Cyber Crime A Global Crime - Research Paper Example

11 April Cyber Crime – A Global Crime Introduction The internet has penetrated our lives to such an extent that we turn to it for almost all our needs, be it educational, transactional, entertainment or social. Global commerce is increasingly becoming dependent on the internet, with billions of online stores now available. People have become comfortable with online shopping and financial transactions, paving the way for cyber financial fraud on a global scale. Other crimes such as identity thefts and extortions are also perpetrated through social networking sites. Although cybercrime was in existence ever since the development of computers, it took a global form after the advent of the internet. This paper attempts to present a brief overview of cybercrime, beginning with its varying definitions, how it evolved and became dangerous, its types, and past real-world instances. Definitions of Cybercrime Cybercrime involves criminal acts that are committed using computer networks such as the internet (Bidgoli, 326). These criminal acts include the disruption of other computer systems using viruses and worms, gaining unauthorized access to confidential files, creating and distributing pornographic films based on children, stealing identity, stalking, and a host of other thefts and frauds. There are many ways in which cybercrime can be defined. This is because cybercrime is not a new “type of conduct” but an extension of criminal behavior that is already existing (Edelbacher, Kratcoski, and Theil 122). Cybercrime could be defined as “any crime in which a computer is the agent, facilitator, or target of the crime” (Edelbacher, Kratcoski, and Theil). This definition however is not completely representative of cybercrime. A more extensive definition was given by the Council of Europe’s Budapest Convention on Cyber Crime that defined cybercrime as – Offences against the confidentiality, integrity, and availability of computer data and systems, that is, offenses against computer data and systems, including illegal access to a computer system, such as “hacking” (Article 2), the illegal interception of the transmission of computer data (Article 3), data interference, that is, the damaging, deletion, deterioration, alteration or suppression of computer data (Article 4), system interference, that is, hindering of the functioning of computer systems (Article 5), including denial of service attacks, the misuse of devices (Article 6) – the production, sale, procurement, or otherwise making available of devices of data (e.g., hacking tools) for purposes of committing the above offences (qtd. In Edelbacher, Kratcoski, and Theil 122). This definition is further extended to major crimes perpetrated through the systems discussed above. These include computer-related forgery, computer related fraud, child pornography, and offences associated with copyright infringement and other such crimes. It is essential to understand however that there is no universally accepted definition of cybercrime although its conceptual definitions exist that vary in terms of their comprehensiveness, clarity and currency (Kshetri 3). Tools of Cybercrime Cybercrime is done through the agency of a computer or network. Most commonly used tools in cybercrime include malicious codes such as Trojan Horses, Worms, Viruses and Malware that are delivered to victim computers to facilitate crime, by stealing information or invading the computer system (Bidgoli 328). Trojan Horses – Trojan horses and other such spyware are malicous codes that appear as legitimate programs but, when accessed, disable the security systems of computers or contain key loggers that keep a record of typed passwords and banking credentials that are then transferred to criminals through the internet (Bidgoli 328). Viruses – Viruses are hidden codes that get activated when a program is run. These spread from the host program to other programs and are also transferred among computers and data disks. They slow down the performance of the system or damage data (Bidgoli 328). Worms – Worms are malicious codes that are similar to viruses but do not need a host program to replicate. These replicate on their own and use memory. However, they cannot attach to other programs. They spread automatically from one computer to another. In addition to slowing down the system, worms freeze computer keyboards and monitors, disable computers and use up computer memory (Bidgoli 328). Botnets – Computers that are infected by malware become bots (robots or zombies) that can be controlled by another computer without the knowledge of the original user. This is facilitated through botnets. Criminals use this technique to spread malware, span messages, or as a proxy system to conceal a cyber attack origin (Edelbacher, Kratcoski, and Theil 125). Denial of service (DoS) attacks – DoS attacks are also called hacking, nukes or cyber attacks. These are perpetrated by criminals to deprive individual users or organizations from using certain services. For instance, DoS can cause services such as email, web access or networking from becoming unavailable. Sometimes, websites are shutdown temporarily through such attacks (Bidgoli 328). History of Cybercrime – How and When It Became Dangerous Cybercrime has existed even before the personal computer gained widespread use. “Phone phreaks” are known to have tweaked computerized phone systems to enable free long-distance phone calls (James para. iii). Even Steve Jobs and Steve Wozniak, founders of Apple are reported to have been phone phreaks. John Draper, who earned the name ‘Captain Crunch’ had discovered that he could fool the network of AT&T using a plastic whistle’s tone. Kevin Mitnick, another computer hacker had become one of the FBI’s most targeted criminals after he broke into corporate and academic computer systems resulting in damages worth millions of dollars. He was jailed for half a decade and was ordered to desist from computers for an additional period of three years. Viruses such as ‘I love you’ and ‘Melissa’ had become widespread in the early 2000s, jumpstarting the protection industry for computers (James para. iii). White Hats According to a comprehensive history of cybercrime by Schell and Martin, academic explorations such as those by the all-male Massachusetts Institute of Technology Tech Model Railroad Club (TMRC), in the 1960s and 70s, made computer interventions possible (4). Formed in 1946, the TMRC employed control systems using skills learnt at MIT, becoming the first White Hat hackers. The word ‘hacker’ initially represented a “technologically focused individual” and was initially applied to those individuals who spent their time crawling under the tracks of railroads for connecting switches with cables to relays (4). The word initally referred to pranks played by students at MIT and later evolved to mean any computer related prank because the students mostly worked with computer systems. Early hackers or the White Hats were not criminals but rather were talented programmers who tried to find novel solutions to problems. These hackers endeavored to develop new hardware or software if the type they wanted was not available. This collective search resulted in a new hacker community in which people shared computer codes to build a freely accessible and open body of knowledge in an intellectual environment that promoted academics. Black Hats The term Black Hats also originated in the United States, as a derivation from black-and-white movies, to represent bad individuals or villains. White Hats evolved from an intellectual need to develop and expand knowledge. On the contrary, Black Hat hackers were not committed to such ethics. There is still debate whether the terms ‘Black Hat’ and ‘cybercriminal’ were actually coined. However, according to reports, it is indicated that John Draper, who was also called Captain Crunch, who used the whiste to fool a phone network was the first alleged ‘criminal’ to gain media attention. After Draper, there have been many other instances where young and creative self taught crackers originated. They exploited computer systems and were even caught and imprisoned. The history of cybercrimes is vast. The first federal level legislation on computer crime was the Counterfeit Access Device and Computer Fraud and Abuse Act of 1984 that made the obtaining of credit or financial information through computers a misconduct. Prior to this act, not much action could be taken against computer fraud. The introduction of this Act helped fight against computer fraud in addition to putting the first systems in place that criminalised the use of computers for inflicting damage to other computers. At around the time this Act ws passed, there were concerted efforts made to define the constituents of cyber crime. Inspite of the new laws introduced, a report in 1987 by Ernst and Whinney showed that around $3-5 billion was lost every year due to computer associated crimes. At this time, cybercrime became more dangerous as the internet was becoming increasingly accessible for people. Between 1991 and 1994, Carnegie-Mellon University’s Computer Emergency and Response Team had found that the percentage of computer intrusions increased by 498% in the United States and that the individual offices and homes affected by computer crime increased by 702% (History of Computer Crime para. ii). In order to prevent the increasing number of computer crimes, the FBI founded a new team called the National Computer Crime Squad that exclusively worked on computer crime cases. The Squad investigated more than 200 individual cases in the period between 1991 and 1997. In 2000, the first reported DoS attack was carried out by a 15-year old Canadian hacker against a large number of e-commerce websites, resulting in losses estimated at $1.7 billion (James para. iv) Another major advancement that came in the legal structure fighting cybercrime was the September 11, 2001 terrorist attack. This attack was not a direct result of computer crime. However, it led to the establishment of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (the USA PATRIOT Act) which bestowed government agencies with a higher ability to clamp down cyber crime in the name of terrorism prevention. Cybercrime was so prevalent that, according to a survey conducted in 2002 by the Computer Security Institute, more than 90% of big corporations reported security breaches and that computer crime resulted in losses amounting to $455 million (History of Computer Crime para. ii). With the increasing amount of financial losses to organizations, a Bloomberg Government study was conducted to estimate the amount of funds required for cyber security breach prevention. It was found by the study that large corporations will have to increase their expenditure on cyber security from the previous $5.3 billion to at least $46.6 billion annually. Even then, the report disclosed, that only 95% of cyber-attacks could be prevented. As private businesses own a major proportion of the networks, the government does not have much control over the implementation of cyber security measures (History of Computer Crime para. ii). Cyber-attacks have been increasing so quickly that a new military command is set to be established by the Defense Department to concentrate on computer warfare only (James para. iv). Types of Cybercrime Cybercrime can be classified in two ways (Bidgoli 327). One classification system recognized computer as the target or tool and the other classification system uses a profiling approach to distinguish between outsides and insiders. The profiling approach is employed by the FBI. According to the first classification, in which computer is recognized at the target, cybercrime is defined as the activity in which information is taken wrongfully or damage to information is caused. Various offences are included in this category which include arson, in which a computer center is targeted for damage using fire, extortion, in which a computer is threatened or damaged with the purpose of extorting money, burglary, which involves the stealing of computer parts, conspiracy, which involves the agreement among people to perform an illegal act on a computer, espionage or sabotage, which involves the stealing or destroying of secrets or records, forgery, which involves the issuance of false documents using a computer, larceny, which is theft of parts of computers, malicious destruction of property, which involves the destruction of software or hardware, murder, which involves the tampering of computerized life-sustaining equipment, and the acceptance of stolen property, which involves receiving stolen services or goods through a computer. The use of computer as a tool for cybercrime, according to the first classification, involves the modification of customarily traditional crimes using the internet. These include internet fraud, that implies credit card fraud, false advertising, money laundering as well as wire fraud, child pornography, sale of prescription drugs and controlled drugs online, selling firearms online, gambling online, trafficking liquor online, online securities fraud, intellectual property theft, software piracy and counterfeiting. As per the second type of classification which depends on profiling, there are several types of cybercrime. One such crime is the stealing of money by employees from their company or causing it other harms. Another type of cybercrime is the stealing or damaging of infrastructure by nonemployees (Bidgoli 327). Examples of Cybercrime The number of cybercrimes that have taken place ever since the inception of computers and networking technology is innumerable. While most crimes occur at an individual level, some others occur at a larger scale. Examples of cybercrime include targeted attacks in which specific tools are used by cybercriminals against specific targets. These targeted attacks cause serious damages and are performed by skilled hackers with high levels of expertise. Some criminals carry out such attacks for monetary gains, while others organize targeted attacks to perpetuate terrorism. Some attacks are carried out by rival companies, government agencies and ideological hackers (Kshetri 11). An example is that of six hackers who were convicted in 2004 for their DoS attacks against their business rivals in a Californian court. VIP management services, an online gambling and sports betting company based in a Carribean Island had received an email in 2004, when cybercriminals had hacked into its computer system demanding a payment of $30,000 in ransom. If the company failed to shell out this amount, it risked a complete shutdown of its computer systems. The company’s website was attacked in 2003 and was regularly under attack ever since. The company was heavily reliant on its computer servers as these were the only platform on which it could do a business. Eventually, the company paid up the ransom amount to rescue its computer systems. Many organized groups for cybercrime in Eastern Europe and Russia are increasingly targeting business corporations for extortions. Many such large scale extortion plots have also been reported in Thailand, Britain, Canada, USA and Australia. Businesses that are highly dependent on computer systems, such as banks, casinos, online shopping portals etc., are the most vulnerable to cyber hijacking and extortions. Most cyber-attacks are carefully planned. After hacking into computer systems of the victims, cybercriminals send emails demanding ransoms of amounts as high as $100000 to be sent though Western Union and other such money transfer agencies. The estimation of the actual money extorted annually is hard to estimate and it is reported that only 10% of these cases are intimated to law-enforcement agencies. Estimates suggest that gambling sites alone shell out millions in ransom every year. In 2004, another company involved in processing credit card payments refused to pay a ransom amount. Its website faced repeated DoS attacks that resulted in the disruption of business for a large number of its clients. Therefore, most companies choose to pay up or negotiate with extortionists rather than losing the trust of their customers, halting business indefinitely, attracting media attention or even facing legal action for failing to safeguard the privacy information of their patrons (Kshetri 11). A malicious code called the Morris Worm was released in 1988 and it is one of the most damaging worms witnessed in internet history. This worm was released by Robert Morris into a network belonging to the Department of Defense. The Morris Worm resulted in the disabling of over 6000 computers with repair damages costing from $200 to over $53000 per computer. The Second Circuit Court of Appeals, in 1989, upheld the conviction of Morris under the Computer Fraud and Abuse Act. Another instance of cybercrime is the DoS attack in 2002 in which thirteen internet servers around the world were bombarded with 30 to 40 fold additional data. Seven of the attacked servers experienced zero-response periods. E-commerce sites such as Amazon and Ebay also experienced periods of zero-response during this incident. Some reports indicate that this is the largest DoS attack in the history of cyber-crime (Bidgoli 329). The FBI also reports cybercrime cases and takedowns. Prominent ones mentioned include Operation Ghost Click, Coreflood Botnet, Operation Phish Fry and Dark Market. In the Operation Ghost Click, an international cyber ring that had infected millions of computers was dismantled. Six Estonians wre arrested and charged for infecting millions of computers all over the world using a virus. They ran an internet fraud ring to enable thieves manipulate the internet advertising industry. Victims using infected machines were unware of the compromised status of their computers and their machines were rendered susceptible to several other viruses and security threats. The FBI also disabled a botnet operation by seizing servers that infected around two million computers worldwide with malicious software. A Coreflood virus, which is a key logger that allows cybercriminals to steal financial and personal information, was involved in this botnet operation. The FBI began the Coreflood investigation in 2009 when a company based in Connecticut had realised that hundreds of computer systems on its networks were infected. Before the Coreflood operation was shutdown by the FBI, cyber theives had already made many fraudulent wire transfers that resulted losses of thousands of dollars for companies. The Operation Phish Phry is one of the biggest phishing case until date. Around 100 people were charged in Egypt and US in this case. Cybercriminals involved in this operation targeted banks in the US to victimize thousands of account holders. Their financial information was stolen and used to transfer around $1.5 million into bogus accounts controlled by them. In this operation, more than 50 criminals in the US and around 50 in Egypt were charged with crimes such as money laundering, computer fraud, aggravated identify theft and conspiracy to commit bank fraud. A two-year cyber operation carried out undercover by the FBI and its global alliances resulted in the ‘Dark Market’ takedown in which a cyber club exclusively for crooks was exposed. This resulted in 56 arrests all over the world, preventing potential losses of $70 million. The FBI worked closely with global law enforcement agencies such as the Turkish National Police, the U.K.’s Serious Organised Crime Agency and the German Federal Criminal Police for this operation (FBI.gov). This is an example of how concerted efforts on a global scale can help tackle cybercrime. Many cases of cyberspying are also being reported. Hackers ransack banking information, social security numbers and other data over computer networks to use it for identity theft. An example of such cybercrime is that of University of California, Berkeley, where hackers stole the SSNs of 97000 students and alumni over a period of six months by attacking the computer system of the university. Physical harm has also been reported in several cases of computer vandalism. For instance, a forum that was run by the Epilepsy Foundation was shut down when when cybercriminals, as a prank, led site visitors to other websites that features flashing and bright images that trigger seizures (James para. iv). Catching Cybercriminals Catching cybercriminals is a tough process because of the intuitive hacking techniques employed by most cybercriminals. As told by Chris Painter, deputy chief of the Computer Crime and Intellectual Property Section of the U.S. Department of Justice in an interview, cybercrime sleuths do “almost anything you can think of” to catch cybercriminals (Greene 2). Undercover operations are done to get inside various hacker groups. Court orders are taken to trace communications and track the origins of a cybercrime. Some cybercrimes that are done for monetary benefit leave a ‘monetary trail’ that can be tracked. Catching cybercriminals does not exclusively involve the tracking of electronic footprints. Old fashioned investigations are paired up technological capabilities to catch cybercriminals. An Internet Crime Complaint Center, called IC3 has been set up by the FBI where victims of cybercrimes can report their complaints. By aggregating the complaints, it is easier for law enforcement to look at the crime cases systematically as instances of most cybercrimes do not have single victims and are perpetrated at a larger scale. By aggregating such data, tracking the origin of the cybercrime becomes easier (Greene 2). Most cyber forensic experts have systems in place to check and track locations, IP addresses, etc. However, there is no single protocol for catching cybercriminals and both technological as well as traditional methods of investigation are involved. Conclusion The global cybercrime industry is estimated to vary from $100 billion to $1 trillion (Kshetri 4). According to estimates by the FTC, around 10 million Americans had become victims of identity thefts in 2008 and 30million credit card numbers were pilfered during 1999-2003 through breaches of computer security. The highest profile case of this kind is that of a man in Florida who allegedly stole 130 million debit and credit card information (Kshetri 4). With the increasing use of technology, it cannot be said that cybercrime will decrease. The internet is accessible from every corner of the world and is accessed by almost the entire population. The number of activities we do online is increasing tremendously and that also results in a multiplication of the risks involved. At such a time, the implementation of preventive measures is a must not only for large organizations but also for individuals. Cybercrime is purported at the global level and governments are not yet fully equipped to counteract cross-border cybercrime. Cybercrime is taking place at a global scale and therefore warrants a robust prevention and protection mechanism that surpasses countries and continents. It is an emerging threat of the twenty first century, which in its initial years itself has caused insurmountable losses. Works Cited “History of Computer Crime.” Personal.psu.edu (n.d.). 11 April, 2014 . Bidgoli, Hossein. The Internet Encyclopedia. New Jersey: John Wiley & Sons, 2004. Edelbacher, Maximillian, Peter Kratcoski, and Michael Theil. Financial Crimes: A Threat to Global Security. Florida: CRC Press, 2012. FBI. “Operation Ghost Click.” FBI.gov. 11 April, 2014 . Greene, Kate. “Catching Cyber Criminals.” MIT Technology Review (9 March, 2006). 11 April, 2014 . James, Randy. “A Brief History Of Cybercrime.” Time (June 1, 2009). 11 April, 2014 . Kshetri, Nir. The Global Cybercrime Industry: Economic, Institutional and Strategic Perspectives. North Carolina: Springer, 2010. Schell, Bernadette, and Clemens Martin. Cybercrime: A Reference Handbook. California: ABC-CLIO, 2004. Read More