Criminal Justice: Cyber Crime Investigation - Research Paper Example

 Cyber Crime Investigation The on growing danger that arises from crimes committed through computers, or against the information stored in computers, has claimed attention in many countries across the globe. In most countries it is found that the existing laws are most likely to be insufficient and are unenforceable against such crimes. Countries where legal coverage or protection is inadequate will be more prone to cyber crime and would be less able in competing with the new economy. As cyber crime increasingly breaches over the national borders, the nations which are perceived as havens of information run the risk of getting their electronic messages blocked by other network (Cyber Crime . . . and Punishment? Archaic Laws Threaten Global Information, 2010, p.3). A few decades back we could only hear about cyber criminals and hackers. A recent third generation of cyber criminals has also emerged in the web world (Wall. 2007, p.3). Headlines of frequent cyber attack forces the industries to enhance their attention in this regard with rapid actions. Apart from these, there are many countless instances of illegal accesses and damages around the world that remain unreported such as the victims fear from the exposure due to several vulnerabilities, the potential threat for copycat crimes, and the loss of public faith and confidence. Cyber criminals have the capability of defying conventional jurisdictional realms in many sovereign nations, by commencing an attack from almost any electronic device like a computer across the world and sending it across multiple computers in different national boundaries. They can also designing attacks that can appear to have originated from foreign sources (Cyber Crime . . . and Punishment? Archaic Laws Threaten Global Information, 2010, p.4). Such techniques eventually increase both the technical as well as legal complexities in investigating and prosecuting the cyber crimes. However, not all cyber crimes are against law or considered unethical as can be the case in police actions and judicial interferences (Wall, 2007, p.3). Types There are instances of cyber crime in many forms. The most common form of cyber crime that has become prevalent today is data theft. Apart from this accessing emails through fake profiles, hacking it unethically, credit card fraud, online share trading fraud, tax evasion and money laundering, source code theft, theft of confidential information, piracy in software, music etc (Real world cyber crime cases, 2008).Let us take an example of cyber crime related to credit card fraud. Over the past twenty years, there were many instances when the banking industry in America was in the limelight because of financial crisis such as the Savings and Loan Scandal and the problem of insider trading that began in the 1980’s. All financial segments across the economy of United States have reported significant losses that were because of economic and computer crime in areas such as in banking, in credit card, health care, insurance, in securities, telecommunications, in intellectual property, computer crime, and in identity theft. Banking In 1997, it was reported by the American Bankers Association that banks had lost $512 million dollars to fraud related with cheques. American Banker, an industry magazine, had predicted that there would be a 25% increase in cheque related frauds over the next one year. Money laundering had increased in over the last decade. As a result of it, global efforts in order to combat this crime have also increased. While it is difficult to estimate the total amount of money laundering worldwide, one model estimated that in the year 1998 it would be nearly $2.85 trillion. The rise in online banking had presented several opportunities for the perpetrators of cyber-economic crime. Funds can be transacted by using wire transfer or an account takeover. Hackers can disrupt e-commerce lines by initiating denial of service attacks and by affecting the system of online banking payments. This is rampant in the financial sector because of the sheer volume in transactions. Identity takeover are also affected by online banking, as the new accounts can be hacked by identity thieves, thus increasing the concerns about the safety and effectiveness of financial institutions (The Growing Global Threat of Economic and Cyber Crime, 2000, p.5). Recently, there have been reports of banking frauds committed through the use of internet application that are present in modern day mobile phones. These applications contain malicious links or websites through which cyber criminals trace confidential banking related information about the person. Credit card business of banks has also been a victim of online cyber crime. According to Meridien Research, an estimated fraud loss in the credit card industry had amounted to $1.5 billion annually, in which $230 million were estimated to have been caused out of online transactions. MasterCard had reported a 33.7% increase in all its fraud cases worldwide from the year 1998 to the year 1999. In the first quarter of 2000, fraud losses had increased by 35.3% in comparison to the last quarter in 1999. VISA had also reported similar trends. It had been also estimated that the fraud losses arising out of online transactions would go beyond $500 million in 2000. The fraudulent uses of credit card activities are in the form of counterfeited, stolen, and not received cards, also account takeover, mail orders and transactions where the message displayed shows that the internet car d is not available (The Growing Global Threat of Economic and Cyber Crime, 2000, p.7). Another case of online banking fraud was reported in Canada where it was found that a virus named Trojan horse had caused theft of thousands of dollars to two customers of the Canadian e- commerce banking system (Reid, 2004). Telecommunications in the banking industry Rapid development in telecommunication and global wired network has created the ways which permits the cyber criminals to engage in cyber crimes in the high technological fields. Some of the typical examples of cyber crimes in telecommunication include transmitting of capitals that are collected by unethical means, untaxed financial transactions, cracks and weapon sales through Internet, crimes connections commitment by use of E-mail, compromising" spreading, theft of passwords and accessing networks codes, unlawful information coping, including commercial and confidential one, hacker attacks, producing and use of cloned personal radio-electronic measures (Snhetilov, 2001).The U.S. Secret Service had estimated that losses in telecommunication fraud exceed by $1 billion annually. Another source estimated the range to be from 3 billion dollar to 12 billion dollars. It is seen that subscription, or cases of identity fraud involved the usage of false or stolen identity cards or credit cards in order to gain free access and anonymity. The wireless industry has always been endemic to cyber fraud with an estimated loss that was expected to touch a staggering $677 million level by 2002. Telemarketing fraud had resulted in the losses to victims of amount going over $40 billion in 1998. In1996, the FBI had estimated that there were almost over 14,000 telemarketing companies that were engaged in fraudulent acts. The usual targets for these cyber criminals are the elderly majority who get very easily victimized (The Growing Global Threat of Economic and Cyber Crime, 2000, p.8). The online criminals extract valuable financial information from these cards and poses as a serious threat to their properties. Other examples of cyber crime Apart from the banking industry almost every industry such as the stock exchanges, air lines, music and films industry as mentioned that includes piracy of original music and films, copyright piracy etc, mobile networks and newspaper industry. There are many attacks in the stock exchanges around the world that have been harmed by cybercriminals. A recent report showed how the Israeli stocks exchange, Tel Aviv Stock Exchange had to be shut down because of threats from the cyber attacks. The attackers had used a DDoS attack that had saturated the resources of the stock exchange web sites in a very short time making the sites inaccessible (Israel under a cyber warfare escalation, 2012). According to the report in Israeli newspaper Haaretz ,the hackers paralyzed the websites in the Saudi Stock Exchange and in Abu Dhabi Securities Exchange. Holding the name of “IDF-Team,” the Israeli hacking team reportedly disrupted the Saudi stock exchange site known as Tadawul which had caused significant delays in the Abu Dhabi Securities Exchange (ADX) (Israeli hackers attack Saudi stock exchange, 2012). Security breach by cyber criminals had also been reported in the NASDAQ stock exchange. The problem of piracy and copyright issues has always been seen in the music and film industry. The industry incurs a huge loss in its revenue because of such online piracy. The cyber infiltrators lure the customers by selling music and film cds at a very minimalistic price of $1 earning high revenue in return. The newspaper industry was rocked by the scandal that broke out after the debacle of Rupert Murdoch. It aw reported that Murdoch’s newspaper News of the World had hacked into the mobile phone of a teenage girl named Milly Dowler who was later found to have been murdered (Rupert Murdoch’s Annus Horribilis, 2012). Cyber crime judicial measures Investigation in cyber crime is not a one man’s job. The government, public body, security networks all must co-ordinate to stop this menace from causing any harm. Various investigating policies have been framed to counter this problem. One such example would be the Canadian Bankers Association's Bank Crime Prevention and Investigation Office (BCPIO). The CBA's BCPIO has been assigned as an investigative body under the federal Personal Information Protection and Electronic. Documents Act that is overseen by the Privacy Commissioner of Canada. The main purpose of BCPIO is to provide protection to the bank customers against any financial crime that would include frauds in credit card and debit card, bank robbery, against counterfeiting, cyber crime, in money laundering, the usage of forged documents and many more (Bank Crime Prevention and Investigation Office, 2011). In America, USA PATRIOT (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism, USAPA), was made legal on October 26, 2001. The act provides for drastic changes in the current laws. Some of the changes seemed logical and absolutely necessary given the current circumstances. For example, the act made it mandatory to increase security in the airports. The Act created new ways by which the government could monitor individuals electronically and gather their private information. Changes in the privacy laws also include provisions such as increased monitoring related with financial transactions, creating a DNA bank to identify terrorists and other criminal offenders, mandatory disclosures before the CIA and FBI regarding information that are obtained in grand jury proceedings etc, changes made in the search warrants in order to provide electronic information, and increased power to the CIA and FBI to monitor individuals. The new act also laid primary focus on significant changes that are to be included in the current laws which would impact informational privacy in the cyber world. USAPA had particularly framed four main methods to introduce cyber surveillance. These are wiretaps, a search warrant, a pen/trap order, and subpoenas. Under the pen register or trap and trace order (pen/trap order) under which they can have access to numbers dialed and received by a particular phone. The government could make use of a subpoena and compel an ISP or any website to release the customer’s name, his address, length of service, and payment methods whether by credit card or direct withdrawal etc. as per the federal wiretap statue, wiretap orders will be required to access the voice mails that are generally stored by a third party provider. Sneak and peek warrant is a warrant where in the government can obtain a warrant and execute it without providing any prior notice or a delayed notice to the target. There are some exceptions in this rule. For example, if there arise a legitimate fear that by giving notice the person’s life might be in danger or would cause the cyber crime suspect to flee, the notice could be delayed. Apart from this there are several acts in USA which provide regulations and policies to counter cyber crimes. These are Cyber Crime Protection Security Act (S. 2111). The Cyber Crime Protection Security Act (S. 2111) would increase the criminal penalties in cyber crimes that are outlawed in Computer Fraud and Abuse Act (CFAA). The offenses include espionage, hacking, fraud, destruction, password trafficking, and extortion that are committed against computers and computer networks. The law featured seven distinct crimes that would be considered as cyber crimes. These include accessing computer system unethically to commit. espionage, trespassing that would include passing of governmental, financial or credit information, trespassing a computer in government premises, committing fraud that would be done by accessing computers in governmental or other areas unethically, damaging an authorized computer, trafficking of passwords and security codes and any form of threat t o harm and damage an authorized computer (Doyle, 2012, pp.2-3). Cyber crime investigation process There are generally five stages in the investigation of cyber crimes. These are crime scene investigations by first responders. 1. Examination of digital evidence. 2. Investigation of the used technology. 3. Investigating the electronic technology crimes. 4. Creating a digital evidence forensic unit. 5. Courtroom presentation of digital evidence (Electronic Crime Scene Investigation: A Guide for First Responders, 2001, p.5). The first step in examining a cyber crime scene would be to examine the crime scene equipments in the form of computers, laptops, CPU. User-created files can contain important evidences of criminal activity such as the address books and the database files that can prove the criminal association, still or moving images that can provide evidences for pedophile activities, and communications between criminals like by e-mail or letters. Users can have the chance to hide evidences in a variety of forms. Such as, they can encrypt a password-protected data that is important to them. They can also hide files in a hard disk or in other files or deliberately hide by incriminating evidence files by using an innocuous name. Evidences can also be found in the files and other data bases that are created in the operating system of the computer (Electronic Crime Scene Investigation: A Guide for First Responders, 2001, p.10). Answering machines can be used to store voice messages and also the information related with time and date. In the context of the crimes committed in the banking industry an inspection on these systems can provide valuable information about the cyber crime and data theft. In the second stage, investigations are carried out in the technologies and software used in the crime act. The hardware and the software, cds, printers, scanners, modem etc need to be examined. There can be non electronic evidences too that can be hidden using these technologies. In respect of the banking industry and the credit and debit card frauds where these are frequently seen now-a-days, forensic examination of these softwares need to done very carefully. The third stage is a rigorous extension of the second stage. The stages mentioned above require a specialized team of people who would have the expertise of handle such matters. Special expertise is required to examine indelible felt tip markers and stick-on labels (Electronic Crime Scene Investigation: A Guide for First Responders, 2001, p.23). These are followed mainly in the financial sectors where customers are often asked to put their signatures and personal information. These can be encrypted by the hackers who can then have the access to all their valuable information. The last stage involves courtroom sessions. It becomes the responsibility of the crime detecting cyber forensic experts who would represent the crime scene, details, evidences and provide their conclusion for the same. To highlight the above stages let us take the example of the hacking incident in the Belgian bank Dexia (Hackers hold bank to ransom with stolen customer data, 2012). The bank had received an anonymous call from a group of hackers who had threatened to publish online the data of customers unless the bank pays them a ransom of €150,000. The bank authorities firstly should inform the cyber cell crime and bring the matter before them. These people would then examine each of its components in t he IT department ranging from its hardware to private software technology. The officials would try to ascertain if any of the information was leaked from its own office computers and other electronic devices. After examining its IT components, the authorities can bring the matter before the court and abide by the judgement. In a case cyber crime in telecommunication in America it was found that there were two satellites that were hacked by the cyber criminals in 2007 and 2008 (Werner, 2012). It was also found that the hackers had created signals that were transmitted to the satellites and used to manipulate their functioning. In such cases too, the forensic cyber crime cell can be called into action. They can examine the IT department, the components, its military equipments etc to detect linkages with the hackers. Pros and cons of the judicial laws There are several positive aspects of the cyber crime investigation and its process. By the use of cyber law, it became easy to access personal information and produces them when required before the court. Personal properties like emails and other information in similar forms like the voice mails can also be accessed by the officials after the enactment of the cyber laws. It also made it possible to digitalize the personal signatures. It also enables the authorities to increase their cyber security. In the case of the banking industry, the customers who are at constant threat of losing their information and money can protect their assets by going by the cyber laws and guidelines. Telecommunication sector can also profit by using the cyber laws as it will provide them with better exposure in dealing with sensitive information. However, there are certain negative features too in this regard. There may be some customers who may be offended by the cyber security process and may consider trespassing and intrusion in their personal data. Also in some societies, information related with financial aspects is not disclosed outside. Another negative aspect of cyber crime investigation is that it often exposes the persons involved in the crime which may be harmful for the people who may not be directly related with it. It can possess a threat to their lives and property. Cyber crime investigation can also make a person believe it to be an intrusion on in his private life and affairs. Conclusion Cyber crime and its investigation process area necessity in today’s time. National governments need to examine the current status to determine if they are sufficient enough to combat with the kinds of crimes committed through the wired technology. Any inadequacy in legal protection will mean that the business community and government has to rely completely on technical methods to protect themselves and their information from the unethical people who would steal it, guarantee access to unauthorized people who would destroy valuable information. Where a gap is detected, governments should try to draw the best practices using technology from other countries and co-operate closely with the industries to enact enforceable and well established legal protections acts against such new crimes. The cyber criminals are undeterred by the fear of arrest or prosecution as it is quite difficult to trace them. Cyber criminals all over the world are also present widely on the internet as an omnipresent threat that provides the biggest menace to the financial sector, health departments, business. It hampers the trust of the customers, and is a serious threat to the security of the nation. Almost every industry is affected by cyber crime and so many laws and acts have been created to counter them. These acts are focused at increasing the efficiency of the security systems in the IT functions and departments and thus restoring customer security. References Bank Crime Prevention and Investigation Office, (2011), retrieved on August, 8 2012, from: http://www.cba.ca/en/research-and-advocacy/48-fraud-security/81-bank-crime-prevention-and-investigation-office Cyber Crime . . . and Punishment? Archaic Laws Threaten Global Information, (2000), retrieved on August, 8 2012, from: http://www.witsa.org/papers/McConnell-cybercrime.pdf Doyle, C. (2012), Cybersecurity: Cyber Crime Protection Security Act (S. 2111)—A Legal Analysis, August, 8 2012, from: http://www.fas.org/sgp/crs/misc/R42403.pdf Electronic Crime Scene Investigation: A Guide for First Responders, (2001), retrieved on August, 8 2012, from: https://www.ncjrs.gov/pdffiles1/nij/187736.pdf Hackers hold bank to ransom with stolen customer data, (2012), retrieved on August, 8 2012, from: http://www.information-age.com/channels/security-and-continuity/news/2101763/hackers-hold-bank-to-ransom-with-stolen-customer-data.thtml Israel under a cyber warfare escalation, (2012), retrieved on August, 8 2012, from: http://securityaffairs.co/wordpress/1747/cyber-warfare-2/israel-under-a-cyber-warfare-escalation.html Israeli hackers attack Saudi stock exchange, (2012), retrieved on August, 8 2012, from: http://www.hackerjournals.com/?p=22484 PRIVACY IN CYBERSPACE, n.d, retrieved on August, 8 2012, from: http://cyber.law.harvard.edu/privacy/module5.html Real world cyber crime cases, (2008), retrieved on August, 8 2012, from: http://www.asianlaws.org/library/cyber-laws/real-world-cyber-crime-cases.pdf Rupert Murdoch’s Annus Horribilis, (2012), retrieved on August, 8 2012, from: http://inside.org.au/rupert-murdoch-annus-horribilis/ Reid, R. (2004), Online bank fraud a growing concern, retrieved on August, 8 2012, from: http://www.itworldcanada.com/news/online-bank-fraud-a-growing-concern/115166 Sñhetilov. A, (2001), Some problems of cyber crime and cyber terrorism, retrieved on August, 8 2012, from: http://www.crime-research.org/library/Schetilov.htm The Growing Global Threat of Economic and Cyber Crime, (2000), retrieved on August, 8 2012, from: http://www.utica.edu/academic/institutes/ecii/publications/media/global_threat_crime.pdf WERNER, D. (2012), Cover Story: Hacking Cases Draw Attention To Satcom Vulnerabilities , retrieved on August, 8 2012, from: http://www.defensenews.com/article/20120123/C4ISR02/301230010/Cover-Story-Hacking-Cases-Draw-Attention-Satcom-Vulnerabilities Wall, D., S. (2007), Cybercrime: The Transformation of Crime in the Information Age, Simmonds & Hill Publishing Read More