Cyber Crime

What's a Cyber Crime

Introduction to cyber crime

The internet was born around 1960‟s where its access was limited to a few scientists, researchers and the Defense only. Initially computer criminals’ purpose was only meant to damage computers and related infrastructure. Around 1980‟s the trend changed from damaging the machine to causing a computer malfunction using a malicious code called virus. Till then the effect was not so widespread because Internet was only confined to defense setups, large international companies and research communities. In 1996, when internet was launched for the public, it immediately became popular, and masses slowly became dependent on it to an extent that has changed their lifestyle. The GUIs were so well designed that users were able to surf easily by simply clicking hyper links or typing in the URL bar the desired information. Internet users didn’t bother to know where data was stored, how it was sent over the internet or whether the data could be accessed by another person connected to the internet. There was no concern about the possibility that data packets sent over the internet might have been “spoofed” and “tampered”. The focus of the computer crime shifted from merely damaging the computer or destroying or manipulating data for personal benefit to financial crime. These computer attacks have increased at a rapid pace.

Before discussing the matter further, let us know what cybercrime is? The term cybercrime is used to describe an unlawful activity in which computer or computing devices such as smartphones, tablets, Personal Digital Assistants (PDAs), etc. are used as a tool or/and target of criminal activity.

Classification of Cyber Crimes

Cybercriminals could be internal or external to the organization facing cyber-attacks. Based on this fact, cybercrime could be categorized into two types:

- Insider Attack:

An attack to the network or the computer system by someone with authorized system access is known as insider attack. It is generally performed by dissatisfied or unhappy employees or contractors. The reason of this kind of attack could be revenge or greed. It is pretty easy for an insider to perform a cyber-attack as he is well aware of the policies and IT architecture of the security system. Moreover, the attacker has access to the network. Therefore, it is easy for a insider attacker to steal sensitive information, cause the network to crash, etc. In most of cases an insider attack is performed by someone (an employee) who has been fired or assigned a new role which does not comply with IT policies.

- External Attack:

When the attacker is either hired by an insider or an external entity to the organization, it is known as external attack. The organization which is a victim of cyber-attacks not only faces financial loss but also the loss of reputation. These attackers usually scan and gather information so an experienced network/security administrator who keeps an eye on the log generated by the firewalls is highly recommended as external attacks can be traced out by carefully analyzing these firewall logs. Also, Intrusion Detection Systems may be installed to spot external attacks.

Unstructured And Structured Attacks

- Unstructured Attack:

These attacks are generally performed by amateurs with no particular reasons to perform a cyber-attack but to test a tool available over the internet.

- Structure Attack:

These types of attacks are performed by highly skilled, experienced, and motivated criminals. They have access to sophisticated tools and technologies to gain access to other etworks without being noticed by their Intrusion Detection Systems (IDSs). Moreover, these attackers have the necessary expertise to develop or modify the existing tools to satisfy their purpose. These types of attacks are usually performed by professional criminals, by a country against a rival country, or by politicians with the purpose of damaging someone’s image, terrorists, etc. Cybercrimes have turned out to be a low-investment, low-risk business with huge returns. Nowadays these crimes are performed by highly organized people. They are targeting large financial organizations and they are also into online drugs trading. An hacker who has hacked sensitive data from an organization may use it for financially exploiting the organization himself. In case, the hacker himself has the technical expertise to perform it, he will do it himself, otherwise he may find someone interested in buying that data. Cyber criminals can be hired by other organizations which want to gain access to some sensitive data, or perform massive denial-of –service attacks against their competitors. An organization affected by a cyber-attack, not only faces financial loss, but its reputation is also adversely affected while its competitor will definitely benefit from it.

Reasons for Commission of Cyber Crimes

• Money: Criminals can make money quickly and easily.

• Revenge: Taking revenge on other people/organizations/companies/ by defaming its reputation or bringing economical loss. This comes under the category of cyber terrorism.

• Fun: Amateurs commit cybercrimes for fun. They just want to test the latest tools.

• Recognition: It deals with pride. Hacking highly secured networks (Defense) or sites is considered a credit.

• Anonymity: Cyber space offers anonymity that motivates criminals to commit cybercrimes as it is much easier to perform a crime over the cyber space and remain anonymous. It’s a lot more dangerous in the real world. It is also easier to get away with criminal activities in a “cyber world” than in the real world. This strong sense of anonymity may push respectable citizens to abandon their ethics in the pursuit of personal gain.

• Cyber Espionage: Governments may be involved in cyber trespassing for political or economic, reasons.