CDI – 9

INTRODUCTION TO CYBERCRIME AND ENVIRONMENTAL LAWS AND PROTECTION

What is Cyber Crime?

Cybercrime or computer crime is any criminal offense that involves a computer and
a network. Cybercrime can take various forms including the creation of malicious
programs, denial of service attacks, rouge Wi-Fi hotspots, data manipulation,
identity theft, Internet scams, and cyberbullying.
Other definitions of CYBERCRIME
1. Any offense that is committed by a computer, computer system or computer
network
2. Any offense in which the computer, computer system or computer
network is the target
3. Any offense in which the computer, computer system or computer
network is used to hide or store possible evidence
Some of the aspects that computer criminals can be dangerous:
a) Human Threat
b) Organizational Threat
c) Group Threat
d) National Security Threat
COMPUTER - an electronic machine, operating under the control of instructions
stored in its own memory that can accept data according to specified
rules (process produce results, output) and store the results for future use.
CYBER TERRORISM – Can be seen as the effort by covert forces to disrupt the
intersection where the virtual electronic reality of computers intersects with the
physical world.
CYBERSPACE – refer to the spaces within computers and (across networks) where
people interact with information and with each other.
WILLIAM GIBSON – an American-Canadian sci-fi novelist, who coined the term
Cyberspace. According to him Cyberspace is a “widespread, interconnected
digital technology”.
Elements of Cyber Crime
1. The computer is the target
2. The computer is the tool of the crime
3. The computer is incidental to the crime

1
Reasons of the Vulnerability of Computers
a) Capacity to store data in relatively small space
b) Easy to access
c) Complex
d) Negligence
e) Loss of evidence
TWO TYPES OF COMPUTER NETWORKS ATTACK
1. Passive Attack – Focus in intercepting data such as passwords, user names, e-
mail messages, and even secret data using sniffing software.
2. Active Attack – Attempt to cause harm to computer system faults and
vulnerabilities.
SOCIAL NETWORKING ETHICAL ISSUES
Online violence, intimidation, stalking, cyber bullying, experiences with
sexual predators, the sharing of pornographic content, and employee involvement
in social networking is some of the ethics challenges that users of social networking
sites face.
1. CYBERBULLYING
o Harassment, torment, ridicule, or threats directed at a minor by another
minor or a group of minors over the Internet or by phone.
o Females and 15 to 16-years-olds are most likely to be victims of
cyberbullying. Cyberbullying has also escalated to the point that some
children have attempted suicide as a result of it.
2. CYBER ABUSE
o Any physical or mental mistreatment or lack of care caused by
the use of an electronic communications system that causes damage or
pain to others.
o Cyberbullying includes both cyber assault and cyber stalking, a wide range of
activities in which someone behaves in a manner that causes
others to hurt or anxiety.
o Cyberbullying isn’t necessarily obvious, harmful, or otherwise harmful to a
person or group of people, causing significant emotional distress.
3. CYBER STALKING
o Is a form of cyber bullying that consists of a long-term pattern of unwelcome,
continuous pursuit and disruptive activity (involving the use of an
electronic communications device) directed at another user, causing fear and
anxiety in the victim.

2
4. ENCOUNTERS WITH SEXUAL PREDATORS
o By incorporating sex talk and then planning to visit youth in person for sexual
encounters, sexual offenders use online messaging to build trust and faith in
them victims, who are usually teenagers.
5. UPLOADING OF INAPPROPRIATE MATERIAL
o Most social networking sites have terms of service agreements, privacy
policies, or material codes of ethics that summarize the platform’s core legal
aspects.
o In most cases, the terms specify that the site reserves the right to remove
content and terminate user accounts that breach the platform’s policies.
These initiatives can be challenging to implement.
o Non-consensual posts that contain private images or videos of people without
their consent are often referred to as “revenge porn”. Ex- partners often
share this sort of material in order to shame, embarrass, and/or annoy their
former spouse.
6. EMPLOYEE PARTICIPATION ON SOCIAL MEDIA NETWORKS
o To minimize compliance problems and to set consistent rules and standards
for workers, businesses should implement a social media strategy.
o Employees will be encouraged to voice their views and practice
imagination with a framework in place, knowing that what they post on
social media would not have a direct effect on their careers.
7. CYBER HARASSMENT
o The abusive behavior, which includes the use of electronic media, is a type of
cyber harassment.

CLASSIFICATION OF PERPETRATORS OF COMPUTER CRIME

1. HACKERS
o They do it out of scientific curiosity and see how they can get access to
information systems and how far they can go.
o They have a limited knowledge of information systems and security features,
and their motives are largely guided by a willingness to learn more.
Classification of Hackers:
Hackers are divided into groups based on their motivation for breaking into a
structure. Both words are derived from old spaghetti westerns in which the bad guy
wears a black cowboy hat and the good guy wears a white cowboy hat.
A. White Hat Hackers - They’re often referred to as “ethical hackers”. As part of
intrusion testing and risk assessments, they never plan to damage a
device; rather, they aim to discover vulnerabilities in a computer or network

3
system. Ethical hacking is not a crime, and it is one of the most difficult jobs in the
IT industry. For penetration testing and risk tests, often businesses employ ethical
hackers.
B. Black Hat Hackers - These hackers, also known as “crackers”, attempt to
obtain unauthorized access to a device in order to disrupt its activities or steal
classified information. Because of its bad intent, black hat hacking is still illegal, like
stealing corporate data, breaching privacy, causing server damage, blocking
network connectivity, and so on.
C. Gray Hat Hackers - These hackers are a mix of black and white. They behave
without malice, just for the sake of amusement, they exploit a security flaw in a
computer device or network without the consent or knowledge of the owner. They
want to put the flaw to the notice of the owners in exchange for gratitude or a small
reward.
D. Miscellaneous Hackers - There are other types of hackers depending on what
they hack and how they hack, in addition to the well-known ones mentioned above.
The following are some of them:
a. Red Hat Hacker - is a combination of black and white hat hackers. They
normally operate at the level of hacking government departments, top-
secret intelligence hubs, and everything else that pertains to classified data.
b. Blue Hat Hacker - is a person who works independently of computer
security consultancy companies and is responsible for bug- testing a device prior to
its release. They search for flaws in the system that can be used and work to plug
them. The word “Blue Hat” is used by Microsoft to refer to a series of security
briefings.
c. Elite Hacker - is a hacker’s social standing that is used to identify the most
experienced hacker.
d. Script Kiddie - is a non-expert who breaks into computer systems using pre-
packaged programmed tools written by others and no knowledge of the
underlying definition, hence the name “kiddie”.
e. Green Hat Hacker (Neophyte, “n00b”, “Newbie”) - is someone who is new to
hacking or phreaking and has little to no understanding about how computers and
hacking work.
f. Hacktivist - is a hacker who uses computers to spread a message that is
psychological, ideological, moral, or governmental. The majority of hacktivism
entails defacing websites or launching denial-of-service attacks.
2. MALICIOUS INSIDERS
Since they are often granted access to the networks they misuse, they are
incredibly difficult to track or avoid. They are familiar with specific programs, which
also require protocols for obtaining login IDs and passwords.
3. INDUSTRIAL SPIES

4
 They procure trade secrets from their sponsor’s rivals by fraudulent
means. Insiders, such as angry employers and ex-employees, are the most common
thieves of trade secrets. Competitive intelligence gathers material that is
publicly accessible through legitimate methods. Financial accounts, trade
publications, corporate filings, and printed interviews with company executives are
used to compile and interpret information. Theft of innovative product ideas,
manufacturing records, marketing documents, or new tech source code are all
examples of industrial espionage.
4. CYBER CRIMINALS
The opportunity for material gain motivates cyber criminals. They rob by
breaking into company servers and converting funds from one account to
another, leaving a hopelessly confusing path for law enforcement to trace. They
stole and resold credit card numbers, personal names, and cellphone IDs, among
other types of computer fraud.
5. CYBERTERRORISTS
In order to advance such political or social objectives, a
cyberterrorist conducts a computer-based assault against other computers
or networks in an effort to intimidate or coerce a nation. Cyber terrorists employ
tactics to destroy or interrupt networks in order to inflict damage rather than gather
information. They are extremely risky, since they regard themselves as at
war, have a high risk tolerance, and pursue full effects
CATEGORIES OF CYBER CRIMINALS
a) Children and adolescents from 6-18 years old – due to their inquisitiveness to
explore things
b) Organized Hackers – the reasons are usually political as well as fundamentalism
c) Professional Hackers – their work is motivated by the color of the money
d) Discontented employees – employees who are sacked or dissatisfied
TYPOLOGY OF HACKER
The first typology of hacker comes from Maxfeild (1985):
1. Pioneers – those who are fascinated by evolving technology and explore it
without knowing exactly what they are going to find.
2. Scamps – hackers with a sense of fun who intend to overt harm
3. Explorers – hackers motivated by a delight in breaking into computer
systems. The more geographically the distant, or more secure the target is, the
greater delight.
4. Game Players – those who enjoy defeating software or system protection, with
hacking seen as a sort of game itself.

5
5. Vandals – those who caused damage for no apparent gain
6. Addicts – nerds who are literally addicted to hacking and computer
technology
A second typology (Coutourie, 1989) describes the relationship of a hacker
to their computer:
1. Playpen – the computer is seen as a toy
2. Fairyland – cyberspace is an unreal world where wrong cannot be done.
3. Land of Opportunity – where there’s nothing wrong with exploiting a
vulnerable system
4. Tool Box – in which the computer is just a way to get other things done.
5. Cookie Jar – with the computer as a place to go borrow things now and again.
6. War Game – where hostile feelings are vented against machines rather than
people.
MANNERS OF COMMITTING CYBER CRIMES
1. HACKING OR CRACKING
The Illegal intrusion into a computer system without the permission of the
computer owner/user. The latest cracking concerns are about unauthorized
access to Government Website’s called “WEB DEFACEMENT”. As defined On
E-Commerce Act of 2000 (RA # 8792 it is the unauthorized access into
or interference in a computer system, server, or information and communication
system; or any access in order to corrupt, alter, steal, or destroy using a
computer or other similar information and communication devices, without
the knowledge and consent of the owner of the computer or the
information and communication system; including the introduction of computer
viruses and the like, resulting in the corruption, destruction, alteration, theft or loss
of electronic data messages or electronic document. e.g. Denial of Service Attack –
The bandwidth of the victim's network is flooded or his e- mail box is filled with
spam mail depriving him of the services he is entitled to access or provide. e.g.
Virus Dissemination - this is usually done by means of malicious code or software
that modifies or destroys data, steals data or allows unauthorized access, or
exploits or damages a system in a manner not intended by the user. e.g. Web
Defacement – this is the act of the intruder into a server and changing without
permission all the aspects of a website which the public can see.
2. THEFT OF INFORMATION CONTAINED IN ELECTRONIC FORM
Information stored in the computer hard disc, removable storage media, etc. are
stolen
3. E-MAIL BOMBING
large numbers of e-mails are sent to the victim that results to crashing.

6
4. DATA DIDDLING
Raw data are altered just before the computer processes them and then
changing it back after the processing is completed.
5. SALAMI ATTACK
Logic bombs are introduced into the banks system that result to
the deduction of an insignificant amount from every account and transferred into
single account.
6. VIRUS OR WORM ATTACK –
VIRUSES are programs that attach themselves to a computer or a file and
then circulate to other files or to other computers on a network. They usually alter
or delete data.
WORMS eat up the available space on a computer's memory. The world most
famous worm is the “Internet worm” let loose in the internet by Robert Morris
sometime in 1988, almost brought development of internet to a complete
halt.
7. LOGIC BOMBS
Are event-dependent programs created to do something only when a certain
event occurs e.g. viruses that lie dormant and only become active at
particular dates.
8. TROJAN ATTACKS
Are unauthorized programs which passively gains control over another’s
system by representing itself as an authorized program.
9. INTERNET TIME THEFT
The internet surfing hours of the victim are used up by another person
without his consent by gaining access to the login ID and the password. E.g.
Colonel Bajwa’s case- the internet hours were used up by another
person and were the first reported case of cybercrime in India.
10. WEB JACKING
The hacker gains access and control over the web site of another. He may
even mutilate or change the information on site. One of the case web jacking is
that of ‘gold fish ‘case where the site was hacked and the information regarding the
gold fish was changed. A ransom of US $ 1 million was demanded as ransom.
11. SOFTWARE PIRACY
Software is stolen through the illegal copying of genuine programs and
distribution of products intended to pass for the original.
12. ONLINE GAMBLING

7
Playing game of chance or betting in the hope of winning money
through the internet.
13. PORNOGRAPHY
Computers are used in the production, distribution, encryption and
storage of digital images of children who are usually the victims of
pedophiles.
14. INTERNET RELAY CHAT
IRC servers have chat rooms in which people from around the world can
come together and chat with each other. Hackers and even other
criminals use chat rooms for discussing their exploits and share
techniques in committing criminal acts. Pedophiles use chat rooms to allure small
children.
15. E-MAIL THREATS AND EXTORTION
The criminal sends threatening emails or threatens the victim via the chat
rooms. It also be done by copying the company's confidential data or trade
secrets in order to extort huge amount of money from the company.
16. PHISHING
A form of identity theft in which scammers send mass emails posing as
banks, credit card companies, popular commercial web sites, asking the recipients
to confirm or update financial information in a hyperlink in order to appear like it
came from the original website.
17. CYBER STALKING
The criminal follows the victim by sending emails, and frequently
entering the chat rooms that causes an international, substantial and unreasonable
intrusion into the private life of the person causing him mental distress.
18. CYBER DEFAMATION
The use of the computer system to make false statements against a
person thereby injuring his reputation.

19. E-MAIL SPOOFING

The emails are misrepresented and they usually contain viruses.
20. COMPUTER VANDALISM
Any physical harm done to the computer set.
21. CYBER TERRORISM

8
 It is the premeditated use of disrupted activities, or the threat thereof, in
cyber space, with the intention to further social, ideological, religious, political, or
similar objectives, or to intimidate any person in furtherance of such objectives.
22. CYBER FRAUD AND CHEATING
It is the most lucrative business nowadays that consist of credit card crimes,
contractual crimes, offering jobs, etc.
23. HARASSMENT VIA EMAILS
The person threatens or blackmails the victim by sending him emails
24. COMPUTER SABOTAGE
Is the input, alteration, erasure or suppression of computer or communication
data, programs system or networks. It also includes fraud and forgery.
CASE STUDIES OF HACKERS
a. Captain Crunch – In 1972, Captain Crunch aka John Draper, realized that by
blowing the whistle that came in Captain Crunch cereal box, he could replicate
the tones necessary to place free long-distance phone calls. He spent
some time in prison, and then went to work for Apple Computer.
b. Kevin Mitnick – In 1994, Mitnick was the world’s most wanted hacker for
breaking into Digital Equipment’s Computers and stealing source codes. He
served some years in prison, and then became a book author.
c. Kevin Poulsen – In 1995, Poulsen, a friend of Mitnick’s , broke into FBI computers.
He spent some year in the prison, and is now a computer security journalist.
d. Mafiaboy – In 2000, this Canadian boy launched denial-of-service attacks
on CNN, Yahoo, and other major websites. He ended up under house arrest and was
retired from using the Internet.
e. Onel De Guzman – In 2000, this Filipino computer science student
unleashed the “I LOVE YOU” virus on the Net. He went unpunished
because the Philippines had no law covering the crime.
HACKING SKILLS
As an ethical hacker, there is a need to understand various
hacking techniques, which are as follows:
a) Password guessing and cracking
b) Session hijacking
c) Session spoofing
d) Network traffic sniffing
e) Denial-of-service attacks

9
f) Exploiting buffer overflow vulnerabilities
g) Structured Query Language (SQL) injection
BASIC SKILLS OF AN ETHICAL HACKER
A. An ethical hacker must have a great deal of courage, determination, and
perseverance in order to attempt again and again before the desired
outcome is obtained.
B. To use social engineering exploits, the ethical hacker must be clever enough to
consider the scenario and the attitude of other people.
C. A decent ethical hacker is also a perfect problem-solver.
PHASES OF CYBERSECURITY ATTACK
Six (6) Phases of Cybersecurity Attack:
1. Reconnaissance - the attacker gathers information about a goal by active or
passive means during this process. Google Dorks and Maltego are two commonly
used methods in the process.
2. Scanning - during this process, the attacker deliberately probes a target
computer or network for exploitable vulnerabilities. Nessus or Nexpose are the
methods used in this phase.
3. Gaining Access - the vulnerability is discovered during this operation. The
attacker tries to use it to gain access to the device. “Metasploit” is the most
important method in the operation.
4. Maintaining Access - when a hacker has already obtained access to a device,
this is the method. After obtaining entry, the hacker sets up some back doors to
allow him access to the device in the future if he wants it. In this method,
“Metasploit” is the preferred tool.
5. Clearing Tracks – this is a morally reprehensible procedure. It has to do with the
removal of all logs of all events that occur during the hacking process.
6. Reporting - this is the last move in the ethical hacking procedure. The ethical
hacker complies a paper detailing his or her discoveries and the job that was
completed, including the methods used, progress rate, bugs discovered, and exploit
processes.

10