Cyber Crime and Digital Forensics

Mr.V.Yuvaraj
Assistant Professor – Department of Computer Applications
Dr. N.G.P. ARTS AND SCIENCE COLLEGE
Dr. N.G.P.-KALAPATTI ROAD
COIMBATORE-641 048
Tamil Nadu, India
Mobile: +917502919891,
E-mail: [email protected]

Dr. NGPASC
COIMBATORE | INDIA
 Unit-I
Cybercrime: Introduction, Motivation and Methods

• Introduction
• The Scale of the Problem and Reasons for the
growth of Cyber Crime.
• Profiling Cyber Criminals.
• Challenges for Criminal Justice and Law
Enforcement
• The Future of Cyber Crime.

Dr. NGPASC
COIMBATORE | INDIA
 UNIT I
Introduction

Introduction:
• Advancements in modern technology have helped countries
to develop and expand their communication networks,
enabling faster and easier networking and information.
• The internet has grown from a curiosity to an essential
element of modern life for millions.
• The socio-economic benefits, there is no doubt about
computer technology and the internet that enhances the
capabilities of human interaction. But somewhere the
growth of global connectivity is inherent to cybercrime

Dr. NGPASC
COIMBATORE | INDIA
 UNIT I
Introduction

Definition:
• Computer-related crime or “cybercrime” or “e-crime” or
“digital technology crime” is a long-established
phenomenon, but the growth of global connectivity is
inseparably tied to the development of contemporary
cybercrime. Any criminal activity that involves a computer
either as an instrument, target or a means for
perpetuating further crimes comes within the ambit of
cybercrime.
• “unlawful acts wherein the computer is either a tool or
target or both”.
Dr. NGPASC
COIMBATORE | INDIA
 UNIT I
Introduction

• “Cybercrime” has been used to describe a wide

range of offences, including offences against
computer data and systems (such as “hacking”).
• Computer-related forgery and fraud (such as
“phishing”).
• Content offences (such as disseminating child
pornography), and copyright offences (such as
the dissemination of pirated content).

Dr. NGPASC
COIMBATORE | INDIA
 UNIT I
Introduction

• Global connectivity scenario:

• In 2014, more than one third of the world’s total population had access
to the internet.
• Over 60 % of all internet users are in developing countries, with 45 % of
all internet users below the age of 25 years.
• It is estimated that mobile broadband subscriptions will approach 70 % of
the world’s total population by 2017.
• In the future hyper-connected society, it is hard to imagine a
‘computer crime’, and perhaps any crime, that does not involve electronic
evidence linked with internet protocol (IP) connectivity
• 2 billion internet users and over 5 billion mobile phone connections
worldwide.
• Every day, 294 billion emails and 5 billion phone messages are exchanged.
Dr. NGPASC
COIMBATORE | INDIA
 UNIT I
Introduction

• Computers play four roles in crimes:

– They serve as objects, subjects, tools, and symbols (Parker 1998).
– There are numerous cases of computers being shot, blown up, burned,
beaten with blunt instruments, kicked, crushed and con- taminated
(Ibid).
– The damage may be intentional, as in the case of an irate taxpayer who
shot a computer four times through the window of the local tax office.
– When automated crimes take place, computers will be the subjects of
attacks.
– Third role of computers in crime is as tools, enabling criminals to
produce false information or plan and control crimes.
– Finally, computers are also used as symbols to deceive victims.

Dr. NGPASC
COIMBATORE | INDIA
 UNIT I
Introduction
• United States
– The National Cybercrime training Partnership (NCTP) encompasses local, state,
and federal law enforcement agencies in the United States.
– The International Association of Chiefs of Police (IACP) hosts an annual Law
Enforcement Information Management training conference that focuses on
IT security and cybercrime.
• European Union
– Created a body called the forum on Cybercrime, and a number of European
states have signed the Council of Europe’s Convention on Cybercrime treaty.
– We usually speak about two major categories of offence: in the first, a
computer connected to a network is the target of the offence; this is the case
of attacks on network confidentiality, integrity and/or availability.
– The other category consists of traditional offences such as theft, fraud, and
forgery which are committed with the assistance of/or by means of computers
connected to a network, computer networks and related information and
commu- nications technology.
Dr. NGPASC
COIMBATORE | INDIA
 UNIT I
Introduction
• The US-(DOJ) Department of Justice defines computer crime
as “any violation of criminal law that involved the knowledge
of computer technology for its perpetration, investigation, or
prosecution”.
• cybercrime was broken into two categories and defined as:
– (a) in a narrow sense: any illegal behaviour directed by means of
electronic operations that targets the security of computer systems
and the data processed by them.
– (b) in a border sense: any illegal behaviour committed by means of,
or in relation to, a computer system or network, including such
crimes as illegal possession and offering or disturbing information
by means of a computer system or network.
Dr. NGPASC
COIMBATORE | INDIA
 UNIT I
Introduction

• Contemporary Cybercrime:
• Cybercrime is one of the fastest growing areas of
crime.
• More and more criminals are exploiting the
speed, convenience and anonymity that modern
technologies offer in order to commit a diverse
range of criminal activities.
• In past, cybercrime has been committed by
individuals or small groups of individuals.
Dr. NGPASC
COIMBATORE | INDIA
 UNIT I
Introduction
• Terrestrial Crimes Versus Cybercrimes
– The act of defining crime is often, but not always, a step toward controlling it.
– The ostensible purpose of defining illegal behaviours as criminal is to make
them liable to public prosecution and punishment (Crutchfield 2000).
– “crime” was addressed at the local, community level of government (Hitchens
2003)
– Crime was small-scale, consisting of illegal acts committed by some persons
that were directed against a victim. “Crimes”, which were consistent across
societies; Crime was murder, robbery, and rape (Balckstone 1979).
– Crime was also personal, if the victim and the offender did not know each
other; they were likely to share community ties that put offences into a
manageable, knowable context (Goodman and Brenner 2000, p. 151).

Dr. NGPASC
COIMBATORE | INDIA
 UNIT I
Introduction

• Cybercrime and White Collar Crime:

– The definition of white collar crime has been an
enduring topic of debate over the past century.
– white collar crime is a “social rather than a legal concept,
one invented not by lawyers but by social scientists”.
– There is no specific offence or group of offences that can
be identified as white collar crime. (Smith et al. 2004, p.
10).

Dr. NGPASC
COIMBATORE | INDIA
 UNIT I
The Scale of the Problem and Reasons for the Growth of Cybercrime

• Security experts of annual losses from computer crime range from $555
million to more than $13 billion (Parker 1998, p. 10), but there are actually no
valid statistics on the losses from this type of crime, because no one knows
how many cases go unreported.
• Victims can lose more from reporting crimes than they lose from the crimes
themselves. Embarrassment, key staff diverted to prepare evidence and testify,
legal fees, increased insurance premiums, and exposure of vulnerabilities and
security failures can all result from reporting computer crime incidents.
• The technology for cybercrime has become more easily accessible. Software
tools can be purchased online that allow the user to locate open ports or
overcome password protection.
• Cybercrime’s place is growing due to the exponential connectivity, increased subject
knowledge, cultural awareness, and programmable onboard electronics, which
increase the number of potential targets.

Dr. NGPASC
COIMBATORE | INDIA
Unit-1-The Scale of the Problem and Reasons
for the Growth of Cybercrime
• United States
• United States is the “Computer Crime and Security Survey” conducted by the
Computer Security Institute, with the participation of the San Francisco branch
of the Federal Bureau of Investigation’s Computer Intrusion Squad.

– Almost half of the respondents had experienced a security incident, with 45.6
% of them reporting they had been subject of at least one targeted attack.

– Malware infection continues to be the most commonly experienced attack.

– Fewer financial frauds were reported than in previous years, with only 8.7 %
saying they had seen this type of incident.
– Tools that improve visibility into networks, web applications, and endpoints
were ranked among the highest on information security and information
technology managers’ ‘wish lists’, including better log management, security
information and event management, security data visualization, and security
dashboards.
Dr. NGPASC
COIMBATORE | INDIA
Unit-1-The Scale of the Problem and Reasons
for the Growth of Cybercrime
•United Kingdom
•Cyber Security and Information Assurance (OCSIA) works in partnership with Detica to look more
closely at the cost of cybercrime and to gain a better appreciation of the costs to the UK economy of
Intellectual Property (IP) theft and industrial espionage.
• A study conducted considered three types of cybercrime that impact on individual citizens:
identity theft; online scams and scareware.
– The number of reported incidents was multiplied by the average cost of an incident and a
further estimate made for the level of under-reporting;
– The number of UK citizens with internet access was multiplied by the probability that they
became a victim of identity theft, modified by an estimate of the proportion of these crimes
being conducted online (estimated at 25 %).
• Both methods of calculation provided similar answers, with an average of £1.7 billion per annum.
• aerospace and defence—£1.2 billion per annum
• financial services—£2.0 billion per annum
• mining—£1.6 billion per annum

Dr. NGPASC
COIMBATORE | INDIA
Unit-1-The Scale of the Problem and Reasons
for the Growth of Cybercrime
• Middle East
• Many international sources are warning that the Middle East is becoming a major source
of cybercrime.
• Saudi Arabia is ranked as the leading country in the region as the target and source of
malicious activities online; it is also the number one source of malicious attacks in
the Gulf Cooperation Council.
• Egypt is one of the most phished countries in the world with about 1,763 phishing
incidents, followed closely by other countries in the region such as Saudi Arabia, the
UAE and Qatar.
• Normal cybercrime, such as phishing, has its unique characteristics in Middle East. Due
to religious motives and political issues in the region, hackers are successfully sending
political or religious scams which urge users to open an email attachment, thereby
infecting the computer with malware.
• A source and target of much cybercriminal activity is the growth of international
banking and money laundering
• Cyber terror is growing in the region due to religious, political and socio-economic
issues, such as unemployment. “Jihad Online” claims to use hacking as a technique to
carry out jihad against their enemies.
Dr. NGPASC
COIMBATORE | INDIA
Unit-1-The Scale of the Problem and Reasons
for the Growth of Cybercrime
• Asia/Pacific—Japan (APJ)
•In (Asia /Pacific—Japan) APJ, China ranked first for malicious activity in 2009, with
32 % of the regional total, down from 41 % in 2008. Due to population size,
number of computer users, and high broadband penetration, the United States and
China are always likely to rank highly.

Dr. NGPASC
COIMBATORE | INDIA
 UNIT-I
Profiling Cybercriminals

• People who intentionally abuse and misuse

information cover a spectrum of criminals.
• It is impossible to characterize these criminals
in a single profile, there are some interesting
and useful criminal phenomena that we need
to know in order to be effective in protecting
information.

Dr. NGPASC
COIMBATORE | INDIA
 UNIT-I
Profiling Cybercriminals
Motives of the Cybercriminal
• There is no way to describe a “typical” cybercriminal, Parker’s
interviews have revealed a number of common traits among
these individuals (Parker 1998,p. 138).
• White-collar criminals who engage in fraudulent business
practices associated with their otherwise legitimate
occupations.
• Many cybercriminals exhibit Robin Hood syndrome,
rationalizing that they are taking from victims who—in their
view—can afford it. This might also be viewed as attempting to
achieve a commendable goal, at the expense of harming others.

Dr. NGPASC
COIMBATORE | INDIA
 UNIT-I
Profiling Cybercriminals

How Cybercriminals Use the Network

• Cybercriminals can use computers and networks as a tool for the crime, or
incidentally to the crime itself.
• Many of the crimes committed by cybercriminals could be committed
without using computers and networks.
• For example, terrorist threats could be made over the telephone or via postal
mail; embezzlers could steal company money out of the safe; con artists can
come to the door and talk elderly individuals out of their savings in person
(Shinder 2010, Online).
• Some cybercriminals use the internet to find their victims. This includes scam
artists, serial killers and everything in between. Police can often thwart these
types of crimes and trap the criminals by setting up sting operations in which
they masquerade as the type of victim that will appeal to the criminal

Dr. NGPASC
COIMBATORE | INDIA
 UNIT-I
Profiling Cybercriminals
• Types of Cyber Criminals:

Dr. NGPASC
COIMBATORE | INDIA
 UNIT-I
Profiling Cybercriminals
Hackers, Crackers, and Network Attackers
• Hackers can commit several crimes, such as unauthorized
access, theft of data or services, and destructive cybercrimes
such as website defacement, release of viruses and DoS, and
other attacks that bring down the server or network.
• Hackers learn their “craft” in a number of ways: by trial and
error, by studying network operating systems and protocols
with an eye toward learning their vulnerabilities, and perhaps
most significantly, from other hackers. There is an enormous
underground network where those new to hacking can get
information and learn from more experienced hackers

Dr. NGPASC
COIMBATORE | INDIA
 UNIT-I
Profiling Cybercriminals

Hackers, Crackers, and Network Attackers

• There are numerous sites to meet hackers online, and many more
that provide tools that can be used for hacking sites. Websites
such as the Ethical Hacker Network, Cult of the Dead Cow,
Hacktivismo, Security Hacks, and Darknet provide information and
software to discover vulnerabilities and access systems
• Black hats break into systems illegally, for personal gain,
notoriety, or other less–than—legitimate purposes.
• White hats write and test open source software, work for
corporations to help them heighten their security, work for the
government to help catch and prosecute black–hat hackers, and
otherwise use their hacking skills for noble and legal purposes.
Dr. NGPASC
COIMBATORE | INDIA
 UNIT-I
Profiling Cybercriminals

Criminals Who Use the Net Incidentally to the

Crime
• Criminals who use the Net to find victims
• Criminals who use computers or networks for
recordkeeping
• Criminals who use email or chat services to
correspond with accomplices.

Dr. NGPASC
COIMBATORE | INDIA
 UNIT-I
Profiling Cybercriminals

Real-life Noncriminals Who Commit Crimes

Online
• In some situations, people who are not criminals in real life engage in
criminal conduct online. These include accidental cybercriminals and
situational cybercriminals.
• Accidental cybercriminals have no criminal intent. They commit illegal
acts online because of ignorance of the law or lack of familiarity with the
technology.

Dr. NGPASC
COIMBATORE | INDIA
UNIT-I
Challenges for Criminal Justice and Law Enforcement

• The internet facilitates the ability of offenders to communicate

directly with other likeminded persons as well as future
victims through chat rooms, newsgroups, internet relay
channels, websites and emails (Fantino 2009, Online).
• The high volume of offences on the internet and the lack of
international boundaries require the cooperation and sharing of
information between and among national and international
police departments, government legislators, and the public and
private sectors (Ibid)

Dr. NGPASC
COIMBATORE | INDIA
 UNIT-I
Challenges for Criminal Justice and Law
Enforcement
Transnational Legal Jurisdictions
• Domestic legislation is clearly necessary to target
cybercrime offenders; however, various problems
with the way that cybercrime is now committed make
the use of domestic regulation by itself unworkable
(Smyth 2007, p. 59).
• Acts on the internet that are legal in the country
where they are initiated, may be illegal in other
countries, even though the act is not particularly
targeted at that single country
Dr. NGPASC
COIMBATORE | INDIA
 UNIT-I
Challenges for Criminal Justice and Law Enforcement

Evidence Identification and Tracking

• The dynamic and distributed nature of cyberspace makes it
difficult to find and collect all relevant digital evidence of
cybercrimes. Data can be spread over cities, states or even
countries.
• When dealing with the smallest networks, it is feasible to take
a snapshot of an entire network at a given instant (Casey
2004).

Dr. NGPASC
COIMBATORE | INDIA
 UNIT-I
Challenges for Criminal Justice and Law Enforcement

Tactics for Evasion

• The suspect’s stored data are encrypted—most of the PC is
“open” but there are directories, sections, files, or “containers”
which hold files, which are encrypted (Sommer 2002).
• This approach is popular because it is easy to implement and
there are relatively large numbers of robust software products
available; the computer can be used normally and then specific
actions are needed to decrypt the “secret” items (Ibid).
Furthermore, some IRC clients support encryption, making it
more difficult for investigators to monitor communications
and recover digital evidence.
Dr. NGPASC
COIMBATORE | INDIA
 UNIT-I
Challenges for Criminal Justice and Law Enforcement

The Future of Cybercrime

• In the growing world of the internet, both in personal
and internet businesses, cybercrime is an ever
increasing problem. Punishment for these crimes has
become a new field in crime investigation and law
enforcement.
• The internet has not only drawn people together, it has
drawn international crime fighting agencies together
in a common purpose. The internet is not a free
playground anymore. It is a global arena.
Dr. NGPASC
COIMBATORE | INDIA
Dr. NGPASC
COIMBATORE | INDIA 31