Saturday, June 29, 2013
CYBER CRIMES
1. INTRODUCTION:
Today an increasing
number of companies are connecting to the Internet to support sales activities
or to provide their employees and customers with faster information and
services.
The virtual world has taken over the
real one, E-business and E-commerce, which are the new mantras and electronic
transactions and dominate the overall business paradigm. In this rapidly
evolving e-world that depends on free flowing information, security is the
major problem to be considered.
Security on Internet is challenging. Security on an Internet is
important because information has significant value. Implementing security
involves assessing the possible threats to one’s network, servers and
information. The goal is then to attempt to minimize the threat as much as
possible.
This developing world
of information technology has a negative side effect. It has opened the door to
antisocial and criminal behavior.
1.1
The Computer Dependent Age:
The modern world relies
on computerized system for almost every thing in the life, from air, train and
bus traffic control to medical services. Systems
on co paradise
human lives. The society depends on computer system, therefore has profound
human dimension too.
The rapid expansion of
large-scale computer networks and the ability to access systems through regular
telephone lines increase the vulnerability to these systems. And it also
increases the opportunity for misuse or criminal activity.
Security is needed for both
external and internal threats.
1.2
History of computer crimes:
It is difficult to
determine when the first crime involving a computer actually took place. The
computer has been around in some form since the abacus, which is known to exist
in 3500BC in Japan, China, and India.
In 1801, profit motives
encouraged Joseph Jacquard, a textile manufacturer in France, to design the
forerunner of the computer card. This device allowed the repetition of services
of stamps in the weaving of special fabrics. However Jacquard’s employees were
committed to discourage further use of new technology.
1.3
Definition of computer crimes:
Experts debated on what
exactly constitutes computer crime or a computer related crime. Even after
several years there is no internationally recognized definition of these terms.
A global definition of computer crime has not been achieved. Computer crime has
been defined as “any illegal unethical or unauthorized behavior involving
automatic processing or transmission of data”.
Threats come in two
categories:
1.Passive threats.
2.
Active
threats.
Passive threats:
This involves
monitoring the transmission data of an organization.
Here the goal of the assembler if to obtain information that is being
transmitted. Passive threats are difficult to detect because they do not
involve alterations of data. These are of two types:
a. Release of message content.
b. traffic analysis.
Active threats:
These threats involve some modification of
data stream or the creation of a false stream. These are of three types:
a. Modification.
b. Denial of message service.
c. Masquerade.
2. TYPES OF CYBER CRIMES:
2.1 Fraud by computer
manipulation:
Intangible
assets represented in data format such as money on deposits or hours of work
are the most common targets related to fraud.
Modern
business is quickly replacing cash with deposits transacted on computer system
creating computer fraud. Credit card information as well as personal and
financial information on credit card has been frequently targeted by organized
criminal crimes. Assets represented in data format often have a considerably
higher value than traditionally economic assets resulting in potentially
greater economic class.
2.2 Computer Forgery:
This
happens when data is altered which is stored in documents that are in
computerized form. Computers however can also be used as instruments for
committing forgery. A new generation of fraudulent alteration or duplication
emerged when computerized color laser copies became available.
These
copies are capable of high-resolution copying, modification of documents that
are even creating false documents without benefit of original. They produce
documents with an equality that is indistinguishable from original documents.
Experts can only distinguish this.
The
widespread of computer networks is the need for people with common and shared
interest to communicate with each other. Information can easily be represented
and manipulated in electronic form. To meet the needs of sharing and
communicating information, the computers need to be connected which is called
data communication network.
2.3 Damage to Data/Programs:
This
category of criminal activity involves either direct or search unauthorized
access to computer system by introducing new programs known as viruses, worms
or logic bombs. The unauthorized modification suppression or erasure of
computer data or functions with the Internet to hinder normal functioning of
the system is clearly a criminal activity and is commonly referred to as
computer sabotage.
VIRUS: (Vital
information resources under seize).
Virus is
a series of program codes with the ability to attach itself to legitimate
programs and propagate itself to other computer programs. Viruses are file
viruses and bootsector viruses.
It attacks the fat so that there is no sequence of file content and it
destroys the data content.
WORMS: (Write Once Read
Many).
They are
just added to the files and they do not manipulate. It differs from a virus in
that it does not have the ability to replicate itself.
LOGIC BOMB:
As it
involves the programming the destruction or modification of data is at a
specific time in the future.
2.4 Unauthorized access:
The
desire to gain unauthorized access to computer system can be prompted by
several motives:
1. From simple curiosity.
2. To computer sabotage.
International unjustified access by a person not authorized by the
owners or operators of a system may often constitute criminal behavior.
Unauthorized access creates the opportunity to cause additional
unintended damage to data and system crashes. Accessing is often accomplished
from a remote location along a telecommunication network by one of several
means. The intruder may be able to take advantage of security measures to gain
access or may find loopholes in existing security measures or system
procedures. Frequently hackers impersonate legitimate users. This is especially
common in systems.
3. PRECAUTIONS TO PREVENT COMPUTER HACKING:
Nobody’s
data is completely safe. But everybody’s computers can still be protected
against would-be hackers. Here is your defense arsenal.
3.1 Firewalls:
These are the gatekeepers to a
network from the outside. Firewall should be installed at every point where the
computer system comes in contact with other networks, including the Internet a
separate local area network at customer’s site or telephone company switch.
3.2 Password protection:
At
minimum, each item they logon, all PC users should be required to type-in
password that only they and network administrator know. PC users should avoid
picking words, phrases or numbers that anyone can guess easily, such as birth
dates, a child’s name or initials. Instead they should use cryptic phrases or
numbers that combine uppercase and lowercase.
Letters
such as the “The Moon Also Rises”. In addition the system should require all
users to change passwords every month or so and should lockout prospective
users if they fail to enter the correct password three times in a row.
3.3 Viruses:
Viruses
generally infect local area networks through workstations. So anti-virus
software that works only on the server isn’t enough to prevent infection.
You
cannot get a virus or any system-damaging software by reading e-mail. Viruses
and other system-destroying bugs can only exist in files, and e-mail is not a
system file. Viruses cannot exist there. Viruses are almost always specific of
the operating system involved. Meaning, viruses created to infect DOS
application can do no damage to MAC systems, and vice versa. The only exception
to this is the Microsoft Word “macro virus” which infects documents instead of
the program.
3.4 Encryption:
Even if
intruders manage to break through a firewall, the data on a network can be made
safe if it is encrypted. Many software packages and network programs –
Microsoft Windows NT, Novel NetWare, and lotus notes among others- offer and –
on encryption schemes that encode all the data sent on the network. In
addition, companies can buy stand alone encryption packages to work with
individual applications. Almost every encryption package is based on an
approach known as public-private key.
Scrambled
data is encoded using a secret key unique to that transmission. Receiver’s use
a combination of the sender’s public key and their own private encryption key
to unlock the secret code for that message decipher it.
3.5 Audit Trails:
Almost
all firewalls, encryption programs, and password schemes include an auditing function
that records activities on the network.
This log
which, ironically is turned off by many network administrators who doesn’t
appreciate its importance is an excellent way of recording what occurred during
an attack by hackers.
4. HOW TO AVOID GETTING HACKED:
Get
licensed anti-virus software and one must update them regularly. Most good
anti-virus software offers on-line updating.
There
are some teams of people who have been formed to assist in solving hacker
attacks and to disseminate information on security attacks. Two such teams are:
1. CERT
(Computer Emergency Response Team).
2. FIRST (Forum of
Incident Response and Security Teams).
Here are
some points by which one can reduce the danger of getting hacked:
a.
Do not
accept files from unknown sources if the files are sent as an attachment or
sent to you while your are chatting.
b.
Do not
download any executable files from unknown sources.
c.
Do not
simply accept files even if it is from known sources. This is due to the fact
that the latest virus could send itself as an attachment from an infected
computer. It would be from your known sources.
d.
Constantly
change your password. Use alphanumeric and special characters whenever
possible. Never use your name, birth dates or words that are easily traced.
5. HACKING TECHNIQUES:
5.1 Callback units:
Callback
units are a good security device, but with most phone systems, it is quite
possible for the hacker to use the following steps to get around a callback
unit that uses the same phone line for both incoming and outgoing calls: First,
he calls the callback unit and enters any authorized ID code. After he enters
this ID, the hacker holds the phone line open; he does not hand up. When the
callback unit picks up the phone to call the user back, the hacker is there,
waiting to meet it.
The ID
code is simple for a hacker to obtain, because these codes are not meant to be
security precautions. The callback unit itself provides security by keeping
incoming calls from reaching the computer. The ID codes are no more private
than most telephone numbers. Some callback units refer to the codes as
“location identification numbers” and some locations are used by several
different people, so their Ids are fairly well known. In some cases, callback
units also have certain simple codes that are always defined by default. Once
the hacker has entered an Id code and the callback unit has picked up the phone
to re-call him. The hacker may or may not decide to provide a dial tone to
allow to “thinking” if it is calling the correct number.
5.2 Trapdoors as a
possibility:
A trapdoor is a set of
special instructions embedded in the large program that is the operating system
of a computer. A permanent, hopefully secret “doorway “, these special
instruments enable anyone who knows about them to bypass normal security
procedures and to gain access to the compote’s files. Although they may sound
sinister, hackers did not invent trapdoors, although existing ones are
certainly used by hackers who find out them.
5.3 The Decoy:
One of
the more sophisticated hacking tools is known as the decoy. It requires that
hacker an account on the system. The hacker with a low-security account tries
this method to get higher-security account. He will first use his low-security
account to write a program that will emulate the log-on procedures of the
systems.
1. Clear the terminal screen and place text on
it that makes every thing look as if the system is in charge.
2. Prompt for, and allow the user to enter
both an account name and a password.
3. Save that information in a place the hacker
can access.
4. Tell the user the account/password entries
are not acceptable.
5. Turn control of the terminal back over to
the system.
5.4 Intercept:
Holding
the line will only work with callback units that use the same phone lines to
call in and to call out. Some callback units use different incoming and
outgoing lines, numbers 555-4820 through 555-3830 are dedicated to users
incoming calls and lines 555-2020 through 555-2030 are dedicated to the
computers outgoing calls. The only thing a hacker needs in order to get through
to these systems is a computer and a little time- he does not even need an ID
code.
First,
the hacker calls any one of the outgoing phone lines, which of course, will not
answer, sooner, or later, though, while the hacker has his computer waiting
there, listening to the ring, an authorized user will call one of the incoming
lines and request to be called back. It will usually be less than an hours
wait, but the hacker’s computer is perfectly capable of waiting for days, if
need be.
5.5 Call Forwarding:
Many people use call forwarding by special
arrangement with the Phone Company. When a customer requests for a call
forwarding, the Phone Company uses its computer to forward all customers
incoming calls to another number. Let us say for example, that you want calls
that come to your office phone to be forwarded to your phone. A call from you
to the Phone Company, some special setting in the phone company computer, and
all calls to your home instead. This little bit of help from Phone Company is
another tool used by hacker.
5.6 Rapid fire:
Memory
location manipulation can be helpful, but there is another more powerful
possibility in some case, the Rapid-fire method. To understand how this method
works, you have to know something about the way operating system works. When a
user enters a command, the operating system first places the command in a
holding area, the buffer, where it will sit for a few millionths of a second.
The system looks at the command and says “Does this person really have
authorization to do this, or not?” Then the command sits there a few millionths
of a second while the system runs off to check the user’s authentication, when
the system comes back to the command it will have one of the two possible
answers: “ok, go ahead” or “sorry, get permission first”.
Once you
are on a system that handles things like this, you can use the rapid-fire
method to change the command while it is sitting in the buffer, waiting to be
executed. If you can do this, you can do anything. You can enter a command that
you know will be approved, such as “tell me the time”. As soon as the system
runs off to verify your right to know the time, you can change the command in
the buffer to something you know would not be approved, “give me the list of
all the passwords”, when the system comes back with the “ok, go ahead”, it
responds to the second command, not the first one. Of course, this exchange has
to be done very rapidly, but more systems existing today can be fooled by this
trick.
6. CONCLUSION:
The issue
of network and Internet security has become increasingly more important as more
and more business and people go on-line.
To avoid
the information from hackers we use the passwords secretly and we change the
passwords regularly. We cannot use our names, initials as passwords that are
easily traced. We should not download any executable files from unknown
sources, information from any sources without checking for virus. We have to
use licensed anti-virus software. Also teams like CERT and FIRST assist in
solving hacker attacks and to disseminate information on security.
