The definition of cybercafé mostly depends upon the purpose of using the term. A limited number of acts against the confidentiality, integrity and availability of computer data or systems represent the core of cybercafé. The word ‘cybercafé‚ itself is not limited to a single definition, and is likely best considered as a collection Of acts or conduct, rather than one single act. Today, criminals that indulge in cyber crimes are not driven by ego or expertise. Instead, they want to use their knowledge to gain benefits quickly.
They are using their expertise to steal, deceive and exploit people as they find it easy to earn money without having to do an honest days work. Cyber crimes have become a real threat today and are quite different from old- school crimes, such as robbing mugging or stealing. Unlike these crimes, cyber crimes can be committed single handedly and does not require the physical presence of the criminals. The crimes can be committed from a remote location and the criminals need not worry about the law enforcement agencies in the country where they are committing crimes.
The same systems that have made it easier for people to conduct e-commerce and online transactions are now being exploited by cyber criminals. Wherever the rate of return on investment is high and the risk is low, you are bound to find people willing to take advantage of the situation. This is exactly what happens in cyber crime. Accessing sensitive information and data and using it means a rich harvest of returns and catching such criminals is difficult. Hence it leads to a rise in cyber crime across the world. CATEGORIES OF CYBER CRIME: Cyber crimes are broadly categorized into three categories.
Each category can use a variety of methods and the methods used vary from one criminal to another. Individual: This type of cyber crime can be in the form of cyber stalking, distributing pornography, trafficking and grooming. Today, law enforcement agencies are taking this category of cyber crime very seriously ND are joining forces internationally to reach and arrest the perpetrators. Property: Just like in the real world where a criminal can steal and rob, even in the cyber world criminals resort to stealing and robbing.
In this case, they can steal a person’s bank details and take Off money; misuse the credit card to make numerous purchases online; run a scam to get naive people to part with their hard earned money; use malicious software to gain access to an organization’s website or disrupt the systems of the organization. The malicious software can also damage software and hardware, just like vandals damage property in the offline world. Government: Although not as common as the other two categories, crimes against a government are referred to as cyber terrorism.
If successful, this category can wreak havoc and cause panic amongst the civilian population. In this category, criminals hack government websites, military websites or circulate propaganda. The perpetrators can be terrorist outfits or unfriendly governments of other nations. CONTEMPORARY In recent past we have observed a vast increase in the availability of computer resources and along with crimes associated with it. When computers and networks came into being in the sass, hacking was done classical to get more information about the systems.
Hackers even competed against one another to win the tag of the best hacker. As a result, many networks were affected; right from the military to commercial organizations. Initially, these hacking attempts were brushed off as mere nuisance as they did not pose a long-term threat. However, with malicious software becoming ubiquitous during the same period, hacking started making networks and systems slow. As hackers became more skillful, they started using their knowledge and expertise to gain benefit by exploiting and victimizing others with contemporary crimes.
The advent of computer technology has brought many kinds of opportunities and some of these, not surprisingly, are of criminal nature. Let’s look at the few contemporary cyber crimes: Bootees: At present bootee networks are one of the most important cyber crime resources as they allow a remote attacker to take control of infected systems and manipulate them in order to execute malicious actions such as spam, distributed denial of service attacks. Bootee came from Robot Network, which means an organized automated army of zombies.
Actually this army consists of large number of compromised computers. A hacker who wants to start a bootee first has to infect other computers. In basic language bots are program which are automated or robotic. In simple context bots refer to those computers which can be controlled from the external source which are programmed in them. Now the attacker gains access to the computers by virus or any miscellaneous code. Most of the times computer are operating normally but they were found as the part of the bootee. Few examples of bootee’s are Zeus/Cabot and butterfly.
Cyber criminals are using bootee’s on banks through Automatic Transfer Systems (TATS) they not only pass stolen information from users accounts but also enable Cyber criminals to instantly carry out financial transactions that could wipe out users’ bank accounts without their knowledge. Cyber criminals used bootee’s to attack the famous website wordless. Cyber Space: Internet and the computer has become an essential part of our lives and both makes our lives much easier but not without a price to pay; the threat from the Cyberspace.
The cloud based services provide attackers with a lucrative target where millions of account details are stored in Cyberspace. Cyber criminals may also use the cloud to spread their mallard using stolen seer accounts. We should also note that cloud based services are accessed through non cloud based device and if the intruder manages to hack into one of these mobile devices that are not very well secured like traditional end point devices he will be able to get into the information where ever it is stored. The best examples for this are the social networking sites like Faceable, Linked, Twitter, Resort and Hi.
As we are increasingly connected by social networks, verbal attacks between communities may be a starting point to a critical situation between communities. Fishing: is a new type of Pushing cam. The term Fishing is a combination of the words “voice” and “Pushing”, and is the voice counterpart to Pushing. In this scam, instead of being directed by e-mail to a Web site the recipient is asked to call an 800 number to an organization which he/she has a relationship with, requesting to verify account and identity.
Because people are used to entering credit card numbers over the phone, this technique can be effective; the fraudsters hope to fool people who know better than to click a link in an unsolicited email that asks for personal information. For people, making the call might seem like he safe thing to do. What they don’t realize is that their call is to be answered by a crook. When the user calls the number, a message is played stating “This is account verification”. Please enter your 16 digit account number. Only the number isn’t to a bank or credit card company, it’s to a Poop phone that can recognize telephone keystrokes.
IIRC Crime: IIRC crime is often overlooked when computer crimes are being discussed. Perhaps when faced with other crimes like hacking or pushing etc, IIRC crime seems to be a little less dangerous. But, this is nothing other than a misconception that has been rough about as a result of people’s lack of information in the matter. Internet relay chats are something many people are familiar with. There are a number of chat rooms dedicated to the purpose of people chatting and communicating from every part of the world.
Needless to say, it is very beneficial and helpful too. People can connect with likened persons from all around the world. This is the reason internet chat relays are so popular too. But with the rising popularity of such chartrooms, IIRC crime has also risen considerably. This includes the illegal distribution or sharing of any kind f data and files. Most of these chats appear completely normal and innocent However, if ones digs deeper, there will often be illegal transactions and exchange Of data found to take place between people.
IIRC crime can also include the harassments, stacking etc. That people, especially women, face online. For example, if one is being harassed or threatened on any such chat room, it can qualify to be IIRC crime. Net Extortion: Net extortion is when an organized group of people (in most cases) seizes various databases of a company, while threatening to cause havoc within its main frame if their demands aren’t met. They also blackmail the company about compromising information of customers in the database, unless large sums of money aren’t transferred as per their demands.
Net extortion is a serious and tricky crime that attackers delve in when they have hacking knowledge of how to break into a company’s framework. The word threatening’ comes into play when the attackers pass comments of shutting down or messing with the framework to destroy information that could lead to losses, and reputation damage. When big companies are involved, their main frame can be compromised if the person in question knows how to hack into their implicated web of firewalls and security codes.
Such cases are only done through a complicated group of individuals that have Internet access to files and codes, where it would prove to be a huge crisis were the information even more sensitive than a regular database. Last year one of the programmers of the WIT (Wallach Innovation Technologies) broke into the company’s security system, changing passwords and access codes that eventually led him to then shut the database, where customers/others of the company weren’t able to access the company’s information system.
The programmer in question was Jerome Wisteria, who emended an amount of $300,000 for him to reveal the changed passwords and codes. The court order against him forced him to give up the information, and got him to avoid disclosing the same to a third party Salami Attacks: A salami attack is when small attacks add up to one major attack that can go undetected due to the nature of this type of cyber crime. It also known as salami slicing/penny shaving where the attacker Uses an online database to seize the information of customers, that is bank/credit card details, deducting minuscule amounts from every account over a period of time.
These amounts eternally add up to large sums of money that is unnoticeable taken from the collective accounts. The victims that take the fall for such acts are usually bank holders, and websites that store account information like Papal. It can be quite scary to have amounts disappear in large portions at once, making it a onetime incident for the company. Therefore for an insider to do this on a regular basis, he/she deducts money slowly in small quantities without having the customer question them.
A salami attack can seem innocent at first, especially if people do not keep track of their finances when it exits in the counts. A lot of people aren’t aware of how money comes and goes and attackers take the advantage for such indifference out of customers. Sale of Narcotics: The illegal selling and trafficking Of drugs online is one Of the many cyber crimes. The illicit sales of narcotic drugs and psychotropic substances through websites have risen making the Internet a major source of drugs for drug abusers.
Many of the drugs are addictive, some are highly potent and their abuse can have fatal consequences. Particular concern is with the ease of availability with which children and adolescents can obtain such drugs, sing the anonymity afforded to them by the Internet. In addition, the quality of medicines purchased illegally through Internet pharmacies and other websites cannot be guaranteed and customers are at risk turning it into a life threatening crime. SQL Injection: A SQL injection attack inserts or injects a SQL query via the input data from the client to the application.
A successful SQL injection can read sensitive data from the database, modify database data (Insert/Update/Diet) execute administration operations on the database such as shutdown the DB’S, recover the content of a given file resent on the DB’S file system and in some cases issue commands to the operating system. SQL injection attacks allow attackers to spoof identity, tamper existing data, causes issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it unavailable and become administrators of the database server.
SQL Injection is Very Common with PH and ASP applications. Advanced Persistent Threats: Advanced Persistent Threats (APT) are computer attacks usually driven by government agencies or terrorist organizations for espionage. The attacking party carefully selects targets based on political, commercial, and security interests. Social engineering is often employed by an APT. Fifth target shows resistance, the attacker will not leave, but rather change strategy and deploy a new type of attack against the same target. The attacker may also decide to shift from an external threat to an internal threat.
APT s are focused on gaining control of crucial infrastructure, such as power grids and communication systems. Automation is used to enhance the power of an attack against a single target and one party owns and controls all hacking roles and responsibilities. The best example for this would be the Stunned Worm created by united States and Israel government which was used to target the Iranian Nuclear Reactor machinery and the other would be Chinese government hacking Google to uncover communications and identity of Chinese dissidents.
Cyber Stalking, Cyber Squatting and Cyber Terrorism: Cyber stalking is a crime in which the attacker harasses a victim using electronic communication, such as e-mail or instant messaging (IM), or messages posted to a Web site or a discussion group. A cyber stalker relies upon the anonymity provided by the Internet which allows them to stalk their victim without being detected. WHOA (Working to Halt Online Abuse), an online organization dedicated to the cyber stalking problem, reported that 58% of cyber stalkers were male and 32% female.
Cyber squatting is the act of registering a popular Internet address usually a company name with the intent Of selling it to its rightful owner. For this we can look into the Real Estate mogul Mr… Donald Trump’s case. Where in he filed a suit for $400,000 against J. Tattoos Young seeking damages for federal cyber squatting. According to the U. S. Federal Bureau of Investigation, cyber terrorism is any “premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents. Unlike a virus or computer attacks like denial of service, a cyber terrorist attack is designed to cause physical violence or extreme financial harm. According to the U. S. Commission of Critical Infrastructure Protection, possible cyber terrorist targets include the banking industry, military installations, power plants, air traffic control centers, and water systems. Cyber terrorism is also referred as electronic terrorism or information war. Cyber stalking, cyber squatting, and cyber terrorism are among the growing number of new computer and Internet-related crimes collectively called as cybercafé.
Distributed denial of service: A distributed denial-of-service attack (Dodos) is an attempt to make a machine or network resource unavailable to its intended users. It generally consists of the efforts of one or more people to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. Dodos typically target sites or services hosted on high-profile be servers such as banks, credit card payment gateways, and even root name servers. The point of sale mallard also attempts to attack the customer’s card information.
This is the main resources for the contemporary crimes. Below is the chart which shows various industries which were hit by cyber crime. MEASURING CYBER CRIME: Everyone knows and agrees that cybercafé affects government, corporations and the public, but to what extent? Thus the need to measure cybercafé has risen. Measurement of cybercafé can be used to inform crime reduction initiatives; to enhance local, national, regional and international responses; to identify gaps in responses; to provide intelligence and risk assessment; and to educate and inform the public.
Many say that collection information on nature and extent of cyber crime is challenging. As per the security experts there seems to be at least four hurdles. Failure to report: Many organizations that have been cybercafé victims do not want to report the problem because they perceive it as bad for business. Self selection bias: Organizations that have not detected losses may be more likely to respond to cybercafé surveys than those that have or those that eve had very public large losses may be more prone to reply than those with moderate unreported losses.
NO standard mechanism for accounting losses: Sometimes downtime is figured into the mix. Sometimes the cost of buying new equipment or upgrades or security services or outside consultants is included in the total. There is no agreement on what and what not to include. Undetected losses: Often organizations are not even aware they have had losses or the full magnitude of the crime is not known. According to the FBI, cybercafé is now more widespread than narcotics, and its techniques are evolving and its targeting has becoming more focused.
The average company’s computer infrastructure is attacked nearly 60,000 times every day. There have been 354 million reported data privacy breaches over the past five years in the United States alone. The below graph shows how much the below listed counties have paid towards the cybercafé loss. This information is been taken from the Norton Symantec report on Cyber crime. Collectively it’s $110 Billions in last 12 months and there are 556 million victims affected and 66% of world hackers are Americans and they are born between 1980 to 2000 period.
It also states that 25% of the cybercafé cases remain unresolved. The above facts were published after interviewing 13,018 adults from 24 different countries. All figures below are in Billions. GLOBAL PRICE TAG OF CYBERCAFÉ ROLE OF LAW: Legal measures play a key role in the prevention and combating of cybercafé. Law is dynamic tool that enables the state to respond to new societal and security challenges. The traditional laws associated with cybercafé do not address new concepts and objects.
In many states laws on technical developments date back to 1 9th century. These laws to a great extent still are focused on physical objects – around which the daily life of industrial society revolved. For this reason, many traditional general laws do not take into account the particularities of information and information technology that are associated with cybercafé and crimes generating electronic evidence. These acts are largely characterized by new intangible objects, such as data or information.
This raises the question of whether cybercafé should be covered by general, existing criminal law provisions, or whether new, computer specific offences are required. The question cannot be answered generally, but rather upends upon the nature of individual acts, and the scope and interpretation of national laws. The Congress responded to the problem of computer crime by enacting several laws. The first federal computer crime statute was the Computer Fraud and Abuse Act of 1 984 (CAFE). Then it was amended in 1 986, 1996, 2001 and 2006.
In the year 1986 Electronic Communications Privacy Act was passed for illegally intercepting stored or transmitted electronic communication without authorization. This was later amended in 1994. Cyber Security Enhancement Act was passed together with the homeland security Act in 2002, it granted sweeping powers to the law enforcement organizations and increased penalties that were set out in the Computer Fraud and Abuse Act. While there is no silver bullet for dealing with cybercafé, it doesn’t mean that we are completely helpless against it.
The legal system is becoming more tech saws and many law enforcement departments now have cyber crime units created specifically to deal with computer related crimes, and of course we now have laws that are specifically designed for computer related crime. While the existing laws are not perfect, and no law is, they are nonetheless a tepee in the right direction toward making the Internet a safer place for business, research and just casual use. As our reliance on computers and the Internet contain uses to grow, the importance of the laws that protect us from the cyber-criminals will continue to grow as well.
SUGGESTIONS TO EVEN OBSTACLES OF LAW ENFORCEMENT: Educating Law enforcement, Security Personnel and Management: Current efforts at training law enforcement personnel to investigate cyber crimes, and the coordination among various law enforcement entities, need to be vigorously improved and expanded. Agency budgeting priorities need to be adjusted to allow for the devotion of adequate resources in this area. If information technology is to play a major part in our future, as it must, then an adequate foundation for a law enforcement posture must be laid.
A variety of computer security training courses are offered for System Administrators, and Computer Security and Information Technology Personnel. Lactate Laws and Train legal Professional Specific to Cyber Crime: There have been some amendments made in the Laws but they are not enough, a separate law for cyber crime has to be formed whenever required and before a new crime rises. Attorneys should be trained in computer crime prosecution and this trend should be pursued by all prosecutorial agencies. It would also be beneficial to identify those judges who are knowledgeable in this area to sit on such cases.
Cyber criminals should be punished based on the number of victims, not the number of acts committed. Thus, if the actions of a cyber criminal affect thousands of people, he should be punished accordingly. State laws should be updated and changed to reflect the havoc the cyber criminal creates. Incentives for Law Enforcement Personnel and Security Personnel: Besides the training of law enforcement it is necessary to ensure that those trained individuals remain with the organization. Too often a governmental agency will provide training to make an individual computer literate only to lose that person to the private sector.
Governmental agencies need to realize such specially trained personnel are a resource worth preserving, either through clearly defined career paths or monetary incentives competitive to the private sector. Taking Advantage of Online Resources: Most of the cyber criminal learn from online resources how to commit cyber attacks. By taking advantage of On-Line Resources available on the Internet, an investigator pursuing a computer crime can find resources to successfully help him catch the perpetrator of the crime. There are many websites easily available for online research.
Cooperation between Federal, State and Local Law Enforcement Personnel: Bureaucratic constraints and concerns over jurisdictional turf need to be overcome to allow complete cooperation. Across the country numerous High Technology Task Forces have been created and have been very successful in combating cyber crimes. Turf issues have to be UT aside and all components of the law enforcement community have to join and share hardware and software resources to combat cyber crimes. Task forces crossing Federal, State, and Local boundaries can pool their budgets and share resources to successfully work with one another.
Cooperation between Law Enforcement and Private Sector: Law Enforcement is slowly catching up in combating cyber crime, it is also crucial to maintain partnership with the private sector to gain confidence and trust among the two. By doing so they can help one another in capturing the criminals In cyberspace.. It must be recognized that the private entity IT security response play a vital role in controlling cyber crime. Accordingly, efforts melts be made to reach out to such individuals to ensure they are adequately trained and aware of proper response techniques.
Electronic Evidence: When dealing with cybercafé the competent investigation authorities, as well as courts, need to deal with electronic evidence. Dealing with such evidence is a challenge but also opens up new possibilities for investigation and for the work of forensic experts and courts. While traditional documents are introduced by handing out the original document in court, digital evidence in mom cases requires specific procedures that do not allow conversion into traditional evidence for example: presenting a printout of files and other discovered data.
Having legislation in place that deals with the admissibility of evidence is therefore seen as vital in the fight against cybercafé. AWARENESS AND PREVENTION: The general public and private businesses have to be aware of the increasing cyber crime and must be educated in reporting cyber crime, just as the way like a general crime such as an assault, burglary, theft, arson, and others. It would be helpful if the cyber crimes could be reported to one specific organization or a telephone number locally which would be interconnected to all other local, state, and federal law enforcement agencies.
This allows the cyber crime to be pursued by the appropriate law enforcement entity. Since cyber crimes normally cross various jurisdictional boundaries, this sharing of data in one computer system would allow all law enforcement agencies to reference the crimes and be able to cross-reference the information to assist one another in solving crimes that exceed jurisdictional boundaries. The human factor is the weakest link in any information security program. Communicating the importance of information security and promoting safe computing is a key in securing a company against cyber crime.
Below are a few best practices: Use a passers that is easy to remember and make sure to use a combination of upper and lower case letters, numbers, and symbols to make it less susceptible to brute force attacks. Try not to use simple dictionary words as they are subject to dictionary attacks for example like a type of brute force attack. Do not share or write down any passerines. Communicate & educate your employees and executives on the latest cyber security threats and what they can do to help protect critical information assets. Do not click on links or attachments in e-mail from entrusted sources.
Do not send sensitive business files to personal email addresses. Have suspicious/malicious activity reported to security personnel immediately. Secure all mobile devices when traveling, and report lost or stolen items to the technical support for remote kill deactivation. Educate employees about pushing attacks and how to report fraudulent activity. Update patches to computers regularly, keep virus guards up to date and follow procedures Employees use of their own computing devices especially smart phones and tablets to access corporate systems should be used for personal purpose only.
CONCLUSION: Today the Cyber criminal is not the normal teenager who experiments with code and IT infrastructure but these criminals are organized, persistent and are after huge sums of money or damaging enemy economies, they engage in Cyber warfare they are also skilled enough to commit the crime run away and never get caught. In-order to counter these threats as an end user patch your computer regularly, keep your virus guard up to date and follow procedures mentioned on security web site.
If It’s a large or a medium scale Company request help from information security experts to look for vulnerabilities into the companies Infrastructure. The future of the Internet is still up for grabs between criminals and normal users. The government still has an important role to play, but most of the prevention needs to be done by commercial entities producing software and those with the ability to stop fraud. Relying on consumer education programs will only affect a percentage of possible victims. The others need to be automatically protected through measures hat do not stress and require considerable participation.