CYBER CRIME AND CYBER SECURITY
Abstract
The term computer security is used frequently, but the content of a computer is vulnerable to few risks unless the computer is connected to other computers on a network. As the use of computer networks, especially the Internet, has become pervasive, the concept of computer security has expanded to denote issues pertaining to the networked use of computers and their resources. The major technical areas of computer security are usually represented by the initials CIA: confidentiality, integrity, and authentication or availability. Confidentiality means that information cannot be access by unauthorized parties. Confidentiality is also known as secrecy or privacy; breaches of confidentiality range from the embarrassing to the disastrous. Integrity means that information is protected against unauthorized changes that are not detectable to authorized users; many incidents of hacking compromise the integrity of databases and other resources. Authentication means that users are who they claim to be.
INTRODUCTION
Cybercrime is defined as crimes committed on the internet using the computer as either a tool or a targeted victim.Cybercrime is criminal activity done using computers and the Internet. This includes anything from downloading illegal music files to stealing millions of dollars from online bank accounts. Cybercrime also includes non-monetary offenses, such as creating and distributingviruseson other computers or posting confidential business information on the Internet.
While computers and the Internet have made our lives easier in many ways, it is unfortunate that people also use these technologies to take advantage of others.
When the individual is the main target of Cybercrime, the computer can be considered as the tool rather than the target.Human weaknesses are generally exploited. The damage dealt is largely psychological and intangible, making legal action against the variants more difficult. These are the crimes which have existed for centuries in the offline.
These crimes are committed by a selected group of criminalsThese crimes are relatively new, having been in existence for only as long as computers have - which explains how unprepared society and the world in general is towards combating these crimes.
This is where the role of Computer Security comes in.
Computer security is a branch of technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users.
While Network security consists of the provisions made in an underlying computer network infrastructure, policies adopted by the network administrator to protect the network and the network-accessible resources from unauthorized access, and consistent and continuous monitoring and measurement of its effectiveness (or lack) combined together.
HISTORY OF CYBER CRIME
Cybercrime has had a short but highly eventful history. Apart from being an interesting study by itself, observing the history of cybercrime would also give the individual and society the opportunity to avoid the mistakes made in the past.
Here are the highlights to how this cyber termite has engulfed our cyber world.
1971
- John Draper discovers the give-away whistle in Cap'n Crunch cereal boxes reproduces a 2600Hz tone. Draper builds a ‘blue box’ that, when used with the whistle and sounded into a phone receiver, allows phreaks to make free calls. Esquire publishes "Secrets of the Little Blue Box" with instructions for making one. Wire fraud in the US escalates.
- A rogue program called the Creeper spreads through early Bulletin Board networks
1972
- The Internetworking Working Group is founded to govern the standards of the Internet. Vinton Cerf is the chairman and is known as a "Father of the Internet”.
1982
- Elk Cloner, an AppleII boot virus, is written.
- Hacker magazine 2600 begins publication (still in print; see Captain Crunch for the derivation of the name).
1985
- Online hacking magazine Phrack established.
1986
- Pakistani Brain, the oldest virus created under unauthorized circumstances, infects IBM computers.
- After many break-ins into govt. and corporate computers, Congress passes the Computer Fraud and Abuse Act,
1988
- Kevin Mitnick secretly monitors the e-mail of MCI and DEC security officials. He is convicted and sentenced to a year in jail.
- Kevin Poulsen is indicted on phone-tampering charges. He goes on the run and avoids capture for 17 months.
- First National Bank of Chicago is the victim of $70-million computer theft.
- Robert T. Morris, Jr., graduate student at Cornell University and son of a chief scientist at the NSA, launches a self-replicating worm (the Morris Worm) on the government's Arpanet (precursor to the Internet). The worm gets out of hand and spreads to over 6000 networked computers, clogging government and university systems. Morris is dismissed from Cornell, sentenced to three years' probation, and fined $10K.
1991
- Kevin Poulsen is captured and indicted for selling military secrets.
1992
- Dark Avenger releases 1st polymorphic virus.
1993
- During radio station call-in contests, hacker-fugitive Kevin Poulsen and friends rig the stations' phone systems to let only their calls through. They win two Porsches, vacation trips and $20,000.
- First DefCon hacker conference held in Vegas.
2007
- Retailer TJMaxx (Winners, Homesense) notifies consumers that server breaches between July 2005 and January 2007 had exposed personal data (45M+ debit and credit cards, $180M direct cost so far) (Jan).
- Payment services firm MoneyGram notifies consumers that server breaches exposed personal data (80K) (Jan).
- Nokia Canada Web Site defaced using an XSS attack (Jan).
- A priority code used to get a free platinum pass to MacWorld was validated on the client, enabling anyone get free passes (Jan) (A similar hack works in 2008).
- Online payment services firm E-Gold charged with money-laundering (Apr) (convicted in 2008)
- AG’s from several US States demand that NewsCorp’s social networking site MySpace provide list of sex offenders who have registered at the site (May).
- The Chinese government and military are accused of hacking other nations’ networks, including US pentagon networks, and German and UK government computers.
- DoS attacks are launched against various government websites in Estonia, including the country’s police, Min. of Finance and parliament (May).
- Oracle files lawsuit against SAP, charging that the company's TomorrowNow subsidiary had inappropriately downloaded software patches and documents from Oracle's online support service (Mar).
- Monster.com and other job sites are hacked and resume information stolen (Aug).
- Hackers post sensitive information on 1.2K e-Bay users to forum for preventing fraud on the auction site (Sep)
- TD Ameritrade announces that a compromised company computer had leaked the e-mail addresses of all its 6.3M customers from July 2006 (used for pump and dump spam). E*Trade suffers from similar attack (Sep).
- US Secret Service arrest security consultant Max Ray Butler (‘Max Vision’) for managing an identity theft ring on the online credit-counterfeiting forum, CardersMarket (Sep)
- A known vulnerability in the helpdesk software used by hosting provider Layered Technologies results in information leakage, including names, addresses, phone numbers and email addresses of up to 6,000 of the company's clients (Sep).
- A hacker exploits a leftover admin function on eBay to block users and close sales (Oct).
- The Storm Worm (a bot program first spotted in Jan), continues to spread spam, promote pump&dump schemes; hides bot computers with DNS fluxing, launches DoS attacks against machines probing its bots.
- Russian Business Network (RBN) offers bulletproof hosting, allowing sites which host illegal content to stay online despite legal takedown attempts. Sept’s attack on Bank of India, various MPack attacks use RBN services. (Oct)
- Aflaw in Passport Canada's websiteallowsaccess to the personal information -social insurance numbers, dates of birth and driver's licence numbers - of other people applying for new passports (Nov).
- Infamous Russian malware gang RBN use SQL injection to penetrate US government sites (Nov).
- A vulnerability in Word Press allows spammers to penetrate Al Gore’s web site, modify pages, and post spam comments (Nov)
- John Schiefer (LA) admits to using botnets to illegally install software on at least 250K machines and steal the online banking identities of Windows users. (Dec)
2008
- FTC settles with “Life is Good” ( which exposed credit card information due to SQL Injection flaw (Jan)
- Login page of Italian bank (Banca Fideuram) replaced using XSS (Jan)
- RIAA website DoS’ed, then defaced, using SQL Injection&XSS (Jan)
- CSRF used to hack a Korean e-commerce site (Auction.co.kr) and steal information on 18M users (Feb)
- MySpace and FaceBook private pictures exposed on-line using URL manipulation (Jan & Mar)
- Hackers steal 4.2M card numbers of Hannaford shoppers, resulting in over 2000 fraud cases (Mar)
- SQL and iFrame Injection are used to add JavaScript code to websites which then download viruses and other malware from hacker sites when browsed. Search Engine Optimization (SEO) techniques result in infected pages being placed high on Google’s’ search results. Affected sites number in excess of 200K. (Mar)
- Just before the Pennsylvania Democratic Primary, XSS is used to redirect users of Barack Obama’s website to Hillary Clinton’s (Apr)
- US Federal prosecutors charge parent who allegedly badgered a girl to suicide on MySpace with three counts of computer crime (conspiracy and hacking) (May)
- Radio Free Europe hit by DoS attack (May)
- Online payment service E-Gold pleads guilty to money laundering (Jul)
- Canadian Teachers Federation proposes adding Cyber-Bullying to Canadian Criminal Code (Jul)
- Canadian porn site Slick Cash pays $500K to Facebook after it tried to gain unauthorized access to Facebook’s friend-finder functionality back in June 2007 (Jul)
- Terry Childs, San Francisco City network admin, refuses to give out passwords, locking other admins out of network (Jul).
HACKERS VS CRACKERS
From many years there has been a misconception about hackers. The very basic definition of hacker is “someone involved inComputer security”. Hackers mainly have good knowledgeabout the programming as well as security in servers. Hackerspenetrate the security of servers by using programming skillsas well as different hacking tools, but all this security penetration is legal and authenticated as they have legal permission from admnis and they are especially appointed to find loop holes in the system.Crack3rs are actually having same knowledge as that of hackers but they do not care about any ethics or rule and have their own manifesto. In other sense Hackers are good people and crackers are computer criminals or terrorists. Hackers are categorized on the basis of their hat types and those types are
1. White Hat: - A white hat hacker breaks security for non-maliciousreasons, for instance testing their own security system. This type of hacker enjoys learning and working with computer systems
2. Grey Hat: - A grey hat hacker is a hacker of ambiguous ethics and/or borderline legality, often frankly admitted.
3.Black Hat:- A black hat hacker is someone who breaks computer security without authorization or uses technology (usually a computer, phone system or network) for vandalism, credit card fraud, identity theft, piracy, or other types of illegal activity. Still there are some other types of crackers as well they includefollowing categories
4. Script kiddies: - A script kiddie is a non-expert who uses tools written by others, usually with little understanding.
5. Hacktivist: - A hacktivist is a hacker whouses technology to announce social or religiousmatter. These are also known as cyber terrorists. In modern era both of these people have major role in internet security.
NEED OF SECURITY IN INDIA
China's intensified cyber warfare against India is becoming a serious threat to national security. The desire to possess 'electronic dominance' over India has compelled Chinese hackers to attack many crucial Indian websites and over the past one and a half years, they have mounted almost daily attacks on Indian computer networks - both government and private.
In October 2007, for example, Chinese hackers defaced over 143 Indian websites. In April 2008, Indian intelligence agencies detected Chinese hackers breaking into the computer network of the Ministry of External Affairs forcing the government to think about devising a new strategy to fortify the system. Though the intelligence agencies failed to get the identity of the hackers, the IP addresses left behind suggested Chinese hands.
While hacking is a normal practice around the world, the cyber warfare threat from China has serious implications. At the core of the assault is the fact that the Chinese are constantly scanning and mapping India's official networks. According to India's CERT-In, in the year 2006, a total of 5,211 Indian websites were defaced, on an average of about 14 websites per day. Of the total number of sites that were hacked and defaced, an overwhelming majority were in the .com domain (90 cases) followed by 26 in the .in domain. As many as 11 defacement incidents were also recorded in the .org domain.
Of all hacking incidents in October, about 61 per cent related to phishing, 27 per cent to unauthorized scanning and 8 per cent to viruses/worms under the malicious code category. India, like the western countries, has been witnessing a massive rise in phishing attacks with incidents in 2006 180 per cent higher than in 2005, and the trend carrying through into 2007.Though the maximum defacements have been recorded during August, in 2007, February and March recorded the highest such cases with 858 and 738 websites defaced respectively. August, by contrast, saw only 345 websites defaced. While other countries treat Chinese cyber attacks as security breaches, India considers these intrusions as the equivalent of Internet-based terrorist attacks. An Indian Army commanders' conference held in New Delhi on 26 April, voiced concern over mounting attacks on the country's networks. In the US, in June 2007, the Pentagon's computers were shut down for a week as a result of hacking.
At the frequency and aggressiveness of cyber attacks President Bush, without referring directly to Beijing, had said last year that "a lot of our systems are vulnerable to attack." The Chinese military hacked into the US Defence Secretary's computer system in June 2007 and regularly penetrated computers in at least ten of the UK's Whitehall departments, accessing also military files. German Chancellor, Angela Merkel, too has complained to Chinese Premier, Wen Jiabao, over suspected hacks of its government systems.
Although Beijing vehemently denies all allegations of state-controlled cyber snooping and hacking, the Chinese government as well as its society hails the practice of hacking for the national cause. The formation of Honker Union in China in 1999, in retaliation to the US bombing of the Chinese embassy in Belgrade, was aimed at widespread hacking under the guise of patriotism and nationalism, mostly of government-related websites around the world.
Unless India takes adequate steps to protect itself from external cyber threats, the world famous IT giant could be facing a grim situation. Cyber attacks are dangerous for India because of the growing reliance on networks and technology to control critical systems that run power plants and transportation systems. Cyber attacks on banks, stock markets and other financial institutions could likewise have a devastating effect on a nation's economy.
As a countermeasure, the Indian armed forces are trying to enhance their C4ISR capabilities, so that the country can launch its own cyber offensive if the need arises. Given Chinese cyber attacks, there is need for the army to fight digital battles as well. According to Indian Army Chief, General Deepak Kapoor, the army has already ramped up the security of its information networks right down to the division level, while the Army Cyber Security Establishment has started conducting periodic cyber-security audits as well. However, the question remains: is this enough to stop Chinese cyber attacks?
TYPES OF ATTACKS
As hackers as well as crackers have tendency of breaking into the computers they use many types of attacks on their target to find loop holes in it or to break the security. These types of attacks are either developed by hacker itself or they can be some standard one. We are going to explain few of those famous attacks by crackers or hackers on systems.
1) Ip spoofing:-This is very basic type of attack. In IP spoofing, the attacker gains an unauthorized access to the computers and makes it appear that the connection message has come from the trusted computer and the true identity of the attacker is hidden. Spoofing is the most common way to break into the network.IP spoofing is the most common forms of on line camouflage. IP spoofing was first talked about in the early 1980’s. It wasn’t used in practically unless Robert Morris discovered a weakness in the TCP protocol known as sequence prediction. It was again brought to the light when, Kevin Metnick employed the technique of sequence prediction and IP spoofing and made a program called “Christmas Day” which cracked Tsutomu Shimomura’s machine which was very famous for the wrong reasons. Though we hear the usage of IP spoofing to be used for the wrong purposes but still we can use IP spoofing for the security reasons as well. And it is needed to be addressed by security administrators as well. To know exactly how the spoofing works, we need to take a look upon the TCP/IP protocol and IP headers.
IP is a protocol which resides at the third layer of OSI model. Now as we know the basic protocol to send data over the network is the IP protocol. Now the important thing to notice from the view of attacker is this protocol is a connectionless protocol, which means that there is no record of the information of the packets in the transition state which is used to route the packets. And on the top of that, there is no provision to check whether the packet has been properly delivered to the destination or not. The basic thing we can notice about the IP header is source address and destination address. The attacker in this case usually depends upon the source address. This is because the attacker wants to send the spoofed packets to the destination in such a way that the source address would be fake or forged. Therefore the attacker can make it appear to the destination that the packets have come from the machine which it knows.