Cyber Crime Against Individuals

Uploaded on 2022-09-12 in Directors Reports

Cyber Crime Against Individuals

Directors Report: This Premium article is exclusive to Premium Subscribers. For unrestricted website access please Subscribe: £5 monthly / £50 annual.

Cyber crime continues to rise in scale and complexity, affecting essential services, businesses, and private individuals alike. 

Cyber crime costs them billions of pounds, causes untold damage, and threatens national security. In many countries, the explosion in global connectivity has come at a time of economic and demographic transformations, with rising income disparities, tightened private sector spending, and reduced financial liquidity. 

At the global level, law enforcement respondents to the study perceive increasing levels of cyber crime, as both individuals and organised criminal groups exploit new criminal opportunities, driven by profit and personal gain. 

Upwards of 80 per cent of cybercrime acts are estimated to originate in some form of organised activity, with cyber crime black markets established on a cycle of malware creation, computer infection, botnet management, harvesting of personal and financial data, data sale, and ‘cashing out’ of financial information. And there has been a significant growth in cyber criminality in the form of high-profile ransomware campaigns over the last few years. 

Breaches leaked personal data on a massive scale leaving victims vulnerable to fraud, while lives were put at risk and services damaged by the WannaCry ransomware campaign that affected the NHS and many other organisations worldwide. 

Tactics are currently shifting as businesses are targeted over individuals and although phishing attacks on individuals are increasing, fewer are falling victim as people have become more alert. Because the distinction between nation states and criminal groups is increasingly blurred, cyber crime attribution is sometimes difficult. 

Many Russian-speaking cyber groups are threatening UK interests, but home-grown cyber criminals are becoming more sophisticated and therefore a rising threat. Although young criminals are often driven by peer kudos rather than financial reward, organised cyber crime groups are motivated by profit.

Cyber criminals may attack individuals through computers or electronic networks and individuals anywhere on the planet are increasingly becoming targets for cyber criminals. 

Information and communications technologies (ICT) have become a crucial element in our day-to-day activities; and lie at the heart of critical infrastructures around the world and key components, particularly in the technologically advanced countries. 

Cyber crime is a criminal activity involving an information technology infrastructure, including illegal access, illegal interception, data interference, system interference, misuse of devices and electronic fraud. Unfortunately, our increased dependence on ICT and the pervasive interconnectivity of our ICT infrastructure exposes us to an evolving spectrum of cyber-threats.

Securing your network against cyber threats can be challenging , but taking care of the basics can go a long way towards keeping hackers out.

The concept of cyber-crime is not radically different from the concept of conventional crime. Both include conduct whether act or omission, which causes breach of rules of local area network and counter balanced by the sanction of law enforcement. Since 2009, nation states have signed 33 multilateral and 30 bilateral agreements on global action against cybercrime. Worldwide, governments and law enforcement agencies are currently in an adaptive phase of understanding how cybercrime affects national economies and drafting an effective legislative response. 

However, the rate at which criminals are adapting their methods to exploit the grey zones of international law and are ahead of nation states' ability to enact and enforce effective laws to criminalise the evolving range of cyber crimes. 

For society to demand an effective legal response, there has to be a minimum level of fear about the criminal act itself and the consequences of the act. Laws and international agreements are difficult to draft because they must take account of criminal acts that have not yet been imagined. 

The legal and technical response to cyber crime calls for a creative yet disciplined partnership between research, the private sector and law makers.

Cyber crimes may affect individuals in different manners like e-mail spoofing, spamming, cyber defamation, phishing, cyber stalking

E-Mail Spoofing     

Email spoofing refers to email that appears to have been originated from one source when it was actually sent from another source. A spoofed e-mail is one that appears to originate from one source but actually has been sent from another source. For example: X has an e-mail address X25@gmail.com. His enemy Z spoofs his email and sends obscene message to all his acquaintances.  Since e-mail appears to have originated from X, his friends could take offence and relationships could be compromised. It involves the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source.

Email spoofing can also cause monetary damage. In an American case, a teenager made millions of dollars by spreading false information about certain companies whose shares he had short sold. 

This misinformation was spread by sending spoofed e-mails, purporting to be from a reputable  news agency to  investors who were informed that the companies were doing very badly. Even after the truth came out the values of the shares did not go back to the earlier levels and thousands of investors lost lot of money.

Spamming    

Spam is unsolicited commercial sent electronically, usually to many people at once, often through mail. Spam generally contains advertising in one or more forms such as offers to sell prescription drugs, stock tips, links to online dating services, pornography web sites, or various business opportunities often of questionable legitimacy. A person who sends spam is called a spammer. Spam is also associated with distribution of malware such as viruses and Trojans. So it is not only an annoyance to the victim but it may also carry malicious code with it by which the computer or computer network of a victim may get corrupted or damaged.

Phishing

Webopedia defines phishing as “the act of sending an e-mail to user falsely claiming to be established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The email directs the user to visit a web site where they asked to update personal information, such as passwords and credit card, social security and bank account number that the legitimate organisation already has. The website however is bogus and set up only to steal user’s information.

The term phishing arises from the use of increasingly sophisticated lures to “fish”for users finished information and passwords.The term “phishing” is commonly believed to have been derived from the old expression “let’s go fishing to see what’s biting!” 

In the technological world of cyber crime, phishing (pronounced the same as “fishing”) by analogy means to cast "digital bait” onto the Internet to see who bill bite. Thus, phishing is a type of social engineering that cyber criminals use when attempting to clause potential victims into revealing confidential informationinformation about themselves or their computer accounts, such as usernames, passwords and financial or bank account numbers.

The damage caused by phishing ranges from loss of access to e-mail to substantial economic loss. This style of identity theft is becoming more popular, because of the ease with which unsuspecting people often divulge personal information to phishers, including credit card numbers and social security numbers.

Cyber Stalking     

Stalking in general terns can be referred to as the repeated acts of harassment. targeting the victim such as following the victim, making harassing phone calls, vandalising victims property, leaving written messages or objects. Stalking may be followed by serious violent acts such as physical harm to the victim and the same must be treated seriously.

Cyber stalking can be defined as the repeated acts of harassment or threatening behaviour of the cyber criminal towards the victim by using Internet services.

The majority of victims are female. Cyber stalking prevalent to be highest amongst victims with a relatively low household income and are more frequently single persons, although nobody is exempt from the threat of stalking. In cyber stalking criminals target victims in three areas:

  • Live chat or Internet Relay Chat (IRT): In which a user talks live online with other users.
  • Message boards and newsgroups: A user interacts with others by posting messages, conversing back and forth.
  • E-mail boxes: A user can write anything on even attach files to the e-mail. Sending electronic viruses, sending unsolicited e-mail and electronic identity theft are quite common manifestations of cyber stalking.

Cyber Defamation

Defamation is an injury done to the reputation of a person published online. Cyber defamation may be carried out through e-mail, spread of malicious gossip on discussion groups or posting of offensive content against a person on a website.

Voyeurism

The Oxford English Dictionary defines a ‘voyeur’ as someone ‘whose sexual desires are stimulated or satisfied by covert observation of the sex organs or sexual activities of the others. Voyeurism means recording a video or capturing a photograph of a victims body.  Normally, dressing rooms, bathrooms in hotels, toilets etc. are the major places where voyeurism can take place. After filming or photographing, the offender uploads them to the Internet or he may transfer those films or photographs to his friends or to somebody else.

Cyber Crime Against Property

Cyber crimes may affect the property of a person. These crimes are usually economic in nature and involve credit card skimming, theft of Intellectual Property and Identity Theft

Credit Card Skimming

Credit Card skimming is the process by which legitimate credit card data is actually captured or copied, usually electronically.  This technique exploits the vulnerabilities of magnetic-stripe technology, present on much credit, debit and other transactions cards. While allowing cards to be programmed with data quickly and easily, it also means that the data can easily be copied.

Intellectual Property Crimes

It mainly involves software piracy and crimes related to domain names.

Software Piracy

It includes illegal use or distribution of software, copying or distributing copyrighted software without license is one kind of piracy.  Software piracy includes end-user piracy, manufacturing piracy, and counterfeiting, even although software is widely  available that can validate the credentials of software publisher and check they are authorised for its distribution.

Domain Name Disputes

A domain  is simply the address of a particular site on the Internet and is not much different from a particular telephone number on the web to communicate with or get access to a specific website; each site must have an address. Cyber squatting is a kind of a cyber crime related to domain names. The term cyber squatter refers to someone who has speculatively registered or has acquired the domain name primarily for the purpose of selling, renting or otherwise transferring the domain name registration to the complainant who is the owner of a mark or service mark. 

As long as a cyber squatter owns the domain name, the trademark owner cannot register his own trademark as a domain name. Thereby, a cyber squatter breaches the right of a trademark owner to use his own trademark.

Internet Identity Theft

This refers to the use by an unauthorised person of the Internet hours paid for by another person. For example, in May 200, the Delhi police arrested an engineer who had misused the login name and password of a customer whose Internet connection he had set up. Identity theft also refers to identity fraud, a criminal act where one individual misrepresents himself by pretending to be someone else. 

This is typically done by illegally using the victim's personal information to open new financial accounts, use existing financial accounts, or do some combination of the two. 

Identity theft may be committed during a  single incident, or it may occur over an extended period of time.
There are many ways in which the offender can obtain personal information about a person to commit identity theft. Some of these are “offline” through physical means, such as when an offender goes through the victim’s trash to find discarded documents such as credit applications and pay stubs. 

Other methods are “online” via computer or the Internet such as when victims respond to phishing ploys and enter personal information on dummy websites set up to look like legitimate ones, or when they volunteer personal information to blogs, chat rooms or social Networking Websites.

Cyber Crime Against Organisations

Cyber crime also affects organisations like banks, service sectors, government agencies, companies and other association of persons. These involve Hacking, Denial of Service, Virus and Worms, E-mail bombing, SalamiAttack, Logic Bomb, Spywares etc.

Hacking

Hacking means unauthorised access to a computer system. It is the most common type of cyber crime committed across the world. The commonly used definition of hacking is breaking into computer systems. Hacking as a cyber crime is the most dangerous to the Internet because it has effect of eroding the credibility of the Internet. 
Hacking creates a perception in the minds of citizens that the Internet is vulnerable and weak. There are four types of hacking which are most prevalent today:

  • For fun as a hobby, mostly by teenagers obsessed with the internet.
  • To damage the business of competitors.
  • With the intention of committing a further offence such as fraud and misappropriation.
  • Penetration testing, where Internet security companies to test their client's resilience against attack.

Denial of Service Attack - DOS & DDOS

Denial of Service (DoS) attacks are cybercrimes in which the primary goal is to deny users of computers or other types of electronic devices access to an information system or its resources. DoS attacks often involve flooding a computer network with massive amounts of data in a brief period of time so that servers cannot keep up with the amount of data being transmitted. The effect is prevention, disruption and minimisation of legitimate network traffic. DoS attacks may also inhibit users from accessing network related applications or services needed.

Another prevalent form of a DoS attack is DDoS also known as Distributed Denial of Service attack where multiple compromised systems flood the bandwidth or resources of a targeted system, usually one or more web servers.

E-mail Bombing

An e-mail bomb is a form of net abuse consisting of sending huge volumes of e-mail to address in an attempt to overflow the mailbox or overwhelm the server. There are two ways of e-mail bombing, mass mailing and list linking. Mass mailing consists of sending numerous duplicate mails to the same e-mail ID list linking consisting of signing a particular e-mail ID up to several subscription. This type of bombing is effective as the person has to unsubscribe from all the services manually.

Salami Attacks

These attacks are used for committing financial crimes. The key here is to make the attention so insignificant that in a single case it would go completely unnoticed. This is called “salami attack” as it is analogous to slicing the data thinly, like salami. For instance, a bank employee inserts a programme into the bank's servers, which deducts a small amount of money (only a few pennies) from the account of every customer. No account holder is likely to notice the individual effect of a small being stolen, whereas the total effect can generate a large sum of money for the perpetrator. 

Logic Bomb

A Logic Bomb is a rogramme, which lies dormant until a specific piece of software code is activated. Logic Bomb is that code of a virus,which waits for some event to occur. When that particular time comes, it bursts and cause considerable damage. It may erase the complete hard disk.’ In this way, a Logic Bomb is analogous to a real-world land mine. The most common activator for a Logic Bomb is a date. The Logic Bomb checks the system date and does nothing until a pre-programmed date and time is reached. At that point, the logic bomb activates and executes its code.

Data Diddling

Data diddling involves changing data prior or during input into a computer. In other words, information is changed from the way it should be entered by a person typing in the data, a virus that changes data, the programmer of the database or application, or anyone else involved in the process of having information stored in a computer file. 
The culprit can be anyone involved in the process of creating, recording, encoding, examining, checking, converting, or transmitting data. This is one of the simplest methods of committing a computer-related crime, because it requires almost no computer skills whatsoever. 

Despite the ease of committing the crime, the cost can be considerable. For example, a person entering accounting may change data to show their account, or that or a friend or family member, is paid in full. By changing or failing to enter the information, they can successfully steal from the company.

Cyber Crimes Against Society

Society is also affected by cyber crimes and these fall in three broad categories:-

  • Pornographic websites, sale of illegal articles, illegal auctions on the Internet are contributing to the  social disorder.
  • Terrorist activities are also taking place using computer or computer networks in the name of cyber terrorism.   overall negative social effect. 

While there is no settled definition of pornography or obscenity. What is considered simply sexually explicit in India may not well be considered obscene in the USA.  There have been many attempts to limit the availability of pornographic content on the Internet by governments and law enforcement bodies all around the world but with little effect. 

Pornography

Internet porn is available in different formats. These range from pictures and short animated movies, to sound files and stories. The Internet also makes it possible to discuss sex, see live sex acts, and arrange sexual activities from computer screens. Well known and popular pornographic sites enable file sharing networks make it amazingly easy for anybody who has an Internet connection to download sexual videos, images and all other related contents. 

Another noticeable and repellent aspect of pornography is ‘child pornography’ that depicts:

  • A minor engaged in sexually explicit conduct.
  • A person appearing to be a minor engaged in sexually explicit conduct.
  • Realistic images representing a minor engaged in sexually explicit conduct.

The easy access to pornographic content enables paedophiles to lure  children by distributing pornographic material and then they try to meet them for sex or to take explicit photographs.

In this way, cyber criminals are taking advantage of the innocence of children to engage them in pornographic acts without their consent.

Because the Internet has no border, no jurisdictions, is highly anonymous, it is a virtual space where anything can happen.

Terrorism

The general meaning of Terrorism involves the use or threat of violence and seeks to create fear, not just within the direct victims but among a wide audience. The US Federal Bureau of Investigation describes terrorism as “the unlawful use of force and violence against persons or property to intimidate or coerce a government, the civilian population, or any segment thereof, in furtherance of political or social objectives.

Cyber terrorism is a phrase used to describe the use of Internet based attacks in terrorist activities, including acts of deliberate, large- scale disruption of computer networks, especially of personal computers attached to the Internet, by the means of tools such as computer viruses.

The National Infrastructure Protection Center (NIPC) is a group of over 100special agents, analysts, and others from the FBI, the Department of Defense, the CIA, the National Security Agency, and other federal departments. The NIPC’s Analysis and Information Sharing Unit has proposed the following definition: Cyber-terrorism is a criminal act perpetrated by the use of computers and telecommunications capabilities. 

This can often result in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda.

Cyber terrorism can be just as dangerous as physical terrorism and can be as destructive as a nuclear weapon if executed in a large scale against major infrastructure targets, 

Carrying out terrorist activities is also quite easy just using computers. And physical presence is also not necessary as it can be done from sitting anywhere in the world through the Internet and computers. As described by Barry C. Collin, who takes credit for coining the term “cyberterrorism” in 1980s, says, “This enemy does not attack us with truckloads of explosives, or with brief cases of Sarin gas, nor with dynamite strapped to the bodies of fanatics. This enemy attacks us with ones and zeros”. Speaking about the effect of the cyber terrorism on a particular country Collins says that, “In effect, the cyber-terrorist will make certain that the population of a nation will not be able to eat, to drink, to move, or to live...  In addition, the people charged with the protection of their nation will not have warning, and will not be able to shut down the terrorist, since that cyber-terrorist is most likely on the other side of the world.”

Conclusion

The nature of cyber crimes requires that there should be an International Cooperation among countries to tackle cyber criminals. Not all the countries are open to become party to that convention and there is no agreement between nations in combating cyber crimes with a uniform approach. 

Further, it can be said that, not only should co-operation operation exist at the international level, it should exist among different states of a particular country also. Every law enforcement agency  should be trained and every country should have proven technology to beat  cyber criminals.

Many countries have inadequate policies for recording  cyber crime in a consistent and comparable format. While a majority of European nations reported that police statistics were able to sufficiently capture cyber crime acts, in all other regions a substantial majority of countries police statistics were not sufficient for recording such cases.

References: 

National Crime Agency: 

Prasad Pednekar:     

Sally Daultrey

Roderic Broadhurst:   

ZDNet:  

ZDNet
 

 

« (ISC)² Makes Cyber Security Careers More Widely Accessible
The Top 4 Cyber Threats - Is Your Business Protected? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CyberSecurityJobsite.com

CyberSecurityJobsite.com

CyberSecurityJobsite.com is a specialist job board designed to attract candidates working within Cyber Security, Information Security or Information Assurance.

Cloud53

Cloud53

Cloud53 specialise in improving operational IT through strategic use of Cloud technologies and services.

StoneFly

StoneFly

StoneFly offers High Availability, high performance cluster and scale out storage, and backup and disaster recovery appliances.

Guardian360

Guardian360

The Guardian360 platform offers unrivalled insight into the security of your applications and IT infrastructure.

Cipher Tooth

Cipher Tooth

CipherTooth is a superior system for delivering secure content over the Internet.

ESNC

ESNC

ESNC’s vulnerability management and real-time SAP security monitoring solutions help largest corporations in the world to effectively prioritize SAP security tasks and secure their business.

BeDefended

BeDefended

BeDefended is an Italian company operating in IT Security and specialized in Cloud and Application Security with years of experience in penetration testing, consulting, training, and research.

Secude

Secude

SECUDE is an established global security solutions provider offering innovative data protection for SAP users.

Chronicle

Chronicle

Chronicle products combine intelligence about global threats in the wild, threats inside your network, and unique signals about both.

Recovery Point Systems

Recovery Point Systems

Recovery Point is a leading national provider of IT secure and compliant infrastructure and business resilience services.

Com Laude

Com Laude

Com Laude is a domain name management company that provides strategic consulting to help companies strengthen digital brand, safeguard customers & protect brand IP.

AgileBlue (Agile1)

AgileBlue (Agile1)

AgileBlue (formerly Agile1) is a managed breach detection company with an Autonomous SOC-as-a-Service for 24×7 monitoring, detection and guided response.

Ipstack

Ipstack

Ipstack offers one of the leading IP to geolocation APIs and global IP database services worldwide. Protect your site and web application by detecting proxies, crawlers or tor users at first glance.

DataStealth

DataStealth

DataStealth is a data protection platform that allows organizations to discover, classify, and protect their most sensitive data and documents.

Evervault

Evervault

Evervault provides engineers easy solutions to complex data security and compliance problems.

Issue53

Issue53

Issue53 is a complete technology solution provider offering Managed IT services, Network Security, Cloud Computing, and Data Backup and Recovery.