CYBER CRIME

CYBER CRIME

Perpetration and Prevention



Overview:

Recent and anticipated changes in technology arising from the convergence of communications and computing are truly breathtaking, and have already had a significant impact on many aspects of life. Banking, stock exchanges, air traffic control, telephones, electric power, health care, welfare and education are largely dependent of information technology and telecommunications for their operation. We are moving towards the point where it is possible to assert that everything depends on software.

This exponential growth, and the increase in its capacity and accessibility coupled with the decrease in cost, has brought about revolutionary changes in every aspect of human civilization, including crime.

The increased capacities of information systems today come at the cost of increased vulnerability. Information technology has begun to produce criminal opportunities of a variety that the brightest criminals of yore couldn’t even begin to dream about.

The new breed of crime, which is either perpetrated using computers, or is otherwise related to them, is broadly termed as Cyber Crime.


Varieties of Cyber Crime:



1. Theft of Information Services
2. Communications in Furtherance of Criminal Conspiracies
3. Telecommunications Piracy
4. Electronic Money Laundering
5. Electronic Vandalism and Terrorism
6. Sales and Investment Fraud
7. Illegal Interception of Telecommunications
8. Electronic Funds Transfer Fraud


Theft of Information Services:

The ‘phone phreakers’ of three decades ago set a precedent for what has become a major criminal industry. Here the perpetrators gain access to the PBX board of an organization, and make their own calls or sell call time to third parties.


Communications in Furtherance of Criminal Conspiracies:

Just as legitimate organizations use the information networks for record keeping and communication, so too are the activities of criminal organizations enhanced by the advent of information technology.

There is evidence of information systems being used in drug trafficking, gambling, money laundering and weapons trade just to name a few.


Telecommunications Piracy:

Digital technology permits perfect reproduction and easy dissemination of print, graphics, sound, and multimedia combinations. This has produced the temptation to reproduce copyrighted material either for personal use or for sale at a lower price.


Electronic Money Laundering:

For some time now electronic funds transfers have assisted in concealing and moving the proceeds of crime. Emerging technologies make it easier to hide the origin and destination of funds transfer. Thus money laundering comes to the living room.

Electronic Vandalism and Terrorism:

All societies in which computers play a major role in everyday life are vulnerable to attack from people motivated by either curiosity or vindictiveness. These people can cause inconvenience at best and have the potential to inflict massive harm.

Sales and Investment Fraud:

As electronic commerce or e-commerce as it is called becomes more and more popular, the application of digital technology to fraudulent crime will become that much greater.

The use of telephones for fraudulent sales pitches or bogus investment overtures is increasingly common.

Cyberspace now abounds with a wide variety of investment opportunities, from traditional securities such as stocks and bonds to more exotic opportunities like coconut farming.

Fraudsters now enjoy access to millions of people around the world, instantaneously and at minimal cost.


Illegal Interception of Information:

Developments in telecommunications as well as data transfer over the net have resulted in greater speed and capacity but also greater vulnerability. It is now easier than ever before for unauthorized people to gain access to sensitive information.

Electromagnetic signals emitted by a computer, themselves can now be intercepted.

Cables may act as broadcast antennas.

To add to this no existing laws prevent the monitoring of remote signals from a computer.

Under the circumstances information is more and more vulnerable to unauthorized users.

Methods of Perpetration:

1. Unauthorized access
2. E-mail bombing
3. Data diddling
4. Salami attack
5. Internet time theft
6. Logic bomb
7. Virus/Worm attack
8. Trojan attack
9. Denial of service attack
10. Distributed denial of service attack
11. E-mail spoofing
12. Intellectual Property Crime
13. Cyber stalking


Unauthorized access (cracking, not hacking):

Unauthorized access also known as cracking as opposed to hacking, means gaining access to a system without permission of the users or without proper authority.

This is generally done either by faking identity, or by cracking access codes.


E-mail bombing:

This means sending a large number of mails to the victim resulting in the victims mail account (in case of individual) or server (in case of corporations) crashing.


Data diddling:

This kind of attack involves altering the raw data before it is processed by a system and re-altering it after processing.

Salami attack:

This is generally used to commit financial crimes. Here the key is to make the alteration so small that in a single case it would go unnoticed. For example a bank employee deducts five rupees from every customers account. The individual customers are unlikely to notice this small change but the employee will make a significant earning.


Internet time theft:

This connotes the usage by an unauthorized person of Internet time paid for by someone else.


Logic Bomb:

This is an event dependent program. This implies that this program is created to do something only when a certain event occurs (e.g. the Chernobyl virus)


Virus/Worm attack:

A virus is a program, which attaches itself to another file or a system and then circulates to other files and to other computers via a network. They usually affect computers by either altering or deleting data from it.

Worms on the other hand do not interfere with data. They simply multiply until they fill all available space on the computer.


Trojan attack:

A Trojan is a program, which appears to be something useful but under the disguise of a useful program causes some damage.


Denial of service attack:

This involves flooding the computer resource with more requests than it can handle.

This causes the resource to crash, thereby denying the authorized users the service.

Distributed denial of service:

This is a denial of service attack in which the perpetrators are more than one in number and geographically displaced. It is very difficult to control such attacks.


E-mail spoofing:

A spoofed email is one, which appears to originate from one source but actually originates from another.

Intellectual property crime:

This is a crime, which involves the unauthorized copying and distributing of copyrighted software. Software piracy is an example.


Cyber stalking:

This involves following a person on the Internet and causing harrassment.

Prevention methods:

1. Firewalls
2. Frequent password changing
3. Safe surfing
4. Frequent virus checks
5. Email filters

Firewalls:

These are programs, which protect a user from unauthorized access attacks while on a network. They provide access to only known users, or people who the user permits.


Frequent password changing:

With the advent of multi-user systems, security has become dependent on passwords. Thus one should always keep passwords to sensitive data secure. Changing them frequently, and keeping them sufficiently complex in the first place can do this.

Safe surfing:

This is a practice, which should be followed by all users on a network.

Safe surfing involves keeping ones e-mail address private, not chatting on open systems, which do not have adequate protection methods, visiting secure sites. Accepting data from only known users, downloading carefully, and then from known sites also minimizes risk.

Frequent virus checks:

One should frequently check ones computer for viruses and worms. Also any external media such as floppy disks and CD ROMS should always be virus checked before running.

Email filters:

These are programs, which monitor the inflow of mails to the inbox and delete automatically any suspicious or useless mails thus reducing the chances of being bombed or spoofed.

Case studies:

The following are examples of cybercrime committed in the last few years, which gained notoriety among the electronic community.

Legion of Doom (LOD):



Members:

Franklin Darden a.k.a The Leftist, Adam Grant a.k.a The Urvile , Robert Riggs a.k.a The Prophet)



Arrested: July 21, 1989



Charged: 1989



Convicted:1990



Crime:

Cracking into Bell South's Telephone (including 911) Networks - possessing proprietary BellSouth software and information, unauthorized intrusion, illegal possession of phone credit card numbers with intent to defraud, and conspiracy. From the Government's Sentencing Memorandum: "BellSouth spend approximately $1.5 million in identifying the intruders into their system and has since then spent roughly $3 million more to further secure their network."



Sentences:

Frank Darden (24): 14 months, Adam Grant (22): 14 months, Robert Riggs (22): 21 months. Collectively ordered to pay $233,000.00 in restitution.


Masters Of Deception (MOD) :

Members:

Mark Abene a.k.a Phiber Optik and Il Duce, Eli Ladopoulos a.k.a. Acid Phreak, Paul Stira a.k.a. Scorpion, John Lee a.k.a Corrupt and John Farrington, Julio Fernandez a.k.a. Outlaw )



Arrested: 1992



Charged: July 1992



Convicted: July 1993



Crime:

Multiple computer hacking related charges including conspiracy, wire fraud, unauthorized access to computers, unauthorized possession of access devices, and interception of electronic communications. Institutions involved included Southwestern Bell, BT North America, New York Telephone, ITT, Information America, TRW, Trans Union, Pacific Bell, the University of Washington, New York University, U.S. West, Learning Link, Tymnet, Martin Marietta Electronics Information and Missile Group, AT&T, Bank of America, and the US National Security Agency. The crime was widely publicized, and resulted in at least one book being written, chronicling the events.


Sentences:

Mark Abene: 12 months + probation and 600 hours of community service John Lee: 6 months + probation

Eli Ladopoulos: 6 months + probation Paul Stira: 6 months + probation

Julio Fernandez cooperated and received no sentence.


Mitnick, Kevin David (alias: Glenn Case):



Arrested: February 15, 1995



Charged: September 26, 1996



Convicted: March 18, 1999



Crime:

From the September 26, 1996 court record: "obtaining unauthorized access to computers belonging to numerous computer software and computer operating systems manufacturers, cellular telephone manufacturers, Internet Service Providers, and educational institutions; and (b) stealing, copying, and misappropriating proprietary computer software" from "Motorola, Fujitsu, Nokia, Sun, Novell, and NEC."



Sentence:

After being incarcerated, awaiting full trial for 4 years, Kevin served 10 additional months and was released on conditional probation - He may not use a computer, cellular phone, or any other Internet device until 2003, nor profit from his crimes in any way. Total time spent in prison for this offense was 4 years, 11 months, and 6 days.



Release Date: January 21, 2000



Previous Conviction:



Arrested: 1989



Charged: 1989



Convicted: 1989



Crime:
Stealing $1 million worth of software from Digital Equipment Corporation, and theft of long distance codes from MCI Sentence:1 year imprisonment with conditional probation thereafter, stating that he could not use a computer or associate with other computer criminals


Conclusion:

With the information highway having entered our very homes, we are all at increasing risk of being affected by Cybercrime. Everything about our lives is in some manner affected by computers. Under the circumstances its high time we sat up and took notice of the events shaping our destinies on the information highway. Cybercrime is everyone’s problem. And its time we did something to protect ourselves. Information is the best form of protection.


Bibliography:

1. Cyber Crime (article), Silicon Times, Vol. 2, Issue 12, December 2002
2. Computer Vulnerabilities, Eric Knight, CISSP, Electronic Edition, March 2000, release 4.
3. An Unofficial Guide to Ethical Hacking, Ankit Fadia, Macmillan India Ltd., 2001
4. The Little Black Book of Computer Viruses, Mark Ludwig, Electronic Edition, American Eagle Publications, 1996