Cyber Crimes: Cyber Crime or Computer oriented Crime is the crime that involved a computer and a networks. The computer may have been used in the commission of a crime or it may be the target. Cybercrime can be defined as: Offences that are committed against individual or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm or loss to the victim directly or indirectly using modern telecommunication networks such as Internet (networks including chat rooms, e-mails, notice board and groups) and mobile phones (Bluetooth, SMS, MMS).
Cybercrime may threaten a person or a nation’s security and financial health. Issues surrounding these types of crimes have become high profile, particularly those surrounding hacking, copyright infringement, unwanted mass surveillance, sextortion, child pornography and child grooming.
There are also problem of privacy when confidential information is intercepted or disclosed lawfully or otherwise.
Internationally both governmental and non-state actor engage in cybercrimes including espionage, financial theft and other cross-border crimes.
Cybercrimes crossing international border and involving the actions of at least one nation state is sometimes referred to as Cyber warfare.
A report sponsored by McAfee published in 2014 estimated that the annual damage to the Global economy was $445 billion. Approximately $1.5 billion was lost in 2012 to online credit and debit Card fraud in the US. In 2018 a study by Center for Strategic and International Studies (CSIS) in Partnership with McAfee concludes that close to $600 billion, nearly 1% of global GDP is lost to Cybercrime each year.
Computer crime or cybercrime encompasses a broad range of activities. Any dishonest misrepresentation of fact intended to let another to do or refrain from doing something which cause loss is known as Computer Fraud. Other forms of fraud may be facilitates using computer system, including Bank fraud, Carding, identity theft, extortion and theft of classified information.
A variety of internet scams, many based on phishing and social Engineering target consumers and businesses. An act of terrorism committed through the use of cyberspace or computer resources is generally defined as Cyber terrorism. As such a simple propaganda piece in the Internet that there will be bomb attack during holidays can be considered as cyber terrorism.
Cyber extortion occurs when website- email server or computer system is subjected to or threatened with repeated denial of service or other attacks by malicious hackers. These hackers demand money in return for promising to stop the attack and offer protection. Perpetrators typically use a distributed denial of service attack.
However, other cyber extortion techniques exist such as doxing extortion and bug poaching. Cyber warfare is not the least to mention. These crimes are committed by a selected group of criminals. These crimes are relatively new, having been in existence for only as long as computer have – which explains how unprepared society and the world in generals in combating these crimes. There are numerous crime of this nature committed daily on the internet.
Crimes that primarily target computer networks or devices includes Computer Viruses, denial of service attacks, malware (malicious code).
When the individual is the main target of cybercrime, the computer can be considered as the tool rather than the target. These crimes generally involve less technical expertise.
Human weakness are generally exploited. The damage dealt is largely psychological and intangible, making legal action against the variants more difficult.
Crimes that use computer networks or devices to advance other end includes: fraud and identity theft, information warfare, phishing scams, spam (the unsolicited sending of bulk e-mail for commercial purposes).
The content of the websites and other electronic communication may be distasteful, obscene or offensive for a variety of reasons. Whereas content may be offensive in a non-specific way, harassment, direct obscenities and derogatory comments at specific individuals focusing for example on gender, race, religion, nationality, sexual orientation.
Harassment on the internet also includes revenge porn. Dark net markets are used to buy and sell recreational drugs online. Some drug traffickers used encrypted messaging tools to communicate with drug mules. As technology advances and more people rely on the internet to store sensitive information such as banking or credit cards information, criminals increasingly attempts to steal that information.
Cybercrime is becoming more of threat to people across the world. Raising a weakness about how information is being protected and the tactics criminals use to steal that information continue to gain in importance.
Cyber Security: Computer security or Cyber security or information technology security (IT security) is the protection of computer system from theft or damage to their hardware, software or electronic data as well as from disruption or misdirection of the services they provide.
The field is growing importance due to increasing reliance on computer system, the Internet and wireless networks such as Bluetooth and Wi-Fi and due to the growth of smart devices including smart phones, television and various tiny devices that constitute the Internet of things. Due to its complexity both in terms of politics and technology, it is also one of the major challenges of the contemporary world.
Vulnerability is a weakness in design, implementation, operation or internal control. Most of the vulnerabilities that have been discovered are documented in the common vulnerabilities and exposure (CVE) database. An exploitable vulnerability is one for which at least one working attack or exploit exist. Vulnerabilities are often hunted or exploited with the aid of automated tools or manually using customized scripts.
To secure a computer system ,it is important to understand the attacks that can be made against it and these threats can typically classified as (i) Backdoor in computer system
(ii) Denial –of-service attacks (DoS)are designed to make a machine or network resource unavailable to its intended users
(iii) Direct-access attack.
(iv)Eavesdropping is the act of surreptitiously listening to a private conversation, typically between hosts on a network.
(v) Multivector, polymorphic attacks ,surfacing in 2017 ,a new class of multivector, polymorphic cyber threats .(vi) Phishing is the attempt to acquire sensitive information such as usernames, passwords and credit card details directly from users.
(vii) Privilege escalation describes a situation where an attacker with some level of restricted access is able to without authorization ,elevate their privilege or access level.
(viii) Social Engineering aims to convince a user to disclose secrets such as passwords ,card number etc.
(ix) Spoofing is the act of masquerading as a valid entity through falsification of data such as IP address or username in order to gain access to information or resources that one is authorized to obtain.
(x) Tampering describe a malicious modification of product.
If cyber security and cybercrime deterrence are not treated as priorities, the rate at which system and data are abused will continue to rise, further undermining the public’s trust in technology.
The growth in the number of computer systems and the increasing reliance upon them of individuals, businesses, industries and government means that there are an increasing number of system at risk, which may be financial system, utilities and industrial equipment, Aviation, Consumer devices, Large corporations, Automobiles, Government, Internet of things and physical vulnerabilities, medical systems, energy sector etc.
Serious financial damage has been caused by security breaches but because there is no standard model for estimating the cost of an incident, the data available is that which is made public by the organization involved.
In computer security a countermeasure is an action, device, procedure or technique that reduces a threat, a vulnerability or an attack by eliminating or preventing it by minimizing the harm it can cause or by discovering and reporting it so that corrective action can be taken. Some common countermeasure are: Security by design, security architecture, Security measures, Vulnerability management, reducing vulnerabilities, Hardware protection mechanisms, Secure operating systems, secure coding, capabilities and access control lists, end user security training, response to breaches.
Incident response is an organized approach to addressing and managing the aftermath of a computer security incident or compromise with the goal of preventing a breach or thwarting a cyber-attack. Incident response planning allows an organization to establish a series of best practices to stop an intrusion before it causes damage.
Four key components of computer security incident response plan are: preparation, detection and analysis, containment, eradication & recovery and post incident activity.
Some of the important components of Network security are- Anti-virus and anti-spyware, Firewall to block unauthorized access to your network, intrusion prevention system (IPS) to identify fast-spreading threats such as zero day or zero hour attacks and Virtual Private networks((VPNs) to provide secure remote access.
International legal issues of cyber-attacks are complicated in nature. There is no global base of common rules to judge and eventually punish, cybercrimes and cybercriminals and cyber security firms or agencies do locate the cybercriminals behind the creation of a particular piece of malware or form of cyber-attack, often the local authorities cannot take action due to lack of laws under which to prosecute.
In India some provisions for cyber security have been incorporated into rules framed under the Information Technology Act 2000.
The National Cyber Security policy 2013 is a policy framework by Ministry of Electronics and Information Technology (MeitY) which aims to protect the public and private infrastructure from cyber-attack and safeguard information such as personal information (of web user), financial and banking information and sovereign data. CERT-In is the nodal agency which monitors the cyber threats in the country.
The Indian Companies Act 2013 has also introduced cyber law and cyber security obligations on the part of Indian directors. Some provisions for cyber security have been incorporated into rules framed under the Information Technology Act 2000 updated in 2013.On the top of all these legality, what we can do simply is educate yourself and others on the preventive measures you can take in order to protect yourself as an individual or as a business.
Some of the important tips about cyber security that we common people can do are: become vigilant when browsing websites, flag and report suspicious e-mails, never click on unfamiliar links or ads, use a VPN whenever possible, ensure websites are safe before entering credentials, keep antivirus or application system up to date, use strong passwords with 14+ characters.