2019

CyberCrime

By:
Umair Shabbir (63435)
Taha Aziz

Cryptography
Sir M. Mustaqeem
PAF-KIET
 ABSTRACT

In this report, we will first try to establish the agreed upon definition of
cyber-crime, and in which ways it’s different from other types of crime.
We will then discuss a brief history of cybercrime, from ‘Phreakers’
who used to hack telephone lines to the advent of the ARPANET
through the 1970’s and then with time how it evolved and though
1990’s and the initial hackings of the large known enterprises to the
present day.

We will then breakdown the larger concept of Cyber-Crime into more

understandable categories and then will discuss how different types of
categories are harming the cyber-system. After discussing each
category, we will then try to give solutions on how to prevent and fight
with the cybercriminals through identifying who should fight in these
cyber wars and how can we help cybercrime fighters with the help of
education and training at all levels.

1|Page
 Table of Contents

I. INTRODUCTION ............................................................................................................................... 3
What is CyberCrime? .......................................................................................................................... 3
A Brief History of CyberCrime: ............................................................................................................ 3
II. LITERATURE REVIEW ....................................................................................................................... 5
Categorizing Cybercrime: .................................................................................................................... 5
Violent or Potentially Violent Cybercrime Categories: ....................................................................... 6
1. Cyberterrorism: ....................................................................................................................... 6
2. Assault by threat: .................................................................................................................... 6
3. Cyberstalking:.......................................................................................................................... 7
4. Child Pornography: ................................................................................................................. 7
Nonviolent Cybercrime Categories: .................................................................................................... 7
1. Cybertrespasing: ..................................................................................................................... 7
2. Cybertheft: .............................................................................................................................. 8
3. Cyberfraud: ............................................................................................................................. 9
4. Destructive Cybercrimes: ........................................................................................................ 9
5. Other Nonviolent Cybercrimes: .............................................................................................. 9
III. METHODOLOGY ........................................................................................................................ 10
Fighting Cybercrime: ......................................................................................................................... 10
Determining Who Will Fight Cybercrime: ..................................................................................... 11
Educating Cybercrime Fighters: .................................................................................................... 11
Getting Creative in the Fight Against Cybercrime:........................................................................ 13
IV. SUMMARY ................................................................................................................................. 14
V. REFERENCES ............................................................................................................................. 15

2|Page
I. INTRODUCTION
It is said that when there is vulnerability, someone will exploit that to its own gain.
The cybercrime ought to start with the advent of Internet, for the reason that
without Internet, it would not have existed.

Debates of Cybercrime can be found in multiple sources including academic journals,

computer & science magazines, newspaper related articles; it has been the topic of
cinemas, TV programs and radio transmissions. However, even though an apparent
acceptance of and knowledge of the term, there exist vividly varied opinions of what
Cybercrime actually is.

What is CyberCrime?
Many people will find it difficult to define the term precisely, despite the fact that
the word “Cybercrime” has entered into our common usage. Furthermore, there is
no catchall term for the tools and software which are used in the commission of
certain online crimes.

Just like traditional crime, Cybercrime has many different planes and befalls in a
wide range of scenarios and environments. The Council of Europe’s Cybercrime
Treaty uses the term “Cybercrime” to refer to offences ranging from criminal activity
against data to content and copyright infringement. However, Zeviar-Geese propose
that the definition is larger, including activities such as unauthorized access, child
pornography, fraud and cyber-stalking. The United Nations Manual on the
Prevention and Control of Computer Related Crime includes forgery, fraud, and
unauthorized access in cybercrime definition.

A Brief History of CyberCrime:

The idea of theft is as ancient as the idea of privately owned property, and an
element of nearly all societies is devoted to taking as much as possible of what isn’t
theirs—by whatever means they can. At the start of the 1970s, criminals frequently
committed crimes via telephone lines. The culprits were called “Phreakers” and
discovered that the telephone system in America functioned on the basis of certain
tones. They used to imitate these tones to make free calls.

3|Page
 Cybercrime didn’t spring up as a full-scale problem overnight. In the initial days of
computing and networking, the average criminal didn’t possess either the necessary
hardware or the technical expertise to snatch the digital opportunity of the day. In
reality, there was no real cybercrime until the 1980s. A person hacked another
person’s computer to find, copy or manipulate personal data and information. The
first person found to be guilty of cybercrime was ‘Ian Murphy’, a.k.a. Captain Zap,
and in 1981. He hacked the American telephone company to manipulate its internal
clock, so that users could still make free calls at peak hours. Many of the early
computer hackers began their criminal careers as phone phreakers.

By 1991, e-mail users had begun to consider the chance that their Internet
communications would be intercepted. The first cyberbank, called First Virtual, came
online in 1994, opening up big new opportunities for hackers. Also that year,
scientists began study on IPv6. The main purpose of the new version was to address
the expected shortage of IP addresses using the present IPv4’s 32-bit address space,
but another concern addressed by the new protocol version was to be IP security.

In 1996, Central Intelligence Agency, U.S. Department of Justice and Air Force
computers (among others) were hacked. In the next three years, many more
government agencies and prominent companies had their systems hacked, including
the U.S. Department of Commerce, and the New York Times, UNICEF, eBay,
Microsoft, and the U.S. Senate Web sites also fell victim to hackers.

As we entered the 2000s, a huge, distributed DoS attack shut down major Web sites
such as Yahoo! and Amazon, Apache, RSA Security, and Western Union were hacked,
the Code Red worm attacked thousands of Web servers, and the Sircam virus hit e-
mail accounts all over the world.

The new millennium brought with it the increasing popularity of new and thrilling
technologies, such as wireless networking and low-cost, high-speed “always on”
connectivity options through Digital Subscriber Line (xDSL) and cable modem. These
technologies have become accessible in growing numbers of places. Unfortunately,
these technologies also offer new openings for cybercriminals.

4|Page
II. LITERATURE REVIEW
Cybercrime can be normally defined as a sub-category of computer crime. The term
refers to criminal offenses committed using the Internet or another computer
network as a component of the crime. In many cases, crimes that would be called
cyber-crimes are really just the “same old things,” except that a computer network is
someway involved. In other cases, the crime is distinctive and came into reality with
the arrival of the Internet. Unauthorized access is an example; while it might be
likened to breaking and entering a home or business building, the fundamentals that
cover unauthorized computer access and physical breaking and entering are unlike.

Another problem with adequately defining cybercrime is the lack of concrete

statistical data on these offenses. There is no mandated, standardized record-
keeping system; each agency can set up its own database, use one of many
proprietary record-keeping software packages marketed to law enforcement, or
even keep the records manually.

Agencies that deal with cybercrime must formulate their own cybercrimespecific
categories for internal record keeping in order to accurately determine the types of
cybercrimes occurring in their jurisdictions. This is where IT professionals can work
with law enforcement to help more clearly and specifically define the elements of an
offense so that it can be investigated and prosecuted properly. Agencies might need
to hire outside IT security specialists as consultants and/or officers might need to
receive specialized training to understand the technical elements involved in various
cybercrimes.

Categorizing Cybercrime:

Categorizing crimes as property crimes, crimes against persons, weapons offenses,

official misconduct, and so on is useful in that it helps us organize related, specific
acts into groups. That way, general statistics can be collected and law enforcement
agencies can form special units to deal with related types of crimes. Furthermore,
officers can specialize and thus become more expert in categories of crime.

There are several ways we can categorize the various cybercrimes. We can start by
dividing them into two very broad categories: one, those crimes committed by
violent or potentially violent criminals, and two, nonviolent crimes.

5|Page
 Violent or Potentially Violent Cybercrime
Categories:

Violent or potentially violent crimes that use computer networks are of highest
priority for obvious reasons: these offenses pose a physical danger to some person
or persons. Types of violent or potentially violent cybercrime include:

 Cyberterrorism
 Assault by threat
 Cyberstalking
 Child pornography

1. Cyberterrorism:

Cyberterrorism refers to terrorism that is committed, planned, or coordinated in

cyberspace—that is, via computer networks. This category includes using e-mail for
communications between coconspirators to impart information to be used in violent
activities as well as recruiting terrorist group members via Web sites.

More ambitiously, it could include sabotaging air traffic control computer systems to
cause planes to collide or crash; infiltrating water treatment plant computer systems
to cause contamination of water supplies; hacking into hospital databases and
changing or deleting information that could result in incorrect, dangerous treatment
of a patient or patients; or disrupting the electrical power grid, which could cause
loss of air conditioning in summer and heat in winter or result in the death of
persons dependent on respirators in private residences if they don’t have generator
backup.

2. Assault by threat:

Assault by threat can be committed via e-mail.This cybercrime involves placing

people in fear for their lives or threatening the lives of their loved ones (an offense
that is sometimes called terroristic threat). It could also include e-mailed bomb
threats sent to businesses or governmental agencies.

6|Page
 3. Cyberstalking:

Cyberstalking is a form of electronic harassment, often involving express or implied

physical threats that create fear in the victim and that could escalate to real-life
stalking and violent behavior.

4. Child Pornography:

Child pornography involves a number of aspects: people who create pornographic

materials using minor children, those who distribute these materials, and those who
access them. When computers and networks are used for any of these activities,
child pornography becomes a cybercrime.

Child pornography is generally considered a violent crime, even if some of the

persons involved have had no physical contact with children. This is the case because
sexual abuse of children is required to produce pornographic materials and because
people who are interested in viewing these types of materials often do not confine
their interest to pictures and fantasies but are instead practicing pedophiles, or
aspire to be, in real life.

Nonviolent Cybercrime Categories:

Most cybercrimes are nonviolent offenses, due to the fact that a defining
characteristic of the online world is the ability to interact without any physical
contact. The perceived anonymity and “unreality” of virtual experiences are the
elements that make cyberspace such an attractive “place” to commit crimes.

Nonviolent cybercrimes can be further divided into several subcategories:

 Cybertrespass
 Cybertheft
 Cyberfraud
 Destructive cybercrimes
 Other cybercrimes

1. Cybertrespasing:

In cybertrespass offenses, the criminal accesses a computer’s or network’s resources

without authorization but does not misuse or damage the data there. A common
example is the teenage hacker who breaks into networks just “because he (or she)

7|Page
 can”—to hone hacking skills, to prove him- or herself to peers, or because it’s a
personal challenge.

Cybertrespassers enjoy “snooping,” reading your personal e-mail and documents

and noting what programs you have on the system, what Web sites you’ve visited,
and so forth, but they don’t do anything with the information they find. Nonetheless,
cybertrespass is a crime in most jurisdictions, usually going under the name of
“unauthorized access, ”breach of network security” or something similar.

2. Cybertheft:

There are many different types of cybertheft, or ways of using a computer and
network to steal information, money, or other valuables. Because profit is an almost
universal motivator and because the ability to steal from a distance reduces the
thief’s risk of detection or capture, theft is one of the most popular cybercrimes.

Cybertheft offenses include:

a. Embezzlement, which involves misappropriating money or property for your own

use that has been entrusted to you by someone else (for example, an employee
who uses his or her legitimate access to the company’s computerized payroll
system to change the data so that he is paid extra, or who moves funds out of
company bank accounts into his own personal account.
b. Unlawful appropriation, which differs from embezzlement in that the criminal
was never entrusted with the valuables but gains access from outside the
organization and transfers funds, modifies documents giving him title to property
he doesn’t own, or the like.
c. Corporate/industrial espionage, in which persons inside or outside a company
use the network to steal trade secrets (such as the recipe for a competitor’s soft
drink), financial data, confidential client lists, marketing strategies, or other
information that can be used to sabotage the business or gain a competitive
advantage.
d. Plagiarism, which is the theft of someone else’s original writing with the intent of
passing it off as one’s own.
e. Piracy, which is the unauthorized copying of copyrighted software, music,
movies, art, books, and so on, resulting in loss of revenue to the legitimate owner
of the copyright.
f. Identity theft, in which the Internet is used to obtain a victim’s personal
information, such as Social Security and driver’s license numbers, in order to
assume that person’s identity to commit criminal acts or to obtain money or
property or use credit cards or bank accounts belonging to the victim.

8|Page
 g. DNS cache poisoning, a form of unauthorized interception in which intruders
manipulate the contents of a computer’s DNS cache to redirect network
transmissions to their own servers.

3. Cyberfraud:

Generally, cyberfraud involves promoting falsehoods in order to obtain something of

value or benefit. Although it can be said to be a form of theft, fraud differs from
theft in that in many cases, the victim knowingly and voluntarily gives the money or
property to the criminal—but would not have done so if the criminal hadn’t made a
misrepresentation of some kind.

4. Destructive Cybercrimes:

Destructive cybercrimes include those in which network services are disrupted or

data is damaged or destroyed, rather than stolen or misused. These crimes include:

Hacking into a network and deleting data or program files

 Hacking into a Web server and “vandalizing” Web pages.

 Introducing viruses, worms, and other malicious code into a network or
computer.
 Mounting a DoS attack that brings down the server or prevents legitimate
users from accessing network resources.

Cybervandalism can be a random act done “just for fun” by bored hackers with a
malicious streak, or it might be a form of computer sabotage for profit (erasing all
the files of a business competitor, for example). In some cases, cybervandalism
might be performed to make a personal or political statement (as in cybergraffiti).

5. Other Nonviolent Cybercrimes:

There are many more nonviolent varieties of cybercrime. Again, many of these only
incidentally use the Internet to accomplish criminal acts that have been around
forever (including the world’s oldest profession). Some examples include:

 Advertising/soliciting prostitution services over the Internet.

 Internet gambling.

 Internet drug sales (both illegal drugs and prescription drugs).

9|Page
  Cyberlaundering, or using electronic transfers of funds to launder illegally
obtained money.

 Cybercontraband, or transferring illegal items, such as encryption technology

that is banned in some jurisdictions, over the Internet.

III. METHODOLOGY
As cybercrime proliferates, it will obviously be impossible for law enforcement
agencies to devote the time and effort required to investigate and prosecute every
instance of Internet-related criminal activity. In dealing with law enforcement
officials on cybercrime cases, it is important for IT professionals to understand how
these factors might cause some cybercrimes to be investigated more enthusiastically
and prosecuted more vigorously than others.

Fighting Cybercrime:
To successfully fight cybercrime, as with any other type of crime, we must first
understand it. Know thine enemy is good advice, regardless of the type of war we
plan to wage. The first step in developing a plan to fight cybercrime is to define it,
both generally and specifically.
Another important element in determining our strategy against cybercrime is to
collect statistical data so that we can perform an analysis to detect patterns and
trends. Without reliable statistics, it is difficult to establish effective prevention and
enforcement policies.
Statistics are the basis for the next step: writing clear, enforceable laws when
needed to address cybercrimes that aren’t covered by existing laws. Finally, an
effective crime-fighting effort must educate all those who deal with or are touched
by cybercrime: those in the criminal system community, those in the IT community,
and those in the community at large.

10 | P a g e
 Determining Who Will Fight Cybercrime:

By necessity, the fight against cybercrime must involve more than just the police.
Legislators must make appropriate laws. The IT community and the community at
large must be on the lookout for signs of cybercrime and report it to the
authorities—as well as taking measures to prevent becoming victims of these crimes
themselves. The law enforcement community must investigate, collect evidence, and
build winnable cases against cybercriminals. Jurors must weigh the evidence and
make fair and reasonable determinations of guilt or innocence. Courts must assign
fair and effective penalties. The corrections system must attempt to provide
rehabilitation for criminals who might not fit the standard “criminal profile.”

A major problem in writing, enforcing, prosecuting, and interpreting cybercrime laws

is the lack of technical knowledge on the part of people charged with these duties.
Legislators, in most cases, don’t have a real understanding of the technical issues
and what is or is not desirable—or even possible—to legislate. Police investigators
are becoming more technically savvy, but in many small jurisdictions, no one in the
department knows how to recover critical digital evidence. The budget might not
allow for bringing in high-paid consultants or, for instance, sending a disk to a high-
priced data recovery service (not to mention the fact that both of these options can
create chain-of-custody issues that might ultimately prevent the recovered data
from being admissible as evidence).

Judges, too, often have a lack of technical expertise that makes it difficult for them
to do what courts do: interpret the laws. The fact that many computer crime laws
use vague language exacerbates the problem.

The answer to all these dilemmas is the same: education and awareness programs.
These programs must be aimed at everyone involved in the fight against cybercrime,
including:

 Legislators and other politicians

 Criminal justice professionals
 IT professionals
 The community at large and the cyberspace community in particular

Educating Cybercrime Fighters:

An effective cybercrime-fighting strategy requires that we educate and train

everyone who will be involved in preventing, detecting, reporting, or prosecuting

11 | P a g e
 cybercrime. Even potential cybercriminals, with the right kind of education, could be
diverted from criminal behavior.

Educating Legislators and Criminal Justice Professionals:

Those who make, enforce, and carry out the law already understand the basics of
legislation, investigation, and prosecution. They need training in the basics of
information technology: how computers work, how networks work, what can and
cannot be accomplished with computer technology, and most important, how
crimes can be committed using computers and networks.

Educating Information Technology Professionals:

IT professionals already understand computer security and how it can be breached.

The IT community needs to be educated in other areas:
a. Computer crime awareness: An understanding of what is and isn’t against the
law, the difference between criminal and civil law, penalty and enforcement
issues.
b. How laws are made: This area includes how IT professionals can get involved at
the legislative level by testifying before committees, sharing their expertise, and
making their opinions known to members of their governing bodies.
c. How crimes are investigated: This area includes how IT professionals can get
involved at the investigative level by assisting police, both as victims and
interested parties and as consultants to law enforcement agencies.
d. How crimes are prosecuted: This area includes how IT professionals can get
involved at the prosecution level as expert witnesses.
e. The basic theory and purpose behind criminal law and the justice system This
area includes why IT professionals should support laws against computer crime.

Educating and Engaging the Community:

Finally, we must educate the community at large, especially the subset that consists
of the end users of computer and network systems. These are the people who are
frequently direct victims of cybercrime and who all are ultimately indirect victims in
terms of the extra costs they pay when companies they patronize are victimized and
the extra taxpayer dollars they spend every year in response to computer-related
crimes.
Law enforcement and IT professionals need to work more closely with the
community (including businesses, parents, students, teachers, librarians, and others)
to build a cybercrime-fighting team that has the skills, the means, and the authority
necessary to greatly reduce the instances of crime on the Internet

12 | P a g e
 Getting Creative in the Fight Against Cybercrime:
The fight against cybercrime has the best chance for success if we approach it from
many different angles. The legal process is just one way to fight crime. The best
methods are proactive rather than reactive—that is, it’s best to prevent the crime
before it happens. Failing that, this section discusses some creative ways that
businesses and individuals can shield themselves from some of the consequences of
being victims if a cybercrime does occur.

Using Peer Pressure to Fight Cybercrime:

One way to reduce the incidence of Internet crime is to encourage groups to apply
peer pressure to their members. If cybercriminals are shamed rather than admired,
some will be less likely to engage in the criminal conduct. This method is especially
effective when it comes to young people. Many teenage hackers commit network
break-ins in order to impress their friends. If more technology oriented young people
were taught a code of computer ethics early — emphasizing that respect for others’
property and territory in the virtual world is just as important as it is in the physical
world—hackers might be no more admired by the majority of upstanding students
than are the “bad kids” who steal cars or break into houses.

Of course, some people will commit crimes regardless of peer pressure, but this
pressure is a valuable tool against many of those cybercriminals who are otherwise
upstanding members of the community and whose criminal behavior online
erroneously reflects the belief that “everyone does it.”

Using Technology to Fight Cybercrime:

In the spirit of “fighting fire with fire,” one of our best weapons against technology
crimes is—you guessed it—technology. The computer and network security industry
is hard at work, developing hardware and software to aid in preventing and
detecting network intrusions. Operating system vendors are including more and
more security features built into operating systems.

Third-party security products, from biometric authentication devices to firewall

software, are available in abundance to prevent cybercriminals from invading your
network or system. Monitoring and auditing packages allow IT professionals to
collect detailed information to assist in detecting suspicious activities.

13 | P a g e
 Using Technology to Fight Cybercrime:

It is not possible to prevent all cybercrime or to always avoid becoming a cybercrime

victim. However, organizations and individuals can take steps in advance to minimize
the impact that cybercrime will have on them or their organizations. As the
cybercrime problem grows, it is inevitable that potential victims will come up with
new ways to protect themselves from financial loss.

IV. SUMMARY
Cybercrime is now a big problem all over the world—and it’s rising fast. The law
enforcement world is scrambling to catch up; legislators are passing new laws to
address this new way of crime, and police organizations are forming special
computer crime units and training their officers to be more technically savvy.

However, the cyber-crime problem is too big and too extensive to leave to only
politicians and police to solve. They often don’t have the technical expertise to pass
effective laws, and the lack sufficient training, manpower, and time—not to mention
the perplexing issue of jurisdiction—to tackle the most egregious of Internet crimes.

Cybercrime, like crime in general, is a social issue as well as a legal one. To effectively
fight it, we must involve people in the IT community (many of whom might be
hesitant to participate) and those in the overall population who are affected, directly
or indirectly, by the criminal activity that has found a friendly haven in the virtual
world.

We can use a number of strategies and techniques, including the legal system, peer
pressure, and existing and emerging technologies, to prevent cybercrime. Failing
that, we can develop formal and informal retorts that will detect cybercrime more
instantly, reducing the harm done and giving us more statistics about the incident,
maximizing the chances of recognizing and successfully prosecuting the
cybercriminal.

We’re all in this ship together. The only way to stop cybercrime is to work together
and share our knowledge and skill in different areas to build a Class ‘A’ cybercrime-
fighting team.

14 | P a g e
V. REFERENCES
 Littlejohn Shinder, Debra, and Michael Cross, “Scene of the Cybercrime:
Computer Forensics Handbook.” (2008).
 McQuade III, Samuel C., ed. Encyclopedia of cybercrime. ABC-CLIO, 2008.
 Malik, Masud Ahmed. "Preventing Cybercrime: A Criminological Perspective."
 Alkaabi, Ali Obaid Sultan. Combating computer crime: An international
perspective. Diss. Queensland University of Technology, 2010.
 Gordon, Sarah, and Richard Ford. "On the definition and classification of
cybercrime." Journal in Computer Virology 2.1 (2006): 13-20.
 Gercke, Marco. "Understanding cybercrime: a guide for developing countries."
International Telecommunication Union (Draft) 89 (2011): 93.

15 | P a g e