Computer Crime and Cyber-Terrorism - Essay Example

 Computer Crime and Cyber-Terrorism Introduction: Information is the new mantra that spells success in the modern world. Intellectual capital is important and the use of business worldwide webs spells power. (Lynn, 2000). The emergence of the Internet has globalized the business environment and dissolved boundaries between nations, but it has also generated a set of problems relating to security of information that is transmitted over electronic boundaries. Through the use of tactics such as phishing, attacking PCs and computer systems with malicious software and corporate crimes such as stealing of passwords and confidential financial information such as account numbers and credit card numbers, hackers are able to not only gain access to sensitive information but also hold companies to ransom and demand money, so that the threat to security at a particular corporate entity are not revealed. Yet another dangerous result of the developments in technology and the availability of the Internet has occurred in the field of cyber terrorism, offering terrorists an expanded platform from which to propagate their ideas and launch their attacks (www.ntrg.cs.tcd.ie). Online crimes: Online crime has now become a multi billion dollar business. Hackers are becoming increasingly sophisticated in the means they use to get users to disclose confidential financial and personal information, which is then misused. According to an expert in online risk management, the world of computer security is increasingly under threat because users leave large online footprints.(Lush, 2007). Online crime may be of three types – phishing, malware and corporate attacks. Phishing is the practice of sending emails with links that direct users to websites where they unwittingly disclose confidential data or expose their systems to malicious software. It is mainly financial institutions that are targeted through such methods, with the number of such websites being estimated at 55,000 in April 2007 (Lush, 2007). Malware and corporate attacks may destroy or steal confidential business and customer data, or may convert a computer system into a “bot”, whereby it is controlled by someone else who gains access to all the sensitive information that is present on the computer. Banks are most often the targets of online crimes. In a recent study conducted at the University of Berkeley, the Bank of America was found to be the largest target of identity theft, followed by other banks such as HSBC and Washington Mutual (Seltzer, 2008). Viruses and Spam mail: Threats are also posed to the security of ordinary citizens, through the potential for compromising the confidentiality of the personal and financial information they may exchange over the web. Malicious software can infect computers and spread to other users through emails with attachments. Such viruses can paralyze systems and cause them to shut down and computers to crash. One recent example of a malicious virus is the Storm Worm, which is believed to have been around since 2006. This virus is generated when email attachments are opened and infiltrates the system by utilizing browser vulnerabilities. (Smith, 2008). It is also difficult for security systems to detect because the virus attaches itself to files that appear legitimate, but which also carries a rookit, so that the malicious software remains hidden and escaped detection. The virus turns computers into zombies by removing software installed on the machine and generating spam messages. Such malicious software falls under the category of Dos (Denial of Service) attacks, which in effect, flood company websites and take it offline, resulting in delays and huge losses.(Lush, 2007). The hackers may also demand money to restore data, or worse still, may sell and financial data about users gleaned in this manner to others. In explaining the motivation for hackers to engage in such criminal and destructive acts, Young et al (2007) have cited the following reasons: (a) they perceive that a high utility value is to be achieved from hacking, since companies are often anxious to gain back the confidential data of their customers and are willing to pay for the retrieval of such information (b) there are few if any informal sanctions that exist against online criminal behavior and this area is very loosely policed, hence (c) the likelihood of punishment is very low, since tracking the identity of hackers is also difficult, given the anonymity of the Internet medium. A recent risk that has arisen in the web arena is the stealing of domains. When users are logged into secured sites and simultaneously access unsecured sites, this allows scammers the opportunity to engage in cross site scripting and cross site referencing, which are difficult to spot, but can result in confidential information being compromised (Anonymous, Jan 14, 2008). Uses of Google and Facebook are encouraged to remain logged in permanently, but this can mean identity being compromised or blogs being stolen by hackers. (Anonymous, Jan 14, 2008). There are also devices that are now available in the market, known as Keysharks, which plug in between the keyboard and computer and unobtrusively, without the user’s knowledge record every single keystroke made on a PC, without any need for connection to a power source (Fox, 2008). Such undetectable devices are being sold to parents to monitor their children’s use of the Internet, but it is precisely such devices that also allow criminal elements to gain access to passwords and credit card details that are entered into multiple user computers. This further highlights the need for users to be extra cautious and careful about providing any confidential financial information over the Internet, unless it is through a secured mode of access, because through the use of such devices, unauthorized users may access sensitive information such as passwords and account numbers. Cyber terrorism: Increasing globalization has seen Internet use widening to encompass a new sphere of activities facilitated through the electronic medium. The pervasiveness of Cyberspace results in the availability of large quantities of information, which can be a weapon of control in the wrong hands (Kushner, 1998). Since the Internet is a relatively anonymous medium which is also very cheap to operate and can send out thousands of duplicates of a terrorist message out to multiple users across the globe simultaneously, it’s now possible to achieve individually, using minimal resources, a range and scope of terror generating activity that would have previously necessitated the availability of a vast amount of resources and several people. Since most commercial and Government activity has now become e-based, terrorists can cause a great deal of damage by hacking into the databases of Government organizations, because information technology and the use of the Internet “creates vulnerabilities that can be exploited by individuals, organizations and states.” (www.csis-scrs.gc.ca). According to Hoffman (1998), this form of electronic terrorism and criminal activity seeks out civilian and Governmental targets and may not necessarily be driven by the achievement of political goals. Causing disruption to Government services and compromising the security and confidentiality of Government information poses a significant threat, which is difficult to counter. Information and communication technology (ICT) is used by unscrupulous individuals to distort or modify information or to spread terrorist propaganda in a manner that is likely to disrupt the normal functioning of a Government/country and create terror and panic through the weapon of threat. Such cyber crimes involve combat with an unseen enemy, anonymous in the e-maze of the Internet, who is at an unspecific geographic location that cannot be determined and may not be organized in the traditional hierarchical framework which law enforcement agencies are familiar with, so that the focus of the attack becomes indeterminate. The biggest advantage offered by the cyber architectural framework is the relative anonymity and the facility of secret communication, and the inherent difficulties in regulating such a vast, uncharted medium. According to the Simon Weisenthal Center in Los Angeles where websites are constantly being monitored, there are about 51 websites currently in existence, which openly advocate terrorism and have chosen to set up their sites outside the United States to avoid prosecution.(Hate Crime on the Internet, 1998). In a similar manner, Islamic fundamentalist groups like Hamas and the United Islamic Students Association in Europe, also operate out of unspecified locations, spreading their militant message through the use of the web (www.tawheed.org). Measures to tackle Internet crime: On the basis of the above, it may thus be noted that there are several risks posed to security in the online environment, not only to ordinary individuals, but also to corporate entities and Government agencies. While the nature of attacks through malicious software and spam emails can range from mild interference to a serious threat in the form of loss of sensitive information, they can cause large scale financial losses and secure information can be compromised. The difficulties in policing internet crime have been pointed out by internet crime police, because traditional policing is geographically focused, but the tracking and capture of perpetrators of internet crime require coordinated intelligence.(Anonymous, Feb 11, 2008). Another drawback in traditional policing is that fraud, which constitutes corporate crime, is not given as much importance, whereas Internet crime is largely centered on corporate fraud. In tackling Internet crime, it may be necessary to centralize criminal units and eliminate geographical distinctions, so that the crime can tackled on a more diffuse and wide ranging basis in order to generate effective solutions. In order to tackle the problems of phshing, malware and the stealing of identities, credit card companies were using a 3-D Secure Protocol, which in the case of Visa card sis referred to as Verified and in the case of Mastercard, as SecureCode. But this has not been very successful in generating user confidence, because it directs the user to an unusual URL with a strange screen, which constitutes an intrusion for credit card users (Anonymous, April 14, 2008). Furthermore, this method still uses a static password, which can still fall victim to unscrupulous hackers who can harvest it. As a result, the credit card companies have now come up with the VeriSign Identity protection scheme, to protect against fraud. This scheme comprises a one-time pass code generating card, which is a shared authenticating network, so that only one card is required rather than different cards with different passwords for each transaction. The Computer Fraud and Abuse Act is the main statutory provision that has been laid out to deal with hackers into corporate systems and confidential accounts. Under the provisions of this Act, offenders can be heavily fined and imprisoned from one to twenty years, with the severity of the punishment always exceeding the crime in order to function as a deterrent.(Young et al, 2007). While these are good measures in the right direction, there is no substitute for the exercise of ordinary precautions by a user, such as not divulging sensitive, confidential information and not clicking on unknown links. Exercising precautions is vital in the light of the threats to security that are posed by hackers, terrorists and other unscrupulous elements. References: * Anonymous, 2008. “A stolen domain highlights new web risks”, IT Week, Jan 14, 2008:9 * Anonymous, 2008. “Chief calls for central e-crime unit”, IT Week, Feb 11, 2008. * Anonymous, 2008. “Fraudsters may be about to meet their match”, IT Week, April 14, 2008: 9 * Bernadette E. Lynn (2000) “Intellectual Capital: Unearthing Hidden Value by Managing Intellectual Assets”, Ivey Business Journal., Jan.-Feb, at pp 48. * “Cyberterrorism. (2002). [Online] Available at: http://ntrg.cs.tcd.ie/undergrad/4ba2.02/infowar/terrorism.html * Fox, Barry, 2008. “Taking risks with Security”, Personal Computer World, August 2008. * “Hate Crime on the Internet” (1998). International Police Review, January/February, pp 28 * Hoffman, Bruce. (1998). “Inside Terrorism”, London” Victor Gollancz * Kushner, Harvey, W, 1998. “The Future of Terrorism: Violence in the New Millennium”, London: Sage * Lush, Edie G, 2007. “How cyber crime became a multi-billion pound industry”, The Spectator, June 16, 2007. * Seltzer, Larry, 2008. “Measuring Identity theft at top banks: Is your bank a top target? Does it matter?” PC Magazine, 27(7). * Smith, Brad, 2008. “A storm (Worm) is brewing”, Technology News, February 2008: 20-22 * The Islamic Students website: http://www.tawheed.org/newsnviews * 1996 Canadian Security Intelligence Service Public Report, Part IV (Information technology). [Online] Available at: http://www.csis-scrs.gc.ca/eng/publicrp/publ1996 e.html * Young, Randall, Zhang, Lixuan and Prybutok, Victor R, 2007. “Hacking into the minds of hackers”, Information Systems Management, 24: 281-287 Read More