1. CYBER CRIMECYBER CRIME
IN THE DIGITAL AGEIN THE DIGITAL AGE
STRATEGIES & SOLLUTIONSSTRATEGIES & SOLLUTIONS
2. CYBER CRIME: THE INTRODUCTION
In a digital age, where online communication has become the
norm, internet users and governments face increased risks of
becoming the targets of cyber attacks. As cyber criminals
continue to develop and advance their techniques, they are
also shifting their targets — focusing less on theft of financial
information and more on business espionage and accessing
government information. To fight fast-spreading cyber crime,
governments must collaborate globally to develop an effective
model that will control the threat.
4. HACKING:
This is a type of crime wherein a person’s computer is
broken into so that his personal or sensitive
information can be accessed. In the United States,
hacking is classified as a felony and punishable as
such. This is different from ethical hacking, which
many organizations use to check their Internet security
protection. In hacking, the criminal uses a variety of
software to enter a person’s computer and the person
may not be aware that his computer is being accessed
from a remote location.
5. THEFT:
This crime occurs when a person violates copyrights
and downloads music, movies, games and software.
There are even peer sharing websites which
encourage software piracy and many of these websites
are now being targeted by the FBI. Today, the justice
system is addressing this cyber crime and there are
laws that prevent people from illegal downloading.
6. CYBER STALKING:
This is a kind of online harassment wherein the
victim is subjected to a barrage of online messages
and emails. Typically, these stalkers know their
victims and instead of resorting to offline stalking,
they use the Internet to stalk. However, if they notice
that cyber stalking is not having the desired effect,
they begin offline stalking along with cyber stalking to
make the victims’ lives more miserable.
7. IDENTITY THEFT:
This has become a major problem with people using the
Internet for cash transactions and banking services. In
this cyber crime, a criminal accesses data about a
person’s bank account, credit cards, Social Security,
debit card and other sensitive information to siphon
money or to buy things online in the victim’s name. It can
result in major financial losses for the victim and even
spoil the victim’s credit history.
8. CHILD SOLICITING AND ABUSE:
This is also a type of cyber crime wherein
criminals solicit minors via chat rooms for the
purpose of child pornography. The FBI has been
spending a lot of time monitoring chat rooms
frequented by children with the hopes of reducing
and preventing child abuse and soliciting.
9. MALICIOUS SOFTWARE:
These are Internet-based software or programs
that are used to disrupt a network. The software
is used to gain access to a system to steal
sensitive information or data or causing damage
to software present in the system.
11. CYBERCRIME REPORTING AND
INTELLIGENCE:
Reporting channels should be established to allow users
but also public and private sector organisations report
cybercrime. This will enhance the understanding of
scope, threats and trends and the collation of data to
detect patterns of organised criminality. Given the fast
evolution of technologies and with it cybercrime and
techniques used by criminals, building intelligence is of
particular importance to assess threats and predict
trends, and thus to help adjust measures against
strategies.
12. PREVENTION:
Public education and awareness, the empowerment of
users and technical and other measures should be
essential elements of cybercrime strategies. Specific
measures should be envisaged for the online
protection children44 and for fraud prevention.
13. LEGISLATION:
States should adopt legislation that is harmonized with
international standards46 in order to:
•criminalize conduct
•provide law enforcement with procedural law tools for efficient
investigations
•establish safeguards and conditions limiting investigative
powers as well as adopting data protection regulations.
14. HIGH-TECH CRIME AND OTHER
SPECIALIZED UNITS:
Specialized units, such as high-tech crime units,
prosecution services responsible for cybercrime and
services for cyber forensics will need to be created.
15. INTERAGENCY COOPERATION:
Cybercrime is not the sole responsibility of a specific
(specialized) unit. For example, high-tech crime units may
provide support to other services investigating fraud, money
laundering or child pornography, or cooperate with CERTS
or other institutions responsible for cyber security. Specific
procedures and mechanisms for interagency cooperation
would need to be established
16. LAW ENFORCEMENT TRAINING:
The objective of a specific law enforcement training strategy
could be to ensure that law enforcement officers have the
skills/competencies necessary for their respective functions
to investigate cybercrime, secure electronic evidence and
carry out computer forensics analyses for criminal
proceedings to assist other agencies to contribute to
network security. The first step towards such a training
strategy would be a training needs analysis (covering
requirements from first responders to generic investigators,
specialist investigators, internet crime investigators, covert
internet crime investigators, network crime investigators,
digital forensic investigators and managers).
17. JUDICIAL TRAINING:
A judicial training concept should ensure that all judges and
prosecutors have at least basic knowledge to deal with
cybercrime and electronic evidence. This means that such
training needs to be integrated into the regular judicial training
system of a country. A coherent concept would be required to
ensure this. The objectives could be: to enable training institutes
to deliver initial and in-service cybercrime training based on
international standards, to equip the largest possible number of
future and practicing judges and prosecutors with basic
knowledge on cybercrime and electronic evidence, to provide
advanced training to a critical number of judges and prosecutors,
to support the continued specialization and technical training of
judges and prosecutors to contribute to enhanced knowledge
through networking among judges and prosecutors, to facilitate
access to different training initiatives and networks.
18. PUBLIC/PRIVATE (LEA/ISP)
COOPERATION:
All cyber security strategies underline the need for
public/private cooperation. With respect to cybercrime,
cooperation between law enforcement and service providers
is particularly essential. Memoranda of Understanding or
other types of agreements could be considered to provide a
framework for efficient cooperation that defines
expectations, responsibilities, authorities but also limitations
and that ensures that the rights of users are protected.
Positive examples of public/private cooperation are
available and could be built upon.
19. EFFECTIVE INTERNATIONAL
COOPERATION:
Cybercrime is transnational crime involving multiple jurisdictions.
Efficient international police to police and judicial cooperation is
required to preserve volatile electronic evidence. This includes
direct cooperation between high-tech crime units and between
prosecutors of different countries. 24/7 points of contact in line with
Article 35 of Budapest Convention and as promoted by the G8
High-tech Crime Sub-group should be established. Chapter III of
the Convention on Cybercrime provides a legal framework for
international cooperation with general and specific measures,
including the obligation of countries to cooperate to the widest
extent possible, urgent measures to preserve data and efficient
mutual legal assistance. States should also consider accession to
this treaty to make use of these provisions.
20. FINANCIAL INVESTIGATIONS AND PREVENTION
OF FRAUD AND MONEY LAUNDERING:
Obtaining financial or other economic benefits has been one motivation of
cybercriminals from the very beginning. However, there is general agreement
that generating proceeds is now the primary purpose of cybercrime. The type of
cybercrime in this respect is fraud. Public authorities but also private sector
organisations should pay particular attention to the prevention of fraud and
money laundering but also to financial investigations to search, seize and
confiscate proceeds from cybercrime. Such measures may include cybercrime
reporting systems; prevention and public awareness; regulation licensing and
supervision; risk management and due diligence, harmonization of legislation,
interagency cooperation, public/private cooperation and information exchange56
and other measures.
21. PROTECTION OF CHILDREN:
Empowering children and fostering their trust and confidence in
the Internet together with the protection of their dignity, security
and privacy requires a comprehensive set of measures that go
beyond the scope of cybercrime or cyber security strategies.
However, special attention is to be paid to the prevention and
control of the sexual exploitation and abuse of children. The
Lanzarote Convention on the Protection of Children against
Sexual Exploitation and Sexual Abuse provides a framework for a
comprehensive set of measures. Countries need criminalize child
pornography and other conduct in line with international standards
and establish the conditions for effective enforcement.
23. INTRODUCTION:
Digital forensic techniques involve the application of science to the
identification, collection, examination, and analysis of data in ways that
preserve the integrity of the information and maintain a strict chain of custody
for the data. Organizations have the means to collect growing amounts of
data from many sources. Data is stored or transferred by standard IT
systems, networking equipment, computing peripherals, personal digital
assistants (PDAs), consumer electronic devices, and various types of media.
When information security incidents occur, organizations that have
established a capability to apply digital forensic techniques can examine and
analyze the data that they have collected, and determine if their systems and
networks may have sustained any damage and if sensitive data may have
been compromised. Digital forensic techniques can be used for many
purposes, such as supporting the investigation of crimes and violations of
internal policies, analyses of security incidents, reviews of operational
problems, and recovery from accidental system damage.
24. ROLES & CAPABILITIES:
•The collection, preservation, analysis, and presentation of digital
evidence.
•Admissible in a court of law
•Usable for internal disciplinary hearings
•Supporting data for internal incident reports
•Assisting/furthering other investigations.
•Shows possession/handling of digital data
•Show use/abuse of IT infrastructure & services
•Shows evidence of policy violation or illegal activity
30. AVAILABILITY:
Availability means that the information, the
computing systems used to process the
information, and the security controls used to
protect the information are all available and
functioning correctly when the information is
needed.
31. NON-REPUDIATION:
When one party of a transaction cannot deny
having received a transaction nor can the other
party deny having sent a transaction.
33. SEPARATE PERSONAL AND BUSINESS:
Consider using a separate computer from your personal one
for business use. And with that computer, only use it for
business purposes. Never surf the Internet or read personal
emails.
34. ONLY OPEN WHAT YOU TRUST:
Do not click on links in emails and be careful where you
surf online. I only click on links sent to me by people I
know and trust. And on my work PC, I don't even click on
links from my parents! I forward their emails to my
personal email and open them on one of my personal
devices.
35. STAY UP-TO-DATE:
Make sure that you educate yourself on different types of
social engineering because many times it can lead to
attempted fraud. In fact, there is a new type of fraud
called 'imposter fraud' where bad guys get into a
company's business communications, usually email,
impersonate a trusted executive and then instruct
accounts payable to transfer money to a fraudulent bank
account. The scale of the losses from imposter fraud can
be eye watering.
36. A WI-FI CONNECTION COULD UNDERMINE
YOUR ENTIRE NETWORK:
Baez related the story of a physician who was allowing patients to
access Wi-Fi while they waited to see him. The Wi-Fi network was
using the same infrastructure as his office's PC. The doctor didn't
realize that any one of those patients could easily tap into his
network, access other patients' files and insurance information,
and just plain wreak havoc. Baez suggests instead setting up your
Wi-Fi access through an inexpensive Internet line separate from
your company network.
37. NETWORK USERS ARE OFTEN A COMPANY'S
WEAKEST LINK:
Most of us use passwords that are a combination of simple words or
personal information. It only takes seconds for today's mobile
processors to crack the code. Add to that the countless employees
who write their corporate passwords on laptops and mobile devices
that can be easily stolen or simply lost. If your organization's data
security is vital, Baez suggests investing in Factor authentication
which open-source software has made affordable to many an
entrepreneur.
38. DON'T USE THE SAME PASSWORD FOR
YOUR VARIOUS ONLINE ACCOUNTS:
Change them regularly on Twitter and LinkedIn, as well as your
personal accounts. Baez cited the tale of Palo Alto developer
Naoki Hiroshima whose prized, single-digit Twitter account was
hacked and his entire business life brought to a screeching halt.
Baez recommends investing in password managers such as
1Password or Last Pass. They'll assure that extra degree of
security.
40. As someone rightly said that “bytes are replacing bullets in the crime
world”. The growth of cyber crime all over the world, is on the rise and to
curb its scope and complexity is the pertinent need today. Cyber space
offers a plethora of opportunities for cyber criminals either to cause harm
to innocent people, or to make a fast buck at the expense of unsuspecting
citizens. Cybercrime investigations are not easy. This is mainly due to the
lack of what is called “cyber forensics.” We know that forensic evidence is
important in normal criminal investigations. But the collection and
presentation of electronic evidence to prove cyber crimes have posed a
challenge to investigation and prosecution agencies and the judiciary.
To sum up, cyber security needs a good combination of laws and
technology while keeping in mind common security standards. In the era of
e-governance and e-commerce, a lack of common security standards can
create havoc for global trade as well as military matters.