Day by day, we are becoming increasingly dependent on computers. Cybercrime is an evil originating in this growing dependence on computers. Cybercrime has assumed rather sinister implications in a day and age when everything from microwave ovens and refrigerators to nuclear power plants is being run on computers.
Cybercrime pertains to criminal activities that are traditional in nature, such as theft, fraud, forgery, defamation, and mischief. All these are subject to the Penal Code of almost all countries. The Information Technology law addresses a gamut of new-age crimes because of computer abuse.
If we define cybercrime as “acts that are punishable by the Information Technology Act,” that would not be suitable, as the penal code of some countries covers many cybercrimes.
A simple yet sturdy definition of cybercrime would be “unlawful acts wherein the computer is either a tool or a target or both.”
There are three major classes of criminal activity with computers:
- Unauthorized use of a computer. It may be committed by stealing a username and password or by accessing the victim’s computer via the Internet through a backdoor operated by a Trojan Horse program.
- Cybercrime may be committed by creating or releasing a malicious computer program (e.g., computer virus, worm, Trojan Horse).
- Cybercrime may be committed by harassment and stalking in cyberspace.
There are different types of cybercrime, which are briefly discussed below.
Types of Cyber Crime
Financial Crimes
This would include cheating, credit card fraud, money laundering, etc. Misappropriation of funds by manipulation of computer records was reported. Under this, a bank may be cheated out of crores of money through false debits and credits in computerized accounts.
Through falsification of computerized bank accounts, crores of Dollar may be misappropriated. In some cases, people are arrested and charged for stealing and misusing credit card numbers belonging to others.
Cyber Pornography
This would include pornographic websites. Using computers, pornographic magazines produce, publish, and print obscene materials. The internet is also used to download and transmit pornographic pictures, photos, writings, etc.
Sale of Illegal Articles
Narcotics, weapons, wildlife, etc., are sold by posting information on websites, auction websites, and bulletin boards or simply by using email communication. Many of the auction sites are believed to be selling cocaine in the name of “honey.”
Online Gambling
Millions of websites are offering online gambling, which is believed to be actual fronts for money laundering. Though it is not yet confirmed, these sites may have a relationship with drug trafficking.
Intellectual Property Crimes
These include software piracy, copyright infringement, trademark violations, theft of computer source code, etc.
Email Spoofing
A spoofed email is one that appears to originate from one source but actually has been sent from another source. Personal relationships may be jeopardized because of email spoofing.
Email spoofing can also cause monetary damage. In an American case, a teenager made millions of dollars by spreading false information about certain companies whose shares he had short-sold.
This misinformation was spread by sending spoofed emails, purportedly from news agencies like Reuters, to share brokers and investors who were informed that companies were doing very badly.
Even after the truth came out, the values of the shares did not go back to the earlier levels, and thousands of investors lost a lot of money. Recently, a branch of the Global Trust Bank (of India) experienced a run on the bank.
Numerous customers decided to withdraw all their money and close their accounts. It was revealed that someone had sent out spoofed emails to many of the bank’s customers, stating that the bank was in very bad shape financially and could close operations at any time. The spoofed email appeared to have originated from the bank itself.
Forgery
Using sophisticated computers, printers, and scanners, counterfeit currency notes, postage and revenue stamps, mark sheets, etc., can be forged.
In many countries, touts sell fake mark sheets or even certificates. These are made using computers and high-quality scanners and printers. This has become a booming business involving crores of money.
Cyber Defamation
With the help of computers and/or the Internet, when any defamation takes place, it is called cyber defamation.
Under this crime category, someone publishes defamatory matters about someone on a website or sends emails containing malicious information to all of that person’s friends. It can tarnish the personal image of any individual or the reputation of any company, bank, or institution.
Cyber Stalking
Cyber stalking involves following a person’s movements across the Internet by posting messages on the bulletin boards frequented by the victim, entering the chat room frequented by the victim, constantly bombarding the victim with emails, etc.
Hacking
Unauthorized access to computer systems or networks is commonly referred to as hacking.
Theft of Information Contained in Electronic Form
This includes information stored in computer hard disks, removable storage media, etc.
Email Bombing
Email bombing can be committed by sending a huge number of emails to the victim, resulting in the victim’s email account (in the case of an individual) or mail servers (in the case of a company or an email service provider) crashing. Thousands of emails are sent to the personal account or mail server until it is crashed.
Data Diddling
Data diddling may be committed by altering raw data just before it is processed by a computer and then changing it back after processing is completed.
Government offices may be victims of data diddling programs inserted when private parties were computerizing their systems. The NOMC Electricity Billing Fraud case took place in 1996 in India. The computer network was used for the receipt and accounting of electricity bills by the NOMC, Delhi.
Collection of money from computerized accounts, record maintenance, and remittance in the bank were exclusively left to a private contractor who was a computer professional.
By manipulating data files to show fewer receipts and bank remittances, he misappropriated a huge amount of funds.
Salami Attacks
For the commission of financial crimes, salami attacks are used. Here, the major thing is to make alterations that are so insignificant that in a single case, it would go completely unnoticed.
For example, a bank employee inserts a program into the bank’s servers that deducts a small amount of money (say, take 5 a month) from the account of every customer. No account holder will probably notice this unauthorized debit, but the bank employee will make a sizeable amount of money every month.
To cite an example, an employee of a bank in the USA was dismissed from his job.
Disgruntled at having been supposedly mistreated by his employers, the man first introduced a logic bomb into the bank’s systems. Logic bombs are programs that get activated on the occurrence of a particular predefined event.
The logic bomb was programmed to take ten cents from all the accounts in the bank and put them into the account of the person whose name was alphabetically the last in the bank’s rosters. Then he went and opened an account in Ziegler’s name.
The amount being withdrawn from each bank account was so insignificant that neither the account holders nor the bank officials noticed the fault. It was brought to their notice when a person named Zygler opened his bank account.
He was surprised to find a sizeable amount of money transferred into his account every Saturday. He reported the mistake to the bank authorities, and the entire scheme was revealed.
Denial of Service Attack
This involves flooding a computer resource with more requests than it can handle. This causes the resource (e.g., a web server) to crash, thereby denying authorized users the service offered by the resource.
Another variation to a typical denial of service attack is known as a Distributed Denial of Service (DDoS) attack, wherein the perpetrators are many and geographically widespread.
It is very difficult to control such attacks. The attack is initiated by sending excessive demands to the victim’s computer(s), exceeding the limit that the victim’s server can support and making the server crash.
Denial-of-service attacks have had an impressive history, having, in the past, brought down websites like Amazon, CNN, Yahoo, and eBay.
Virus/Worm Attacks
When some programs attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network, those are called viruses.
Either by altering or deleting the data, viruses have a prejudicial impact on computers. Worms do not attach themselves to a computer or a file. They merely make functional copies of themselves and do this repeatedly till they eat up all the available space on a computer’s memory.
A Filipino undergraduate reportedly wrote the VBS_LOVELEITER virus (better known as the Love Bug or the I LOVE YOU virus). This deadly virus became the world’s most prevalent virus in May 2000. In every five personal computers in the world, it struck one.
The true magnitude of the losses was incomprehensible when the virus was brought under check. Losses incurred during the virus attack were pegged at US $ 10 billion.
Sometimes, in 1988, Robert Morris let the Internet worm loose on the Internet.
Probably, it was the world’s most famous worm, which affected thousands of computers and almost brought its development to a complete halt. A team of experts took almost three days to get rid of the worm.
By this time, many of the computers had to be disconnected from the network.
Trojan Attacks
When an unauthorized program functions from inside, it is called a Trojan program. It conceals what it actually does.
There are many simple ways of installing a Trojan on someone’s computer. To cite an example, two friends, Rahul and Mukesh (names changed), had a heated argument over one girl, Radha (name changed), whom they both liked. When the girl asked to choose, chose Mukesh over Rahul. Rahul decided to get even.
On the 14th of February, he sent Mukesh a spoofed e-card, which appeared to have come from Radha’s mail account.
The e-card contained a Trojan. When Mukesh opened the card, the Trojan was installed on his computer. Rahul now had complete control over Mukesh’s computer and proceeded to harass him thoroughly.
Internet Time Theft
Internet time theft is using Internet hours by an unauthorized person paid for by another person. In one case, the accused was sent to the complainant’s residence to activate his Internet connections.
However, the accused used the complainant’s login name and password from various places, causing the complainant’s wrongful loss of 100 hours. Police arrested the accused for theft of Internet time.
Web Jacking
Web jacking occurs when someone forcefully takes control of a website by cracking the password and later changing it. The actual owner of the website does not have any more control over what is happening on that website.
Recently, in the USA, the owner of a hobby website for children received an email that a group of hackers had taken control of her website. They demanded a ransom of 1 million dollars from her. The school teacher owner did not take the threat seriously and ignored the matter.
After three days and many phone calls nationwide, she knew that the hackers had web-jacked her website.
Subsequently, the hackers altered a portion of the website entitled “How to have fun with goldfish.” In all the places it had been mentioned, they had replaced the word ‘goldfish’ with ‘Piranhas.’ Piranhas are tiny but extremely dangerous flesh-eating fish.
When visiting the popular website, many children believe the contents of the website. Many children went to pet shops and bought Piranhas. Many of them became seriously injured when they tried to play with Piranhas.
Theft of Computer System
Theft of a computer system means the theft of a computer, some parts of a computer, or a peripheral attached to the computer.
Physically Damaging a Computer System
This crime is committed by physically damaging a computer or its peripherals.
Conclusion: Tools and Techniques of Cyber Crime.
“Access” is “gaining entry into, instructing, or communicating with the logical, arithmetical, or memory function resources of a computer, computer system, or computer network.”
“Unauthorized access would, therefore, mean any kind of access without the permission of either the rightful owner or the person in charge of a computer, computer system, or computer network.
Thus, not only would accessing a server by cracking its password authentication system be unauthorized access, but switching on a computer system without the permission of the person in charge of such a computer system would also be unauthorized access.
Packet sniffing, tempest attacks, password cracking, and buffer overflow are common techniques used for unauthorized access.