Computer Crimes and Digital Investigations - Essay Example

Computer Crimes and Digital Investigations Internet, along with other telecommunications marvels, has turned the world into a global village. It has eased and accelerated the pace of communication and interaction among business communities, consumers, government agencies and society in general by removing traditional middlemen links and cutting through unnecessary formalities and paperwork. The technology that has supported the growth of the Internet is still changing at an increasing rate and the traditional pattern that the world is used to in managing its affairs has been changed irreversibly. Unfortunately, like all previous inventions of mankind, Internet technology can be used for both good and evil purposes, that is, the internet has is both, bane and boon. In the wrong hands, it will facilitate the commission of all traditional criminal activities and generate a whole new series of criminal activities called “cyber crimes”, which the world may be ill equipped to cope with, if the problem is not squeezed in the beginning. Crime is an official wrong or deed and has the sanction of the law (Duggal, “FAQs”). This offence can be pursued by further criminal actions which can lead to punishments. The concept of crime is not much different than cyber crime except the distinction of the use of a digital computer as an object and subject of conduct amounting to crime. They both involve violation of rules and laws intentionally or unintentionally. Cyber crime, especially involving the Internet, symbolizes an increase of existing criminal conduct along with some other illegal activities (Duggal, “FAQs”). Cyber-crime demote to all the activities done with criminal purpose on the internet or in cyber-space. These might include criminal activities in the conservative sense or could be activities, newly developed with the growth of the internet. Because of the anonymous nature of the Internet, it is possible to connect into a variety of criminal deeds with impunity and people with intelligence, have been greatly misusing this aspect of the Internet to propagate criminal activities in cyber-space. The field of cyber-crime is newly emerged and new forms of criminal activities in are coming up with each passing day. The issues of computer crime have become high-status, especially those involving identity stealing, hacking, copyright infringement from child pornography, and child grooming (Duggal, “CyberCrime”). Problems of privacy occur when personal and confidential information is either by intercepted or lost. Hence, cyber crime may be generally defined as: “unlawful acts wherein the computer is either a tool or target or both.” (Walden, 2007). The following unlawful activities are conducted using computer, for example cyber defamation, e-mail spoofing, pornography, forgery, financial crimes, intellectual property crime, sale of illegal articles, online gambling, and cyber stalking. The computer may also be the target where there is unauthorized access to computer or computer system or networks, internet time thefts stealing of information controlled electronically, e-mail and logic bombing, Trojan attacks, web jacking and physically damaging the computer system. A variety of studies have been conducted on cyber crime in United Arab Emirates (UAE) and the Gulf region showing that they have highest number of female internet users making the Arab State a particularly lucrative market for online companies. A study Conducted by online research firm Effective Measure, reported that about 40 percent of the UAE's online society are women, and the country also has the second highest female Internet user populace in the Middle East and North Africa region. A large-scale raid on five UAE-based resellers dealing in illegal software was held by the UAE Ministry of Information and Culture. Throughout the raid 88 forged CDs loaded with illegal programs and pirated software were confiscated. It was conducted by the anti-piracy campaign supported by the UAE authorities to combat software piracy and against cyber crime in general. United Arab Emirates’ government persistently filters Web sites that contain pornographic material or are subject to alcohol and drug use, gay and lesbian matters, or online dating or gambling. It also filters web-based applications and political and religious sites are also filtered, but not so extensively. Moreover, legal controls restrict freedom of expression and behavior, limiting political discourse and disputes online. Even though the UAE Constitution provides for judicial independence and promise freedom of speech regarding the assembly, press, political interference and legal constraints destabilize such provisions. Islamic civil courts are also practiced. Press and publications law affects print and electronic media, which allows censorship of content by the state Media Council and examination under the Penal Code. The most highly Internet-connected countries in the Middle East also include UAE. There are more than 578,000 Internet subscribers in the country as stated by The UAE Yearbook 2007. place the number of Internet users are placed at 1.40 million, or 35 percent of the population by the September 2006 figures on Internet penetration, Etisalat (Emirates Telecommunications Corporation) approximate that more than 51 percent of the country is online. Internet content controls in the UAE, through filtering are put towards protecting political, ethical, and religious values and against cyber crime. Etisalat – a telecommunication monopoly forbids the use of internet services for any “criminal or unlawful purpose such as but not limited to vice, gambling or obscenity, or for carrying out any activity which is contrary to the social, cultural, political, economical or religious values of the UAE (Balkin, 2006). A federal law on combating cybercrimes was also issued by the UAE government. Cyber-Crime Law No. 2 of 2006 considers any “intentional act that abolishes, destroys, or reveals secrets, or that results in the republishing of personal or official information, to be a crime. Individuals may be imprisoned for using the Internet to abuse Islamic holy shrines and rituals, insult any recognized religion, incite or promote sins, or oppose the Islamic religion”. Anyone convicted of “transcending family principles and values” or setting up a Web site for groups “calling for, facilitating and promoting ideas in breach of the general order and public decency” may be jailed (Balkin, 2006). Testing was done in the UAE on selective points for the filtration of Web sites that express unorthodox political or religious views. These sites presenting unorthodox views on Islam and secularism were blocked. Among the few extremist websites were hinduunity.org was filtered as it advocated Hindu unity and conflicts of Islam. Similarly, the country continued to stop access to every site on Israeli country code top-level domain. What the testing revealed was the all-encompassing cleaning of pornographic and gay and lesbian sites, which were totally blocked. Some web pages were less filtered like sexual health sites (circumcision.org) and sex education sites (sexualhealth.com) or containing offensive attire (lingerie.com). Websites sponsoring alcohol and drug use or giving the option of online gambling or dating were also blocked extensively. Extensive filtering of Internet tools in the UAE was found by ONI, including translation (systranbox.com) and hacking (thesecretlist.com) sites. The UAE unblocked access to social networking and multimedia sharing sites in October 2006 which included youTube.com, metacafe.com and flickr.com. Objectionable material on these sites remains unavailable. Even today, UAE stops its citizens from accessing a large amount of Internet content spanning a variety of topics. Outside the free zones, the state has employed Smart Filter software outside the free zones, to block content such as nudity, sex, dating, gambling, cults, religious conversion, and drugs. Hacking, translation, and VoIP applications sites are also filtered. Cyber-crimes can be basically divided into 3 major categories being cyber-crimes against Persons, Businesses and Government. The category of cyber-crimes against businesses includes Unauthorized Computer Trespassing through cyber-space, Computer Vandalism, and transmission of harmful programs and unauthorized possession of computerized information. Hacking and cracking come into the category of most serious cyber-crimes recognized as of now. “It is a dreadful feeling  to  know  that  someone  has  broken  into  your  computer  systems  without  your knowledge and consent and has tampered with precious confidential data and  information.” (Duggal, “CyberCrime”). Coupled with this, the actuality is that no computer system in the world is hacking proof. It is unanimously agreed that any and every system in the world can be hacked. Using  one's own  programming  abilities  as  also  various   programs  with  malicious   intent  to gain unauthorized  access to  a  computer  or network  are  very  serious crimes”. Similarly, the creation and   dissemination of harmful computer programs or Virus which do irreparable damage to computer systems is another kind of   cyber-crime. (Wall, 2007) Denial of Service attack makes the target machine inaccessible. It is done either by flooding a network so that legitimate traffic cannot get through or by overloading a service on a host so that it cannot respond to legitimate requests. Sometimes the target machine may crash as a result of the attack. Spamming refers to unsolicited commercial e-mail or unsolicited bulk email, i.e. e-mail that you did not request. Most often spam contains advertisements for dubious services or products. Credit-card fraud is the most popular and common cyber-crime. Credit card numbers will be the major targets of any hacker as credit card fraud is the easiest way to defraud consumers. Theft of such information will continue to rise. Credit card companies will need to place systems to track and alert their users of haphazard or highly doubtful transactions recorded over a short span of time in order to battle illegal use of 'stolen credit cards.' Cyber-fraud include online share trading or purchase scams, pyramid schemes and non-existent online services. It would appear that any lacuna in the law on the ability of the home country to enforce its laws beyond its shores against cyber-criminals operating outside its jurisdiction should be seriously addressed sometime soon in order to adequately combat the effect of cyber-crimes in such home country. Spoofing is the act of disguising the computer to look like another so that it will be allowed access to the system which would otherwise restrict its entry and thus jeopardizing the security of these sites. For example, one person impersonating another, using perhaps that other person's e-mail address to pretend as if that other person is in fact accessing the relevant computer system. The problem relating to spoofing is probably the same as for password sniffing. Software piracy is also a different type of cybercrime which is spread by many people online by distributing unlawful and unauthorized plagiarized duplicates of software (Duggal, “CyberCrime”). A worrying change has swept across the Internet over the last two years. The threat platform once dominated by the worms and viruses let loose by reckless hackers is now ruled by a new type of cybercriminals. Now fraud motivates cyber crime, characterized by the spam emails sent by "phishers" violates privacy and steal personal information. Crime ware such as bots, Trojan horses, and spyware are the tools driving their attacks. Cyber-stalking relates to criminal terrorization, offense and displeasure through electronic systems such as PCs. Damage includes changing, altering, erasing, suppressing, altering place of data or making data momentarily unavailable, stop the progress of electronic systems or obstructing the networks. Decrypted Information means information or the know-how that allows a person to willingly retransform or decode encrypted data from its incomprehensible and unintelligible format to its clear version. Electronic System means any electronic system, tool or a collection of unified or linked devices which is pursuant to a program, carries out automatic processing of data and comprises a stable, removable or any other electronic storage medium. Encrypted Data means data which has been transformed or scrambled from its plain version to an unreadable or unfathomable layout, regardless of the technique utilized for such transformation or scrambling and irrespective of the mode in which such data arise or can be found for the aims of protecting such data. Malicious Code means a computer program or a unknown function in a program that contaminate data or concedes the electronic system’s functioning or uses the electronic system assets without proper authorization, with or without attaching its copy to a file and is able of spreading over electronic system with or without human intrusion including virus, worm or Trojan horse. Unauthorized Access means illegal use of any kind by any person to any electronic system or data held in an electronic system, without authority, if he is not himself unrestricted to manage right of entry of the sort relevant to the electronic system, or data and he does not have consent to such access from any person, so permitted. Virus means a program that could infect other programs by changing them to include a probably developed copy of it. Main objectives of this project are to classify and strengthen the security because many risks are linked with cyber-crimes, and to formulate the methodology to evaluate and categorize these risks. The information gained from the project would form a set of guiding principles for designing secure systems or structured framework for risk evaluation. This study will certainly provide benefits to: Individuals using internet and utilizes services provided by companies on the web. The benefit of reducing such cyber-crime will increase the effective utilization of internet to purchase products and services provided on the World Wide Web. The main concern of the individual is the privacy, protecting the confidentiality of individuals will increase the trust and encourage the usage of internet services. Also the major goal of the study is to improve the current systems employed by local businesses. This study will help firms to provide better services to the customers on net as well as the effective use of the computers over networks in their daily operations to enhance the work efficiency. This will ultimately result in reducing cost and increase in the sale. Government is one of the parties to be benefited by the study. The concern over intellectual property right is ever increasing abroad. Government must take steps to protect these right to stimulate the foreign investors the in the country. Also reducing cyber-crime will also affect in the overall betterment of the economy as new doors of opportunities will be opening. The next concept is how to profile a hacker. The stereotype hacker is a smart, lonely and unusual perhaps in teenage or adult male with intelligent computer skills but it may always depend. Some computer criminals are unconventional people who enjoy writing and releasing destructive viruses. Others are dignified professionals who steal copies of their employers' customer databases along with them after they quit their job. Some are con artists who do it for financial gain and steal personal information from consumers. Although of course they all can have different personality traits and styles. There is a need to have enough information about them to stop creating reliable profiles of the people behind computer crimes. "Like in traditional crimes, it's important to try to understand what motivates these people to get involved in computer crimes in the first place, how they choose their targets and what keeps them in this deviant behavior after the first initial thrill," says Marcus Rogers, an associate professor at Purdue University in West Lafayette, Ind., and head of computer technology department (Walden, 2007). His expertise has identified eight types of cybercriminals, starting from "newbie" with little programming knowledge and skills that rely on pre-written theories to crime, to highly-trained professional criminals and cyber terrorists with the most advanced tactics. Besides this, their motivations also differ. For some it is money, looking for income and for some it is status or revenge, looking for thrill. The dangerous ones are those with a big ego looking for revenge. Though, money is the biggest motivation. People can go very far beyond their values for money. Some very major cyber crimes in recent times have been: October 21, 2009 when millions of computers are filled with fake security software, September 10, 2009 when a Critical bug in SMB. Vista 2008 and RC of Windows 7 got affected, August 27, 2009 when the prime case of computer crime and identity theft ever prosecuted and July 30, 2009 when BlackHat USA 2009: Russian's Organized Crime Heritage Paved Way For Cybercrime to name a few. It is vital to protect people from cyber crime, for their own benefit and the country’s as a whole. As a public responsibility, people should also contribute in minimizing the harm by learning themselves, and further teaching to younger lot about the safe and responsible use of the internet. Cyberethics is a term used to identify a responsible and safe code for the internet commune. Understanding the risks of harmful and illegal behavior online and learning how to protect ourselves is what is called good cyber ethic practice. It also includes how to protect other users, from such immoral behavior and creating awareness among young people, who may not realize the potential damage it can do to them. It is a known fact that prevention is always better than cure. To take certain precaution while using the net is always good. One should never disclose any personal information or identity to strangers in chat rooms. Similarly, never share photographs with unknown people to avoid misuse. A latest and up-to date virus program or software should always be on one’s computer. Even if a virus contamination occurs, a volume back up present will help storing back important information and documents. Credit card number should never be written on unsecured web pages to avoid frauds. Children should be watched over when operating the net to prevent harassment. A security program that provides control over the cookies should also be used. Owners of web site should keep a watch on traffic and check any irregularity on the site. Putting host-based intrusion detection devices on servers may help to do this. We can benefit from use of firewalls. Use of firewalls may be beneficial. Web servers running public sites must be detached protected from internal corporate network. Protecting against cyber stalker is also essential as they can harass, threaten and disturb you. In such a case, a written complaint to the commissioner of Police could be sought after to understand the psychology of the harasser and track them down. Children should immediately inform their parents if they are being stalked. Adults should discuss with family and spouse. It is best to not to reply to confrontational e-mails if you receive them and never to respond to flaming or become provoked online.  You could also inform harassment emails to your ISP or your email provider for better control of the situation as cyber criminals are not a nuisance but a threat.  So, never underestimate and always take a step and protect your position if you are being a victim and acquire a high level of safety awareness. This money-driven industry of cyber crime has malicious intent and ordinary people should be aware of their cruel objectives, manipulations and motivations. The scene behind criminal activity in cyber space begins with harvesters who harvest current email addresses and pass them along. They do this either by sending emails that encourage recipients to further pass them on to as many people as possible to get some kind of lame award. This verifies live email addresses to all of the people to which the email is forwarded, and in this way a database is created. Robotic harvesting is where a program is used to pick a random organization and builds a database of first and second names. These are then randomly matched into email addresses and once confirmed a database is build for hacking purposes. When you are exposed to computer vandalism/denial of service, personal privacy on the net, online shopping fraud, online banking fraud, inside people’s threats like employees and cyber-terrorism the one should certain counter measures like risk assessment, Information Security Policy and Procedure and Implementing justified safeguards according to your IP programme. One must also incorporate the use of PKI technology into communication infrastructure and use strong security measures such as VPN, content inspection, intrusion detection systems to strengthen one’s security protection. When looking at the risk analysis we come across techniques like collecting cyber-intelligence from molestation from public sources such as law enforcement, learning about attacks scenarios and likely targets with attack tree analysis, determine the possible abuses of the applications business logic using use and abuse cases, identify the attack vectors used against web sites so applications defenses can be tested and last but not the least developing application countermeasures at the application layer with threat architecture risk analysis. The belief is you can only lessen for threat you know of. It is important to know your enemy so you can build your defenses. One should be aware of the threats and threat intelligent. Bigger cyber crime threat affects and awareness is vital. It is emphasized that for security conformity to be security effective needs to put into effect actionable risk assessments. A new risk mitigation strategy is innovated that looks at compliance with a positive security approach rather than negative security approach. The positive security advances consists on proving the positive effect of defenses on extenuating threats. It is driven by risk analysis as a positive factor for creating better security controls against new threats. References: Balkin, J., Katz Eddan, James Grimmelmann, Nimrod Kozlovski, Shlomit Wagman, and Tal Zarsky, (2006). Cybercrime: Digital Cops in a Networked Environment. New York: New York University Press. Walden, I., (2007). Computer Crimes and Digital Investigations. Oxford: Oxford University Press. Wall, D.S., (2007). Cybercrimes: The transformation of crime in the information age. Cambridge: Polity. Etisalat, Mushrek, J. “Condition of Use.” Ecompany.ae. Ecompany, n. d. Web. 17 Nov. 2009. “Cyber-Crime Law No. 2 of 2006.” Gulfnews.com. Gulf News. 13 Feb. 2006. Web. 17 Nov. 2009. Duggal, Pavan. “CyberCrime.” Cyberlaws.net. Cyberlaws, n. d. Web. 17 Nov. 2009. Duggal, Pavan. “FAQs.” Pavanduggal.net. Pavan Duggal, n. d. Web. 16 Nov. 2009. Read More