25-06-2012, 03:31 PM
CYBERCRIME AND SECURITY
Cyber crime is any criminal activity which uses network access to commit a criminal act. With the exponential growth of Internet connection, the opportunities for the exploitation of any weaknesses in Information Security are multiplying.
Cyber crime includes acts such as hacking, uploading obscene content on the Internet, sending obscene e-mails and hacking into a person's e-banking account to withdraw money.
Net extortion, credit card fraud, hacking, virus dissemination, harassment via email - all this was unheard of a few years ago but now have become common names in the area of cyber crime.
Two types of attack are prevalent:-
1. Techno-crime. A pre-meditated act against system or systems, with the express intent to copy, steal, prevent access, corrupt or otherwise deface or damage parts or all of a computer
system. The 24x7 connection to the Internet makes this type of Cybercrime a real possibility to engineer from anywhere in the world; leaving few if any, 'finger prints'.
2. Techno-vandalism. These acts of 'brainless' defacement of Websites, and/or other activities such as copying files and publicizing their contents publicly, are usually opportunistic in nature. Tight internal security, allied to strong technical safeguards should prevent the vast majority of such incidents.
Crimes that primarily target computer networks or devices include:
• Computer viruses
• Denial-of-service attacks
• Malware (malicious code)
Computer viruses:
A computer virus is a computer program that can replicate itself[1] and spread from one computer to another. The term "virus" is also commonly, but erroneously used, to refer to other types of malware, including but not limited to adware & spyware programs that do not have a reproductive ability. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by other computers.
Denial-of-service attacks:
A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person, or multiple people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root name servers.
Malware (malicious code):
Malware, short for malicious software, is software designed to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems. While it is sometimes software, it can also appear in the form of script or code. Malware is a general term used to describe any kind of software or code specifically designed to exploit a computer, or the data it contains, without consent.[1] The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software.[2]
Typical activities of cyber crime can include the following:
• Cyberstalking
• Fraud and identity theft
• Information warfare
• Phishing scams
• Botnets
• SPAM
• Fake security software
Cyberstalking:
Cyberstalking is the use of the Internet or other electronic means to stalk or harass an individual, a group of individuals, or an organization. It may include false accusations, monitoring, making threats, identity theft, damage to data or equipment, the solicitation of minors for sex, or gathering information in order to harass. The definition of "harassment" must meet the criterion that a reasonable person, in possession of the same information, would regard it as sufficient to cause another reasonable person distress.[1]
Fraud:
Computer fraud is any dishonest misrepresentation of fact intended to let another to do or refrain from doing something which causes loss.[citation needed] In this context, the fraud will result in obtaining a benefit by:
• Altering computer input in an unauthorized way. This requires little technical expertise and is not an uncommon form of theft by employees altering the data before entry or entering false data, or by entering unauthorized instructions or using unauthorized processes;
• Altering, destroying, suppressing, or stealing output, usually to conceal unauthorized transactions: this is difficult to detect;
• Altering or deleting stored data;
Altering or misusing existing system tools or software packages, or altering or writing code for fraudulent purposes
Bank fraud is the use of fraudulent means to obtain money, assets, or other property owned or held by a financial institution, or to obtain money from depositors by fraudulently representing to be a bank or financial institution.[1] In many instances, bank fraud is a criminal offense
Credit card fraud is a wide-ranging term for theft and fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account. Credit card fraud is also an adjunct to identity theft.
Identity theft:
Identity theft is a form of stealing someone's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name. The victim of identity theft (here meaning the person whose identity has been assumed by the identity thief) can suffer adverse consequences if they are held accountable for the perpetrator's actions. Organizations and individuals who are duped or defrauded by the identity thief can also suffer adverse consequences and losses, and to that extent are also victims.
Information warfare:
The term Information Warfare (IW) is primarily an American concept involving the use and management of information technology in pursuit of a competitive advantage over an opponent. Information warfare may involve collection of tactical information, assurance(s) that one's own information is valid, spreading of propaganda or disinformation to demoralize or manipulate[1] the enemy and the public, undermining the quality of opposing force information and denial of information-collection opportunities to opposing forces.
Phishing scams
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail spoofing or instant messaging,[1] and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users,[2] and exploits the poor usability of current web security technologies.[3] Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.
Botnets:
A botnet is a collection of compromised computers, each of which is known as a 'bot', connected to the Internet. When a computer is compromised by an attacker, there is often code within the malware that commands it to become part of a botnet. The "botmaster" or "bot herder" controls these compromised computers via standards-based network protocols such as IRC and http.
SPAM:
Email spam, also known as junk email or unsolicited bulk email (UBE), is a subset of electronic spam involving nearly identical messages sent to numerous recipients by email. Definitions of spam usually include the aspects that email is unsolicited and sent in bulk. Email spam has steadily grown since the early 1990s. Botnets, networks of virus-infected computers, are used to send about 80% of spam.
Spam, or the unsolicited sending of bulk email for commercial purposes, is unlawful in some jurisdictions. While anti-spam laws are relatively new, limits on unsolicited electronic communications have existed for some time.
Fake security software:
Fake security software (or rogueware[1]) is a form of Internet fraud using computer malware (malicious software) that deceives or misleads users into paying for fake or simulated removal of malware or claims to get rid of malware, but instead introduces malware to the computer.[2] Rogue security software has become a growing and serious security threat in desktop computing in recent years (2008–2012).
Rogue security software mainly relies on social engineering (fraud) in order to defeat the security built into modern operating system and browser software and install itself onto victims' computers.[3] A website may, for example, display a fictitious warning dialog stating that someone's machine is infected with a computer virus, and encourage them through social engineering to install or purchase scareware in the belief that they are purchasing genuine antivirus software.
Some rogue security software, however, propagate onto users' computers as drive-by downloads which exploit security vulnerabilities in web browsers, pdf viewers, or email clients to install themselves without any manual interaction.[
Cyber crime is any criminal activity which uses network access to commit a criminal act. With the exponential growth of Internet connection, the opportunities for the exploitation of any weaknesses in Information Security are multiplying.
Cyber crime includes acts such as hacking, uploading obscene content on the Internet, sending obscene e-mails and hacking into a person's e-banking account to withdraw money.
Net extortion, credit card fraud, hacking, virus dissemination, harassment via email - all this was unheard of a few years ago but now have become common names in the area of cyber crime.
Two types of attack are prevalent:-
1. Techno-crime. A pre-meditated act against system or systems, with the express intent to copy, steal, prevent access, corrupt or otherwise deface or damage parts or all of a computer
system. The 24x7 connection to the Internet makes this type of Cybercrime a real possibility to engineer from anywhere in the world; leaving few if any, 'finger prints'.
2. Techno-vandalism. These acts of 'brainless' defacement of Websites, and/or other activities such as copying files and publicizing their contents publicly, are usually opportunistic in nature. Tight internal security, allied to strong technical safeguards should prevent the vast majority of such incidents.
Crimes that primarily target computer networks or devices include:
• Computer viruses
• Denial-of-service attacks
• Malware (malicious code)
Computer viruses:
A computer virus is a computer program that can replicate itself[1] and spread from one computer to another. The term "virus" is also commonly, but erroneously used, to refer to other types of malware, including but not limited to adware & spyware programs that do not have a reproductive ability. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by other computers.
Denial-of-service attacks:
A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person, or multiple people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root name servers.
Malware (malicious code):
Malware, short for malicious software, is software designed to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems. While it is sometimes software, it can also appear in the form of script or code. Malware is a general term used to describe any kind of software or code specifically designed to exploit a computer, or the data it contains, without consent.[1] The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software.[2]
Typical activities of cyber crime can include the following:
• Cyberstalking
• Fraud and identity theft
• Information warfare
• Phishing scams
• Botnets
• SPAM
• Fake security software
Cyberstalking:
Cyberstalking is the use of the Internet or other electronic means to stalk or harass an individual, a group of individuals, or an organization. It may include false accusations, monitoring, making threats, identity theft, damage to data or equipment, the solicitation of minors for sex, or gathering information in order to harass. The definition of "harassment" must meet the criterion that a reasonable person, in possession of the same information, would regard it as sufficient to cause another reasonable person distress.[1]
Fraud:
Computer fraud is any dishonest misrepresentation of fact intended to let another to do or refrain from doing something which causes loss.[citation needed] In this context, the fraud will result in obtaining a benefit by:
• Altering computer input in an unauthorized way. This requires little technical expertise and is not an uncommon form of theft by employees altering the data before entry or entering false data, or by entering unauthorized instructions or using unauthorized processes;
• Altering, destroying, suppressing, or stealing output, usually to conceal unauthorized transactions: this is difficult to detect;
• Altering or deleting stored data;
Altering or misusing existing system tools or software packages, or altering or writing code for fraudulent purposes
Bank fraud is the use of fraudulent means to obtain money, assets, or other property owned or held by a financial institution, or to obtain money from depositors by fraudulently representing to be a bank or financial institution.[1] In many instances, bank fraud is a criminal offense
Credit card fraud is a wide-ranging term for theft and fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account. Credit card fraud is also an adjunct to identity theft.
Identity theft:
Identity theft is a form of stealing someone's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name. The victim of identity theft (here meaning the person whose identity has been assumed by the identity thief) can suffer adverse consequences if they are held accountable for the perpetrator's actions. Organizations and individuals who are duped or defrauded by the identity thief can also suffer adverse consequences and losses, and to that extent are also victims.
Information warfare:
The term Information Warfare (IW) is primarily an American concept involving the use and management of information technology in pursuit of a competitive advantage over an opponent. Information warfare may involve collection of tactical information, assurance(s) that one's own information is valid, spreading of propaganda or disinformation to demoralize or manipulate[1] the enemy and the public, undermining the quality of opposing force information and denial of information-collection opportunities to opposing forces.
Phishing scams
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail spoofing or instant messaging,[1] and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users,[2] and exploits the poor usability of current web security technologies.[3] Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.
Botnets:
A botnet is a collection of compromised computers, each of which is known as a 'bot', connected to the Internet. When a computer is compromised by an attacker, there is often code within the malware that commands it to become part of a botnet. The "botmaster" or "bot herder" controls these compromised computers via standards-based network protocols such as IRC and http.
SPAM:
Email spam, also known as junk email or unsolicited bulk email (UBE), is a subset of electronic spam involving nearly identical messages sent to numerous recipients by email. Definitions of spam usually include the aspects that email is unsolicited and sent in bulk. Email spam has steadily grown since the early 1990s. Botnets, networks of virus-infected computers, are used to send about 80% of spam.
Spam, or the unsolicited sending of bulk email for commercial purposes, is unlawful in some jurisdictions. While anti-spam laws are relatively new, limits on unsolicited electronic communications have existed for some time.
Fake security software:
Fake security software (or rogueware[1]) is a form of Internet fraud using computer malware (malicious software) that deceives or misleads users into paying for fake or simulated removal of malware or claims to get rid of malware, but instead introduces malware to the computer.[2] Rogue security software has become a growing and serious security threat in desktop computing in recent years (2008–2012).
Rogue security software mainly relies on social engineering (fraud) in order to defeat the security built into modern operating system and browser software and install itself onto victims' computers.[3] A website may, for example, display a fictitious warning dialog stating that someone's machine is infected with a computer virus, and encourage them through social engineering to install or purchase scareware in the belief that they are purchasing genuine antivirus software.
Some rogue security software, however, propagate onto users' computers as drive-by downloads which exploit security vulnerabilities in web browsers, pdf viewers, or email clients to install themselves without any manual interaction.[