Computer Crime and Safety

Computer Crime and Safety

Computer Crime and Safety

Computer Crime:

It is alternatively referred to as cyber-crime, e-crime, electronic crime, or hi-tech crime. Computer crime is an act performed by a knowledgeable computer user, sometimes referred to as a hacker that illegally browses or steals a company's or individual's private information. In some cases, this person or group of individuals may be malicious and destroy or otherwise corrupt the computer or data files.

The computer crime has different meanings depending on the situation, the person, and their individual frame of reference. The investigation of computer crime didn’t require the involvement of many different communities, like law enforcement, private security, prosecutors or network administrators. However, computer crime is by its very nature, it is not restricted by conventional or physical borders.

Donn Parker is generally cited as the author that presented the first definitional categories for computer crime. He clearly favors the term computer abuse as a higher-level definition and describes it as “any incident involving an intentional act where a victim suffered or could have suffered a loss, and an offender created or may have created a gain and is related to computers”.

Robert Taylor and company expand on Parker’s definitions and present four categories of computer crime as:

  1. The computer as a target: The attack seeks to deny the users or owners of the system access to their data or computers. A Denial-of-Service attack or a virus that renders the computer inoperable would be examples of this category.
  2. The computer as an instrument of the crime: The computer is used to gain some information or data which are further used for criminal objective. For example, a hacker may use a computer system to steal personal information.
  3. The computer as incidental to a crime: Sometimes a computer may not the primary instrument of the crime; it simply can facilitate it. Money laundering and the trading of child pornography would be examples of this category.
  4. Crimes associated with the prevalence of computers: This includes the crimes against the computer industry, such as intellectual property theft and software piracy etc.

Examples of computer crimes

Below is a listing of the different types of computer crimes today.

Copyright violation - Stealing or using another person's Copyrighted material without permission

Cracking - Breaking or deciphering codes that are being used to protect data

Cyber terrorism - Hacking, threats, and blackmailing towards a business or person

Cyberbully or Cyberstalking - Harassing or stalking others online

Cybersquatting - Setting up a domain of another person or company with the sole intentions of selling it to them later at a premium price

Creating Malware- Writing, creating, or distributing malware viruses and spyware

Child pornography - Making or distributing child pornography

Denial of Service attack - Overloading a system with so many requests it cannot serve normal requests

Fraud - Manipulating data, e.g., changing banking records to transfer money to an account or participating in credit card fraud

Harvesting - Collect account or other account related information on other people

Human trafficking - Participating in the illegal act of buying or selling other humans

Identity theft - Pretending to be someone you are not

Illegal sales - Buying or selling illicit goods online including drugs, guns, and psychotropic substances

Intellectual property theft - Stealing practical or conceptual information developed by another person or company

IPR violation - An intellectual property rights violation is any infringement of another's Copyright, patent, or trademark

Phishing - The fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication

Salami slicing - Stealing tiny amounts of money from each transaction

Scam - Tricking people into believing something that is not true

Slander - Posting slander or fake statement against another person or company

Software piracy - Copying, distributing, or using software that is Copyrighted that you did not purchase

Spamming - Distributed unsolicited (not asked) e-mail to dozens or hundreds of different addresses

Spoofing - Deceiving a system into thinking you are someone but you really are not

Typosquatting - Setting up a domain that is a misspelling of another domain e.g. gogle.com instead of google.com

Unauthorized access - Gaining access to systems you have no permission to access

Wiretapping - Connecting a device to a phone line to listen to conversations

Software Piracy:

Software piracy is the illegal copying, distribution, or use of software. It is such a profitable "business" that it has caught the attention of organized crime groups in a number of countries. According to the Business Software Alliance (BSA), about 36% of all software in current use is stolen. Software piracy causes significant lost revenue for publishers, which in turn results in higher prices for the consumer.

When you purchase a commercial software package, an end user license agreement (EULA) is included to protect that software program from copyright infringement. Typically, the license states that you can install the original copy of software you bought on one computer and that you can make a backup copy in case the original is lost or damaged. You agree to the licensing agreement when you open the software package (this is called a shrink wrap license), when you open the envelope that contains the software disks, or when you install the software.

Software piracy applies mainly to full-function commercial software. The time-limited or function-restricted versions of commercial software called shareware are less likely to be pirated since they are freely available. Similarly, freeware , a type of software that is copyrighted but freely distributed at no charge, also offers little incentive for piracy.

Types of software piracy include:

Softlifting: Borrowing and installing a copy of a software application from a colleague

Client-server overuse: Installing more copies of the software than you have licenses for

Hard-disk loading: Installing and selling unauthorized copies of software on refurbished (assembled) or new computers

Counterfeiting: Duplicating and selling copyrighted programs

Online piracy: Typically involves downloading illegal software from peer-to-peer network, Internet auction or blog. (In the past, the only place to download software was from a bulletin board system and these were limited to local areas because of long distance charges while online.)

Anti-Piracy:

Software piracy is a major issue affecting companies and developers today. Consequently, companies need to implement anti-piracy protection systems on their software-based products.

Legal protection

Most companies make sure their software is protected legally by a user agreement. Letting consumers know that making unauthorized copies is against the law will help prevent people from unknowingly breaking piracy laws.

Product key

The most popular anti-piracy system is a product key, a unique combination of letters and numbers used to differentiate copies of the software. A product key ensures that only one user can use the software per purchase.

Tamper-proofing

Some software programs have built-in protocols that cause the program to shut down and stop working if the source code is tampered with or modified. Tamper-proofing prevents people from pirating the software through the manipulation of the program's code.

Watermarking

Watermarks, company logos, or names are often placed on software interfaces to indicate that products are legitimately obtained, and are not illegal copies.

Computer Virus:

Computer virus is a program, script, or macro (A macro which stands for "macroinstruction" is a programmable pattern which translates a certain sequence of input into a preset sequence of ) designed to cause damage, steal personal information, modify data, send e-mail, display messages, or some combination of these actions.

When the virus is executed, it spreads by copying itself into or over data files, programs, or boot sector of a computer's hard drive, or potentially anything else writable. To help spread an infection, the virus writers use detailed knowledge of security vulnerabilities (security weakness), zero days (vulnerability in an operating system, software, or hardware that is exploited the same day it is discovered.), or social engineering (people hacking) to gain access to a host's computer.

Types of Computer Viruses

A computer virus is one type of malware that inserts its virus code to multiply itself by altering the programs and applications. The computer gets infected through the replication of malicious code. Computer viruses come in different forms to infect the system in different ways. Some of the most common viruses are,

  • Boot Sector Virus
  • Direct Action Virus
  • Multipartite Virus
  • Polymorphic Virus
  • Overwrite Virus
  • Spacefiller Virus
  • Resident Virus
  • Rootkit Virus

Boot Sector Virus: This type of virus infects the master boot record and it is challenging and a complex task to remove this virus and often requires the system to be formatted. Mostly it spreads through removable media.

Direct Action Virus: This is also called non-resident virus, it gets installed or stays hidden in the computer memory. It stays attached to the specific type of files that it infect. It does not affect the user experience and system’s performance.

Multipartite Virus: This type of virus spreads through multiple ways. It infects both the boot sector and executable files at the same time.

Polymorphic Virus: These type of viruses are difficult to identify with a traditional anti-virus program. This is because the polymorphic viruses alters its signature pattern whenever it replicates.

Overwrite Virus: This type of virus deletes all the files that it infects. The only possible mechanism to remove is to delete the infected files and the end-user has to lose all the contents in it. Identifying the overwrite virus is difficult as it spreads through emails.

Spacefiller Virus: This is also called “Cavity Viruses”. This is called so as they fill up the empty spaces between the code and hence does not cause any damage to the file.

Resident Virus: The Resident virus implants itself in the memory of a computer. Basically, the original virus program is not required to infect new files or applications. Even when the original virus is deleted, the version stored in memory can be activated. This happens when the computer OS loads certain applications or functions. The resident viruses are troublesome due to the reason they can run unnoticed by antivirus and antimalware software by hiding in the system’s RAM.

Rootkit Virus: The rootkit virus is a malware type which secretly installs an illegal rootkit on an infected system. This opens the door for attackers and gives them full control of the system. The attacker will be able to fundamentally modify or disable functions and programs. Like other sophisticated viruses, the rootkit virus is also created to bypass antivirus software. The latest versions of major antivirus and antimalware programs include rootkit scanning.

Computer Worms:

An Internet worm or computer warm is type of malicious software (malware) that self-replicates and distributes copies of itself to its network. These independent virtual viruses spread through the Internet, enter into computers, and replicate without intervention (involvement) from and unbeknownst (without the knowledge of someone) to computer users.

Internet worms can be included in any type of virus, script or program. These worms typically infect systems by exploiting bugs or vulnerabilities that can often be found in legitimate software. Unlike Trojans or other viruses that require user intervention to spread, Internet worms can spread on their own. This makes them extremely dangerous.

Internet worms use various techniques to multiply over the Internet. Initial worms just scanned local network hard drives and folders, and then inserted themselves into programs.

In the 1990s, Internet worms came in the form of Visual Basic scripts that replicated on computers running on Windows. These worms used the user's email to spread themselves to all the addresses available in the user's address book. In 2001, Internet worms began to exploit vulnerabilities in the Windows OS to infect machines directly via the Internet. Later, Microsoft released automatic OS updates to prevent this problem. Probably the most powerful Internet worm in terms of its scope was the Code Red Worm, which scanned the Internet and attacked susceptible computers that ran the Windows IIS Web server.

Internet worms are embedded in software and penetrate most firewalls and other forms of network security. Anti-virus software applications protect worms along with other forms of malware such as viruses.

Some popular warms are as:

WannaCry ransomware -Worm component of WannaCry ransomware made it possible to wreak havoc (widespread destruction or damage) on computers around the world, infecting more than 200,000 systems in over 150 countries

I LOVE YOU-It is a computer worm that successfully attacked tens of millions of Windows computers in 2000 when it was sent as an attachment to an email message with the text “I LOVE YOU”. it’s estimated that the infamous I LOVE YOU worm infected about 10 percent of the world’s internet-connected computers within just 10 days.

Witty -This worm infects a computer, it deletes a randomly chosen section of the hard drive, over time rendering the machine unusable.

Storm Worm-This 2007 worm was named after the Kyrill weather storm in Europe. It’s spam that provoke users to open it because it shows a headline of two-hundred and thirty people have died while the Kyrill storm pummeled Europe. Its collection of contaminated machines became part of a large botnet (number of Internet-connected devices, each of which is running one or more bots or robot) responsible for gathering tons of private data and executing various DDOS attacks.

Mydoom-It is the fastest-spreading e-mail worm ever affecting Microsoft Windows. Mydoom appears to have been commissioned by e-mail spammers so as to send junk e-mail through infected computers. The worm contains the text message “andy; I’m just doing my job, nothing personal, sorry,

MSBlast-This 2003 malware was able to continue the early 2000’s tradition of worm-related chaos by exploiting a vulnerability that Microsoft announced in July of that year. It featured a message addressed to Bill Gates that said, “Stop making money and fix your software,” and it was able to infect seven thousand computers within mere hours of its discovery.

Wurmark -Once inside your computer, the worm installed a Trojan, which in turn allowed remote hackers to take control of your infected system. The worm also deleted files randomly from your system, and mailed itself to all your Outlook contacts, using your mail id.

Stuxnet-it attacked the nuclear facilities of Iran. This worm reportedly destroyed roughly a fifth of Iran’s nuclear centrifuges by causing them to spin out of control by increasing the pressure on the spinning centrifuges while displaying that everything was under control. It managed this feat by replaying the plant’s protection system values in the control room while the attack was happening.

The Caric-Also is known as Bill Clinton and the MyLife-B worm. This malicious program was activated after opening an email’s attachment and displayed a cartoon of Clinton playing the saxophone equipped with a bra popping out of the sax’s mouth. The writers of this worm tried to be clever by adding a line to the end of the email, supposedly from anti-virus vendor McAfee, which claimed the email contained no viruses.

Spyware:

Spyware is infiltration software that secretly monitors unsuspecting users. It can enable a hacker to obtain sensitive information, such as passwords, from the user's computer. Spyware exploits user and application vulnerabilities and is often attached to free online software downloads or to links that are clicked by users.

Peer-to-peer (P2P) file sharing has rapidly increased propagation of spyware and its ramifications (unwelcome action/damage).

Anti-spyware applications locate and remove spyware and are recommended as a preventative line of defense against infiltration (penetrate) and damage.

Anti-virus software removes PC viruses, but anti-virus scans do not always detect spyware. Spyware and cookies are similar, but spyware conducts infiltration activity continuously until it is removed by specific anti-spyware tools.

Users should take the following precautions to prevent spyware attacks:

  • Maintain anti-virus and anti-spyware updates and patches.
  • Download from well-known and reputable sites only.
  • Use a firewall for enhanced security.

Ethical Issues in Computer:

Ethics is a set of moral principles that govern the behavior of a group or individual. Therefore, computer ethics is set of moral principles that regulate the use of computers. Some common issues of computer ethics include

  1. Intellectual property rights (such as copyrighted electronic content)
  2. Privacy concerns
  3. How computers affect society
  4. Communication Issues (Social media uses is isolating human by face-to-face communication)
  5. Cyber Crime
  6. Data Gathering

For example, while it is easy to duplicate copyrighted electronic (or digital) content, computer ethics would suggest that it is wrong to do so without the author's approval. And while it may be possible to access someone's personal information on a computer system, computer ethics would advise that such an action is unethical.

As technology advances, computers continue to have a greater impact on society. Therefore, computer ethics promotes the discussion of how much influence computers should have in areas such as artificial intelligence and human communication. As the world of computers evolves, computer ethics continues to create ethical standards that address new issues raised by new technologies.

A computer user should do following things to be an ethical user

  • IF you found an account and password to use, do not give to other that may cause your damage
  • Do not use computer to do crime
  • Do not use computer to threaten or harass others
  • Do not interfere with other person’s computer work
  • Do not copy software or intellectual property unless you get a permission from owner
  • Always take permission from owner when you copy document from internet

Cyber Law:

Cyber law is the part of the overall legal system that deals with the Internet, cyberspace, and their respective legal issues. Cyber law covers a fairly broad area, encompassing several subtopics including freedom of expression, access to and usage of the Internet, and online privacy. Generically, cyber law is referred to as the Law of the Internet.

Like any law, a cyber law is created to help protect people and organizations on the Internet from malicious people on the Internet and help maintain order. If someone breaks a cyber law or rule, it allows another person or organization to take action against that person or have them sentenced to a punishment.

There are different forms of punishment depending on the type of cyber law you broke, who you offended, where you broke the law, and where you live. In many situations, breaking the rules on a website result in your account becoming suspended or banned and your IP addressed blocked. To determine the consequences of your action for minor offenses, you have to review the companies terms of service or rules before using it.

If you've committed a more serious offense such as hacking, attacking another person or website, or causing another person or company distress, additional action may be taken against you.

Cyber law mainly concern with

  • Electric and digital signature
  • Computer Crime
  • Intellectual Property Right
  • Data Protection and Privacy
  • Communication and Information Technology

Network Security:

Network security is an over-arching term that describes that the policies and procedures implemented by a network administrator to avoid and keep track of unauthorized access, exploitation, modification, or denial of the network and network resources. This means that a well-implemented network security blocks viruses, malware, hackers, etc. from accessing or altering secure information.

The first layer of network security is enforced through a username/password mechanism, which only allows access to authenticated users with customized privileges. When a user is authenticated and granted specific system access, the configured firewall enforces network policies, that is, accessible user services.

However, firewalls do not always detect and stop viruses or harmful malware, which may lead to data loss. An anti-virus software or an intrusion prevention system (IPS) is implemented to prevent the virus and/or harmful malware from entering the network.

Firewall:

Broadly speaking, a computer firewall is a software program that prevents unauthorized access to or from a private network. Firewalls are tools that can be used to enhance the security of computers connected to a network, such as LAN or the Internet. They are an integral part of a comprehensive security framework for your network.

A firewall absolutely isolates your computer from the Internet using a “wall of code” that inspects each individual “packet” of data as it arrives at either side of the firewall, inbounds to or outbound from your computer to determine whether it should be allowed to pass or be blocked.

Firewalls have been a first line of defense in network security for over 25 years. They establish a barrier between secured and controlled internal networks that can be trusted and untrusted outside networks, such as the Internet.

Firewalls generally use two or more of the following methods:

Packet Filtering: Firewalls filter packets that attempt to enter or leave a network and either accept or reject them depending on the predefined set of filter rules.

Application Gateway: The application gateway technique employs security methods applied to certain applications such as Telnet and File Transfer Protocol servers.

Proxy Servers: Proxy servers can mask or hide real network addresses and intercept or abstract every message that enters or leaves a network.

State-Full Inspection or Dynamic Packet Filtering: This method compares not just the header information, but also a packet’s most important inbound and outbound data parts. These are then compared to a trusted information database for characteristic matches. This determines whether the information is authorized to cross the firewall into the network.

Data and Message Security:

Data security refers to protective digital privacy measures that are applied to prevent unauthorized access to computers, databases and websites. Data security also protects data from corruption. Data security is an essential aspect of IT for organizations of every size and type. Data security is also known as information security (IS) or computer security.

One major threat to data security is unauthorized network monitoring, also called packet sniffing.

Examples of data security technologies include backups, data masking and data erasure. A key data security technology measure is encryption, where digital data, software/hardware, and hard drives are encrypted and therefore rendered unreadable to unauthorized users and hackers.

One of the most commonly encountered methods of practicing data security is the use of authentication. With authentication, users must provide a password, code, biometric data, or some other form of data to verify identity before access to a system or data is granted.

Message security is a subcategory of unified threat management (UTM) focused on securing and protecting an organization’s communication infrastructure. Communication channels can include email software, messaging apps and social network IM (Instant Messaging) platforms. This extra layer of security can help secure devices and block a wider range of virus or malware attacks.

Messaging security helps to ensure the confidentiality and authenticity of an organization’s communication methods. Confidentiality refers to making sure only the intended recipients are able to read the messages and authenticity refers to making sure the identity of each sender or recipient is verified.

The most popular method of data security is cryptography which is also called Encryption and Decryption.

Encryption:

Encryption is a process which transforms the original information into an unrecognizable form. This new form of the message is entirely different from the original message. That's why a hacker is not able to read the data as senders use an encryption algorithm. Encryption is usually done using key algorithms.

Data is encrypted to make it safe from stealing. However, many known companies also encrypt data to keep their trade secret from their competitors.

Decryption:

Decryption is a process of converting encoded/encrypted data in a form that is readable and understood by a human or a computer. This method is performed by un-encrypting the text manually or by using keys used to encrypt the original data.

Fig: Encryption Process and Decryption process

To perform encryption and decryption we need keys to encrypt or decrypt the message. Following are the keys used to perform cryptography.

Types of Keys

Private Key:

Private key is the secret key which cannot share to anyone. It may be part of a public/ private asymmetric key pair.

Public Key:

Public key is available to everyone. This key is generally used to encrypt the data which is decrypt by the corresponding private key.

Symmetric Key:

Symmetric-key encryption are algorithms which use the same cryptographic keys for both encryption of plaintext and decryption of ciphertext.

Asymmetric Key:

Asymmetric encryption uses 2 pairs of key public and private for encryption. Public key is available to anyone while the secret key is only made available to the receiver of the message. Receivers public key is used to encrypt which is decrypt by the receivers private key which only available with receiver.

Pre-Shared Key:

In cryptography, a pre-shared key (PSK) is a shared secret which was earlier shared between the two parties using a secure channel before it is used.

Difference between Encryption and Decryption

S.N Encryption Decryption
1. Encryption is the process of converting normal message into meaningless message. While decryption is the process of converting meaningless message into its original form.
2. Encryption is the process which take place at sender’s end. While decryption is the process 
which take place at receiver’s end.
3. Its major task is to convert the plaint text into cipher text. While its main task is to convert 
the cipher text into plain text.
4. Any message can be encrypted with either secret key or public key. Whereas the encrypted message can be decrypted with either secret key or private key.
5. In encryption process, sender sends the data to receiver after encrypted it. Whereas in decryption process, receiver receives the information(Cipher text) and 
convert into plain text.