Cyber Crime can be defined as criminal activities committed on the Internet. This is a broad term that includes electronic hacking, denial of service attacks, stealing a person's identity, selling contraband, stalking victims, disrupting operations with malevolent programs etc. Some of the common terms used in relation to cyber crime are discussed as under:
Dumpster Diving: Dumpster diving, or trashing, is a name given to a very simple type of security attack i.e. scavenging through materials that have been thrown away. All kinds of sensitive information turns up in the trash, and industrial spies through the years have used this method to get information about their competitors.
Wiretapping: There are a number of ways that physical methods can breach networks and communications. Telephone and network wiring is often not protected as well as it should be, both from intruders who can physically damage it and from wiretaps that can pick up the data flowing across the wires. Criminals sometimes use wiretapping methods to eavesdrop on communications. It's unfortunately quite easy to tap many types of network cabling.
Dumpster Diving: Dumpster diving, or trashing, is a name given to a very simple type of security attack i.e. scavenging through materials that have been thrown away. All kinds of sensitive information turns up in the trash, and industrial spies through the years have used this method to get information about their competitors.
Wiretapping: There are a number of ways that physical methods can breach networks and communications. Telephone and network wiring is often not protected as well as it should be, both from intruders who can physically damage it and from wiretaps that can pick up the data flowing across the wires. Criminals sometimes use wiretapping methods to eavesdrop on communications. It's unfortunately quite easy to tap many types of network cabling.
Eavesdropping on Emanations: Electronic emanations from computer equipment is a risk one needs to be aware of, although this is mainly a concern for military and intelligence data. Computer equipment, like every other type of electrical equipment from hairdryers to stereos, emits electromagnetic impulses. Whenever one strikes a computer key, an electronic impulse is sent into the immediate area. Foreign intelligence services, commercial enterprises may take advantage of these electronic emanations by monitoring, intercepting, and decoding them. This may sound highly sophisticated, but there have been some embarrassingly easy cases.
Denial or Degradation of Service: There are many ways to disrupt service, including such physical means as shutting off power, air conditioning, or water (needed by air conditioning systems); or performing various kinds of electromagnetic disturbances. Natural disasters, like lightning and earthquakes, can also disrupt service. Actually, there are two quite different types of attacks in this category. Some cases of electronic sabotage involve the actual destruction or disabling of equipment or data. Turning off power or sending messages to system software telling it to stop processing are examples of the first type of attack. The other type of attack is known as flooding. In this type of attack, instead of shutting down service, the attacker puts more and more of a strain on the systems' ability to service requests, so eventually they can't function at all. Denial of service doesn't have to be a complex technical attack. Sometimes, it even occurs by accident. Suppose a new user starts printing a PostScript file as text on the company's only printer, and doesn't know how to stop the job.
Masquerading: Masquerading occurs when one person uses the identity of another to gain access to a computer. This may be done in person or remotely.
There are both physical and electronic forms of masquerading. In person, a criminal may use an authorized user's identity or access card to get into restricted areas where he will have access to computers and data. This may be as simple as signing someone else's name to a signin sheet at the door of a building. It may be as complex as playing back a voice recording of someone else to gain entry via a voice recognition system.
There are both physical and electronic forms of masquerading. In person, a criminal may use an authorized user's identity or access card to get into restricted areas where he will have access to computers and data. This may be as simple as signing someone else's name to a signin sheet at the door of a building. It may be as complex as playing back a voice recording of someone else to gain entry via a voice recognition system.
Social Engineering: Social engineering is the name given to a category of attacks in which someone manipulates others into revealing information that can be used to steal data or subvert systems. Such attacks can be very simple or very complex. For example, a man posing as the Managing Director of the Company simply asks for his password for logging on his computer, pretending that he has forgotten the password. He then uses that to steal important files from the system.
Harassment: Harassment is a particularly nasty kind of personnel breach that has been witnessed lately on the Internet. Sending threatening email messages and slandering people on bulletin board systems and newsgroups is a common example.
Software Piracy: Software piracy is an issue that spans the category boundaries and may be enforced in some organizations and not in others. Pirated computer programs are big business. Copying and selling off-the-shelf application programs in violation of the copyrights costs software vendors dearly. The problem is an international one, reaching epidemic proportions in some countries.
Data Attacks: There are many types of attacks on the confidentiality, integrity, and availability of data. Confidentiality keeps data secret from those not authorized to see it. Integrity keeps data safe from modification by those not authorized to change it. Availability on the other hand keeps data available for use. The theft, or unauthorized copying, of confidential data is an obvious attack that falls into this category. Espionage agents steal national defense information. Industrial spies steal their competitors' product information. Crackers steal passwords or other kinds of information by breaking into systems. Two terms commonly known in the context of data attacks are inference and leakage. With inference, a user legitimately views a number of small pieces of data, but by putting those small pieces together he is able to deduce some piece of non-obvious and secret data. With leakage, a user gains access to a flow of data via an unauthorized access route (e.g., through eavesdropping).
Traffic Analysis: Sometimes, the attacks on data might not be so obvious. Even data that appears quite ordinary may be valuable to a foreign or industrial spy. For example, travel itineraries for generals and other dignitaries help terrorists plan attacks against their victims. Accounts payable files tell outsiders what an organization has been purchasing and suggest what its future plans for expansion may be. Even the fact that two people are communicating may give away a secret. Traffic analysis is the name given to this type of analysis of communications.
Covert Channels: One somewhat obscure type of data leakage is called a covert channel. A clever insider can hide stolen data in otherwise innocent output. For example, a filename or the contents of a report could be changed slightly to include secret information that is obvious only to someone who is looking for it. A password, a launch code, or the location of sensitive information might be conveyed in this way. Even more obscure are the covert channels that convey information based on a system clock or other timed event. Information could, in theory, be conveyed by someone who controls system processing in such a way that the elapsed time of an event itself conveys secret information.
Logic Bombs: Logic bombs may also find their way into computer systems by way of Trojan horses. A typical logic bomb tells the computer to execute a set of instructions at a certain date and time or under certain specified conditions. The instructions may tell the computer to display "It is safe to shut down your computer now" on the screen, or it may tell the entire system to start erasing itself. Logic bombs often work in tandem with viruses. Whereas a simple virus infects a program and then replicates when the program starts to run, the logic bomb does not replicate, it merely waits for some pre-specified event or time to do its damage. Time is not the only criterion used to set off logic bombs. Some bombs do their damage after a particular program is run a certain number of times. Others are more creative. In several cases we've heard about, a programmer told the logic bomb to destroy data if the company payroll is run and his name is not on it; this is a sure-fire way to get back at the company if he is fired! The employee is fired, or may leave on his own, but does not remove the logic bomb. The next time the payroll is run and the computer searches for but doesn't find the employee's name, it crashes, destroying not only all of the employee payroll records, but the payroll application program as well.
Trap Doors: A trap door is a quick way into a program; it allows program developers to bypass all of the security built into the program now or in the future. If a programmer needs to modify the program sometime in the future, he can use the trap door instead of having to go through all of the normal, customer-directed protocols just to make the change. Trap doors of course should be closed or eliminated in the final version of the program after all testing is complete, but, intentionally or unintentionally, some are left in place. Other trap doors may be introduced by error and only later discovered by crackers who are roaming around, looking for a way into system programs and files.
Trap Doors: A trap door is a quick way into a program; it allows program developers to bypass all of the security built into the program now or in the future. If a programmer needs to modify the program sometime in the future, he can use the trap door instead of having to go through all of the normal, customer-directed protocols just to make the change. Trap doors of course should be closed or eliminated in the final version of the program after all testing is complete, but, intentionally or unintentionally, some are left in place. Other trap doors may be introduced by error and only later discovered by crackers who are roaming around, looking for a way into system programs and files.
Session Hijacking: Session hijacking is a relatively new type of attack in the communications category. Some types of hijacking have been around for a long time. In the simplest type, an unauthorized user gets up from his terminal to go get a cup of coffee. Someone lurking nearby probably a coworker who isn't authorized to use this particular system sits down to read or change files that he wouldn't ordinarily be able to access.
Tunneling: Tunneling uses one data transfer method to carry data for another method. Tunneling is an often legitimate way to transfer data over incompatible networks, but it is illegitimate when it is used to carry unauthorized data in legitimate data packets.
Timing Attacks: Timing attacks are another technically complex way to get unauthorized access to software or data. These include the abuse of race conditions and asynchronous attacks. In race conditions, there is a race between two processes operating on a system; the outcome depends on who wins the race. Although such conditions may sound theoretical, they can be abused in very real ways by attackers who know what they're doing. On certain types of UNIX systems, attackers could exploit a problem with files known as setuid shell files to gain superuser privileges. They did this by establishing links to a setuid shell file, then deleting the links quickly and pointing them at some other file of their own. If the operation is done quickly enough, the system can be made to run the attacker's file, not the real file. Asynchronous attacks are another way of taking advantage of dynamic system activity to get access. Computer systems are often called upon to do many things at the same time. In these cases, the operating system simply places user requests into a queue, then satisfies them according to a predetermined set of criteria; for example, certain users may always take precedence, or certain types of tasks may come before others. "Asynchronous" means that the computer doesn't simply satisfy requests in the order in which they were performed, but according to some other scheme. A skilled programmer can figure out how to penetrate the queue and modify the data that is waiting to be processed or printed. He might use his knowledge of the criteria to place his request in front of others waiting in the queue. He might change a queue entry to replace someone else's name or data with his own, or to subvert that user's data by replacing it. Or he could disrupt the entire system by changing commands so that data is lost, programs crash, or information from different programs is mixed as the data is analyzed or printed.
Trojan Horses: Trojan horses, viruses, worms, and their kin are all attacks on the integrity of the data that is stored in systems and communicated across networks. Because there should be procedures in place for preventing and detecting these menaces, they overlap with the operations security category as well. In the computer world, a trojan horse is a method for inserting instructions in a program so that program performs an unauthorized function while apparently performing a useful one. Trojan horses are a common technique for planting other problems in computers, including viruses, worms, logic bombs, and salami attacks. Trojan horses are a commonly used method for committing computer-based fraud and are very hard to detect.
Viruses and Worms: The easiest way to think of a computer virus is in terms of a biological virus. A biological virus is not strictly alive in its own right, at least in the sense that lay people usually view life. It needs a living host in order to operate. Viruses infect healthy living cells and cause them to replicate the virus. In this way, the virus spreads to other cells. Without the living cell, a virus cannot replicate. In a computer, a virus is a program which modifies other programs so they replicate the virus. In other words, the healthy living cell becomes the original program, and the virus affects the way the program operates. However, if a virus infects a program which is copied to a disk and transferred to another computer, it could also infect programs on that computer. This is how a computer virus spreads. The spread of a virus is simple and predictable and it can be prevented. Viruses are mainly a problem with PCs and Macintoshes. Virus infection is fortunately hard to accomplish on UNIX systems and mainframes. Unlike a virus, a worm is a standalone program in its own right. It exists independently of any other programs. To run, it does not need other programs. A worm simply replicates itself on one computer and tries to infect other computers that may be attached to the same network.
Salamis: The Trojan horse is also a technique for creating an automated form of computer abuse called the salami attack, which works on financial data. This technique causes small amounts of assets to be removed from a larger pool. The stolen assets are removed one slice at a time (hence the name salami). Usually, the amount stolen each time is so small that the victim of the salami fraud never even notices. One theoretical financial salami attack involves rounding off balances, crediting the rounded off amount to a specific account. Suppose that savings accounts in a bank earn 2.3%. Obviously, not all of the computations result in two-place decimals. In most cases, the new balance, after the interest is added, extends out to three, four, or five decimals. What happens to the remainders? Consider a bank account containing Rs. 22,500 at the beginning of the year. A year's worth of interest at 2.3% is Rs. 517.50, but after the first month the accumulated interest is Rs. 43.125. Is the customer credited with Rs. 43.12 or Rs. 43.13? Would most customers notice the difference? What if someone were funneling off this extra tenth of a penny from thousands of accounts every month? A clever thief can use a Trojan horse to hide a salami program that puts all of the rounded off values into his account. A tiny percentage of pennies may not sound like much until one add up thousands of accounts, month after month.
Data Diddling: Data diddling, sometimes called false data entry, involves modifying data before or after it is entered into the computer. Consider situations in which employees are able to falsify time cards before the data contained on the cards is entered into the computer for payroll computation. A timekeeping clerk in a 300-person company noticed that, although the data entered into the company's timekeeping and payroll systems included both the name and the employee number of each worker, the payroll system used only the employee's number to process payroll checks. There were no external safeguards or checks to audit the integrity of the data. She took advantage of this vulnerability and filled out forms for overtime hours for employees who usually worked overtime. The cards had the hardworking employees' names, but the time clerk's number. Payment for the overtime was credited to her.
IP Spoofing: IP stands for Internet Protocol, one of the communications protocols that underlie the Internet. Certain UNIX programs grant access based on IP addresses; essentially, the system running the program is authenticated, rather than the individual user. The attacker forges the addresses on the data packets he sends so they look as if they came from inside a network on which systems trust each other. Because the attacker's system looks like an inside system, he is never asked for a password or any other type of authentication. In fact, the attacker is using this method to penetrate the system from the outside.
Password Sniffing: Password sniffers are able to monitor all traffic on areas of a network. Crackers install them on networks that they especially want to penetrate, like telephone systems and network providers. Password sniffers are programs that simply collect the first 128 or more bytes of each network connection on the network that's being monitored. When a user types in a user name and a password as required when using certain common Internet services like FTP (which is used to transfer files from one machine to another) or Telnet (which lets the user log in remotely to another machine) the sniffer collects that information. Additional programs sift through the collected information, pull out the important pieces (e.g., the user names and passwords), and cover up the existence of the sniffers in an automated way.
Scanning: Scanning is a technique often used by novice crackers, called scanning or war dialing, also is one that ought to be prevented by good operations security. With scanning, a program known as a war dialer or demon dialer processes a series of sequentially changing information, such as a list of telephone numbers, passwords, or telephone calling card numbers. It tries each one in turn to see which ones succeed in getting a positive response.
Some of the technical terms used in cyber crime are as under:
• Arson - Targeting a computer center for damage by fire.
• Extortion - Threatening to damage a computer to obtain money.
• Burglary - Break-ins to steal computer parts.
• Conspiracy - People agreeing to commit an illegal act on computer.
• Espionage/Sabotage - Stealing secrets or destroying competitors’ records.
• Forgery - Issuing false documents or information via computer.
• Larceny/Theft - Theft of computer parts.
• Malicious destruction of property - Destroying computer hardware or software.
• Murder - Tampering with computerized life-sustaining equipment.
• Receiving stolen property - Accepting known stolen good or services via computer.
• Internet fraud - False advertising, credit card fraud, wire fraud, money laundering.
• Industrial espionage - Theft of proprietary information or trade secrets.
• National intelligence - Attempts by foreign governments to steal economic, political, or military secrets.
• Infowarfare - Cyber attacks by anyone on the nation's infrastructure to disrupt economic or military operations.
Scanning: Scanning is a technique often used by novice crackers, called scanning or war dialing, also is one that ought to be prevented by good operations security. With scanning, a program known as a war dialer or demon dialer processes a series of sequentially changing information, such as a list of telephone numbers, passwords, or telephone calling card numbers. It tries each one in turn to see which ones succeed in getting a positive response.
Some of the technical terms used in cyber crime are as under:
• Arson - Targeting a computer center for damage by fire.
• Extortion - Threatening to damage a computer to obtain money.
• Burglary - Break-ins to steal computer parts.
• Conspiracy - People agreeing to commit an illegal act on computer.
• Espionage/Sabotage - Stealing secrets or destroying competitors’ records.
• Forgery - Issuing false documents or information via computer.
• Larceny/Theft - Theft of computer parts.
• Malicious destruction of property - Destroying computer hardware or software.
• Murder - Tampering with computerized life-sustaining equipment.
• Receiving stolen property - Accepting known stolen good or services via computer.
• Internet fraud - False advertising, credit card fraud, wire fraud, money laundering.
• Industrial espionage - Theft of proprietary information or trade secrets.
• National intelligence - Attempts by foreign governments to steal economic, political, or military secrets.
• Infowarfare - Cyber attacks by anyone on the nation's infrastructure to disrupt economic or military operations.
