Computer and Internet Crime
What is Computer Crime?
Alternatively referred to as cyber crime, e-crime,
electronic crime, or hi-tech crime, computer crime is an act
commonly performed by a knowledgeable computer user, sometimes referred to as a hacker that
illegally browses or steals a company's or individual's private information. In
some cases, this individual or group of individuals may be malicious and
destroy or otherwise corrupt the computer or data files.
Cyber crime: How it
happens?
Why are you a target?
Information, whether personal or business related, is becoming increasingly valuable to criminals. Where personal information, such as bank account, credit card, or social security numbers, is stored, whether on your personal computer or with a trusted third party such as a bank, retailer or government agency, a cyber criminal can attempt to steal that information which could be used for identity theft, credit card fraud or fraudulent withdrawals from a bank account, among other crimes.
How can you be attacked in a Cyber Crime?Simply by connecting to the Internet you are making yourself a potential target of criminals. Every day, criminals use automated tools to scan for unprotected or vulnerable computers. Criminals may target you specifically or you may be the subject of a random attack. Whether a specific target or just a random attack, there are two main ways by which your computer can be affected by cyber crime:
Your
computer is used to steal your personal information: Two examples are Trojans and spyware.
Trojans are a form of malware masquerading as something the user may want to
download or install, that may then perform hidden or unexpected actions, such
as allowing external access to the computer. A Trojan may be used to install
spyware such as 'key logging' software, which records keystrokes including
passwords and then forwards the 'key logged' information to the attacker.
Your
computer is used to facilitate other crimes and attacks on others: Computers can be hijacked to provide
storage of illegal images or illegal downloads of music. Hijacked computers
could also be used as a platform to launch attacks or commit crimes against
others.
The best way to protect you
from cyber crime is to use common sense, be prepared and take precautions.
Types of
Attacks
ü A virus is usually a piece of programming code that causes some unexpected and usually undesirable event.
ü The term “computer virus” is an
umbrella term used for many types of malicious code.
ü Usually disguised as something else
ü Cause unexpected and undesirable behavior
ü Often attached to files
ü Deliver a “payload”
ü Spread by actions of the “infected” computer
user
§ Infected e-mail document attachments
§ Downloads of infected programs
§ Visits to infected Web sites
Worm
Computer worms are
similar to viruses in that they replicate functional copies of themselves and
can cause the same type of damage. In contrast to viruses, which require the
spreading of an infected host file, worms are standalone software and do not
require a host program or human help to propagate. To spread, worms either
exploit vulnerability on the target system or use some kind of social engineering to trick users
into executing them. A worm enters a computer through vulnerability in the
system and takes advantage of file-transport or information-transport features
on the system, allowing it to travel unaided.
Trojan Horse
A Trojan is another type of malware named after the wooden horse the
Greeks used to infiltrate Troy. It is a harmful piece of software that looks
legitimate. Users are typically tricked into loading and executing it on their
systems. After it is activated, it can achieve any number of attacks on the
host, from irritating the user (popping up windows or changing desktops) to
damaging the host (deleting files, stealing data, or activating and spreading
other malware, such as viruses). Trojans are also known to create back doors to
give malicious users access to the system.
Unlike viruses and worms, Trojans do
not reproduce by infecting other files nor do they self-replicate. Trojans must
spread through user interaction such as opening an e-mail attachment or
downloading and running a file from the Internet.
Distributed denial of
service,DDoS
DDOS,
short for Distributed Denial of Service,is a type of DOS attack where multiple compromised
systems -- which are usually infected with a Trojan -- are used to
target a single system causing a Denial of Service (DoS) attack. Victims
of a DDoS attack consist of both the end targeted system and all systems
maliciously used and controlled by the hacker in the distributed attack.
Rootkits
A rootkit is a type of software designed to hide the fact that
an operating system has been compromised, sometimes by replacing vital
executables. Rootkits allow viruses and malware to “hide in plain sight” by
disguising as necessary files that your antivirus
software will overlook. Rootkits themselves are not harmful; they are simply
used to hide malware, bots and worms. Rootkits get their name from the Unix
term for the primary administrator account called “root” and “kits,” which
refer to the software pieces that implement the tool. To install a rootkit, an
attacker must first gain access to the root account by using an exploit or
obtaining the password by cracking it or social engineering. Rootkits were
originally used in the early 1990’s and targeted UNIX operating systems. Today,
rootkits are available for many other operating systems, including Windows.
Because rootkits are activated before your operating system even boots up, they
are very difficult to detect and therefore provide a powerful way for attackers
to access and use the targeted computer without the owner’s notice. Due to the
way rootkits are used and installed, they are notoriously difficult to remove.
Rootkits today usually are not used to gain elevated access, but instead are
used to mask malware payloads more effectively.
Spam
Electronic spamming is the use of electronic messaging
systems to send unsolicited bulk messages (spam), especially advertising,
indiscriminately. While the most widely recognized form of spam is e-mail spam,
the term is applied to similar abuses in other media: instant
messaging spam, Usenet newsgroup spam, Web search
engine spam, spam in blogs, wiki spam, online classified ads spam, mobile
phone messaging spam, Internet forum spam, junk fax
transmissions, social networking spam, social spam,
television advertising and file sharing spam. It is named after Spam, a
luncheon meat, by way of a Monty Python sketch in which Spam is
included in every dish.
Phishing/Spoofing
Unlawfully accessing a computer without authorization
and sending multiple e-mails; resending multiple commercial email messages with
the intent to deceive recipients; or falsifying header information in multiple
email messages.
Types of Perpetrators
White Hat Hacker
The
term "white hat" in Internet slang refers to an ethical computer
hacker, or a computer security expert, who specializes in penetration testing
and in other testing methodologies to ensure the security of an organization's
information systems
Black Hat Hacker
A
"black hat" hacker is a hacker who "violates computer security
for little reason beyond maliciousness or for personal gain" (Moore,
2005). Black hat hackers form the stereotypical, illegal hacking groups often
portrayed in popular culture, and are "the epitome of all that the public
fears in a computer criminal". Black hat hackers break into secure
networks to destroy data or make the network unusable for those who are
authorized to use the network. Black hat hackers also are referred to as the
"crackers" within the security industry and by modern programmers.
Crackers keep the awareness of the vulnerabilities to them and do not notify
the general public or manufacturer for patches to be applied. Individual
freedom and accessibility is promoted over privacy and security. Once they have
gained control over a system, they may apply patches or fixes to the system
only to keep their reigning control.
Hacktivist
A
hacktivist is a hacker who utilizes technology to announce a social,
ideological, religious, or political message. In general, most hacktivism
involves website defacement or denial-of-service attacks.
Malicious insider
In a recent survey of international corporate
executives, insider threats were their No. 1 security concern. This is the
employee, contractor or sub-contractor with access to data, files and IT
systems who may be disgruntled or feel “obligated” to steal valuable
intellectual property. Their motivations could vary from politics to anger to pure
greed.
Industrial spies
Use
illegal means to obtain trade secrets from competitors.
Cybercriminals
ü Hack into corporate
computers to steal
ü Engage in all forms of
computer fraud
ü Chargeback are disputed
transactions
ü Loss of customer trust has
more impact than fraud
-wikipedia
How you
can protect yourself from cybercrime?
How Can You Stay Safe?
·
Keep
your operating system updated/patched. Set it to "auto update".
·
Use
anti-virus and anti-spyware software and keep them updated.
·
Do
not visit un-trusted websites or follow links provided by unknown or un-trusted
sources.
·
Secure
your transactions. Look for the "lock" icon on the browser's status
bar and be sure "https" appears in the website's address bar before
making an online purchase. The "s" stands for "secure" and indicates
that the communication with the webpage is encrypted.
·
Be
cautious about all communications you receive including those purported to be
from "trusted entities" and be careful when clicking links contained
within those messages.
·
Do
not respond to any unsolicited (spam) incoming e-mails.
·
Do
not open any attachments contained in suspicious emails.
·
Do
not respond to an email requesting personal information or that ask you to
"verify your information" or to "confirm your user-id and
password."
·
Beware
of emails that threaten any dire consequences should you not "verify your
information".
·
Do
not enter personal information in a pop-up screen. Providing such information
may compromise your identity and increase the odds of identity theft.
·
Have
separate passwords for work related and non-work related accounts.
No comments:
Post a Comment