Cyber Crime: Strategies and Types

Cyber Crime Strategies and TypesCyber Crime Identity TheftA. IntroductionIn this era of globalization, one of m any things that only ift joint distinguish a certain country to a developing country is its progress of science and technology. This is because along with the development of a countrys science and technology, will also developed the countrys ability to enrich their own potential.Great advances in science and technology in developed country argon due to their well-established selective information placement. Meanwhile, in the developing country, the information strategy is still minimal, which make the development of science and technology proceed blocked. Thus, whether a country will scram a developed country or not, is highly account on their mastery of information system.In prison terms wish well these, the mastery of the information system will not enough by merely mastering. We need to conquer the speed and accuracy too, because on that point is al some no point in mastering outdated information. Moreover, the very rapid progress of information makes the age of the information shorted. In other words, substitution of old and new information becomes faster. Old information will be ignored because of the more recent information.But, the development of science and technology, in which also means the development of information system, does not always be in possession of good effects. It has bad effects too. One of them is the increase rate of the data processor abomination.B. Computer CrimeComputer crime issues have got become high-profile, particularly those surrounding spark pluging, copyright infringement through w bez, electric razor pornography, and child grooming. There are also problems of privacy when confidential information is disordered or intercepted, rightfulnessfully or otherwise.A computer crime is any criminal action where the data on a computer is accesed without permission. This access does not have to result i n loss of data or even data modifi quations.Computer crime is often attributed to rogue hackers and crackers, but increasingly organized crime groups have realized the relative ease of stealing data with subordinate of risk.There are terce major classes of criminal activity with computer1. Unauthorized use of a computer, which might involve stealing a username and password, or might involve accessing the victims computer via the cyberspace through a backdoor operated by a Trojanhorse curriculum.Unauthorized use of computers tends generally meets the following formsComputer voyeur. The attackers read or copy confidential or propietary information, but the data is neither deleted nor changed.Changing data. Example, ever-changing a grade on a school transcript. Unauthorized changing of data is generally a fraudulent act.Deleting data. Deleting entire files could be an act of vandalism or sabotage.Denying service to authorized users.2. Creating or releasing a catty computer program (e.g., computer virus, worm, Trojanhorse).Malicious computer program are divided into these following classes1) A virus is a program that infects an executable file. aft(prenominal) infection, the executable file functions in a divers(prenominal) way than before whitethornbe only displaying a benign message on the monitor, maybe deleting round or all files on the users hard drive, or maybe altering data files.There are two key features of a computer virusThe ability to propagate by attaching itself to executable files (e.g., application programs, operating system, macros, scripts, bootsector of a hard disk or floppy disk, etc.) Running the executable file may make new copies of the virus.The virus causes handicap only after it has infected an executable file and the executable file is run.2) A worm is a program that copies itself. The distinction between a virus and a worm, is that a virus never copies itself, a virus is copied only when the infected executable file is run.In the pure, original form, a worm neither deleted nor changed files on the victims computer, the worm simply made two-fold copies of itself and sent those copies from the victims computer, thus clogging disk drives and the Internet with multiple copies of the worm. Releasing much(prenominal) a worm into the Internet will slow the legitimate traffic on the Internet, as continuously increasing amounts of traffic are mere copies of the worm.3) A Trojan Horse is a deceptively labeled program that contains at least one function that is unknown to the user and that harms the user. A Trojan Horse does not replicate, which distinguishes it from viruses and worms.Some of the more serious Trojan horses allow a hacker to remotely control the victims computer, perhaps to collect passwords and realisationcard come and send them to the hacker, or perhaps to launch denial of service attacks on websites.Some Trojan Horses are installed on a victims computer by an intruder, without any knowledge of the victim. Other Trojan Horses are downloaded (perhaps in an attachment in e-mail) and installed by the user, who intends to acquire a benefit that is quite different from the undisclosed full-strength purpose of the Trojan Horse.4) A logic bomb is a program that detonates when some event occurs. The detonated program might stop working, crash the computer, release a virus, delete data files, or any of many an(prenominal) other harmful possibilities. A sequencebomb is a part of logicbomb, in which the program detonates when the computers clock reaches some tar run short date.5) A hoax is a warning about a nonexistent malicious program.3. Crimes facilitated by computer communicates or devices, the primary signal of which is independent of the computer network or device (cyber crime)Examples of crimes that merely use computer networks or devices would include Cyber stalking burlesque and individuation theftPhishings scamsInformation warfareThe third type of Computer Crime ha s become the most famous right now, because it produce more benefits than the other two.C. Cyber CrimeThe Internet is a new frontier. Just like the Wild, Wild West, the Internet frontier is wide open to both exploitation and exploration. There are no sheriffs on the Information Superhighway. No one is there to protect you or to to lock-up virtual desperados and bandits.This lack of supervision and enforcement leaves users to watch out for themselves and for each other.A loose standard called netiquette has developed but it is still very different from the standards found in real life.Unfortunately, cyberspace remains wide open to faceless, nameless con artists that push aside carry out all sorts of mischief. And that is why the cyber crimes quite a little be as they are right now.Cyber Crime is a criminal activity done use a computers and the internet. This includes anything from downloading irregular music files to stealing one thousand millions of dollars from online strand accounts. Cyber crime also includes non-monetary offenses, such as creating and distributing viruses on other computers or posting confidential business information on the internet.Cases of cyber crime, 1970 20051970 19901. John Draper discovers the give-away whistle in Capn Crunch cereal boxes reproduces a 2600Hz tone. Draper builds a blue box that, when use with the whistle and sounded into a phone receiver, allows phreaks to make free calls2. Robert T. Morris, Jr., graduate student at Cornell University and son of a chief scientist at the NSA, launches a self-replicating worm (the Morris Worm) on the governments ARPAnet (precursor to the Internet). The worm gets out of hand and spreads to over 6000 networked computers, clogging government and university systems. Morris is dismissed from Cornell, sentenced to three years probation, and fined $10K.3. After a prolonged sting investigation, Secret Service agents swoop down on organizers and members of BBSs in 14 US cities, includin g the Legion of Doom. The arrests are aimed at cracking down on confidence-card theft and telephone and wire fraud.(1990)1991 20001. Five members of the Aum Shinri Kyo cults Ministry of Intelligence break into Mitsubishi Heavy Industrys mainframe and steal Megabytes of sensitive data. (1994)2. Hackers vary to emergence of the World Wide Web, moving all their how-to information and hacking programs from the old BBSs to new hacker Web sites.(1994)3. Russian crackers steal $10 million from Citi coast. Vladimir Levin, the ringleader, uses his work laptop after hours to transfer the funds to accounts in Finland and Israel. He is tried in the US and sentenced to 3 years in prison. All but $400K of the money is recovered. (1995)4. The French Defense Ministry admits Hackers succeeded in stealing acoustic codes for aircraft carriers and submarines. (1995)5. FBI establishes fake earnest start-up company in Seattle and lures two Russian citizens to U.S. soil on the sanctimoniousness of of fering them jobs, then arrests them. The Russians are accused of stealing credit card information, attempting to extort money from victims, and defrauding PayPal by use stolen credit cards to generate cash. (2000)2001 20051. Microsoft become victim of a new type of attack against humankind name servers, corrupting the DNS paths taking users to Microsofts Web sites. This is a Denial of Service (DoS) attack. The hack is spy within hours, but prevents millions of users from reaching Microsoft Web pages for two days. (2001)2. The Klez.H worm becomes the biggest malware outbreak in terms of machines infected, but causes little monetary damage. (2002)3. Two men hack into wireless network at Lowes store in Michigan and steal credit card information. (2003)4. Brian Salcedo sentenced to 9 years for hacking into Lowes mansion improvement stores and attempting to steal node credit card information. Prosecutors said three men tapped into the wireless network of a Lowes store and used that connection to enter the chains central computer system in NC, installing a program to capture credit card information. (2004)5. Secret Service seizes control of the Shadowcrew Web site and arrests 28 spate in 8 states and 6 countries. They are charged with conspiracy to defraud the US. Nicolas Jacobsen, is charged with hacking into a T-Mobile computer system, exposing documents the Secret Service had e-mailed to an agent. (2004)Australian ground of Criminology, 9 types of cycber crime1. Theft of telecommunication serviceThe phone phreakers of three decades ago set a precedent for what has become a major criminal industry. By gaining access to an organisations telephone switchboard (PBX) individuals or criminal organisations washstand gain access to dial-in/dial-out circuits and then make their own calls or sell call time to third parties. Offenders may gain access to the switchboard by impersonating a technician, by fraudulently obtaining an employees access code, or by using s oftware open on the internet. Some sophisticated offenders loop between PBX systems to evade detection. Additional forms of service theft include capturing business card details and on-selling calls charged to the calling card account, and counterfeiting or illicit reprogramming of stored value telephone cards.2. Communication in furtherance of criminal conspiraciesThere is evidence of tele communication theory equipment being used to facilitate organize drug trafficking, gambling, prostitution, money wash, child pornography and trade in weapons (in those jurisdictions where such activities are illegal). The use of encryption technology may place criminal communications beyond the reach of law enforcement.3. Telecommunications privacyDigital technology permits perfect reproduction and easy dissemination of print, graphics, sound, and multimedia combinations. The temptation to reproduce copyrighted genuine for personal use, for sale at a lower price, or indeed, for free distribut ion, has proven irresistable to many.4. Dissemination of offensive materialsContent considered by some to be offensive exists in abundance in cyberspace. This includes, among much else, sexually explicit materials, racist propaganda, and instructions for the fabrication of incendiary and explosive devices. Telecommunications systems can also be used for harassing, threatening or intrusive communications, from the traditional obscene telephone call to its contemporary manifestation in cyber-stalking, in which persistent messages are sent to an slow recipient.5. electronic money la undering and tax evasionWith the emergence and proliferation of various technologies of electronic commerce, one can easily envisage how traditional countermeasures against money laundering and tax evasion may soon be of limited value. I may soon be able to sell you a quantity of heroin, in return for an untraceable transfer of stored value to my smart-card, which I then download anonymously to my accoun t in a financial institution situated in an overseas jurisdiction which protects the privacy of banking clients. I can discreetly draw upon these funds as and when I may require, downloading them back to my stored value card (Wahlert 1996).6. Electronic vandalism, terrorism and extortionAs never before, western industrial society is dependent upon complex data processing and telecommunications systems. Damage to, or interference with, any of these systems can lead to catastrophic consequences. Whether motivated by curiosity or vindictiveness electronic intruders cause inconvenience at best, and have the potential for inflicting massive harm (Hundley and Anderson 1995, Schwartau 1994).While this potential has yet to be realised, a number of individuals and protest groups have hacked the official web pages of various governmental and commercial organisations (Rathmell 1997). http//www.2600.com/hacked_pages/ (visited 4 January 2000). This may also operate in reverse early in 1999 an or ganised hacking incident was apparently directed at a server which hosted the Internet domain for East Timor, which at the time was seeking its independence from Indonesia (Creed 1999).7. Sales and investment fraudAs electronic commerce becomes more prevalent, the application of digital technology to fraudulent endeavours will be that much greater. The use of the telephone for fraudulent sales pitches, deceptive charitable solicitations, or bogus investment overtures is increasingly common. profits now abounds with a wide variety of investment opportunities, from traditional securities such as stocks and bonds, to more exotic opportunities such as coconut farming, the sale and leaseback of self-regulating teller machines, and worldwide telephone lotteries (Cella and Stark 1997 837-844). Indeed, the digital age has been accompanied by unprecedented opportunities for misinformation. Fraudsters now enjoy direct access to millions of prospective victims more or less the world, instan taneously and at minimal cost.8. Illegal Interception of telecommunicationsDevelopments in telecommunications provide new opportunities for electronic eavesdropping. From activities as time-honoured as surveillance of an unfaithful spouse, to the newest forms of political and industrial espionage, telecommunications interception has increasing applications. Here again, technological developments create new vulnerabilities. The electromagnetic signals emitted by a computer may themselves be intercepted. Cables may act as overspread antennas. Existing law does not prevent the remote monitoring of computer radiation.It has been reported that the notorious American hacker Kevin Poulsen was able to gain access to law enforcement and national gage wiretap data prior to his arrest in 1991 (Littman 1997). In 1995, hackers employed by a criminal organisation attacked the communications system of the Amsterdam Police. The hackers succeeded in gaining police operational intelligence, and in disrupting police communications9. Electronic funds transfer fraudElectronic funds transfer systems have begun to proliferate, and so has the risk that such transactions may be intercepted and diverted. Valid credit card numbers can be intercepted electronically, as well as physically the digital information stored on a card can be counterfeited.Right now electronic funds transfer fraud is the most famous type of cyber crime. Every year the rate of case about electronic funds transfer fraud always increasing especially in credit card information stealing. From www.spamlaws.com they wrote about credit card stealing in 2005,Credit card fraud statistics show that about $2.8 million was lost due to credit card fraud, from fraudulent use of MasterCard and Visa alone. In total, credit card fraud costs cardholders and credit card issuers as much as $500 million a year.Identity TheftIdentity theft is really identicalness fraud. This criminal uses someone elses identity for their own illega l purposes.Examples include fraudulently obtaining credit, stealing money from the victims bank accounts, using the victims credit card number, establishing accounts with utility companies, renting an apartment, or even filing bankruptcy using the victims name. The cyberimpersonator can steal unlimited funds in the victims name without the victim even knowing about it for months, or even years.Anyone who relies heavily on credit cards, Social Security Numbers or network blogging is more susceptible to credit identity theft. Many of our modern conveniences also come with a risk and less protection. The digital age is the perfect age for the Cyber criminal to commit it. Think of the internet as a dark alley in the middle of the night. And these cyber criminals are those people hiding there waiting for the victims to make a mis riposte.Credit identity theft is a very damaging crime because it not only damages the person financially but also damages the persons reputation as well. Imagi ne someone borrowing money using your name and never telling you. You will both bear with the burden of paying back the money he borrowed and suffer the humiliation of having this blunder under your name.Identity theft has been referred to by some as the crime of the new millennium. It can be accomplished anonymously, easily, with a variety of means, and the impact upon the victim can be devastating. Identity theft is simply the theft of identity information such as a name, date of birth, Social Security number (SSN), or a credit card number. The mundane activities of a typical consumer during the course of a regular day may provide tremendous opportunities for an identity depredator purchasing gasoline, meals, clothes, or tickets to an athletic event renting a car, a video, or home-improvement tools purchasing gifts or trading stock on-line receiving mail or taking out the garbage or recycling. Any activity in which identity information is shared or made available to others create s an opportunity for identity theft.It is estimated that identity theft has become the fastest-growing financial crime in America and perhaps the fastest-growing crime of any kind in our society. The illegal use of identity information has increased exponentially in recent years. In fiscal year 1999 alone, the Social Security Administration (SSA) Office of Inspector General (OIG) Fraud Hotline received approximately 62,000 allegations involving SSN misuse. The widespread use of SSNs as identifiers has reduced their security and increased the likelihood that they will be the object of identity theft. The expansion and popularity of the Internet to effect commercial transactions has increased the opportunities to commit crimes involving identity theft. The expansion and popularity of the Internet to post official information for the benefit of citizens and customers has also increased opportunities to obtain SSNs for illegal purposes.Victims of identity theft often do not realize they have become victims until they attempt to obtain financing on a home or a vehicle. Only then, when the lender tells them that their credit history makes them ineligible for a loan, do they realize something is terribly wrong. When they review their credit report, they first become aware of credit cards for which they have never applied, bills long overdue, unfamiliar billing addresses, and inquiries from unfamiliar creditors. Even if they are able to identify the culprit, it may take months or years, tremendous emotional anguish, many lost financial opportunities, and large legal fees, to clear up their credit history.Identity theft occurs in many ways, ranging from careless sharing of personal information, to intentional theft of purses, wallets, mail, or digital information.There are some reasons why the attacker can steal the credit card information1. Unsecured networkExample1. PoisoningPoisoning technique is quiet complicated. First, the attackers need to connect to the same ne twork with the target. After that, the attackers have to get wind for the IP address of the target. The next step, the attackers should poison the target computer with ARP poisoning or with trojan horse. Then the computer target will bleed following the attackers track. The attackers will bring the target into fake shop site, and make the target unrealized that he/she has entered the credit card information.2. SniffingThis technique is unstable, why? Because its depend on the attackers luck. Just like poisoning, the attackers have to connect to the same network with the target. After that, the attackers should scan all of MAC address in the network. Next, the attackers start the sniffing program, such as Cain and Able or Wireshark. Last, the attackers should wait until someone in the network open a shop site and enter the information of the credit card.2. Vulnerabilities on the siteExample1. SQL InjectionWith this vulnerability the attacker can enter admin panel without knowing th e username and password. They just need to enter a right sentence structure as username and password to enter the admin panel. If they are already in admin panel they can see the complete information of the vendee.2. Blind SQL InjectionBlind SQL injectant is the most favorite vulnerability for the attackers. The attackers will only need the web browser to do this technique. First, the attackers have to found a right page to be injected with some syntax. After that the attackers should drop all database table, and looking for user table or admin table. If there is user table the attackers can drop the column and the attackers could get the full data of the user, included the credit card information. But, if user table doesnt exist, the attackers should use the admin table. The attackers should drop the admin column and search for the admin password. After the attackers cracks the admins username and password, the attackers could go to the admin panel and look for the information o f the buyer.3. Order logOrder log is an old vulnerability, but theres still websites that have this vulnerability. With this vulnerability the attackers only need to use search engine and look for the order log. If the order log has already founded the attacker will open it, and suddenly get full information about the buyer.4. Admin DirectoryThis vulnerability makes visitant of the site be able to open admin directory freely. So, the attacker could use this chance to see the database. Order database is always in the database. In the order database, the data of the buyer will be saved completely, including credit card information.3. Human errorExampleSocial Engineering or Human ManipulatingAttacker could use security weakness which is human. Why? Because human is easy to be manipulated. First, the attackers could request the target to do something unimportant, and then set a trap for the target. Attackers will manipulate the target to follow the attackers scheme. Then, if the target has already been trapped, the attacker could make the target gives the complete information about the credit card.There are several ways that can be done to avoid the potential victims from identity theft The potential victims should request a complete credit report every once a year and check it closely.When get unwanted pre-approved credit card offers, shred them up before tossing them.When in public, do not recite social security number outloud to a bank teller or store cashier.Use a secure mailbox that locks.When asked to give mothers maiden name as a code access, use another key word instead.Change the personal acknowledgement numbers on accounts regularly.Pick up and keep printed receipts at bank machines or gas pumps.Even if have been victimized, there are still things that can be done Before calling the police, contact bank or credit card company and freeze the account. The reason for this is twofold first, it will help minimize monetary loss, and two, most banks and credi tors have a time period in which the notification still valid and can be used to protect the victims.Then call the police department. It does not matter if the identification is being used in the victims city or halfway across the world because the police are required by federal law to take the report.After making police reports, the victim could contact any of national credit bureaus and put a fraud alert on their account.While relations with the credit bureau, the victim should get a current copy of their credit report. And read it carefully.Then, the victims can contact their insurance company and ask for compensation. At least one insurance company has developed an insurance policy to help deal with identity theft.REFERENCESAnonymous. Computer Crime Definition. cited from http//www.mariosalexandrou.com/definition/ computer-crime.asp 21 November 2009Anonymous. Cybercrime. cited from http//www.techterms.com/definition/cybercrime 21 November 2009Australian Institute of Criminology . Nine Types of Cybercrime. cited from http//www.crime.hku.hk/ cybercrime.htm 21 November 2009Hoar SB. Identity Theft The Crime of The New Millennium. cited from http//www.cybercrime.gov/ usamarch2001_3.htm 5 December 2009Karnow CEA. Cybercrime. cited from http//www.davislogic.com/cybercrime.htm 5 December 2009Herries S. Overcoming Identity Theft What to Do After You Have Been Comprimised. cited from http//www.associatedcontent.com/article/272448/overcoming_identity_theft_what_to_do_pg2.html?cat=17 5 December 2009