Monday 28 November 2016

Introduction

Chapter 1:Introduction
The definition of computer crime.
Cybercrime, or computer crime, is crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Debarati Halder and K. Jaishankar define cybercrime as: "Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm, or loss, to the victim directly or indirectly, using modern telecommunication networks such as Internet (Chat rooms, emails, notice boards and groups) and mobile phones (SMS/MMS)". Such crimes may threaten a nation's security and financial health. Issues surrounding these types of crimes have become high-profile, particularly those surrounding hacking, copywright infringementchild pornography, and child grooming. There are also problems of privacy when confidential information is intercepted or disclosed, lawfully or otherwise. Debarati Halder and K. Jaishankar further define cybercrime from the perspective of gender and defined 'cybercrime against women' as "Crimes targeted against women with a motive to intentionally harm the victim psychologically and physically, using modern telecommunication networks such as internet and mobile phones". Internationally, both governmental and non-state actors engage in cybercrimes, including espionage, financial theft, and other cross-border crimes. Activity crossing international borders and involving the interests of at least one nation state is sometimes referred to as cyberwarfare.. The international legal system is attempting to hold actors accountable for their actions through the International Criminal Crime.
A report (sponsored by McAfee) estimates that the annual damage to the global economy is at $445 billion; however, a Microsoft report shows that such survey-based estimates are "hopelessly flawed" and exaggerate the true losses by orders of magnitude. Approximately $1.5 billion was lost in 2012 to online credit and debit card fraud in the US. In 2016, a study by Juniper Research estimated that the costs of cybercrime could be as high as 2.1 trillion by 2019.
Most measures show that the problem of cybercrime continues to worsen. However, Eric Jardine argues that the frequency, cost and severity of cybercrime cannot be well understood as counts expressed in absolute terms. Instead, these numbers need to be normalized around the growing size of cyberspace, in the same way that crime statistics in the physical world are expressed as a proportion of a population (i.e., 1.5 murders per 100,000 people). Jardine argues that, since cyberspace has been rapidly increasing in size each year, absolute numbers (i.e., a count saying there are 100,000 cyberattacks in 2015) present a worse picture of the security of cyberspace than numbers normalized around the actual size of the Internet ecosystem (i.e., a rate of cybercrime). His proposed intuition is that if cyberspace continues to grow, you should actually expect cybercrime counts to continue to increase because there are more users and activity online, but that as a proportion of the size of the ecosystem crime might actually be becoming less of a problem.

Chapter 2: History of Computer Crime

Prior to 2000

The very first legislation on a federal level regarding computer crime was the Counterfeit Access Device and Computer Fraud and Abuse Act in 1984. This Act made obtaining financial or credit information through a computer a misdemeanor. Before this Act was put in place, there was not much that could be done for computer fraud. Not only did this Act help fight against computer fraud, but it also acted against the use of computers as a means of inflicting damage on other computing systems. Note that this was a Federal Act, and about half of the states passed similar statutes for greater enforcement. It was around this time in 1984 that there was an organized effort to try to define what exactly constitutes "computer crime" ("Computer Crime").
Despite the new laws, in 1987, a report by Ernst and Whinney found that approximately $3-5 billion is lost each year due to computer crime ("Computer Crime"). The increased money loss can be attributed to the growing accessibility of the Internet, for Internet service providers were starting to develop large customer bases.
A few years later, the Computer Emergency and Response Team at Carnegie-Mellon university found that between 1991 and 1994, the percent of intrusions in the United States increased by a whopping 498%. They also found that the number of individual homes and office locations affected by computer crime went up 702% ("Computer Crime").
To help combat the exploding amount of computer crimes, a new team was formed under the FBI--the National Computer Crime Squad. This team worked exclusively on cases involving computer crime, and between 1991 and 1997, it investigated over two hundred individual cases ("Computer Crime").

Early 2000s

One of the most prominent events in the history of computer crime was the terrorist attack of September 11, 2001. Though this attack was not directly related to computer crime, it led to the creation of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act--the USA PATRIOT Act ("Computer Crime"). This Act gave government agencies an increased ability to crack down on computer crime in the name of intercepting and obstructing terrorism.
In 2002, a survey by the Computer Security Institute found that over 90% of large corporations, including government agencies, reported having security breaches. This data alone demonstrates just how commonplace and effective computer crimes were becoming. The survey also found that in 2002 alone, there was a loss of $455 million attributed to computer crime ("Computer Crime").

2012 and Beyond

By 2012, a large computer security company, Symantec, found that computer crime was costing companies $114 billion per year, a significant increase from that of $455 million from ten years prior. In addition, $274 billion was wasted in lost time due to interferences caused by computer crime (Smith).
With the astonishing amount of money going down the drain, a Bloomberg Government study was performed to figure out how much money would be needed to prevent the cyber security attacks. The study found that big organizations would have to increase the money allotted for computer security from $5.3 billion to $46.6 billion per year. Even then, only 95% of the attacks would be prevented, leaving 5% of attacks entirely unavoidable (Smith). Because of the daunting amount of money required, many companies simply turn a blind eye on investing more in security.
As Joe Lieberman from ID-Conn. has said, "Government has to be able to say, 'You're not doing enough.'" (Smith) Unfortunately, because the majority of networks are owned by private businesses, the government has little control over the implementation of cyber security practices.
To help illustrate the growing problem, Figure 5 shows the spread of how compliant industries currently are in the security of web applications. Notice that Aerospace and Defense, perhaps the most important industry to national security, has the lowest compliance rate as of 2012.

Luckily, a new act, known as the Cybersecurity Act of 2012, has been proposed. This Act would allow the Homeland Security Department to work with organizations to develop security standards. Some companies, however, are demanding that Congress give out rewards and incentives in exchange for increasing security. Other companies do not want any government departments obtaining authority over them (Smith).
Another Act has been proposed, the Secure IT Act, which is very similar to the Cybersecurity Act of 2012. This Act varies in that it does not give Homeland Security any extra authority over the security practices of companies. Instead, the companies would be able to spend money the way they want to for the security practices that work best for them (Smith).

Chapter 3: Related Issues

Some problems of cyber crime and cyber terrorism fighting

The international community has come to new epoch - information society epoch. At present the human activity depends on telecommunication technologies used in almost all fields of people activity (communications, transport, space, power industry, water supplying, finances, trading, science, education, defense, public maintenance of law and order, medicine and so). In 1998 there were connected to Internet only 143 millions of people, but in 2001 the users quantity has reached to 700 millions. Russian Internet segment yet has 6 millions users or so.

Rapid developing of telecommunications and global computer networks has created the reasons, which allow to commit of cyber crimes in the high technologies field more easier. The telecommunication technologies opportunities use by criminal organizations very widely. The typical examples of such kind of crimes are:

- transmitting of crimes collected capitals,
- untaxed financial operations,
- cracks and weapon sales through Internet,
- crimes connections commitment by use of E-mail,
- compromising" spreading,
- theft of passwords and accessing networks codes,
- unlawful information coping, including commercial and confidential one,
- hacker attacks,
- producing and use of cloned personal radio-electronic measures ("similar").

By the way many of these crimes by idea, committing and results may be named as terrorist actions.

Terrorist actions in the cyberspace could be done not only isolated persons or terrorist groups, but one state against another. By that cyber terrorism not differ from other kind of terrorism by nothing. Extremist groups, separatist forces, advocates of ideas, which defy to the universal values intensive use of modern technologies for their idea propaganda and information wars conduction.

So, creating of finding and neutrality of influence on the information technologies is the main task of the society and it law-defense authorities. This understood so in the Russian Federation well.

By the Maine office of special technical measures (M O S T M) of the Russian Department of Interior dates during 2001 year the quantities of committed in the cyber information field crimes on the territory of the Russia increased in 1.5 times or so compared with 2000 year.

The international community realized fully the possibility consequences rate from the cyber criminal thread and there was signed the International Convention of cyber criminal by the representatives of EC countries and also US, Canada and Japan in the November 2001. In the convention the crimes, which committed in the information field or against information resources or with the help of information measures factually ruled as cyber crimes and ruled the approximate list of this crimes:

- Unlawful access to information environment.
- No legal interception of information resources.
- Intervention into containing on the magnetic transmitters information.
- Intervention into the computer system.
- Unlawful use of telecommunication equipment.
- Forgery with use of computer measures.
- Deviousness with use of computer measures.
- Crimes, which connected with considered in the Convention contents actions.
- Crimes, which connected with "child" porno.
- Crimes, which connected with author and related rights breaking.


We think that cyber crime (and cyber terrorism as one of it kind) is the intervention into the telecommunication networks work, functioning in their environment computer programs or no sanctioning modification of the computer dates, leading to disorganization of the very important elements of the state infrastructure and creating of people death danger, causing the significant property loss or coming of other social danger consequences which makes to destroy the social protection, population frightening or influencing to the authorities decisions which profitably for criminals or their unlawful property and(or) other interests satisfaction.

I'll mark that to our mind cyber crime do not limited by crime boards which were committed in the Internet, it spread on all kind of committed in the information-telecommunication field crimes, where information, information resources, information technical could be subject (term) of crime infringes, field where offences has been doing and crime measure or tool.

Information weapon could act selectively, it could be use through trans-board links, that could be cause of source finding impossibility. So information weapon can become an ideal measure for terrorists and information terrorism could become the threat of many states existence, what make the information protection matter the important aspect of national and international protection and this aspect role will be increased. In the foreign countries legislation the cyber terrorist very often named as hacker. The arsenal of both are:

- different attacks kinds which allow to penetrate into the attacked network or intercept of network control
- cyber viruses, including network viruses (worms), which modify and delete of information or block of calculation systems work
- logical bombs- the commands kits , which penetrated into the program and operated at certain conditions for example after certain time period
- "gresian horses ",which allow to do certain actions without poisoned system master (user) knowledge ( at present time widespread the kind of "gresians", which send to its "master" through Internet different information from the spoiled computer, including registered users passwords)
- measures of information exchange suppressing in the networks.


It is no sense to doubt that the new measures will appear soon, as the cyber crimes weapon modified constantly depending from the protection measures which used by computer networks users: when the protection systems become improved, the attack measures become more sophisticated. The main features of cyber crimes are:

- cyber crimes secretiveness
- trans-broadness
- information, information resources, information technique could be the subject ( aim) of crime infringement, the environment when offenses committed and the crime measure or tool
- computer information (crime traces) deleting and changing easiness
- cyber crimes commitment traces kept in the technique facilities memory, in the electro-magnetic field, on the machine transmitters of computer information and occupy an intermediate position between material and ideal traces
- "virtual" traces could not be removed, it is only possible to copy them
- short time of cyber crimes traces keeping on the servers of the telecommunication networks companies-operators
- unique peculiarity - actions immediateness, which directed to the computer information recognizing and persons identification which deal with unlawful activity in the computer networks.


Taking into attention cyber crimes peculiarities there appear the whole technical and juridical problems complex, which connected with absence of:

1. Legislation acts, regulating of criminal-processional actions
2. Specially training staffs (operate and investigate staff, specializing on the discovering and exposing of the crimes in the information-telecommunication field)
3. Necessary technical measures.


Take into consideration some peculiarities of crimes investigation in the computer information field (cyber crimes)

Unlawful access to the computer information (crimes, which committed with regard to computer information situated in the global computer networks or during addressing to them).

There are some unique peculiarities in that crimes investigation with juridical qualification some of unlawful activities. During no sanctioning accessing to Internet there come unlawful regarding to the protected by law information ( commercial secret), which is the users passwords list. May be some society dangerous consequences which could come. In the common circumstance it is the computer network work breaking, including:

- failure in the equipment work, because provider firm equipment designed for the certain users quantities and, of cause, not take into account illegally connected persons. Excessive equipment loading lead to mistakes during dates transmitting and, therefore, to distortion of receiving and sending information; unfounded delays during work
- incorrect information giving out, because there is present registered user name in all protocols.


In addition the binding condition is the saving of computer physical integrity, computers system or their network. If among listed of equipment work faults the computer system physical integrity as the physical object is broken, it is require the add qualification by the paragraphs about anti-property crimes. Among work failure in the chance of access monopoly condition (or static IP address), there happened the information blocking, i.e. other user has not opportunity to enter under so name (address). Besides, during no sanctioning accessing there happened information modification in the Internet network record-statistic database, including information of work time of officially registered user and payment of purchased time.

To say about guilty form, that criminal technical qualification allow to realize unambiguously the society danger of his actions, to foresee the possibility of common danger consequences coming, not to wish but allow these consequences intelligently or take to them indifferently, that demand the premeditated crime commitment.

Crimes investigation committed with regard to computer information positioned in the electronic-calculated machine but not in computer. During crimes investigation committed with regard to computer information positioned in the electronic-calculating machine but not computer as we understand this word classically (such as pager, mobile-phone, cash register and others ), it is necessary to take into attention the next peculiarities. These devices are the microprocessor devices, which are able to record, keep, polish, copy of digital (computer) information . Such devices very often joined in the common network by controller, where the self-devices are the distant network work place, and central controller is the file and communication server. So, on the positioned in the mobile, paging and other communication networks information disseminated as it protected laws as appropriate articles of 28 chapter of Russian Federation CC.

Investigation of crimes which connected with production and/or spreading of harmful programs.

The practice of production and spreading of harmful programs investigation also discovered some peculiarities, which need of explanation. Besides the material compositions of
premeditated crimes in objective side of which included the legally important common dangerous consequences, in the Russian Crime Code there are formal compositions, objective side of which limited by only common dangerous action or inactiveness. There explained by especially high range of common dangerousness that the criminal law pursue enough harshly for the fact of producing, using or spreading of harmful programs for computers, not saying that any consequences will come. In these cases the intent formally is the only awareness of action (inactiveness) common danger and the wish of it committing.

Chapter 4: Analysis and Dissagreement.


When we are talking about a subject as broad as case studies on cyber crime it's helpful to have a clear structure. Since this paper is being presented to the delegates of Southern Regional Workshop On Cyber LAW with an emphasis on "Issues and Challenges in Enforcement". I am focusing on the issue more from a national level although an international perspective for the subject is observed and adopted where relevant. The way I have approached and classified the subject, in better words the taxonomy of this paper can be observed as (1) Crimes that focus on tangible networks and hardware, (2) Fraud & Deceptive Crimes and (3) Online Crimes.

Chapter 5: Recommendation and Conclusion


Here are some of the recommendation on how to prevent users from involved with computer crime:


  • Get the antivirus software, anti-spyware and firewall and do them up to date
  • Don’t reply to spam
  • Don’t open unknown e-mails or attachments from unknown person and company
  • Don’t and never give passwords or private and personal data to unknown e-mails or Web sites
  • When requested to ‘permit’ or ‘reject’ a request access to the Internet, select reject except you are sure about security of the site
  • Be careful while you are shopping online;
  • Get a back up from your P.C information on disks or CDs often
  • Use difficult to guess passwords.
  • Don’t go to access to your computers with strangers
  • Disconnect from the Internet when you do not in use
  • Share these information with your friends and family members.
Chapter 6: Summary and Conclusion

As someone rightly said that “bytes are replacing bullets in the crime world”. The growth of cyber crime in India, as all over the world, is on the rise and to curb its scope and complexity is the pertinent need today. Cyber space offers a plethora of opportunities for cyber criminals either to cause harm to innocent people, or to make a fast buck at the expense of unsuspecting citizens. India’s profile and wealth have risen enormously in the world due to the constructive use of information technology. At the same time, India ranks fifth in the world for cyber crime, according to a report last year by the U.S.-based Internet Crime Complaint Center, a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center. Even under the IT Act, investigations in India are not easy. This is mainly due to the lack of what is called “cyber forensics.” We know that forensic evidence is important in normal criminal investigations. But the collection and presentation of electronic evidence to prove cyber crimes have posed a challenge to investigation and prosecution agencies and the judiciary.


To sum up, India needs a good combination of laws and technology, in harmony with the laws of other countries and keeping in mind common security standards. In the era of e-governance and e-commerce, a lack of common security standards can create havoc for global trade as well as military matters.


Chapter 7: Reference

  • http://people.exeter.ac.uk/watupman/undergrad/boc/index.htm
  • https://solmazp.wordpress.com/2010/08/01/some-recommendation-for-cybercrime-prevention-in-internet/
  • https://computercrimeinfo.com/
  • http://satheeshgnair.blogspot.my/
  • http://knowcybercrime121.blogspot.my/2010/05/conclusion.html

No comments:

Post a Comment