14-06-2012, 03:57 PM
Cybercrime and Security
Cybercrime and Security-Abstract.docx (Size: 85.74 KB / Downloads: 166)
Abstract
Cybercrime is becoming ever more serious. Findings from the 2002 Computer Crime and Security Survey show an upward trend that demonstrates a need for a timely review of existing approaches to fighting this new phenomenon in the information age. In this paper, we define different types of cybercrime and review previous research and current status of fighting cybercrime in different countries that rely on legal, organizational, and technological approaches. We focus on a case study of fighting cybercrime in India and discuss problems faced. Finally, we propose several recommendations to advance the work of fighting cybercrime.
Cybercrime falls into three categories: (1) a computer is the target of criminal activity; (2) the computer is the tool used or is integral to the commission of the crime; and (3) the computer is only an incidental aspect of the crime. Cybercrime is a relatively new phenomenon. Services such as telecommunications, banking and finance, transportation, electrical energy, water supply, emergency services, and government operations rely completely on computers for control, management, and interaction among themselves. Cybercrime would be impossible without the Internet. Most American businesses maintain WWW sites and over half of them conduct electronic commerce on the Internet. The rise in popularity of the Internet for both private persons and businesses has resulted in a corresponding rise in the number of Internet-related crimes.
Cybercrime and History:
The first recorded cyber crime took place in the year 1820! That is not surprising considering the fact that the abacus, which is thought to be the earliest form of a computer, has been around since 3500 B.C. in India, Japan and China. The era of modern computers, however, began with the analytical engine of Charles Babbage.
In 1820, Joseph-Marie Jacquard, a textile manufacturer in France, produced the loom. This device allowed the repetition of a series of steps in the weaving of special fabrics. This resulted in a fear amongst Jacquard's employees that their traditional employment and livelihood were being threatened. They committed acts of sabotage to discourage Jacquard from further use of the new technology. This is the first recorded cyber crime!
Cybercrime an Introduction:
Cybercrime is criminal activity done using computers and the Internet. This includes anything from downloading illegal music files to stealing millions of dollars from online bank accounts. Cybercrime also includes non-monetary offenses, such as creating and distributing viruses on other computers or posting confidential business information on the Internet.
Cybercrime Crimes:
Perhaps the most prominent form of cybercrime is identity theft, in which criminals use the Internet to steal personal information from other users. Two of the most common ways this is done is through phishing and pharming. Both of these methods lure users to fake websites (that appear to be legitimate), where they are asked to enter personal information. This includes login information, such as usernames and passwords, phone numbers, addresses, credit card numbers, bank account numbers, and other information criminals can use to "steal" another person's identity. For this reason, it is smart to always check the URL or Web address of a site to make sure it is legitimate before entering your personal information.
Because cybercrime covers such a broad scope of criminal activity, the examples above are only a few of the thousands of crimes that are considered cybercrimes. While computers and the Internet have made our lives easier in many ways, it is unfortunate that people also use these technologies to take advantage of others. Therefore, it is smart to protect yourself by using antivirus and spyware blocking software and being careful where you enter your personal information.
Cyber Security:
Cyber security standards have been created recently because sensitive information is now frequently stored on computers that are attached to the internet. Also many tasks that were once done by hand are carried out by computer; therefore there is a need for Information Assurance and security. Cyber security is important to individuals because they need to guard against identity theft. Businesses also have a need for this security because they need to protect their trade secrets, proprietary information, and customer’s personal information. The government also has the need to secure their information. This is particularly critical since some terrorism acts are organ ized and facilitated by
using the internet. One of the most widely used security standards today is ISO/IEC 27002 which started in 1995. This standard consists of two basic parts. BS 7799 part 1 and BS 7799 part 2 both of which were created by (British Standards Institute) BSI. Recently this standard has become ISO 27001. The National Institute of Standards and Technology (NIST) have released several special papers addressing cyber security. Three of these special papers are very relevant to cyber security: the 800-12 titled “Computer Security Handbook;” 800-14 titled “Generally Accepted Principles and Practices for Securing Information Technology;” and the 800-26 titled “Security Self-Assessment Guide for Information Technology Systems”.
Cybercrime Acts:
The Commonwealth Cybercrime Bill 2001 was approved by the Parliament with minor amendments on 27 September 2001. The legislation was an overbroad knee-jerk reaction to then recent well-publicised virus attacks, and has the potential to criminalise innocent behavior such as possession of security software. It also introduced an alarming law enforcement provision requiring release of encryption keys or decryption of data, contrary to the common law privilege against self-incrimination.
The Cth Bill implemented section 4.2 of the Model Criminal Code (MCC) and all Australian State and Territory Governments were understood to be intending to implement the computer related offences of the Australian Model Criminal Code.
Reasons for Cybercrime:
Hart in his work “ The Concept of Law” has said ‘human beings are vulnerable so rule of law is required to protect them’. Applying this to the cyberspace we may say that computers are vulnerable so rule of law is required to protect and safeguard them against cyber crime. The reasons for the vulnerability of computers may be said to be:
1. Capacity to store data in comparatively small space:
The computer has unique characteristic of storing data in a very small space. This affords to remove or derive information either through physical or virtual medium makes it much easier.
2. Easy to access:
The problem encountered in guarding a computer system from unauthorized access is that there is every possibility of breach not due to human error but due to the complex technology. By secretly implanted logic bomb, key loggers that can steal access codes, advanced voice recorders; retina imagers etc. that can fool biometric systems and bypass firewalls can be utilized to get past many a security system.
3. Complex:
The computers work on operating systems and these operating systems in turn are composed of millions of codes. Human mind is fallible and it is not possible that there might not be a lapse at any stage. The cyber criminals take advantage of these lacunas and penetrate into the computer system.