Download Cyber crime and security and more Study notes Information and Computer Technology in PDF only on Docsity!
Chapter 7 Cyber Law and Forensic
- Introduction to computer and cyber crime
Computer Crime: It is an act performed by the knowledgeable computer user generally known as hacker
that illegally tries to steal company’s or individual’s private information. In some cases, the person or
group of persons may be malicious and destroy or corrupt the computer or data file.
Computer crime, or cybercrime, is crime that involves a computer and a network. The computer may
have been used in the commission of a crime, or it may be the target. Debarati Halder and K. Jaishankar
define cybercrimes as: "Offences that are committed against individuals or groups of individuals with a
criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm, or
loss, to the victim directly or indirectly, using modern telecommunication networks such as Internet
(Chat rooms, emails, notice boards and groups) and mobile phones (SMS/MMS)". Such crimes may
threaten a nation's security and financial health. Issues surrounding these types of crimes have become
high-profile, particularly those surrounding hacking, copyright infringement, child pornography, and
child grooming. There are also problems of privacy when confidential information is intercepted or
disclosed, lawfully or otherwise.
Difference between cyber-crime and computer crime
“Computer Crime” encompasses crimes committed against the computer, the materials contained therein
such as software and data, and its uses as a processing tool. These include hacking, denial of service
attacks, unauthorized use of services and cyber vandalism.
“Cyber Crime” describes criminal activities committed through the use of electronic communications
media. One of the greatest concerns is with regard to cyber-fraud and identity theft through such methods
as phishing, pharming, spoofing and through the abuse of online surveillance technology. There are also
many other forms of criminal behaviour perpetrated through the use of information technology such as
harassment, defamation, pornography, cyber terrorism, industrial espionage and some regulatory
offences.
- Cyber law and related concepts
In the era of cyber world as the usage of computers became more popular, there was expansion in the
growth of technology as well, and the term ‘Cyber’ became more familiar to the people. The evolution of
Information Technology (IT) gave birth to the cyber space wherein internet provides equal opportunities
to all the people to access any information, data storage, analyses etc. with the use of high technology.
Due to increase in the number of netizens, misuse of technology in the cyberspace was clutching up
which gave birth to cyber-crimes at the domestic and international level as well.
Cyber Crimes Actually Means: It could be hackers vandalizing your site, viewing confidential
information, stealing trade secrets or intellectual property with the use of internet. It can also include
‘denial of services’ and viruses’ attacks preventing regular traffic from reaching your site. Cyber-
crimes are not limited to outsiders except in case of viruses and with respect to security related
cyber- crimes that usually done by the employees of particular company who can easily access the
password and data storage of the company for their benefits. Cyber-crimes also include criminal
activities done with the use of computers which further perpetuates crimes i.e. financial crimes, sale
of illegal articles, pornography, online gambling, intellectual property crime, e-mail, spoofing,
forgery, cyber defamation, cyber stalking, unauthorized access to Computer system, theft of
information contained in the electronic form, e- mail bombing, physically damaging the computer
system etc.
Classifications of Cyber Crimes: Cyber Crimes which are growing day by day, it is very difficult
to find out what is actually a cyber- crime and what is the conventional crime so to come out of this
confusion, cyber-crimes can be classified under different categories which are as follows:
1.Cyber Crimes against Persons:
There are certain offences which affects the personality of individuals can be defined as:
Harassment via E-Mails: It is very common type of harassment through sending letters,
attachments of files & folders i.e. via e- mails. At present harassment is common as usage of social
sites i.e. Facebook, Twitter etc. increasing day by day.
Cyber-Stalking: It means expressed or implied a physical threat that creates fear through the use
to computer technology such as internet, e-mail, phones, text messages, webcam, websites or videos.
Dissemination of Obscene Material: It includes Indecent exposure/ Pornography (basically child
pornography), hosting of web site containing these prohibited materials. These obscene matters may
cause harm to the mind of the adolescent and tend to deprave or corrupt their mind.
Defamation: It is an act of imputing any person with intent to lower down the dignity of the
person by hacking his mail account and sending some mails with using vulgar language to
unknown persons mail account.
Hacking: It means unauthorized control/access over computer system and act of hacking
completely destroys the whole data as well as computer programmers. Hackers usually hacks
telecommunication and mobile network.
Cracking: It is amongst the gravest cybercrimes known till date. It is a dreadful feeling to
know that a stranger has broken into your computer systems without your knowledge and consent
and has tampered with precious confidential data and information.
E-Mail Spoofing: A spoofed e-mail may be said to be one, which misrepresents its origin. It
shows its origin to be different from which actually it originates. Email Spoofing is changing the
email header so it looks like it’s coming from someone else. This is sadly easy to do. This is also
used to try to trick people into giving out personal information. This is illegal under the CAN-
SPAM Act.
SMS Spoofing: Spoofing is a blocking through spam which means the unwanted uninvited
messages. Here an offender steals identity of another in the form of mobile phone number and
sending SMS via internet and receiver gets the SMS from the mobile phone number of the victim.
It is very serious cyber-crime against any individual.
Carding: It means false ATM cards i.e. Debit and Credit cards used by criminals for their
monetary benefits through withdrawing money from the victim’s bank account mala-fidely. There
is always unauthorized use of ATM cards in this type of cybercrimes.
Cheating & Fraud: It means the person who is doing the act of cyber-crime i.e. stealing
password and data storage has done it with having guilty mind which leads to fraud and cheating.
Child Pornography: It involves the use of computer networks to create, distribute, or access
materials that sexually exploit underage children.
Assault by Threat: refers to threatening a person with fear for their lives or lives of their
families through the use of a computer network i.e. E-mail, videos or phones.
2.Crimes Against Persons Property:
As there is rapid growth in the international trade where businesses and consumers are increasingly
using computers to create, transmit and to store information in the electronic form instead of
Conventional paper documents. There are certain offences which affects person’s property which are as
follows:
Intellectual Property Crimes: Intellectual property consists of a bundle of rights. Any unlawful
act by which the owner is deprived completely or partially of his rights is an offence. The common
Child Pornography: It involves the use of computer networks to create, distribute, or access
materials that sexually exploit underage children. It also includes activities concerning indecent
exposure and obscenity.
Cyber Trafficking: It may be trafficking in drugs, human beings, arms weapons etc. which
affects large number of persons. Trafficking in the cyberspace is also a gravest crime.
Online Gambling: Online fraud and cheating is one of the most lucrative businesses that are
growing today in the cyber space. There are many cases that have come to light are those
pertaining to credit card crimes, contractual crimes, offering jobs, etc.
Financial Crimes: This type of offence is common as there is rapid growth in the users of
networking sites and phone networking where culprit will try to attack by sending bogus mails or
messages through internet. Ex: Using credit cards by obtaining password illegally.
Forgery: It means to deceive large number of persons by sending threatening mails as online
business transactions are becoming the habitual need of today’s life style.
Case Study-Attacks on Cyberspace:
Worm Attack: The Robert Tappan Morris well Known as First Hacker, Son of former National
Security Agency Scientist Robert Morris, was the first person to be prosecuted under the ‘Computer
and Fraud Act, 1986’. He has created worm while at Cornell as student claiming that he intended to
use the worm to check how large the internet was that time. The worm was uncontrollable due to
which around 6000 computer machines were destroyed and many computers were shut down until
they had completely malfunctioned. He was ultimately sentenced to three years’ probation, 400
hours of community service and assessed a fine of
$10500. So there must be strict laws to punish the criminals who are involved in cybercrime activities.
Hacker Attack: Fred Cohen, a Ph.D. student at the University of Southern California wrote a
short program in the year 1983, as an experiment, that could “infect” computers, make copies of
itself, and spread from one machine to another. It was beginning & it was hidden inside a larger,
legitimate program, which was loaded into a computer on a floppy disk and many computers were
sold which can be accommodate at present too. Other computer scientists had warned that computer
viruses were possible, but Cohen’s was the first to be documented. A professor of his suggested the
name “virus”. Cohen now runs a computer security firm.
Internet Hacker: Wang Qun, who was known by the nickname of “playgirl”, was arrested by
Chinese police in the Hubei province first ever arrest of an internet hacker in China. He was a 19-
year-old computing student, arrested in connection with the alleged posting of pornographic
material on the homepages of several government-run web sites. Wang had openly boasted in
internet chat rooms that he had also hacked over 30 other web sites too.
Phishing is a scam where an official-looking email is sent to an unsuspecting user to try to trick them out
of their username, password, or other information. They are usually directed to click onto a link that goes
to a fake (spoofed) version of a real organizations website. This is called Pagejacking. The address bar
can even be altered so it appears to be the official website. If you ever get an email requesting that you
verify information by clicking on a link, you should insteadGO DIRECTLY TO THEIR WEBSITE
WITHOUT CLICKING ON THE LINK, to verify it. Lately phishing is even occurring in instant
message programs that appear to be coming from a friends IM signature. Always be cautious in this
situation.
Vishing is short for 'Voice phishing' and is the latest scam. It may start with an email or it may start with
a phone call. These calls can be very believable because often the caller already has your credit card
number and just needs you to verify the 3-digit security code on the back of your card. Or it could be an
automated system asking you to type in your credit card or account number to verify who you are, which
sounds realistic enough.
Keystroke Phishing is when a Trojan program is unknowingly downloaded onto your computer that tracks
the keystrokes you enter into the computer, and sends it back to the scammer, who hopes to get a username
and password from it.
Identity Theft is where a person gathers your personal information and poses as you to get credit,
merchandise, services, or to use the identity to commit other crimes. They obtain this personal
information by phishing, database cracking, or survey. Survey is seemingly innocent questions about
mother's maiden name, children and pet names, and birth dates that can give access to a surprising
amount of passwords and usernames. Once a phisher has your credit card number it can be sold to
someone who then creates a credit card to use on an ATM machine. Identity theft is spreading on the
internet, but surprisingly it is still safer to give out your credit card number on the internet then to give it
to an unknown salesperson or waiter. 97% of all identity theft crimes are caused from offline instances,
not online. For instance, two places that identity thieves get your information from are your mailbox, and
your trash can.
Protect Yourself from Identity Theft
Cross-shed documents
Review your credit report twice a year
Be aware of billing cycles and put vacation holds on mail
Never reveal your Social Security number unless absolutely necessary
Don't carry seldom used credit cards or unnecessary id's
Be aware that identity stealers are not always strangers
Don't give out personal information over the phone, mail or posts on the internet
Take out the hard drive from a computer and destroy it before discarding. Even if deleted,
personal information can still be recovered from a computer's hard drive
Cookie Poisoning is the modification of cookies that are put on your computer by an attacker to gain
information about a user. Spyware is software that is downloaded onto a user’s computer without his
knowledge and used for malevolent purposes. It can be downloaded simply by going to a website
(called Drive-by Downloads), or it can be downloaded unknowingly while installing another
program. Spyware can crash computers, slow performance, track emails and visited websites, and track
keystrokes that capture the user’s personal information. Programs such as Spybot, Spy Sweeper, and Ad-
Aware can be good for checking and removing these unwanted harmful programs from your computer.
Malware is the malicious software that is developed for the purpose of doing harm. Malware examples
are Computer Viruses, Worms, and Trojan horses. A Worm is a self-replicating virus that continues to
duplicate itself taking up memory and resources. A Trojan horse is a hidden program that later gains
control and causes damage to your computer.
Wardriving is the practice of driving around in a vehicle with a Wi-Fi enabled laptop looking for
available signals to use. Wardriving steals internet access and is considered a crime of
telecommunications theft. Wireless signals can be transmitted 500 feet or more and should be protected
with passwords.
Pod Slurping is stealing data by use of iPods, or downloading malicious software via iPods.
Cyberstalking is a crime where the attacker harasses the victim using electronic communication such as
email, IM's, chat rooms, discussion groups. Cyber stalkers rely on the anonymity of the Internet
thinking they cannot be caught. This may continue to actual physical stalking. Federal law imposes a
$1,000 fine or 5 years’ imprisonment for anyone transmitting in interstate commerce a threat to injure or
kidnap someone.
Trojan Horse:A deceptive program that steals passwords.
Trapdoors:Gains entry through access points for system maintenance.
Spoofing:Tie up network computers by sending them tons of bogus enquiries.
A complete justice must be provided to the victims of cyber-crimes by way of
compensatory remedy and offenders to be punished with highest type of punishment so that it
will anticipate the criminals of cyber-crime.
Conventional Crime Vs Cyber Crime
S.NO
Cyber Crime Conventional Crime
One of the differences between cybercrime and
Conventional crime is the evidence of the offenses.
cybercriminals rely on the Internet via which they
commit their crimes, and it leaves very little evidence
about the cybercrime. Forensic investigators usually
experience great difficulty in gathering evidence that
could lead to the conviction of
cybercriminals
Conventional criminals usually leave traces of a
crime, through either fingerprints or other
physical evidences
- (^) since these criminals can freely change their identities.
The Internet also allows the anonymity of its users, and
this implies that cybercriminals can use any
pseudonyms for their identification.
it is difficult for Conventional criminals to fake
them gender, race, or age.
- this leads to the second difference between
Conventional and cybercrimes, length of
investigations. Since cybercrime involves
perpetrators using falsified names and working from
remote locations, it usually takes longer to identify
the real cybercriminals and apprehend them. In most
cases, cybercriminals (such as hackers) escape from
arrest because the investigators cannot locate them.
Conventional crimes take shorter time period to
investigate because the criminals usually leave
evidence that can be used to spot them. For
instance, Conventional criminals can leave
evidence
such as DNA, fingerprints, photographs and
videos captured on surveillance cameras, or
personal belongings such as identity cards, and
this makes it easy for investigators to identify
and
capture the culprits. In addition, such evidence
makes it
easy for the judiciary to convict the offenders.
- difference between Conventional crimes and
cybercrimes is the force involved. Cybercrimes do
not require the use of any force since the criminals
merely use the identities of their victims to steal from
them. For ex, cybercriminals use spoofing and
phishing to obtain personal information such as credit
card numbers from their victims, or use encrypted
emails to coordinate violence remotely.
Most of the Conventional crimes (such as rape,
murder, arson, and burglary among others)
involve the use of excessive force that results in
physical injury and trauma on the victims.
Cyber criminals and their objectives
Hacking for fun- to prove their technical skills in breaching digital security systems. Such hackers
are not interested in the information they access from hacking other computers.
Criminal gain- to defraud their victims by accessing and manipulating their personal data. Such
hackers use financial information and passwords of the victims to transfer their funds into private
accounts, and this may result in massive financial losses to the victims.
Making statements (hacktivists)- to make ideological or political points by stealing classified
information from business and government databases. In most cases, the hackers attack these
organizations to protest against inactivity by the government in addressing various issues or
injustices perpetrated by private businesses.
Improving security (blue hat hackers)- Such individuals are usually employed to identify any
vulnerabilities and bugs in the digital security systems of companies. This helps the companies in
improving the safety of their systems and prevent attacks by malicious hackers. This is done to
find weaknesses, vulnerabilities, and bugs in computer systems.
Personal Profit- High Skilled IT professional are attracted by this dark side.
Curiosity- They start to search for information and end up stealing and selling
Disgruntled employees- with the increase independence on computers and the automation of
processes, it is easier for disgruntled employees to do more harm to their employers by committing
computer related crimes, which can bring entire systems down.
Kinds of Cyber
crimes
Cyberstalking
Cyberstalking is the use of the Internet or other electronic means to stalk or harass an individual, a
group, or an organization.
[1]
It may include false accusations, defamation, slander and libel. It may also
include monitoring, identity theft, threats, vandalism, solicitation for sex, or gathering information that
may be used to threaten or harass.
Cyberstalking is often accompanied by real time or offline stalking.
[2]
Both are criminal offenses.
[3]
Both are motivated by a desire to control, intimidate or influence a victim.
[4]
A stalker may be an online
stranger or a person whom the target knows. He may be anonymous and solicit involvement of other
people online who do not even know the target.
Cyberstalking is a criminal offense under various state anti-stalking, slander and harassment laws. A
conviction can result in a restraining order, probation, or criminal penalties against the assailant,
including jail.
A number of key factors have been identified in cyberstalking:
False accusations. Many cyberstalkers try to damage the reputation of their victim and turn other
people against them. They post false information about them on websites. They may set up their
own websites, blogs or user pages for this purpose. They post allegations about the victim to
newsgroups, chat rooms, or other sites that allow public contributions such as Wikipedia or
Amazon.com.
defined obscene as “offensive to modesty or decency; lewd, filthy, repulsive. Section 67 of the IT Act is
the most serious Indian law penalizing cyber pornography. Other Indian laws that deal with pornography
include the Indecent Representation of Women (Prohibition) Act and the Indian Penal Code.
Internet pornography is any pornography that is accessible over the Internet, primarily via websites, peer-
to-peer file sharing,
or Usenet newsgroups. The availability of widespread public access to the World Wide Web in
1991 led to the growth of Internet pornography.
A 2015 study finds "a big jump" in pornography viewing over the past few decades, with the largest
increase occurring between people born in the 1970s and those born in the 1980s. While the study's
authors note this increase is "smaller than conventional wisdom might predict," it's still quite significant.
Children born in the 1980s onward are also the first to grow up in a world where they have access to the
Internet beginning in their teenage years, and this early exposure and access to Internet pornography may
be the primary driver of the increase.
- History and methods of distribution
Before the World Wide Web
Pornography is regarded by some as one of the driving forces behind the expansion of the World Wide
Web, like
the camcorder VCR and cable television before it.
[2]
Pornographic images had been transmitted over the
Internet as ASCII porn but to send images over network needed computers with graphics capability and
also higher network bandwidth.
Usenet Groups
Usenet newsgroups provided an early way of sharing images over the narrow bandwidth available in
the early 1990s. Because of the network restrictions of the time, images had to be encoded as ascii
text and then broken into sections before being posted to the Alt.binaries of the usenet. These files
could then be downloaded and then reassembled before being decoded back to an image.
Free vs. commercial
On the Web, there are both commercial and free pornography sites. The bandwidth usage of a
pornography site is relatively high, and the income a free site can earn through advertising may not be
sufficient to cover the costs of that bandwidth.
TGP
The most common form of adult content is a categorized list (more often it's a table) of small pictures
(called "thumbnails") linked to galleries. These sites are called a Thumbnail gallery post (TGP). As a
rule, these sites sort thumbs by category and type of content available on a linked gallery. Sites
containing thumbs that lead to galleries with video content are called MGP (Movie Gallery Post). The
main benefit of TGP/MGP is that the surfer can get a first impression of the content provided by a
gallery without actually visiting it.
Link lists
Link lists unlike TGP/MGP sites do not display a huge amount of pictures. A link list is a (frequently)
categorized web list of links to so called "free sites*", but unlike TGPs, links are provided in a form
of text, not thumbs.
Usenet
Another free source of pornography on the Internet are the Usenet newsgroups that were the first home to
such material. Newsgroups tend to be poorly organized and flooded with content that is off-topic or spam.
Commercial software and websites are available that allow browsing the images or videos on
newsgroups, sometimes with galleries of thumbnail images.
Peer-to-peer
Peer-to-peer file sharing networks provide another form of free access to pornography.
Child pornography
The Internet has radically changed how child pornography is reproduced and disseminated, and,
according to the United States Department of Justice, resulted in a massive increase in the "availability,
accessibility, and volume of child pornography."
[7]
The production of child pornography has become
very profitable, bringing in several billion dollars a year, and is no longer limited to pedophiles
Section 67 of the IT Act is the most serious Indian law penalizing cyber pornography. Other Indian
laws that deal with pornography
include the Indecent Representation of Women (Prohibition) Act and the Indian Penal Code.
According to Section 67 of the IT Act Whoever publishes or transmits or causes to be published in
the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect
is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant
circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first
conviction with imprisonment of either description for a term which may extend to five years and
with fine which may extend to one lakh rupees and in the event of a second or subsequent
conviction with imprisonment of either description for a term which may extend to ten years and
also with fine which may extend to two lakh rupees.
Forgery and Fraud
Forgery is the process of making, adapting, or imitating objects, statistics, or documents with the intent to
deceive for the sake of altering the public perception, or to earn profit by selling the forged item. Copies,
studio replicas, and reproductions are not considered forgeries, though they may later become forgeries
through knowing and willful misrepresentations. Forging money or currency is more often called
counterfeiting. But consumer goods may also be counterfeits if they are not manufactured or produced by
the designated manufacture or producer given on the label or flagged by the trademark symbol. When the
object forged is a record or document it is often called a false document.
How is Forgery Facilitated in order to Commit Identity Theft?
Forgery charges can span the realm of legality; both the nature, as well as the crime itself – with regard to
any or all the victims involved – with allow for a shift within the respective setting in which the act of
forgery takes place:
Electronic Forgery
The misuse of computer networks, the internet, and various avenues within the online community in
order to defraud potential victims of identity theft is classified as electronic – or online forgery.
Electronic Forgery is quite common within the digital age, which can include the illegal and unlawful
reproduction of endorsements in the form of electronic signatures in order to illicitly assume the identity
of the victim of identity theft.
Financial Forgery
Criminal – fraudulent - activity applicable to the events involving the exchange and circulation of
monies or currency may be classified as financial forgery. Identity theft resulting from this type of
forgery can occur in a variety of fashions, including fraudulent purchases through the use of finances –
and financial information – belonging to the victims of this crime.
Commercial Forgery
Obtain a physical address rather than simply a post office box and a telephone number, and call
the seller to see if the telephone number is correct and working.
Send an e-mail to the seller to make sure the e-mail address is active, and be wary of those that
utilize free e-mail services where a credit card wasn’t required to open the account.
Consider not purchasing from sellers who won’t provide you with this type of information.
Check with the Better Business Bureau from the seller’s area.
Check out other websites regarding this person/company.
Don’t judge a person or company by their website; flashy websites can be set up quickly.
Be cautious when responding to special investment offers, especially through unsolicited e-mail.
Be cautious when dealing with individuals/companies from outside your own country.
If possible, purchase items online using your credit card. You can often dispute the charges if
something goes wrong.
Make sure the transaction is secure when you electronically send your credit card number.
Keep a list of all your credit cards and account information along with the card issuer’s
contact information. If anything looks suspicious or you lose your credit card(s), contact the card
issuer immediately.
Crime Related to IPR
Intellectual property (IP) theft is defined as theft of material that is copyrighted, the theft of trade
secrets, and trademark violations. Examples of copyrighted material commonly stolen online are
computer software, recorded music, movies, and electronic games. Theft of trade secrets means the
theft of ideas, plans, methods, technologies, or any sensitive information from all types of industries
including manufacturers, financial service institutions, and the computer industry.
A trademark violation involves counterfeiting or copying brand name products such as well-
known types of shoes, clothing, and electronics equipment and selling them as the genuine or
original product.
The two forms of IP most frequently involved in cybercrime are copyrighted material and trade secrets.
Piracy is a term used to describe IP theft—piracy of software, piracy of music, etc. Theft of IP affects
the entire U.S. economy. Billions of dollars are lost every year to IP pirates. For example, thieves sell
pirated computer software for games or programs to millions of Internet users. The company that
actually produced the real product loses these sales and royalties rightfully due to the original creator.
Cyber Terrorism
Cyberterrorism is the act of Internet terrorism in terrorist activities, including acts of deliberate, large-
scale disruption of computer networks, especially of personal computers attached to the Internet, by
the means of tools such as computer viruses.
Cyberterrorism is a controversial term. Some authors choose a very narrow definition, relating to
deployments, by known terrorist organizations, of disruption attacks against information systems for
the primary purpose of creating alarm and panic. By this narrow definition, it is difficult to identify
any instances of cyberterrorism.
Cyberterrorism can be also defined as the intentional use of computer, networks, and public internet to
cause destruction and harm for personal objectives.
[1]
Objectives may be political or ideological since
this can be seen as a form of terrorism.
- Types of cyberterror capability
The following three levels of cyberterror capability is defined by Monterey group
Simple-Unstructured: The capability to conduct basic hacks against individual systems using
tools created by someone else. The organization possesses little target analysis, command and
control, or learning capability.
Advanced-Structured: The capability to conduct more sophisticated attacks against multiple
systems or networks and possibly, to modify or create basic hacking tools. The organization
possesses an elementary target analysis, command and control, and learning capability.
Complex-Coordinated: The capability for a coordinated attack capable of causing mass-disruption
against integrated, heterogeneous defenses (including cryptography). Ability to create sophisticated
hacking tools. Highly capable target analysis, command and control, and organization learning
capability.
Examples:
In March 2013, the New York Times reported on a pattern of cyber-attacks against U.S. financial
institutions believed to be instigated by Iran as well as incidents affecting South Korean financial
institutions that originate with the North Korean government.
[15]
In August 2013, media companies including the New York Times, Twitter and the Huffington Post
lost control of some of their websites Tuesday after hackers supporting the Syrian government
breached the Australian Internet company that manages many major site addresses. The Syrian
Electronic Army, a hacker group that has previously attacked media organizations that it considers
hostile to the regime of Syrian president Bashar al-Assad, claimed credit for the Twitter and
Huffington Post hacks in a series of Twitter messages. Electronic records showed that
NYTimes.com, the only site with an hours-long outage, redirected visitors to a server controlled
by the Syrian group before it went dark.
[28]
Pakistani Cyber Army is the name taken by a group of hackers who are known for
their defacement of websites, particularly Indian, Chinese, and Israeli companies and
governmental organizations, claiming to represent Pakistani
nationalist and Islamic interests.
[29]
The group is thought to have been active since at least 2008,
[30]
and maintains an active presence on social media, especially Facebook. It's members have
claimed responsibility for the hijacking of websites belonging to Acer,
[31]
BSNL,
[32]
India's CBI,
Central Bank, and the State Government of Kerala.
Cyberterrorism is an attractive option for modern terrorists for several reasons.
- First, it is cheaper than traditional terrorist methods. All that the terrorist needs is a personal
computer and an online connection. Terrorists do not need to buy weapons such as guns and
explosives; instead, they can create and deliver computer viruses through a telephone line, a cable,
or a wireless connection.
- Second, cyberterrorism is more anonymous than traditional terrorist methods. Like many Internet
surfers, terrorists use online nicknames—” screen names”—or log on to a website as an unidentified
“guest user,” making it very hard for security agencies and police forces to track down the terrorists’
real identity. And in cyberspace there are no physical barriers such as checkpoints to navigate, no
borders to cross, and no customs agents to outsmart.
- Third, the variety and number of targets are enormous. The cyberterrorist could target the computers
and computer networks of governments, individuals, public utilities, private airlines, and so forth. The
sheer number and complexity of potential targets guarantee that terrorists can find weaknesses and
vulnerabilities to exploit. Several studies have shown that critical infrastructures, such as electric power
grids and emergency services, are vulnerable to a cyberterrorist attack because the infrastructures and
the computer systems that run them are highly complex, making it effectively impossible to eliminate all
weaknesses.
- Fourth, cyberterrorism can be conducted remotely, a feature that is especially appealing to terrorists.
Cyberterrorism requires less physical training, psychological investment, risk of mortality, and travel
than conventional forms of terrorism, making it easier for terrorist organizations to recruit and retain
followers.
- Fifth, as the I LOVE YOU virus showed, cyberterrorism has the potential to affect directly a larger
number of people than traditional terrorist methods, thereby generating greater media coverage,
which is ultimately what terrorists want.
Cyber Vandalism
The best way to protect yourself against a hostile applet is to know who you are downloading a Web
page from or who has sent you an HTML page as an e-mail attachment. Major corporate Web sites
or major Web publishers are unlikely to be the source of a vandal (but it can happen). One recent
scam in late 1997 involved a pornography site that invited the downloading of a page whose ActiveX
control reconnected the user to the Web through an expensive international phone number. In another
incident, a group of German crackers demonstrated an ActiveX control that could transfer funds from
one bank account to another without having to enter a user identification number.
- How to protect yourself against Computer Vandalism
Anti-malware software is vital in defending your computer, mobile devices, and data against
computer vandalism, viruses, worms, Trojans, and other malware.
Recent Events
Unidentified hackers gained access to the United States Justice Department's Web site on Aug. 16
and replaced it with a hate-filled diatribe labeled the ``Department of Injustice'' that included a
swastika and a picture of Adolf Hitler. "
Prosecutors in Fairfax County, Virginia, filed criminal charges against two Georgia Mason
University students for hacking their way into university computers and sending derogatory e-
mail under the names of random students and staff members.
Cyber Squatting:
cybersquatting is registering, trafficking in, or using a domain name with bad-faith intent to profit from
the goodwill of a trademark belonging to someone else. The term derives from squatting, the practice of
inhabiting someone else's property without their permission. Many cybersquatters reserve common
English words, reasoning that sooner or later someone will want to use one for their Web site.
Another target is mis-typed spellings of popular web sites. Cybersquatters will also regularly comb lists
of recently expired domain names, hoping to sell back the domain name to a registrant who inadvertently
let his domain name expire.
Since there is an initial and yearly fee for owning a domain name, some cybersquatters reserve a long
list of names and defer paying for them until forced to - preempting their use by others at no cost to
themselves. The registry companies are working on this problem.
Meanwhile, the Internet Corporation for Assigned Names and Numbers (ICANN), which licenses the
domain name registrars, is working on a process for resolving domain name disagreements outside of the
regular court system. Although trademark laws may offer some protection, it is often cheaper to buy the
domain name from the cybersquatters than it is to sue for its use.
Cyber Forensics:
Computer forensics is the application of investigation and analysis techniques to gather and preserve
evidence from a particular computing device in a way that is suitable for presentation in a court of law.
The goal of computer forensics is to perform a structured investigation while maintaining a documented
chain of evidence to find out exactly what happened on a computing device and who was responsible
for it.
Two basic types of data are collected in computer forensics. Persistent data is the data that is stored on a
local hard drive (or another medium) and is preserved when the computer is turned off. Volatile data is
any data that is stored in memory, or exists in transit, that will be lost when the computer loses power or
is turned off. Volatile data resides in registries, cache, and random access memory (RAM).
Since volatile data is ephemeral, it is essential an investigator knows
reliable ways to capture it. Forensic investigators typically follow a
standard set of procedures:
After physically isolating the device in question to make sure it cannot be accidentally contaminated;
investigators make a digital copy
of the device's storage media.
Once the original media has been copied, it is locked in a safe or other secure facility to
maintain its pristine condition. All investigation is done on the digital copy.
Investigators use a variety of techniques and proprietary software forensic applications to examine
the copy, searching hidden folders and unallocated disk space for copies of deleted, encrypted, or
damaged files.
Any evidence found on the digital copy is carefully documented in a "finding report" and verified
with the original in preparation for legal proceedings that involve discovery, depositions, or actual
litigation.
Computer forensics has become its own area of scientific expertise, with accompanying coursework and
certification.
- Disk Forensics
- Network Forensics
- Mobile Device Forensics
- Live Forensics.
- Memory Forensics
- Multimedia Forensics
- Internet Forensics
Forensic Process
Computer forensic investigations usually follow the standard digital forensic process or phases:
acquisition, examination, analysis and reporting. Investigations are performed on static data (i.e.
acquired images) rather than "live" systems. This is a change from early forensic practices where a lack
of specialist tools led to investigators commonly working on live data.
1.1. Techniques
A number of techniques are used during computer forensics investigations and much has been written
on the many techniques used by law enforcement in particular.
Cross-drive analysis
A forensic technique that correlates information found on multiple hard drives. The process, still being
researched, can be used to identify social networks and to perform anomaly detection.
Live analysis
The examination of computers from within the operating system using custom forensics or existing
sysadmin tools to extract evidence. The practice is useful when dealing with Encrypting File Systems,
for example, where the encryption keys may be collected and, in some instances, the logical hard drive
volume may be imaged (known as a live acquisition) before the computer is shut down.
Deleted files
A common technique used in computer forensics is the recovery of deleted files. Modern forensic
software have their own tools for recovering or carving out deleted data.
[11]
Most operating systems
andfile systems do not always erase physical file data, allowing investigators to reconstruct it from the
physical disk sectors. File carving involves searching for known file headers within the disk image and
reconstructing deleted materials.
Stochastic forensics
A method which uses stochastic properties of the computer system to investigate activities lacking
digital artifacts. Its chief use is to investigate data theft.
Steganography
One of the techniques used to hide data is via steganography, the process of hiding data inside of a
picture or digital image. An example would be to hide pornographic images of children or other
- Gunshot residue and patterns
Solid or Tangible Evidence
- Tool marks (focus on point of entry)
- Firearms
- Other weapons (knives, clubs, etc.)
- Fired bullets
- Fired cartridge cases
- Unfired cartridges
- Drugs and paraphernalia
- Documents (checks, notes, receipts)
- Computers and devices
- Fingerprints: Fingerprints are the most incriminating types of evidence used in criminal cases
because it’s one of the most reliable forms of identification. No two people have the same
fingerprint, making it a truly fundamental tool for accurate identification of criminals. Only when
fingerprints can’t be traced back to a person with a criminal history do they have less power in
an investigation. However, if the suspects can be narrowed down, their fingerprints can be tested
to see which one matches.
- Blood: Blood is an incriminating type of evidence for various reasons. DNA can be extracted
from blood to find a criminal and blood type can be analyzed to help rule out suspects. Blood
splatters can also help investigators piece together crime scenes and it provides more evidence to
test.
- Hair: Hair is another useful type of evidence that can bring police closer to a criminal. A strand
of hair collected from a crime scene can be submitted for DNA testing. Forensic scientists may
have a better chance at testing the DNA if the hair follicle is still intact. In addition, the color of
a hair strand can also be used to rule out suspects whose hair does not match the recovered hair
sample.
- Skin: Although difficult to see at a crime scene, skin can be analyzed and tested to find a
criminal. Like hair, skin samples can help determine the skin color of the person involved in the
crime and DNA can be extracted for a more accurate identification of criminals. Skin can also be
a harbinger of other evidence at the scene, which brings police closer to finding the criminal and
understanding the crime in greater detail.
- Written Documents: One of the worst things you can do as a criminal if you want to evade the
law is write things down. Some criminals write in dairies, journals, letters and even e-mails to
chronicle their plan of action or confess their guilt. Suspects may be in correspondence with
others who can present these documents to police, or investigators may find such documents
when searching a suspect’s home.
- Semen: Semen can be used in several ways to verify rape accusations, as well as extract DNA to
identify the criminal. Semen can also be analyzed and tested to determine if there was more than
one person involved in a sexual crime.
- Shoe Prints: Shoe prints are extremely useful in police investigations and they can be a very
incriminating type of evidence. Police can tell by a lot about a shoe print, such as the make,
model and size of a shoe, as well as the gender and approximate height of the person. Shoe prints
also indicate the activity of the wearer when the print was made and, if the impressions are
visible, police may be able to trace the criminal’s moves and follow their prints to the next
destination, such as a nearby home or woods.
- Videotapes/Photographs: Videotapes and photographs are both compelling and incriminating
types of evidence. Whether the videos or photos capture the crime taking place or the people
present during or after the crime, it is valuable evidence that can be used to rule out suspects
and find the criminal.
- Ballistics: Ballistics is the study of firearms and ammunition. This technical form of evidence
includes shell casings, gun powder, bullets, gunshots and other firing characteristics of a
weapon. Even the slightest remnants of a gunshot can be traced to a specific firearm, where it’s
sold and its owner, if registered.
Computer Forensics tools:
Disk Forensics tools: CyberCheck Suite
CyberCheck Suite is a comprehensive collection of disk forensics tools to perform data acquisition
of digital evidence, analysis, data recovery and reporting
TrueBack - Digital Evidence Seizure
and Acquisition Tool CyberCheck -
Data Recovery & Analysis Tool
Mobile Forensics Tools- MobileCheck - Software solution for acquisition and analysis of mobile
phones, smart phones, Personal Digital Assistants (PDA) and other mobile devices,
Advik CDRAnalyzer - Software for analyzing Call Data Records of various service providers and
SIMXtractor - Forensic solution for imaging and analyzing SIM cards.
Live Forensics Tool
Win-LiFT - Software solution for acquisitions and analysis of volatile data present
in running Windows systems. Win-LiFT - Windows Based Live Forensics Tool
Win-LiFT 2.0 is a Windows Based Live Forensics Tool consisting of Win-LiFT ImagerBuilder and Win-
LiFT Analyzer. Live Forensics involves acquisition of volatile data from the Suspect's machine and
analysis of the acquired data. Win-LiFT 2.0 enables volatile data acquisition
Features
Facility to enter case details
Facility to select/deselect the list of volatile artifacts to be collected
from the Suspect's system. Facility to select USB/Hard Disk drive to
which the Win-LiFTImager tool is to be built.
Win-LiFTImager - Forensic Volatile Data Acquisition Tool
Win-LiFTImager is used for acquiring customized Live Forensics Data from Suspect's machine.
Features
Capturing following volatile artifacts from a running windows
system to the USB device. System Information Stored
Passwords
System Users Screen Capture
IP Configuration and Event Logs
MD5 hashing of all acquired files. Log and Report Generation.
Network Forensics ToolsNetForce Suite:
NeSA - Packet Analysis Tool,
CyberInvestigator- Log Analysis Tool
EmailTracer -
Email Tracing
Tool PC
Inspector File
Recovery:
PC Inspector File Recovery is a freely available forensic tool. This tool serves two main purposes.
Firstly, to reveal the contents of all storage media attached to the computer system and, secondly, to
recover any deleted data from the media.
Encase®:
Encase is a commercial forensic tool developed by Guidance Software. It was introduced to the
forensics market in 1998. Encase’s functionalities include disk imaging, data verification and data
analysis. An important feature is the recovery of data through the inspection of unallocated spaces.
We must remember that these unallocated spaces could contain information relevant to an
investigation.
Vital information such as last access, time created, and last modifications of a file
are all provided by this tool. Forensic Tool Kit:
Forensic Tool Kit is a commercial forensics tool developed by AccessData. This tool allows the CFS
to view all files on the chosen storage device. A function of this tool includes immediate generation of
hash values for files that are viewed within an investigation. Unlike the above mentioned forensic
