Cyber-crime & understanding cyber security

135

By Masud Khabeki

The advancement in technology has facilitated and given the opportunity to many of the traditional crime to move from the physical world into the cyber space. The traditional crime of theft and violence are still considered the main crime to dealt with even in the modern technologically equipped world. Traditionally, crime remained omnipresent in the world and kept on evolving since the days when goods were transported by stagecoach. The robbery has changed its manifestation from trade routes to our modern-day transactions done on internet like credit and debit cards. Internet credit card number theft has become a well-recognized danger. Cyber-crime is an evil having its origin in the growing dependence on computers in modern life. In a day and age when everything from microwave ovens and refrigerators to nuclear power plants is being run on computers, cyber-crime has assumed rather sinister implications. The most common forms of computer crime include child pornography, fraud, and e-mail abuse. Even more disturbing are new forms of cyber-terrorism made possible by the large amount of the physical machinery now operated by computers.

 

Since the beginning of civilization, man has always been motivated by the need to make progress and better the existing technologies. This has led to tremendous development and progress which has been a launching pad for further development of all the significant advances made by mankind from the beginning till date. Probably the most important of them is the development of Internet to put in a common man language. Internet is a global network of computers, all speaking the same language. This dependency of technology has made the internet world vulnerable to many crimes and especially the younger generations as the new technology is kept on evolving on an enormous pace, the laws to regulate the transactions through internet become obsolete or insufficient to deal the problem which is continuously changing its shape. The growing Internet of Things movement continues to be one of the key technology trends over the past decade according to an estimate 8.4 billion devices were connected in 2017, and it expects that IoT will grow to over 20 billion connected things by 2020.

 

Internet/cyber-space is believed to be full of anarchy as the system of law and regulation therein seems contradictory. However, Cyberspace is being governed by a system of law called Cyber law. Cyber law is a generic term which refers to all the legal and regulatory aspects of Internet/cyber-space. Publishing a web page is an excellent way for any business to vastly increase its exposure to millions of individuals world-wide. It is that feature of the Internet which is causing much controversy in the legal community. Furthermore, Cyber law is a constantly evolving process as the Internet grows, numerous legal issues arise. One of the most important issues concerning cyberspace today is that of Cyber-crime. Cyber-crimes are the offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm to the victim directly or indirectly, using modern telecommunication networks such as Internet/Cyber-space (Chat rooms, emails, notice boards and groups) and mobile phones (SMS/MMS). Internationally, both governmental and non-state actors engage in cyber-crimes, including espionage, financial theft, and other cross-border crimes. Activity crossing international borders and involving the interests of at least one nation state is sometimes referred to as cyber warfare. The international legal system is attempting to hold actors accountable for their actions through the International Criminal Court.

 

According to established criminological theories on crime and deviance, human beings are always considered as vulnerable to deviant behavior, so rule of law is required to protect the society. The same notion is applicable to the cyber-space, we may say that computers are vulnerable, so rule of law is required to protect and safeguard them against cyber-crime. A vulnerability in cyber-space is defined as “a flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised (accidentally triggered or intentionally exploited) and result in a security breach or a violation of the system’s security policy.” The reasons for the vulnerability of computers are due to their unique characteristic of storing data in a very small space. This allows for much easier access or removal of information through either physical or virtual media. Secondly, there is every possibility of unauthorized access not due to human error but due to the complex technology. By secretly implanting a logic bomb or key loggers can steal access codes, advanced voice recorders like retina images etc. that can fool biometric systems and bypass firewalls can be utilized to get passed many security systems. Furthermore, the complexity of the system as the computers work on operating systems and these operating systems in turn are composed of millions of lines of code. The human mind is fallible, and it is not possible that there might not be a lapse at any stage. The cyber-criminals take advantage of these lacunas and penetrate into the computer system using often more sophisticated means than originally anticipated by the system engineers. Another issue is the negligence by the user himself which increases the probability while protecting the computer system. This negligence in turn provide a cyber-criminal to gain access and take control over the computer system.  This negligence is usually a property of human conduct, under resourced IT security provisions and the improvement of security barriers within software packages and network structures could lead to improved security. Negligent behavior of a person can also put a system vulnerable by way of open public telephonic conversation regarding a system’s password, e-mail or security code exchange, personal data sharing etc. Moreover, now-a-day, this negligence is considered to be the most important aspect for cyber insecurity.

 

The threat from cyber-crime is multi-dimensional, targeting citizens, businesses, and governments at a rapidly growing rate. Cyber-criminal tools pose a direct threat to security and play an increasingly important role in facilitating most forms of organized crime and terrorism. This relatively new type of crime has posed many challenges to the law enforcement agencies across the world. There is now a sophisticated and self-sufficient digital underground economy in which data is the illicit commodity. Stolen personal and financial data – used, for example, to gain access to existing bank accounts and credit cards, or to fraudulently establish new lines of credit – has a monetary value. This drives a range of criminal activities, including phishing (the act of attempting to acquire information such as usernames, passwords, and credit card details and sometimes, indirectly, money, by masquerading as a trustworthy entity in an electronic communication), pharming (the fraudulent practice of directing Internet users to a bogus Web site that mimics the appearance of a legitimate one), malware distribution and the hacking of corporate databases, and is supported by a fully-fledged infrastructure of malicious code writers, specialist web hosts and individuals able to lease networks of many thousands of compromised computers to carry out automated attacks.

 

This challenge could be met by actively targeting underground fora to disrupt the circulation of powerful and easy to use cyber-criminal tools, such as malware kits and botnets and by disrupting the infrastructure of malicious code writers and specialist web hosts through the active identification of developer groups and a joint action of law enforcement, governments and the Information & Communication Technology industry to dismantle so-called “bullet proof” hosting companies. Active targeting of the proceeds of cyber-crime in collaboration with the financial sector like money mule (person who transfers money acquired illegally (stolen) in person, through a courier service, or electronically, on behalf of others). A consistent need to develop insight into the behavior of the contemporary cyber-criminal by means of intelligence analysis, criminological research and profiling techniques, and based on the combined law enforcement, IT security industry and academic sources, in order to deploy existing resources more effectively and by establishing a responsive internet crime complaint centers at district levels.

 

Masud Khabeki is adjunct faculty Criminology at University of Arid Agriculture, Rawalpindi