CHAPTER 3

CONCEPTS OF CYBERCRIME

CYBERCRIME

The word “cybercrime” was coined in the late 90s, as the Internet spread across North America. A sub-
group of the G8 group of nations (G7, as Russia was removed by the council) was formed following a
meeting in Lyon, France, in order to study emerging problems of criminality that were being fostered by or
migrating to the Internet. This “Lyon’s group” was using the term to describe, in a very loose way, all kinds
of crimes being perpetrated on the net or new telecommunications networks which were rapidly falling in
cost (Perrin,2010).

Certain acts that constitute the offense of cybercrime such as (a) offenses against the confidentiality,
integrity, and availability of computer data and system; (b) computer-related offenses and (c) content-
related offenses. (R.A. 10175)
Cybercrime or the computer-oriented crime is a crime that involves a computer and a network. The
computer may have been used in the commission of a crime, or it may be the target.

CONCEPT OF CYBERCRIME (GOTTERNBARN)

At the Tenth United Nations Congress on the Prevention of Crime and Treatment of Offenders, in
a workshop devoted to the issues of crimes related to computer networks, cybercrime was broken into
two categories and defined thus:

1. Cybercrime in a narrow sense (computer crime): Any illegal behavior directed by means of electronic
operations that targets the security of computer systems and the data processed by them.

2. Cybercrime in a broader sense (computer-related crime): Any illegal behavior committed by means of,
or in relation to a computer system or network, including such crimes as illegal possession and offering or
distributing information by means of a computer system or network.

Computer crime has two elements:

1. Computer

2. Crime

CATEGORIES OF CYBERCRIME
We can categorize cybercrime in two ways
1. The computer as a target – using a computer to attack another computer, for example, Hacking, virus/
worms attacks, DOS attacks, etc.
These crimes are committed by a selected group of criminals. Unlike crimes using the computer as a tool,
these crimes require the technical knowledge of the perpetrators.
Crimes that primarily target computer networks or devices include:
1. Computer viruses
2. Denial-of-service attacks
3. Malware (malicious code)
2. The computer as a weapon/tool – using a computer to commit a real-world crime, for example,
cyber terrorism, credit card fraud, pornography, Internet fraud, Spamming, Phishing, Carding
(Fraud) and etc.
When the individual is the main target of cybercrime, the computer can be considered as the tool
rather than the target.
These crimes generally involve less technical expertise. Human weaknesses are generally exploited. The
damage dealt is largely psychological and intangible, making legal action against the variants more
difficult.

COMMON FORMS OF CYBERCRIMES DESCRIPTION

1. Financial Crimes Credit Card Frauds; Money Laundering
2. Cyber Pornography Pornographic Websites; Online Distribution
3. Online Gambling Millions of Websites, all hosted on servers abroad,
Offer Online Gambling
4. Internet Protocol (IP) Crimes Software Piracy, Copyright Infringement,
Trademarks Violations, Theft of Computer Source
Code
5. Email Spoofing A spoofed email appears to originate from one
source but actually has been sent from another
source
6. Cyber Defamation This occurs when defamation takes place with the
help of computers and/or the Internet. E.g.
someone publishes a defamatory matter about
another on a website.
7. Cyber Stalking This involves following a person’s movements
across the Internet by posting messages
(sometimes threatening) on bulletin boards
frequented by the victim, entering chat rooms
frequented by the victim, constantly bombarding
the victim with emails etc.
8. Unauthorized Access Also known as Hacking. Involves gaining access
illegally to a computer system or network and in
some cases making unauthorized use of this
access. Hacking is also the act by which other
forms of cybercrime (e.g., fraud, terrorism) are
committed.
9. Theft Theft of any information contained in electronic
form such as that stored in computer hard disks,
removable storage media, etc. Can extend to
identity theft.
10. Email Bombing This refers to sending a large number of emails to
the victim resulting in the victim’s email account
(in case of an individual) or mail servers (in case
of a company or an email service provider)
crashing.
11. Salami Attacks These attacks are often used in committing the
financial crime and are based on the idea that an
alteration, so significant, would go completely
unnoticed in a single case. E.g. a bank employee
inserts a program, into the bank’s servers, that
deducts a small amount of money (say 5 cents a
 month) from the account of every customer. This
unauthorized debt is likely to go unnoticed by an
account holder.
12. Denial of Service (DOS) Attack This involves flooding a computer resource with
more requests than it can handle, causing the
resource (e.g. a web server) to crash thereby
denying authorized users the service offered by
the resource. Another variation to a typical denial
of service attack is known as a Distributed Denial
of Service (DDoS) attack wherein the perpetrators
are many and are geographically widespread. It is
very difficult to control such attacks and is often
used in acts of civil disobedience.
13. Virus/worm Viruses are programs that attach themselves to a
computer or a file and then circulate themselves
to other files and other computers on a network.
They usually affect the data on a computer, either
by altering or deleting it. Worms, unlike viruses,
do not need the host to attach themselves to.
They merely make functional copies of
themselves and do this repeatedly till they eat up
all the available space on a computer’s memory.
15. Trojan Attacks An unauthorized program which functions from
inside what seems to be an authorized program,
thereby concealing what it is actually doing.
16. Web Jacking This occurs when someone forcefully takes
control of a website (by cracking the password
and later changing it).
17. Cyber-Terrorism Hacking is designed to cause terror. Like
conventional terrorism, “e-terrorism” is utilizes
hacking to cause violence against persons or
property, or at least cause enough harm to
generate fear.
18. Phishing Is mostly propagated via email. Phishing emails
may contain links to other websites that are
affected by malware or they may contain links to
fake online banking or other websites used to
steal private account information.

*If thru SMS - Smishing

*Target(group) - spear -phishing

19. Pharming Pharming is a scamming practice in which

malicious code is installed on a personal
computer or server, misdirecting users to
fraudulent websites without their knowledge or
consent. The aim is for users to input their
personal information

Whaling – disguise to be a legitimate officer

20. Crypto-jacking A tactic whereby the processing power of infected

computers is used to mine cryptocurrency for the
financial benefit of the person controlling the bot-
 infected digital devices.

21. Crypto-ransomware Malware that infects a user’s digital device,

encrypts the user’s documents, and threatens to
delete files and data if the victim does not pay the
ransom.

Doxware – a form cryptoransomware that

perpetrators use against victims that releases the
user’s data if ransom is not paid to decrypt the
files and data.

22. Cyber-smearing Use of the internet or networked computer system

to defame or criticize an organizational or
individual

23. Dogpiling A form of online harassment or online abuse

characterized by having groups of harassers
target the same victim.

Computer Crimes – crimes that are being facilitated through the use of computer

Classification of Computer Crimes

1. Financial fraud crimes – as an intentional act of deception involving financial transactions for purpose
of personal gain. Fraud is a crime and is also a civil law violation.

2. Internet fraud – means trying to trick or scam someone else on the Internet. This usually means that
the person who is being tricked loses money to the people scamming them. Internet fraud can take place
on computer programs such as chat rooms, e-mail, message boards, or Web sites.

3. Computer fraud – is any dishonest misrepresentation of fact intended to let another do or refrain from
doing something which causes loss. In this context, the fraud will result in obtaining a benefit by:

a. Altering in an unauthorized way. This requires little technical expertise and is a common form of theft
by employees altering the data before entry or entering false data, or by entering unauthorized
instructions or using unauthorized processes;

b. Altering, destroying, suppressing, or stealing output, usually to conceal unauthorized transactions. This
is difficult to detect.

c. Altering or deleting stored data;

4. Other forms of fraud may be facilitated using computer systems, including

 Bank fraud – is the use of potentially illegal means to obtain money, assets, or other property
owned or held by a financial institution, or to obtain money from depositors by fraudulently posing
as a bank or other financial institution. For this reason, bank fraud is sometimes considered a
white-collar crime.
 Carding – is a form of credit card fraud in which a stolen credit card is used to charge pre-paid
cards. Carding typically involves the holder of the stolen card purchasing store-branded gift cards,
which can then be sold to others or used to purchase other goods that can be sold for cash.
 Identity theft – also known as identity fraud, is a crime in which an imposter obtains key pieces of
identifiable information, such as Social Security or driver’s license numbers, in order to
impersonate someone else.
  Extortion – (also called shakedown, outwrestling, and exaction) is a criminal offense of obtaining
money, property, or services from an individual or institution, through coercion
 Theft of classified information
- Is sensitive information to which access is restricted by law or regulation to particular classes of
people. A formal security clearance is required to handle classified documents or access
classified data. The operation of assigning the level of data sensitivity is called data classification.
Cyberterrorism

Cyberterrorism in general can be defined as an act of terrorism committed through the use of cyberspace
or computer resources (Parker 1983). As such, a simple propaganda piece on the Internet that there will
be bomb attacks during the holidays can be considered cyberterrorism. There is also hacking activities
directed towards individual, families, organized by groups within networks, tending to cause fear among
people, demonstrate power, collect information relevant for ruining peoples’ lives, robberies, blackmailing,
etc.

A cyberterrorist is someone who intimidates or coerces a government or an organization to advance his

or her political or social objectives by launching a computer-based attack against computers, networks, or
the information stored on them.

Cyber-extortion
- Occurs when a website, e-mail server, or computer system is subjected to or threatened with
repeated denial of service or other attacks by malicious hackers. These hackers demand money
in return for promising to stop the attacks and to offer “protection”. According to the Federal
Bureau of Investigation, cyber-crime extortionists are increasingly attacking websites and
networks, crippling their ability to operate and demanding payments to restore their service.

An example of cyberextortion was the attack on Sony Pictures in 2014. Hackers associated with the
government of North Korea were blamed for a cyberattack on Sony Pictures after Sony released the
film The Interview, which portrayed the North Korean leader Kim Jong Un in a negative light.
The Federal Bureau of Investigation found that the malware used in the attack included lines of code,
encryption algorithms, data deletion methods, and compromised networks that were similar to malware
previously used by North Korean hackers.

Cyberwarfare
- is the use of digital attacks against an enemy state, causing comparable harm to actual warfare
and/or disrupting the vital computer systems.
- The U.S. Department of Defense (DoD) notes that the cyberspace has emerged as a national-
level concern through several recent events of geo-strategic significance. Among those are
included, the attack on Estonia’s infrastructure in 2007, allegedly by Russian hackers.
- In August 2008, Russia again allegedly conducted cyberattacks, this time in a coordinated and
synchronized kinetic and non-kinetic campaign against the country of Georgia. In December 2015
Ukraine's power grid cyberattack has also been attributed to Russia and is considered the first
successful cyberattack on a power grid. Fearing that such attacks may become the norm in future
warfare among nation-states, the concept of cyberspace operations impacts and will be adapted
by warfighting military commanders in the future.

CHAPTER 4
CYBERSECURITY AND CYBER INTELLIGENCE
Cybersecurity is the collection of tools, policies, security concepts, security safeguards, guidelines, risk
management approaches, actions, training, best practices, assurance, and technologies that can be used
to protect the cyber environment and organization and user’s assets. Organization and user’s assets
include connected computing devices, personnel, infrastructure, applications, services,
telecommunication systems, and the totality of transmitted and/or stored information in the cyber
environment.
Cyber Security involves the protection of sensitive personal and business information through
prevention, detection, and response to different online attacks. Cyber security actually preventing the
attacks.

CYBER INTELLIGENCE
Cyber Intelligence is the knowledge that allows you to prevent or mitigate cyber-attacks by studying the
threat data and provide information on adversaries. It helps to identify, prepare, and prevent attacks by
providing information on attackers, their motive, and capabilities.

The primary roles and responsibilities of cyber intelligence are to provide data and information to cyber
commander and units to facilitate mission accomplishment for performing cyber operations.
Cyber intelligence supports to planning, executing, and assessing cyber operations.

Cyberthreat intelligence (CTI) is actionable data collected and used by cybersecurity systems and/or an
organization’s security experts to help them better understand vulnerabilities, take appropriate action to
stop an attack, and protect the company’s network and endpoints from future attacks. The data includes
information such as who the attacker is and what their capabilities, motivations and attack plans are.

Cyberthreat monitoring is a solution that uses strategic intelligence to continuously analyze, evaluate
and monitor an organization’s networks and endpoints for evidence of security threats, such as network
intrusion, ransomware and other malware attacks. Once a threat is identified, the threat monitoring
software issues an alert and stops it.

THREE LEVELS (TYPES) OF CYBER INTELLIGENCE

Tactical threat intelligence is the most basic form of threat intelligence. These are your common
indicators of compromise (IOCs). Tactical intelligence is often used for machine-to-machine detection of
threats and for incident responders to search for specific artifacts in enterprise networks

Operational threat intelligence provides insight into actor methodologies and exposes potential risks. It
fuels more meaningful detection, incident response, and hunting programs. Where tactical threat
intelligence gives analysts context on threats that are already known, operational intelligence brings
investigations closer to uncovering completely new threats

Operational threat intelligence is knowledge gained from examining details from known attacks. An
analyst can build a solid picture of actor methodology by piecing together tactical indicators and artifacts
and derive them into operational intelligence. This can help to achieve a number of defensive goals, like
enhancing incident response plans and mitigation techniques for future attacks and incidents.

Strategic threat intelligence provides a big picture look at how threats and attacks are changing over
time. Strategic threat intelligence may be able to identify historical trends, motivations, or attributions as to
who is behind an attack. Knowing the who and why of your adversaries also provides clues to their future
operations and tactics. This makes strategic intelligence a solid starting point for deciding which defensive
measures will be most effective.

Why is cyberthreat intelligence important?

You cannot reliably stop any cyberattack without a detailed threat report. In the age of remote work,
where employees are using BYOD devices and unprotected networks, CTI is more important than ever.
With threat intelligence and monitoring, an organization has the most robust data protection and
information necessary to stop or mitigate cyberattacks. CTI provides:

· Insight into the data ― including context ― to help prevent and detect attacks
· Prioritized alerts, which help you respond faster to incidents
· Improved communication, planning, and investment by identifying the real risks to the business.

Cyberthreat Intelligence Lifecycle and Process

Industry experts state that there are five or six iterative process steps to the cyber threat intelligence
lifecycle, which turns raw data into intelligence. The CIA first developed a six-step lifecycle process, while
other security experts have combined and condensed the lifecycle process down to five steps as follows:

Cyberthreat intelligence lifecycle ― planning, collection, processing, analysis, dissemination

1.Planning and direction. In this phase, the Chief Intelligence Security Officer (CISO) or Chief Security
Officer (CSO) sets the goals and objectives of the cyberthreat intelligence program. This includes
identifying the sensitive information and business processes that need to be protected, the security
operations required to protect the data and the business processes, and prioritizing what to protect.

2.Collection. Data is gathered from multiple sources, such as open-source feeds, in-house threat
intelligence, vertical communities, commercial services, and dark web intelligence.

3. Processing. The collected data is then processed into a suitable format for further analysis.

4. Analysis. In this step, the data is combined from different sources and transformed into actionable
intelligence so that analysts can identify patterns and make informed decisions.

5. Dissemination. The threat data analysis is then published appropriately and disseminated to the
company’s stakeholders or customers.

We refer to the process as a “cyberthreat intelligence cycle” because tackling digital attacks is not a one-
and-done process but a circular process that takes each cyber experience and applies it to the next.

What is the difference between cyber intelligence and cyber security?

Cyber intelligence is a very powerful tool applied in the field of cyber security because cyber intelligence
is an anticipatory discipline that analyses human behaviour, cyber security is a reactive activity which is
triggered by an attack so as to protect an organization’s data, systems, networks or software.