Embed Size (px)
DESCRIPTION
Citation preview
INTRODUCTION
Crime is not new. The means by which criminals are able to commit crimes has vastly
changed in some respects thanks to the use of the Internet and computers. As technology
advances, so does the ways in which criminals are able to pull off their horrendous deeds.
With the Internet, crimes can now be committed more anonymously and with lightning
speed. On the other hand, the same technology that allows criminals to engage in felonious
acts is the exact same technology that helps law enforcement catches them.
Cyber crime is the latest and perhaps the most complicated problem in the cyber world.
Cyber crime may be said to be those species, of which, genus is the conventional crime, and
where either the computer is an object or subject of the conduct constituting crime. Any
criminal activity that uses a computer either as an instrumentality, target or a means for
perpetuating further crimes comes within the ambit of cyber crime.
THE DEFINITON OF CYBER CRIME
The term ‘cyber crime’ is a misnomer. One of the leading countries in IT penetration is India.
India Parliament has nowhere been defined in any statute or Act passed or enacted regarding
the cyber crime. The concept of cyber crime is not radically different from the concept of
conventional crime. Both include conduct whether act or omission, which cause breach of
rules of law and counterbalanced by the sanction of the state.
Before evaluating the concept of cyber crime it is obvious that the concept of conventional
crime be discussed and the points of similarity and deviance between both these forms may
be discussed.
THE FIRST DEFINITION
Cyber crime encompasses any criminal act dealing with computers and networks (called
hacking). Additionally, cyber crime also includes traditional crimes conducted through the
Internet. For example; hate crimes, telemarketing and Internet fraud, identity theft, and credit
card account thefts are considered to be cyber crimes when the illegal activities are
committed through the use of a computer and the Internet.
THE SECOND DEFINITON
Cybercrime is criminal activity done using computers and the Internet. This includes
anything from downloading illegal music files to stealing millions of dollars from online
bank accounts. Cybercrime also includes non-monetary offenses, such as creating and
distributing viruses on other computers or posting confidential business information on the
Internet.
Perhaps the most prominent form of cybercrime is identity theft, in which criminals use the
Internet to steal personal information from other users. Two of the most common ways this is
done is through phishing and pharming.
Both of these methods lure users to fake websites (that appear to be legitimate), where they
are asked to enter personal information. This includes login information, such as usernames
and passwords, phone numbers, addresses, credit card numbers, bank account numbers, and
other information criminals can use to "steal" another person's identity. For this reason, it is
smart to always check the URL or Web address of a site to make sure it is legitimate before
entering your personal information.
THE SCOPE OF CYBER CRIME
Because cybercrime covers such a broad scope of criminal activity, the examples above are
only a few of the thousands of crimes that are considered cybercrimes. While computers and
the Internet have made our lives easier in many ways, it is unfortunate that people also use
these technologies to take advantage of others. Therefore, it is smart to protect yourself by
using antivirus and spyware blocking software and being careful where you enter your
personal information.
A generalized words referring to the cyber crime may be unlawful acts wherein the
computer is either a tool or target or both. The computer may be used as a tool in the
following kinds of activity regarding to the scope of cyber crime such as: -
i) financial crimes
ii) sale of illegal articles
iii) pornography
iv) online gambling
v) intellectual property crime
vi) e-mail spoofing
vii) forgery, cyber defamation viii) cyber stalking
The computer may however be target for unlawful acts in the following cases, such as: -
i) Unauthorized access to computer
system or computer networks.
ii) theft of information contained in
the electronic form
iii) e-mail bombing
iv) data didling
v) salami attacks
vi) logic bombs
vii) Trojan attacks
viii) internet time thefts
ix) web jacking
x) theft of computer system
xi) Physically damaging the computer system.
CLASSIFICATION OF CYBER CRIMES
It can be classified into 4 major categories which are: -
1) Cyber crime against Individual
2) Cyber crime Against Property
3) Cyber crime Against Organization
4) Cyber crime Against Society
1) Cyber crime against Individual
i) Email spoofing
A spoofed email is one in which e-mail header is forged so that mail appears to originate
from one source but actually has been sent from another source
ii) Spamming
Spamming means sending multiple copies of unsolicited mails or mass e-mails such as
chain letters.
iii) Cyber Defamation
This occurs when defamation takes place with the help of computers and / or the
Internet. The example is someone publishes defamatory matter about someone on a
website or sends e-mails containing defamatory information.
iv) Harassment & Cyber stalking
Cyber Stalking Means following the moves of an individual's activity over internet. It
can be done with the help of many protocols available such at e- mail, chat rooms, user
net groups.
2) Against Property:
i) Credit Card Fraud (CCF)
CCF is a wide-ranging term for theft and fraud committed using a credit card or any
similar payment mechanism as a fraudulent source of funds in a transaction. The purpose
may be to obtain goods without paying, or to obtain unauthorized funds from an account.
Credit card fraud is also an adjunct to identity theft.
ii) Intellectual Property crimes
These include Software piracy: illegal copying of programs, distribution of copies of
software.
iii) Copyright infringement:
Copyright infringement is the unauthorized or prohibited use of works under copyright,
infringing the copyright holder's exclusive rights, such as the right to reproduce or
perform the copyrighted work, or to make derivative works.
iv) Trademarks Violations
Trademark infringement is a violation of the exclusive rights attaching to a trademark
without the authorization of the trademark owner or any licensees (provided that such
authorization was within the scope of the license).
v) Theft of computer source code
Computer source code is the most important asset of software companies. Simply put,
source code is the programming instructions that are compiled into the executable files
that are sold by software development companies. As is expected, most source code
thefts take place in software companies.
iii) Internet time theft
Internet time theft is the usage of the Internet hours by an unauthorized person which is
actually paid by another person.
3) AGAINST ORGANIZATION
i) Unauthorized Accessing of Computer
The Example is accessing the computer/network without permission from the owner. It
can be of 2 forms:
a) Changing/deleting data - Unauthorized changing of data.
b) Computer voyeur - The criminal reads or copies confidential or proprietary
information, but the data is neither deleted nor changed.
ii) Denial of Service
When Internet server is flooded with continuous bogus requests so as to denying
legitimate users to use the server or to crash the server.
iii) Computer contamination / Virus attack
A computer virus is a computer program that can infect other computer programs by
modifying them in such a way as to include a (possibly evolved) copy of it. Viruses can be
file infecting or affecting boot sector of the computer. Worms, unlike viruses do not need
the host to attach themselves to.
iv) Email Bombing
Sending large numbers of mails to the individual or company or mail servers thereby
ultimately resulting into crashing.
v) Salami Attack
When negligible amounts are removed & accumulated in to something larger. These
attacks are used for the commission of financial crimes.
vi) Logic Bomb
It’s an event dependent programmed, as soon as the designated event occurs, it crashes the
computer, release a virus or any other harmful possibilities.
vii) Trojan Horse
An unauthorized program which functions from inside what seems to be an authorized
program, thereby concealing what it is actually doing.
viii) Data diddling
This kind of an attack involves altering raw data just before it is processed by a computer
and then changing it back after the processing is completed.
4) AGAINST SOCIETY
i) Forgery
currency notes, revenue stamps, mark sheets etc can be forged using computers and high
quality scanners and printers.
ii) Cyber Terrorism
Use of computer resources to intimidate or coerce other.
iii) Web Jacking
Hackers gain access and control over the website of another, even they change the content of
website for fulfilling political objective or for money.
CYBER CRIME IN USA
The Internet Crime Complaint Center (IC3) was formed in May, 2000 as a joint venture between
the FBI, the National White Collar Crime Center and a branch of the US Department of Justice.
Since its formation, the IC3 has fielded hundreds of thousands of cybercrime complaints through
its website (www.ic3.gov) from citizens and industry. Complaints are stored in a centralized
database for access by local, state, and federal investigators. Through this means, patterns in
complaint types, perpetrators, popular scams and complainants can be identified. Many of these
cases have resulted in prosecution.
In 1999, President Clinton brought about the Working group on Unlawful Conduct on the
Internet to talk about unlawful conduct in regards to the Internet, and to prepare a report on
issues such as: To what degree do the current Federal laws allow prosecution and investigation
on unlawful Internet conduct, how much will new technology help law enforcement to
investigate and prosecute unlawful Internet acts, to what extent are we able to help parents,
teachers and other people get the tools they need to help reduce the chances of unlawful Internet
conduct.
Some of the many crimes that are regularly committed with the facilitation of the Internet are
child pornography, fraud, the sell and purchase of illegal guns or drugs, or other material that are
protected by copyright. In the worst cases, cyber crimes can result in child abduction and
molestation, and physical harm to victims. These heinous crimes have forced lawmakers and
legislators to look long at hard at the state of crimes in relation to the Internet, and what laws are
in effect to protect and prevent such crimes from harming those at risk.
The 2009 edition of the Internet Crime Report (www.ic3.gov/media/2010/100312.aspx) reveals
a continuing upward trend in domestic cybercrime, as well as an increase in those cases referred
to law enforcement agencies:
In 2009, the most common scam was that of e-mails purportedly sent by the FBI in order to
extort information from a targeted individual. Another scam involved US Attorney General Eric
Holder (www.fbi.gov/cyberinvest/escams.htm).
Other scams included: -
- Non-delivered merchandise
- Payment Advance fee fraud
- Identity theft and overpayment fraud
Other trends in 2009 included hitman scams, astrological reading frauds, economic and job-site
scams, and fake pop-up ads for anti-virus software. Most telling for 2009 was the substantial
18.2% increase in complaints (over 2008) and the 52.7% increase in online fraud losses. Some
conclusions may be drawn from these recent statistics on-line fraud shows no sign of abating,
fraud losses continue to increase at a dramatic rate and an awareness of the IC3 website may be
growing – which is a good thing.
As always, when conducting transactions over the Internet, deal only with reputable vendors and
trustworthy individuals. Please do not open e-mails or attachments from entities you do not
recognize.
CYBER CRIME IN MALAYSIA
Cybercrime is increasing at an alarming rate worldwide with more than a million people
becoming victims every single day, according to the Norton Cybercrime Report 2011. The
victims of cybercrime also paid dearly with a total loss of US$388bil (RM1.21bil) to -
cybercriminals in 2010. The cybercrimes don’t only cost victims financially but emotionally too.
On average, it takes 10 days for a victim to recover from a cybercrime and it can be emotional
too considering the amount of data they lose. However, victims could have saved themselves
money and regret as the type of cybercrimes they fell victim to was preventable.
A report found that the most common type of cybercrimes is malware, scams and threats -
targeted at mobile devices. However many people tend to underestimate the dangers of online
crime thinking that it will happen to everyone else but themselves. The survey found that seven
out of 10 adults thought they would more likely be a victim of physical crime rather than an
online crime.
This is a lingering attitude users have when they are offline and it gets replicated when they are
online. The report also found that men, particularly those in the generation Y demographic, are
most likely to become victims of cybercrimes. Men spend more time online and do more
dangerous activities. The report also stated that more men watch adult content, gamble and
participate in online dating sites compared to women. All these are social engineering
techniques and it’s quite easy to fall victims to such tactics.
Although Malaysia wasn’t in the list of countries studied in the report, Malaysia’s cyberspace
police, Cybersecurity Malaysia said the findings are representative of the Malaysian threat
landscape. It is the same environment, so whatever that is happening in the world will definitely
affect us the same way. The Cybersecurity Malaysia chief executive officer, Lt Col (Rtd) Prof
Datuk Husin Jazri was quote that Malaysian cyber threat landscape is no less alarming with over
10,000 cases reported every month up till August 2011. For 2010, Cybersecurity Malaysia
received over 8,000 reports about cybercrime via its cyber999 hotline. Its Cyber Early Warning
System has also detected over 5,000,000 security threats up until August.
Given the increasing amount of cyber threats, there is a need for more proactive measures to
prevent more Internet users from becoming cybercrime victims and it will take more than
reviewing or improving current Cybersecurity laws. Amending laws take time and it is slower
than the prevailing problem. We need to intensify education and awareness efforts to educate
users on Internet risks. Cybersecurity Malaysia is open to the idea of working with security
solution providers like Symantec to come up with Cybersecurity awareness programmes.
Cybersecurity Malaysia already has a list of home-made security tools such as DontPhishMe,
DNSwatch and MyPHPiPs that protects users from cybercriminals which can be downloaded for
free. It is also working on establishing a Cyber Clinic which will offer an extensive list of
Cybersecurity services to computer users. The clinic is expected to be ready before the end of
the year.
CYBER CRIMES CASES IN USA
Case 1 : Operation Ghost Click busts cybercrime ring that hit 4m computers
A sophisticated internet fraud ring that infected four million computers in 100 countries over
five years and allowed criminals to manipulate people's web browsing and online advertising has
been dismantled.
The FBI announced six Estonian internet players have been arrested and charged after a two-
year investigation code-named Operation Ghost Click. It will seek to extradite them to face
charges in the US. A seventh man is still at large. According to the FBI's New York assistant
director in charge Janice Fedarcyk, the fraud began in 2007 when the cyber criminals started
using DNSChanger malware to infect computers in homes, businesses and government
agencies, including some at NASA.
The malware hijacks search links and causes users to be re-directed to web pages and
advertisements that appear related to their original search but generate advertising revenue for
the criminals, not legimate publishers.The FBI estimates the cyber thieves pocketed
US$14million ($13.8 million) in illicit advertising fees which were paid by unsuspecting
companies thinking their ads were appearing on legitimate sites.
The malware also disabled anti-virus programs, allowing computers to be further infected with
other trojans, Fedarcyk said in a statement. Microsoft alerted to the problem earlier this year as a
result of its investigations into click-fraud and their proponents' links with spam botnets. Botnets
are networks of infected computers at the command of cyber criminals.
Richard Boscovich, former US federal prosecutor, now senior attorney at the Microsoft Digital
Crimes Unit, told this writer the unit's investigations had found 25 per cent of all click-throughs
were fraudulent. Boscovich said bot masters were on-selling spare botnet capacity to automate
click-fraud and distribute links to malware-laden websites. He estimated this to equate to
US$6.5billion out of the total online ad expenditure in the US alone.
The FBI named the gang members as Vladimir Tsastsin, 31, Timur Gerassimenko, 31, Dmitri
Jegorov, 33, Valeri Aleksejev, 31, Konstantin Poltev, 28, and Anton Ivanov, 26, all Estonian
nationals, plus Andrey Taame, Russian, 31, who remains at large. According to security writer
Brian Krebs, Tsastsin is the owner of several internet companies, that have been associated with
the malware community for years.
Case 2 : Feds net 100 phishes in biggest cybercrime case ever
By Dan Goodin in San Francisco 8th October 2009
US and Egyptian authorities have charged 100 people with conducting a phishing operation that
siphoned at least $1.5m from thousands of accounts belonging to Bank of America and Well
Fargo customers. Fifty-three defendants from California, Nevada and North Carolina were
named in a federal indictment unsealed Wednesday.
Operation Phish Phry, as the case was dubbed, marks the first joint cyber investigation between
law enforcement agencies in those two countries. The case was filed in federal court in Los
Angeles. According to the indictment, the Egypt-based defendant’s phished individuals' personal
information and then used it to access victims' bank accounts. The phishers then worked with
their counterparts in the US so money could be transferred into fraudulent accounts created
specifically to receive the stolen funds.
The ring leaders were named as Kenneth Joseph Lucas, Nichole Michelle Merzi and Jonathan
Preston Clark, all of California. They directed dozens of "runners" to set up the accounts that
would receive the stolen loot. A portion of the funds were wired to the individuals in Egypt who
originated the scam. Other defendants were located in Nevada and North Carolina.
Each defendant named in the 51-count indictment is charged with conspiracy to commit wire
fraud and bank fraud. If convicted, each faces a maximum penalty of 20 years in federal prison.
A handful of defendants were charged with additional felonies, including bank fraud, aggravated
identity theft, conspiracy to commit computer fraud and domestic and international money
laundering.
The operation is an object lesson in the scale and coordination found in today's professional
phishing operations. The charges are the result of an investigation that began in 2007, when FBI
agents identified criminal enterprises targeting US financial institutions.
CYBER CRIMES CASES IN MALAYSIA
The crimes comprised dissemination of lies, misuse of information, defamation, sedition and
pornography. The Malaysia government said investigations were carried out under Section 211
and 233 of the Communications and Multimedia Act 1998 (Act 588) which provided a jail term
not exceeding a year, or a fine up to RM50,000, or both, upon conviction..
Last year, 582 investigation papers were opened and probed, 422 of which were under Section
211 and 233 of the act. Apart from the act, those found to have abused the internet can also be
charged under the Banking and Financial Institutions Act 1989, Capital Markets and Services
Act 2007, Sedition Act 1948, Defamation Act 1957 or even under the Penal Code.
Besides taking the culprits to court, the Malaysian Communication and Multimedia Commission
(MCMC) will also block the access to phishing, fraud, illegal investment and pornography
websites. The MCMC had also set up a bureau to receive complaints to identify and probe those
responsible for providing and disseminating such content.
Case 1
Kuantan police Chief ACP Mohd Jasmani Yusoff said the latest case involved a female student
who was cheated in a transaction involving 20 units of iPhone 4 through a website and involved
losses of RM10, 400. The student banked in some cash gradually into an account given by the
suspect from July 24 until last Friday and once the payment had been made, the suspect was
unreachable while the phone line was also terminated. The police said the syndicates involved
were difficult to be traced as they changed phone numbers frequently.
Case 2 : RM65mil cyber fund fraud case the first in Malaysia
Sat, Mar 01, 2008
A 47-year-old "cyber fund manager" who has been operating without a licence became the
country's first man to be charged in a court for an Internet investment scam involving RM65mil.
Phazaluddin Abu, who is also a general manager of a computer company, claimed trial to the
charge. He was said to have held himself out as a fund manager, through the Internet website
www.danafutures.com, without holding a fund manager's licence. Phazaluddin is accused of
committing the offence at Affiliate Shoppers Network at No.14 first floor of Jalan Opera C in
Shah Alam between Jan 3 and June 22 last year.
If convicted, he can be fined a maximum of RM1mil or jailed up to 10 years under Section 15C
of the Securities Industry Act 1983. Lead prosecutor Syed Mohd Naqib Syed Taha, from
Securities Commission (SC), asked the court to deny bail saying that the offence was non-
bailable and that the offence was related to an Internet scam where the accused managed
investment portfolios.Syed Mohd Naqib said that more than 100 Malaysians had invested
RM65mil over a period of three months.
The website offered investments of between US$25 and US$1000 (RM80 and RM3,194) for
100 days, with daily interest returns from 2.2% to 3.15% (for each investor)," he told Sessions
Court judge S.M. Komathy Suppiah. (The website was shut down on June 22 last year.)
SUGGESTIONS
Consensus Reached For Precise Mechanism To Combat Cyber Crime
Government has to play bigger role in combating the cyber crime. So, Malaysia also has step
ahead in combating and tackling this issue. A consensus has been reached to formulate a precise
international network mechanism to combat cyber crime.
The Malaysia’s Minister of Information, Communications and Culture, Datuk Seri Dr Rais
Yatim said the consensus was reached at the two-day London Conference on Cyberspace. The
conference resolved that international cooperation and a global network have to be established,
and the mechanism will be worked out at other official meetings. It can also be concluded that
the conference has got the world to agree that there must be a collaborative effort to tackle cyber
crime at the national, regional or international levels
The security aspects should also be brought to the attention of the international community so
that a clear mechanism could be formulated pertaining to the sharing of intelligence and
important data for future cooperation. The Ministers also a consensus was also reached to
establish cooperation and a network between governments and the private sector engaged in the
cyber industry.
The Malaysia government would propose to the telecommunications industry players in
Malaysia to establish a close network with the government to enable Malaysia to maintain its
sovereignty and enforce its laws with the support of the international community. And, to well
said Malaysia's contribution in combating terrorism and tackling cyber security issues have
captured the world's attention.
CONCLUSIONS
There No Free Lunch
To all Malaysians, the have to be very aware about the cyber crime issue. English proverb well
said that there is for sure no free lunch in this world. Most of the people that fell into cyber
crime victim was the one that eager to become rich in short way. The internet scam product or
scam just happened every day. Most of them having the same method of lies, different only on
the web page and the interface but the modus operandi almost same.
So, to all Malaysian, be sure and prepare not to fell into cheat trick to become rich or to get
branded product in cheap price. Once you find some suspicious activity or tricky offer, almost
get into MCMC or Cybersecurity, so that, they can initiate investigation and make sure other
will not fell into the same trick.
(3500 Words)
REFERENCES
http://chmag.in/article/jun2010/source-code-theft-law
http://www.cyberlawdb.com/main/india/cyber-crime-law/64-source-code-theft
http://abcnews.go.com/Technology/wireStory?id=13843124
http://cybercrimes09.blogspot.com/
http://www.techterms.com/definition/cybercrime
http://www.crimeusa.com/Cyber_Crimes.html
http://www.lawyersclubindia.com/articles/Classification-Of-CyberCrimes--1484.asp
www.techterms.com/definition/cybercrime
www.webopedia.com/TERM/C/cyber_crime.html
www.techterms.com/definition/cybercrime
