criminal industry. By gaining access to an organisations telephone switchboard (PBX) individuals or criminal organisations can obtain access to dial-in/dial -out circuits and then make their own calls or sell call time to third parties. Offenders may gain access to the switchboard by impersonating a technician, by double-facedly obtaining an employees access code, or by using software available on the internet. Some sophisticated offenders loop between PBX systems to evade detection. Additional forms of service larceny include capturing calling card details and on-selling calls charged to the calling card account, and counterfeiting or illicit reprogramming of stored prize telephone cards.2. Communication in advancement of criminal conspiraciesThere is evidence of tele communication theory equipment being used to facilitate nonionised drug trafficking, gambling, prostitution, money laundering, child pornography and trade in weapons (in those jurisdictions where such activities are illegal). The use of encryption technology may place criminal communications beyond the reach of law enforcement.3. Telecommunications privacyDigital te chnology permits perfect reproduction and easy dissemination of print, graphics, sound, and multimedia combinations. The temptation to reproduce copyrighted material for personal use, for sale at a trim down price, or indeed, for free distribution, has proven irresistable to many.4. Dissemination of offensive materialsContent considered by some to be objectionable exists in abundance in cyberspace. This includes, among much else, sexually explicit materials, racist propaganda, and instructions for the fabrication of incendiary and volatile devices. Telecommunications systems can also be used for harassing, threatening or trespassing(prenominal) communications, from the traditionalistic obscene telephone call to its contemporary manifestation in cyber-stalking, in which persistent messages are sent to an unwilling recipient.5. Electronic money laundering and assess evasionWith the emergence and proliferation of various technologies of electronic commerce, one can easily envisage how traditional countermeasures against money laundering and tax evasion may soon be of limited value. I may soon be able to sell you a quantity of heroin, in return for an untraceable transfer of stored value to my smart-card, which I then download anonymously to my account in a financial institution situate in an overseas jurisdiction which protects the privacy of asserting clients. I can discreetly draw upon these funds as and when I may require, downloading them back to my stored value card (Wahlert 1996).6. Electronic vandalism, terrorism and extortionAs never before, western industrial society is dependent upon complex data processing and telecommunications systems. Damage to, or interference with, any of these systems can lead to catastrophic consequences. Whether motivated by curiosity or vindictiveness electronic intruders cause inconvenience at best, and have the potential for inflicting massive harm (Hundley and Anderson 1995, Schwartau 1994).While this potential has h owever to be realised, a number of individuals and protest groups have hacked the official meshwork pages of various governmental and commercial organisations (Rathmell 1997). http//www.2600.com/hacked_pages/ (visited 4 January 2000). This may also operate in reverse early in 1999 an organised hacking incident was simply take uped at a server which hosted the Internet domain for tocopherol Timor, which at the time was seeking its independence from Indonesia (Creed 1999).7. Sales and investment fraudAs electronic commerce becomes more prevalent, the application of digital technology to fraudulent endeavours will be that much greater. The use of the telephone for fraudulent sales pitches, deceptive charitable solicitations, or bogus investment overtures is progressively common. Cyberspace now abounds with a wide variety of investment opportunities, from traditional securities such as stocks and bonds, to more exotic opportunities such as cocoa palm farming, the sale and leasebac k of automatic teller machines, and worldwide telephone lotteries (Cella and Stark 1997 837-844). Indeed, the digital age has been accompanied by unprecedented opportunities for misinformation. Fraudsters now enjoy direct access to millions of prospective victims around the world, instantaneously and at minimal cost.8. nefarious Interception of telecommunicationsDevelopments in telecommunications give up new opportunities for electronic eaves give the sackping. From activities as time-honoured as surveillance of an unfaithful spouse, to the newest forms of political and industrial espionage, telecommunications interception has increasing applications. Here again, scientific developments create new vulnerabilities. The electromagnetic signals emitted by a computer may themselves be intercepted. Cables may act as broadcast antennas. Existing law does not prevent the remote monitoring of computer radiation.It has been taleed that the disreputable American hacker Kevin Poulsen was able to gain access to law enforcement and internal shelter wiretap data prior to his arrest in 1991 (Littman 1997). In 1995, hackers employed by a criminal organisation attacked the communications system of the Amsterdam Police. The hackers succeeded in gaining police operational intelligence, and in disrupting police communications9. Electronic funds transfer fraudElectronic funds transfer systems have begun to proliferate, and so has the risk that such transactions may be intercepted and diverted. Valid credit card numbers can be intercepted electronically, as well as physically the digital information stored on a card can be counterfeited.Right now electronic funds transfer fraud is the most famous type of cyber crime. Every year the rate of case about electronic funds transfer fraud always increasing especially in credit card information stealing. From www.spamlaws.com they wrote about credit card stealing in 2005,Credit card fraud statistics show that about $2.8 million was lost due to credit card fraud, from fraudulent use of MasterCard and Visa alone. In total, credit card fraud costs cardholders and credit card issuers as much as $500 million a year.Identity TheftIdentity theft is really individualism fraud. This criminal uses someone elses identicalness for their own illegal purposes.Examples include fraudulently obtaining credit, stealing money from the victims bank accounts, using the victims credit card number, establishing accounts with utility companies, renting an apartment, or even filing nonstarter using the victims name. The cyberimpersonator can steal unlimited funds in the victims name without the victim even sagacious about it for months, or even years.Anyone who relies hard on credit cards, Social aegis Numbers or network blogging is more susceptible to credit individuation operator theft. Many of our modern conveniences also come with a risk and less protection. The digital age is the perfect age for the Cyber criminal to com mit it. Think of the internet as a dark alley in the middle of the night. And these cyber criminals are those people hiding there waiting for the victims to make a mistake.Credit identity theft is a very damaging crime because it not only damages the person financially but also damages the persons written report as well. Imagine someone borrowing money using your name and never telling you. You will both bear with the burden of nonrecreational back the money he borrowed and suffer the humiliation of having this blunder under your name.Identity theft has been referred to by some as the crime of the new millennium. It can be accomplished anonymously, easily, with a variety of means, and the impact upon the victim can be devastating. Identity theft is simply the theft of identity information such as a name, date of birth, Social Security number (SSN), or a credit card number. The mundane activities of a typical consumer during the course of a regular day may provide awed opportuniti es for an identity thief purchasing gasoline, meals, clothes, or tickets to an athletic event renting a car, a video, or home-improvement tools purchasing gifts or barter stock on-line receiving mail or taking out the food waste or recycling. Any activity in which identity information is shared or made available to others creates an opportunity for identity theft.It is estimated that identity theft has become the fastest-growing financial crime in America and perhaps the fastest-growing crime of any kind in our society. The illegal use of identity information has increased exponentially in recent years. In fiscal year 1999 alone, the Social Security Administration (SSA) Office of Inspector General (OIG) Fraud Hotline received approximately 62,000 allegations involving SSN misuse. The widespread use of SSNs as identifiers has reduced their security and increased the likelihood that they will be the object of identity theft. The refinement and popularity of the Internet to effect commercial transactions has increased the opportunities to commit crimes involving identity theft. The expansion and popularity of the Internet to post official information for the benefit of citizens and customers has also increased opportunities to obtain SSNs for illegal purposes.Victims of identity theft often do not realize they have become victims until they attempt to obtain finance on a home or a vehicle. Only then, when the loaner tells them that their credit history makes them ineligible for a loan, do they realize something is outrageously wrong. When they review their credit report, they first become aware of credit cards for which they have never applied, bills long overdue, unfamiliar billing addresses, and inquiries from unfamiliar creditors. flush if they are able to identify the culprit, it may take months or years, tremendous emotional anguish, many lost financial opportunities, and large legal fees, to exonerated up their credit history.Identity theft occurs in many ways, ranging from unconcerned sharing of personal information, to intentional theft of purses, wallets, mail, or digital information.There are some reasons why the attacker can steal the credit card information1. Unsecured networkExample1. intoxicationPoisoning technique is quiet complicated. First, the attackers need to connect to the same network with the fag. After that, the attackers have to look for the IP address of the ass. The next step, the attackers should poison the purport computer with ARP poisoning or with trojan horse. Then the computer target will move following the attackers track. The attackers will bring the target into fake stool site, and make the target unrealized that he/she has entered the credit card information.2. SniffingThis technique is unstable, why? Because its depend on the attackers luck. Just like poisoning, the attackers have to connect to the same network with the target. After that, the attackers should scan all of mac address in the network. Next, the attackers start the sniffing program, such as Cain and Able or Wireshark. Last, the attackers should wait until someone in the network open a shop site and enter the information of the credit card.2. Vulnerabilities on the siteExample1. SQL InjectionWith this vulnerability the attacker can enter admin panel without knowing the username and password. They just need to enter a right syntax as username and password to enter the admin panel. If they are already in admin panel they can see the complete information of the buyer.2. Blind SQL InjectionBlind SQL dead reckoning is the most favorite vulnerability for the attackers. The attackers will only need the web browser to do this technique. First, the attackers have to found a right page to be injected with some syntax. After that the attackers should drop all database table, and looking for user table or admin table. If there is user table the attackers can drop the column and the attackers could get the full da ta of the user, included the credit card information. But, if user table doesnt exist, the attackers should use the admin table. The attackers should drop the admin column and search for the admin password. After the attackers cracks the admins username and password, the attackers could go to the admin panel and look for the information of the buyer.3. outrank log articulate log is an old vulnerability, but theres still websites that have this vulnerability. With this vulnerability the attackers only need to use search engine and look for the separate log. If the order log has already founded the attacker will open it, and suddenly get full information about the buyer.4. Admin DirectoryThis vulnerability makes visitor of the site be able to open admin directory freely. So, the attacker could use this chance to see the database. Order database is always in the database. In the order database, the data of the buyer will be saved completely, including credit card information.3. Human errorExampleSocial Engineering or Human ManipulatingAttacker could use security weakness which is human. Why? Because human is easy to be hold ind. First, the attackers could request the target to do something unimportant, and then set a trap for the target. Attackers will manipulate the target to follow the attackers scheme. Then, if the target has already been trapped, the attacker could make the target gives the complete information about the credit card.There are some(prenominal) ways that can be done to avoid the potential victims from identity theft The potential victims should request a complete credit report every once a year and check it closely.When get cast-off(prenominal) pre-approved credit card offers, shred them up before tossing them.When in public, do not recite social security number outloud to a bank teller or store cashier.Use a secure call box that locks.When asked to give mothers maiden name as a code access, use another key word instead.Change the persona l identification numbers on accounts regularly.Pick up and keep printed receipts at bank machines or gas pumps.Even if have been victimized, there are still things that can be done Before calling the police, affaire bank or credit card company and freeze the account. The reason for this is two-fold first, it will help minimize monetary loss, and two, most banks and creditors have a time period in which the notification still valid and can be used to protect the victims.Then call the police department. It does not matter if the identification is being used in the victims city or halfway across the world because the police are required by federal law to take the report.After making police reports, the victim could contact any of national credit bureaus and put a fraud alert on their account.While dealing with the credit bureau, the victim should get a current copy of their credit report. And read it carefully.Then, the victims can contact their policy company and ask for compensatio n. At least one insurance company has developed an insurance policy to help deal with identity theft.REFERENCESAnonymous. Computer Crime Definition. cited from http//www.mariosalexandrou.com/definition/ computer-crime.asp 21 November 2009Anonymous. Cybercrime. cited from http//www.techterms.com/definition/cybercrime 21 November 2009Australian Institute of Criminology. society Types of Cybercrime. cited from http//www.crime.hku.hk/ cybercrime.htm 21 November 2009Hoar SB. Identity Theft The Crime of The New Millennium. cited from http//www.cybercrime.gov/ usamarch2001_3.htm 5 declination 2009Karnow CEA. Cybercrime. cited from http//www.davislogic.com/cybercrime.htm 5 December 2009Herries S. Overcoming Identity Theft What to Do After You Have Been Comprimised. cited from http//www.associatedcontent.com/article/272448/overcoming_identity_theft_what_to_do_pg2.html?cat=17 5 December 2009