definition of cyber crime
TRANSCRIPT
Definition of Cyber Crime
The early 1970ties. He served as a Senior Computer Security Consultant at the SRI
International (Stanford Research Institute), and was the main author of the first basic federal
manual for law enforcement in the USA: ̳Computer Crime – Criminal Justice Resource Manual‘
(1979). This manual became so on an encyclopedia also for law enforcement outside US.
What is Cyber Law?
Cyber Law is the law governing cyber space. Cyber space is a very wide term and
includes computers, networks, software, data storage devices. (Such as hard disks, USB disks etc
), the Internet, websites, emails and even electronic devices such as cell phones, ATM machines
etc.
Law encompasses the rules o f conduct:
1. That have been approved by the government, and
2.Which are in force over a certain territory, and
3.Which must be obeyed by all persons on that territory?
Violation of these rules could lead to government action such as imprisonment or fine or
an order to pay compensation.
Cyber law encompasses laws relating to:
1. Cyber Crimes
2. Electronic and Digital Signatures
3. Intellectual Property
4. Data Protection and Privacy
“Any crime that involves a computer and a network is called a "Computer Crime" or
“Cyber Crime”. For this purpose a computer may have been used to commit such crime or
simply a computer may be the target.
Another term called “Internet crime” refers to criminal activities for exploiting the
internet. These crimes include and is not limited to identity theft, threatening a nation’s security,
copyright infringement and child pornography. These crimes have become a threat to individual
privacy, where confidential data, individual’s identity or photos and videos etc. is stolen or
intercepted by the attacker.
In “Cyber Crime” such as identity theft, financial theft, espionage mostly non-state agents
and government organizations are involved.
For example, in the latest turn of events the National Security Agency (NSA) of the
United States was held responsible for intercepting and spying on millions of online users.
Or in another example, the Chinese hackers were involved in constantly hacking into Big
US organizations and agencies like the latest attack on the New York Times in January 2013.
Such criminal activities carried out online involving nations and state missionary is known as
“Cyber Warfare”.
Types of Cyber Crimes
Computer Intrusion
Computer intrusion is any malicious activity that harms a computer, or causes a computer
or a computer network to work in an unexpected manner. These attacks involves spreading of
virus, denial of services or exploitation of the operating system or a software feature.
Social Engineering
The term “social Engineering” means to fool a user by sending him an email or calling
him to provide confidential data like passwords etc.
Masquerading
In this type of attack a system is fooled into giving access by sending a TCP Packet that
has a forged source address which makes the packet appears to come from a trusted host.
Denial of Service (DOS Attack)
This type of attack intent is to make resources or service unavailable to its intended users.
Such DOS attacks are carried out on websites to stop them from functioning.
Smurf Attack
This attack generates large amount of traffic on a victims network, which causes the
network to crash. Smurf Attack is a type of DOS attack.
Fraggle Attach
It is a type of DOS attach where the attacker sends a large amount of UDP echo traffic to
IP broadcast addresses.
Email Bombing
Email bombing means sending thousands of email to a victim causing the victim’s mail
account or mail server to crash.
Logic Bomb
A logic Bomb is an event driver attack. This type of attack activates only if certain even
occurs.
Salami Attack
This type of attack is carried out for financial gains. In Salami Attack, the key is to make
changes so small that in a single case it can go unnoticed. For instance, a bank employee deducts
2 Dollars from every single customer or transaction. The customer is unlikely to notice the
change but the employee gets a fortune.
Hacking & Attack vector
Hacking is technique in which, any one can access any one’s computer without his
permission. The Process of attempting to gain or successfully gaining, unauthorized access to
computer resources for the purpose of help or secure system is called Hacking. Reason for
hacking are 1.Destroy enemy’s computer network.2.Steal important information. 3.Notify many
people their thought.4.Hack other systems secretly. 5.Show off. 6.Just for fun.
Types of Hacking
Computer Hacking.
Online Banking Hacking.
Password Hacking.
Network Hacking.
Email Hacking.
Website Hacking.:
Website Hacking
The hacker will get the username and password and the hacker will use that website for
any purpose which may sometimes to destroy some valuable information database. Hacking a
website means taking control from the website owner to a person who hacks the website. :
Email Hacking :
Email may be protected by methods such as a strong password, encryption of the contents
or a digital signature. An email disclaimer may be used to warn unauthorized readers but these
are thought to be ineffective.
Ways of Email Hacking: • Personal Information. • Social Hacking. • Phishing/ Hacking
Software. • Trojan Virus etc. Email hacking is illicit access to an email account or email
correspondence.
Network Hacking: These are the three most common methods of hacking a wireless
network: • Sniffing • Spoofing • Encryption Cracking 8 It also include OS Fingerprinting, Port
Scanning, Port Surfing using various Tools. Network Hacking is generally means gathering
information about domain by using tools like Telnet, NslookUP, Ping, Tracert, Netstat, etc…
over the network.
Password Hacking: Most passwords can be cracked by using following techniques: •
Hashing • Guessing • Default Passwords • Brute Force • Phishing 9 Password cracking is the
process of recovering secret passwords from data that has been stored in or transmitted by a
computer system. A common approach is to repeatedly try guesses for the password.
Online banking Hacking: A bank account can be accessed in many ways. When
someone gets access to your account, that person can take all your funds without your
knowledge. Unauthorized accessing bank accounts without knowing the password or without
permission of account holder is known as Online banking hacking.
Here are five simple tips that will help Protect Your Online Accounts:
• Use Strong Password
• Protect your Computer
• Keep an eye on running processes
• Download with care
• Be careful when using unprotected public networks
Computer Hacking:
Remote desktop connection technique. People can gain complete access to your
computer from anywhere in the world if your computer is turned on, unprotected, and has an
internet connection. What they do, is up to them. Computer Hacking is when files on your
computer are viewed, created, or edited without your authorization.
White-hat Hackers:
The good guys who identify the security weakness of the system or network and inform
the owner about them.
Black-hat Hackers:
Also known as ‘cracker’. A black hat is the villain or bad guy, who crash into victim’s
security to steal information and destroy the victims security network.
Grey hat Hackers:
A Grey hat, in the hacking community, refers to a skilled hacker who is somewhere in
between white and black hat hackers.
Traditional problems associated with computer crime
Six Traditional problems associated with computer crime are face by Investigators when
dealing with computer crime. These include:
physicality and jurisdictional concerns,
Perceived insignificance,
Stereotypes and incompetence,
Prosecutorial reluctance,
Lack of reporting,
lack of resources, and
Jurisprudential inconsistency.
Computer Forensics
Its the science of obtaining, preserving, and documenting evidence from digital electronic
storage devices, such as computers, PDAs, digital cameras, mobile phones, and various memory
storage devices. All must be done in a manner designed to preserve the probative value of the
evidence and to assure its admissibility in a legal proceeding You can think of it as the science
of forensics applied in a digital environment. But where a traditional forensics specialist might
collect and preserve fingerprints or other physical evidence, the computer forensics specialist
collects and preserves digital evidence This collection of digital evidence must be done through
carefully prescribed and recognized procedures so that the probative value of digital evidence is
preserved to ensure its admissibility in a legal proceeding.
As traditional forensics may involve people with different specialties, computer forensics
similarly involves a multitude of professional specialties working together to gather, preserve
and analyze digital evidence.
Computer Forensics vs. Computer Security
Though Computer Forensics is often associated with Computer Security, the two are
different.
• Computer Forensics is primarily concerned with the proper acquisition, preservation
and analysis of digital evidence, typically after an unauthorized access or use has taken place
.• With Computer Security the main focus concerns the prevention of unauthorized
access, as
well as the maintenance of confidentiality , integrity and availability of computer systems.
Nevertheless, Computer Security and Computer Forensics are complimentary in
that greater familiarity with Computer Forensics may lead to greater awareness of the
importance of both computer security in general, and proper procedural controls
governing the access and use of computers, networks and other devices. Furthermore, in
the event of a breach of security
, a great deal may be learned during the process of collecting digital data. This knowledge can
be applied to improve system procedural controls, operations and staff capabilities.
Computer and Network Security
The generic name for the collection of tools designed to protect data and thwart hackers is
computer security . Another nuisance computer security tools have to guard against is the
computer virus, which can be introduced into the system when it arrives on a diskette, and is
subsequently loaded onto the computer. In the course, we will be more interested in a second
kind of security called internet/network security . This deals with the security of information
during its transmission from user on one computer network to another. Of course, computer
security is important too, since if someone can access your computer’s re-sources, he/she will
have access to the network, and other computers attached to this network. Thus, computer and
network security measures go hand in hand. However, we will discuss internet security first and
then return to computer security.
Network security problems can be divided roughly into four intertwined ar-
eas: secrecy, authentication, nonrepudiation and integrity control.
1. Secrecy: This is also called confidentiality, and has to do with keeping information out of
the hands of unauthorized users. This is what usually comes to mind when people think
about network security.
2. Authentication: This deals with determining whom you are talking to before revealing
sensitive information or entering into a business deal.
3. Nonrepudiation: This deal with signatures: How does amazon.ca prove that Kartik
indeed placed an order for a book, which Kartik claims he never placed?
4. Integrity of service: How does one ensure that the message received was really the one
sent, and not something that a malicious adversary modified in transit or concocted?.
We will also classify the attacks that compromise network security as passive attacks and active
attacks
1. Passive Attacks: These attacks are in the nature of eavesdropping on, or monitoring
of, transmissions. The goal of the opponent is to obtain information that is being transmitted.
Two types of passive attacks are release of message contents where an eavesdropper tries to
learn the contents of what is being transmitted. This can be prevented by encryption (see model
for cryptography below). A second type of passive attack is called traffic analysis, where the
opponent tries to observe the pattern, frequency and length of messages being exchanged which
could be used in guessing the nature of the communication that is taking place.
2. Active Attacks: Active attacks involve some modification of the data stream or the
creation of a false stream. These attacks present the opposite characteristics of passive attacks. It
is difficult to prevent active attacks absolutely because to do so would require physical protection
of all communications facilities and paths at all times.
A brief history of internet
The Internet had its roots during the 1960's as a project of the United States
government's Department of Defense, to create a non-centralized network. This project was
called ARPANET (Advanced Re search Projects Agency Network), created by the Pentagon's
Advanced Research Projects Agency established in 1969 to provide a secure and survivable
communications network for organizations engaged in defense-related research. In order to
make the network more global a new sophisticated and standard protocol was needed. They
developed IP (Internet Protocol) technology which defined how electronic messages were
packaged, addressed, and sent over the network.
The standard protocol was invented in 1977 and was called TCP/IP (Transmission
Control Protocol/Internet Protocol). TCP/IP allowed users to link various branches of other
complex networks directly to the ARPANET, which soon came to be called the Internet.
Researchers and academics in other fields began to make use of the network, and eventually the
National Science Foundation (NSF), which had created a similar and parallel network, called
NSFNet, took over much of the TCP/IP technology from ARPANET and established a
distributed network of networks capable of handling far greater traffic.
In 1985, NSF began a program to establish Internet access across the United States. They
created a backbone called the NSFNET and opened their doors to all educational facilities,
academic researchers, government agencies, and international research organizations. By the
1990's the Internet experienced explosive growth. It is estimated that the number of computers
connected to the Internet was doubling every year. Businesses rapidly realized that, by making
effective use of the Internet they could tune their operations and offer new and better services to
their customers, so they started spending vast amounts of money to develop and enhance the
Internet.
This generated violent competition among the communications carriers and hardware and
software suppliers to meet this demand. The result is that bandwidth (i.e., the information
carrying capacity of communications lines) on the Internet has increased tremendously and costs
have dropped. It is widely believed that the Internet has played a significant role in the economic
success.
A New Realm of cyber world :
Introduction
For any business today, the reality of day-to-day functioning and management involves
mass-communication, networking, marketing, and the organization of important confidential
information on secured computer networks. Digitalization of information and communication is
becoming second-nature due to the efficiency and simplicity that computers provide, as well as
their instantaneity. However, as the amount of important and confidential information being
stored on computer networks continues to grow, so does the risk of becoming an appealing target
for scammers, fraudsters and cybercriminals. This correlation makes it arguable that cyber
liability insurance will soon become one of the most important forms of insurance on the market.
Data Loss, Cyber Attacks, Viruses and other Cyber Threats When the World Wide Web was
introduced in the 1990s the appeal of computers increased exponentially because of the number
of tasks that became feasible with the click of a button, such as shopping and banking. As of July
1, 2016, it was estimated that over 3.4 billion people had the ability to access the internet at
home on either a computer or mobile device.2The internet and computing have become
ingrained in our daily life and it is becoming increasingly difficult to imagine or remember
(depending on your age) a life without them.
At its core, a cyber-attack targeted at a company is defined as, “an attempt to gain unauthorized
access to compromise the confidentiality, integrity or availability of the company’s information,
communication systems, or networks”
The Growing Relevance of Cyber Liability Insurance
Cyber liability insurance is a company’s protection in the event that its security measures fail
with respect to their computer network. Cyber-liability policies are specifically intended to cover
claims that may not be covered by commercial general liability (CGL) policies, particularly
actions that arise from the exposure of protected electronic information as well as technological
losses.
Regulation of The Cyber World
It is worthy to note the legislative movement towards mandatory data breach reporting as
evidenced by the Digital Privacy Act, supra , which was assented to on June 18, 2015.
Mandatory data breach reporting will serve as a means of mitigating cybersecurity risks. Section
10, in particular, will drastically change data breach reporting obligations once in force, because
it requires all organizations dealing with personal information to report to the Privacy
Commissioner any security breaches that create a “ real risk of significant harm”, as well as to
the individual whose information has been compromised
Cyber-Liability in the Courtroom
Although cyber-liability is a new concept with a limited history in Canadian court rooms,
developments in the common law in relation to privacy laws illustrate a trend towards finding
civil liability for privacy breaches. For example, Jones v. Tsige
a decision in Ontario, recognized the tort of “intrusion upon seclusion”. In this case a man’s
girlfriend used her position as a bank employee to access the man’s ex-wife’s bank account over
several years. After becoming aware of the breach the ex-wife sued.
Recognizing and Defining Computer Crime:
"Cyberspace" is a very wider term. Most of us have a limited knowledge of "Cyberspace" and
the crime occurring in "cyberspace", known as cybercrime, which happens on computer and the
Internet, however, cybercrime has a severe potential for remarkable impact on the lives of
individuals and our society. Therefore, a detailed introduction of cybercrime needs to be
understood cybercrime has three categories:
1. Target cybercrime: the crime in which a computer is the target of the offense.
2. Tool cybercrime: the crime in which a computer is used as a tool in committing the
offense.
3. Computer incidental: the crime in which a computer plays a minor role in committing the
offense.
Characteristics of Cyber Crime
The Concept of cyber crime is very different from the traditional crime.
Also due to the growth of Internet Technology, this crime has gained serious and unfettered
attention as compared to the traditional crime. So it is necessary to examine the peculiar
characteristics of cyber crime.
1. People with specialized knowledge – Cyber crimes can only be
committed through the technology, thus to commit this kind of crime one has to be very skilled
in internet and computers and internet to commit such a crime. The people who have
committed cyber crime are well educated and have deep understanding of the usability of
internet, and that’s made work of police machinery very difficult to tackle the perpetrators of
cyber crime.
2. Geographical challenges – In cyberspace the geographical boundaries
reduced to zero. A cyber criminal in no time sitting in any part of the world commit crime in
other corner of world. For example a hacker sitting in India hack in the system placed in
United States.
3. Virtual World –The act of cyber crime takes place in the cyber space and
the criminal who is committing this act is physically outside the cyber space. Every activity of
the criminal while committing that crime is done over the virtual world. Collection of
Evidence - It is very difficult to collect evidence of cyber crime and prove them in court of law
due to the nature of cyber crime. The criminal in cyber crime invoke jurisdiction of several
countries while committing the cyber crime and at the same time he is sitting some place safe
where he is not traceable.
4. Magnitude of crime unimaginable- The cyber crime has the potential
of causing injury and loss of life to an extent which cannot be imagined. The offences like
cyber terrorism, cyber pornography etc has wide reach and it can destroy the websites, steal
data of the companies in no time.
5. Classification of Cyber Crime
The researcher in this chapter examines the acts wherein computer or
technology is tool for an unlawful act. The kind of activities usually involves a modification of
conventional crime by using informational technology. Here is the list of prevalent cyber
crimes, some of them widely spread and some are not prevalent on larger scale. The cyber
crimes are discussed below-
Cyber Pornography
The word ‘Pornography’ derived from Greek words ‘Porne’ and
‘Graphein’ means writing about prostitutes, or referred to any work of art or literature dealing
with sex and sexual themes. Defining the term pornography is very difficult and it does not
have any specific definition in the eyes of law as every country has their own customs and
tradition. The act of pornography in some countries is legal but in some it is illegal and
punishable.
Cyber pornography is in simple words defined as the act of using
cyberspace to create, display, distribute, import, or publish pornography or obscene materials.
With the advent of cyberspace, traditional pornographic content has now been largely replaced
by online/digital pornographic content.15 Pornography has no legal or consistent definition.
The definition of
Contaminants and Destruction of Data, Indian IT ACT 2000
The Indian Legislature doesn’t provide the exact definition of Cyber crime
in any statute, even the Information Technology Act, 2000; which deals with cyber crime
doesn’t defined the term of cyber crime. However in general the term cybercrime means any
illegal activity which is carried over or with the help of internet or computers.
Dr. Debarati Halder and Dr. K. Jaishankar define cybercrimes as: “Offences
that are committed against individuals or groups of individuals with a criminal motive to
intentionally harm the reputation of the victim or cause physical or mental harm, or loss, to
the victim directly or indirectly, using modern telecommunication networks such as Internet
(Chat rooms, emails, notice boards and groups) and mobile phones (SMS/MMS)”6
We do not have any precise definition of cyber crime; however following is
the general definitions of term cyber crime:
The oxford Dictionary defined the term cyber crime as “Criminal activities
carried out by means of computers or the Internet.”7
“Cyber crime may be said to be those species, of which, genus is the
conventional crime, and where either the computer is an object or subject of the conduct
constituting crime”8
“Cyber crime means any criminal or other offence that is facilitated by or
involves the use of electronic communications or information systems, including any device or
the Internet or any one or more of them”9
Professor S.T. Viswanathan has given three definitions in his book The
Indian Cyber Laws with Cyber Glossary is as follows -
1 Any illegal action in which a computer is the tool or object of the
crime i.e. any crime, the means or purpose of which is to influence the function of a computer,
2 Any incident associated with computer technology in which a
victim suffered or could have suffered loss and a perpetrator, by intention, made or could have
made a gain, Computer abuse is considered as any illegal, unethical or unauthorized behavior
relating to the automatic processing and transmission of data.