Crimes at Cybers

If You're Using 'Password1,' Change It. Now.

2013-01-24T04:28:00.003-08:00

By Stacy Cowley | CNNMoney.com – Wed, 31 Oct, 2012 8:01 AM EDT

The number one way hackers get into protected systems isn't through a fancy technical exploit. It's by guessing the password.

That's not too hard when the most common password used on business systems is "Password1."

There's a technical reason for Password1's popularity: It's got an upper-case letter, a number and nine characters. That satisfies the complexity rules for many systems, including the default settings for Microsoft's widely used Active Directory identity management software.

Security services firm Trustwave spotlighted the "Password1" problem in its recently released "2012 Global Security Report," which summarizes the firm's findings from nearly 2 million network vulnerability scans and 300 recent security breach investigations.

Around 5% of passwords involve a variation of the word "password," the company's researchers found. The runner-up, "welcome," turns up in more than 1%.

Easily guessable or entirely blank passwords were the most common vulnerability Trustwave's SpiderLabs unit found in its penetration tests last year on clients' systems. The firm set an assortment of widely available password-cracking tools loose on 2.5 million passwords, and successfully broke more than 200,000 of them.

Verizon came up with similar results in its 2012 Data Breach Investigations Report, one of the security industry's most comprehensive annual studies. The full report will be released in several months, but Verizon previewed some of its findings at this week's RSA conference in San Francisco.

Exploiting weak or guessable passwords was the top method attackers used to gain access last year. It played a role in 29% of the security breaches Verizon's response team investigated.

[Related: Smartphone Features You Don't Really Need]

Verizon's scariest finding was that attackers are often inside victims' networks for months or years before they're discovered. Less than 20% of the intrusions Verizon studied were discovered within days, let alone hours.

Even scarier: Few companies discovered the breach on their own. More than two-thirds learned they'd been attacked only after an external party, such as a law-enforcement agency, notified them. Trustwave's findings were almost identical: Only 16% of the cases it investigated last year were internally detected.

So if your password is something guessable, what's the best way to make it more secure? Make it longer.

Adding complexity to your password -- swapping "password" for "p@S$w0rd" -- protects against so-called "dictionary" attacks, which automatically check against a list of standard words.

But attackers are increasingly using brute-force tools that simply cycle through all possible character combinations. Length is the only effective guard against those. A seven-character password has 70 trillion possible combinations; an eight-character password takes that to more than 6 quadrillion.

Even a few quadrillion options isn't a big deal for modern machines, though. Using a $1,500 computer built with off-the-shelf parts, it took Trustwave just 10 hours to harvest its 200,000 broken passwords.

"We've got to get ourselves using stuff larger than human memory capacity," independent security researcher Dan Kaminsky said during an RSA presentation on why passwords don't work.

He acknowledged that it's an uphill fight. Biometric authentication, smartcards, one-time key generators and other solutions can increase security, but at the cost of adding complexity.

"The fundamental win of the password over every other authentication technology is its utter simplicity on every device," Kaminsky said. "This is, of course, also their fundamental failing." To top of page.

For source: Click Here

Police chief warns of rise in cyber crime

2010-11-06T20:02:00.000-07:00

Britain is facing a rising tide of online crime such as bank fraud committed by computer hackers, the country's most senior policeman has warned.

By Alastair Jamieson

Sir Paul Stephenson, the Metropolitan Police Commissioner, said organised crime gangs were increasingly turning to the internet in pursuit of illegal profits.

Writing in the Sunday Telegraph he said forces faced with a budget squeeze should not cut specialists tacking such complex crimes in order to maintain bobbies on the beat, adding "Uniform officers alone will not keep the streets safe."

Sir Paul said it would be "fundamentally misguided" to scale back efforts against internet crime when the growth of online shopping and banking has made Britons more vulnerable than ever to electronic fraud.

He warned: "My investigators tell me the expertise available to law enforcement is thin, compared to the skills they suspect are at the disposal of cyber criminals."

The warning comes after 11 suspects were charged last week in London, and 37 in New York, at the culmination of the year-long Operation Trident Breach investigation involving the Met and the FBI.Detectives believe a global fraud ring stole $70 million (£44 million) from online bank accounts using the Zeus Trojan, malicious software spread by email which infected thousands of computers and gained access to passwords.

Five more suspects arrested in the Ukraine were said to be kingpins.

In a separate case, another major cyber fraud trial will begin next week.

Sir Paul said organised criminals were "waking up to the profits and uses of e-crime" as an easier way to extort larger sums of money, adding: "The modern Tony Soprano-style crime lord will have a cyber expert on hand."

Yet he disclosed that of the 385 officers in England and Wales dedicated to online work, 85 per cent are fighting people-trafficking and child pornography – leaving fewer than 60 to fight financial crimes such as bank fraud.

Police forces are braced to bear their share of public sector budget cuts, with the Police Federation saying that as many as 40,000 jobs might be axed across England and Wales over the next four years.

Warning against political pressure to maintain the number of uniformed officers, Sir Paul said specialists working on e-crimes were "unseen officers, as far as the public and some politicians are concerned".

"Some commentators argue that we should concentrate on uniformed policing and draw back from specialised work that could be done by others," he said.

"Leave cyber crime to the banks and retailers to sort out, the argument runs. It's a fundamentally misguided argument.

"If the debate about police cutbacks gets bogged down in arguments about 'uniforms before specialists' we will not serve the public well."

He added that online fraud caused "deep distress" to victims and "threatens the integrity of our modern economy".

The Met's e-crime unit cost £2.75 million to run last year, but online fraud generated an estimated £52 billion worldwide in 2007.

It is estimated that the global 'virtual task force' of which the Met is part prevented £21 in potential theft for every £1 spent on it.

Sir Paul said police were only tackling 11 per cent of the 6,000 organised crime groups in England and Wales "in an operationally meaningful way".

source: Telegraph.co.uk

CYBER CRIME & YOU Part 1 ….. be vigilant you could be the next victim By Akubo Patricia NYSC MDGs Corps Member

2010-11-05T15:07:00.000-07:00

A new report by the Internet Crime Complaint Center has named Nigeria, Africa’s largest telecom market by investment and subscription, number three in the world, and the top African nation in the U.S. Agency’s cybercrime rankings. This means that Nigeria has the highest number of cybercrime incidents in Africa and is right behind the U.S. and the U.K which have larger populations. The publicity surrounding Nigerian cybercrime is raising fears that the country may face a slowdown in international investment in the telecom as well as the financial sectors.
As more Africans use the internet for their banking needs, the number of fraudsters eyeing people’s bank accounts and online financial transactions has also multiplied.
The United Nations Office on Drugs and Crimes estimates that Nigeria has lost millions of dollars through cybercrime, and Nigerians have been impoverished through the activities of these fraudsters.
Characteristics of Cyber Fraud
•altering computer input in an unauthorized way. This requires little technical expertise and is not an uncommon form of theft by employees altering the data before entry or entering false data, or by entering unauthorized instructions or using unauthorized processes;
•altering, destroying, suppressing, or stealing output, usually to conceal unauthorized transactions: this is difficult to detect;
•altering or deleting stored data;
•altering or misusing existing system tools or software packages, or altering or writing code for fraudulent purposes. This requires real programming skills and is not common.
Other forms of fraud may be facilitated using computer systems, including bank fraud, identity theft, extortion, and theft of classified information.
A variety of Internet scams target consumers direct.

source: letsrealize.wordpress.com

Cyber crime poses threat to E-commerce

2010-11-05T15:01:00.000-07:00

The past 12 months have been a banner year for cyber crime. And that could be bad news for the future of e-commerce.
“At current trends, in three or four years people will start to think twice about transacting on the Web, individuals and businesses,” said Michael Fraser, director of the communications law centre at the University of Technology Sydney.
“The way it’s trending now, the Web could be so full of rubbish that people won’t trust it,” Fraser said. “That could destroy the potential of the whole knowledge economy, which so many developed economies are counting on for the competitive advantage.”

According to antivirus maker Symantec, 87 percent of e-mail traffic in the past year was spam, compared to just under 70 percent in 2008. More than 40 trillion spam messages were sent according to Symantec, which monitors about a third of the world’s e-mail traffic. That’s about 5,000 spam messages for every person on the planet.
More of that spam is harboring malicious software, or “malware,” — 2 percent of spam contained malware, a 900 percent increase from the previous year.
Malware comes in a variety of forms that can search computers for bank information and personal details for identity theft, or hijack computers to become foot soldiers in a spamming army of zombie “botnets” — often unbeknownst to the owner. In Australia alone, an estimated 10 percent of computers are infected with malware, Fraser said. “And we’re relatively low because we have less (broadband penetration) than many other countries,” he said.
The past year saw an explosion of individuals on social networking sites such as Facebook having their accounts compromised and spam being sent to friends within their network.
In this way, cyber criminals have made the attacks more personal because they are sending out messages appropriating victims’ names, says Marian Merritt, an Internet safety advisor for Norton, the antivirus brand produced by Symantec. “In the past, people felt annoyed by spam, they didn’t really feel a sense of being attacked,” Merritt said. “But if your Facebook account is hacked, it’s embarrassing.”
The past year has seen the rise of “scareware” — malware that parrots a legitimate antivirus software program and then infects the computer with “the very malware it purports to protect against,” a Symantec report said. For a 12-month period ending June 30, Symantec received 43 million reports of scareware installation attempts.
“That took a lot of us in the industry by surprise the past year,” Merritt said. “You get a pop-up ad saying, ‘you have multiple viruses’ then asks you to download the antivirus software. Once you download those programs, they hold you hostage.”
The speed of news
The past year saw the rising speed and popularity of malware spam and Web sites with touts related to current events and celebrity news. “Who killed Michael Jackson?” “Get swine flu medicine here” and “Full eBook Harry Potter” were some popular online traps to open dangerous e-mail attachments or be directed to Web sites’ malware.
“If you want to know what spam will be hitting tomorrow, look at Google Trends today,” said Merritt, referring to Google’s site that shows hot topics and searches by its users.
One of the most alarming incidents in 2009 for governments and policy makers was the July 4 attacks on U.S. government sites, such as the White House, the New York Stock Exchange and Nasdaq — followed a few days later by similar attacks on Web sites in South Korea. According to a research paper by antivirus maker McAfee, both attacks were made by the same “botnet” of 50,000 computers, which spammed targets with so many e-mails their IT systems were overwhelmed.

Fact Box

Cybercrime Prevention
– Have antivirus software, anti-spyware and firewall
– Never respond to spam
– Don’t open suspicious emails or attachments
– Never provide passwords or personal information to unsolicited emails or Web sites
– When asked to ‘allow’ or ‘deny’ an application access to the Internet, choose deny unless you are confident in the safety of the site you are accessing
– When shopping or banking online, make sure website contains an “s” after http (as in https) . Look for the ‘lock’ icon in lower right corner
Sources: Symantec and Trend Micro

North Korea was suspected as the originator of the attack, leading Dmitiri Alperovitch, vice president of threat research at McAfee, to suggest one motivation of the attack “could have been to test the impact of flooding South Korean networks and the transcontinental communications between the U.S. government … (which) would provide them with a significant advantage in case of a surprise attack.”
The attack highlights the problem of security on the Internet — a transnational attack, using commercial services and tens of thousands of personal computers. To fight the attacks would take strong local and international laws on cyber security, a great deal of cooperation among commercial providers and effective systems to report the crimes — none of which is happening today, Fraser said.
“The community doesn’t know where to turn to when these crimes occur, and the police don’t know how to report it or record it, and prosecutors and court systems have a hard time coping with cases that involve gigabytes of evidence,” he said.
Looking ahead to 2010, antivirus maker Trend Micro predicts that there will be more attacks on Mac operating systems. Previously ignored by malware makers because of its relatively low market share, the booming popularity of iPhones is drawing the attention of cybercriminals.
“As the mobile OS landscape changes, and with devices comprising a huge amount of memory and storing a host of sensitive data, devices such as the iPhone and Google Android may increase as popular targets for bad guys,” Trend Micro reports in its December report, “the Future of Threats and Threat Technologies.”

The introduction this year of domain names in languages other than English — such as Russian, Chinese and Arabic — will also expand the hunting grounds for cyber crime, Trend Micro reports.

Report finds huge boom in online crime

2010-11-05T14:44:00.000-07:00

Canadians are more likely to be a victim of crime on the web than on the streets, says a new survey commissioned by the Canadian Association of Police Boards.

OTTAWA - Canadians are more likely to be victims of crime on the Internet than they are on the streets, suggests a new survey commissioned by the Canadian Association of Police Boards.

Cyber crime - things such as identity theft, computer viruses and online harassment - is very close to surpassing illicit drugs as the top crime category in North America.

The survey, completed last January by Deloitte LLP, found that nearly half of the 567 respondents had been victims of cyber crime, and 70 per cent said they did not report the crime.

Almost everyone surveyed - 95 per cent - thought they were being targeted by cyber criminals.

“If that doesn’t scare you, I don’t know what will scare you,” said Calgary police Chief Rick Hanson during a news conference Wednesday.

“It’s huge and it’s getting worse,” said Ian Wilms, chair of the Canadian Association of Police Boards. “You lock your door at night time, but people don’t, when online, just take the 30 seconds to update the security patches on their computer.”

The report finds that the number of incidents has increased dramatically since 2001.

“The pool of victims grows larger every day while the pool of perpetrators also gets larger, younger and more sophisticated . . . this is a new era for police, fighting a new type of criminal,” said Wilms in a statement.

Staff Sgt. Dick Nyehuis, head of the Calgary Police Electronics Surveillance Unit, says his department has seen a 1,239 per cent increase in seized computers over the past three years.

“We’ve now seen that there is a need for an online presence so we can monitor website and chat rooms to try and look for and identify people who could be a danger,” said Nyehuis.

“It’s a growing industry and I think it’s going to take a different approach right across Canada to address it,” said Calgary police Chief Rick Hanson.

“We’ve known for some time that it’s a growing crime threat, locally and nationally and internationally. I think this survey shows that more needs to be done.

“Is it a surprise to us? No. But like anything else our resources need to grow with the magnitude of the problem.”

Digital law expert Michael Geist says the numbers seem a little inflated and that could pose a problem for law enforcement.

“It suggests that there is widespread concern about the issue,” said Geist.

“If we’re thinking about how we prioritize law enforcement and address these issues, we need to focus on whether there is significant financial harm or whether personal safety or personal privacy is put at risk.”

The most common definition of cyber crime is broad - a criminal offense involving a computer, meaning that major issues such as child pornography and fraud are lumped in the same category as viruses and spam.

Still, Wilms stressed that action is needed sooner rather than later.

“We can’t afford to let the Internet become a no man’s land.”

Tom Keenan, a University of Calgary professor of computer science said the good news is people are becoming more aware of cybercrime.

“The bad news is we’re not getting quite to the point where people take all the right precautions. We’re kind of locking the front door but then leaving the back door open.”

With files from the Calgary Herald

source: canada.com

Computer Security Expert Busted for Spreading Viruses

2010-10-22T19:53:00.000-07:00

By ThirdAge News Staff

Posted October 22, 2010 9:06 PM

Computer security expert, Matthew Anderson, is looking at a prison term, for spreading computer viruses.

The 33-year-old from Aberdeenshire, Scotland, has admitted being a key member of a sophisticated international gang of hackers.

He abused his knowledge to target hundreds of businesses with spam containing hidden viruses.

His criminal activities were discovered by Scotland Yard, which led an investigation into the viruses.

The gang, known online as the m00p group, were discovered infecting computers using viruses attached to unsolicited commercial emails.

The Scotsman reports that Anderson composed and distributed millions of spam messages with virus attachments before distributing them.

The viruses ran in the background on an infected computer and allowed Anderson to access private and commercial data stored on them. He was also able to activate webcams, effectively spying on users in their homes and sometimes taking screengrabs.

The hacker also made copies of private documents such as wills, medical reports, CVs, password lists and private photographs.

Anderson, will be sentenced on 22 November.

Read more: http://www.thirdage.com/news/computer-security-expert-busted-spreading-viruses_10-22-2010#ixzz13999MGtv

2010-10-12T14:10:00.000-07:00

The government is preparing to issue the Information Security Guidelines to help control cyber crime that has been escalating in recent years.
Addressing a conference on cyber security, emerging cyber threats and challenges on Thursday, Rajan Raj Pant, controller of the Office of the Controller of Certification (OCC), said that the government was working to issue guidelines to help control the increasing trend of cyber crime such as e-mail threats, hacking, internet fraud and identity theft.
The guidelines are being planned by the government at a time when the use of the internet is increasing in sectors like banks and financial institutions (BFIs) and government offices that are sensitive in terms of data security.
“After the issuance of the guidelines, all the ISPs, BFIs and online operators have to abide by them,” said Pant.
“Government sites, sites belonging to banks and financial institutions and online operators must undergo a security audit by the government.” (Source:ekantipur)
source: ktm2day.com

Cyber Crime On A Roll In India

2010-10-09T18:46:00.001-07:00

cyber criminals are now targeting Enterprises and Consumers based in Tier III cities.

The ISTR (Internet Security Threat Report) by Symantec states after metro cities its now turn for the cities like Bhopal, Surat, Pune, Hyderabad and Noida which also features in top ten bot affected cities list. However it has not resulted to decline in metro cities. Cyber Criminals have now become more professional and commercial in developing, distributing and using the malicious codes, scripts and services.

The new technology and easy money stuff is responsible for the birth of new hackers and cyber criminals. The new hacking tools and viruses being exchanged among the hackers enable them to break into computer systems more easily than ever before. During the first six months, Symantec had observed an increase in multi-staged attacks. It is an initial attack that is not intended to perform malicious activities immediately but later on.

India is now taking steps to fight against the cyber crime, Indian Police are now being trained on how the Internet, e-mail, and other computer-based tools can be used by criminals to illegally obtain information stored in databases.

In the home to tech hot spots, Banglore, a lab is expected to come up very soon to train more than 1,000 police officers and other law enforcement personnel annually in cybercrime investigation techniques. It will be the third of its kind to provide such services by Indian government after Mumbai and Thane.

“As cyber threats continue to grow in India with more than 30 million Internet users across the tier I and II cities, it has never been more important to remain vigilant and informed on the evolving threats,” says Vishal Dhupar, Managing Director, Symantec India.

Ankit Fadia, the 21-year-old computer whizkid and author of ‘The Unofficial Guide to Ethical Hacking’ said “I could hack a state-owned bank’s website or a government communications website which shows the vulnerability, thousands of Indian websites are being hacked each day”.

He also has announced his association with the Ghaziabad-based Institute of Management and Technology (IMT) for a one year diploma course in cyber security programme through distance learning. In near future such courses can help to take on cyber crimes.
source: www.watblog.com

Indian Police can now track your E-mails

2010-10-01T03:15:00.000-07:00

RGXUECW54G5X

The police can now read your e-mails without prior permission from the home department.
The Parliament recently cleared an amendment to the Information Technology (IT) Act, allowing the police to intercept or decrypt online information without seeking the home department’s nod.

Rising instances of cyber crime have prompted the move aimed at cutting red tape.

The amendment empowers the inspector general of police to permit interception or decoding information in cyber space in an emergency.

This will help speedy detection of cyber crimes like phishing or sending offensive messages and in tracking terrorists who operate using the Internet.

Advocate I.P. Bagaria said the amendment was necessary.
“Every citizen has a right to privacy. However, this cannot be at the cost of the state or country,” he said.

The secretary in-charge of the state home department should be informed about the interception within three days of tracking.

The secretary the final sanctioning authority has to grant permission within seven days.

Once the sanction has been obtained, it has to be placed before the Review Committee within two months.

Senior advocate Amit Desai said this period should be reduced. “Otherwise there are chances of misuse of these powers.”

The police had to earlier take permission from the additional chief secretary, home or, in an emergency, the joint secretary.

“Liberalisation of interception is required when the world is dealing with terrorism,” said senior police officer-turned lawyer Y.P. Singh.

The amendment has increased the minimum punishment under the Act to three years and made the offense non-bailable.

Cyber expert Vijay Mukhi said there should be a mechanism to check misuse.

source:www.techchase.in

High-tech war on cybercrime

2010-10-01T03:13:00.000-07:00

CYBER POLICE

Police from the cybercrime unit will be equipped with the latest high-tech gadgets to effectively combat online offences. Inspector-General of Police Tan Sri Ismail Omar said this was necessary, especially in the wake of recent postings on social networking sites such as Facebook and YouTube.

He said combating cybercrime would be a priority as police realised that the force had to adapt to an era where information travelled at rapid speed and was circulated locally as well as globally. “We will come up with a new mechanism and procedures to deal with cases involving the Internet, especially on Facebook,” he told reporters after his inaugural visit to the Johor police headquarters here yesterday.

“We are especially concerned with news or information on the Internet that can disrupt racial relations and the country’s harmony.”He was responding to a video on YouTube where a preacher in Kuching, Sarawak, allegedly insulted Islam.

Ismail said the police would cooperate with other agencies such as the MCMC to get to the bottom of the matter.

On Tuesday, pro tem president of the Muslim Bloggers Association Zainol Abideen drew attention to the video clip of a “priest” delivering a talk at a church in Kuching and allegedly insulting Islam and Prophet Muhammad.

“If there is an element where the police can act, then we will take action against the culprit,” Ismail said.

“The matter could be investigated under the Sedition Act.” Everyone needed to be mindful of the impact their statements could have, he added.

On another matter, Ismail said the police would act on unsolved cases if full cooperation was given by the complainant or victims of crimes. “We will act on old cases if new evidence or leads are discovered,” he said.

“We urge the public who want the police to act on old cases to come forward and give us their full cooperation.”

He also wanted people to go straight to the police if they had any grievances and not highlight the matter in the media.
Source: www.internetslife.com

Saudi Arabia's Commission for the Promotion of Virtue and Prevention of Vice, known as the Haia, is aiming to set up a unit to combat cyber crimes.

2010-09-27T21:15:00.000-07:00

By ITP.net Staff Writer
According to Arab News, the Haia will establish a cyber crime unit at its Riyadh headquarters, which will initially focus on the issue of women being blackmailed online.

Saudi has recently seen an increasing number of reports of men attempting to blackmail women by threatening to post their photographs online. Use of mobile phone cameras and MMS has increased the circulation of photographs of women's faces, which under the Kingdom's strict traditions and customs, should not be revealed to non-relatives.

The General Presidency of the Commission will set up a temporary office in Riyadh. The group will also monitor illicit websites in the Kingdom, and will co-operate with other authorities to close such sites, the report said.

Cyber crime lab goes online in Mass

2010-09-27T06:26:00.000-07:00

As new technology changes the way we live, crime fighters are also taking steps to keep pace with the bad guys.

Today, Massachusetts is showing off a new lab. As NECN's Brad Puffer tells us, it's helping law enforcement follow high tech clues to solve crimes.

Dave Papargiris is head of the Cyber Crimes division at the Masschusett's Attorney General's office.

He's showing off a new lab designed to handle the increasing number of cases involving digital evidence.

“There's a lot of equipment for doing mobile phone, new phones are coming out monthly, we need to have enough tools to work with every phone that is coming out.” Papargiris says they work to assist District Attroney's across the state and offer free trainings to local police departments. All in an effort to respond more quickly.

“If we got a report of a missing child we could go right into that persons bedroom take their computer hard drive out start looking at who their were talking to who they were communicating with.” The Attorney General's office has gone from processing around 50 cases last year to more than 100 this year and they expect that number will only go up.

Martha Coakley: “Everything from cell phones to iPhones to Blackberry's to mobile computers and anything that stores information in a digital way.” Attorney General Martha Coakley says the new lab goes online Wednesday morning at a cost of almost 800-thousand dollars. Funding she says comes from grants, their own budget and the state.

“It's a major investment but in terms of what we need to do for solving crime and providing deterrence it is well worth it.” Investigators say they handle the evidence as carefully as DNA - checking evidence in and providing a static free environment to prevent any damaging shock The hope is to solve crimes faster but with strong evidence that will also convince a jury at trial.
this post is brought to you by: www.internetslife.com

Cyber Crime: A 24/7 Global Battle

2009-12-14T02:02:00.001-08:00

VIRTUAL CRIMINOLOGY REPORT - CYBER CRIME: THE NEXT
WAVE This is a post
from McAfee website :Cyber crime is a grim reality that's growing
at an alarming rate, and no one is immune to the mounting threat. It is
costing consumers, businesses, and nations billions of dollars annually,
and there's no end in sight.

For an in-depth analysis of this global trend, read the annual McAfee
Virtual Criminology Report. We've consulted with more than a dozen
security experts at the world's premier institutions-NATO, the FBI, SOCA,
The London School of Economics, and the International Institute for
Counter-Terrorism-to get their insights on the complexities of the dark
side of the Internet.

The increasing cyber threat to national security

An estimated 120 countries are leveraging the Internet for political,
military, and economic espionage activities. Cyber crime has expanded
from isolated attacks initiated by individuals or small rings to
well-funded, well-organized operations using sophisticated technology
and social engineering. Are we in the midst of a cyber cold war?
The increasing threat to individuals and industry

As more of us rely on the web for shopping, banking, socializing, and
carrying on everyday business activities, cyber criminals are
capitalizing on every opportunity to commit fraud, identity theft, and
extortion. Ingenious cyber criminals have evolved “super-strength”
threats that are harder and harder to detect and can be modified on
the fly. And, emerging technologies like voice over IP and smartphones
are fostering new threats like "vishing” and “phreaking.”
How will these developments affect consumer trust and purchasing
behavior?
Hi-tech crime: a thriving economy

Existing in parallel with legitimate ecommerce is a thriving
underground black market economy run by cyber criminals. Greedy,
malicious online fraudsters don't even need computer skills or a great
deal of money to launch an attack. They can buy customized Trojans
that steal credit card information, and botnets can be bought, sold,
and leased. And the stolen data itself is bought and sold like any
other commodity. But zero-day threats that exploit unpatched
vulnerabilities are the biggest cause for concern of all. Should these
activities eventually be legalized?

Get more details and answers by downloading your copy of the
McAfee Virtual Criminology Report today!

Email Fraud

2009-10-28T13:25:00.000-07:00

Courtesy wikipedia

Fraud has existed perhaps as long or longer than money. Any new sociological change can engender new forms of fraud, or other crime. Almost as soon as e-mail became widely used, it began to be used to defraud people via e-mail fraud. E-mail fraud can take the form of a "con game" or scam. Confidence tricks tend to exploit the inherent greed and dishonesty of their victims: the prospect of a 'bargain' or 'something for nothing' can be very tempting. E-mail fraud, as with other 'bunco schemes' relies on naive individuals who put their confidence in get-rich-quick schemes such as 'too good to be true' investments or offers to sell popular items at 'impossibly low' prices. Many people have lost their life savings due to fraud.

Forms of e-mail fraud

Spoofing

E-mail sent from someone pretending to be someone else is known as spoofing. Spoofing may take place in a number of ways. Common to all of them is that the actual sender's name and the origin of the message are concealed or masked from the recipient. Many, if not most, instances of e-mail fraud use at least minimal spoofing, as most frauds are clearly criminal acts. Criminals typically try to avoid easy traceability.

Phishing for data

Some spoof messages purport to be from an existing company, perhaps one with which the intended victim already has a business relationship. The 'bait' in this instance may appear to be a message from 'the fraud department' of, for example, the victim's bank, which asks the customer to: "confirm their information"; "log in to their account"; "create a new password", or similar requests. If the 'fish' takes the 'bait', they are 'hooked' -- their account information is now in the hands of the con man, to do with as they wish. See Phishing.

Bogus offers

E-mail solicitations to purchase goods or services may be instances of attempted fraud. The fraudulent offer typically features a popular item or service, at a drastically reduced price.

Items may be offered in advance of their actual availability, for instance, the latest video game may be offered prior to its release, but at a similar price to a normal sale. In this case, the "greed factor" is the desire to get something that nobody else has, and before everyone else can get it, rather than a reduction in price. Of course, the item is never delivered, as it was not a legitimate offer in the first place.

Such an offer may even be no more than a phishing attempt to obtain the victim's credit card information, with the intent of using the information to fraudulently obtain goods or services, paid for by the hapless victim, who may not know they were scammed until their credit card has been "used up".

Requests for help

The "request for help" type of e-mail fraud takes this form. An e-mail is sent requesting help in some way, but including a reward for this help as a "hook," such as a large amount of money, a treasure, or some artifact of supposedly great value.

This type of scam has existed at least since the Renaissance, known as the "Spanish Prisoner" or "Turkish Prisoner" scam. In its original form, this scheme has the con man purport to be in correspondence with a wealthy person who has been imprisoned under a false identity, and is relying on the confidence artist to raise money to secure his release. The con man tells the "mark" (victim) that he is "allowed" to supply money, for which he should expect a generous reward when the prisoner returns. The confidence artist claims to have chosen the victim for their reputation for honesty.

Other form of fraudulent help requests is represented by romance scam. Under this, fraudsters (pretended males or females) build online relationships, and after some time, they ask for money from the victims, claiming the money is needed due to the fact they have lost their money (or their luggage was stolen), they have been beaten or otherwise harmed and they need to get out of the country to fly to the victim's country.

This confidence trick is similar to the face-to-face con, known as the "Stranger With a Kind Face," which is the likely origin of at least the title of the vaudevillian routine known by the same name, as "Niagara Falls," or as "Slowly I turned..."

The modern e-mail version of this scam, known variously as the "Nigerian scam", "Nigerian All-Stars," etc., because it is typically based in Nigeria, is an advance fee fraud. The lottery scam is a contemporary twist on this scam.

Avoiding e-mail fraud

Due to the widespread use of web bugs in email, simply opening an email can potentially alert the sender that the address to which the email is sent is a valid address. This can also happen when the mail is 'reported' as spam, in some cases: if the email is forwarded for inspection, and opened, the sender will be notified in the same way as if the addressee opened it.

E-mail fraud may be avoided by:

Keeping one's e-mail address as secret as possible.
Using a spam filter.
Ignoring unsolicited e-mails of all types, simply deleting them.
Not giving in to greed, since greed is often the element that allows one to be "hooked".

Many frauds go unreported to authorities, due to shame, guilty feelings or embarrassment.

above image is from techshout.com

Cyber Crime Investigations Targets Electronic Thieves

2009-09-30T12:42:00.000-07:00

NEWPORT BEACH, Calif.--(BUSINESS WIRE)--Cyber Crime Investigations (CCI), the corporate theft analysis experts,
announced the launch of its electronic theft investigation services.
Established by industry veteran James Box, an ex-law enforcement
investigator, and Scott Sloan, an electronic forensics specialist, CCI
offers the ideal combination of skills, experience and expertise
required to effectively investigate and resolve electronic related
crimes.

“It is difficult to imagine in today’s world of high technology, mobile
communication, digital information and trend toward ‘paperless offices’
that a commercial and/or corporate theft can be committed without the
use of an electronic device,” stated James Box, private investigator.
“We live in an age where electronic computing and communication devices
have proliferated the work place. Add to the equation the internet and
the workplace has become vulnerable to a plethora of new types of
employee theft, corporate espionage and electronic crimes. We
established CCI to address the increasing rate of electronic thefts in
the workplace and to assist the unfortunate victims in quickly
establishing the theft and protect them against any further or future
loss.”

“For the past several years, Jim and I have worked together on civil and
criminal cases involving computer and electronic thefts and have enjoyed
an impressive track record of delivering successful conclusions for our
clients,” stated Scott Sloan, electronic forensics and network security
specialist. “Establishing CCI enabled us to continue to leverage our
complementary skills and experience and to provide a much needed
service. We are very experienced in collecting digital evidence and
preserving the data’s integrity for forensic investigation, and know how
best to protect metadata and maintain the data’s chain of custody. And
CCI is uniquely positioned to provide clients with a wealth of
experience and expertise in the appropriate collection and preparation
of evidence should the victim wish to pursue the matter in a civil
and/or criminal court action.”

CCI is an investigative firm specializing in electronic related thefts
through a combination of Electronic Forensic Investigation and
Traditional Criminal Investigation with a strong commitment to providing
clients with the highest level of professionalism and customer service.
CCI assists clients in discretely resolving the suspected electronic
theft, crime or intrusion in the most efficient and expeditious manner
with as little disruption and loss to the client as possible.

CCI focuses on Corporate Theft, Trade Secret Protection and Employment
Pre-Termination Investigations and offers a range of investigative
services to:

Establish the electronic theft or crime

Properly acquire, process, authenticate and secure evidence – ensuring
proper chain of evidence

Identify and confirm the perpetrator through a combination of
electronic forensic investigation and traditional investigative and
interviewing techniques

Properly interview suspected employee and other employees to dispel
any possible discrimination and avoid wrongful dismissal suits

Assist in the recovery of stolen assets where possible

Prepare the evidence and case to present to law enforcement and/or
courts if the action is requested or required

In addition to these services, CCI provides a comprehensive range of
traditional and electronic investigative services as well as network
security services to large and small business, law firms, insurance
companies, government agencies and private citizens.

About CCI

Cyber Crime Investigations (CCI) is an investigative firm established by
James Box and Scott Sloan to assist individual and corporate clients in
the detection and analysis of electronic related intrusions, thefts and
crimes, and to protect them against further and/or future losses.

Mr Box is a well respected and established Private Investigator with
significant experience in the criminal justice system. Having spent 21
years in law enforcement, Mr Box left the Orange County District
Attorney’s office and established a very successful private
investigation business serving the greater Southern California area.

Mr. Sloan is an established IT Professional with over 20 years
experience in the Computer Sciences field. Mr Sloan currently works in
several areas of forensics and uses many different tools to obtain
critical key evidence for his clients.

With CCI you can be assured of expert handling of suspected perpetrators
and evidence in a professional and confidential manner. For more
information, visit www.cciforensics.com.

Information on Cyber Crimes

2009-09-26T13:56:00.000-07:00

Hacking in simple terms means an illegal intrusion into a computer system and/or network. There is an equivalent term to hacking i.e. cracking, but from Indian Laws perspective there is no difference between the term hacking and cracking. Every act committed towards breaking into a computer and/or network is hacking. Hackers write or use ready-made computer programs to attack the target computer. They possess the desire to destruct and they get the kick out of such destruction. Some hackers hack for personal monetary gains, such as to stealing the credit card information, transferring money from various bank accounts to their own account followed by withdrawal of money. They extort money from some corporate giant threatening him to publish the stolen information which is critical in nature.

Child Pornography

The Internet is being highly used by its abusers to reach and abuse children sexually, worldwide. The internet is very fast becoming a household commodity in India . Itâ€™s explosion has made the children a viable victim to the cyber crime. As more homes have access to internet, more children would be using the internet and more are the chances of falling victim to the aggression of pedophiles.

Cyber Stalking

Cyber Stalking can be defined as the repeated acts harassment or threatening behavior of the cyber criminal towards the victim by using internet services. Stalking in General terms can be referred to as the repeated acts of harassment targeting the victim such as following the victim, making harassing phone calls, killing the victims pet, vandalizing victims property, leaving written messages or objects. Stalking may be followed by serious violent acts such as physical harm to the victim and the same has to be treated and viewed seriously. It all depends on the course of conduct of the stalker.Read more...

Denial of service Attack

This is an act by the criminal, who floods the bandwidth of the victimâ€™s network or fills his e-mail box with spam mail depriving him of the services he is entitled to access or provide

Virus Dissemination

Malicious software that attaches itself to other software. (virus, worms, Trojan Horse, Time bomb, Logic Bomb, Rabbit and Bacterium are the malicious

Software Piracy

Theft of software through the illegal copying of genuine programs or the counterfeiting and distribution of products intended to pass for the original.Read more...

IRC Crime

Internet Relay Chat (IRC) servers have chat rooms in which people from anywhere the world can come together and chat with each other.Read more...

Credit Card Fraud

The unauthorized and illegal use of a credit card to purchase property.

Net Extortion

Copying the companyâ€™s confidential data in order to extort said company for huge amount

Phishing

The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has.

Computer Forensics In Criminal Defence

2009-09-26T13:47:00.000-07:00

There is a lot of coverage within the media about how digital forensics have been used within a court case to prosecute. However, within the British judicial system, someone is innocent until proven otherwise.
With this in mind, there are many ways in which criminal defence law firms can use digital forensics to defending a client. Digital forensics covers the use of mobile phones, computers
and even satellite navigation units – in short, any digital device. . All of these can help the accused prove their innocence if looked in to correctly.
Computer forensics has helped many cases, primarily for prosecution, but it can be used to help people prove they have not committed the crime they have been accused of.
With the help of digital and computer forensics specialists, there are many ways a case can be helped if digital evidence has been presented against the accused. There are many strict rules and regulations that must be followed to extract evidence properly. If these rules have not been followed the evidence can be deemed invalid.
Any extracted evidence should have been done so by an approved analyst to be deemed an admissible source. If this is proven not to be the case, then the evidence is worthless and other sources will need to be found to support the case.
Alongside these points there are other factors that decide whether evidence extracted is usable. By choosing a reputable computer forensics company, they will be able to provide answers to such questions and know whether the evidence provided has been found legitimately or not.
The digital finger-prints we leave in today’s society means anything and everything can potentially be traced back. With this in mind it is important to remember that although we can extract data vital to proving conviction – or innocence, there are still procedures that need to be followed.
If the guidelines are not followed, extracted data is invalid, so ensure where any case is presented the facts are checked, and the only people to do this are the digital forensic professionals.

Written by Jenny Pilley

Cyber Crimes Center

2009-09-26T13:28:00.000-07:00

The Cyber Crimes Center (C3) Child Exploitation Section (CES) investigates the trans-border dimension of large-scale producers and distributors of images of child abuse, as well as individuals who travel in foreign commerce for the purpose of engaging in sex with minors. The CES employs the latest technology to collect evidence and track the activities of individuals and organized groups who sexually exploit children through the use of websites, chat rooms, newsgroups, and peer-to-peer trading. These investigative activities are organized under Operation Predator, a program managed by the CES. The CES also conducts clandestine operations throughout the world to identify and apprehend violators. The CES assists the field offices and routinely coordinates major investigations. The CES works closely with law enforcement agencies from around the world because the exploitation of children is a matter of global importance.
C3 brings the full range of ICE computer and forensic assets together in a single location to combat such Internet-related crimes as:

Possession, manufacture and distribution of images of child abuse.

International money laundering and illegal cyber-banking.

Illegal arms trafficking and illegal export of strategic/controlled commodities.

Drug trafficking (including prohibited pharmaceuticals).

General Smuggling (including the trafficking in stolen art and antiquities; violations of the Endangered Species Act etc.)

Intellectual property rights violations (including music and software).

Immigration violations; identity and benefit fraud

C3 consists of four sections, three of which provide cyber technical and investigative services, the Cyber Crimes Section (CCS), the Child Exploitation Section (CES), and the Digital Forensic Section (DFS). The fourth section, the Information Technology and Administrative Section (ITAS), provides the technical and operational infrastructure services necessary to support the other three C3 sections. The center is a co-location of special agents, intelligence research specialists, administrative support, and contractors, all of which are instrumental in operational and technical continuity. Within each section, there are various program managers assigned to certain programmatic areas. These program managers are responsible for supporting ICE Internet investigations through the generation and the dissemination of viable leads. Program managers are available to provide guidance and training to field agents as well as to other law enforcement (foreign and domestic) upon request.

Child Exploitation

The C3 CES investigates large-scale producers and distributors of images of child abuse as well as individuals who travel in foreign commerce for the purpose of engaging in sex with minors. The CES employs the latest technology to collect evidence and track the activities of individuals and organized groups who sexually exploit children through the use of websites, chat rooms, newsgroups and peer-to-peer trading. The CES also conducts clandestine operations throughout the world to identify and apprehend violators. The CES assists the field offices and routinely coordinates major investigations. The CES works closely with law enforcement agencies from around the world because the exploitation of children is a matter of global importance.

Operation Falcon — A joint international images of child abuse investigation initiated by ICE that identified 39 websites distributing child pornography. Further investigation led to the arrest of 1,200 international downloader’s and more than 300 U.S. customers. Nine individuals from the United States and Belarus were identified and charged as the principals in this investigation. All principals were convicted on various charges related to money laundering, structuring and the production and distribution of images of child abuse.

Operation Mango — An extensive investigation that closed down an American-owned beachside resort in Acapulco, Mexico, which offered children to sexual predators. The resort was a haven for pedophiles that traveled to the facility for the sole purpose of engaging in sex with minors. The proprietor of the business was convicted. As a result of this investigation and others, the government of Mexico recently created a Federal task force to address crimes against children in its country.

Internet Crimes Against Children (ICAC) Task Force — The Department of Justice (DOJ) Office of Juvenile Justice Programs, ICAC Task Force comprises 45 task forces. The task forces were created in cooperation with the DOJ ICAC to provide reporting, a means to provide a virtual pointer system for Child Exploitation and images of child abuse cases and secure collaboration for various Federal, State, and Local law enforcement organizations, task forces, and affiliated groups around the world. DHS/ICE strongly supports the efforts of the ICAC task forces as demonstrated by ICE special agents being active members of the ICACs throughout the United States. The Northern Virginia/Metro DC ICAC is housed at the DHS/ICE C3.

Cyber Crimes Section

The Cyber Crimes Section (CCS) is responsible for developing and coordinating investigations of Immigration and Customs violations where the Internet is used to facilitate the criminal act. The CCS investigative responsibilities include fraud, theft of intellectual property rights, money laundering, identity and benefit fraud, the sale and distribution of narcotics and other controlled substances, illegal arms trafficking and the illegal export of strategic/controlled commodities and the smuggling and sale of other prohibited items such as art and cultural property.

The CCS is involved in the development of Internet undercover law enforcement investigative methodology, and new laws and regulations to strengthen U.S. Cyber-Border Security. C3 supports the ICE Office of Investigation’s (OI) domestic field offices, along with ICE foreign attachés offices with cyber technical, and covert online investigative support.

Operations Apothecary – The CCS, the ICE Commercial Fraud Office and the National Intellectual Property Rights (IPR) Coordination Center have partnered together and launched a comprehensive Internet pharmaceutical initiative designed to target, arrest and prosecute individuals and organizations that are involved in the smuggling of counterfeit pharmaceuticals of a controlled and non-controlled nature as well as scheduled narcotics via the Internet. The focus is also on the affiliates of the rogue pharmacies that are typically operated by criminal enterprises whose sole purpose is to generate large sums of money, with no regard to the health and welfare of the public.

Intellectual Property Rights - The CCS has encountered thousands of web sites based in the United States, as well as foreign that are engaged in the sale of counterfeit merchandise (including music and software) via the Internet. The CCS continues to work closely with the National IPR Coordination Center, the Computer Crimes and Intellectual Property Section (CCIPS) at the DOJ, and industry representatives to identify web sites responsible for the sale of the counterfeit items.

Arms and Strategic Technology - The CCS supports ICE’s mission to prevent proliferate countries, terrorists, trans-national criminals from obtaining strategic materials, funds and support and to protect the American public from the introduction weapons of mass destruction and other instruments of terror from entering the United States.

Identify Fraud Initiative - The availability and use of fraudulent identification documents has always been a concern to the law enforcement community. While traditionally available from street sources, fraudulent identification and travel documents, of all types, are also readily available for sale via the Internet. In the post 9-11 world, fraudulent identity and travel documents are of an even greater concern to ICE because of the alarming threat they pose to ICE's primary mission of protecting the United States, and its citizens, from threats arising from the movement of people and goods into and out of the country. With addressing these documents and their threat in mind, the CCS has sought to identify sources for fraudulent identity and immigration documents on the Internet. Those sources identified are pursued for criminal violations either locally or referred to other ICE field offices."

Digital Forensics Section

Digital evidence has become prevalent in every ICE investigative case category. Digital evidence is quickly replacing documentary evidence as the “smoking gun” in investigations. As a result, ICE investigations increasing demand that vital evidence be identified, seized, and recovered from a variety of electronic devices. ICE special agents need access to information stored on personal computers, complex business networks, personal digital assistants (PDA), cellular telephones, and multifunction communications devices.

Under legacy US Customs and US Immigration, ICE began training special agents to address this problem. The merger of the two agencies’ legacy computer forensic programs now provides ICE with more than one hundred and twenty-five special agents trained to process digital evidence.

The C3, Digital Forensic Section (DFS) provides programmatic oversight to the ICE Digital Forensics Program, operates the ICE National Digital Forensics Lab, and participates jointly with the US Secret Service and the Internal Revenue Service in the legacy Treasury Computer Investigative Specialist Training Program.

DFS Digital Forensic Agents (DFA) serve as the primary source for ICE field DFAs for technical forensic support issues, conduct research and development on new and emerging technologies, and develop and deliver training to field DFAs.

The DFS operates a state of the art Digital Forensics Lab that processes “strange and large” digital evidence seized by ICE field offices. Digital evidence resident on “non-standard” hardware or too voluminous for field office to process may be forwarded to the DFS for examination.

The DFS also provides ICE with advanced data exploitation capabilities. Digital evidence submitted by ICE field offices can be imported onto the DFS Lab network, indexed, and searched using advanced data exploitation tools. Large volumes of unrelated data can quickly and efficiently be mined for evidence of criminal activity.

Cyber Security

2009-09-21T02:50:00.000-07:00

Security whether it is physical or virtual , is the primary concern of any organization. The proliferation of computer systems and network has created new situation where organizations, be it government or private, are becoming more and more relying on computers and network for day to day operations. This has resulted in a deep concern regarding the safety of information and infrastructure. Critical Infrastructure such as electricity, water supply , nuclear plants, financial institutions , etc. play an important role in economy and safety of the country. Any type of intrusions into such systems can jeopardize the safety of the country.
The wide spread use of computers and internet provides intruders an opportunity to sneak in and create havoc. There is a strong need to provide sufficient security to all computer systems and information residing in it.
Computer Security Institute (CSI) most of the computer security breaches are not reported. People keep quiet not to expose the vulnerability further. The CSI/FBI report Computer Crime and Security Survey 2006 shows alarming increase in cyber crimes. The key finding of the survey is
* Virus attacks are the major threat causing financial loss ( 74%)
* Percentage of organizations reporting intrusions have increased from 20 to 25 %
* Over 80% organizations conduct security audit.
It is a fact that most of the organizations don’t report the intrusions to avoid negative publicity it gets. One of the objective of this programme is to provide information and guidelines to protect computer systems against intrusions, data theft, etc. www.cyberkeralam.in

True Confession of Hackers

2009-09-21T02:43:00.000-07:00

Watch the Hackers confession.!!
Do you think hackers are criminals of cyber world or those good people who help poor and dummy people at the cyber world by providing cracks to the internet world?

Money Lost from Internet Crimes Rises

2009-08-29T10:47:00.000-07:00

When you look at the list of uses, advantages and opportunities that the Internet provides, it’s seemingly never-ending, yet there are some “dark” sides to it as well. One of those dark sides is that the Internet provides criminals with lots of opportunities to scam good people. The IC3 just released their 2007 report on Internet Crime and what they found is that the money lost in Internet-related crimes hit a new high last year. In all, around $240 million dollars were reported in losses which is a $40 million increase from the prior year.
When you think of Internet-related crimes, what do you think of? Maybe spam email, phishing attempts, and eBay scams? Those all contribute to the reported crimes, but add to the list online dating scams, crimes involving pets, check-cashing schemes, and people asking for “charity” donations. The three main types of crimes that were committed include:
Fraud – where consumers didn’t get the right merchandise they paid for
Non-delivery – consumers didn’t receive a purchased good
Confidence fraud – where scammers ask consumers to rely on them
The IC3 (Internet Crime Complaint Center) reported that men actually lost more on average, than women. Each male that made a complaint lost on average $765 compared to $522 for women. Age also made a difference as well. The “younger” crowd, those in their 20’s lost $385 on average while the “older” crowd, those over 60 lost $760 on average per scam. In the end, about 1/2 of reports involved an amount less than $1,000 while 1/3 of complaints involved amounts between $1,000-$5,000.
While we have sympathy for those who have lost money due to Internet crimes, it’s still hard to believe that it happens as often as it does and people lose as much money as they do. By now, you’d think more people would be educated about the major dangers of the Internet thanks to news agencies covering it, and thus would be able to easily spot a scam. Do you know anybody who has been a victim of Internet Crime?
Note: If you’d like to view the complete report, click here and then click on the 2007 IC3 Annual Report to download it.
Source: NY Times

Cyber Crime

2009-08-16T02:26:00.000-07:00

INTRODUCTION:
The term ‘cyber crime’ is a misnomer. This term has nowhere been defined in any statute /Act passed or enacted by the Indian Parliament. The concept of cyber crime is not radically different from the concept of conventional crime. Both include conduct whether act or omission, which cause breach of rules of law and counterbalanced by the sanction of the state.
Before evaluating the concept of cyber crime it is obvious that the concept of conventional crime be discussed and the points of similarity and deviance between both these forms may be discussed.
CONVENTIONAL CRIME-
Crime is a social and economic phenomenon and is as old as the human society. Crime is a legal concept and has the sanction of the law. Crime or an offence is “a legal wrong that can be followed by criminal proceedings which may result into punishment.”(1) The hallmark of criminality is that, it is breach of the criminal law. Per Lord Atkin “the criminal quality of an act cannot be discovered by reference to any standard but one: is the act prohibited with penal consequences”. (2)
A crime may be said to be any conduct accompanied by act or omission prohibited by law and consequential breach of which is visited by penal consequences.
CYBER CRIME
Cyber crime is the latest and perhaps the most complicated problem in the cyber world. “Cyber crime may be said to be those species, of which, genus is the conventional crime, and where either the computer is an object or subject of the conduct constituting crime” (13). “Any criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further crimes comes within the ambit of cyber crime”(12)
A generalized definition of cyber crime may be “ unlawful acts wherein the computer is either a tool or target or both”(3) The computer may be used as a tool in the following kinds of activity- financial crimes, sale of illegal articles, pornography, online gambling, intellectual property crime, e-mail spoofing, forgery, cyber defamation, cyber stalking. The computer may however be target for unlawful acts in the following cases- unauthorized access to computer/ computer system/ computer networks, theft of information contained in the electronic form, e-mail bombing, data didling, salami attacks, logic bombs, Trojan attacks, internet time thefts, web jacking, theft of computer system, physically damaging the computer system.
DISTINCTION BETWEEN CONVENTIONAL AND CYBER CRIME-
There is apparently no distinction between cyber and conventional crime. However on a deep introspection we may say that there exists a fine line of demarcation between the conventional and cyber crime, which is appreciable. The demarcation lies in the involvement of the medium in cases of cyber crime. The sine qua non for cyber crime is that there should be an involvement, at any stage, of the virtual cyber medium.
REASONS FOR CYBER CRIME:
Hart in his work “ The Concept of Law” has said ‘human beings are vulnerable so rule of law is required to protect them’. Applying this to the cyberspace we may say that computers are vulnerable so rule of law is required to protect and safeguard them against cyber crime. The reasons for the vulnerability of computers may be said to be:
Capacity to store data in comparatively small space-
The computer has unique characteristic of storing data in a very small space. This affords to remove or derive information either through physical or virtual medium makes it much more easier.
Easy to access-
The problem encountered in guarding a computer system from unauthorised access is that there is every possibility of breach not due to human error but due to the complex technology. By secretly implanted logic bomb, key loggers that can steal access codes, advanced voice recorders; retina imagers etc. that can fool biometric systems and bypass firewalls can be utilized to get past many a security system.
3.Complex-
The computers work on operating systems and these operating systems in turn are composed of millions of codes. Human mind is fallible and it is not possible that there might not be a lapse at any stage. The cyber criminals take advantage of these lacunas and penetrate into the computer system.
4.Negligence-
Negligence is very closely connected with human conduct. It is therefore very probable that while protecting the computer system there might be any negligence, which in turn provides a cyber criminal to gain access and control over the computer system.
5. Loss of evidence-
Loss of evidence is a very common & obvious problem as all the data are routinely destroyed. Further collection of data outside the territorial extent also paralyses this system of crime investigation.
CYBER CRIMINALS:
The cyber criminals constitute of various groups/ category. This division may be justified on the basis of the object that they have in their mind. The following are the category of cyber criminals-
1. Children and adolescents between the age group of 6 – 18 years –
The simple reason for this type of delinquent behaviour pattern in children is seen mostly due to the inquisitiveness to know and explore the things. Other cognate reason may be to prove themselves to be outstanding amongst other children in their group. Further the reasons may be psychological even. E.g. the Bal Bharati (Delhi) case was the outcome of harassment of the delinquent by his friends.
2. Organised hackers-
These kinds of hackers are mostly organised together to fulfil certain objective. The reason may be to fulfil their political bias, fundamentalism, etc. The Pakistanis are said to be one of the best quality hackers in the world. They mainly target the Indian government sites with the purpose to fulfil their political objectives. Further the NASA as well as the Microsoft sites is always under attack by the hackers.
3. Professional hackers / crackers –
Their work is motivated by the colour of money. These kinds of hackers are mostly employed to hack the site of the rivals and get credible, reliable and valuable information. Further they are ven employed to crack the system of the employer basically as a measure to make it safer by detecting the loopholes.
4. Discontented employees-
This group include those people who have been either sacked by their employer or are dissatisfied with their employer. To avenge they normally hack the system of their employee.
MODE AND MANNER OF COMMITING CYBER CRIME:
Unauthorized access to computer systems or networks / Hacking-
This kind of offence is normally referred as hacking in the generic sense. However the framers of the information technology act 2000 have no where used this term so to avoid any confusion we would not interchangeably use the word hacking for ‘unauthorized access’ as the latter has wide connotation.
Theft of information contained in electronic form-
This includes information stored in computer hard disks, removable storage media etc. Theft may be either by appropriating the data physically or by tampering them through the virtual medium.
Email bombing-
This kind of activity refers to sending large numbers of mail to the victim, which may be an individual or a company or even mail servers there by ultimately resulting into crashing.
Data diddling-
This kind of an attack involves altering raw data just before a computer processes it and then changing it back after the processing is completed. The electricity board faced similar problem of data diddling while the department was being computerised.
Salami attacks-
This kind of crime is normally prevalent in the financial institutions or for the purpose of committing financial crimes. An important feature of this type of offence is that the alteration is so small that it would normally go unnoticed. E.g. the Ziegler case wherein a logic bomb was introduced in the bank’s system, which deducted 10 cents from every account and deposited it in a particular account.
Denial of Service attack-
The computer of the victim is flooded with more requests than it can handle which cause it to crash. Distributed Denial of Service (DDoS) attack is also a type of denial of service attack, in which the offenders are wide in number and widespread. E.g. Amazon, Yahoo.
7. Virus / worm attacks-
Viruses are programs that attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network. They usually affect the data on a computer, either by altering or deleting it. Worms, unlike viruses do not need the host to attach themselves to. They merely make functional copies of themselves and do this repeatedly till they eat up all the available space on a computer's memory. E.g. love bug virus, which affected at least 5 % of the computers of the globe. The losses were accounted to be $ 10 million. The world's most famous worm was the Internet worm let loose on the Internet by Robert Morris sometime in 1988. Almost brought development of Internet to a complete halt.
8. Logic bombs-
These are event dependent programs. This implies that these programs are created to do something only when a certain event (known as a trigger event) occurs. E.g. even some viruses may be termed logic bombs because they lie dormant all through the year and become active only on a particular date (like the Chernobyl virus).
Trojan attacks-
This term has its origin in the word ‘Trojan horse’. In software field this means an unauthorized programme, which passively gains control over another’s system by representing itself as an authorised programme. The most common form of installing a Trojan is through e-mail. E.g. a Trojan was installed in the computer of a lady film director in the U.S. while chatting. The cyber criminal through the web cam installed in the computer obtained her nude photographs. He further harassed this lady.
Internet time thefts-
Normally in these kinds of thefts the Internet surfing hours of the victim are used up by another person. This is done by gaining access to the login ID and the password. E.g. Colonel Bajwa’s case- the Internet hours were used up by any other person. This was perhaps one of the first reported cases related to cyber crime in India. However this case made the police infamous as to their lack of understanding of the nature of cyber crime.
11. Web jacking-
This term is derived from the term hi jacking. In these kinds of offences the hacker gains access and control over the web site of another. He may even mutilate or change the information on the site. This may be done for fulfilling political objectives or for money. E.g. recently the site of MIT (Ministry of Information Technology) was hacked by the Pakistani hackers and some obscene matter was placed therein. Further the site of Bombay crime branch was also web jacked. Another case of web jacking is that of the ‘gold fish’ case. In this case the site was hacked and the information pertaining to gold fish was changed. Further a ransom of US $ 1 million was demanded as ransom. Thus web jacking is a process where by control over the site of another is made backed by some consideration for it.
CLASSIFICATION:
The subject of cyber crime may be broadly classified under the following three groups. They are-1. Against Individuals
a. their person &b. their property of an individual
2. Against Organization
a. Governmentc. Firm, Company, Group of Individuals.3. Against Society at large
The following are the crimes, which can be committed against the followings group Against Individuals: –
i. Harassment via e-mails.ii. Cyber-stalking.iii. Dissemination of obscene material.iv. Defamation.v. Unauthorized control/access over computer system.vi. Indecent exposurevii. Email spoofing viii. Cheating & Fraud
Against Individual Property: -
i. Computer vandalism.ii. Transmitting virus.iii. Netrespassiv. Unauthorized control/access over computer system.v. Intellectual Property crimesvi. Internet time thefts
Against Organization: -
i. Unauthorized control/access over computer systemii. Possession of unauthorized information.iii. Cyber terrorism against the government organization.iv. Distribution of pirated software etc.
Against Society at large: -
i. Pornography (basically child pornography).ii. Polluting the youth through indecent exposure.iii. Traffickingiv. Financial crimesv.Sale of illegal articlesvi.Online gamblingvii. Forgery
The above mentioned offences may discussed in brief as follows:
1. Harassment via e-mails-
Harassment through e-mails is not a new concept. It is very similar to harassing through letters. Recently I had received a mail from a lady wherein she complained about the same. Her former boy friend was sending her mails constantly sometimes emotionally blackmailing her and also threatening her. This is a very common type of harassment via e-mails.
2. Cyber-stalking-
The Oxford dictionary defines stalking as "pursuing stealthily". Cyber stalking involves following a person's movements across the Internet by posting messages (sometimes threatening) on the bulletin boards frequented by the victim, entering the chat-rooms frequented by the victim, constantly bombarding the victim with emails etc.
3. Dissemination of obscene material/ Indecent exposure/ Pornography (basically child pornography) / Polluting through indecent exposure-
Pornography on the net may take various forms. It may include the hosting of web site containing these prohibited materials. Use of computers for producing these obscene materials. Downloading through the Internet, obscene materials. These obscene matters may cause harm to the mind of the adolescent and tend to deprave or corrupt their mind. Two known cases of pornography are the Delhi Bal Bharati case and the Bombay case wherein two Swiss couple used to force the slum children for obscene photographs. The Mumbai police later arrested them.
4. Defamation
It is an act of imputing any person with intent to lower the person in the estimation of the right-thinking members of society generally or to cause him to be shunned or avoided or to expose him to hatred, contempt or ridicule. Cyber defamation is not different from conventional defamation except the involvement of a virtual medium. E.g. the mail account of Rohit was hacked and some mails were sent from his account to some of his batch mates regarding his affair with a girl with intent to defame him.
4. Unauthorized control/access over computer system-
This activity is commonly referred to as hacking. The Indian law has however given a different connotation to the term hacking, so we will not use the term "unauthorized access" interchangeably with the term "hacking" to prevent confusion as the term used in the Act of 2000 is much wider than hacking.
5. E mail spoofing-
A spoofed e-mail may be said to be one, which misrepresents its origin. It shows it's origin to be different from which actually it originates. Recently spoofed mails were sent on the name of Mr. Na.Vijayashankar (naavi.org), which contained virus.
Rajesh Manyar, a graduate student at Purdue University in Indiana, was arrested for threatening to detonate a nuclear device in the college campus. The alleged e- mail was sent from the account of another student to the vice president for student services. However the mail was traced to be sent from the account of Rajesh Manyar.(15)
6. Computer vandalism-
Vandalism means deliberately destroying or damaging property of another. Thus computer vandalism may include within its purview any kind of physical harm done to the computer of any person. These acts may take the form of the theft of a computer, some part of a computer or a peripheral attached to the computer or by physically damaging a computer or its peripherals.
7. Transmitting virus/worms-
This topic has been adequately dealt herein above.
8. Intellectual Property crimes / Distribution of pirated software-
Intellectual property consists of a bundle of rights. Any unlawful act by which the owner is deprived completely or partially of his rights is an offence. The common form of IPR violation may be said to be software piracy, copyright infringement, trademark and service mark violation, theft of computer source code, etc.
The Hyderabad Court has in a land mark judgement has convicted three people and sentenced them to six months imprisonment and fine of 50,000 each for unauthorized copying and sell of pirated software. (16)
9. Cyber terrorism against the government organization
At this juncture a necessity may be felt that what is the need to distinguish between cyber terrorism and cyber crime. Both are criminal acts. However there is a compelling need to distinguish between both these crimes. A cyber crime is generally a domestic issue, which may have international consequences, however cyber terrorism is a global concern, which has domestic as well as international consequences. The common form of these terrorist attacks on the Internet is by distributed denial of service attacks, hate websites and hate emails, attacks on sensitive computer networks, etc. Technology savvy terrorists are using 512-bit encryption, which is next to impossible to decrypt. The recent example may be cited of – Osama Bin Laden, the LTTE, attack on America’s army deployment system during Iraq war.
Cyber terrorism may be defined to be “ the premeditated use of disruptive activities, or the threat thereof, in cyber space, with the intention to further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives” (4)
Another definition may be attempted to cover within its ambit every act of cyber terrorism.
A terrorist means a person who indulges in wanton killing of persons or in violence or in disruption of services or means of communications essential to the community or in damaging property with the view to –
(1) putting the public or any section of the public in fear; or
(2) affecting adversely the harmony between different religious, racial, language or regional groups or castes or communities; or
(3) coercing or overawing the government established by law; or
(4) endangering the sovereignty and integrity of the nation
and a cyber terrorist is the person who uses the computer system as a means or ends to achieve the above objectives. Every act done in pursuance thereof is an act of cyber terrorism.
10.Trafficking
Trafficking may assume different forms. It may be trafficking in drugs, human beings, arms weapons etc. These forms of trafficking are going unchecked because they are carried on under pseudonyms. A racket was busted in Chennai where drugs were being sold under the pseudonym of honey.
Fraud & Cheating
Online fraud and cheating is one of the most lucrative businesses that are growing today in the cyber space. It may assume different forms. Some of the cases of online fraud and cheating that have come to light are those pertaining to credit card crimes, contractual crimes, offering jobs, etc.
Recently the Court of Metropolitan Magistrate Delhi (17) found guilty a 24-year-old engineer working in a call centre, of fraudulently gaining the details of Campa's credit card and bought a television and a cordless phone from Sony website. Metropolitan magistrate Gulshan Kumar convicted Azim for cheating under IPC, but did not send him to jail. Instead, Azim was asked to furnish a personal bond of Rs 20,000, and was released on a year's probation.
STATUTORY PROVISONS:
The Indian parliament considered it necessary to give effect to the resolution by which the General Assembly adopted Model Law on Electronic Commerce adopted by the United Nations Commission on Trade Law. As a consequence of which the Information Technology Act 2000 was passed and enforced on 17th May 2000.the preamble of this Act states its objective to legalise e-commerce and further amend the Indian Penal Code 1860, the Indian Evidence Act 1872, the Banker’s Book Evidence Act1891 and the Reserve Bank of India Act 1934. The basic purpose to incorporate the changes in these Acts is to make them compatible with the Act of 2000. So that they may regulate and control the affairs of the cyber world in an effective manner.
The Information Technology Act deals with the various cyber crimes in chapters IX & XI. The important sections are Ss. 43,65,66,67. Section 43 in particular deals with the unauthorised access, unauthorised downloading, virus attacks or any contaminant, causes damage, disruption, denial of access, interference with the service availed by a person. This section provide for a fine up to Rs. 1 Crore by way of remedy. Section 65 deals with ‘tampering with computer source documents’ and provides for imprisonment up to 3 years or fine, which may extend up to 2 years or both. Section 66 deals with ‘hacking with computer system’ and provides for imprisonment up to 3 years or fine, which may extend up to 2 years or both. Further section 67 deals with publication of obscene material and provides for imprisonment up to a term of 10 years and also with fine up to Rs. 2 lakhs. (14)
ANALYSIS OF THE STATUTORY PROVISONS:
The Information Technology Act 2000 was undoubtedly a welcome step at a time when there was no legislation on this specialised field. The Act has however during its application has proved to be inadequate to a certain extent. The various loopholes in the Act are-
1. The hurry in which the legislation was passed, without sufficient public debate, did not really serve the desired purpose (6)-
Experts are of the opinion that one of the reasons for the inadequacy of the legislation has been the hurry in which it was passed by the parliament and it is also a fact that sufficient time was not given for public debate. 2. “Cyberlaws, in their very preamble and aim, state that they are targeted at aiding e-commerce, and are not meant to regulate cybercrime”(6) –
Mr. Pavan Duggal holds the opinion that the main intention of the legislators has been to provide for a law to regulate the e-commerce and with that aim the I.T.Act 2000 was passed, which also is one of the reasons for its inadequacy to deal with cases of cyber crime.
At this point I would like to express my respectful dissent with Mr. Duggal. I feel that the above statement by Mr. Duggal is not fundamentally correct. The reason being that the preamble does state that the Act aims at legalising e-commerce. However it does not stop here. It further amends the I.P.C., Evidence Act, Banker’s Book Evidence and RBI Act also. The Act also aims to deal with all matters connected therewith or incidental thereto. It is a cardinal rule of interpretation that “text should be read as a whole to gather the meaning”. It seems that the above statement has been made in total disregard of this rule of interpretation. The preamble, if read as a whole, makes it very clear that the Act equally aims at legalising e-commerce and to curb any offences arising there from.3.Cyber torts-
The recent cases including Cyber stalking cyber harassment, cyber nuisance, and cyber defamation have shown that the I.T.Act 2000 has not dealt with those offences. Further it is also contended that in future new forms of cyber crime will emerge which even need to be taken care of. Therefore India should sign the cyber crime convention. However the I.T.Act 2000 read with the Penal Code is capable of dealing with these felonies. 4.Cyber crime in the Act is neither comprehensive nor exhaustive-
Mr. Duggal believes that we need dedicated legislation on cyber crime that can supplement the Indian Penal Code. The contemporary view is held by Mr. Prathamesh Popat who has stated- "The IT Act, 2000 is not comprehensive enough and doesn't even define the term 'cyber crime". (8) Mr. Duggal has further commented, “India, as a nation, has to cope with an urgent need to regulate and punish those committing cyber crimes, but with no specific provisions to do so. Supporters of the Indian Penal Code School vehemently argue that IPC has stood the test of time and that it is not necessary to incorporate any special laws on cyber crime. This is because it is debated by them that the IPC alone is sufficient for all kinds of crime. However, in practical terms, the argument does not have appropriate backing. It has to be distinctly understood that cyber crime and cyberspace are completely new whelms, where numerous new possibilities and opportunities emerge by the day in the form of new kinds of crimes.”(6)
I feel that a new legislation on cyber crime is totally unwarranted. The reason is that the new legislation not come alone but will bring with it the same confusion, the same dissatisfaction and the same desire to supplant it by further new legislation. Mr. Duggal has stated above the need to supplement IPC by a new legislation. If that is the issue then the present legislation along with the Penal Code when read harmoniously and co- jointly is sufficient to deal with the present problems of cyber crime. Further there are other legislations to deal with the intellectual property crimes on the cyber space such as the Patents Act, Copy Right Act, Trade Marks Act. 5.Ambiguity in the definitions-
The definition of hacking provided in section 66 of the Act is very wide and capable of misapplication. There is every possibility of this section being misapplied and in fact the Delhi court has misapplied it. The infamous go2nextjob has made it very clear that what may be the fate of a person who is booked under section 66 or the constant threat under which the netizens are till s. 66 exists in its present form.
Further section 67 is also vague to certain extent. It is difficult to define the term lascivious information or obscene pornographic information. Further our inability to deal with the cases of cyber pornography has been proved by the Bal Bharati case. 6. Uniform law-
Mr. Vinod Kumar (9) holds the opinion that the need of the hour is a worldwide uniform cyber law to combat cyber crime. Cyber crime is a global phenomenon and therefore the initiative to fight it should come from the same level. E.g. the author of the love bug virus was appreciated by his countrymen.7.Lack of awareness-
One important reason that the Act of 2000 is not achieving complete success is the lack of awareness among the s about their rights. Further most of the cases are going unreported. If the people are vigilant about their rights the law definitely protects their right. E.g. the Delhi high court in October 2002 prevented a person from selling Microsoft pirated software over an auction site. Achievement was also made in the case before the court of metropolitan magistrate Delhi wherein a person was convicted for online cheating by buying Sony products using a stolen credit card. (17)8. Jurisdiction issues-
Jurisdiction is also one of the debatable issues in the cases of cyber crime due to the very universal nature of cyber space. With the ever-growing arms of cyber space the territorial concept seems to vanish. New methods of dispute resolution should give way to the conventional methods. The Act of 2000 is very silent on these issues.9. Extra territorial application-
Though S.75 provides for extra-territorial operations of this law, but they could be meaningful only when backed with provisions recognizing orders and warrants for Information issued by competent authorities outside their jurisdiction and measure for cooperation for exchange of material and evidence of computer crimes between law enforcement agencies.10. Raising a cyber army-
By using the word ‘cyber army’ by no means I want to convey the idea of virtual army, rather I am laying emphasis on the need for a well equipped task force to deal with the new trends of hi tech crime. The government has taken a leap in this direction by constituting cyber crime cells in all metropolitan and other important cities. Further the establishment of the Cyber Crime Investigation Cell (CCIC) of the Central Bureau of Investigation (CBI) 11) is definitely a welcome step in this direction. There are man cases in which the C.B.I has achieved success. The present position of cases of cyber crime (17) is –
Case 1: When a woman at an MNC started receiving obscene calls, CBI found her colleague had posted her personal details on Mumbaidating.com.
Status: Probe on
Case 2: CBI arrested a man from UP, Mohammed Feroz, who placed ads offering jobs in Germany. He talked to applicants via e-mail and asked them to deposit money in his bank account in Delhi.
Status: Chargesheet not filed
Case 3: The official web-site of the Central Board of Direct Taxes was hacked last year. As Pakistan-based hackers were responsible, authorities there were informed through Interpol.
Status: Pak not cooperating.11. Cyber savvy bench-
Cyber savvy judges are the need of the day. Judiciary plays a vital role in shaping the enactment according to the order of the day. One such stage, which needs appreciation, is the P.I.L., which the Kerela High Court has accepted through an email. The role of the judges in today’s word may be gathered by the statement- judges carve ‘law is’ to ‘law ought to be’. Mr T.K.Vishwanathan, member secretary, Law Commission , has highlighted the requirements for introducing e-courts in India. In his article published in The Hindu he has stated “if there is one area of Governance where IT can make a huge difference to Indian public is in the Judicial System”.12. Dynamic form of cyber crime-
Speaking on the dynamic nature of cyber crime FBI Director Louis Freeh has said, "In short, even though we have markedly improved our capabilities to fight cyber intrusions the problem is growing even faster and we are falling further behind.” The (de)creativity of human mind cannot be checked by any law. Thus the only way out is the liberal construction while applying the statutory provisions to cyber crime cases. 13. Hesitation to report offences-
As stated above one of the fatal drawbacks of the Act has been the cases going unreported. One obvious reason is the non-cooperative police force. This was proved by the Delhi time theft case. "The police are a powerful force today which can play an instrumental role in preventing cybercrime. At the same time, it can also end up wielding the rod and harassing innocent s, preventing them from going about their normal cyber business."(10) This attitude of the administration is also revelled by incident that took place at Merrut and Belgam. (for the facts of these incidents refer to naavi.com). For complete realisation of the provisions of this Act a cooperative police force is require.
PREVENTION OF CYBER CRIME:
Prevention is always better than cure. It is always better to take certain precaution while operating the net. A should make them his part of cyber life. Saileshkumar Zarkar, technical advisor and network security consultant to the Mumbai Police Cyber crime Cell, advocates the 5P mantra for online security: Precaution, Prevention, Protection, Preservation and Perseverance. A netizen should keep in mind the following things-
1.to prevent cyber stalking avoid disclosing any information pertaining to oneself. This is as good as disclosing your identity to strangers in public place.
2.always avoid sending any photograph online particularly to strangers and chat friends as there have been incidents of misuse of the photographs.
3.always use latest and up date anti virus software to guard against virus attacks.
4.always keep back up volumes so that one may not suffer data loss in case of virus contamination
5.never send your credit card number to any site that is not secured, to guard against frauds.
6.always keep a watch on the sites that your children are accessing to prevent any kind of harassment or depravation in children.
7.it is better to use a security programme that gives control over the cookies and send information back to the site as leaving the cookies unguarded might prove fatal.
8.web site owners should watch traffic and check any irregularity on the site. Putting host-based intrusion detection devices on servers may do this.
9.use of firewalls may be beneficial.
10. web servers running public sites must be physically separate protected from internal corporate network.
Adjudication of a Cyber Crime - On the directions of the Bombay High Court the Central Government has by a notification dated 25.03.03 has decided that the Secretary to the Information Technology Department in each state by designation would be appointed as the AO for each state.
CONCLUSION:
Capacity of human mind is unfathomable. It is not possible to eliminate cyber crime from the cyber space. It is quite possible to check them. History is the witness that no legislation has succeeded in totally eliminating crime from the globe. The only possible step is to make people aware of their rights and duties (to report crime as a collective duty towards the society) and further making the application of the laws more stringent to check crime. Undoubtedly the Act is a historical step in the cyber world. Further I all together do not deny that there is a need to bring changes in the Information Technology Act to make it more effective to combat cyber crime. I would conclude with a word of caution for the pro-legislation school that it should be kept in mind that the provisions of the cyber law are not made so stringent that it may retard the growth of the industry and prove to be counter-productive.
REFERENCES:
1. Granville Williams
2. Proprietary Articles Trade Association v. A.G.for Canada (1932)
3. Nagpal R. – What is Cyber Crime?
4. Nagpal R- Defining Cyber Terrorism
5. Duggal Pawan – The Internet: Legal Dimensions
6. Duggal Pawan - Is this Treaty a Treat?
7. Duggal Pawan - Cybercrime
8. Kapoor G.V. - Byte by Byte
9. Kumar Vinod – Winning the Battle against Cyber Crime
10. Mehta Dewang- Role of Police In Tackling Internet Crimes
11. Postal address-
Superintendent of Police, Cyber Crime Investigation Cell, 5th Floor, Block No.3, CGO Complex, Lodhi Road, New Delhi – 110 003Phone: 4362203, 4392424
e-mail- cbiccic@bol.net.in
12. Duggal Pawan
13. by the Author
14. For the sake of convenience the readers are requested to read sections 43, 65, 66,67 of the Information Technology Act.
15. Sify News 14.03.03
16. Deccan Herald 16.03.03
17. Hindustan Times 03.03.03

Reporting Computer Hacking, Fraud and Other Internet-Related Crime

2009-08-16T02:12:00.000-07:00

The primary federal law enforcement agencies that investigate domestic crime on the Internet include: the Federal Bureau of Investigation (FBI), the United States Secret Service, the United States Immigration and Customs Enforcement (ICE) , the United States Postal Inspection Service, and the Bureau of Alcohol, Tobacco and Firearms (ATF) . Each of these agencies has offices conveniently located in every state to which crimes may be reported. Contact information regarding these local offices may be found in local telephone directories. In general, federal crime may be reported to the local office of an appropriate law enforcement agency by a telephone call and by requesting the "Duty Complaint Agent."
Each law enforcement agency also has a headquarters (HQ) in Washington, D.C., which has agents who specialize in particular areas. For example, the FBI and the U.S. Secret Service both have headquarters-based specialists in computer intrusion (i.e., computer hacker) cases.

For more on this article please click here

Internet Security: How Criminals Hack Other Peoples Computers

2009-08-02T09:11:00.000-07:00

For those of you that work in Information Technology and started in the last 20 years or so, chances are you were inspired by movies such as War Games, Sneakers or even Hackers. Remember that 80’s T.V. show Whiz Kids? That was cool too. I so wanted to be one of those kids.Of course, those movies were exaggerating the power of computers or how they worked, but it was fascinating! The idea of taking control of something or figuring out how it worked by poking around and analyzing it. It was this endless world of possibilities that got us pursuing some of the most thankless jobs in the world.So how do criminals do things like hack other people’s computers? It really doesn’t take a lot of skill at all.Let’s assume I’m the criminal for the sake of this story. Disclaimer: I have never been charged with any crime. I do not do the things I’ll talk about here. You shouldn’t either! Do not try this at home – do it somewhere else.

The easiest way to hack someone’s computer is to get your grubby little hands on it. If I got your computer AND found that your Windows XP accounts were password protected, I would simply use a bootable password reset disk to change or remove the passwords. Then I’m in. I’m not going to tell you where to get these utilities, however, I’m sure you can use Google.
If you had Windows Vista on the disk, with it’s BitLocker technology, it would be harder to get around the protection for certain. But it can be done. I’m sure this isn’t the only method out there.
“Okay smarty-pants! You’ve gotten into my account but I have passwords on all the documents that have my important information!”
Really? First, I don’t believe you since very few people even know that they can password protect documents. Second, there’s a good chance you use the same password for all the documents. Chances are you figure that having a strong password on the Windows account is good enough, that you’ve used a pretty weak one on your documents. Any sort of password cracker using a rainbow table or dictionary attack will get through those in a matter of seconds to minutes.
What if you had set a BIOS password, so that I couldn’t even get to the operating system without knowing it? Well, that’s another step in the right direction, but, yet again, it can be done. The thing is, now I have to do a lot of work. Steal the computer, crack the BIOS password, crack your Windows protection, and crack the document protection. Since most people who steal, steal from people they know, I’ll probably know that you do these things. I’ll look for an easier target. Lazy criminal laggards!
“But Guy!” you say, “what if I do all of that but you want to get at me over the Internet?”
First off, why do you keep calling me Butt Guy? (Seriously, I NEVER get tired of that joke!) Second, um, yeah, I could do that. However, I’m less likely to try to actually hack your computer. What I’m likely to do is hack websites that you use to gather the information I need to steal your information or money. Even with some creative web searching I can get an awful lot of information on you. Seriously. Try searching on your name and aliases you use on the web. You’ll be amazed by the social profile one could build on you, to steal your identity. So, be careful about what you put out there. It’s out there, pretty much forever.
If you would like to trace someone online MakeUseOf lists a numbers of really good free tools in the post about 15 Websites to Find People On The Internet.

Let’s say that I’m going to hack right into your computer remotely. The easiest way to do this is to trick you into downloading software that will allow me to take control of your computer. This kind of software is known as a Trojan Horse. I may send you an attachment, or link, in an e-mail that, once you open it, installs the Trojan program without you knowing it. Or, I may set up a web page on a popular topic, that will attack your computer and drop the Trojan Horse onto it. Here’s a story on exactly that.
Once that Trojan is on there, I can use it to take information from you, or I might use it to set up a proxy for me to get to other computers. The nasty part of that is that it is possible for you to then be implicated in whatever crime I committed. Sure, a good lawyer would get you exonerated, but how many lawyers are good enough with computers to understand what just happened? By the time you pay for the lawyer, and dealt with the embarrassment of being charged, you’re already done in. Then I’m long gone.
So what do you do? Well, you keep your operating system updated, you keep your software updated, you keep your antivirus and firewall on and updated. You should also disconnect your computer from the Internet when you are not using. But really, who does all that?
Every computer is like a house – locks on the door, but a glass window right beside it. Just as my dad often said, “Locks only keep out honest people.”

post from; makeuseof.com

posts from crime-research.org

2009-02-04T01:43:00.000-08:00

The internet in India is growing rapidly. It has given rise to new opportunities in every field we can think of – be it entertainment, business, sports or education. There are two sides to a coin. Internet also has its own disadvantages. One of the major disadvantages is Cybercrime – illegal activitiy committed on the internet. The internet, along with its advantages, has also exposed us to security risks that come with connecting to a large network. Computers today are being misused for illegal activities like e-mail espionage, credit card fraud, spams, software piracy and so on, which invade our privacy and offend our senses. Criminal activities in the cyberspace are on the rise. Here we publish an article by Nandini Ramprasad in series for the benefit of our netizens. –Ed.

"The modern thief can steal more with a computer than with a gun. Tomorrow's terrorist may be able to do more damage with a keyboard than with a bomb".

– National Research Council, "Computers at Risk", 1991.

What is this Cyber crime? We read about it in newspapers very often. Let's look at the dictionary definition of Cybercrime: "It is a criminal activity committed on the internet. This is a broad term that describes everything from electronic cracking to denial of service attacks that cause electronic commerce sites to lose money".

Mr. Pavan Duggal, who is the President of cyberlaws.net and consultant, in a report has clearly defined the various categories and types of cybercrimes.

Cybercrimes can be basically divided into 3 major categories:

1. Cybercrimes against persons.

2. Cybercrimes against property.

3. Cybercrimes against government.

Cybercrimes committed against persons include various crimes like transmission of child-pornography, harassment of any one with the use of a computer such as e-mail. The trafficking, distribution, posting, and dissemination of obscene material including pornography and indecent exposure, constitutes one of the most important Cybercrimes known today. The potential harm of such a crime to humanity can hardly be amplified. This is one Cybercrime which threatens to undermine the growth of the younger generation as also leave irreparable scars and injury on the younger generation, if not controlled.

A minor girl in Ahmedabad was lured to a private place through cyberchat by a man, who, along with his friends, attempted to gangrape her. As some passersby heard her cry, she was rescued.

Another example wherein the damage was not done to a person but to the masses is the case of the Melissa virus. The Melissa virus first appeared on the internet in March of 1999. It spread rapidly throughout computer systems in the United States and Europe. It is estimated that the virus caused 80 million dollars in damages to computers worldwide.

In the United States alone, the virus made its way through 1.2 million computers in one-fifth of the country's largest businesses. David Smith pleaded guilty on Dec. 9, 1999 to state and federal charges associated with his creation of the Melissa virus. There are numerous examples of such computer viruses few of them being "Melissa" and "love bug".

Cyberharassment is a distinct Cybercrime. Various kinds of harassment can and do occur in cyberspace, or through the use of cyberspace. Harassment can be sexual, racial, religious, or other. Persons perpetuating such harassment are also guilty of cybercrimes.

Cyberharassment as a crime also brings us to another related area of violation of privacy of citizens. Violation of privacy of online citizens is a Cybercrime of a grave nature. No one likes any other person invading the invaluable and extremely touchy area of his or her own privacy which the medium of internet grants to the citizen.

The second category of Cyber-crimes is that of Cybercrimes against all forms of property. These crimes include computer vandalism (destruction of others' property), transmission of harmful programmes.

A Mumbai-based upstart engineering company lost a say and much money in the business when the rival company, an industry major, stole the technical database from their computers with the help of a corporate cyberspy.

The third category of Cyber-crimes relate to Cybercrimes against Government. Cyberterrorism is one distinct kind of crime in this category. The growth of internet has shown that the medium of Cyberspace is being used by individuals and groups to threaten the international governments as also to terrorise the citizens of a country. This crime manifests itself into terrorism when an individual "cracks" into a government or military maintained website.

In a report of expressindia. com, it was said that internet was becoming a boon for the terrorist organisations. According to Mr. A.K. Gupta, Deputy Director (Co-ordination), CBI, terrorist outfits are increasingly using internet to communicate and move funds. "Lashker-e-Toiba is collecting contributions online from its sympathisers all over the world. During the investigation of the Red Fort shootout in Dec. 2000, the accused Ashfaq Ahmed of this terrorist group revealed that the militants are making extensive use of the internet to communicate with the operatives and the sympathisers and also using the medium for intra-bank transfer of funds".

Cracking is amongst the gravest Cyber-crimes known till date. It is a dreadful feeling to know that a stranger has broken into your computer systems without your knowledge and consent and has tampered with precious confidential data and information.

Coupled with this the actuality is that no computer system in the world is cracking proof. It is unanimously agreed that any and every system in the world can be cracked. The recent denial of service attacks seen over the popular commercial sites like E-bay, Yahoo, Amazon and others are a new category of Cyber-crimes which are slowly emerging as being extremely dangerous.

Unauthorised access

Using one's own programming abilities as also various progra-mmes with malicious intent to gain unauthorised access to a computer or network are very serious crimes. Similarly, the creation and dissemination of harmful computer programmes which do irreparable damage to computer systems is another kind of Cybercrime. Software piracy is also another distinct kind of Cybercrime which is perpetuated by many people online who distribute illegal and unauthorised pirated copies of software.

Professionals who involve in these cybercrimes are called crackers and it is found that many of such professionals are still in their teens. A report written near the start of the Information Age warned that America's computers were at risk from crackers. It said that computers that "control (our) power delivery, communications, aviation and financial services (and) store vital information, from medical re-cords to business plans, to criminal records", were vulnerable from many sources, including deliberate attack.

"Script-kiddies"

Crackers do more than just spoiling websites. Novices, who are called "script-kiddies" in their circles, gain "root" access to a computer system, giving them the same power over a system as an administrator – such as the power to modify features. They cause damage by planting viruses.

The Parliament of India passed its first Cyberlaw, the Information Technology Act in 2000. It not only provides the legal infrastructure for E-commerce in India but also at the same time, gives draconian powers to the Police to enter and search, without any warrant, any public place for the purpose of nabbing cybercriminals and preventing cybercrime. Also, the Indian Cyberlaw talks of the arrest of any person who is about to commit a cybercrime.

The Act defines five cyber-crimes – damage to computer source code, hacking, publishing electronic information whi-ch is lascivious or prurient, br-each of confidentiality and pu-blishing false digital signatu-res. The Act also specifies that cybercrimes can only be investigated by an official holding no less a rank than that of Dy. Superintendent of Police (Dy.SP).

The Act simply says "Notwi-thstanding anything contained in any other law for the time being in force, any Police Officer not below the rank of Dy.SP may enter, search and arrest any person without search warrant in any public place who he thinks is committing or about to commit a cybercrime".

It is common that many systems operators do not share information when they are victimis-ed by crackers. They don't contact law enforcement officers when their computer systems are invaded, preferring instead to fix the damage and take action to keep crackers from gaining access again with as little public attention as possible.

According to Sundari Nanda, SP, CBI, "most of the times the victims do not complain, may be because they are aware of the extent of the crime committed against them, or as in the case of business houses, they don't want to confess their system is not secure".

As the research shows, computer crime poses a real threat. Those who believe otherwise simply have not been awakened by the massive losses and setbacks experienced by companies worldwide. Money and intellectual property have been stolen, corporate operations impeded, and jobs lost as a result of computer crime.

Similarly, information systems in government and business alike have been compromised. The economic impact of computer crime is staggering.

Cyberspace

As the cases of cybercrime grows, there is a growing need to prevent them. Cyberspace belongs to everyone. There should be electronic surveillance which means investigators tracking down hackers often want to monitor a cracker as he breaks into a victim's computer system. The two basic laws governing real-time electronic surveillance in other criminal investigations also apply in this context, search warrants which means that search warrants may be obtained to gain access to the premises where the cracker is believed to have evidence of the crime. Such evidence would include the computer used to commit the crime, as well as the software used to gain unauthorised access and other evidence of the crime.

There should also be analysing evidence from a cracker's computer by the officials investigating the crime. A seized computer may be examined by a forensic computer examiner to determine what evidence of the crime exists on the computer.

Researchers must explore the problems in greater detail to learn the origins, methods, and motivations of this growing criminal group. Decision-makers in business, government, and law enforcement must react to this emerging body of knowledge. They must develop policies, methods, and regulations to detect incursions, investigate and prosecute the perpetrators, and prevent future crimes. In addition, Police Departments should immediately take steps to protect their own information systems from intrusions.

Internet provides anonymity: This is one of the reasons why criminals try to get away easily when caught and also give them a chance to commit the crime again. Therefore, we users should be careful. We should not disclose any personal information on the internet or use credit cards and if we find anything suspicious in e-mails or if the system is hacked, it should be immediately reported to the Police officials who investigate cyber-crimes rather than trying to fix the problem by ourselves.

Computer crime is a multi-billion dollar problem. Law enforcement must seek ways to keep the drawbacks from overshadowing the great promise of the computer age. Cybercrime is a menace that has to be tackled effectively not only by the official but also by the users by co-operating with the law. The founding fathers of internet wanted it to be a boon to the whole world and it is upon us to keep this tool of modernisation as a boon and not make it a bane to the society.