Exclusive

Cyber Crimes and Security

As cybercrime is increasingly becoming a threat to people across the world, the author explains cyber crime and cyber security and highlights some of the important tips about cyber security to prevent cyber crimes..

BySanjenbam Jugeshwor Singh

Updated 2 Aug 2023, 2:03 pm

IFP Representational Image

 

Cyber Crimes: Cyber Crime or Computer oriented Crime is the crime that involved a computer and a networks. The computer may have been used in the commission of a crime or it may be the target. Cybercrime can be defined as: Offences that are committed against individual or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm or loss to the victim directly or indirectly using modern telecommunication networks such as Internet (networks including chat rooms, e-mails, notice board and groups) and mobile phones (Bluetooth, SMS, MMS).

Cybercrime may threaten a person or a nation’s security and financial health. Issues surrounding these types of crimes have become high profile, particularly those surrounding hacking, copyright infringement, unwanted mass surveillance, sextortion, child pornography and child grooming.

There are also problem of privacy when confidential information is intercepted or disclosed lawfully or otherwise.

Internationally both governmental and non-state actor engage in cybercrimes including espionage, financial theft and other cross-border crimes.

Cybercrimes crossing international border and involving the actions of at least one nation state is sometimes referred to as Cyber warfare.

A report sponsored by McAfee published in 2014 estimated that the annual damage to the Global economy was $445 billion. Approximately $1.5 billion was lost in 2012 to online credit and debit Card fraud in the US. In 2018 a study by Center for Strategic and International Studies (CSIS) in Partnership with McAfee concludes that close to $600 billion, nearly 1% of global GDP is lost to Cybercrime each year.

Computer crime or cybercrime encompasses a broad range of activities. Any dishonest misrepresentation of fact intended to let another to do or refrain from doing something which cause loss is known as Computer Fraud. Other forms of fraud may be facilitates using computer system, including Bank fraud, Carding, identity theft, extortion and theft of classified information.

A variety of internet scams, many based on phishing and social Engineering target consumers and businesses. An act of terrorism committed through the use of cyberspace or computer resources is generally defined as Cyber terrorism. As such a simple propaganda piece in the Internet that there will be bomb attack during holidays can be considered as cyber terrorism.

Cyber extortion occurs when website- email server or computer system is subjected to or threatened with repeated denial of service or other attacks by malicious hackers. These hackers demand money in return for promising to stop the attack and offer protection. Perpetrators typically use a distributed denial of service attack.

However, other cyber extortion techniques exist such as doxing extortion and bug poaching. Cyber warfare is not the least to mention. These crimes are committed by a selected group of criminals. These crimes are relatively new, having been in existence for only as long as computer have – which explains how unprepared society and the world in generals in combating these crimes. There are numerous crime of this nature committed daily on the internet.

Crimes that primarily target computer networks or devices includes Computer Viruses, denial of service attacks, malware (malicious code).

When the individual is the main target of cybercrime, the computer can be considered as the tool rather than the target. These crimes generally involve less technical expertise.

Human weakness are generally exploited. The damage dealt is largely psychological and intangible, making legal action against the variants more difficult.

Advertisement

Crimes that use computer networks or devices to advance other end includes: fraud and identity theft, information warfare, phishing scams, spam (the unsolicited sending of bulk e-mail for commercial purposes).

The content of the websites and other electronic communication may be distasteful, obscene or offensive for a variety of reasons. Whereas content may be offensive in a non-specific way, harassment, direct obscenities and derogatory comments at specific individuals focusing for example  on gender, race, religion, nationality, sexual orientation.

Harassment on the internet also includes revenge porn. Dark net markets are used to buy and sell recreational drugs online. Some drug traffickers used encrypted messaging tools to communicate with drug mules. As technology advances and more people rely on the internet to store sensitive information such as banking or credit cards information, criminals increasingly attempts to steal that information.

Cybercrime is becoming more of threat to people across the world. Raising a weakness about how information is being protected and the tactics criminals use to steal that information continue to gain in importance.

Cyber Security: Computer  security or  Cyber  security  or  information  technology  security  (IT  security)  is  the protection of computer system from theft or damage to their hardware, software or electronic data as well as from disruption or misdirection of the services they provide.

The field is growing importance due to increasing reliance on computer system, the Internet and wireless networks such as Bluetooth and Wi-Fi and due to the growth of smart devices including smart phones, television and various tiny devices that constitute the Internet of things. Due to its complexity both  in  terms  of  politics  and  technology,  it  is  also  one  of  the  major  challenges  of  the contemporary world.

Vulnerability is a weakness in design, implementation, operation or internal control. Most of the vulnerabilities that have been discovered are documented in the common vulnerabilities and exposure (CVE) database. An exploitable vulnerability is one for which at least one working attack or exploit exist. Vulnerabilities are often hunted or exploited with the aid of automated tools or manually using customized scripts.

To secure a computer system ,it is important to understand the attacks that can be made against it and these threats can typically classified as (i) Backdoor  in  computer  system

(ii)  Denial –of-service  attacks (DoS)are designed  to  make  a  machine  or  network  resource  unavailable  to  its  intended  users

(iii) Direct-access attack.

(iv)Eavesdropping is the act of surreptitiously  listening  to  a  private conversation, typically  between  hosts  on  a  network.

(v)  Multivector,  polymorphic  attacks ,surfacing in 2017 ,a new class of multivector, polymorphic cyber threats .(vi) Phishing is the attempt to acquire sensitive information such as usernames, passwords and credit card details directly from users.

(vii) Privilege escalation describes a situation where an attacker with some level of restricted access is able to without authorization ,elevate their privilege or access level.

(viii) Social Engineering aims to convince a user to disclose secrets such as passwords ,card number etc.

Advertisement

(ix) Spoofing is the act of masquerading as a valid entity through falsification of data such as IP address or username in order to gain access to information or resources that one is authorized to obtain.

(x) Tampering describe a malicious modification of product.

If cyber security and cybercrime deterrence are not treated as priorities, the rate at which system and data are abused will continue to rise, further undermining the public’s trust in technology.

The growth in the number of computer systems and the increasing reliance upon them of individuals, businesses, industries and government means that there are an increasing number of system at risk, which may be financial system, utilities and industrial equipment, Aviation, Consumer devices, Large  corporations,  Automobiles,  Government,  Internet  of  things  and  physical vulnerabilities, medical systems, energy sector etc.

Serious financial damage has been caused by security breaches but because there is no standard model for estimating the cost of an incident, the data available is that which is made public by the organization involved.

In computer security  a  countermeasure  is  an  action,  device,  procedure  or  technique  that reduces a threat, a vulnerability or an attack by eliminating or preventing it by minimizing the harm it can cause or by discovering and reporting it so that corrective action can be taken. Some  common  countermeasure  are:  Security  by  design,  security  architecture, Security measures, Vulnerability management, reducing vulnerabilities, Hardware protection mechanisms, Secure operating systems, secure coding, capabilities and access control lists, end user security training, response to breaches.

Incident response is an organized approach to addressing and managing the aftermath of a computer security incident or compromise with the goal of preventing a breach or thwarting a cyber-attack. Incident response planning allows an organization to establish a series of best practices to stop an intrusion before it causes damage.

Four key components of computer security incident response plan are: preparation, detection and analysis, containment, eradication & recovery and post incident activity.

Some  of  the  important components of Network security are- Anti-virus and anti-spyware, Firewall to block unauthorized access to your network, intrusion prevention system (IPS) to identify fast-spreading threats  such as  zero day or zero hour attacks and Virtual Private networks((VPNs) to provide secure remote access.

International legal issues of cyber-attacks are complicated in nature. There is no global base of common rules to judge and eventually punish, cybercrimes and cybercriminals and cyber security firms or agencies do locate the cybercriminals behind the creation of a particular piece of malware or form of cyber-attack, often the local authorities cannot take action due to lack of laws  under  which  to  prosecute.

In India some  provisions  for  cyber  security  have  been  incorporated  into  rules  framed  under  the  Information  Technology  Act  2000.

The  National  Cyber  Security  policy  2013  is  a  policy framework by Ministry of Electronics and Information Technology (MeitY) which aims to protect the public and  private  infrastructure  from  cyber-attack  and  safeguard  information  such  as  personal  information  (of  web  user),  financial  and  banking  information  and  sovereign  data. CERT-In  is  the  nodal  agency  which  monitors  the  cyber  threats  in  the  country.

The Indian Companies Act 2013 has also introduced cyber law and cyber security obligations on the part of Indian directors. Some provisions for cyber security have been incorporated into rules framed under the Information Technology Act 2000 updated in 2013.On the top of all these legality, what we can do simply is  educate yourself and others on the preventive measures you can take in order to protect yourself as an individual or as a business.

Some of the important tips about cyber security that we common  people  can  do  are: become  vigilant  when  browsing websites, flag and report suspicious e-mails, never click on unfamiliar links or ads, use a VPN whenever possible, ensure websites are safe before entering credentials, keep antivirus or application system up to date, use strong passwords with 14+ characters.

Advertisement

First published:

Tags:

cyber crimeinternetcyber securitycomputerinformation technology

Sanjenbam Jugeshwor Singh

Sanjenbam Jugeshwor Singh

Assistant Professor, JCRE Global College, Babupara, Imphal. The writer can be reached at sjugeshwor7@gmail.com

Advertisement

Top Stories

Loading data...
Advertisement

IFP Exclusive

Loading data...